webapps/docs/proxy-howto.xml - tomcat80 - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!--
   Licensed to the Apache Software Foundation (ASF) under one or more
   contributor license agreements.  See the NOTICE file distributed with
   this work for additional information regarding copyright ownership.
   The ASF licenses this file to You under the Apache License, Version 2.0
   (the "License"); you may not use this file except in compliance with
   the License.  You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
 <!DOCTYPE document [
   <!ENTITY project SYSTEM "project.xml">
 ]>
 <document url="proxy-howto.html">

     &project;

     <properties>
         <author email="craigmcc@apache.org">Craig R. McClanahan</author>
         <title>Proxy Support HOW-TO</title>
     </properties>

 <body>

 <section name="Table of Contents">
 <toc/>
 </section>

 <section name="Introduction">

 <p>Using standard configurations of Tomcat, web applications can ask for
 the server name and port number to which the request was directed for
 processing.  When Tomcat is running standalone with the
 <a href="config/http.html">HTTP/1.1 Connector</a>, it will generally
 report the server name specified in the request, and the port number on
 which the <strong>Connector</strong> is listening.  The servlet API
 calls of interest, for this purpose, are:</p>
 <ul>
 <li><code>ServletRequest.getServerName()</code>: Returns the host name of the server to which the request was sent.</li>
 <li><code>ServletRequest.getServerPort()</code>: Returns the port number of the server to which the request was sent.</li>
 <li><code>ServletRequest.getLocalName()</code>: Returns the host name of the Internet Protocol (IP) interface on which the request was received.</li>
 <li><code>ServletRequest.getLocalPort()</code>:  Returns the Internet Protocol (IP) port number of the interface on which the request was received.</li>
 </ul>

 <p>When you are running behind a proxy server (or a web server that is
 configured to behave like a proxy server), you will sometimes prefer to
 manage the values returned by these calls.  In particular, you will
 generally want the port number to reflect that specified in the original
 request, not the one on which the <strong>Connector</strong> itself is
 listening.  You can use the <code>proxyName</code> and <code>proxyPort</code>
 attributes on the <code>&lt;Connector&gt;</code> element to configure
 these values.</p>

 <p>Proxy support can take many forms.  The following sections describe
 proxy configurations for several common cases.</p>

 </section>

 <section name="Apache 1.3 Proxy Support">

 <p>Apache 1.3 supports an optional module (<code>mod_proxy</code>) that
 configures the web server to act as a proxy server.  This can be used to
 forward requests for a particular web application to a Tomcat instance,
 without having to configure a web connector such as <code>mod_jk</code>.
 To accomplish this, you need to perform the following tasks:</p>
 <ol>
 <li><p>Configure your copy of Apache so that it includes the
     <code>mod_proxy</code> module.  If you are building from source,
     the easiest way to do this is to include the
     <code>--enable-module=proxy</code> directive on the
     <code>./configure</code> command line.</p></li>
 <li><p>If not already added for you, make sure that you are loading the
     <code>mod_proxy</code> module at Apache startup time, by using the
     following directives in your <code>httpd.conf</code> file:</p>
 <source><![CDATA[LoadModule proxy_module  {path-to-modules}/mod_proxy.so
 AddModule  mod_proxy.c]]></source></li>
 <li><p>Include two directives in your <code>httpd.conf</code> file for
     each web application that you wish to forward to Tomcat.  For
     example, to forward an application at context path <code>/myapp</code>:</p>
 <source><![CDATA[ProxyPass         /myapp  http://localhost:8081/myapp
 ProxyPassReverse  /myapp  http://localhost:8081/myapp]]></source>
     <p>which tells Apache to forward URLs of the form
     <code>http://localhost/myapp/*</code> to the Tomcat connector
     listening on port 8081.</p></li>
 <li><p>Configure your copy of Tomcat to include a special
     <code>&lt;Connector&gt;</code> element, with appropriate
     proxy settings, for example:</p>
 <source><![CDATA[<Connector port="8081" ...
               proxyName="www.mycompany.com"
               proxyPort="80"/>]]></source>
     <p>which will cause servlets inside this web application to think that
     all proxied requests were directed to <code>www.mycompany.com</code>
     on port 80.</p></li>
 <li><p>It is legal to omit the <code>proxyName</code> attribute from the
     <code>&lt;Connector&gt;</code> element.  If you do so, the value
     returned by <code>request.getServerName()</code> will by the host
     name on which Tomcat is running.  In the example above, it would be
     <code>localhost</code>.</p></li>
 <li><p>If you also have a <code>&lt;Connector&gt;</code> listening on port
     8080 (nested within the same <a href="config/service.html">Service</a>
     element), the requests to either port will share the same set of
     virtual hosts and web applications.</p></li>
 <li><p>You might wish to use the IP filtering features of your operating
     system to restrict connections to port 8081 (in this example) to
     be allowed <strong>only</strong> from the server that is running
     Apache.</p></li>
 <li><p>Alternatively, you can set up a series of web applications that are
     only available via proxying, as follows:</p>
     <ul>
     <li>Configure another <code>&lt;Service&gt;</code> that contains
         only a <code>&lt;Connector&gt;</code> for the proxy port.</li>
     <li>Configure appropriate <a href="config/engine.html">Engine</a>,
         <a href="config/host.html">Host</a>, and
         <a href="config/context.html">Context</a> elements for the virtual hosts
         and web applications accessible via proxying.</li>
     <li>Optionally, protect port 8081 with IP filters as described
         earlier.</li>
     </ul></li>
 <li><p>When requests are proxied by Apache, the web server will be recording
     these requests in its access log.  Therefore, you will generally want to
     disable any access logging performed by Tomcat itself.</p></li>
 </ol>

