RE: RemoteHostValve for infinite domains?
*** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. ---BeginMessage--- The OP doesn't mention if dev and demo resolve to different IPs, but if they do, then this can be resolved in multiple ways. The easiest is probably multiple instances of Tomcat. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, April 01, 2010 12:24 PM To: Tomcat Users List Subject: Re: RemoteHostValve for infinite domains? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dean, On 4/1/2010 10:37 AM, Dean Hiller wrote: So, xxx.dev.premonitionx.com will go be routed to Engine defaultHost=dev.premonitionx.com Yes. But, requests to xxx.demo.premonitionx.com will also go to that Host as well. I thin the only way to get around writing many Alias entries in server.xml is to either use something like Apache httpd + mod_jk to perform routing to the correct backend Tomcat server, or to modify the Tomcat code that does Host picking and use String.endsWith() instead of String.equals() to perform the matching. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAku01r4ACgkQ9CaO5/Lv0PAMyACfVCfVxrnP8PE4uV6N1vN3Ixkm nLYAn0IXKxF7Pwxw/GbFbcaVOB63dBHG =77d2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ---End Message--- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteHostValve for infinite domains?
Dean, --- On Wed, 3/31/10 at 10:53 PM, Dean Hiller dean.hil...@gmail.com wrote: allow=.*\.dev\.premonitionx\.com/ I haven't used this TC feature but it wouldn't hurt to try: allow=*\.dev\.premonitionx\.com / - Bob - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteHostValve for infinite domains?
On 01/04/2010 06:53, Dean Hiller wrote: I added this(I want it to use my requirements.war file for any requests to .dev.premonitionx.com where is infinite combinations all of which point to one single ip of course. I have another Host for .demo.premonitionx.com as well with infinite combinations again. This does not seem to be working though... Host name=dev.premonitionx.com appBase=zrequirements unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.RemoteHostValve allow=.*\.dev\.premonitionx\.com/ /Host Do I have this wrong? How do I get this to work? Does the name need to match the allow or something? It is *Remote*HostValve so it acts on the host name of the client, not the http host header. You want wildcard matching in a host alias and that isn't supported at the moment. It has been discussed a few times (see the dev archives) but there are performance concerns. If the performance concerns can be overcome, it is a possible feature addition for Tomcat 7. Fancy writing a patch? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteHostValve for infinite domains?
Dean Hiller wrote: I added this(I want it to use my requirements.war file for any requests to .dev.premonitionx.com where is infinite combinations all of which point to one single ip of course. I have another Host for .demo.premonitionx.com as well with infinite combinations again. This does not seem to be working though... Host name=dev.premonitionx.com appBase=zrequirements unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.RemoteHostValve allow=.*\.dev\.premonitionx\.com/ /Host Do I have this wrong? How do I get this to work? Does the name need to match the allow or something? It looks like you are confusing to and from. The above would only allow access *to* your server *from* remote clients whose IP address, when resolved by a reverse DNS lookup done by your server, matches a hostname like .*\.dev\.premonitionx\.com. In other words, as done above, it is the *clients* which are expected to be in the domain .dev.premonitionx.com. Re-read http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteHostValve for infinite domains?
Dean Hiller wrote: I added this(I want it to use my requirements.war file for any requests to .dev.premonitionx.com where is infinite combinations all of which point to one single ip of course. I have another Host for .demo.premonitionx.com as well with infinite combinations again. This does not seem to be working though... Host name=dev.premonitionx.com appBase=zrequirements unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.RemoteHostValve allow=.*\.dev\.premonitionx\.com/ /Host Do I have this wrong? How do I get this to work? Does the name need to match the allow or something? I may add that with the kind of hostnames you are using, there should not be any special configuration necessary. Should not the Tomcat host be able to figure out in advance which client is going to send a request to which host, and set itself up automatically ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: RemoteHostValve for infinite domains?
From: Bob Hall [mailto:rfha...@yahoo.com] Subject: Re: RemoteHostValve for infinite domains? I haven't used this TC feature but it wouldn't hurt to try: allow=*\.dev\.premonitionx\.com / Please explain how that parses, since the allow string uses regular expression syntax, not wildcards (hence the need for the \. to match a period). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteHostValve for infinite domains?
On 01/04/2010 06:53, Dean Hiller wrote: I added this(I want it to use my requirements.war file for any requests to .dev.premonitionx.com where is infinite combinations all of which point to one single ip of course. I have another Host for .demo.premonitionx.com as well with infinite combinations again. This does not seem to be working though... Host name=dev.premonitionx.com appBase=zrequirements unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.RemoteHostValve allow=.*\.dev\.premonitionx\.com/ /Host Do I have this wrong? How do I get this to work? Does the name need to match the allow or something? Remove the valve and set: Engine defaultHost=dev.premonitionx.com All requests to unknown hosts will be directed to that Host. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteHostValve for infinite domains?
