I hit a snag with the query string. In some cases it contains the
webapp base URI in a query parameter, such as:
/admin/acl/authorizations/?forClass=https%3A//localhost%3A5443/admin/ns%23Authorization
So I'm trying to rewrite those as well, from
https%3A//localhost%3A5443/ to https%3A//localhost/ (remove the port
number).
RewriteValve seems to do what I need:
https://tomcat.apache.org/tomcat-8.0-doc/rewrite.html
I have mounted the following under
/usr/local/tomcat/conf/Catalina/localhost/ROOT.xml
<?xml version="1.0"?>
<Context>
<Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/>
</Context>
and this under /usr/local/tomcat/webapps/ROOT/WEB-INF/rewrite.config
RewriteCond %{QUERY_STRING} localhost%3A5443
RewriteRule ^(.*)(localhost%3A5443)(.*)$ $1localhost$2
However I'm not seeing any output re. RewriteValve in the Tomcat log.
The rewrite is not happening and it doesn't look like the config is
even read.
On Sat, Feb 29, 2020 at 4:21 PM Martynas Jusevičius
<marty...@atomgraph.com> wrote:
>
> Thanks! I actually needed proxyPort="443" to make the URL
> https://localhost, but your suggestion did the trick.
>
> On Sat, Feb 29, 2020 at 11:12 AM Mark Thomas <ma...@apache.org> wrote:
> >
> >
> >
> > On 28/02/2020 22:26, Martynas Jusevičius wrote:
> > > Yes the clients connect only directly to nginx.
> > >
> > > So the proxy config within 2 pairs of containers is like this:
> > >
> > > # website service; clientAuth=false
> > > nginx:80 -> tomcat:8080
> > > nginx:443 -> tomcat:8443
> > >
> > > # API service; clientAuth=true
> > > nginx-api:90 -> tomcat-api:8080
> > > nginx-api:5443 -> tomcat-api:8443
> >
> > Try using proxyPort="5443" on the HTTPS connector in Tomcat for this
> > instance. That should do the trick.
> >
> > Mark
> >
> >
> > >
> > > nginx and nginx-api ports are exposed to the Docker host and that is
> > > where the clients access them, therefore the host name the webapp sees
> > > is localhost (as in my rewrite example).
> > >
> > > What I'm trying to do is to fool the webapp on tomcat-api into
> > > thinking it's being accessed on localhost:80/443 instead of
> > > localhost:90/5443.
> > >
> > > Absolute URIs matter in this case because they are used for direct
> > > lookups in an RDF triplestore and RDF uses absolute URIs.
> > >
> > >
> > > On Fri, Feb 28, 2020 at 10:59 PM Mark Thomas <ma...@apache.org> wrote:
> > >>
> > >> On 28/02/2020 21:00, Martynas Jusevičius wrote:
> > >>> Setting up a second container with a different port was easy enough.
> > >>>
> > >>> However I got stuck on the URL mapping/rewriting. Using nginx as a
> > >>> proxy, I don't think it's possible to rewrite headers with the
> > >>> upstream module:
> > >>> https://nginx.org/en/docs/http/ngx_http_upstream_module.html
> > >>>
> > >>> As I understand it just forwards raw traffic, so the URL rewriting
> > >>> would have to be done on the Tomcat's side. Basically I want to
> > >>> rewrite:
> > >>>
> > >>> https://localhost:5443/ => https://localhost/
> > >>>
> > >>> which requires rewriting the Host request header, I think.
> > >>>
> > >>> I was looking at the RewriteValve, but it says:
> > >>> "Unlike newer mod_rewrite versions, the Tomcat rewrite valve does not
> > >>> automatically support absolute URLs (the specific redirect flag must
> > >>> be used to be able to specify an absolute URLs, see below) or direct
> > >>> file serving."
> > >>>
> > >>> Is there a way to rewrite the hostname/port in configuration?
> > >>> Something placed in context.xml would be ideal.
> > >>
> > >>
> > >> What port is nginx listening on?
> > >>
> > >> What port is Tomcat listening on?
> > >>
> > >> I assume the client connects directly to nginx.
> > >>
> > >> Mark
> > >>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > >> For additional commands, e-mail: users-h...@tomcat.apache.org
> > >>
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
