nixCraft Linux Forum

nixCraft

Linux Tech Support Forum

Reverse Proxy to Backend Tomcat Servers

This is a discussion on Reverse Proxy to Backend Tomcat Servers within the Web servers forums, part of the Mastering Servers category; I'm trying to setup a reverse proxy in my DMZ that will create an SSL connection to internet users. The ...


Go Back   nixCraft Linux Forum > Mastering Servers > Web servers

Reverse Proxy to Backend Tomcat Servers Reverse Proxy to Backend Tomcat Servers

Register FAQ Members List Calendar Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 12-08-2007, 11:30 AM
Junior Member
User
  
Join Date: Nov 2007
My distro: Mepis and Debian
Posts: 22
Rep Power: 0
Johnny Utah is on a distinguished road
Default Reverse Proxy to Backend Tomcat Servers
I'm trying to setup a reverse proxy in my DMZ that will create an SSL connection to internet users. The proxy will then connect clients to backend Apache and Tomcat servers unencrypted in my local network.

I hoping to set something up on Debian like Pound. Apache seems like a pain in the butt to configure for this, and Squid seems like overkill.

So far I have had little success getting it setup the exact way I want it.

Does anyone know of a good How To?

Thanks!
__________________
Kubuntu user? http://kubuntuway.net
Do you own reptiles? http://redtailconnect.net
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 12-08-2007, 09:05 PM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
My distro: Debian GNU/Linux
Posts: 482
Rep Power: 5
monk will become famous soon enough monk will become famous soon enough
Default
Configuring pound is one of the easiest thing. Let us say your run pound on 190.1.5.6 public ip. All you have to do is

1) stop Apache on 190.1.5.6 port 80/443
2) configure pound to run on 190.1.5.6 port 80/443
3) configure pound to redirect traffic to internal hosts
4) my guess DMZ firewall is blocking something soemwhere

Try following tutorial
Tuple Shop: Deploying Rails with Pound in Front of Mongrel, Lighttpd, and Apache
__________________
May the force with you!
Reply With Quote
  #3 (permalink)  
Old 12-08-2007, 09:38 PM
Junior Member
User
  
Join Date: Nov 2007
My distro: Mepis and Debian
Posts: 22
Rep Power: 0
Johnny Utah is on a distinguished road
Default
Thanks for the reply.

It's not a firewall issue, because I've been testing out the configuration in the same subnet (and neither machine is running IPTable.

The How To looks great, but I don't think it mentions anything about https. Would I configure https thru pound, or on the Tomcat server? I'm thinking the latter.

Thanks.
__________________
Kubuntu user? http://kubuntuway.net
Do you own reptiles? http://redtailconnect.net
Reply With Quote
  #4 (permalink)  
Old 12-09-2007, 09:38 PM
rockdalinux's Avatar
Contributors
User
  
Join Date: May 2005
Location: Bangalore
My distro: RHEL, HP-UX, Solaris, FreeBSD, Ubuntu
Posts: 576
Rep Power: 7
rockdalinux is a jewel in the rough rockdalinux is a jewel in the rough rockdalinux is a jewel in the rough rockdalinux is a jewel in the rough
Default
Here is /etc/pound.conf configuration from my *working* server for standard 443 and 80 port. All request comes to 203.xx.yy.zzz:80

Code:
IE/FF => 203.xx.yy.zzz:80  => pound => redirect to => 192.168.1.6:80 => Apache
Code:
ListenHTTPS
        Address 203.xx.yy.zzz
        Port 443
        Cert "/usr/local/etc/ssl/in.vsnl.test-server/server.pem"
        Service
                BackEnd
                        Address 192.168.1.5
                        Port 443
                End
        End
End

ListenHTTP
            Address 203.xx.yy.zzz
            Port    80
            Service
                BackEnd
                    Address 192.168.1.6
                    Port    80
                End
            End
End
Also note that HTTPS does not allow virtual hosting
__________________
Rocky Jr.
You may have my body & soul, but you will never touch my pride!

If you have knowledge, let others light their candles at it.

