Home > General > Tomcat behind reverse proxy on Apache

Tomcat behind reverse proxy on Apache

January 23rd, 2008 Leave a comment Go to comments

If you have apache installed as your main http server you might want all requests to be handled by apache. But what if you want to have a standalone tomcat install? Well this is still possible by using apache’s mod_proxy. You might need to install it if you are running debian. Do some ‘apt-cache search apache proxy’ abracadbra and install mod_proxy if it is not already installed. You might even need to enable it with ‘a2enmod proxy’.

Edit your configuration (I added it to the sites-available/default) and add something like this:

    # Tomcat Proxy
    RedirectMatch ^/tomcat$ /tomcat/
    ProxyRequests Off
    ProxyVia Off
    ProxyPass /tomcat/ http://localhost:8082/
    ProxyPassReverse /tomcat/ http://localhost:8082/

You also might want add some access rules to make sure noone will be able to abuse your proxy (especially when running a forward proxy).

<proxy *:80>
Order deny,allow
Deny from all
</proxy>
<proxy *:8080>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</proxy>

This should do the trick (after reloading apache of course, /etc/init.d/apache2 reload). The redirectmatch will make sure that users that reach http://serveraddress/tomcat will be redirected to http://serveraddress/tomcat/ because otherwise they would not reach the page.
The proxypass points to /tomcat/ note the trailing slash. If you omit the trailing slash your images will not load correctly. port 8082 is tomcat’s proxy port which will allow proxied connect calls.

You can use the same trick for any other webserver you have running on another port. (webmin, azureus web html, etc)

  1. gd
    April 18th, 2008 at 03:28 | #1

    Thank-you. I needed the redirectmatch. Thought I had it figured out, but found the trailing slash problem trying to get to tomcat’s /examples/jsp and /examples/servlets.

    I also started using the /tomcat/ for the proxy path. But I found I needed to use mod_proxy_html to get things working right as all the java apps wanted to be relative /. So now I just proxy each app:

    RedirectMatch ^/jira$ /jira/
    ProxyPass /jira/ http://:8080/jira/
    ProxyPassReverse /jira/ http://:8080/jira/

    Have to update the httpd.conf every time I add a java app. But I don’t need to use mod_proxy_html anymore. Did I miss a trick that would let me use /tomcat/ without mod_proxy_html?

  1. No trackbacks yet.

Time limit is exhausted. Please reload CAPTCHA.