代理、Apache、Tomcat - VHosts

代理、Apache、Tomcat - VHosts

我的设置如下:

互联网 -- 路由器 -[DMZ]- pfSense -- 网络服务器

router =jenky 塑料廉价路由器(我的 mikrotik/routerboard 坏了)。已将 pfSense 的 IP 地址设置为 DMZ。

pfsense =执行基本的防火墙和代理/反向代理。代理用于将 URL 转发到防火墙后面的正确 Web 服务器。

webserver =centos box 运行 httpd(apache)和 tomcat6(分别安装,均由 yum 安装,但安装时间不同,因此不是 apache+tomcat 的问题)。

有多个网站由这个特定的网络服务器运行,由 apache 的虚拟主机处理。

ex: http://www.example.com, http://www.example1.com, etc

Tomcat 在扩展名 /mywebapp 的端口 8080 上运行一个应用程序。

ex: http://www.example.com:8080/mywebapp

我已经适当地配置了所有内容,pfsense以将 apache 提供服务的网站的所有子域转发到正确的主机。

我已配置 /etc/httpd/conf/httpd.conf 以包含虚拟主机配置

<VirtualHost *:80>
    ServerName mywebapp.example.com
    ProxyPass / http://www.example.com:8080/mywebapp
    ProxyPassReverse / http://www.example.com:8080/mywebapp
    ProxyRequests Off
    <Proxy http://www.example.com:8080/mywebapp*>
        Order deny,allow
        Allow from all
    </Proxy>
    ErrorLog logs/mywebapp.example.com-error_log
    CustomLog logs/mywebapp.example.com-access_log common
</VirtualHost>

我已经修改了我的 tomcat6server.xml文件并将第一个连接器更改为包含proxyNameproxyPort

<!-- A "Connector" represents an endpoint by which requests are received
    and responses are returned. Documentation at :
    Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
    Java AJP  Connector: /docs/config/ajp.html
    APR (HTTP/AJP) Connector: /docs/apr.html
    Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           proxyName="mywebapp.example.com"
           proxyPort="8080"
           redirectPort="8443" URIEncoding="UTF-8"/>

无论我尝试什么,当我将其放入mywebapp.example.com浏览器时,它都会重定向到mywebapp.example.com:8080/mywebapp

当我想以 访问它mywebapp.example.com并让它停留在浏览器地址栏中时。这将使 URL 发布更加友好,等等。

我已经CNAME配置DNSmywebapp

www.example.com不受影响。

的日志httpd看起来正常……tomcat6 的日志什么都没显示。我知道请求击中了正确的框,因为www.example.com:8080/mywebapp它有效(以及其他网站)。

iptables已被禁用,所以如果SELinux

我做错了什么?请指教。

UPDATE:我尝试ProxyPreserveHost On按照其中一条注释添加 vhost 配置,但无济于事。添加此行并重新启动 apache 和 tomcat 后,我​​无法访问mywebapp.example.comnor www.example.com:8080/mywebapp。基本上,添加此配置会使 mywebapp 完全无法访问,但我知道它仍在运行。

UPDATE 2:添加从服务器获取的 tcpdump。我显示了从pfsense(代理)传递到 的第一个连接webserver

192.168.0.1 == pfsense
192.168.1.1 == webserver
192.168.2.1 == "internet"

192.168.0.1 > 192.168.1.1
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: mywebapp.example.com
DNT: 1
Via: 1.1 proxy.somecompany.com (squid/3.1.20)
X-Forwarded-For: 192.168.2.1
Cache-Control: max-age=259200

192.168.1.1 > 192.168.2.1
GET /mywebapp HTTP/1.1
Host: www.example.com:8080
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Via: 1.1 proxy.somecompany.com (squid/3.1.20)
X-Forwarded-For: 192.168.2.1, 192.168.0.1
Cache-Control: max-age=259200
X-Forwarded-Host: mywebapp.example.com
X-Forwarded-Server: mywebapp.example.com
Connection: Keep-Alive

192.168.2.1 > 192.168.1.1
GET /mywebapp HTTP/1.1
Host: www.example.com:8080
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Via: 1.1 proxy.somecompany.com (squid/3.1.20)
X-Forwarded-For: 192.168.2.1, 192.168.0.1
Cache-Control: max-age=259200
X-Forwarded-Host: mywebapp.example.com
X-Forwarded-Server: mywebapp.example.com
Connection: Keep-Alive

