Re: request.getContextPath() behind a proxy (apache/nginx)

2019-02-05 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Guido,

On 2/5/19 05:33, Jäkel, Guido wrote:
>> On 05/02/2019 08:23, Johan Compagner wrote:
>>> problem is that our customers are doing this. also they can
>>> have 1 tomcat with a few webapps that they want to map under 
>>> different domains
>>> 
>>> so that would mean for them starting 3 different tomcats under
>>> 3 different ports and configure all that thats not always
>>> something they want to do. So i guess the only way for me is to
>>> have some kind of setting (per context)
>> 
>> They would be better configuring Tomcat with virtual hosts and
>> having three ROOT webapps.
>> 
>> Mark
> 
> Dear Johan,
> 
> as Christopher and Mark wrote: If possible in any way, please
> avoid to handle it via rewriting on a reverse proxy and prefer to
> set up the Tomcat to serve the application on the same domain and
> context path as used "outside" in front of the proxy.
The domain doesn't even matter. Tomcat will happily host applications
on any domain without interfering. IF you want the same web
application serving requests to example.com, example1.com, and
example2.com, there is no additional configuration necessary then if
they were only serving example.com alone.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxZoNsACgkQHPApP6U8
pFiVGg/+Mnngbs7PKUpBqFkJtE8ux1jLk+HQzskI4GwPjaPPhqeD431BcFYkKiik
M1bWkfu6E8z7MeUpaP0RLzyNYzZaVzIVl5vbOQCzYqZJ6GHmATpjFojozyA7ump6
Jjt/kg++PPLTbUCh+j4tgfhamzZrDXIXRAD/Z16z+vjSf8neXc226bCCxAFXQrit
jHWGy9CHrDUs2c/iWhuw53QQuBCtRZJJ/ag/+z8+QDq5axOmYRhfocpSpPY+fOCT
4iIOfM+0h7eoqqPjGcMq2yG44kf7YSaLPKNu3JIfrfNgDmKok6u4uAsQMpvvNUHp
bT6qV49KxW6ltZNLnhi/k3LSY1T5BgYn7NXE4Wbg7u/mtI+LBLW+EMLP/UofY1zS
Lqr2BmFe4IqlOETFaPoXgBxvaSeXeQdda4xmTf2Cuq8K2S3T96MvVfqTNciPSfSF
K1PGdsPjKz00JXOPI7BjCDX1zM/yccijiLXvo0f1TWfUa3aB1wD1JAaYqjjnD4xI
LhqsS5tYVN0TfYfyyXZZLoOoS+WgSK9lShhhI7U5/Zs0DO/qJ8jzoC/3jxe5MBZy
tL7eZ6B5caVxgW4ZiKamgsE+7wV73wYv+lI+9+W+ohIXCJL4Hyr+7iF1P/H8rXAO
z/hPfn815FFfOuU10X3waKovD5L5aSyUZWv0Wuzs6VSsjiwnaAk=
=J9fU
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: request.getContextPath() behind a proxy (apache/nginx)

2019-02-05 Thread John Dale 
I've encountered something similar in the past, but it was around
access logging.  It all depends on what the load balancer can forward
to tomcat in headers.

Port forwarding and resolving internally to the same domain externally
seems to be how Tomcat wants to handle your issue.

JMX M-Beans can offer some help in resolving request domains as well,
but can get kind of ugly, and I'm not sure how portable that is.

On 2/5/19, Johan Compagner  wrote:
> On Tue, 5 Feb 2019 at 11:34, Jäkel, Guido  wrote:
>
>> >On 05/02/2019 08:23, Johan Compagner wrote:
>> >> problem is that our customers are doing this.
>> >> also they can have 1 tomcat with a few webapps that they want to map
>> under
>> >> different domains
>> >>
>> >> so that would mean for them starting 3 different tomcats under 3
>> different
>> >> ports and configure all that
>> >> thats not always something they want to do.
>> >> So i guess the only way for me is to have some kind of setting (per
>> context)
>> >
>> >They would be better configuring Tomcat with virtual hosts and having
>> >three ROOT webapps.
>> >
>> >Mark
>>
>> Dear Johan,
>>
>> as Christopher and Mark wrote: If possible in any way, please avoid to
>> handle it via rewriting on a reverse proxy and prefer to set up the
>> Tomcat
>> to serve the application on the same domain and context path as used
>> "outside" in front of the proxy.
>>
>> If you real can't avoid, you have to do a forward rewriting of the used
>> header (e.g. hostname) and/or URL pattern in the one hand, but also a
>> complex backward rewriting of the answer! You have to back-rewrite parts
>> of
>> the answer header (Cookies, Locations, Links, ...) and the embedded URLs
>> in
>> the content of different MIME types (HTML, CSS, javascript, JSON, ...).
>> As
>> a consequence, you have either to forbid compression of the returned body
>> or (even more complex) decompress/modify/recompress it on the fly.
>>
>> Sometimes, I simply can't avoid because we need to have an application
>> available on two "addresses" while migration or something similar. And if
>> the application itself can't be run in two instances I know no other way.
>> But's it a real burden every time.
>>
>>
>>
> yeah i think we will document that if they want to have a reverse proxy in
> front of it that maps it on root (very likely)
> then they also should map the WAR on root in the tomcat behind that
> And if they have multiply wars they should try to use virtual hosting on
> tomcat as Mark described
> As a last resort i think i will add a configuration param (per context)
> where they can override it
>
>
> --
> Johan Compagner
> Servoy
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: request.getContextPath() behind a proxy (apache/nginx)

