我的设置如下:
互联网 -- 路由器 -[DMZ]- pfSense -- 网络服务器
router =
jenky 塑料廉价路由器(我的 mikrotik/routerboard 坏了)。已将 pfSense 的 IP 地址设置为 DMZ。
pfsense =
执行基本的防火墙和代理/反向代理。代理用于将 URL 转发到防火墙后面的正确 Web 服务器。
webserver =
centos box 运行 httpd(apache)和 tomcat6(分别安装,均由 yum 安装,但安装时间不同,因此不是 apache+tomcat 的问题)。
有多个网站由这个特定的网络服务器运行,由 apache 的虚拟主机处理。
ex: http://www.example.com, http://www.example1.com, etc
Tomcat 在扩展名 /mywebapp 的端口 8080 上运行一个应用程序。
ex: http://www.example.com:8080/mywebapp
我已经适当地配置了所有内容,pfsense
以将 apache 提供服务的网站的所有子域转发到正确的主机。
我已配置 /etc/httpd/conf/httpd.conf 以包含虚拟主机配置
<VirtualHost *:80>
ServerName mywebapp.example.com
ProxyPass / http://www.example.com:8080/mywebapp
ProxyPassReverse / http://www.example.com:8080/mywebapp
ProxyRequests Off
<Proxy http://www.example.com:8080/mywebapp*>
Order deny,allow
Allow from all
</Proxy>
ErrorLog logs/mywebapp.example.com-error_log
CustomLog logs/mywebapp.example.com-access_log common
</VirtualHost>
我已经修改了我的 tomcat6server.xml
文件并将第一个连接器更改为包含proxyName
和proxyPort
。
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
proxyName="mywebapp.example.com"
proxyPort="8080"
redirectPort="8443" URIEncoding="UTF-8"/>
无论我尝试什么,当我将其放入mywebapp.example.com
浏览器时,它都会重定向到mywebapp.example.com:8080/mywebapp
。
当我想以 访问它mywebapp.example.com
并让它停留在浏览器地址栏中时。这将使 URL 发布更加友好,等等。
我已经CNAME
配置DNS
了mywebapp
。
www.example.com
不受影响。
的日志httpd
看起来正常……tomcat6 的日志什么都没显示。我知道请求击中了正确的框,因为www.example.com:8080/mywebapp
它有效(以及其他网站)。
iptables
已被禁用,所以如果SELinux
。
我做错了什么?请指教。
UPDATE:
我尝试ProxyPreserveHost On
按照其中一条注释添加 vhost 配置,但无济于事。添加此行并重新启动 apache 和 tomcat 后,我无法访问mywebapp.example.com
nor www.example.com:8080/mywebapp
。基本上,添加此配置会使 mywebapp 完全无法访问,但我知道它仍在运行。
UPDATE 2:
添加从服务器获取的 tcpdump。我显示了从pfsense
(代理)传递到 的第一个连接webserver
。
192.168.0.1 == pfsense
192.168.1.1 == webserver
192.168.2.1 == "internet"
192.168.0.1 > 192.168.1.1
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: mywebapp.example.com
DNT: 1
Via: 1.1 proxy.somecompany.com (squid/3.1.20)
X-Forwarded-For: 192.168.2.1
Cache-Control: max-age=259200
192.168.1.1 > 192.168.2.1
GET /mywebapp HTTP/1.1
Host: www.example.com:8080
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Via: 1.1 proxy.somecompany.com (squid/3.1.20)
X-Forwarded-For: 192.168.2.1, 192.168.0.1
Cache-Control: max-age=259200
X-Forwarded-Host: mywebapp.example.com
X-Forwarded-Server: mywebapp.example.com
Connection: Keep-Alive
192.168.2.1 > 192.168.1.1
GET /mywebapp HTTP/1.1
Host: www.example.com:8080
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Via: 1.1 proxy.somecompany.com (squid/3.1.20)
X-Forwarded-For: 192.168.2.1, 192.168.0.1
Cache-Control: max-age=259200
X-Forwarded-Host: mywebapp.example.com
X-Forwarded-Server: mywebapp.example.com
Connection: Keep-Alive
192.168.1.1 > 192.168.2.1
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://mywebapp.example.com:8080/mywebapp/
Content-Length: 0
Date: Thu, 04 Apr 2013 05:14:44 GMT
192.168.2.1 > 192.168.1.1
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://mywebapp.example.com:8080/mywebapp/
Content-Length: 0
Date: Thu, 04 Apr 2013 05:14:44 GMT
