When I tried to connect to Spring Boot web socket from Android stomp client, it is not connecting and the Catalina log shows
Handshake failed due to invalid Upgrade header: null
Tomcat server is running behind Apache and the Apache server runs on https. I haven't added https in Tomcat .All the http requests are redirected to https this is how I tried to connect to the websocket
mStompClient = Stomp.over(Stomp.ConnectionProvider.JWS, "wss://chat.example.com/ws/chat/websocket", headers);
but it works when running in local machine
mStompClient = Stomp.over(Stomp.ConnectionProvider.JWS, "http://10.0.2.2:8080/chat/ws/chat/websocket", headers);
this is my stomp end point setup
registry.addEndpoint("/chat").setHandshakeHandler(new HandShakeHandler()).withSockJS();
I have enabled mod proxy wstunnel and in the virtual host config I have added
ProxyPass / http://localhost:8080/chat/
proxyPassReverse / http://localhost:8080/chat/
ProxyPass /wss/ ws://localhost:8080/chat/
How can I fix this?
I got the answer from this server fault lin. I have to add
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule /api/(.*) ws://newapp.example.com:8080/api/$1 [P]
and changed the last line to
RewriteRule /chat/(.*) ws://localhost:8080/chat/chat/$1 [P]
and now it is connected
The problem may be in the order of your proxy commands:
ProxyPass / http://localhost:8080/chat/
proxyPassReverse / http://localhost:8080/chat/
ProxyPass /wss/ ws://localhost:8080/chat/
See the documentation:
Ordering ProxyPass Directives
The configured ProxyPass and ProxyPassMatch rules are checked in the order of configuration. The first rule that matches wins. So usually you should sort conflicting ProxyPass rules starting with the longest URLs first.
Since the first rule matches the /wss/ URLs, the later rule is never triggered. The correct order is:
ProxyPass /wss/ ws://localhost:8080/chat/
ProxyPass / http://localhost:8080/chat/
proxyPassReverse / http://localhost:8080/chat/
(I'm not sure if you need a reverse rule or not.)
I've spent hours trying to make the redirect rules work on my system but apparently you don't need them at all.
Related
I am trying to redirect traffic from Apache to Tomcat on CentOs server by using mod_proxy and mod_proxy_wstunnel modules. HTTP traffic is redirected without problems but I am not able to successfully redirect websocket traffic with any configuration I tried so far. It gives me 200 response code instead of 101.
I have read a lot of similar questions, but haven't find any solution yet. These one have similar problems.
Question 1, Question 2
I'm using Apache Server 2.4.6 - > Apache Tomcat 7.0.92 - > Java Application with Spring and javax socket implementation.
Here is my modules:
Here is my httpd config:
<VirtualHost *:80>
ServerName domain.com
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"$
CustomLog /var/log/httpd/log_access.log combined
ErrorLog /var/log/httpd/log_error.log
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
RewriteEngine On
#RewriteCond %{HTTP:Connection} Upgrade [NC]
#RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule /app-api/chat/user/(.*) ws://127.0.0.1:8080/app-api/chat/user/$1 [P,L]
ProxyPass /app-api http://127.0.0.1:8080/ retry=1 acquire=3000
ProxyPassReverse /app-api http://127.0.0.1:8080/
DocumentRoot /var/www/html
If i use connect to Apache Tomcat directly on local machine - all is good, it's returns 101,but not on remote.
Why i'm getting 200 response?
What is wrong with this config?
I have tried a lot of implementaions, but still have 200 response from server instead of upgrade to 101.
Finnally, i have done it.
In my case, there is no need to put RewriteConds and RewriteRules.
All was need is to proxy request to actual backend (Apache Tomcat) by adding into httpd.conf
ProxyPass /api/chat/user/ ws://127.0.0.1:8080/chat/user/
ProxyPassReverse /api/chat/user/ ws://127.0.0.1:8080/chat/user/
Also mod_proxy_wstunnel must be enabled.
Got this config just from the official docs.