2019-02-05 Thread Johan Compagner 
On Tue, 5 Feb 2019 at 11:34, Jäkel, Guido  wrote:

> >On 05/02/2019 08:23, Johan Compagner wrote:
> >> problem is that our customers are doing this.
> >> also they can have 1 tomcat with a few webapps that they want to map
> under
> >> different domains
> >>
> >> so that would mean for them starting 3 different tomcats under 3
> different
> >> ports and configure all that
> >> thats not always something they want to do.
> >> So i guess the only way for me is to have some kind of setting (per
> context)
> >
> >They would be better configuring Tomcat with virtual hosts and having
> >three ROOT webapps.
> >
> >Mark
>
> Dear Johan,
>
> as Christopher and Mark wrote: If possible in any way, please avoid to
> handle it via rewriting on a reverse proxy and prefer to set up the Tomcat
> to serve the application on the same domain and context path as used
> "outside" in front of the proxy.
>
> If you real can't avoid, you have to do a forward rewriting of the used
> header (e.g. hostname) and/or URL pattern in the one hand, but also a
> complex backward rewriting of the answer! You have to back-rewrite parts of
> the answer header (Cookies, Locations, Links, ...) and the embedded URLs in
> the content of different MIME types (HTML, CSS, javascript, JSON, ...). As
> a consequence, you have either to forbid compression of the returned body
> or (even more complex) decompress/modify/recompress it on the fly.
>
> Sometimes, I simply can't avoid because we need to have an application
> available on two "addresses" while migration or something similar. And if
> the application itself can't be run in two instances I know no other way.
> But's it a real burden every time.
>
>
>
yeah i think we will document that if they want to have a reverse proxy in
front of it that maps it on root (very likely)
then they also should map the WAR on root in the tomcat behind that
And if they have multiply wars they should try to use virtual hosting on
tomcat as Mark described
As a last resort i think i will add a configuration param (per context)
where they can override it


-- 
Johan Compagner
Servoy

RE: request.getContextPath() behind a proxy (apache/nginx)

2019-02-05 Thread Jäkel , Guido 
>On 05/02/2019 08:23, Johan Compagner wrote:
>> problem is that our customers are doing this.
>> also they can have 1 tomcat with a few webapps that they want to map under
>> different domains
>>
>> so that would mean for them starting 3 different tomcats under 3 different
>> ports and configure all that
>> thats not always something they want to do.
>> So i guess the only way for me is to have some kind of setting (per context)
>
>They would be better configuring Tomcat with virtual hosts and having
>three ROOT webapps.
>
>Mark

Dear Johan,

as Christopher and Mark wrote: If possible in any way, please avoid to handle 
it via rewriting on a reverse proxy and prefer to set up the Tomcat to serve 
the application on the same domain and context path as used "outside" in front 
of the proxy.

If you real can't avoid, you have to do a forward rewriting of the used header 
(e.g. hostname) and/or URL pattern in the one hand, but also a complex backward 
rewriting of the answer! You have to back-rewrite parts of the answer header 
(Cookies, Locations, Links, ...) and the embedded URLs in the content of 
different MIME types (HTML, CSS, javascript, JSON, ...). As a consequence, you 
have either to forbid compression of the returned body or (even more complex) 
decompress/modify/recompress it on the fly.

