Proxy tomcat urls to map a host request to a path - redirect

how, if possible, can I redirect a request for a hostname to a specific subdirectory of one of the deployed apps?
E.g., I wish to forward
http://host.com
to
http://host.com/app/path
It is however possible to redirect to a specific application on tomcat, e.g.,
<Host name="host.com" appBase="webapps">
<Context path="/" docBase="webapps/app" debug="6"/>
</Host>
But I've never managed to redirect it to a subpath of an application. I'd fancy a tomcat-only approach over using an external mod_proxy with apache2 to achieve this.

This worked for me by changing path to "" (i.e. making it default web app for the Host)
<Host name="host.com" appBase="webapps">
<Context path="" docBase="webapps/app" debug="6"/>
</Host>
It serves static files correctly, but my JSTL fails now.
Anyways, can you try?

This does not seem possible. Final solution was to use mod_proxy of Apache2 to proxy the request.

Related

Get content from local server when accessing a custom local url (http://localost:8080 from http://localhost/testing)

I apologize if i'm being vague, but i don't know how to ask in more technical terms.
I have a server running on my local machine on a random (known) port. I started it with python -m SimpleHTTPServer 8080. I want to be able to type http://localhost/testing or any url (if the solution is simpler) and get that content that's served on the above mentioned port. The url i'm accessing needs to be <something/somethingelse> (have a slash in there). Reason being, i'm doing some url manipulation and need to test different scenarios.
ex: server is serving content on http://localhost:8080 - i want to type http://localhost/testing in the browser url and get whatever's served on localhost:8080.
I couldn't do it with hosts mapping. I'm on a mac.
The question would be much clearer if you used complete URLs. I'm guessing what you're asking for is a redirect or a proxy:
From http://localhost/testing
To: http://localhost:8080
The solution would be to install a web server (separate from the python SimpleHTTPServer) that is configured to listen on port 80 and redirect based on URL path, e.g.
if URL path == /testing,
then redirect to http://localhost:8080
Depending on your platform, you might use nginx (linux/macos) or IIS (windows). You might even be able to use nginx on Windows if you're using WSL. Instructions for installing and configuring those packages.
Configuring a simple redirect is far easier than a proxy.

Wildfly HTTP-only redirect

Quick and dirty fix needed here if possible...
We've been running a bunch of REST services on a Wildfly installation for a few years. The server isn't for public use -- on the main https://ourserver.com page we have a redirect which points wandering users to our main website. It's a very simple standalone config.
But the server has always been HTTPS only. And now thanks to a domain reshuffle, we need to make it possible for users who go to http://ourserver.com without SSL to hit the redirect to ourserver.net. So we basically need to expose just the welcome-content directory on this server over the "http" interface (which was previously firewalled off), while not letting non-SSL users reach any of the webservice subdirectories.
What's the simplest way to ensure that accessing any URL via plain HTTP gets redirected?
You can try adding a filter to the standalone.xml under the subsystem urn:jboss:domain:undertow:4.0
e.g. for http (8080) to https (8443), it would be:
<filter-ref name="http-to-https" predicate="equals(%p,8080)"/>
under the tag filters, you add it:
<rewrite name="http-to-https" target="https://myhttpsurl.com:8443%U" redirect="true"/>

Redirect request from port 443 to some other port in IIS

I have created a web site in IIS and hosted a ASP.NET webservice on this site. The requests to the webservice will be send by a 3rd party application to the following URL:
https://www.mywebsite.com/MyWebservice/api/dosomething
When I set the HTTPS binding for my website to default port 443 everything works fine (no certificate problems or anything else).
But because the default port 443 may be blocked by other software I want to move to another port (for example 7443). Changing the calling URL to add the correct port is no option, because the port may be differ from customer to customer (could happen, that we have to move to port 6443 or 8443).
First question:
Do I have to change my HTTPS binding to port 7443 or leave it on port 443? I think I have to change it to port 7443.
Second question:
I installed the module "URL Rewrite" and create a rule in applicationHost.config with the GUI of IIS. But everytime a request comes in I will get an error "net::ERR_CONNECTION_REFUSED". I've created an incoming firewall rule to enable port 7443 for incoming traffic, but no success.
My rule in applicationHost.config looks like following:
<rewrite>
<globalRules>
<rule name="Redirect to port 7443" stopProcessing="true">
<match url="www.mywebsite.com/(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{SERVER_PORT}" pattern="^7443$" negate="true" />
</conditions>
<action type="Redirect" url="https://www.mywebsite.com:7443/{R:1}" />
</rule>
</globalRules>
</rewrite>
I found the rule in this question: How do I redirect a specific port in the IIS server to an other port
I also used the rule in the answer to the above question, but without success.
If I enter the blank URL of my website (https://www.mywebsite.com) the browser told me, that the website is not reachable. If I extend the port ((https://www.mywebsite.com:7443) the browser shows by "Hello world" index.html.
Third question: On which level do I have to add the "URL Rewrite" rule (applicationHost.config, web.config of web site or web.config of webservice)? I just want to redirect the requests to my web site / webservice to a different port.
I hope someone could help me with this problem.
Best Regards
Michael
Do I have to change my HTTPS binding to port 7443 or leave it on port 443? I think I have to change it to port 7443.
As lex says, we could bind multiple domain to the same 443 port. The IIS will check the domain when the request come to the server, then it will redirect the request to the right application. In my opinion, there is no need to use the new port.
To achieve this, you should add the domain in the IIS site binding's host name textbox.
I installed the module "URL Rewrite" and create a rule in applicationHost.config with the GUI of IIS. But everytime a request comes in I will get an error "net::ERR_CONNECTION_REFUSED". I've created an incoming firewall rule to enable port 7443 for incoming traffic, but no success.
I found your url rewrite rule match url value is wrong, it will not match anything. The match url part will only match pattern of the url not the domain.
Besides, if you use the site binding, there is no need to add the url rewrite rule.
On which level do I have to add the "URL Rewrite" rule (applicationHost.config, web.config of web site or web.config of webservice)? I just want to redirect the requests to my web site / webservice to a different port.
In my opinion, you could add the url rewrite rule into the web.config. For example, if you want to redirect the url from 443 port to 7743. You could add the url rewrite rule into the 443's application web.config file.

