logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache Reverse Proxy in DMZ and internal TOMCAT7 APPS Tier
Author
Saaim



Joined: 07 Sep 2016
Posts: 9
Location: Saudi Arabia, Jubail
PostPosted: Wed 07 Sep '16 15:10    Post subject: Apache Reverse Proxy in DMZ and internal TOMCAT7 APPS Tier Reply with quote
Hello Webmasters,
We want to secure our application traffic who will access our internal Application running on TOMCAT7 with purely Private IP through External DMZ Reverse Proxy Server (Public IP). SSL implemented on External Reverse Proxy Server (HTTPD REDHAT Linux 6.5). facing Issues now while accessing the URL from internet.
Need your Professional expertise and experiences how to connect APACHE Reverse Proxy in DMZ to TOMCAT7 internal Node.

Error

Not Found

The requested URL /edms was not found on this server.

/edms is not avaialble on the proxy Server . /edms is on SAN and only accessible to local Server. Proxy Server is supposed to accept the HTTPS Traffic and route it as HTTP to the internal Server.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Wed 07 Sep '16 15:48    Post subject: Reply with quote
You can use mod_proxy_ajp or mod_jk.

Create a SSL Vhost with the needed SSL seetings.

mod_proxy_ajp example

Inside that vhost add


Code:

<Location />
        ProxyPass ajp://10.0.0.1:8009/
        ProxyPassReverse ajp://10.0.0.1:8009/
    </Location>


replace 10.0.0.1 with your internal IP.
Back to top
Saaim



Joined: 07 Sep 2016
Posts: 9
Location: Saudi Arabia, Jubail
PostPosted: Wed 07 Sep '16 16:53    Post subject: Reply with quote
Are these modules enabled by default in Redhat enterprise linux 6.5. We are using default apache httpd server installed with rhel 6.5.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Wed 07 Sep '16 17:19    Post subject: Reply with quote
Enabled? I'm not sure. At least they should be available. I don't have Redhat EL. But in CentOS 6.8 is mod_proxy_ajp included. And you can load them in /etc/httpd/conf/httpd.conf ( requires also mod_proxy)
mod_jk is not included.
Since CentOS is a clone of Redhat EL I think it should be the same on that distro.
Back to top
Saaim



Joined: 07 Sep 2016
Posts: 9
Location: Saudi Arabia, Jubail
PostPosted: Sun 18 Sep '16 14:23    Post subject: Reply with quote
[root@rcjvctsrp ~]# /u01/jboss/jboss-ews-2.1/httpd/sbin/apachectl status
Not Found

The requested URL /server-status was not found on this server.

--------------------------------------------------------------------------

Apache/2.2.26 (Red Hat Enterprise Web Server) Server at localhost Port 80



#<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>
<VirtualHost *:80>
# Your domain name
#ServerName Domain_NAME_HERE

ProxyPreserveHost On

# The IP and port of the JBoss Enterprise Application Platform
# These represent the default values, if your HTTPD is on the same host
# as your JBoss Enterprise Application Platform managed domain or server

# The location of the HTML files, and access control information
#DocumentRoot /var/www
#<Directory /var/www>
#Options -Indexes
#Order allow,deny
#Allow from all
#</Directory>

</VirtualHost>
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_http_module modules/mod_proxy_http.so

# Uncomment these to proxy FTP or HTTPS
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so

<VirtualHost publicip:443>
DocumentRoot /var/www/html
ServerName cts.rcjubail.gov.sa
SSLEngine on
SSLCertificateFile /u01/certificates/certs/cts_rcjubail_gov_sa.crt
SSLCertificateKeyFile /u01/certificates/cts_rcjubail_gov_sa.key
SSLCertificateChainFile /u01/certificates/certs/DigiCertCA.crt
#ProxyPassReverse /edms http://10.10.40.154:8888/edms
#ProxyPass /edms http://10.10.40.154:8888/edms
ProxyPass /edms http://10.10.40.154:8888/edms
ProxyPassReverse /edms http://10.10.40.154:8888/edms
</VirtualHost>