Sometimes, I simply can't avoid because we need to have an application 
available on two "addresses" while migration or something similar. And if the 
application itself can't be run in two instances I know no other way. But's it 
a real burden every time.

with greetings

Guido

Re: request.getContextPath() behind a proxy (apache/nginx)

2019-02-05 Thread Mark Thomas 
On 05/02/2019 08:23, Johan Compagner wrote:
> problem is that our customers are doing this.
> also they can have 1 tomcat with a few webapps that they want to map under
> different domains
> 
> so that would mean for them starting 3 different tomcats under 3 different
> ports and configure all that
> thats not always something they want to do.
> So i guess the only way for me is to have some kind of setting (per context)

They would be better configuring Tomcat with virtual hosts and having
three ROOT webapps.

Mark


> 
> 
> On Mon, 4 Feb 2019 at 22:40, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
> 
> Johan,
> 
> On 2/4/19 07:09, Johan Compagner wrote:
 There are many older post for this on stackoverflow and so on
 https://stackoverflow.com/questions/10050550/why-does-getcontextpath-u
> nder-a-proxy-return-the-internal-path-inside-httpserv
> 

  but i wonder what the latest state of that is, we have a lot of
 proxy settings for host and scheme But is there something (a
 header) that a proxy can set so that Tomcat returns the right
 context path on that getContextPath() call?
> 
> This is #49 on the list of "why you shouldn't be munging context paths
> within a reverse-proxy".
> 
 Or are there headers that we have to check manually?

 If this is not the case then i guess the only way to fix this is to
 make it a configuration in our product something like

 String context = settings.getProperty("context.path",
 request.getContextPath());

 (get the context from the settings if not there use the default
 value which is from the request)

 So the problem is mostly because of virtual hosts i guess

 where

 Proxy / is mapped to AppServer /Webapp1
> 
> How about "don't do that"?
> 
> If you want to host your application on /, then host it on / and not
> /Webapp1.
> 
> -chris
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: request.getContextPath() behind a proxy (apache/nginx)

2019-02-05 Thread Johan Compagner 
problem is that our customers are doing this.
also they can have 1 tomcat with a few webapps that they want to map under
different domains

so that would mean for them starting 3 different tomcats under 3 different
ports and configure all that
thats not always something they want to do.
So i guess the only way for me is to have some kind of setting (per context)


On Mon, 4 Feb 2019 at 22:40, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Johan,
>
> On 2/4/19 07:09, Johan Compagner wrote:
> > There are many older post for this on stackoverflow and so on
> > https://stackoverflow.com/questions/10050550/why-does-getcontextpath-u
> nder-a-proxy-return-the-internal-path-inside-httpserv
> 
> >
> >  but i wonder what the latest state of that is, we have a lot of
> > proxy settings for host and scheme But is there something (a
> > header) that a proxy can set so that Tomcat returns the right
> > context path on that getContextPath() call?
>
> This is #49 on the list of "why you shouldn't be munging context paths
> within a reverse-proxy".
>
> > Or are there headers that we have to check manually?
> >
> > If this is not the case then i guess the only way to fix this is to
> > make it a configuration in our product something like
> >
> > String context = settings.getProperty("context.path",
> > request.getContextPath());
> >
> > (get the context from the settings if not there use the default
> > value which is from the request)
> >
> > So the problem is mostly because of virtual hosts i guess
> >
> > where
> >
> > Proxy / is mapped to AppServer /Webapp1
>
> How about "don't do that"?
>
> If you want to host your application on /, then host it on / and not
> /Webapp1.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxYsWIACgkQHPApP6U8
> pFhOeA//SmTil/dDz1ewySksqKiI83WjEtkrJ7/1xcaISkrU+t42bMOx8sLS/SOh
> VX2O/c0hlLuDy5YfaBClZgd7qLHmy3a5xcLpazUtw9CFZuJD+UTahxlK2AwysOzd
> +ns0qlRJEOZrxAxCfJpJ6yUZ9DppbKSHd8fd+XopIiRQyqJ3pWJtCZ61B3zJC7Ln
> Vxo7Qpk/1qQht8XhgRdkh1EOB+sJRziowcchu/t0xtpQNVH47czwVC4LpyX9wp43
> jMhlfVfwqjNAtgNsvm8YE3zfr8DUw3Q7hxwRk5EzGrRbq8RAoDEFri8F/9RB
> zhI+8tPi73JxYaz8/8MzIxGY2A0La6A2P/qCNjNYAoXy0tlzsN0MgUIvXjgnaRJl
> bRWwFlpqrOPqRkS7PvBa98rFiXzbC/Ef6uE68hTK7XrV/Ki9Pm4uJ+hbSdurHz7c
> KkKwgMmcpJ6nc80lOaXxtviuXbTrcxY1rGivhRiHr1nemRZkxwMzybf0nynhMtaa
> nuGFdKC/KGk25FM6xZEVzUuYLX7NV57GWPZcFkmcvfd87gRLwdmti+5vVGMIvC8z
> HYMDd4ArfkY3JYOeIlVc76mpTfCWPcFfN6U30G+dVwFEYUqGxOtRM6QY2OFbtpMW
> Ah8/FKULkBMCoD2AV0JJvTXz9PZ/v0bYPaitKRrPQZrlyp1CJ5M=
> =uP57
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 
Johan Compagner
Servoy

