When I was doing this, I read (and re-read) everything I could find: apache 
docs, tutorials, mailing lists, articles, stackoverflow, etc.  That was all 
helpful for understanding the big picture, but still didn't prepare me for what 
I had to do in my case.

  *   I tried to configure reverse proxy httpd.conf like following:

>From your directives, you have told your proxy server how to 'route' HTTP 
>requests.  Now, you need the content on the client to request resources that 
>match your ProxyPass rules.

As a rough guide of how to approach this:


  1.  Open the dev tools in your Chrome browser (F12) and load a page from your 
weblogic server.
  2.  Examine the HTML, CSS, JS, HTTP headers for references to your webserver.
     *   I expect you will see references like: http://WEBSERVERHOST:8080/f5url 
instead of http://WEBSERVERHOST:8080/appl1/f5url
  3.  As a POC, simply manually edit (using dev tools) one of those URLs to 
match what your reverse-proxy is expecting
     *   Now, select that modified URL on your webpage and watch the protocol 
exchange with your proxy server
     *   If that works, then you will have a better idea of the other things 
your reverse-proxy has to do

Some random things to keep an eye out for...

There are a bunch of Apache directives that help with these substitutions.  
Look at ProxyHTMLURLMap and ProxyHTMLEvents.  Though, I find for complex apps 
ProxyHTMLURLMap was limiting so I use the 'substitute' module instead.  While 
'substitute' has proven to be more versatile, it comes with a cost of 
additional complexity.

For simple webapps, you can probably get away with ProxyHTMLURLMap.  Though, I 
doubt weblogic is simple.  In any case, I'd recommend start with 
ProxyHTMLURLMap and only introduce 'substitute' if needed.

Other things...  Look at your cookie path.  If it contains references, then 
read about when to use ProxyPassReverseCookiePath / /app1

You also need to set:

ProxyHTMLEnable On

If you decide to use the substitute module, then you will likely need things 
like:

SetOutputFilter
AddOutputFilterByType SUBSTITUTE text/javascript text/html text/css

That's all for now.

Matt.


From: Sontakke, Sachin (NonEmp) <sachin.sonta...@kroger.com>
Sent: Friday, 24 January 2020 1:48 AM
To: users@httpd.apache.org; Muggeridge, Matt <matt.muggerid...@hpe.com>
Subject: RE: query on apache reverse proxy

Thanks a lot Matt for taking time in understanding my challenge and replying to 
it.

I tried to configure reverse proxy httpd.conf like following:

First I have added modules using -

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

And then updated virtualhost using -

<VirtualHost *:80>
ProxyPass /app1 http://WEBSERVERHOST:8080/app1/<http://WEBSERVERHOST:8080/app1/>
ProxyPass /console 
http://WEBSERVERHOST:8080/console/<http://WEBSERVERHOST:8080/console/>
ProxyPassReverse /app1 
http://WEBSERVERHOST:8080/app1/<http://WEBSERVERHOST:8080/app1/>
ProxyPassReverse /console 
http://WEBSERVERHOST:8080/console/<http://WEBSERVERHOST:8080/console/>
</VirtualHost>

So when F5 URL is hit, user request comes to apache reverse proxy and then it 
is forwarded to WEBSERVERHOST:8080 using above config in virtualhost.
Then WEB SERVER forwards it to WebLogic (app-tier). But then next subsequent 
request URLs are changed to 
http://WEBSERVERHOST:8080/<http://WEBSERVERHOST:8080/> instead of F5.

Please can you verify if above config is ok or I need something. I do not wish 
to pour any work on you - only reply if you find something I am missing which 
is very obvious.


Again, thank you very much.

SachinS


From: Muggeridge, Matt 
<matt.muggerid...@hpe.com<mailto:matt.muggerid...@hpe.com>>
Sent: Wednesday, January 22, 2020 5:47 PM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: [users@httpd] RE: query on apache reverse proxy

** [EXTERNAL EMAIL]: Do not click links or open attachments unless you 
recognize the sender and know the content is safe. **
I'll use your terminology of "Web Server" and "Apache Reverse Proxy" to refer 
to the two entities of interest here.

>But after adding apache reverse proxy, when the client hits the F5 URL - all 
>the subsequent requests are going to Web Server on 8080 port and getting 
>served from there instead of going via Apache Reverse Proxy.

In brief, your "Apache Reverse Proxy"  has to dynamically modify the content 
sent to the client, with references that point back at your "Apache Reverse 
Proxy".

E.g. your "Web Server" will serve pages containing hrefs that point back at it, 
e.g. href=https://webserver:8080/f5-url<https://webserver:8080/f5-url>.  The 
"Apache Reverse Proxy" must substitute the href to point at itself instead, 
e.g. 
href="https://proxy-server:80/webserver/f5-url<https://proxy-server:80/webserver/f5-url>".
  You configure the reverse proxy so that when it sees a HTTP request for a 
page containing "/webserver", it knows to proxy that request to 
https://webserver:8080<https://webserver:8080>.  (There are many ways to 
configure this.)

There is a lot more to this, since these substitutions have to happen 
*everywhere* an action would cause the client-browser to open a page to the 
"Web Server" or send content referencing the "Web Server".  So, you have to 
perform substitutions in the html, css, javascript, http headers (e.g. 
cookies), etc.  Getting all the substitutions correct for your web-application 
is quite the art.  It will have to be validated each time you upgrade your 
backend web-application too.

You are in for a journey.  Start small, preferably with a simple web-app and 
grow in complexity from there.  Some of these reverse-proxy scripts become 
quite complex and have dependencies on ordering of substitutions and a bunch of 
other challenges that you will only discover through trial-and-error.  There 
are also many ways to substitute things, so that also requires experimenting to 
learn what works best for your application.

There is a lot more to configuring an application to use the reverse-proxy than 
what I say here.  Be meticulous and patient.

Good luck.

Matt.


From: Sontakke, Sachin (NonEmp) 
<sachin.sonta...@kroger.com<mailto:sachin.sonta...@kroger.com>>
Sent: Thursday, 23 January 2020 8:07 AM
To: users@httpd.apache.org<mailto:users@httpd.apache.org>
Subject: [users@httpd] query on apache reverse proxy

I have a question regarding apache reverse proxy setup.

We have a web application running on WebLogic; it's a typical 3 tier 
application.

Flow is as follows:- Client=> F5 load balance=> Web Server listening on 80=> 
WebLogic App=> Oracle DB.

Due to certain requirement we need to introduce Apache reverse proxy in front, 
so now flow will look like:-
Client=> F5 load balance=> Apache Reverse Proxy listening on 80=> Web Server 
listening on 8080=> WebLogic App=> Oracle DB.

But after adding apache reverse proxy, when the client hits the F5 URL - all 
the subsequent requests are going to Web Server on 8080 port and getting served 
from there instead of going via Apache Reverse Proxy.

NOTE: Apache reverse proxy and Web server both are running on the same Host.

May I know what could have gone wrong or any way I can troubleshoot this issue?


Thanks,
Sachin


________________________________

This e-mail message, including any attachments, is for the sole use of the 
intended recipient(s) and may contain information that is confidential and 
protected by law from unauthorized disclosure. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message.

________________________________

This e-mail message, including any attachments, is for the sole use of the 
intended recipient(s) and may contain information that is confidential and 
protected by law from unauthorized disclosure. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message.

Reply via email to