Above outs from DMZ External Server (JBOSS Enterprise WebServer).
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Mon 19 Sep '16 14:06    Post subject: Reply with quote
Topic continued here

https://www.apachelounge.com/viewtopic.php?t=7339
Back to top
Saaim



Joined: 07 Sep 2016
Posts: 9
Location: Saudi Arabia, Jubail
PostPosted: Mon 19 Sep '16 14:47    Post subject: The issue remains the Same. Reply with quote
External Server Hostname

[root@rcjvctsrp conf]# hostname
rcjvctsrp.jubail.rc.gov
You have new mail in /var/spool/mail/root
[root@rcjvctsrp conf]# ifconfig
eth1 Link encap:Ethernet HWaddr 00:50:56:BF:2F:08
inet addr:10.1.1.161 Bcast:10.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:febf:2f08/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6925902 errors:0 dropped:0 overruns:0 frame:0
TX packets:5361074 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2104576591 (1.9 GiB) TX bytes:621165870 (592.3 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9816553 errors:0 dropped:0 overruns:0 frame:0
TX packets:9816553 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:957029076 (912.6 MiB) TX bytes:957029076 (912.6 MiB)





Internal Server Hostname

[root@rcjvcts ~]# hostname
rcjvcts.jubail.rc.gov
[root@rcjvcts ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:BF:76:9E
inet addr:10.10.40.154 Bcast:10.10.40.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:febf:769e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:154563353 errors:0 dropped:0 overruns:0 frame:0
TX packets:145114442 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19530828012 (18.1 GiB) TX bytes:16437554571 (15.3 GiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:421780 errors:0 dropped:0 overruns:0 frame:0
TX packets:421780 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:93336966 (89.0 MiB) TX bytes:93336966 (89.0 MiB)

[root@rcjvcts ~]#





ProxyPreserveHost On

# The IP and port of the JBoss Enterprise Application Platform
# These represent the default values, if your HTTPD is on the same host
# as your JBoss Enterprise Application Platform managed domain or server

# The location of the HTML files, and access control information
DocumentRoot /var/www
<Directory /var/www>
Options -Indexes
Order allow,deny
Allow from all
</Directory>

</VirtualHost>
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_http_module modules/mod_proxy_http.so

# Uncomment these to proxy FTP or HTTPS
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so

#<VirtualHost 194.36.164.161:8443>
<VirtualHost 10.10.40.154:8888>
DocumentRoot /var/www/html
ServerName cts.rcjubail.gov.sa
SSLEngine on
SSLCertificateFile /u01/certificates/certs/cts_rcjubail_gov_sa.crt
SSLCertificateKeyFile /u01/certificates/cts_rcjubail_gov_sa.key
SSLCertificateChainFile /u01/certificates/certs/DigiCertCA.crt
#ProxyPassReverse /edms http://10.10.40.154:8888/edms
#ProxyPass /edms http://10.10.40.154:8888/edms
ProxyPass /edms ajp://10.10.40.154:8888/edms
ProxyPassReverse /edms ajp://10.10.40.154:8888/edms
</VirtualHost>
<Location "/server-status">
SetHandler server-status
Require host cts.rcjubail.gov.sa
</Location>
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Mon 19 Sep '16 14:54    Post subject: Reply with quote
Do you still have a question?
Back to top
Saaim



Joined: 07 Sep 2016
Posts: 9
Location: Saudi Arabia, Jubail
PostPosted: Mon 19 Sep '16 19:01    Post subject: Verify the names Reply with quote
Thanks for ur kind support. Can u please verify the values like IPS and the host names since I am confused which Host name and IP should be placed where.
Internal node name is RCJVCTS
External node name is rcjvctsrp.
Can u please verify if the values are ok in the conf file.
Back to top


Reply to topic   Topic: Apache Reverse Proxy in DMZ and internal TOMCAT7 APPS Tier View previous topic :: View next topic
Post new topic   Forum Index -> Apache