Just in case: mod_proxy_wstunnel
Is it possible at all to do what I'm trying to do?
I have a domain - example.com - installed on a webserver Ubuntu 16.04/Apache.
Behind Apache I'm running a standard Glassfish (Payara actually) on standard port 8080.
On Payara I have a webapp - myWebapp - deployed on root context /
when i point my broser directly to port 8080 it shows my web app as i expect:
http://example.com:8080/ => webapp shown.
1) first i want to hide my Payara behind apache and make sure when people write
http://example.com/ the are redirected to
https://example.com => myWebapp is shown.
This part works using AJP and my certificates are all in place.
In my default.conf in the
<VirtualHost *:80>
have inserted the following line:
Redirect permanent / https://example.com
it takes care of the redirection to HTTPS. But i'm in doubt if this is the right way to do it.
Everything else in the conf file is standard.
in my ssl.conf file in the
<virtualHost *.443>
I have inserted
ServerName example.com
and paths to SSL certificates. It's working as expected.
further more i have added
ProxyPass / ajp://127.0.0.1:8009
ProxyPassReverse / ajp://127.0.0.1:8009
Again, this works well. If i write
http://example.com
I'm redirected to
https://example.com/ => myWebapp is shown.
This is perfect.
but if i write
http://example.com/phpmyadmin
for instance I'm not shown the phpmyadmin page.
How can i accomplish this and is it possible at all?
thanks for any help.
Kim
You have a conflict in the following configuration:
ProxyPass / ajp://127.0.0.1:8009
ProxyPassReverse / ajp://127.0.0.1:8009
This sends all http requests, also http://example.com/phpmyadmin to your Payara server
What you need instead is something like
ProxyPass /myWebapp ajp://127.0.0.1:8009
ProxyPassReverse /myWebapp ajp://127.0.0.1:8009
so that only relative URLs that start with /myWebapp are redirected to your Payara server and /phpmyadmin is still hosted by Apache.
The Apache documentation mentions:
Only specific URIs can be proxied, as shown in this example:
ProxyPass "/images" "http://www.example.com/"
ProxyPassReverse "/images" "http://www.example.com/"
In the above, any requests which start with the /images path with be proxied to the specified backend, otherwise it will be handled locally.
I've been running a site for the past 3 years with out any issues. The current SSL certificate was applied the past December. It is running on the FreeBSD 10 operating system. Apache is configured as a reverse proxy passing to Tomcat 6.0. As of this week the initial loading of pages has become extremely slow and does not leave any messages for the user. Nothing seems to stand out in my logs either. I will try to post the configuration below in hopes someone with a fresh set of eyes sees something I'm overlooking. There have been no modifications to the configuration since the site was stood up. If you need any additional info I'll be happy to provide.
Thanks
<VirtualHost *:443>
# General setup for the virtual host
DocumentRoot "/usr/local/apache-tomcat-6.0/webapps"
ServerName hsc.myissinc.com
ServerAdmin support#myissinc.com
ServerSignature Off
Timeout 60
#KeepAlive On
ErrorLog /var/log/apache2/ajp.error.log
LogLevel warn
CustomLog /var/log/apache2/ajp.log combined
RewriteEngine On
#RewriteOptions inherit
ProxyVia On
ProxyRequests Off
ProxyPreserveHost Off
#ProxyPassReverseCookieDomain localhost hsc.myissinc.com
ProxyPass /easehsc/PublicTempStorage/ http://localhost:8080/easehsc/PublicTempStorage/ retry=10 acquire=3000 connectiontimeout=300 timeout=300 Keepalive=on
ProxyPassReverse /easehsc/PublicTempStorage/ http://localhost:8080/easehsc/PublicTempStorage/
ProxyPass /easehsc/ http://localhost:8080/easehsc/ retry=10 acquire=3000 connectiontimeout=300 timeout=300 Keepalive=on
ProxyPassReverse /easehsc/ http://localhost:8080/easehsc/
ProxyPass / http://localhost:8080/ retry=10 acquire=3000 connectiontimeout=300 timeout=300 Keepalive=on
ProxyPassReverse / https://localhost:8080/
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProxyEngine on
# Server Certificate:
SSLCertificateFile "/root/sslCA/myissinc.cer"
# Server Private Key:
SSLCertificateKeyFile "/root/sslCA/myissinc.key"
# Server Chain File (Intermediate Cert)
SSLCertificateChainFile "/root/sslCA/myissincint.cer"
</VirtualHost>
Turns out the issue was not with the Apache configuration nor tomcat at all. The web app was calling a REST API that was suddenly taken offline due to getting DDoS attack. We commented this call out and all works great. Thanks for those who looked at this and made suggestions.
