init
This commit is contained in:
145
webapps/docs/proxy-howto.xml
Normal file
145
webapps/docs/proxy-howto.xml
Normal file
@@ -0,0 +1,145 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
contributor license agreements. See the NOTICE file distributed with
|
||||
this work for additional information regarding copyright ownership.
|
||||
The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
(the "License"); you may not use this file except in compliance with
|
||||
the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
<!DOCTYPE document [
|
||||
<!ENTITY project SYSTEM "project.xml">
|
||||
]>
|
||||
<document url="proxy-howto.html">
|
||||
|
||||
&project;
|
||||
|
||||
<properties>
|
||||
<author email="craigmcc@apache.org">Craig R. McClanahan</author>
|
||||
<title>Proxy Support How-To</title>
|
||||
</properties>
|
||||
|
||||
<body>
|
||||
|
||||
<section name="Table of Contents">
|
||||
<toc/>
|
||||
</section>
|
||||
|
||||
<section name="Introduction">
|
||||
|
||||
<p>Using standard configurations of Tomcat, web applications can ask for
|
||||
the server name and port number to which the request was directed for
|
||||
processing. When Tomcat is running standalone with the
|
||||
<a href="config/http.html">HTTP/1.1 Connector</a>, it will generally
|
||||
report the server name specified in the request, and the port number on
|
||||
which the <strong>Connector</strong> is listening. The servlet API
|
||||
calls of interest, for this purpose, are:</p>
|
||||
<ul>
|
||||
<li><code>ServletRequest.getServerName()</code>: Returns the host name of the server to which the request was sent.</li>
|
||||
<li><code>ServletRequest.getServerPort()</code>: Returns the port number of the server to which the request was sent.</li>
|
||||
<li><code>ServletRequest.getLocalName()</code>: Returns the host name of the Internet Protocol (IP) interface on which the request was received.</li>
|
||||
<li><code>ServletRequest.getLocalPort()</code>: Returns the Internet Protocol (IP) port number of the interface on which the request was received.</li>
|
||||
</ul>
|
||||
|
||||
<p>When you are running behind a proxy server (or a web server that is
|
||||
configured to behave like a proxy server), you will sometimes prefer to
|
||||
manage the values returned by these calls. In particular, you will
|
||||
generally want the port number to reflect that specified in the original
|
||||
request, not the one on which the <strong>Connector</strong> itself is
|
||||
listening. You can use the <code>proxyName</code> and <code>proxyPort</code>
|
||||
attributes on the <code><Connector></code> element to configure
|
||||
these values.</p>
|
||||
|
||||
<p>Proxy support can take many forms. The following sections describe
|
||||
proxy configurations for several common cases.</p>
|
||||
|
||||
</section>
|
||||
|
||||
<section name="Apache httpd Proxy Support">
|
||||
|
||||
<p>Apache httpd 1.3 and later versions support an optional module
|
||||
(<code>mod_proxy</code>) that configures the web server to act as a proxy
|
||||
server. This can be used to forward requests for a particular web application
|
||||
to a Tomcat instance, without having to configure a web connector such as
|
||||
<code>mod_jk</code>. To accomplish this, you need to perform the following
|
||||
tasks:</p>
|
||||
<ol>
|
||||
<li><p>Configure your copy of Apache so that it includes the
|
||||
<code>mod_proxy</code> module. If you are building from source,
|
||||
the easiest way to do this is to include the
|
||||
<code>--enable-module=proxy</code> directive on the
|
||||
<code>./configure</code> command line.</p></li>
|
||||
<li><p>If not already added for you, make sure that you are loading the
|
||||
<code>mod_proxy</code> module at Apache startup time, by using the
|
||||
following directives in your <code>httpd.conf</code> file:</p>
|
||||
<source><![CDATA[LoadModule proxy_module {path-to-modules}/mod_proxy.so
|
||||
]]></source></li>
|
||||
<li><p>Include two directives in your <code>httpd.conf</code> file for
|
||||
each web application that you wish to forward to Tomcat. For
|
||||
example, to forward an application at context path <code>/myapp</code>:</p>
|
||||
<source><![CDATA[ProxyPass /myapp http://localhost:8081/myapp
|
||||
ProxyPassReverse /myapp http://localhost:8081/myapp]]></source>
|
||||
<p>which tells Apache to forward URLs of the form
|
||||
<code>http://localhost/myapp/*</code> to the Tomcat connector
|
||||
listening on port 8081.</p></li>
|
||||
<li><p>Configure your copy of Tomcat to include a special
|
||||
<code><Connector></code> element, with appropriate
|
||||
proxy settings, for example:</p>
|
||||
<source><![CDATA[<Connector port="8081" ...
|
||||
proxyName="www.mycompany.com"
|
||||
proxyPort="80"/>]]></source>
|
||||
<p>which will cause servlets inside this web application to think that
|
||||
all proxied requests were directed to <code>www.mycompany.com</code>
|
||||
on port 80.</p></li>
|
||||
<li><p>It is legal to omit the <code>proxyName</code> attribute from the
|
||||
<code><Connector></code> element. If you do so, the value
|
||||
returned by <code>request.getServerName()</code> will by the host
|
||||
name on which Tomcat is running. In the example above, it would be
|
||||
<code>localhost</code>.</p></li>
|
||||
<li><p>If you also have a <code><Connector></code> listening on port
|
||||
8080 (nested within the same <a href="config/service.html">Service</a>
|
||||
element), the requests to either port will share the same set of
|
||||
virtual hosts and web applications.</p></li>
|
||||
<li><p>You might wish to use the IP filtering features of your operating
|
||||
system to restrict connections to port 8081 (in this example) to
|
||||
be allowed <strong>only</strong> from the server that is running
|
||||
Apache.</p></li>
|
||||
<li><p>Alternatively, you can set up a series of web applications that are
|
||||
only available via proxying, as follows:</p>
|
||||
<ul>
|
||||
<li>Configure another <code><Service></code> that contains
|
||||
only a <code><Connector></code> for the proxy port.</li>
|
||||
<li>Configure appropriate <a href="config/engine.html">Engine</a>,
|
||||
<a href="config/host.html">Host</a>, and
|
||||
<a href="config/context.html">Context</a> elements for the virtual hosts
|
||||
and web applications accessible via proxying.</li>
|
||||
<li>Optionally, protect port 8081 with IP filters as described
|
||||
earlier.</li>
|
||||
</ul></li>
|
||||
<li><p>When requests are proxied by Apache, the web server will be recording
|
||||
these requests in its access log. Therefore, you will generally want to
|
||||
disable any access logging performed by Tomcat itself.</p></li>
|
||||
</ol>
|
||||
|
||||
<p>When requests are proxied in this manner, <strong>all</strong> requests
|
||||
for the configured web applications will be processed by Tomcat (including
|
||||
requests for static content). You can improve performance by using the
|
||||
<code>mod_jk</code> web connector instead of <code>mod_proxy</code>.
|
||||
<code>mod_jk</code> can be configured so that the web server serves static
|
||||
content that is not processed by filters or security constraints defined
|
||||
within the web application's deployment descriptor
|
||||
(<code>/WEB-INF/web.xml</code>).</p>
|
||||
|
||||
</section>
|
||||
|
||||
</body>
|
||||
|
||||
</document>
|
||||
Reference in New Issue
Block a user