192.168.1.1 > 192.168.2.1
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://mywebapp.example.com:8080/mywebapp/
Content-Length: 0
Date: Thu, 04 Apr 2013 05:14:44 GMT

192.168.2.1 > 192.168.1.1
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://mywebapp.example.com:8080/mywebapp/
Content-Length: 0
Date: Thu, 04 Apr 2013 05:14:44 GMT

192.168.1.1 > 192.168.0.1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 04 Apr 2013 05:14:44 GMT
Server: Apache-Coyote/1.1
Location: http://mywebapp.example.com:8080/mywebapp/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

192.168.2.1 > 192.168.1.1
GET /mywebapp/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: mywebapp.example.com:8080

192.168.1.1 > 192.168.2.1
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Encoding: gzip
Expires: 0
Cache-Control: no-cache,must-revalidate
X-App-Theme: default
Set-Cookie: JSESSIONID=81CE83D61454A8E75C222759FA118338; Path=/mywebapp
X-App: 1.395
X-App2: 1.508
X-App2-Session: e797c95b
X-App-CLI-Port: 36143
X-App2-CLI-Port: 36143
X-App2-CLI2-Port: 36143
X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEfz8W2LiYRfrJQYH35uwtgQBpy0g6bTvBaTuARRpVLUmi+lnEfD/nVJY4GJoSfGzgnJAQ3MSqX+e1F4y2Jg5hwa2L0jibpb//BbfIMZkYZk8CtLMrkGvLC1nB7sghXupWOUOhWnzFq+a+LHSANNqfaMs9k6xJI6rvwIDAQAB
Content-Type: text/html;charset=UTF-8
Content-Length: 3879
Date: Thu, 04 Apr 2013 05:14:44 GMT

192.168.2.1 > 192.168.1.1
GET /mywebapp/static/e797c95b/css/style.css HTTP/1.1
Accept: text/css
Referer: http://mywebapp.example.com:8080/mywebapp/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: mywebapp.example.com:8080
DNT: 1
Connection: Keep-Alive
Cookie: JSESSIONID=81CE83D61454A8E75C222759FA118338

192.168.1.1 > 192.168.2.1
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Mon, 25 Mar 2013 20:17:34 GMT
Expires: Fri, 04 Apr 2014 05:14:44 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Type: text/css
Content-Length: 5763
Date: Thu, 04 Apr 2013 05:14:44 GMT

192.168.2.1 > 192.168.1.1
GET /mywebapp/static/e797c95b/css/color.css HTTP/1.1
Accept: text/css
Referer: http://mywebapp.example.com:8080/mywebapp/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: mywebapp.example.com:8080
DNT: 1
Connection: Keep-Alive
Cookie: JSESSIONID=81CE83D61454A8E75C222759FA118338

Update 3:添加我当前的/etc/httpd/conf/httpd.conf文件以显示迄今为止的更新/更改。

<VirtualHost *:80>
    ServerName mywebapp.example.com
    ProxyPass / http://www.example.com:8080/mywebapp/
    ProxyPassReverse / http://www.example.com:8080/mywebapp/
    ProxyRequests off
    RewriteEngine on
    RewriteRule ^(/.*) http://www.example.com:8080/mywebapp/$1 [P]
#    ProxyPreserveHost On
    <Proxy http://www.example.com:8080/mywebapp*>
        Order deny,allow
        Allow from all
    </Proxy>
    ErrorLog logs/mywebapp.example.com-error_log
    CustomLog logs/mywebapp.example.com-access_log common
</VirtualHost>

答案1

目前没有可用于测试的盒子,但您看到的是来自 tomcat 的 302 重定向。如果您请求不带尾部斜杠的目录索引,则总是会发生这种情况。

尝试以下 ProxyPass 和 ProxyPassReverse 配置:

ProxyPass / http://www.somesite.com:8080/mywebapp/
ProxyPassReverse / http://www.somesite.com:8080/mywebapp/

注意末尾的斜杠。这应该可以避免 302 临时重定向。

编辑:对于静态内容,尝试添加:

RewriteEngine on 
RewriteRule ^(/.*) http://www.somesite.com:8080/mywebapp/$1 [P]

这基本上意味着从您的网络服务器的根目录获取每个请求并将其交给代理模块。

答案2

为什么需要这个Proxy部分?

<Proxy http://www.somesite.com:8080/mywebapp*>
    Order deny,allow
    Allow from all
</Proxy>

答案3

看来该重定向是从 Tomcat 端生成的 URL。

尝试添加ProxyPreserveHost On到您的<VirtualHost *:80>配置中?

相关内容