Erro no proxy reverso Apache para o Tomcat com SSL

regis_ricardo
(usa CentOS)

Enviado em 23/11/2016 - 16:00h

Boa tarde, tenho uma aplicação que roda no Tomcat, consigo acessar ela direto pelo ip da máquina do Tomcat, porém não consigo acessa-la pela url, há um apache fazendo função de proxy reverso para varias outras aplicações que rodam em outro servidor (Jboss) e estas acessam normalmente, porém ainda não entendi o motivo de não conseguir entender por que o redirect para o Tomcat não roda, para ter certeza que o erro era no meu proxy reverso eu coloquei a url respondendo direto pelo ip nas configurações de hosts da minha máquina fízica, e acessou normalmente, de ante-mão adiando que apenas o Tomcat tem certificado de segurança, os jboss não, não sei se e por isso que não consigo redirecionar para o Tomcat, pelo fato de ter que fazer alguma configuração extra para receber na porta 80 e fazer redirect para 443, onde aparentemente o tomcat já faz um redirect também da 8080 para 443, abaixo segue as configurações do Tomcat e do Apache:

Apache:

mod_cluster.conf

<VirtualHost 10.72.247.10:80>
ServerName homologa.tecnologia.pgfn

ErrorLog /var/log/httpd/homologa-error_log
CustomLog /var/log/httpd/homologa-access_log common

<Directory />
Order deny,allow
Deny from all
Allow from 10.72.247.
</Directory>

<Location /mod_cluster-manager>
SetHandler mod_cluster-manager
Order deny,allow
Allow from all
</Location>

KeepAliveTimeout 60
ManagerBalancerName mycluster
MaxKeepAliveRequests 0
ServerAdvertise On
EnableMCPMReceive On
</VirtualHost>


###
ProxyPreserveHost On
ProxyRequests Off
ProxyTimeout 600
ProxyStatus On
ProxyVia On

<Proxy *>
Order deny,allow
Allow from 10.72.247.
</Proxy>

ProxyPass /aplic http://aplic.homologa.tecnologia.pgxx/aplic
ProxyPassReverse /gcast https://10.72.247.34:443/aplic

Também tentei sem a porta 443


Configuração do server.xml do Tomcat

<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">

<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>

<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">

<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->


<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />

<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false"
keystoreFile="conf/certificado/xxx" keystorePass="xxxx" maxThreads="25" port="443"
secure="true" sslProtocol="TLS" protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" />

<!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/certificado.jks" keystorePass="simba2016" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />


<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->

<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">

<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->

<!-- The request dumper valve dumps useful debugging information about
the request and response data received and sent by Tomcat.
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-->

<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>

<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">

<Context path="/gcast" docBase="gcast" reloadable="true"
crossContext="true">
<Resource name="jdbc/xxx" auth="Container" type="javax.sql.DataSource"
maxActive="100" maxIdle="30" maxWait="10000" username="xxx"
password="xxx" driverClassName="oracle.jdbc.driver.OracleDriver"
testOnBorrow="true" validationInterval="30000"
validationQuery="SELECT 1 FROM DUAL"
url="jdbc:oracle:thin:@10.72.247.x:1521:xe" />
</Context>

<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->

<!-- Access log processes all example.
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
-->



</Host>
</Engine>
</Service>
</Server>

saitam
(usa Slackware)

Enviado em 23/11/2016 - 20:20h

No JBoss

../standalone/configuration/standalone.xml

<virtual-server name="projetoVirtualHost" default-web-module="nameOfWarFile">

   <alias name="myurl.com"/>

</virtual-server>

 

<jboss-web>

    <virtual-host>projetoVirtualHost< /virtual-host> 

</jboss-web>

 

No Apache

VirtualHost *:80>

   ServerName urlprojeto

   ServerAlias www.urlprojeto.com urlprojeto.com



   ProxyPass / http:/urlprojeto.com:8080/

   ProxyPassReverse /  http://urlprojeto:8080/

</VirtualHost>

 

Reinicie o Apache e JBoss

Feito!
http://mundodacomputacaointegral.blogspot.com.br/
Twitter: http://twitter.com/@blogcomputacao
Facebook: http://www.facebook.com/BlogComputacao
Grupo Linux no Telegram: https://goo.gl/KQYqhN
Grupo Linguagens de Programação no Telegram: https://goo.gl/7sJF95
Grupo FreeBSD no Telegram: https://goo.gl/cIDktA
Blog: http://goo.gl/Cuixk
Coleção de Howtos Linux e FreeBSD https://goo.gl/UHDVtK

spolti
(usa Fedora)

Enviado em 25/11/2016 - 13:56h

Envie por favor os logs do apache.

Mas, pelo que eu me lembre da última vez que usei Proxy, a sua configuração não está correta.

Você pode ter mais detalhes neste link: https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

regis_ricardo
(usa CentOS)

Enviado em 25/11/2016 - 16:56h

Fala pessoal, Então não é com Jboss, mas sim com tomcat, este tomcat tem um cetificado SSL, e o apache faz um proxy reverso para ele, mas não esta funcionando, e apenas não funciona para o Tomcat, não sei se é porque apenas o Tomcat esta com ssl, ou se ha alguma configuração errada no apache.



No JBoss

../standalone/configuration/standalone.xml

<virtual-server name="projetoVirtualHost" default-web-module="nameOfWarFile">

   <alias name="myurl.com"/>

</virtual-server>

 

<jboss-web>

    <virtual-host>projetoVirtualHost< /virtual-host> 

</jboss-web>

 

No Apache

VirtualHost *:80>

   ServerName urlprojeto

   ServerAlias www.urlprojeto.com urlprojeto.com



   ProxyPass / http:/urlprojeto.com:8080/

   ProxyPassReverse /  http://urlprojeto:8080/

</VirtualHost>

 

Reinicie o Apache e JBoss

Feito!
http://mundodacomputacaointegral.blogspot.com.br/
Twitter: http://twitter.com/@blogcomputacao
Facebook: http://www.facebook.com/BlogComputacao
Grupo Linux no Telegram: https://goo.gl/KQYqhN
Grupo Linguagens de Programação no Telegram: https://goo.gl/7sJF95
Grupo FreeBSD no Telegram: https://goo.gl/cIDktA
Blog: http://goo.gl/Cuixk
Coleção de Howtos Linux e FreeBSD https://goo.gl/UHDVtK

[/quote]

Então, não é Jboss é tomcat.