Ognjen Blagojevic wrote:
Anil,
On 15.5.2013 13:42, Anil Goyal -X (anigoyal - Aricent Technologies at
Cisco) wrote:
We are using tomcat version 7.0.25 and in server.xml, we have two
connector port defined:80 (http)and 443(https).
In /etc/sysconfig/iptables, we have redirect logic written that will
redirect the request coming at port 8080 to port 80, and request
coming at port 8443 to 443.
-A PREROUTING -p tcp -m tcp --dport 8443 -j REDIRECT --to-ports 443
-A PREROUTING -p tcp -m tcp --dport 8080 -j REDIRECT --to-ports 80
Your configuration is a bit unusual. You have Tomcat running on port 80,
but you add prerouting rule to iptables, so that Tomcat will also
respond to port 8080, right? Would you explain what is your motivation
for such configuration?
Now when I hit the url 'http://request-uri:8080/context, then I am
getting the desire response. I have below query:
1. Will the request firstly go to iptables before tomcat ?
Yes.
2. If request firstly go to iptable then it check that 8080 is
redirect to port 80 then url change to 'http://request-uri:80/context'
and it then land to tomcat and tomcat respond to it. Now in tomcat
access logs, the requesting port corresponding to this request is
8080. So why it is 8080 in tomcat access logs.? Please revert on this.
I think because iptables redirect 8080 to 80 so tomcat receives the
request at port 80 so in tomcat access logs, requestiong port should
be 80.
Iptables will not change the URL. Iptables merely redirects all packets
received on port 8080 to port 80. It will not alter the contents of the
packets. Therefore, Tomcat will receive your HTTP request as it is sent
by your browser -- which means it will contain port 8080 and not port
80. Tomcat processes the requests and logs the port as it is received,
and that is 8080.
Sorry, but that seems dubious to me.
Tomcat does not really "receive the URL" as sent. Tomcat (supposedly) gets this
connection on its port 80, and in principle has no idea that the original client
connection was to port 8080, no ?
BTW, AccessLogValve does not log port by default, I assume you are using
your own logging pattern.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