I was looking over this guide to setup tomcat + apache with SSL: http://www.mulesoft.com/tcat/tomcat-ssl
Under section, "When To Use SSL With Tomcat" it says:
"...In other words, if you're fronting Tomcat with a web server and using it only as
an application server or Tomcat servlet container, in most cases you should let the web server function as a proxy for all SSL requests"
Since I already have a webserver set up with SSL, I decided to be lazy. I installed tomcat with default settings, and started it up. In my httpd.conf, I redirected all 80 traffic to 443, and then proxypass and proxypassreverse to ajp://hostname.com:8009. I restarted httpd and it "appears" to redirect to tomcat server over ssl. Is this completely broken or did I actually manage to do what I intended on first go? Any test suggestions are much appreciated.
<VirtualHost *:80>
ServerName hostname_DNS_alias.com
Redirect / https://hostname_DNS_alias.com
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/thecrt.crt
SSLCertificateKeyFile /etc/pki/tls/private/thekey.key
SSLCertificateChainFile /etc/pki/tls/certs/CA.crt
ServerName hostname_DNS_alias.com
DocumentRoot /var/www/html
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://hostname.com:8009/
ProxyPassReverse / ajp://hostname.com:8009/
</VirtualHost>
I think you've got it, but you can look at the access logs on HTTPD & Tomcat to confirm the request is being proxied. You should see an access log entry on both systems.
A couple quick notes...
As mentioned in the comment, you can remove the HTTP connector from Tomcat. It's not a must though. Sometimes it nice to keep open for testing purposes (i.e. you can hit the server directly) or if you want to run the Manager app on it. If you do keep it around, especially if you use it to run the Manager app, you should probably restrict access to it. Two easy ways to do that are by setting the address attribute on the HTTP connector to localhost or by configuring a RemoteAddressFilter.
Keep in mind that the AJP connection from your HTTPD server to Tomcat is not encrypted (SSL is terminated at HTTPD), so you want to make sure that traffic never goes over an insecure network (like the Internet).
Since you already have HTTPD in the mix, you can also use it to serve up your static files. If you deploy them to your document root, you can then add a "ProxyPass !" directive to exclude that path from being proxied to Tomcat. This will offer slightly less latency on the request as HTTPD does need to get the static file from Tomcat.
I have a problem. I have two web apps deployed as wars. Let's call them app1.war and app2.war.
I would like app1.war to be accessed at the URL www.website.com and I would like app2.war to be accessible as www.anotherweb.com. I have my domain name ready.
I am able to run the application as www.website.com/app1, www.website.com/app2.
So Now i need to run using www.website.com and www.anotherweb.com
I am running JBoss7.1.1.
Thanks for any insights.
You need to put Apache Http server between user and JBoss server and not access your server directly from web. Configure Apache HTTP server to use mod_proxy with virtual host configuration. If your JBoss server runs on http://localhost:8080, it will look something like this in httpd.conf.
NameVirtualHost *:80
<VirtualHost *:80>
RewriteEngine On
ServerName www.website.com
ProxyPass / http://localhost:8080/app1/
ProxyPassReverse / http://localhost:8080/app1/
</VirtualHost>
<VirtualHost *:80>
RewriteEngine On
ServerName www.anotherweb.com
ProxyPass / http://localhost:8080/app2/
ProxyPassReverse / http://localhost:8080/app2/
</VirtualHost>