| Author |
|
jnsunkersett
Joined: 30 Jan 2011
Posts: 23
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7301
Location: Germany, Next to Hamburg
|
 Posted: Sun 25 Dec '11 17:02 Post subject: |
 |
|
That is pretty easy since you want the same paths in your application. You can solve that with a reverse proxy on the first server.
config on server one.
| Code: |
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyPass /theta/ http://servertwo/theta/
ProxyPassReverse /theta/ http://servertwo/theta/
|
Any further questions? |
|
| Back to top |
|
jnsunkersett
Joined: 30 Jan 2011
Posts: 23
|
| Posted: Mon 26 Dec '11 8:57 Post subject: |
|
|
reverse proxy  
Do I need to install and configure one, seprately ?
Which one do you suggest ?
I guess this will be required On server-One, on which I have Apache httpd 2.2.17 (+ mod_jk + jboss)
you also mention:
>> That is pretty easy since you want the same paths in your application.
Then to make it difficult (  ), what to do if
1. a diffrent context path is required.
2. security is desired and access should be restricted to a select few persons or ip addresses.
thank you James,
(please link me to some good related documentation) |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7301
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
jnsunkersett
Joined: 30 Jan 2011
Posts: 23
|
| Posted: Mon 26 Dec '11 19:26 Post subject: |
|
|
>> Well since you already set up mod_jk to localhost, why not use the same for non localhost from the second server?
Can you be more specific (especially on the mod_jk).
My second server, hosts a PHP application (not a java), so how can mod_jk be used? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7301
Location: Germany, Next to Hamburg
|
| Posted: Mon 26 Dec '11 20:41 Post subject: |
|
|
Ok if it is an PHP forget about mod_jk...
the reverse proxy stuff I posted first works. You could change the path. Mostly that works,too.
| Code: |
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyPass /different/ http://servertwo/theta/
ProxyPassReverse /different/ http://servertwo/theta/
|
This reverse proxy stuff is out of the box function from apache.
So what it does is this:
| Code: |
client<--->server_one/different<--->server_two/theta
|
it forwards the request from /different to the second server in your network to the /theta
if you still have a question please ask again |
|
| Back to top |
|
jnsunkersett
Joined: 30 Jan 2011
Posts: 23
|
| Posted: Tue 27 Dec '11 13:41 Post subject: |
|
|
Hello James,
I tried what you suggested but it did not work.
I have a httpd-ssl.conf, in which I configured my SSL certficate and in which I have a <VirtualHost> section
In that I wrote
| Code: |
<VirtualHost *:443>
JkMount /* loadbalancer # this was existing and connects to my jboss server via mod_jk
SetEnvIf Request_URI "/saibugs" no-jk
ProxyPass /saibugs/ http://10.224.71.131/ # I have bugzila installed on this server
ProxyPassReverse /saibugs/ http://10.224.71.131/
</VirtualHost>
|
I have uncommneted the 3 LoadModule statements in httpd.conf
In browser I gave https://www.mydomain.com/saibugs ....but got a 404
Snaps from the logs are below .... do they give you any clues?
access.log
10.224.64.65 - - [27/Dec/2011:16:52:28 +0530] "GET /saibugs HTTP/1.1" 404 205
10.224.64.65 - - [27/Dec/2011:17:02:37 +0530] "GET /saibugs HTTP/1.1" 404 205 0
sslerror.log
[Tue Dec 27 16:52:28 2011] [error] [client 10.224.64.65] File does not exist: D:/ApacheSoftwareFoundation/Apache2.2/htdocs/saibugs
ssl_request.log
[27/Dec/2011:16:52:28 +0530] 10.224.64.65 TLSv1 AES128-SHA "GET /saibugs HTTP/1.1" 205 0 7DDAEA1D14232847035F89729921C50AEDBCC825F11F926AD132CA0135D20BA6 |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7301
Location: Germany, Next to Hamburg
|
| Posted: Tue 27 Dec '11 18:14 Post subject: |
|
|
Sorry, forgot to tell you something
Well it should work with
https://www.mydomain.com/saibugs/
Or if you don't like that change the reverse proxy stuff a bit to
| Code: |
ProxyPass /saibugs http://10.224.71.131/ # I have bugzila installed on this server
ProxyPassReverse /saibugs http://10.224.71.131/
|
At first it is a might be a bit confusing, but apache tries to match the URL, and in my example it was /url/ and not /url , so it behaves it bit different than you thought. |
|
| Back to top |
|
jnsunkersett
Joined: 30 Jan 2011
Posts: 23
|
| Posted: Wed 28 Dec '11 6:18 Post subject: |
|
|
Sorry James,
Still not working, only change the 404 changed to 503.
But if I try all by itself, it works (so could not determine the reason of the 503, could mod_jk be creating the problem)
Please see the sslerror.log below;
The relevant content of my
httpd.conf
| Code: |
<VirtualHost *:80>
JkMount /* loadbalancer
SetEnvIf Request_URI "/saibugs/*" no-jk
ProxyPass /saibugs http://10.224.78.215/
ProxyPassReverse /saibugs http://10.224.78.215/
</VirtualHost>
|
and httpd-ssl.conf
| Code: |
<VirtualHost _default_:443>
SSLEngine on
SSLCipherSuite ....