Certified to work on HP-UX / Sun Solaris / RedHat
Reply With Quote
  #5 (permalink)  
Old 12-11-2007, 04:14 AM
Junior Member
User
  
Join Date: Nov 2007
My distro: Mepis and Debian
Posts: 22
Rep Power: 0
Johnny Utah is on a distinguished road
Default
When I hit the pound server, all I get is the Tomcat page. Here's my configuration in pound.cfg:

ListenHTTP
Address 10.10.10.79
port 80

## allow Put and Delete also (by default only GET,POST, and HEAD?)
xHTTP 0

Service
BackEnd
Address 10.10.10.89
port 8080
END
END
END
__________________
Kubuntu user? http://kubuntuway.net
Do you own reptiles? http://redtailconnect.net
Reply With Quote
  #6 (permalink)  
Old 12-11-2007, 12:38 PM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
My distro: Debian GNU/Linux
Posts: 482
Rep Power: 5
monk will become famous soon enough monk will become famous soon enough
Default
If you get tomcat page, it is working fine. Do you have tomcat server configured properly via server.xml / web.xml file Do you see any specify error log in /var/log/messages (syslog) file?
__________________
May the force with you!
Reply With Quote
  #7 (permalink)  
Old 12-11-2007, 08:54 PM
Junior Member
User
  
Join Date: Nov 2007
My distro: Mepis and Debian
Posts: 22
Rep Power: 0
Johnny Utah is on a distinguished road
Default
Quote:
Originally Posted by monk View Post
If you get tomcat page, it is working fine. Do you have tomcat server configured properly via server.xml / web.xml file Do you see any specify error log in /var/log/messages (syslog) file?
Tomcat is running fine on the backend server. You need to specify:
Code:
http://pengo:8080/jtrac
in order to use the application though. Is there any way to get Pound to redirect to the URL above? Or do I need to configure Tomcat's server.xml / web.xml so that the application is accessible by hitting just
Code:
http://pengo
?

I enabled the highest level of logging, but I didn't see any error messages.
__________________
Kubuntu user? http://kubuntuway.net
Do you own reptiles? http://redtailconnect.net
Last edited by Johnny Utah; 12-11-2007 at 08:57 PM.
Reply With Quote
  #8 (permalink)  
Old 12-11-2007, 09:58 PM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
My distro: Debian GNU/Linux
Posts: 482
Rep Power: 5
monk will become famous soon enough monk will become famous soon enough
Default
Quote:
Originally Posted by Johnny Utah View Post
Tomcat is running fine on the backend server. You need to specify:
Code:
http://pengo:8080/jtrac
in order to use the application though. Is there any way to get Pound to redirect to the URL above? Or do I need to configure Tomcat's server.xml / web.xml so that the application is accessible by hitting just
Code:
http://pengo
?

I enabled the highest level of logging, but I didn't see any error messages.
Pound cannot connect to dynamic urls it only recognizes root; In short run app from root aka reconfigure tomcat.
Code:
http://pengo
__________________
May the force with you!
Reply With Quote
  #9 (permalink)  
Old 12-13-2007, 04:20 AM
Junior Member
User
  
Join Date: Nov 2007
My distro: Mepis and Debian
Posts: 22
Rep Power: 0
Johnny Utah is on a distinguished road
Default
Good deal. Thanks for your help.
__________________
Kubuntu user? http://kubuntuway.net
Do you own reptiles? http://redtailconnect.net
Reply With Quote
Reply

Bookmarks

« Webdav on apache | Minisendmail chroot »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
Tomcat shell script cron job to restart server kasimani Shell scripting 4 05-03-2008 07:46 PM
Nagios on tomcat? Vince-0 Linux software 0 04-22-2008 01:30 PM
Progate account across several servers piggy Shell scripting 0 03-06-2008 08:03 AM
Viewing the Jakarta-Tomcat pages on Client machines shilpigoel1 Networking, Firewalls and Security 7 08-21-2007 10:53 PM
Restrict number of simultaneous proxy connections in SQUID proxy pkvmreddy Getting started tutorials 1 06-15-2007 03:52 PM


All times are GMT +5.5. The time now is 06:56 PM.

Contact Us - Linux answers from nixCraft - Archive - Top

Powered by vBulletin® Version 3.7.3 - Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36