 <p>When requests are proxied in this manner, <strong>all</strong> requests
 for the configured web applications will be processed by Tomcat (including
 requests for static content).  You can improve performance by using the
 <code>mod_jk</code> web connector instead of <code>mod_proxy</code>.
 <code>mod_jk</code> can be configured so that the web server serves static
 content that is not processed by filters or security constraints defined
 within the web application's deployment descriptor
 (<code>/WEB-INF/web.xml</code>).</p>

 </section>

 <section name="Apache 2.0 Proxy Support">
 The same instructions hold true as for 1.3. (Except in Apache 2.0,
 you may omit <code>AddModule  mod_proxy.c</code>)
 </section>

 </body>

 </document>
	<?xml version="1.0" encoding="UTF-8"?>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->
	<!DOCTYPE document [
	<!ENTITY project SYSTEM "project.xml">
	]>
	<document url="proxy-howto.html">

	&project;

	<properties>
	<author email="craigmcc@apache.org">Craig R. McClanahan</author>
	<title>Proxy Support HOW-TO</title>
	</properties>

	<body>

	<section name="Table of Contents">
	<toc/>
	</section>

	<section name="Introduction">

	<p>Using standard configurations of Tomcat, web applications can ask for
	the server name and port number to which the request was directed for
	processing. When Tomcat is running standalone with the
	<a href="config/http.html">HTTP/1.1 Connector</a>, it will generally
	report the server name specified in the request, and the port number on
	which the <strong>Connector</strong> is listening. The servlet API
	calls of interest, for this purpose, are:</p>
	<ul>
	<li><code>ServletRequest.getServerName()</code>: Returns the host name of the server to which the request was sent.</li>
	<li><code>ServletRequest.getServerPort()</code>: Returns the port number of the server to which the request was sent.</li>
	<li><code>ServletRequest.getLocalName()</code>: Returns the host name of the Internet Protocol (IP) interface on which the request was received.</li>
	<li><code>ServletRequest.getLocalPort()</code>: Returns the Internet Protocol (IP) port number of the interface on which the request was received.</li>
	</ul>

	<p>When you are running behind a proxy server (or a web server that is
	configured to behave like a proxy server), you will sometimes prefer to
	manage the values returned by these calls. In particular, you will
	generally want the port number to reflect that specified in the original
	request, not the one on which the <strong>Connector</strong> itself is
	listening. You can use the <code>proxyName</code> and <code>proxyPort</code>
	attributes on the <code><Connector></code> element to configure
	these values.</p>

