[
https://issues.apache.org/jira/browse/CMIS-500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13204733#comment-13204733
]
Gert Dewit edited comment on CMIS-500 at 2/9/12 6:54 PM:
---------------------------------------------------------
This seems a good strategy to me.
This filter can be used where the combination of the correct Apache reverse
proxy config and Tomcat RemoteIpValve is not possible (no Apache reverse proxy,
No Apache Tomcat).
The sample configs below can be used with an Apache HTTP Server based reverse
proxy and Apache Tomcat as backed server.
The published url for the application is https://www.frontend.org/cmis, the
Apache HTTP server handles https termination and it's IP address is
192.168.100.254.
httpd.conf snippet:
<Location /cmis>
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost
ProxyPass http://tomcat.backend.org:8080/cmis
ProxyPassReverse http://tomcat.backend.org:8080/cmis
</Location>
The ProxyPreserveHost directive will pass the Original Host HTTP header to the
proxied host, for this example www.frontend.org, which will be returned by
request.getServerName().
tomcat server.xml snippet:
<Valve
className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="192\.168\.100\.254"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"
/>
The valve will take care of binding the https scheme to the request.getScheme()
and 443 to request.getServerPort()
was (Author: gertux):
This seems a good strategy to me.
This filter can be used where the combination of the correct Apache reverse
proxy config and Tomcat RemoteIpValve is not possible (no Apache reverse proxy,
No Apache Tomcat).
The sample configs below can be used with an Apache HTTP Server based reverse
proxy and Apache Tomcat as backed server.
The published url for the application is https://www.frontend.org/cmis, the
Apache HTTP server handles https termination and it's IP address is
192.168.100.254.
httpd.conf snippet:
<Location /cmis>
ProxyPreserveHost
ProxyPass http://tomcat.backend.org:8080/cmis
ProxyPassReverse http://tomcat.backend.org:8080/cmis
</Location>
The ProxyPreserveHost directive will pass the Original Host HTTP header to the
proxied host, for this example www.frontend.org, which will be returned by
request.getServerName().
tomcat server.xml snippet:
<Valve
className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="192\.168\.100\.254"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"
/>
The valve will take care of binding the https scheme to the request.getScheme()
and 443 to request.getServerPort()
> AtomPubUtils: Take the X-Forwarded-Host and X-Forwarded-Proto request headers
> into account when calculating the baseUrl
> -----------------------------------------------------------------------------------------------------------------------
>
> Key: CMIS-500
> URL: https://issues.apache.org/jira/browse/CMIS-500
> Project: Chemistry
> Issue Type: Improvement
> Components: opencmis-server
> Affects Versions: OpenCMIS 0.7.0
> Reporter: Gert Dewit
> Assignee: Florian Müller
> Labels: patch
> Attachments: XForwardedHeaders.patch
>
>
> When the OpenCMIS server is deployed behind a reverse proxy, the service
> document doesn't return the correct URLs.
> If it takes the X-Forwarded-Host and X-Forwarded-Proto request headers into
> account when calculating the baseUrl the URLs are correct.
> A patch against revision 1241367 is attached.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
