Hi
We started to create our applications with J2EE. We now created a Webservice and deployed it to the Glassfish Server. We have written an apache proxy rule to access it via https://our.server.com/webservice-war (only https port is open to that server):
ProxyRequests Off
ProxyPass /webservice-war http://our.server.com:8080/webservice-war
ProxyPassReverse /webservice-war http://our.server.com:8080/webservice-war
Now everything works fine, but when we go to the to the ServiceEndpoint page (which is automatically generated) there is a link to the WSDL page:
http://our.server.com:8080/webservice-war/HostaliasSearchImplService?wsdl
which is obously wrong (Glassfish listens to port 8080). and also https is changed to http
Anyone an idea how I can fix it, that the automatically generated link is:
https://our.server.com/webservice-war/HostaliasSearchImplService?wsdl
BR, Rene
I discovered what I consider to be a very simple and elegant way to deal with the issue: use mod_substitute. Since those of us with this problem are already using Apache, and it's built in and simple, I liked this approach best.
I put a block similar to the below in one of my Apache conf files and found joy:
<Location />
AddOutputFilterByType SUBSTITUTE text/xml
Substitute "s|http://internal:8080/foo|https://external/foo|ni"
</Location>
Found the solution!
Anonym gave me a good hint about mod_jk. So here the complete configuration (for RHEL5).
First of all Download the mod_jk module for apache: http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/linux/jk-1.2.31/x86_64/
Put in in the modules directory /etc/httpd/modules and make it executeable:
chmod +x mod_jk-1.2.31-httpd-2.2.x.so
After that create /etc/httpd/conf/workers.properties:
# Define 1 real worker using ajp13
worker.list=worker1
# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
The Port 8009 is the where the Glassfish jk connector listens (we come to that later).
No we have to configure mod_jk, therefore create the file: /etc/httpd/conf.d/mod_jk.conf with the following content:
LoadModule jk_module modules/mod_jk-1.2.31-httpd-2.2.x.so
JkWorkersFile /etc/httpd/conf/workers.properties
# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel debug
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
# Send everything for context /atsi-war to worker named worker1 (ajp13)
JkMount /yourapp-war/* worker1
(This means everything from your http://apache.webserver.com/yourapp-war/ will bi redirected to Glassfish yourapp-war application context)
Important, if you are using virtual hosts on apache, you have to set the option:
JkMountCopy On
for your virtual servers. Explication:
If this directive is set to "On" in
some virtual server, the mounts from
the global server will be copied to
this virtual server, more precisely
all mounts defined by JkMount or
JkUnMount.
Now we have to create the jk connecter in glassfish:
asadmin create-http-listener --listenerport 8009 --listeneraddress 0.0.0.0 --defaultvs server jk-connector
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.jk-connector.jk-enabled=true
Restart Glassfish, and everything sould work.
As for rewriting the https -> http, I'm not sure that's possible(yet) without using mod_jk, see here
, but see also this little guide
Though, generally, you'll need configure Glassfish and set http.proxyPort (and probably http.proxyHost too). Hopefully that should reflect in the autogenerated WSDL URL.
Here's 3 different ways to do this:
1
Use asadmin (in the Glassfish bin/ directory, run
asadmin create-jvm-options "-Dhttp.proxyPort=80"
asadmin create-jvm-options "-Dhttp.proxyHost=our.server.com"
2
Edit domain.xml and add under the <java-config> element
<jvm-options>-Dhttp.proxyPort=80</jvm-options>
<jvm-options>-Dhttp.proxyHost=our.server.com</jvm-options>
3.
Open the Glassfish admin web page, under Application Server -> VM Settings -> JVM Options and add these options
http.proxyPort=80
http.proxyHost=our.server.com
Setting
server-config.network-config.protocols.protocol.http-listener-1.http.server-name=MyHost:80
on GlassFish Server Open Source Edition 3.1.2.2 (build 5) solved problem to me.
