| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <!DOCTYPE document [ |
| <!ENTITY project SYSTEM "project.xml"> |
| ]> |
| <document url="proxy-howto.html"> |
| |
| &project; |
| |
| <properties> |
| <author email="craigmcc@apache.org">Craig R. McClanahan</author> |
| <title>Proxy Support HOW-TO</title> |
| </properties> |
| |
| <body> |
| |
| <section name="Table of Contents"> |
| <toc/> |
| </section> |
| |
| <section name="Introduction"> |
| |
| <p>Using standard configurations of Tomcat, web applications can ask for |
| the server name and port number to which the request was directed for |
| processing. When Tomcat is running standalone with the |
| <a href="config/http.html">HTTP/1.1 Connector</a>, it will generally |
| report the server name specified in the request, and the port number on |
| which the <strong>Connector</strong> is listening. The servlet API |
| calls of interest, for this purpose, are:</p> |
| <ul> |
| <li><code>ServletRequest.getServerName()</code>: Returns the host name of the server to which the request was sent.</li> |
| <li><code>ServletRequest.getServerPort()</code>: Returns the port number of the server to which the request was sent.</li> |
| <li><code>ServletRequest.getLocalName()</code>: Returns the host name of the Internet Protocol (IP) interface on which the request was received.</li> |
| <li><code>ServletRequest.getLocalPort()</code>: Returns the Internet Protocol (IP) port number of the interface on which the request was received.</li> |
| </ul> |
| |
| <p>When you are running behind a proxy server (or a web server that is |
| configured to behave like a proxy server), you will sometimes prefer to |
| manage the values returned by these calls. In particular, you will |
| generally want the port number to reflect that specified in the original |
| request, not the one on which the <strong>Connector</strong> itself is |
| listening. You can use the <code>proxyName</code> and <code>proxyPort</code> |
| attributes on the <code><Connector></code> element to configure |
| these values.</p> |
| |
| <p>Proxy support can take many forms. The following sections describe |
| proxy configurations for several common cases.</p> |
| |
| </section> |
| |
| <section name="Apache 1.3 Proxy Support"> |
| |
| <p>Apache 1.3 supports an optional module (<code>mod_proxy</code>) that |
| configures the web server to act as a proxy server. This can be used to |
| forward requests for a particular web application to a Tomcat instance, |
| without having to configure a web connector such as <code>mod_jk</code>. |
| To accomplish this, you need to perform the following tasks:</p> |
| <ol> |
| <li><p>Configure your copy of Apache so that it includes the |
| <code>mod_proxy</code> module. If you are building from source, |
| the easiest way to do this is to include the |
| <code>--enable-module=proxy</code> directive on the |
| <code>./configure</code> command line.</p></li> |
| <li><p>If not already added for you, make sure that you are loading the |
| <code>mod_proxy</code> module at Apache startup time, by using the |
| following directives in your <code>httpd.conf</code> file:</p> |
| <source><![CDATA[LoadModule proxy_module {path-to-modules}/mod_proxy.so |
| AddModule mod_proxy.c]]></source></li> |
| <li><p>Include two directives in your <code>httpd.conf</code> file for |
| each web application that you wish to forward to Tomcat. For |
| example, to forward an application at context path <code>/myapp</code>:</p> |
| <source><![CDATA[ProxyPass /myapp http://localhost:8081/myapp |
| ProxyPassReverse /myapp http://localhost:8081/myapp]]></source> |
| <p>which tells Apache to forward URLs of the form |
| <code>http://localhost/myapp/*</code> to the Tomcat connector |
| listening on port 8081.</p></li> |
| <li><p>Configure your copy of Tomcat to include a special |
| <code><Connector></code> element, with appropriate |
| proxy settings, for example:</p> |
| <source><![CDATA[<Connector port="8081" ... |
| proxyName="www.mycompany.com" |
| proxyPort="80"/>]]></source> |
| <p>which will cause servlets inside this web application to think that |
| all proxied requests were directed to <code>www.mycompany.com</code> |
| on port 80.</p></li> |
| <li><p>It is legal to omit the <code>proxyName</code> attribute from the |
| <code><Connector></code> element. If you do so, the value |
| returned by <code>request.getServerName()</code> will by the host |
| name on which Tomcat is running. In the example above, it would be |
| <code>localhost</code>.</p></li> |
| <li><p>If you also have a <code><Connector></code> listening on port |
| 8080 (nested within the same <a href="config/service.html">Service</a> |
| element), the requests to either port will share the same set of |
| virtual hosts and web applications.</p></li> |
| <li><p>You might wish to use the IP filtering features of your operating |
| system to restrict connections to port 8081 (in this example) to |
| be allowed <strong>only</strong> from the server that is running |
| Apache.</p></li> |
| <li><p>Alternatively, you can set up a series of web applications that are |
| only available via proxying, as follows:</p> |
| <ul> |
| <li>Configure another <code><Service></code> that contains |
| only a <code><Connector></code> for the proxy port.</li> |
| <li>Configure appropriate <a href="config/engine.html">Engine</a>, |
| <a href="config/host.html">Host</a>, and |
| <a href="config/context.html">Context</a> elements for the virtual hosts |
| and web applications accessible via proxying.</li> |
| <li>Optionally, protect port 8081 with IP filters as described |
| earlier.</li> |
| </ul></li> |
| <li><p>When requests are proxied by Apache, the web server will be recording |
| these requests in its access log. Therefore, you will generally want to |
| disable any access logging performed by Tomcat itself.</p></li> |
| </ol> |
| |
| <p>When requests are proxied in this manner, <strong>all</strong> requests |
| for the configured web applications will be processed by Tomcat (including |
| requests for static content). You can improve performance by using the |
| <code>mod_jk</code> web connector instead of <code>mod_proxy</code>. |
| <code>mod_jk</code> can be configured so that the web server serves static |
| content that is not processed by filters or security constraints defined |
| within the web application's deployment descriptor |
| (<code>/WEB-INF/web.xml</code>).</p> |
| |
| </section> |
| |
| <section name="Apache 2.0 Proxy Support"> |
| The same instructions hold true as for 1.3. (Except in Apache 2.0, |
| you may omit <code>AddModule mod_proxy.c</code>) |
| </section> |
| |
| </body> |
| |
| </document> |