Apache-Tomcat VHost redirection
- Jul
- 18
- Posted by TKH Specialist
- Posted in apache, tomcat
OK this isn’t rocket science however I thought it worth documenting since I will probably forget in 6 months to a year when asked to do this again.
The Situation: Tomcat running with an Apache front-end using AJP to pass all traffic through to Tomcat after authenticating against CAS.
The Problem: The tomcat application did not exist in the root context so traffic needed to be forwarded to DOMAIN/sub-dir using HTTPS to insure data is secure. We were simply forwarding all HTTP traffic to HTTPS and forwarding any URL with DOMAIN/sub-dir in the path. That meant anyone going to DOMAIN/ was not being redirected to the application.
Where we were:
#/etc/httpd/conf/httpd.conf <VirtualHost *:80> Redirect / https://DOMAIN/SUB-DIR
#/etc/httpd/conf.d/ssl/conf <Location /SUB-DIR> ProxyPass ajp://localhost:8009/SUB-DIR ProxyPassReverse ajp://localhost:8009/SUB-DIR </Location>
For a reason I don’t have the details for (a change on the tomcat application side) this stopped working. Following CAS authentication the user was being returned to HTTPS://DOMAIN/SUB-DIRSUB-DIR which of course didn’t work. Since the application was now configured as desired I needed to fix the rewrite/redirection issue.
Before I get to the solution. For all previous cases we had a consulting firm working with us, they would simply put a redirection statement in tomcat root context. Not really a great idea but hey I don’t get paid the big bucks as a consultant so what do I know!
The Solution:
First to handle all HTTP traffic:
#/etc/httpd/conf/httpd.conf <VirtualHost *:80> Redirect / https://jenkins.example.com/ </VirtualHost>
Now to handle the secure HTTPD traffic. My first attempt (without thinking) was to do this:
#/etc/httpd/conf.d/ssl.conf <Location /> ProxyPass ajp://localhost:8009/SUB-DIR ProxyPassReverse ajp://localhost:8009/SUB-DIR </Location> <Location /SUB-DIR> ProxyPass ajp://localhost:8009/SUB-DIR ProxyPassReverse ajp://localhost:8009/SUB-DIR </Location>
This of course did not work because Apache was never reaching the /SUB-DIR test! So a quick cut and paste and I had this:
#/etc/httpd/conf.d/ssl.conf <Location /SUB-DIR> ProxyPass ajp://localhost:8009/SUB-DIR ProxyPassReverse ajp://localhost:8009/SUB-DIR </Location> <Location /> ProxyPass ajp://localhost:8009/SUB-DIR ProxyPassReverse ajp://localhost:8009/SUB-DIR </Location>
This works. It is clean and quick the way it is supposed to be. To recap
Recent Comments
- Stefan on Flush This!
- Timestamping your Bash History | Matt's Entropy on Remember when you issued that command…?
- Matt Smith on Remember when you issued that command…?
- Ruan on Putting ‘lsof’ to use
- Dylan F. Marquis on External Mapping of LDAP attributes in CAS