192.168.1.1 > 192.168.0.1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 04 Apr 2013 05:14:44 GMT
Server: Apache-Coyote/1.1
Location: http://mywebapp.example.com:8080/mywebapp/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8
192.168.2.1 > 192.168.1.1
GET /mywebapp/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: mywebapp.example.com:8080
192.168.1.1 > 192.168.2.1
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Encoding: gzip
Expires: 0
Cache-Control: no-cache,must-revalidate
X-App-Theme: default
Set-Cookie: JSESSIONID=81CE83D61454A8E75C222759FA118338; Path=/mywebapp
X-App: 1.395
X-App2: 1.508
X-App2-Session: e797c95b
X-App-CLI-Port: 36143
X-App2-CLI-Port: 36143
X-App2-CLI2-Port: 36143
X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEfz8W2LiYRfrJQYH35uwtgQBpy0g6bTvBaTuARRpVLUmi+lnEfD/nVJY4GJoSfGzgnJAQ3MSqX+e1F4y2Jg5hwa2L0jibpb//BbfIMZkYZk8CtLMrkGvLC1nB7sghXupWOUOhWnzFq+a+LHSANNqfaMs9k6xJI6rvwIDAQAB
Content-Type: text/html;charset=UTF-8
Content-Length: 3879
Date: Thu, 04 Apr 2013 05:14:44 GMT
192.168.2.1 > 192.168.1.1
GET /mywebapp/static/e797c95b/css/style.css HTTP/1.1
Accept: text/css
Referer: http://mywebapp.example.com:8080/mywebapp/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: mywebapp.example.com:8080
DNT: 1
Connection: Keep-Alive
Cookie: JSESSIONID=81CE83D61454A8E75C222759FA118338
192.168.1.1 > 192.168.2.1
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Mon, 25 Mar 2013 20:17:34 GMT
Expires: Fri, 04 Apr 2014 05:14:44 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Type: text/css
Content-Length: 5763
Date: Thu, 04 Apr 2013 05:14:44 GMT
192.168.2.1 > 192.168.1.1
GET /mywebapp/static/e797c95b/css/color.css HTTP/1.1
Accept: text/css
Referer: http://mywebapp.example.com:8080/mywebapp/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: mywebapp.example.com:8080
DNT: 1
Connection: Keep-Alive
Cookie: JSESSIONID=81CE83D61454A8E75C222759FA118338
Update 3:
添加我当前的/etc/httpd/conf/httpd.conf
文件以显示迄今为止的更新/更改。
<VirtualHost *:80>
ServerName mywebapp.example.com
ProxyPass / http://www.example.com:8080/mywebapp/
ProxyPassReverse / http://www.example.com:8080/mywebapp/
ProxyRequests off
RewriteEngine on
RewriteRule ^(/.*) http://www.example.com:8080/mywebapp/$1 [P]
# ProxyPreserveHost On
<Proxy http://www.example.com:8080/mywebapp*>
Order deny,allow
Allow from all
</Proxy>
ErrorLog logs/mywebapp.example.com-error_log
CustomLog logs/mywebapp.example.com-access_log common
</VirtualHost>
答案1
目前没有可用于测试的盒子,但您看到的是来自 tomcat 的 302 重定向。如果您请求不带尾部斜杠的目录索引,则总是会发生这种情况。
尝试以下 ProxyPass 和 ProxyPassReverse 配置:
ProxyPass / http://www.somesite.com:8080/mywebapp/
ProxyPassReverse / http://www.somesite.com:8080/mywebapp/
注意末尾的斜杠。这应该可以避免 302 临时重定向。
编辑:对于静态内容,尝试添加:
RewriteEngine on
RewriteRule ^(/.*) http://www.somesite.com:8080/mywebapp/$1 [P]
这基本上意味着从您的网络服务器的根目录获取每个请求并将其交给代理模块。
答案2
为什么需要这个Proxy
部分?
<Proxy http://www.somesite.com:8080/mywebapp*>
Order deny,allow
Allow from all
</Proxy>
答案3
看来该重定向是从 Tomcat 端生成的 URL。
尝试添加ProxyPreserveHost On
到您的<VirtualHost *:80>
配置中?