Showing posts with label apache. Show all posts
Showing posts with label apache. Show all posts

29 May 2015

Configure tomcat (on HTTP) to work with HTTPS Load Balancer/Reverse Proxy

Introduction:

The following pattern is common when deploying java webapps on tomcat.

(HTTPS) LB/Reverse Proxy <--> (HTTP)Tomcat <--> Webapp

Usually, the HTTPS certificate is being installed on the Load Balancer/Reverse Proxy, then the LB/RP will communicate with internal tomcat on HTTP/AJP. (see References)

Note:

The following configurations is required only if LB/RP to connect to tomcat on HTTP.

If the communication done on AJP, then no configuration is required to pass HTTPS information to tomcat.
As one of the design goals of AJP is :
"Adding support for SSL, so that isSecure() and getScheme() will function correctly within the servlet container. The client certificates and cipher suite will be available to servlets as request attributes
(quote from https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html)

Update:

If you use HTTP connector, still the below configuration is not required, just tell tomcat (thought the connector configurations), on which scheme the response should be returned by using:

<Connector protocol="HTTP/1.1" port="8081" proxyName="linux-server" proxyPort="443" scheme="https" secure="true"/>

references: 

There are 2 steps required in case of the communication done on HTTP:

1. On the LB/RP you need to configure it to send its http scheme (in this case https) as a request header to the tomcat servers.

In apache2, you may need to use the following line in apache2.conf (depends on your LB/RP)

RequestHeader add x-forwarded-proto “https”
2. On tomcat side, you need to tell it to use the protocol scheme of the LB/RP that is being sent in the headers.

To do so, you need to add the following valve to conf/server.xml
<Valve className="org.apache.catalina.valves.RemoteIpValve” 
    remoteIpHeader="x-forwarded-for” 
    proxiesHeader="x-forwarded-by” 
    protocolHeader="x-forwarded-proto" />
Also don't forget to add proxyName and proxyPort to the connector you will use to receive connections from the LB/RP like this;
<Connector port="8081" proxyName="my_web_server.com" proxyPort="80"/>

See sample server.xml

And thats it, just restart tomcat and it will work like expected.
Tested with Apache2 on ubuntu and tomcat8

 References:

https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html
http://www.tomcatexpert.com/blog/2010/06/16/deciding-between-modjk-modproxyhttp-and-modproxyajp
https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Proxies_Support
https://tomcat.apache.org/tomcat-8.0-doc/config/http.html#Proxy_Support
http://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html
http://stackoverflow.com/questions/5741210/handling-x-forwarded-proto-in-java-apache-tomcat
http://support.citrix.com/article/CTX123676
https://www.wikiwand.com/en/List_of_HTTP_header_fields
http://serverfault.com/questions/181177/rewriting-302-app-server-redirect-urls-with-apache-proxy-in-the-middle
http://www.wikiwand.com/en/Reverse_proxy
https://www.mulesoft.com/tcat/tomcat-connectors
http://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html
http://discussions.citrix.com/topic/315307-http-x-forwarded-proto/
Posted by at No comments:
Labels: , , , ,

02 June 2011

Playing with CGI

Hello,

I just want to play again with CGI, so today we will make a simple Hello Form.



And Here's the code:

First, the HTML Page:

<form action="/cgi-bin/sayHello" method="post" >
    <input type="text" name="username" />
    <input type="submit" value="say Hello" />
</form>

And the CGI Script (simple C++ program):

#include <iostream>
#include <cstdlib>
#include <cstring>

using std::cout;
using std::cin;
using std::endl;

int main(void)
{
    char* value = new char;
    cout<< "Content-type: text/html" << endl << endl;
    cin >> value;
    
    char* newValue = new char;
    
    bool toCpy = false;
    int cnt = 0;
    while (*value != '\0')
    {
        if (toCpy)
        {
            *newValue = *value;
            newValue++;
            cnt++;
        }
        
        if (toCpy == false && *value == '=') 
        {
            toCpy = true;
        }
        
        value++;
    }
    newValue = newValue - cnt;
    
    
    cout<<"Hello " << newValue<<endl;
}
Posted by at No comments:
Labels: , , , , ,

01 October 2009

Jakarta Commons Net

Actually, Apache foundation is a big source for open source libraries in Java.

On of their projects that very interesting is Jakarta Commons Net I found it while navigation through trying to answer on a thread in Arab Team 2000 forums.

Library home page : http://commons.apache.org/net
Java docs : http://commons.apache.org/net/api
Interesting class for FTP : http://commons.apache.org/net/api/org/apache/commons/net/ftp/FTPClient.html

Thanks.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)