CODEWITHSUNDEEP
apachetomcatdockerpentahoreverse-proxy
random_hero
random_hero

Reputation: 11

Pentaho + apache Reverse Proxy + proxy SSL integration

I have a problem with merging pentaho docker container into our internal infrastructure.

Overview: Domain proxy is listening on port 443 (handles SSL and LDAP auth), and redirecting traffic to apache reverse proxy (standing as docker service in swarm with overlay network). The reverse proxy is redirecting requests to the pentaho container (also docker service in same swarm as reverse proxy).

Config: (only relevant lines) Domain proxy (not managed by us): listens on 443 and redirects to reverse proxy docker container Reverse Proxy: Listen 80

<VirtualHost    *:80>
    ServerAlias     reverse-proxy
    ServerName      reverse-proxy
#pentaho redirect
<Location "/application/pentaho">
    ProxyPass               "ajp://pentaho_host:8009/application/pentaho" ttl=480
    ProxyPassReverse        "ajp://pentaho_host:8009/application/pentaho"
</Location>

Pentaho Container:

Pentaho runs with changed context with following settings:

system/server.properties file:

fully-qualified-server-url=https://example.com/application/pentaho

Tomcat config:

tomcat/conf/server.xml:

<Connector URIEncoding="UTF-8" port="8009" protocol="AJP/1.3" redirectPort="8443"
#Without ProxyName and ProxyPort tomcat redirects all app buttons to http://localhost:8009/
ProxyName="example.com"
ProxyPort="443" />

context change

<Host name="localhost"  appBase="webapps"
unpackWARs="true" autoDeploy="true">
    <Context path="/application/pentaho" debug="0" docBase="pentaho" />
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
</Host>

The problem here is, that when I access https://example.com/application/pentaho, I get the pentaho login page (https://example.com/application/pentaho/Login), and after I login with proper credentials I get redirected to same login page again (with ;JSESSION 32IBN4O1I23N21OI3...), But in console I can see that after login, request passed j_spring_security_check (HTTP 302 OK), then it gets to https: //example.com/application/pentaho/Home .... (also with HTTP 302 Found) and then back to login...

Access log:

x.x.x.x - - [21/Sep/2017:15:11:49 +0000] "GET /application/pentaho/Login HTTP/1.1" 200 7208
x.x.x.x - - [21/Sep/2017:15:11:49 +0000] "GET /application/pentaho/webcontext.js HTTP/1.1" 200 4472
x.x.x.x - - [21/Sep/2017:15:11:49 +0000] "GET /application/pentaho/content/sparkl/resources/sparkl-require-js-cfg.js HTTP/1.1" 200 1525
x.x.x.x - - [21/Sep/2017:15:11:49 +0000] "GET /application/pentaho/content/client-config-folder-enabler/client-config-enabler-require-js-cfg.js HTTP/1.1" 200 1019
x.x.x.x - - [21/Sep/2017:15:11:49 +0000] "GET /application/pentaho/js/themes.js HTTP/1.1" 200 1346
x.x.x.x - - [21/Sep/2017:15:11:49 +0000] "GET /application/pentaho/CacheExpirationService HTTP/1.1" 200 1161
x.x.x.x - - [21/Sep/2017:15:11:52 +0000] "POST /application/pentaho/j_spring_security_check HTTP/1.1" 302 -
x.x.x.x - - [21/Sep/2017:15:11:52 +0000] "GET /application/pentaho/Home;jsessionid=09D72F59187B02D027D4313EBDA645EA HTTP/1.1" 200 4928
x.x.x.x - - [21/Sep/2017:15:11:52 +0000] "GET /application/pentaho/Home?locale=en_US HTTP/1.1" 302 -
x.x.x.x - - [21/Sep/2017:15:11:52 +0000] "GET /application/pentaho/Login;jsessionid=B9B10CD32A3CD832C87243A5610C3B09 HTTP/1.1" 200 7301
x.x.x.x - - [21/Sep/2017:15:11:52 +0000] "GET /application/pentaho/webcontext.js HTTP/1.1" 200 4472

and over and over again...

Do you guys know what can be misconfigured here ?

Upvotes: 1

Views: 1915

Answers (1)

ChoCho
ChoCho

Reputation: 489

You need to add pentaho-style reverse proxy directives:

<Location "/application/pentaho-style">
    ProxyPass               "ajp://pentaho_host:8009/application/pentaho-style" ttl=480
    ProxyPassReverse        "ajp://pentaho_host:8009/application/pentaho-style"
</Location>

and voila! :D

Upvotes: 1

Related Questions