4

In a CentOS 7 server, I am trying to set up httpd to act as a reverse proxy for tomcat. I have httpd running perfectly in the sense that I type in http/mydomain.com and it serves up static content located in the designated DocumentRoot. I also have tomcat running perfectly in that tomcat serves up a designated war file when I type in http/my.server.ip:8080. The war file redirects all unauthenticated users to the /login url pattern so they can sign in before using the site. This works fine in tomcat. But when I comment out the DocumentRoot and add ProxyPass and ProxyPassReverse instead, I get the following error message in the browser: 

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /login.

Reason: DNS lookup failure for: server.ip.address:8009login

My VirtualHost is as follows: 

<VirtualHost *:80>
    ServerName www.mydomain.com
    ServerAlias mydomain.com
    ErrorLog /var/log/httpd/mydomain_com_error.log
    CustomLog /var/log/httpd/mydomain_com_requests.log combined
    ProxyPass / ajp://server.ip.address:8009
    ProxyPassReverse / ajp://server.ip.address:8009
</VirtualHost>

I also made sure to uncomment the following connector in server.xml: 

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

You can read the entire server.xml file located in a file sharing site by clicking on this link.

Apache is obviously talking to tomcat and working with the war file, because apache figured out how to get re-directed to the /login url pattern. But how can I fix my configuration so that /login and other relative urls get served correctly?

I am not certain whether or not mod_jk is installed.

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
CodeMed
  • 5,079
  • 45
  • 100
  • 147
  • Glad you got all this working. You're on the final step... I must ask though: Where does login come from in `server.ip.address:8009login` – eyoung100 Dec 26 '14 at 20:35
  • @eyoung100 When a user who has not been authenticated by the java application/war requests any url in the app, that user is redirected by the app to the `/login` url pattern. In this case, the user is requesting the `/` url pattern. But since the user has not logged in to the app yet, the request is redirected to `/login`. – CodeMed Dec 26 '14 at 21:25
  • Well then you forgot a space – eyoung100 Dec 26 '14 at 21:35
  • @eyoung100 where? – CodeMed Dec 26 '14 at 21:35
  • `server.ip.address:8009login` That string is not terminated properly The server thinks the port is 8009login – eyoung100 Dec 26 '14 at 21:37
  • @eyoung100 That makes perfect sense. I just do not know what to do with that information. – CodeMed Dec 26 '14 at 21:38
  • @eyoung100 I just tried adding a space after `ProxyPass / ajp://server.ip.address:8009 ` and after `ProxyPassReverse / ajp://server.ip.address:8009 `, then stopped and restarted httpd, but I get the same error. – CodeMed Dec 26 '14 at 21:42
  • Who or what is resolving your DNS? – eyoung100 Dec 26 '14 at 21:45
  • @eyoung100 My domain registrar has `DNS` set up for me, pointing to this server's ip. But I do not know what is resolving them inside the `CentOS 7` box. I can tell you that `firewalld` has the `dhcpv6-client` service enabled. – CodeMed Dec 26 '14 at 21:49
  • Have you read the [mod_proxy documentation](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html) I don't think ProxyPass can resolve to the root. – eyoung100 Dec 26 '14 at 21:55
  • @garethTheRed That solved the problem. Thank you very much. In american basketball, they call what you just did a 3 point shot, when the player nails it over long distance from the opposite side of the court. If you want to write it as an answer, I would be happy to mark it as accepted and +1. Thank you. – CodeMed Dec 26 '14 at 21:59
  • There was more luck than skill in that 3 point shot, I'm afraid :-) – garethTheRed Dec 26 '14 at 22:03

1 Answers1

4

Append a / to both your ProxyPass lines as it seems that tomcat is redirecting to login instead of /login. Use:

ProxyPass / ajp://server.ip.address:8009/
ProxyPassReverse / ajp://server.ip.address:8009/
garethTheRed
  • 33,289
  • 4
  • 92
  • 101
  • This helps me understand that tomcat is just concatenating a string, then passing the assembled string into another function. – CodeMed Dec 27 '14 at 05:33