Re: [cas-user] CAS 3.3.2 and Apache Reverse Proxy

Fri, 01 May 2009 09:16:23 -0700 

Micah,

Make sure you set the proxyName and proxyport in your Tomcat connector for
port 8009.  I use..

    <Connector port="8009"
               maxThreads="500" minSpareThreads="50"
connectionTimeout="100000"
               enableLookups="false" protocol="AJP/1.3"
               proxyName="myserver.mydomain" proxyPort="443" />

I also run two backend Tomcat servers, so I specify the jvmRoute as well..

<Engine name="Catalina" defaultHost="localhost" jvmRoute="tomcat01">

I configured the Apache virtual host like below..

        # Rewrite requests that are not for static files above to go to the
Tomcat
        # proxy balancer below.
        #
        RewriteEngine on
        RewriteRule ^/$ https://myserver.mydomain/cas/ [R]

        # Proxy balencer.  Send requests for /cas to backend Tomcat
instances.
        # Attempt to keep matching JSESSIONID cookies on the same instance.
        #
        ProxyPass /cas balancer://casCluster/cas
stickysession=JSESSIONID|jsessionid
        ProxyPassReverse /cas balancer://casCluster/cas
        <Proxy balancer://casCluster>
                Order deny,allow
                allow from all
                BalancerMember ajp://192.168.0.10:8009 route=tomcat01
                BalancerMember ajp://192.168.0.11:8009 route=tomcat02
        </Proxy>


I am not sure if this is the absolute best way to configure this with CAS,
but I put together this configuration from other articles online for using
Apache as a reverse proxy for Tomcat.  If anyone else has any
recommendations, I'd be happy to hear them.  This has been working well for
us though.

On Fri, May 1, 2009 at 12:16 AM, Micah Baker
<[email protected]>wrote:

> Hello,
>
> I have been scouring the web for information regarding the use of reverse
> proxy settings for CAS on an Apache web server to Apache Tomcat (I'm using
> Leopard Server).  I found this one from 2005 and another that says that this
> bug was fixed in CAS 3.2:
> http://tp.its.yale.edu/pipermail/cas/2005-August/001496.html.
>
> I am getting to my CAS login page but after I click the Login button I am
> redirected from https://myserver.mydomain/cas/login to
> https://cas/login?yadayada.  It appears that the fqdn is stripped out at
> some point.  Does anyone have any advice on correcting this?
>
> Thank you for your help,
>
> Best,
>
> Micah
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to