On 18/07/17 13:29, André Warnier (tomcat) wrote: > Hi. > > On 18.07.2017 14:09, Jan Hlavatý wrote: >> Hello, >> >> I can't seem to figure out the proper setup for the situation where I >> have multiple webhosts behind a reverse proxy server being forwarded to >> Tomcat. >> >> There can be only one proxyHost and proxyPort on a Connector but I have >> multiple Hosts and Aliases. >> >> How am I supposed to do that? Make multiple Connectors one per hostname, >> on different local ports, sharing on Executor to avoid multiplying >> threads, and have the proxy forward to different ports based on hostname? >> > > No to all that. All you need is multiple <Host> entries in the tomcat > server.xml config. > A single <Connector> (and port) will do for all. <Executor> is optional, > and indeed relates to optimising the usage of threads. > > Other than that, I don't really know at what level to begin explaining why. > Let's try this : > > In HTTP 1.1 and above, when a browser sends a request to a server, it > adds a header line to each request : > Host: some.server.com > > The receiving HTTP server reads this header, and that is what tells it > to which of it's "hosts" this request is adressed. > > If you have a front-end reverse proxy, and say 10 virtual hosts, then > each of these virtual host names is configured in the DNS to resolve to > the IP address of your proxy. > So the front-end proxy receives all requests directed to any of these > hosts. > It then belongs to the proxy, to forward all these requests to the > single back-end Tomcat server, and include the original "Host:" header > in the requests that it proxies so.
Note: Passing on the host header can require explicit configuration. In the proxy. e.g. for httpd: ProxyPreserveHost On > The single Tomcat Connector will receive all these requests, and will > dispatch them to each individual <Host> in function of that same "Host:" > header. > > Clear ? One tip. Don't try and change the context path in the reverse proxy. It creates all sorts of potential for things to go wrong. In httpd config syntax: ProxyPass /foo http://localhost:8080/foo is good ProxyPass /foo http://localhost:8080/bar is likely to be a lot of work to get working correctly. In the past I have spent days on-site with one customer getting one application to work in this configuration because they didn't want to change the back-end context path. And finally, if the reverse proxy handles HTTP and HTTPS and you are proxying to Tomcat over HTTP, use a separate Tomcat connector for each of the HTTP and HTTPS traffic - it makes correct, secure configuration a lot simpler. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
