Thanks for your help Rainer/Felix, I've tested several options including mod_substitute and mod_sed and it seems that mod_substitute is a way to go.
This is my working configuration now: LoadModule substitute_module modules/mod_substitute.so ....................... AddOutputFilterByType SUBSTITUTE text/html Substitute "s|http://myserver|https://load-balancer|i" Substitute "s|http://load-balancer|https://load-balancer|i" Don't ask me why there is a last line, I see no logic here, but without it I still get several http instead https links via load-balancer backend (May be Sakai or CISCO CSM side fault). Best Regards, Leon Kolchinsky On Mon, Aug 2, 2010 at 20:14, Rainer Jung <rainer.j...@kippdata.de> wrote: > Hi Felix, > > hope you are doing well! > > > On 02.08.2010 11:46, Felix Schumacher wrote: > >> Hi Rainer, >> On Mon, 02 Aug 2010 10:00:57 +0200, Rainer Jung<rainer.j...@kippdata.de> >> wrote: >> >>> On 02.08.2010 06:31, Leon Kolchinsky wrote: >>> >>>> Hello, >>>> >>>> I've configured Tomcat (apache-tomcat-5.5.26) to run behind Apache Http >>>> (v.2.2.3 ) using mod_jk. >>>> >>>> We have 2 of those Tomcat servers running on different machines. >>>> We also configured load balancer (CISCO CSM) which we want to use for >>>> >>> SSL >> >>> offloading and LB. >>>> >>>> Load balancer serves https requests and forwards them to http (on the >>>> above >>>> servers). >>>> >>>> The problem is that links given by apache - the generated html pages >>>> >>> (by >> >>> Sakai app.) appeared to include http://.... >>>> And this is a major problem since we can't even serve forms from https >>>> URL's >>>> (the URL of the page is https://..... but links inside the HTML page >>>> itself >>>> are from http://.... format) >>>> >>>> I've been thinking to try to resolve this with ProxyHTMLURLMAp >>>> (mod_proxy_html) but I have no experience with this module. >>>> >>>> Can someone give me a sample syntax that I can try to include in my >>>> >>> vhost >> >>> configuration? >>>> >>>> Below is my virt. host configuration: >>>> NameVirtualHost *:80 >>>> >>>> <VirtualHost *:80> >>>> ServerName servername.com >>>> ServerAdmin leo...@servername.com >>>> ServerAlias sakai-server >>>> >>>> # if not specified, the global error log is used >>>> ErrorLog /var/log/httpd/servername.com-error_log >>>> CustomLog /var/log/httpd/servername.com-access_log combined >>>> HostnameLookups Off >>>> UseCanonicalName Off >>>> >>>> # Add index.jsp to DirectoryIndex files >>>> DirectoryIndex index.php index.html index.htm index.shtml index.php4 >>>> index.php3 index.phtml index.cgi index.jsp >>>> >>>> JkMount /* worker1 >>>> >>> >>> It might be worthwhile finding out, why sakai produces wrong links. E.g. >>> >> >> if you are using mod_jk to connect Apache to Tomcat, and you are talking >>> >> >> HTTPS to Apache, then the calls the isSecure(), getScheme(), >>> getProtocol() will return the information as seen by Apache, so the >>> webapp is able to find out that https is used and it seems to be a bug >>> in sakai. >>> >> as I understood the issue, the problems arise from using a loadbalancer in >> >> front of the apache httpd servers, which are using mod_jk to communicate >> with the tomcats. The loadbalancers are terminating the ssl connection and >> presumably >> changing hostnames too. >> > > Ah OK, missed that. > > > But given the documentation link you gave below, it should be easy to >> configure >> the vhost in apache httpd (or two - one for ssl, one for non-ssl traffic) >> by >> setting JkEnvVar for scheme, hostname and port if necessary. >> >> If I read http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html >> correctly, one could >> use proxyPort, proxyName and scheme in the ajp-connector. >> > > If using mod_jk, you can tell mod_jk, that it should derive the > information, whether SSL is used or not from some Apache environment > variable. You can the set the variable as you like e.g. depending on the > client IP is the connection coming from the loadbalancer) or some other > params. > > So you would use > > JkHTTPSIndicator MyHTTPSIndicator > > to let mod_jk check the variable "MyHTTPSIndicator" instead of the Apache > builtin "HTTPS" variable, whether HTTPS is used. > > Then you have to set the env var to "On" for each request you know, that it > is actually using https from the client point of view, e.g. > > SetEnvIf Remote_Addr "10\.0\.0\.27" MyHTTPSIndicator=On > > where e.g. 10.0.27 is the address of the load balancer (if the requests > arrive actually with this IP, see the acess log). > > Or you use a separate port and vhost in Apache where you connect the LB to > and you know everything on this port was originally HTTPS, then you could > simply set MyHTTPSIndicator always to On in this vhost. > > Regards, > > Rainer > > > See for instance: >>> >>> http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html >>> >>> If you are using http between Apache and Tomcat (not AJP13), then there >>> are connector settings for Tomcat to let the webapp know, that you are >>> actually using HTTPS on the proxy. >>> >>> If you can't fix it like this but instead really have to parse response >>> pages and replace links in them, three Apache module choices are >>> mod_proxy_html (which you already mentioned), mod_substitute and >>> >> mod_sed. >> >>> >>> Regards, >>> >>> Rainer >>> >> > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Leon Kolchinsky Senior Software Specialist (Collaborative Applications) ITS Research Support Services Monash e-Research Centre (MeRC) Monash University tel: +61 3 99059560
