1

I have Apache HTTPD server in our product and I need to add the AJP proxy to some specific application.

The Tomcat AJP port is 8009 and the Tomcat HTTP port is 8080 (the SSL termination is in Apache). This is the AJP proxy I need to configure.

<Directory /app>
    AuthType None
    Allow from all
    Satisfy any
    AllowOverride None
    Options None FollowSymLinks
</Directory>

<Proxy http://localhost:8080/app >
    AuthType None
    Allow from all
    Order Deny,Allow
    Satisfy any
    Options None FollowSymLinks
</Proxy>
ProxyPass /app ajp://localhost:8009/app
<Location /app>
        ProxyPassReverse ajp://localhost:8009/app
</Location>

Question: What should be configured in <Proxy … >? <Proxy http://localhost:8080/app > or <Proxy ajp://localhost:8009/app >

Added Clarification. The whole configuration contains the root configuration (see below).

I just need to add AJP proxy to some specific application.

<Directory />
    Deny from all
    Allow from localhost
    Order Deny,Allow
    AuthType Basic
    Require valid-user
    AllowOverride None
    Satisfy any
    Options None FollowSymLinks
</Directory>


<Proxy *>
    Deny from all
    Order Deny,Allow
    AuthType Basic
    Require valid-user
    Satisfy any
    Options None FollowSymLinks
</Proxy>
Michael
  • 597
  • 3
  • 9
  • 23

3 Answers3

3

OK, you have several misconceptions about Apache configuration that need correcting.

  1. <Directory> blocks refer to absolute file system paths. Not URI Paths or ones relative to the document root. When proxying, as mentioned by David Hutchinson, you should be using <Location> blocks instead.
  2. <Proxy> blocks are (almost) exclusively use to configure forward proxies, not reverse ones. Remove these blocks, you do not need them. Again, use <Location> blocks.
  3. Do not use ProxyPass or ProxyPassReverse inside <Location>. Although it is valid, it can complicate things. Simply use the two argument versions of these directive. Also, unless you have a reason not to, use trailing slashes in both these directives.

The order of the location blocks may need to be reversed (I can't remember off the top of my head the correct order), but start with something like:

ProxyPass /app/ ajp://localhost:8009/app/
ProxyPassReverse /app ajp://localhost:8009/app/

<Location />
  Order Allow,Deny
  Allow from localhost
  AuthType Basic
  Require valid-user
</Location>

<Location /app/>
  Allow from all
</Directory>

I have remove directives where they were the default.

Unbeliever
  • 2,336
  • 1
  • 10
  • 19
2

You don't need the "<Proxy" block at all to do what you are trying to achieve.

The ProxyPass and ProxyPassReverse directives are all you require. For readability I'd advise however to either stick both in the Location block, or neither.

If you need to configure different settings for your app path, for instance client certificate authentication, use a Location (or LocationMatch) block as you have already in your configuration.

David Hutchison
  • 238
  • 1
  • 2
  • 7
  • David, I need to configure proxy - see the updated question. Can you put the suggested configuration? You mean this? ` AuthType None Allow from all Satisfy any AllowOverride None Options None FollowSymLinks ProxyPass /app ajp://localhost:8009/app AuthType None Allow from all Order Deny,Allow Satisfy any Options None FollowSymLinks ProxyPassReverse ajp://localhost:8009/app ` – Michael Dec 23 '16 at 12:30
0

You can just use <Proxy *>. I think it will be good with this.

lazzio
  • 306
  • 1
  • 2
  • 11