-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
All good points. Some notes are below, in-line. On 6/11/16 2:13 PM, Mark Eggers wrote: > Hi Edwin: > > On 6/11/2016 9:43 AM, Edwin Quijada wrote: >> Hi! I am trying to put Apache in front of Tomcat , DEbian Jessie >> but it become a titanic work without success. I read all info >> about this and seems it is easy but doesnt work. >> >> >> I am using APache 2.4+ Jessie +Tomcat 8.035 , I use this tuto >> http://www.zeitoun.net/articles/configure-mod_proxy_ajp-with-tomcat/s tart >> >> >> How to configure mod_proxy_ajp with Tomcat - >> Zeitoun<http://www.zeitoun.net/articles/configure-mod_proxy_ajp-with- tomcat/start> >> >> >> www.zeitoun.net >> mod_proxy_ajp is an Apache module which can be used to forward a >> client HTTP request to an internal Tomcat application server >> using the AJP protocol. >> >> but doesnt work , I seek others sources and all has the same info >> but I cant work for me >> >> >> When I go myserver.com I get an error "Server Not Found" when I >> go to the logs catalina.out and error.log for apache doesnt say >> anything >> >> >> This is my 000-default.conf >> >> >> <VirtualHost *:80> ServerAdmin webmaster@localhost #DocumentRoot >> /var/www/html >> >> ErrorLog ${APACHE_LOG_DIR}/error.log > >> CustomLog ${APACHE_LOG_DIR}/access.log combined >> >> <Proxy *> AddDefaultCharset Off Order deny,allow Allow from all >> </Proxy> >> >> # this will pass all the requests from httpd to tomcat8 ProxyPass >> / ajp://localhost:8009/fortunamovil ProxyPassReverse / >> ajp://localhost:8009/fortunamovil </VirtualHost> >> >> >> I have installed AJP modules for Apache and everything but really >> I dont know to do >> >> >> >> I activate the coneecto AJP in the server.xml >> >> >> Please, any cluees , help because this is make me crazy!! >> >> > > There are lots of things going on here, and I'll just mention a > few. > > 1. "Server Not Found" > > This has nothing to do with Apache HTTPD or Apache Tomcat and > everything to do with DNS. > > How do you access your Debian Jessie system? > > If you do this on the local host, then you could access it via > http://localhost/ in the browser. > > If you do this from a remote machine, then you are probably > accessing it via http://myserver.com/ in the browser. If > myserver.com is not resolvable via DNS to an IP address, then > you'll get the error that you reported. > > The easiest way to fix that is to edit the hosts file (/etc/hosts > on Linux, %WINDIR%\System32\drivers\etc on Windows 7) and add the > following line: > > ip.address myserver.com > > where ip.address is the address of the machine, for example > 192.168.0.250. > > 2. proxying > > I know a lot of people who favor mod_proxy_ajp over mod_ajp or > mod_proxy_http. I personally prefer mod_ajp, but many people find > it a bit more confusing. > > Anyway, I'm not an expert on mod_proxy family, but I'll try to make > some comments. I think you mean mod_jk, not mod_ajp, right? > a. Don't change contexts > > That means if your WAR file is called fortunamovil.war, don't proxy > it as /. If you want your application to be the default application > for the Apache HTTPD / Apache Tomcat server, rename your war file > to ROOT.war (case is important). > > There are a lot of edge cases where things don't quite work out as > planned when you proxy cross-context. People get strange 404 > errors, and usually have to fiddle with cookies, return paths, and > making sure that nothing in the code returns the fully qualified > URL. > > b. proxy statement > > This is rather scary: > > <Proxy *> AddDefaultCharset Off Order deny,allow Allow from all > </Proxy> > > This is an open proxy, so it is best to make sure your applications > are secure (or limit your proxy). This is SUPER SCARY and is likely a misunderstanding between forward and reverse proxying. Forward-proxying is for snooping on your employees browsing habits by requiring them to go through your proxy server to get out to the Internet. Reverse-proxying is hiding servers behind other servers for a number of reasons. > At least add ProxyRequests Off to your configuration. This will > prevent your server from serving as forward proxy server. It does > NOT impact the ProxyPass directives. > > c. ProxyPass > > If you follow item 'a' above, then you won't need a > ProxyPassReverse statement. Just the following should do: > > ProxyPass "/app" "ajp://localhost:8009/app" > > In general, I find it nicer to proxy each individual application > rather than the following: > > ProxyPass "/" "ajp://localhost:8009/" > > This sends everything to Tomcat. > > One of the reasons to run Apache HTTPD in front of Apache Tomcat is > to allow Apache HTTPD to serve PHP / Python / Ruby / Perl > applications. The above line proxies everything to Tomcat, which > would prevent Apache HTTPD from serving anything. > > d. To proxy or not to proxy > > If you're not ever going to use Apache HTTPD as a web server (SSL, > non-Java web applications, mod_security, some authorization tools > such as SiteMinder), then there's no reason to run Apache HTTPD at > all. My favorite reason: high-availability. You can bounce Tomcat and still respond to HTTP requests while Tomcat is restarting. > Modify your HTTP connector to run on 80 (and another for 443 if > you're using SSL), and use one of the many documented ways of > running Apache Tomcat on port 80 as a non-root user. I'm sure > Debian Jessie has those tools available. > > Here is a link to using commons-daemon: > > https://tomcat.apache.org/tomcat-8.0-doc/setup.html#Unix_daemon ... otherwise known as "jsvc". - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXYxWhAAoJEBzwKT+lPKRY9egQAMHg/4xVAAumqZNsN8kvbvNJ BEgZGavh+9MVxNCGHKp1bM98yLu8QRczPNpXPYVil+IwkMfXwEmEtXm/vVj4JXun olEAhd5xZ0gY35LUYMhktc/Rh3qb2h7AkAGltLjnwqJ2uGHIQFLqbr+hrIW/od38 UQwrJWf4upcF9AoUA0J2ViwSQW4gKtbbda0B71M+VNrXE2X0Jx08xMszeU64f8YJ FhKpqRKciEhxb1pp44cqE8xEOil9UPxgeCZhWsJPAC4Bf9STzH/mOMMiRwXzEJWL 9a9dbqGB+rX9Bw9WVnC2DjmWjzkSGwuXdjNbAqEyENozW5w80y9xoIAMGujzn6pn kndxAQGPxi7xYTzL2Cdc1dEdNuCWqjw5j0NmzLCeGto6D0patgQw0xmy6YUgNBAg dICep3SxDAZcUArTI8iEFDtaUvwAzdMp7cyUPf957AIsLOEpi7FKiA4AJe6UmWwF arhqquwk02XxY2BjS4DmTbHUmIJcS5ShW654fnUz0autQl/E7sjsXrX0/2Du47LC BQdPMxlWw8gRZKr3/BFKU4K742XxVNeNZwHl9C62itU8vMcmcjx/GaOETxb2NjmD xhI3PRy6l+8I4RC/37jC+JsbfQTGDopHloxRYm1scPih3LTEnfd0GbANsg+bbeoI JxLKUmZS79FAZ2iJIZfB =M7cb -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