	<p>Proxy support can take many forms. The following sections describe
	proxy configurations for several common cases.</p>

	</section>

	<section name="Apache 1.3 Proxy Support">

	<p>Apache 1.3 supports an optional module (<code>mod_proxy</code>) that
	configures the web server to act as a proxy server. This can be used to
	forward requests for a particular web application to a Tomcat instance,
	without having to configure a web connector such as <code>mod_jk</code>.
	To accomplish this, you need to perform the following tasks:</p>
	<ol>
	<li><p>Configure your copy of Apache so that it includes the
	<code>mod_proxy</code> module. If you are building from source,
	the easiest way to do this is to include the
	<code>--enable-module=proxy</code> directive on the
	<code>./configure</code> command line.</p></li>
	<li><p>If not already added for you, make sure that you are loading the
	<code>mod_proxy</code> module at Apache startup time, by using the
	following directives in your <code>httpd.conf</code> file:</p>
	<source><![CDATA[LoadModule proxy_module {path-to-modules}/mod_proxy.so
	AddModule mod_proxy.c]]></source></li>
	<li><p>Include two directives in your <code>httpd.conf</code> file for
	each web application that you wish to forward to Tomcat. For
	example, to forward an application at context path <code>/myapp</code>:</p>
	<source><![CDATA[ProxyPass /myapp http://localhost:8081/myapp
	ProxyPassReverse /myapp http://localhost:8081/myapp]]></source>
	<p>which tells Apache to forward URLs of the form
	<code>http://localhost/myapp/*</code> to the Tomcat connector
	listening on port 8081.</p></li>
	<li><p>Configure your copy of Tomcat to include a special
	<code><Connector></code> element, with appropriate
	proxy settings, for example:</p>
	<source><![CDATA[<Connector port="8081" ...
	proxyName="www.mycompany.com"
	proxyPort="80"/>]]></source>
	<p>which will cause servlets inside this web application to think that
	all proxied requests were directed to <code>www.mycompany.com</code>
	on port 80.</p></li>
	<li><p>It is legal to omit the <code>proxyName</code> attribute from the
	<code><Connector></code> element. If you do so, the value
	returned by <code>request.getServerName()</code> will by the host
	name on which Tomcat is running. In the example above, it would be
	<code>localhost</code>.</p></li>
	<li><p>If you also have a <code><Connector></code> listening on port
	8080 (nested within the same <a href="config/service.html">Service</a>
	element), the requests to either port will share the same set of
	virtual hosts and web applications.</p></li>
	<li><p>You might wish to use the IP filtering features of your operating
	system to restrict connections to port 8081 (in this example) to
	be allowed <strong>only</strong> from the server that is running
	Apache.</p></li>
	<li><p>Alternatively, you can set up a series of web applications that are
	only available via proxying, as follows:</p>
	<ul>
	<li>Configure another <code><Service></code> that contains
	only a <code><Connector></code> for the proxy port.</li>
	<li>Configure appropriate <a href="config/engine.html">Engine</a>,
	<a href="config/host.html">Host</a>, and
	<a href="config/context.html">Context</a> elements for the virtual hosts
	and web applications accessible via proxying.</li>
	<li>Optionally, protect port 8081 with IP filters as described
	earlier.</li>
	</ul></li>
	<li><p>When requests are proxied by Apache, the web server will be recording
	these requests in its access log. Therefore, you will generally want to
	disable any access logging performed by Tomcat itself.</p></li>
	</ol>

	<p>When requests are proxied in this manner, <strong>all</strong> requests
	for the configured web applications will be processed by Tomcat (including
	requests for static content). You can improve performance by using the
	<code>mod_jk</code> web connector instead of <code>mod_proxy</code>.
	<code>mod_jk</code> can be configured so that the web server serves static
	content that is not processed by filters or security constraints defined
	within the web application's deployment descriptor
	(<code>/WEB-INF/web.xml</code>).</p>

	</section>

	<section name="Apache 2.0 Proxy Support">
	The same instructions hold true as for 1.3. (Except in Apache 2.0,
	you may omit <code>AddModule mod_proxy.c</code>)
	</section>

	</body>

	</document>