nixCraft Linux Forum

nixCraft

Linux / UNIX Tech Support Forum

Reverse Proxy to Backend Tomcat Servers

This is a discussion on Reverse Proxy to Backend Tomcat Servers within the Web servers forums, part of the Mastering Servers category; I'm trying to setup a reverse proxy in my DMZ that will create an SSL connection to internet users. The ...

Go Back   nixCraft Linux Forum > Mastering Servers > Web servers

Reverse Proxy to Backend Tomcat Servers Reverse Proxy to Backend Tomcat Servers

Linux answers from nixCraft.

Register FAQ Members List Social Groups Calendar Forgotten your password? Mark Forums Read

Web servers Discussion on Apache, Nginx and Lighttpd HTTP/web server and configuration issues.

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 08-12-2007, 11:30 AM
Junior Member
User
  
Join Date: Nov 2007
OS: Mepis and Debian
Posts: 22
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
Johnny Utah is on a distinguished road
Default Reverse Proxy to Backend Tomcat Servers
I'm trying to setup a reverse proxy in my DMZ that will create an SSL connection to internet users. The proxy will then connect clients to backend Apache and Tomcat servers unencrypted in my local network.

I hoping to set something up on Debian like Pound. Apache seems like a pain in the butt to configure for this, and Squid seems like overkill.

So far I have had little success getting it setup the exact way I want it.

Does anyone know of a good How To?

Thanks!
__________________
Kubuntu user? http://kubuntuway.net
Do you own reptiles? http://redtailconnect.net
Reply With Quote
  #2 (permalink)  
Old 08-12-2007, 09:05 PM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
OS: Debian GNU/Linux
Posts: 506
Thanks: 0
Thanked 8 Times in 6 Posts
Rep Power: 7
monk has a spectacular aura about monk has a spectacular aura about
Default
Configuring pound is one of the easiest thing. Let us say your run pound on 190.1.5.6 public ip. All you have to do is

1) stop Apache on 190.1.5.6 port 80/443
2) configure pound to run on 190.1.5.6 port 80/443
3) configure pound to redirect traffic to internal hosts
4) my guess DMZ firewall is blocking something soemwhere

Try following tutorial
Tuple Shop: Deploying Rails with Pound in Front of Mongrel, Lighttpd, and Apache
__________________
May the force with you!
Reply With Quote
  #3 (permalink)  
Old 08-12-2007, 09:38 PM
Junior Member
User
  
Join Date: Nov 2007
OS: Mepis and Debian
Posts: 22
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
Johnny Utah is on a distinguished road
Default
Thanks for the reply.

It's not a firewall issue, because I've been testing out the configuration in the same subnet (and neither machine is running IPTables).

The How To looks great, but I don't think it mentions anything about https. Would I configure https thru pound, or on the Tomcat server? I'm thinking the latter.

Thanks.
__________________
Kubuntu user? http://kubuntuway.net
Do you own reptiles? http://redtailconnect.net
Reply With Quote
  #4 (permalink)  
Old 09-12-2007, 09:38 PM
rockdalinux's Avatar
Is that all you got?
User
  
Join Date: May 2005
Location: Planet Vegeta
OS: Redhat
Posts: 708
Thanks: 15
Thanked 19 Times in 18 Posts
Rep Power: 10
rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light
Default
Here is /etc/pound.conf configuration from my *working* server for standard 443 and 80 port. All request comes to 203.xx.yy.zzz:80

Code:
IE/FF => 203.xx.yy.zzz:80  => pound => redirect to => 192.168.1.6:80 => Apache
Code:
ListenHTTPS
        Address 203.xx.yy.zzz
        Port 443
        Cert "/usr/local/etc/ssl/in.vsnl.test-server/server.pem"
        Service
                BackEnd
                        Address 192.168.1.5
                        Port 443
                End
        End
End

ListenHTTP
            Address 203.xx.yy.zzz
            Port    80
            Service
                BackEnd
                    Address 192.168.1.6
                    Port    80
                End
            End
End
Also note that HTTPS does not allow virtual hosting
__________________
Rocky Jr.
What's wrong? I hope I am not making you uncomfortable...