Related
I have a configuration problem that has me stumped. I have a couple webapps that run in Tomcat and are connected and accessed through Apache httpd. I previously used Tomcat 7 and Apache 2.2, and I installed Tomcat 9 and Apache 2.4 and loaded my webapps. I read up on the configuration changes, and I thought I adjusted as needed, but for some reason only one of my two apps is accessible. That should rule a lot of things out, since the one works just fine.
I will add below my abbreviated Apache httpd config. I did adjust the Order deny,allow stuff to Require all granted in the conf file. I wonder if it's related to the JkMount directives, but this is how it worked in Apache 2.2. Could it be related to one of the webapps running as ROOT /? I do see some errors in my mod_jk.log such as:
[info] jk_open_socket::jk_connect.c (817): connect to 127.0.0.1:8010 failed (errno=61)
[info] ajp_connect_to_endpoint::jk_ajp_common.c (1068): (worker1) Failed opening socket to (127.0.0.1:8010) (errno=61)
[error] ajp_send_request::jk_ajp_common.c (1728): (worker1) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=61)
[info] ajp_service::jk_ajp_common.c (2778): (worker1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1)
..
[info] ajp_service::jk_ajp_common.c (2778): (worker1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
[error] ajp_service::jk_ajp_common.c (2799): (worker1) connecting to tomcat failed (rc=-3, errors=1, client_errors=0).
[info] jk_handler::mod_jk.c (2995): Service error=-3 for worker=worker1
Any help is greatly appreciated!
Apache 2.4 httpd.conf
Listen 80
LoadModule ssl_module modules/mod_ssl.so
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkShmFile "logs/mod_jk.shm"
JkLogFile "logs/mod_jk.log"
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkMount / worker1
JkMount /* worker1
JkMount /webapp2 worker1
JkMount /webapp2/* worker1
ServerName sub.mydomain.com:80
Include conf/extra/httpd-ssl.conf
Apache 2.4 httpd-ssl.conf
Listen 443
Protocols h2 http/1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:80>
ServerName sub.mydomain.com
Redirect permanent / https://sub.mydomain.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName sub.mydomain.com:443
<Location />
Require all granted
</Location>
<Location /webapp2>
Require all granted
</Location>
SSLEngine on
SSLCertificateFile "C:/ssl/mycert.crt"
SSLCertificateKeyFile "C:/ssl/mykey.key"
SSLCertificateChainFile "C:/ssl/mycabundle.crt"
</VirtualHost>
Apache 2.4 workers.properties
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8010
Tomcat 9 server.xml
<Connector port="8010" URIEncoding="utf-8" protocol="AJP/1.3" redirectPort="8443" />
By the way, this is in Windows.
Ok I finally figured this out. I was looking in the wrong place. I tested a different way and it seemed like the Apache to Tomcat connection was actually working for the second webapp as well. The problem actually occurred in PHP code on another server trying to access a resource in this second webapp (and that is this second webapp's sole purpose). Apparently when I switched from Apache httpd 2.2 to 2.4, the method used in that remote PHP code was no longer able to successfully POST to the webapp resource and retrieve a result. The code hadn't changed at all. That made it look at first like the webapp was inaccessible. When I changed the PHP method used for POST from fsockopen()/fwrite()/fgets()/etc. to file_get_contents(), then it worked. More granular error reporting a more thorough test early on would have helped, but wow what a bugger of a problem. I never would have guessed that would be a problem and I wonder why that didn't work after the change... something else to research or perhaps another question. I don't know how to explain the errors in the mod_jk.log. Perhaps I had something wrong temporarily. But there aren't more errors currently.
If you are in Linux. You should try issuing "setenforce 0".
Then to check if it was successfull if you issue "getenforce" you should get "Permissive".
I mean All of this in the linux shell.
I went this way 2 months ago.
I am working on Tomcatcat Clustering with Apache server on Ubuntu14. I did Tomcat Clustering successful and integration with Apache server as well.
In Apache server I did the virtual hosting as well something like following code.
