Hello everybody,

I'm kinda new to using Tomcat so I hope for your understanding.

I have a site called "app.testsite.com"

If i put it in the webapps-folder in centos 5.5 (standard installation, no nice home-built stuff) and restart tomcat I can browse to the site if I go to http://app.testsite.com:8080.

If I put in a iptables redirect rule from 80 to 8080 I can then browse the site if i go to http://app.testsite.com. No problem so far.

If I instead of iptables rule use xinetd to redirect port 80 to 8080 I get a problem. The problem is only a part of the site loads. A bigger part yes but still not the whole site.

If I install apache (on the same server) and use it as proxy and proxy the site with this:

ProxyPass / http://localhost:8080/

The same problem as with xinetd appears.

On the other hand... If I separate (two separate machines) the apache server (app.testsite.com) and the tomcat server (app.testsite2.com) and I use the iptables rule on the tomcat server to redirect 80 to 8080.
Then I set up the proxy on the apache server like this:

ProxyPass / http://app.testsite2.com

http://app.testsite.com works like a charm

Now... I actually can live with that considering I'm going to run the servers separated from each other anyway.

BUT WHY IS THIS HAPPENING?

Seriously, I don't just want to fix it, it's driving me crazy to se a problem I don't understand.

Is there anybody here who have a clue what this could be?

Should I do something in the ProxyPass setup to make it work?

Best regards

Johan

it's happening because you are changing the HOST header at the point of proxy. From tomcat's perspective you are asking tomcat for the "localhost" website, not the "app.testsite.com" website, so it won't serve it. check this... http://httpd.apache.org/docs/current...xypreservehost

Firstly the tomcat server isn't set to care about http-headers.

Secondly the site loads... There are only a few things missing. The missing things aren't missed when I connect directly to the tomcat-server via port 8080 or port 80 through iptables redirect.

Yeah, when you connect with the proper hostname... No?

So what parts are missing? It's not just going to be 'some' bits. What documents are being requested but not obtained? You might want a tool like firebug on firefox to see what the browser is doing.

Just to be sure about it I tried with proxypreservehost on without any success.

I can connect with the IP-address directly to tomcat if i want to.
Or I can set up a new hostname in my local hostfile on my laptop and connecto to it. As long as I use port 8080 or if i make a redirect rule in iptables 80>8080 it works. It stops working only if I proxy the site.
Xinetd has sort of a transparent proxy and when I use xinetd the same problem appears.

The tomcat server only serves one site. Nothing else.

I'm gonna take a look at it with that firebug thing and see if I can see anything.

The problem is narrowed down to this: As long as I go through a iptables redirect rule 80>8080 or directly through 8080 the page works perfectly.
But if I in any way try to proxy from 80 to 8080 the problem appears.

The site is running at the moment so I actually have all the time in the world to solve it.

Well if it's working, why not just run tomcat on port 80 in the first place?

No sir. You want an AJP proxy for Tomcat. Here's an example config:
That requires Tomcat to run as root. (Which OP may be OK with, but I try to avoid. )

Think I found the problem...

It has something to do with jnlp, whatever that is. I have no clue but I found an error in the logs that pointed me in that direction.

Anyone with any ideas about how I can find the settings-file for the jnlp so I can change it to statically connect to the proxys address?
At the moment it tries to connect to the address that the proxy connects to when it connects to the tomcat, including the port number and port 8080 isn't reachable from the outside.

Suggestions anyone?

Hi,

For apache to work as a reverse proxy you need the following:
Regards

For tomcat, if you wanna use AJP, you can also use mod_jk. It might not be the best but it works. You will need to build mod_jk, Im not sure if you can find it in the CentOS repositories.

If you just wanna use HTTP, then mod_proxy should do the job. I would suggest to show use the config for apache, also test if tomcat works standalone on HTTP.

@dexznrl: This problem is not difficult to solve if you actually pay attention to the suggestions on this thread. Instead of flailing through trial and error attempts, benefit from research and work that others have already done.

Is it not possible to start as root and drop to a lesser account afterwards?

That would be the right way to handle things, but Tomcat (last I checked) has no such ability. AFAIK, it's a single process/daemon that spawns no children - unprivileged or otherwise.