0

im running tomcat on my linux server and i want use a reverse proxy for this. After reading the manual in apacha for mod_proxy , i didnt really understand the /path in the proxypass .

i make a small example. the directory for my tomcat is /tomcat/webapp. Is then this following configuration right ?:

<VirtualHost *:80> ServerName example.com ServerAlias www.example.com ProxyRequests Off ProxyPass /tomcat/webapp http://127.0.0.1:8080 ProxyPassReverse /tomcat/webapp http://127.0.0.1:8080 </VirtualHost>

i would be thankful, im somebody with experience can help me out.

Improve this question
2
  • The path parameter is an URI path, not a directory (filesystem path). Tomcat's ROOT web application will appear under the URL http://example.com/tomcat/webapp/. Commented Jan 24, 2020 at 18:56
  • this means i should change the following setting to : ProxyPass /app localhost:8080/tomcat/webapp right ? Commented Jan 24, 2020 at 19:01

1 Answer 1

Reset to default
2

Theoretically whichever ProxyPass directive you choose, it will work, even if you choose to proxy http://example.com:8080/webapp/ as http://example.com/foo/bar/baz/.

However, if your application uses absolute paths in hyperlinks, it is better to use the same URI path on both Apache and Tomcat or you will have problems like in this question. So:

  • if your application is well written, choose your favourite URL and adjust the webapp deployment on Tomcat to fit it.
  • if your application is badly written (e.g. has some hardcoded paths like in this question adjust the Apache path to fit the hardcoded deployment path.

Either way you should use:

ProxyPass "/path/to/webapp/" "http://127.0.0.1:8080/path/to/webapp/"

PS: Since apparently you want to run Tomcat on two ports, it is better if you tell the webapp that it is being proxied and that port 8443 is accessed through SSL:

<Connector port="8080" proxyName="example.com" proxyPort="80" redirectPort="443" /> <Connector port="8443" proxyName="example.com" proxyPort="443" scheme="https" secure="true" />

so the webapp will not generate useless redirects from port 8443 to port 443.

Improve this answer
8
  • and what if i config the proxypass like this, : ProxyPass / 127.0.0.1:8080 is it secure enough like the above examples ? Commented Jan 24, 2020 at 22:02
  • Yes, the app will work correctly. However if you want to give Tomcat the entire web space, why don't you just run Tomcat on port 80 and 443? Commented Jan 24, 2020 at 22:15
  • for port 80/443 i need to be run tomcat as root, therefore i need to be run tomcat with reverse proxy :D Commented Jan 24, 2020 at 22:40
  • Not really: you can use authbind or set the CAP_NET_BIND_SERVICE ambient capability on the Tomcat process. Debian 9 uses the first, Debian 10 uses the second. Commented Jan 24, 2020 at 22:44
  • but i can still use authbind but its not secure enough, i would give tomcat user the read write execute as for all privileg ports :) Commented Jan 24, 2020 at 22:49

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.