<VirtualHost *:80>
ServerName myexample.com
ServerAdmin webmaster#myexample.com
DocumentRoot /var/www/myexample.com/public_html/
ServerAlias www.myexample.com
JkMount / balancer
# Error page is just the index telling about the situation of not being connected
ErrorDocument 404 /index.html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
So when I request myexample.com it send the request to balancer and balancer further redirect this request to one Tomcat Worker. My worker.properties file looks like this.
# Define 1 real worker named ajp13
worker.list=balancer,stat
# Set properties for worker named ajp13 to use ajp13 protocol,
# and run on port 8109
worker.tomcat1.type=ajp13
worker.tomcat1.host=localhost
worker.tomcat1.port=8109
worker.tomcat1.lbfactor=10
worker.tomcat2.type=ajp13
worker.tomcat2.host=localhost
worker.tomcat2.port=8209
worker.tomcat2.lbfactor=10
worker.tomcat3.type=ajp13
worker.tomcat3.host=localhost
worker.tomcat3.port=8309
worker.tomcat3.lbfactor=10
worker.balancer.type=lb
worker.balancer.balance_workers=tomcat1,tomcat2,tomcat3
worker.stat.type=status
Now the problem is whenever I request myexample.com, request is redirect to Tomcat Root folder and shows the Root folder content. I have one web application(helloworld) inside webapps folder of each tomcat instance.
So my question is how can I configure Tomcat or Apache so that request should redirect go to helloworld instead of Root folder.
I install JBoss 3.0.1 and it functions well both Apache on port 80 & Tomcat8 on port 8080. I deploy a sample war file from Tomcat and can view it at http://localhost:8080/sample/.
So is it possible to map it on Apache, then we can access it at http://localhost/sample/? If yes, can you please help me how to do that? Any suggestion would be appreciated.
Update: For POC purpose, the OS is Windows 7
You can do it by means of AJP. You don't specify what OS are you using, but I will assume it is GNU/Linux, although instructions for MS Windows will be similar.
The procedure is the following:
Install Apache module for AJP, usually it is called something like libapache2-mod-jk. (In debian/ubuntu you can run sudo apt-get install libapache2-mod-jk).
Then you will have a new module calledjk or similar. You have to enable it (In debian/ubuntu you can run sudo a2enmod jk).
Default configuration will serve mostly, open it a see where does JkWorkersFile point. This file is needed to configure the workers that manage communication with tomcat apps.
Create workers file (if it does not exists). A workers file is more or less as following.
Sample workers file:
ps=/
worker.list=worker1,worker2,...
# worker1 definition
worker.worker1.port=8009
worker.worker1.host=192.168.1.23
worker.worker1.type=ajp13
# worker2 definition
....
Every worker can point to different tomcat server. Port must be the same that configured into $CATALINA_HOME/conf/server.xml. In this file there is a connector for AJP protocol:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Every worker has to point to this port.
Finally, you can configure virtual host, locations, etc. into Apache with JkMount workerName to indicate Apache that this url has to be forwarded to the proper worker.
There are plenty of samples an documentation. Here you are with Tomcat official docs: https://tomcat.apache.org/connectors-doc/webserver_howto/apache.html
Hope it helps!
Edit
If you are using MS Windows, you can download mod_jk from this url https://tomcat.apache.org/download-connectors.cgi
Install it and configure as suggested. Due to you want to map this url http://localhost/sample to tomcat app in http://localhost:8080/sample Your configuration must be the following:
workers file (Review port with server.xml tomcat conf file):
worker.list=worker1
# worker1 definition
worker.worker1.port=8009
worker.worker1.host=localhost
worker.worker1.type=ajp13
Apache Location directive (Review order, deny and allow to suit your needs):
<Location /sample/>
JkMount worker1
Order deny,allow
Deny from all
Allow from localhost
</Location>
I have the following configuration:
I deployed a sample SymmetricDS engine in Tomcat 8. It should have a JMX MBean I have to connect to. The configuration file symmetric-server.properties has the following values:
# Enable Java Management Extensions (JMX) web console.
#
jmx.http.enable=true
# Port number for Java Management Extensions (JMX) web console.
#
jmx.http.port=31417
# Enable Java Management Extensions (JMX) remote agent.
#
jmx.agent.enable=true
# Port number for the Java Management Extensions (JMX) remote agent.
#
jmx.agent.port=31418
And yet when I go to localhost:31417 I get 404 and when I launch the JConsole this application is nowhere to be found.
