0

On a single server I'm using to demo a system, I have a static website running on apache2 and a demo web app running on an instance of tomcat. Both are working fine when accessed directly. I've setup a proxy to convert the web app port and messy URL to something simple but I'm getting inconsistent results.

The server is a Digital Ocean Ubuntu 18.04 droplet with Apache2. My main website is using Drupal and has a standard URL https://example.com. The web app is a large enterprise system served by Tomcat7 and accessed at https://example.com:4444/webui/

The goal is to access the web app at https://example.com/my_demo.

The proxy is defined in the apache2 virtual host in the standard way

ProxyPass "/webui" "https://example.com:4444/webui/"
ProxyPassReverse "/my_demo" "https://example.com:4444/"

And the tomcat app has a proxy entry in the server.xml

<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
        port="4444" maxThreads="200"
        scheme="https" secure="true" SSLEnabled="true"
        keystoreFile="/opt/webapp/keystore/webappKeystore" keystorePass="redactedPassword"
        clientAuth="false" sslProtocol="TLS"
        proxyName="example.com"
        proxyPort="443"/>

This appears to work but not well enough.

The problem I'm having is that the web app is not working with the proxy all the time. It is written with ZK and has a mix of resource references that use the application context path e.g ("/webui/images/theimage.jpg") and others that use a ZK desktop context which can end up sending "images/theimage.jpg". As a result, the web app appears to missing button images in some places but not others.

Also, on logout, the webapp redirects the browser back to the tomcat address but the link is broken and ends up as /webui/index with a 403 error instead of /webui/index.zul as if it was rewritten incorrectly.

Again, when run from the tomcat server without going through the proxy, the web app works just fine.

I'm looking for suggestions on how to debug this and get the tomcat web app to work under the proxy. I've tried with dump_io and the rewrite logs but can't see where the errors occur other than the problems mentioned above.

Is there some other element I should check?

Any suggestions would be appreciated.

Michael McKay
  • 103
  • 3

1 Answers1

1

Your problem sums up to rewriting the absolute request URIs, which come from the application server. This can be done twofold:

  1. Apache2 can rewrite all URIs in the proxied content. It is rather difficult to catch all locations where an URI can occur.
  2. Tomcat7 can use the same absolute request URIs as the Apache server.

I would suggest the second way, since it is the easiest one. You should:

  1. Deploy the web application on /my_demo instead of /webui. This may be as simple as renaming webapps/webui to webapps/my_demo in CATALINA_BASE.

  2. Configure Apache to proxy /my_demo/ to https://example.com:4444/my_demo/:

    ProxyPass "/my_demo/" "https://example.com:4444/my_demo/"
ProxyPassReverse "/my_demo/" "https://example.com:4444/my_demo/"

PS: Using HTTPS for Tomcat is IMHO overkill, just configure an HTTP connector with the secure and scheme attributes changed, so that Tomcat knows it is being proxied through HTTPS:

<Connector port="4444"
           scheme="https" secure="true"
           proxyName="example.com"
           proxyPort="443"/>

and change https to http in the ProxyPass directives.

Piotr P. Karwasz
  • 5,292
  • 2
  • 9
  • 20
  • Thanks. Piotr, I will give it a try. – Michael McKay Jan 13 '20 at 11:43
  • And it worked. It was necessary to change the deployed directory name as you suggest to get the URI references to work in all cases. My other missing item was the directory name at the end of the reverse proxy. Thanks for taking the time to respond. – Michael McKay Jan 13 '20 at 13:30