So, xxx.dev.premonitionx.com will go be routed to Engine defaultHost=dev.premonitionx.com I will give that a try tonight then. If it doesn't, I guess I would have to write a patch. I need this feature to badly to be able to do companyname.premonitionx.com for any companies that register. thanks!!! Dean On Thu, Apr 1, 2010 at 7:52 AM, Pid p...@pidster.com wrote: On 01/04/2010 06:53, Dean Hiller wrote: I added this(I want it to use my requirements.war file for any requests to .dev.premonitionx.com where is infinite combinations all of which point to one single ip of course. I have another Host for .demo.premonitionx.com as well with infinite combinations again. This does not seem to be working though... Host name=dev.premonitionx.com appBase=zrequirements unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.RemoteHostValve allow=.*\.dev\.premonitionx\.com/ /Host Do I have this wrong? How do I get this to work? Does the name need to match the allow or something? Remove the valve and set: Engine defaultHost=dev.premonitionx.com All requests to unknown hosts will be directed to that Host. p
Re: RemoteHostValve for infinite domains? Patch submit question...
hmmm, I don't think Engine worksaccording to http://tomcat.apache.org/tomcat-5.5-doc/config/engine.html Exactly one *Engine* element MUST be nested inside a Servicehttp://tomcat.apache.org/tomcat-5.5-doc/config/service.htmlelement I need twoone for requests .domain1.com and one for .domain2.com where is infinite combination. PATCH submission: I am not interested in regular expression matching and I have seen many posts on users trying to do customer.domain.com, so is serverName.endsWith(domainName) that much of a performance hit? This patch would be great for many applications that just set up wildcard DNS so all subdomains point to the tomcat ip like basecamp or other products. Right now, the problem is we have two apps with two different domains each with infinite subdomains. thanks, Dean On Thu, Apr 1, 2010 at 8:37 AM, Dean Hiller dean.hil...@gmail.com wrote: So, xxx.dev.premonitionx.com will go be routed to Engine defaultHost=dev.premonitionx.com I will give that a try tonight then. If it doesn't, I guess I would have to write a patch. I need this feature to badly to be able to do companyname.premonitionx.com for any companies that register. thanks!!! Dean On Thu, Apr 1, 2010 at 7:52 AM, Pid p...@pidster.com wrote: On 01/04/2010 06:53, Dean Hiller wrote: I added this(I want it to use my requirements.war file for any requests to .dev.premonitionx.com where is infinite combinations all of which point to one single ip of course. I have another Host for .demo.premonitionx.com as well with infinite combinations again. This does not seem to be working though... Host name=dev.premonitionx.com appBase=zrequirements unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.RemoteHostValve allow=.*\.dev\.premonitionx\.com/ /Host Do I have this wrong? How do I get this to work? Does the name need to match the allow or something? Remove the valve and set: Engine defaultHost=dev.premonitionx.com All requests to unknown hosts will be directed to that Host. p
RE: RemoteHostValve for infinite domains? Patch submit question...
From: Dean Hiller [mailto:dean.hil...@gmail.com] Subject: Re: RemoteHostValve for infinite domains? Patch submit question... http://tomcat.apache.org/tomcat-5.5-doc/config/engine.html Exactly one *Engine* element MUST be nested inside a Servicehttp://tomcat.apache.org/tomcat-5.5- doc/config/service.htmlelement I need twoone for requests .domain1.com and one for .domain2.com where is infinite combination. So create two Service and Engine elements - or run two instances of Tomcat. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteHostValve for infinite domains? Patch submit question...
Dean Hiller wrote: ... I need twoone for requests .domain1.com and one for .domain2.com where is infinite combination. I think that you are right. Based on the little I know about Java and Tomcat and RequestDispatcher, I would suggest a range of possible solutions, in my personal order of preference : 1) have a look at the urlrewrite filter at www.tuckey.org. It may be able to do what you want. 2) use an Apache httpd with mod_rewrite and mod_proxy (or mod_jk) in front of Tomcat, as a proxy server listening on the IP address to which your hostnames resolve and port 80. Set up Tomcat to listen on another port (e.g.8080), and configure it with one default Host (localhost), and two additional Hosts (www.domain1.com and www.domain2.com). Use Apache's mod_rewrite to rewrite and proxy the calls to one or the other Tomcat Host(name), on the base of the domain ending of the original request. 3) get two different IP addresses for your server, and start 2 Tomcat instances, each one listening on one of these adresses. Each one would then have a default host, which will answer on all names which resolve to that IP. (Of course then you also need to split your two domains DNS-wise) There are different variations mixing and matching the above bits and pieces. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteHostValve for infinite domains? Patch submit question...