Re: request.getContextPath() behind a proxy (apache/nginx)

2019-02-04 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Johan,

On 2/4/19 07:09, Johan Compagner wrote:
> There are many older post for this on stackoverflow and so on 
> https://stackoverflow.com/questions/10050550/why-does-getcontextpath-u
nder-a-proxy-return-the-internal-path-inside-httpserv
>
>  but i wonder what the latest state of that is, we have a lot of
> proxy settings for host and scheme But is there something (a
> header) that a proxy can set so that Tomcat returns the right
> context path on that getContextPath() call?

This is #49 on the list of "why you shouldn't be munging context paths
within a reverse-proxy".

> Or are there headers that we have to check manually?
> 
> If this is not the case then i guess the only way to fix this is to
> make it a configuration in our product something like
> 
> String context = settings.getProperty("context.path", 
> request.getContextPath());
> 
> (get the context from the settings if not there use the default
> value which is from the request)
> 
> So the problem is mostly because of virtual hosts i guess
> 
> where
> 
> Proxy / is mapped to AppServer /Webapp1

How about "don't do that"?

If you want to host your application on /, then host it on / and not
/Webapp1.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxYsWIACgkQHPApP6U8
pFhOeA//SmTil/dDz1ewySksqKiI83WjEtkrJ7/1xcaISkrU+t42bMOx8sLS/SOh
VX2O/c0hlLuDy5YfaBClZgd7qLHmy3a5xcLpazUtw9CFZuJD+UTahxlK2AwysOzd
+ns0qlRJEOZrxAxCfJpJ6yUZ9DppbKSHd8fd+XopIiRQyqJ3pWJtCZ61B3zJC7Ln
Vxo7Qpk/1qQht8XhgRdkh1EOB+sJRziowcchu/t0xtpQNVH47czwVC4LpyX9wp43
jMhlfVfwqjNAtgNsvm8YE3zfr8DUw3Q7hxwRk5EzGrRbq8RAoDEFri8F/9RB
zhI+8tPi73JxYaz8/8MzIxGY2A0La6A2P/qCNjNYAoXy0tlzsN0MgUIvXjgnaRJl
bRWwFlpqrOPqRkS7PvBa98rFiXzbC/Ef6uE68hTK7XrV/Ki9Pm4uJ+hbSdurHz7c
KkKwgMmcpJ6nc80lOaXxtviuXbTrcxY1rGivhRiHr1nemRZkxwMzybf0nynhMtaa
nuGFdKC/KGk25FM6xZEVzUuYLX7NV57GWPZcFkmcvfd87gRLwdmti+5vVGMIvC8z
HYMDd4ArfkY3JYOeIlVc76mpTfCWPcFfN6U30G+dVwFEYUqGxOtRM6QY2OFbtpMW
Ah8/FKULkBMCoD2AV0JJvTXz9PZ/v0bYPaitKRrPQZrlyp1CJ5M=
=uP57
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

request.getContextPath() behind a proxy (apache/nginx)

2019-02-04 Thread Johan Compagner 
There are many older post for this on stackoverflow and so on
https://stackoverflow.com/questions/10050550/why-does-getcontextpath-under-a-proxy-return-the-internal-path-inside-httpserv

but i wonder what the latest state of that is, we have a lot of proxy
settings for host and scheme
But is there something (a header) that a proxy can set so that Tomcat
returns the right context path on that getContextPath() call?

Or are there headers that we have to check manually?

If this is not the case then i guess the only way to fix this is to make it
a configuration in our product
something like

String context = settings.getProperty("context.path",
request.getContextPath());

(get the context from the settings if not there use the default value which
is from the request)

So the problem is mostly because of virtual hosts i guess

where

Proxy / is mapped to AppServer /Webapp1


-- 
Johan Compagner
Servoy