apache reverse proxy - how to hide internal network

Question

my scenario is this: I have a machine with Apache 2.2 configured as reverse proxy and another machine on which there is Apache Tomcat7 listening on port 8080.

My objective is to make internet users accessing a resource "am" (deployed on Tomcat) WITHOUT using IP address of the Tomcat machine but only contacting the reverse proxy.

So far I set httpd.conf of the reverse proxy:

ProxyPass /am http://tomcat_server.com:8080/am ProxyPassReverse /am http://tomcat_server.com:8080/am

But the problem is that the reverse proxy tells the users to contact tomcat_server but of course tomcat_server is a private IP and cannot be accessed by internet users.

How does it "tell the user"? HTML? Redirect? – covener Aug 30 '13 at 22:05 — covener, Aug 30 '13 at 22:05

score 1 · Answer 1 · answered Apr 26 '18 at 15:21

In your Tomcat server.xml config file,

edit the http Connector to include attributes: proxyPort, proxyName - such that it resembles:

<Connector
 port="8080"
 protocol="HTTP/1.1"
 connectionTimeout="20000"
 redirectPort="8443"
 proxyPort="80"
 proxyName="url.domain.clients.use.for.your.webapp"
 />

proxyPort="80" -- makes Tomcat return data to your Apache proxy
proxyName="url.domain.clients.use.for.your.webapp" -- makes Tomcat return the url to Apache proxy that your user clients should process, instead of tomcat_server.com which they can't access

Here are some older Tomcat docs that mention it:

proxyName

If this Connector is being used in a proxy configuration, configure this attribute to specify the server name to be returned for calls to request.getServerName(). See Proxy Support for more information.

Proxy Support

The proxyName and proxyPort attributes can be used when Tomcat is run behind a proxy server. These attributes modify the values returned to web applications that call the request.getServerName() and request.getServerPort() methods, which are often used to construct absolute URLs for redirects. Without configuring these attributes, the values returned would reflect the server name and port on which the connection from the proxy server was received, rather than the server name and port to whom the client directed the original request.

I worked through a similar need, with having Tomcat listen only on its localhost:

How can Tomcat 9 Connector listening 127.0.0.1 reverse proxy to Win. Apache 2.4 with private ServerName

score 0 · Answer 2 · answered Aug 30 '13 at 22:06

0

If your problem is references to the origin server in HTML, check out mod_proxy_html or mod_substitute.

answered Aug 30 '13 at 22:06

covener

17,402
2
31
45

apache reverse proxy - how to hide internal network

2 Answers2