Never send a boy to do a mans job.
Reply With Quote
  #5 (permalink)  
Old 11-12-2007, 04:14 AM
Junior Member
User
  
Join Date: Nov 2007
OS: Mepis and Debian
Posts: 22
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
Johnny Utah is on a distinguished road
Default
When I hit the pound server, all I get is the Tomcat page. Here's my configuration in pound.cfg:

ListenHTTP
Address 10.10.10.79
port 80

## allow Put and Delete also (by default only GET,POST, and HEAD?)
xHTTP 0

Service
BackEnd
Address 10.10.10.89
port 8080
END
END
END
__________________
Kubuntu user? http://kubuntuway.net
Do you own reptiles? http://redtailconnect.net
Reply With Quote
  #6 (permalink)  
Old 11-12-2007, 12:38 PM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
OS: Debian GNU/Linux
Posts: 506
Thanks: 0
Thanked 8 Times in 6 Posts
Rep Power: 7
monk has a spectacular aura about monk has a spectacular aura about
Default
If you get tomcat page, it is working fine. Do you have tomcat server configured properly via server.xml / web.xml file Do you see any specify error log in /var/log/messages (syslog) file?
__________________
May the force with you!
Reply With Quote
  #7 (permalink)  
Old 11-12-2007, 08:54 PM
Junior Member
User
  
Join Date: Nov 2007
OS: Mepis and Debian
Posts: 22
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
Johnny Utah is on a distinguished road
Default
Quote:
Originally Posted by monk View Post
If you get tomcat page, it is working fine. Do you have tomcat server configured properly via server.xml / web.xml file Do you see any specify error log in /var/log/messages (syslog) file?
Tomcat is running fine on the backend server. You need to specify:
Code:
http://pengo:8080/jtrac
in order to use the application though. Is there any way to get Pound to redirect to the URL above? Or do I need to configure Tomcat's server.xml / web.xml so that the application is accessible by hitting just
Code:
http://pengo
?

I enabled the highest level of logging, but I didn't see any error messages.
__________________
Kubuntu user? http://kubuntuway.net
Do you own reptiles? http://redtailconnect.net
Last edited by Johnny Utah; 11-12-2007 at 08:57 PM.
Reply With Quote
  #8 (permalink)  
Old 11-12-2007, 09:58 PM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
OS: Debian GNU/Linux
Posts: 506
Thanks: 0
Thanked 8 Times in 6 Posts
Rep Power: 7
monk has a spectacular aura about monk has a spectacular aura about
Default
Quote:
Originally Posted by Johnny Utah View Post
Tomcat is running fine on the backend server. You need to specify:
Code:
http://pengo:8080/jtrac
in order to use the application though. Is there any way to get Pound to redirect to the URL above? Or do I need to configure Tomcat's server.xml / web.xml so that the application is accessible by hitting just
Code:
http://pengo
?

I enabled the highest level of logging, but I didn't see any error messages.
Pound cannot connect to dynamic urls it only recognizes root; In short run app from root aka reconfigure tomcat.
Code:
http://pengo
__________________
May the force with you!
Reply With Quote
  #9 (permalink)  
Old 13-12-2007, 04:20 AM
Junior Member
User
  
Join Date: Nov 2007
OS: Mepis and Debian
Posts: 22
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
Johnny Utah is on a distinguished road
Default
Good deal. Thanks for your help.
__________________
Kubuntu user? http://kubuntuway.net
Do you own reptiles? http://redtailconnect.net
Reply With Quote
  #10 (permalink)  
Old 11-11-2009, 11:06 AM
Junior Member
User
  
Join Date: Nov 2009
OS: Debian
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
himesh is on a distinguished road
Default
Hey johnny how did you configure tomcat to run form root.

thanks in advance...
Reply With Quote
Reply

« apache 2.0.65 https not showing flars in Internet Explorer | Configuring IPs on apache »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads

Thread Thread Starter Forum Replies Last Post
Tomcat shell script cron job to restart server kasimani Shell scripting 4 03-05-2008 07:46 PM
Nagios on tomcat? Vince-0 Linux software 0 22-04-2008 01:30 PM
Progate account across several servers piggy Shell scripting 0 06-03-2008 08:03 AM
Viewing the Jakarta-Tomcat pages on Client machines shilpigoel1 Networking, Firewalls and Security 7 21-08-2007 10:53 PM
Restrict number of simultaneous proxy connections in SQUID proxy pkvmreddy Getting started tutorials 1 15-06-2007 03:52 PM


All times are GMT +5.5. The time now is 05:21 PM.

Contact Us - nixCraft Home - Archive - Privacy Statement - Terms of Service - Top

Powered by vBulletin® Version 3.8.5 - Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.3.2
©2005-2010 nixCraft. All rights reserved

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38