yes, I have thought through all those actually. Was just talking about urlrewrite filter and apache this morning. Issue with that then is having to keep their company name in a param of every single redirect seam does which is not the easiest of things to dothat way, company could be put in front company.domain.com. I like the ip idea(except for needing two tomcats). Two services in tomcat doesn't work as then we would need different ports which is definintely not something we want. I decided I am going to go the route of finding that Host matching code which probably looks up in a map of domain to Host object to route request to the Host/Engine(*which file is that in so I can jump to it?*), and just loop through it instead with endsWith. *hmmm, too bad there is not a pluggable component to Service or something or whoever owns the lookup like in server.xml lookupClass=com.alvazan.tomcat.LookupHost or something*? I could certainly provide a patch so people could plug into tomcat what they like based on performance considerations...ie. endsWith loop is not the best if you have 400 domains on one tomcat. Dean On Thu, Apr 1, 2010 at 9:31 AM, André Warnier a...@ice-sa.com wrote: Dean Hiller wrote: ... I need twoone for requests .domain1.com and one for .domain2.com where is infinite combination. I think that you are right. Based on the little I know about Java and Tomcat and RequestDispatcher, I would suggest a range of possible solutions, in my personal order of preference : 1) have a look at the urlrewrite filter at www.tuckey.org. It may be able to do what you want. 2) use an Apache httpd with mod_rewrite and mod_proxy (or mod_jk) in front of Tomcat, as a proxy server listening on the IP address to which your hostnames resolve and port 80. Set up Tomcat to listen on another port (e.g.8080), and configure it with one default Host (localhost), and two additional Hosts (www.domain1.comand www.domain2.com). Use Apache's mod_rewrite to rewrite and proxy the calls to one or the other Tomcat Host(name), on the base of the domain ending of the original request. 3) get two different IP addresses for your server, and start 2 Tomcat instances, each one listening on one of these adresses. Each one would then have a default host, which will answer on all names which resolve to that IP. (Of course then you also need to split your two domains DNS-wise) There are different variations mixing and matching the above bits and pieces. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteHostValve for infinite domains? Patch submit question...
On Thu, Apr 1, 2010 at 9:45 AM, Dean Hiller dean.hil...@gmail.com wrote: I like the ip idea(except for needing two tomcats). You don't need 2 tomcats; a connector can be told to listen on a specific IP... Two services in tomcat doesn't work as then we would need different ports which is definintely not something we want. .. in which case you don't need non-standard ports, either. -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteHostValve for infinite domains? Patch submit question...
yes, interesting, unfortunately, I am running our QA and customer demo machine behind comcast at home so there is only one ip, though it would work for our production environment. Dean On Thu, Apr 1, 2010 at 10:56 AM, Hassan Schroeder hassan.schroe...@gmail.com wrote: On Thu, Apr 1, 2010 at 9:45 AM, Dean Hiller dean.hil...@gmail.com wrote: I like the ip idea(except for needing two tomcats). You don't need 2 tomcats; a connector can be told to listen on a specific IP... Two services in tomcat doesn't work as then we would need different ports which is definintely not something we want. .. in which case you don't need non-standard ports, either. -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteHostValve for infinite domains? Patch submit question...
On Thu, Apr 1, 2010 at 10:00 AM, Dean Hiller dean.hil...@gmail.com wrote: yes, interesting, unfortunately, I am running our QA and customer demo machine behind comcast at home so there is only one ip, though it would work for our production environment. Then you could use the same 2-Engine setup there with 2 local IPs, one for each Engine, and Apache httpd in front of Tomcat as a proxy. -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteHostValve for infinite domains?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dean, On 4/1/2010 10:37 AM, Dean Hiller wrote: So, xxx.dev.premonitionx.com will go be routed to Engine defaultHost=dev.premonitionx.com Yes. But, requests to xxx.demo.premonitionx.com will also go to that Host as well. I thin the only way to get around writing many Alias entries in server.xml is to either use something like Apache httpd + mod_jk to perform routing to the correct backend Tomcat server, or to modify the Tomcat code that does Host picking and use String.endsWith() instead of String.equals() to perform the matching. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAku01r4ACgkQ9CaO5/Lv0PAMyACfVCfVxrnP8PE4uV6N1vN3Ixkm nLYAn0IXKxF7Pwxw/GbFbcaVOB63dBHG =77d2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: RemoteHostValve for infinite domains?
--- On Thu, 4/1/10 at 5:52 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: Please explain how that parses, since the allow string uses regular expression syntax, not wildcards (hence the need for the \. to match a period). I can't, since it doesn't. - Bob - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RemoteHostValve for infinite domains?
I added this(I want it to use my requirements.war file for any requests to .dev.premonitionx.com where is infinite combinations all of which point to one single ip of course. I have another Host for .demo.premonitionx.com as well with infinite combinations again. This does not seem to be working though... Host name=dev.premonitionx.com appBase=zrequirements unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.RemoteHostValve allow=.*\.dev\.premonitionx\.com/ /Host Do I have this wrong? How do I get this to work? Does the name need to match the allow or something? thanks, Dean
