1

I have a Java web app built with Spring MVC running on Tomcat proxied with Apache Httpd running on an EC2 instance at AWS and configured a load balancer with SSL.

The request

https://some_domain/first_uri

first goes to load-balancer, load-balancer redirects the connection to Apache as (https to http because SSL is configured for the load-balancer)

http://some_domain/first_uri

Apache redirects to the localhost (Tomcat).

When the controller for "/first_uri" makes a redirect like

redirect:https://sub.some_domain/some_uri

I see the result at browser as

https://localhost/first_uri

I just couldn't figure out what I must configure here, configure the Spring? configure the Apache HTTPD or the Load Balancer?

If someone faced the same issue please help.

Not: Also using Spring Security.

Not2: I just tried without SSL (using http) and the same thing happens, I think this is not related to the https usage.

Update: This problem may occur only where I try to redirect to a subdomain

Bahadir Tasdemir
  • 10,325
  • 4
  • 49
  • 61
  • So just to be clear you type this in the browser https://some_domain/first_uri and it gets redirected to https://localhost/first_uri ? – Piyush Patil Jul 21 '16 at 15:51
  • Yes you are right. Especially, I am requesting a different url, it redirects to some_domain/first_uri internally (by Spring security, to loginFormUrl set from security.xml) and the request stucks at there because that controller ("/first_uri") sends a redirect as "redirect:https://sub.some_domain/some_uri". – Bahadir Tasdemir Jul 22 '16 at 06:42
  • and results is "localhost/first_uri" – Bahadir Tasdemir Jul 22 '16 at 07:33

3 Answers3

2

The following worked for me:

In tomcat server.xml: (mostly at /opt/tomcat/conf/server.xml)

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443"
            proxyName="localhost"
            proxyPort="443"
            scheme="https"/>

Here proxyName is "localhost". Change proxyName to your required domain.

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443"
            proxyName="mydomain.com"
            proxyPort="443"
            scheme="https"/>

Refer: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Proxy_Support

Sahal
  • 278
  • 2
  • 10
0

Solution: ProxyPreserveHost must be turned off!

Reason: If it is switched on, the response headers returned by the proxy backend will contain “localhost” or the real domain without the port number (or 80). So the ProxyPassReverse pattern does not match (because of the different port and if another domain name is used, also the domain name will not match).

Config: 

<VirtualHost localhost:80>

   ProxyPreserveHost Off
   ProxyPass /  http://localhost:8080/WebApp/
   ProxyPassReverse / http://localhost:8080/WebApp/

</VirtualHost>

But this works only via http, not via ajp (I don’t know why). If you still want to use ajp you could use the following workaround - Let Apache do another redirect after the wrong redirect:

<VirtualHost localhost:80>

   ProxyPass /WebApp !
   ProxyPass /  ajp://localhost:8009/WebApp/
   ProxyPassReverse / ajp://localhost:8009/WebApp/

   RedirectMatch 301 ^/WebApp/(.*)$ /$1
   RedirectMatch 301 ^/WebApp$ /

</VirtualHost>

The ProxyPass /WebApp ! directive is needed to exclude the path from further processing in mod_proxy (because proxy directives are evaluated before redirect directives)

Then the RedirectMatch directives redirect everything stating with /WebApp/... respectively /WebApp to the URL without /WebApp at the beginning.

The only drawback is that you must not have any sub folder named WebApp in your web application

Piyush Patil
  • 14,512
  • 6
  • 35
  • 54
  • This didn't solve. I think my problem is different because I got another redirections inside code and they work well but maybe just redirection to subdomains like "redirect:sub.some_domain" causes a "localhost" in the url? – Bahadir Tasdemir Jul 22 '16 at 06:51
0

After viewing this answer, I set the below setting on my httpd.conf (at the end of the document):

ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

And after that configuration, spring started to redirect to the proper domain again :) I hope this will help to many like me, thanks to all!

Community
  • 1
  • 1
Bahadir Tasdemir
  • 10,325
  • 4
  • 49
  • 61