CODEWITHSUNDEEP
javaapachetomcat
Mercer
Mercer

Reputation: 9986

Fronting Tomcat with Apache HTTP Server

Apache Tomcat server.xml:

<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
           port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
     This connector uses the NIO implementation that requires the JSSE
     style configuration. When using the APR/native implementation, the
     OpenSSL style configuration is required as described in the APR/native
     documentation -->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" />
-->

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" address="127.0.0.1" enableLookups="false" protocol="AJP/1.3" redirectPort="8443" />

Apache Http Server httpd.conf :

cd /path/to/apache/config

LoadModule proxy_module       modules/mod_proxy.so       
LoadModule proxy_ajp_module   modules/mod_proxy_ajp.so
ProxyRequests Off
<Proxy *>
        Order deny,allow
        Deny from all
        Allow from localhost
</Proxy>
ProxyPass       / ajp://127.0.0.1:8009/ retry=0
ProxyPassReverse    / ajp://127.0.0.1:8009/ retry=0

When i do http://[ip]/[app_name] i have this error:

Forbidden

You don't have permission to access /[app_name] on this server.

Why ?

Upvotes: 0

Views: 774

Answers (1)

Olaf Kock
Olaf Kock

Reputation: 48057

Your configuration states

<Proxy *>
        Order deny,allow
        Deny from all
        Allow from localhost
</Proxy>

Guess the meaning of Deny and Allow. Your configuration should work if you are coming from the same server and use localhost as your address. Careful if you use the IP address: Often localhost is no longer mapped to 127.0.0.1, but to ::1, its IPV6 equivalent.

Edit: Remove this block and try if it works then.

Note that Stackoverflow is for programming related questions, this is rather server administration, so it might be better on https://serverfault.com/ - I'm voting to transfer it over to that site. There people might be able to go further - e.g. give hints to not open up a reverse proxy for everybody everywhere on the internet.

Upvotes: 1

Related Questions