How to configure JBoss EAP (6.4.x) for a combined HTTP/HTTPS reverse proxy?

Our application runs in a JBoss EAP 6.4. Our development setup provides JBoss instance running in HTTP mode on port 8080 and a reverse proxy with both HTTP (port 9090) and HTTPS (port 9443) endpoints to help test different scenarios.
A problem arises when I try to use "current" URL by injecting the UriInfo into my request handlers. The scheme part of the URI inside is always dependent on the scheme attribute of the connector setting in the standalone.xml and not on the actual used scheme. So for example, if I call https://localhost:9443 and http://localhost:9090 when connector's scheme is set to https, both URLs are converted to HTTPS, i.e. https://localhost:9443 but also https://localhost:9090. If I switch connector's scheme to http, both URLs change to HTTP. Needless to say, X-Forwarded-Proto is also ignored.
Is there a way to make JBoss behave more like most other application servers, i.e. without making any assumptions about used environment and especially reverse proxies and load balancers?
RemoteIpValve should do everything you need.
Source code from the JBossWeb 7.5.20 (EAP 6.4.20):
http://anonsvn.jboss.org/repos/jbossweb/tags/JBOSSWEB_7_5_20_FINAL/src/main/java/org/apache/catalina/valves/RemoteIpValve.java
Here's more readable documentation at the upstream Apache Tomcat 7.0 project website:
https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html
The minimum config in your case would be the following global valve configuration in the web subsystem:
<valve name="remoteip-valve" module="org.jboss.as.web" class-name="org.apache.catalina.valves.RemoteIpValve">
<param param-name="protocolHeader" param-value="X-Forwarded-Proto"/>
</valve>
This would set the scheme based on the value of the X-Forwarded-Proto header.
For https it would also set the secure flag to true and port to 443.
Since you seem to require the HTTPS port to be set to 9443, you can do it via additional httpsServerPort parameter (and I think you'll also need to set the httpServerPort to 9090 as you mention above, because the RemoteIpValve would override it to 80 otherwise), e.g.
<valve name="remoteip-valve" module="org.jboss.as.web" class-name="org.apache.catalina.valves.RemoteIpValve">
<param param-name="protocolHeader" param-value="X-Forwarded-Proto"/>
<param param-name="httpServerPort" param-value="9090"/>
<param param-name="httpsServerPort" param-value="9443"/>
</valve>
And you can do more with that valve if you need, just check the documentation for more details.
It's also briefly described for example here (RH login required): https://access.redhat.com/solutions/629863
BTW If you'd be able to use the AJP protocol (from the proxy to the app. server) instead, this wouldn't be needed as AJP is designed for these cases and all the required information should be transferred to the app. server pretty much transparently.

Advanced Tweak on Undertow-handlers.conf for http https redirect

I use WildFly behind an AWS load balancer. I want the Undertow server in WildFly to redirect http traffic to https, and I can do this mostly successfully with the following line placed in undertow-handlers.conf:
equals('http', %{i,X-Forwarded-Proto}) -> redirect(https://app.server.com%U)
Thanks to these folks for getting me this far! Now here's my desired tweak. Sometimes I run my web application behind a testing load balancer using 'dev.server.com' and sometimes I run it behind a production load balancer using 'app.server.com.' Currently, I have to remember to manually edit undertow-handlers.conf any time I switch balancers. I'm hoping there is a way to change the hard-coded 'dev' and 'app' to something mechanical. Is there a way to tell Undertow to just use the domain name that was originally requested?
Thanks.
Thankfully the undertow configuration gives you access to the request headers via Exchange Attributes, which you're already using to access the X-Forwarded-Proto header. So the solution is to simply use the Host header from the request like so:
equals('http', %{i,X-Forwarded-Proto}) -> redirect(https://%{i,Host}%U)
If you want to keep it as part of the deployment try using the %h in the redirect expressions. For example:
equals('http', %{i,X-Forwarded-Proto}) -> redirect(https://%h%U)
Another option would be to configure the server to handle the redirect for you. The CLI commands would look something like the following assuming the default ports of 8080 for http and 8443 for https.
/subsystem=undertow/configuration=filter/rewrite=http-to-https:add(redirect=true, target="https://%h:8443%U")
/subsystem=undertow/server=default-server/host=default-host/filter-ref=http-to-https:add(predicate="equals(%p, 8080)")
You can see all the possible exchange attributes in the Undertow documentation.