SSLCertificateFile "D:/ApacheSoftwareFoundation/Apache2.2/conf/saionline.crt"
SSLCertificateKeyFile "D:/ApacheSoftwareFoundation/Apache2.2/conf/saionline.key"
#SSLCertificateChainFile
#SSLCACertificateFile
#SSLCARevocationFile
JkMount /* loadbalancer
SetEnvIf Request_URI "/saibugs/*" no-jk
ProxyPass /saibugs http://10.224.78.215/
ProxyPassReverse /saibugs http://10.224.78.215/
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined_with_forwarded_for
CustomLog "|D:/ApacheSoftwareFoundation/Apache2.2/bin/rotatelogs.exe D:/ApacheSoftwareFoundation/Apache2.2/logs/access.log 86400" combined_with_forwarded_for
</VirtualHost>
|
access.log
10.224.64.65 - - [28/Dec/2011:09:09:25 +0530] "GET /saibugs HTTP/1.1" 503 323 21
10.224.64.65 - - [28/Dec/2011:09:09:29 +0530] "GET /saibugs HTTP/1.1" 503 323
10.224.64.65 - - [28/Dec/2011:09:11:18 +0530] "GET /saibugs/ HTTP/1.1" 503 323
sslerror.log
[Wed Dec 28 09:09:50 2011] [error] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : proxy: HTTP: attempt to connect to 10.224.78.215:80 (10.224.78.215) failed
[Wed Dec 28 09:09:50 2011] [error] ap_proxy_connect_backend disabling worker for (10.224.78.215) |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7301
Location: Germany, Next to Hamburg
|
| Posted: Wed 28 Dec '11 19:50 Post subject: |
|
|
Error 503, your server one can't connect / establish a connection to server two. If you are on sever one can you open in a browsr the http://10.224.78.215/ ?
It might be problem with the user apache is running on. If you installed apache as service the "service user / account" can't connect over the network. Sorry I missed that. You can try to run apache with a diffrent user than the system account.
So the 503 is one step closer than the 404 error |
|
| Back to top |
|
jnsunkersett
Joined: 30 Jan 2011
Posts: 23
|
| Posted: Fri 30 Dec '11 9:10 Post subject: |
|
|
Yes you were correct.
I could not open a telnet session on port 80 from serverONE to the bugzilla box (10.224.78.215)
After correcting that, I could browse to https://serverONE/saibugs or https://www.mydomain.com/saibugs
I got a Bugzilla main page but it was not looking correct.
Upon checking the log files, I found serverONE could access the main page but it gave 404 errors for relative paths, which were pointing to the bugzilla javascript and CSS.
access.log
| Code: |
10.224.64.62 - - [30/Dec/2011:12:05:34 +0530] "GET /saibugs HTTP/1.1" 200 13574
10.224.64.62 - - [30/Dec/2011:12:05:36 +0530] "GET /skins/standard/global.css HTTP/1.1" 404 -
10.224.64.62 - - [30/Dec/2011:12:05:36 +0530] "GET /skins/standard/index.css HTTP/1.1" 404 -
10.224.64.62 - - [30/Dec/2011:12:05:36 +0530] "GET /js/global.js HTTP/1.1" 404 -
10.224.64.62 - - [30/Dec/2011:12:05:36 +0530] "GET /js/yui/cookie.js HTTP/1.1" 404 -
|
httpd-ssl.conf
| Code: |
SetEnvIf Request_URI "/saibugs/*" no-jk
ProxyRequests Off # this directive seems, made no differnce.
ProxyPass /saibugs http://10.224.78.215/
ProxyPassReverse /saibugs http://10.224.78.215/
|
With further tweaking found the URI, given with the the ProxyPass directive, should not end with a slash ('/'),
| Code: |
ProxyPass /saibugs/ ... # the ending slash should NOT be defined
|
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7301
Location: Germany, Next to Hamburg
|
| Posted: Fri 30 Dec '11 19:31 Post subject: |
|
|
| jnsunkersett wrote: |
With further tweaking found the URI, given with the the ProxyPass directive, should not end with a slash ('/'),
|
Hadn't read that in a long time.
how ever back to your 404 errors. The problem is that the paths in your html / bugzilla html is not with relative paths, but absolute paths. I think mod_proxy_html can fix that. There is a download on apache lounge. |
|
| Back to top |
|
jnsunkersett
Joined: 30 Jan 2011
Posts: 23
|
| Posted: Fri 16 Mar '12 15:24 Post subject: |
|
|
Hello James,
We could chain 2 apache servers using the ProxyPass and ProxyPassReverse directives
(it did not work with Bugzilla as we have installed Bugzilla.msi. We have not installed Apache, Perl and bugzilla individually)
That apart - my next question;
How to enable security? (that is restrict access to the chained Apache server to a select few and not the entire world.)
I hope I am clear enough - if not please reply so;
I shall elaborate.
thank you
Jeevan |
|
| Back to top |
|
