프록시, Apache, Tomcat-VHosts


4

다음과 같이 설정했습니다.

인터넷-라우터-[DMZ]-pfsense-웹 서버

router =jenky plastic cheap-o router (나의 멋진 mikrotik / routerboard는 죽었다). pfsense의 IP 주소가 DMZ로 설정되어 있습니다.

pfsense =기본 방화벽과 프록시 / 역 프록시를 수행합니다. 프록시는 방화벽 뒤의 올바른 웹 서버로 URL을 전달하기위한 것입니다.

webserver =httpd (apache) 및 tomcat6을 실행하는 centos 상자 (yum과 별도로 설치되지만 다른 시간에 설치되므로 apache + tomcat이 아닙니다).

이 특정 웹 서버에서 여러 웹 사이트가 실행되며 아파치의 가상 호스트가 처리합니다.

ex: http://www.somesite.com, http://www.mysite.com, etc

Tomcat은 확장 / mywebapp의 포트 8080에서 앱을 실행합니다.

ex: http://www.somesite.com:8080/mywebapp

pfsense아파치가 제공하는 웹 사이트의 모든 하위 도메인을 올바른 호스트로 전달 하도록 모든 것을 적절하게 구성 했습니다.

가상 호스트 구성을 포함하도록 /etc/httpd/conf/httpd.conf를 구성했습니다.

<VirtualHost *:80>
    ServerName mywebapp.somesite.com
    ProxyPass / http://www.somesite.com:8080/mywebapp
    ProxyPassReverse / http://www.somesite.com:8080/mywebapp
    ProxyRequests Off
    <Proxy http://www.somesite.com:8080/mywebapp*>
        Order deny,allow
        Allow from all
    </Proxy>
    ErrorLog logs/mywebapp.somesite.com-error_log
    CustomLog logs/mywebapp.somesite.com-access_log common
</VirtualHost>

내 tomcat6 server.xml파일 을 수정 하고 proxyNameand 를 포함하도록 첫 번째 커넥터를 변경했습니다 proxyPort.

<!-- A "Connector" represents an endpoint by which requests are received
    and responses are returned. Documentation at :
    Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
    Java AJP  Connector: /docs/config/ajp.html
    APR (HTTP/AJP) Connector: /docs/apr.html
    Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           proxyName="mywebapp.somesite.com"
           proxyPort="8080"
           redirectPort="8443" URIEncoding="UTF-8"/>

내가 무엇을 시도하든 mywebapp.somesite.com브라우저에 넣으면 로 리디렉션됩니다 mywebapp.somesite.com:8080/mywebapp.

mywebapp.somesite.com브라우저 주소 표시 줄 에 액세스하고 싶습니다 . 이렇게하면 URL 게시가 훨씬 친숙해집니다.

난 이미 구성 CNAME의를 DNS위해 mywebapp.

www.somesite.com 이것에 영향을받지 않습니다.

에 대한 로그는 httpdtomcat6에 대한 로그는 아무것도 보여주지 ...보고 정상입니다. www.somesite.com:8080/mywebapp다른 웹 사이트와 함께 작동 하기 때문에 요청이 올바른 상자에 닿는 것을 알고 있습니다.

iptables비활성화되어 SELinux있습니다.

내가 뭘 잘못하고 있죠? 조언 부탁드립니다.

UPDATE:ProxyPreserveHost On의견 중 하나에 따라 vhost 설정을 추가하려고 시도 했지만 주사위는 없습니다. 이 줄이 추가되고 아파치와 바람둥이가 다시 시작되면 mywebapp.somesite.comnor에 갈 수 없습니다 www.somesite.com:8080/mywebapp. 기본적 으로이 구성을 추가하면 mywebapp에 전혀 액세스 할 수 없지만 여전히 실행 중이라는 것을 알고 있습니다.

UPDATE 2:서버에서 가져온 tcpdump 추가 pfsense(proxy) 에서 (으) 로 전달되는 첫 번째 연결을 보여줍니다 webserver.

192.168.0.1 == pfsense
192.168.1.1 == webserver
192.168.2.1 == "internet"

192.168.0.1 > 192.168.1.1
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: mywebapp.somesite.com
DNT: 1
Via: 1.1 proxy.somecompany.com (squid/3.1.20)
X-Forwarded-For: 192.168.2.1
Cache-Control: max-age=259200

192.168.1.1 > 192.168.2.1
GET /mywebapp HTTP/1.1
Host: www.somesite.com:8080
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Via: 1.1 proxy.somecompany.com (squid/3.1.20)
X-Forwarded-For: 192.168.2.1, 192.168.0.1
Cache-Control: max-age=259200
X-Forwarded-Host: mywebapp.somesite.com
X-Forwarded-Server: mywebapp.somesite.com
Connection: Keep-Alive