But when I start SymmetricDS with command bin\sym and it launches using the embedded jetty server, I can see the HTTP Adaptor on localhost:31417 and can connect via JConsole to the local application, yet I cannot connect remotely to localhost:31418:
I downloaded the sources of the SymmetricDS and in the file
symmetric-server\src\main\java\org\jumpmind\symmetric\SymmetricWebServer.java
there are only three configuguration taken from file symmetric-server.properties -- from default values it seems that they are jmx.http.port for HTTP Adaptor, https.port for HTTPS and http.port for SymmetricWebServer.
I also tried changing jmx.agent.enable to false and manually overriding java command line options in sym_service.conf by adding:
wrapper.java.additional.13=-Dcom.sun.management.jmxremote
wrapper.java.additional.14=-Dcom.sun.management.jmxremote.port=31417
wrapper.java.additional.15=-Dcom.sun.management.jmxremote.authenticate=false
wrapper.java.additional.16=-Dcom.sun.management.jmxremote.ssl=false
to no avail.
Could you please help me, what am I doing wrong?
Update
After greping sources I found SystemConstants.java, in which again there were ports for http, https and jmx.http, but none for remote agent
I'm looking for a good load balancer to use with Tomcat. Our application doesn't store anything in the session context so it isn't important to redirect to same server for the same user. I'd simply like something that can queue requests round-robin style or based on each server's inidividual load. I'd also like to be able to add application servers to those available to handle requests without having to restart the load balancer. We're running the application on linux if that matters.
If all you need is a software load balancer on linux use Apache Webserver2, Mod-Jk and Tomcat Clustering:
At your Webserver:
Install apache2 and modjk:
sudo apt-get install apache2 libapache2-mod-jk
sudo a2enmod jk
Create a workers.properties file available to your apache2. In some cases it's automatically created in your /etc/apache2 directory. This file is holding the lb config, node names, ips and ports of your Tomcat servers, i.e.:
worker.list=balancer,lbstats
#node1
worker.node1.type=ajp13
worker.node1.host=YOUR_TOMCAT-NODE-IP
worker.node1.port=YOUR_TOMCAT-NODE-AJP-PORT
worker.node1.lbfactor=10
#more nodes here ... (change name in between)
#lb config
worker.balancer.type=lb
#turn off sticky session
worker.balancer.sticky_session=0
#add all defined node names to this list (node1, node2, ...):
worker.balancer.balance_workers=node1
#lb status information (optional)
worker.lbstats.type=status
Create a Mod-Jk section in your apache2 config file, if it has not been created automatically.
JkWorkersFile /etc/apache2/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
JkShmFile /tmp/jk-runtime-status
JkLogLevel info
Mount your application to the load balancer (apache2 config file):
JkMount /My-Java-App-Name balancer
JkMount /My-Java-App-Name/* balancer
JkMount /modjkstatus lbstats
At your Tomcat servers:
Install tomcat (using the tarball package, imho, way better then the apt verison). Change server.xml:
disable the http connectors in server.xml (by commenting them out).
enable AJP/1.3 connector and set the port you defined in workers.properties for this node.
add jvmRoute with the right node name to the "Engine" element:
<Engine jvmRoute="node1" ...
add a "Cluster" element for simplest configuration
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster" />
Deploy your application to all tomcats and add a distributable element to your applications web.xml.
<distributable/>
Make sure the webserver can access the ajp ports on your tomcat servers and no one else can.
Start the webserver and the tomcats one after another and check the logs (/var/log/apache2/mod_jk.log, too).
Access your app: http://mywebserver.com/MyApp
Check (and deny access to) the lb status page http://mywebserver.com/modjkstatus