192.168.2.1 > 192.168.1.1
GET /mywebapp HTTP/1.1
Host: www.somesite.com:8080
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Via: 1.1 proxy.somecompany.com (squid/3.1.20)
X-Forwarded-For: 192.168.2.1, 192.168.0.1
Cache-Control: max-age=259200
X-Forwarded-Host: mywebapp.somesite.com
X-Forwarded-Server: mywebapp.somesite.com
Connection: Keep-Alive

192.168.1.1 > 192.168.2.1
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://mywebapp.somesite.com:8080/mywebapp/
Content-Length: 0
Date: Thu, 04 Apr 2013 05:14:44 GMT

192.168.2.1 > 192.168.1.1
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://mywebapp.somesite.com:8080/mywebapp/
Content-Length: 0
Date: Thu, 04 Apr 2013 05:14:44 GMT

192.168.1.1 > 192.168.0.1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 04 Apr 2013 05:14:44 GMT
Server: Apache-Coyote/1.1
Location: http://mywebapp.somesite.com:8080/mywebapp/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

192.168.2.1 > 192.168.1.1
GET /mywebapp/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: mywebapp.somesite.com:8080

192.168.1.1 > 192.168.2.1
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Encoding: gzip
Expires: 0
Cache-Control: no-cache,must-revalidate
X-App-Theme: default
Set-Cookie: JSESSIONID=81CE83D61454A8E75C222759FA118338; Path=/mywebapp
X-App: 1.395
X-App2: 1.508
X-App2-Session: e797c95b
X-App-CLI-Port: 36143
X-App2-CLI-Port: 36143
X-App2-CLI2-Port: 36143
X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEfz8W2LiYRfrJQYH35uwtgQBpy0g6bTvBaTuARRpVLUmi+lnEfD/nVJY4GJoSfGzgnJAQ3MSqX+e1F4y2Jg5hwa2L0jibpb//BbfIMZkYZk8CtLMrkGvLC1nB7sghXupWOUOhWnzFq+a+LHSANNqfaMs9k6xJI6rvwIDAQAB
Content-Type: text/html;charset=UTF-8
Content-Length: 3879
Date: Thu, 04 Apr 2013 05:14:44 GMT

192.168.2.1 > 192.168.1.1
GET /mywebapp/static/e797c95b/css/style.css HTTP/1.1
Accept: text/css
Referer: http://mywebapp.somesite.com:8080/mywebapp/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: mywebapp.somesite.com:8080
DNT: 1
Connection: Keep-Alive
Cookie: JSESSIONID=81CE83D61454A8E75C222759FA118338

192.168.1.1 > 192.168.2.1
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Mon, 25 Mar 2013 20:17:34 GMT
Expires: Fri, 04 Apr 2014 05:14:44 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Type: text/css
Content-Length: 5763
Date: Thu, 04 Apr 2013 05:14:44 GMT

192.168.2.1 > 192.168.1.1
GET /mywebapp/static/e797c95b/css/color.css HTTP/1.1
Accept: text/css
Referer: http://mywebapp.somesite.com:8080/mywebapp/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: mywebapp.somesite.com:8080
DNT: 1
Connection: Keep-Alive
Cookie: JSESSIONID=81CE83D61454A8E75C222759FA118338

나는 이것을 대략 다음과 같이 해석합니다.

browser (internet) --> request hits router --> passes DMZ --> hits pfsense...

pfsense > webserver: Uh, here's this HTTP request... for a mywebapp.somesite.com? Do we know a mywebapp.somesite.com?
webserver > internet: Sup, I heard you were looking for some HTTP? I've got some mywebapp.somesite.com.
internet > webserver: Ya, I head about you. Gimme somea dat mywebapp.somesite.com.
webserver > internet: Ha, just kidding, man. I've really got some mywebapp.somesite.com:8080/mywebapp, you dig?
internet > webserver: WTF? Are you serious!?
webserver > pfsense: Dude, I told you we needed more mywebapp.somesite.com, this guy's pissed!
internet > webserver: Hmm... OK, just give me what ya got of mywebapp.somesite.com:8080/mywebapp. I dig.
webserver > internet: Phew! If you dig, I dig... you dig? Here's some HTTP.
internet > webserver: Ah ya, now we're talking. Gimme some more of that /mywebapp/static/.../style.css from Referer: http://mywebapp.somesite.com:8080/mywebapp
webserver > internet: Take it in my man, take it all in. It's all OK.
internet > webserver: Alright, gimme some more of that /mywebapp/static/.../color.css from Referer: http://mywebapp.somesite.com:8080/mywebapp
etc, etc, etc...
당사 사이트를 사용함과 동시에 당사의 쿠키 정책개인정보 보호정책을 읽고 이해하였음을 인정하는 것으로 간주합니다.
Licensed under cc by-sa 3.0 with attribution required.