Web server talks binary to ajp .. rather than text (http). Purely performance.. There is no magic in the setup and xwiki is not doing anything it would not do if served straight from tomcat.
Since you've eliminated the 8080 port and your only listing on 127.0.0.1 now your less prone to that attack vector.. (your webserver is talking locally to tomcat and tomcat is only listening locally for connections) ------ thanks kevin.foote On Mon, 18 Apr 2011, [email protected] wrote: -> Hey Kevin, -> -> thanks it works now. -> What I do not understand, though is, why the apache-proxy (or xwiki) -> handles http request different to ajp requests. But maybe I just need -> to switch my brain on but right now it makes no sense to me... -> -> Thanks, -> Stephanie -> -> -> -> Quoting "Kevin P. Foote" <[email protected]>: -> -> > -> > Stephanie.. -> > -> > OK from your last post looks like some confusion.. so here goes: -> > -> > o Stop tomcat. -> > -> > o Backup your <tomcat location>/conf/server.xml file replace it with this -> > one ... -> > -> > -> > ---- SERVER.XML 8< ---- -> > <?xml version="1.0" encoding="UTF-8"?> -> > -> > <Server port="8005" shutdown="SHUTDOWN"> -> > -> > <Service name="Catalina"> -> > -> > <Connector port="8009" -> > address="127.0.0.1" -> > URIEncoding="UTF-8" -> > protocol="AJP/1.3" -> > enableLookups="false" -> > request.tomcatAuthentication="false" -> > redirectPort="8443" -> > scheme="https" -> > proxyPort="443"/> -> > -> > <Engine name="Catalina" defaultHost="localhost"> -> > <Host name="localhost" appBase="webapps" xmlValidation="false" -> > xmlNamespaceAware="false"/> -> > </Engine> -> > -> > </Service> -> > </Server> -> > ---- >8 END SERVER.XML ---- -> > -> > o start tomcat verify localhost is listening on 8009 -> > -> > o Inside your httpd conf where you have your virtual hosts defined.. -> > replace -> > -> > -OUT- ServerName www.my-domain.de -> > +IN+ ServerName https://www.my-domain.de -> > -> > -OUT- ProxyPass /xwikiv2 http://localhost:8080/xwikiv2 -> > +IN+ ProxyPass /xwikiv2 ajp://localhost:8009/xwikiv2 -> > -> > o restart httpd -> > -> > -> > -> > -> > -> > -> > ------ -> > thanks -> > kevin.foote -> > -> > On Mon, 18 Apr 2011, Kevin P. Foote wrote: -> > -> > -> -> > -> Stephanie - -> > -> -> > -> I use mod_jk for other reasons.. but mod_proxy_ajp is similar.. -> > there is no -> > -> reason why this should not work .. -> > -> -> > -> Make some changes though.. -> > -> -> > -> In your httpd conf where you have your virtual host defined -> > -> -> > -> change ServerName to the full address -> > -> -> > -> ServerName https://www.my-domain.de -> > -> -> > -> Dont proxy to tomcat via http... use tomcat in ajp mode .. -> > -> disable port :8080 and server xwiki over :8009 only to local host via -> > -> your <tomcat location>/conf/server.xml file. (usually all you need to do -> > -> is comment the 8080 stuff and uncomment the 8009. -> > -> -> > -> your proxy string will look something like this then.. -> > -> -> > -> ProxyPass /xwikiv2 ajp://localhost:8009/<xwiki instance> -> > -> -> > -> -> > -> ------ -> > -> thanks -> > -> kevin.foote -> > -> -> > -> On Mon, 18 Apr 2011, [email protected] wrote: -> > -> -> > -> -> Hello again, -> > -> -> -> > -> -> we are running a tomcat-server "behind" an apache-server. In order to -> > -> -> redirect the request we use the following configuration: -> > -> -> -> > -> -> <VirtualHost *:80> -> > -> -> ServerName www.my-domain.de -> > -> -> ServerAlias my-domain.de -> > -> -> Redirect permanent / https://www.my-domain.de/ -> > -> -> </VirtualHost> -> > -> -> -> > -> -> <VirtualHost *:443> -> > -> -> ServerName www.my-domain.de -> > -> -> -> > -> -> SSLEngine On -> > -> -> SSLProxyEngine On -> > -> -> -> > -> -> SSLCertificateFile /etc/apache2/ssl/my-domain.crt -> > -> -> SSLCertificateKeyFile /etc/apache2/ssl/my-domain.key -> > -> -> -> > -> -> <Proxy *> -> > -> -> Order allow,deny -> > -> -> Allow from all -> > -> -> </Proxy> -> > -> -> -> > -> -> -> > -> -> Redirect / /xwikiv2/ -> > -> -> -> > -> -> ProxyPass /xwikiv2 http://localhost:8080/xwikiv2 -> > -> -> ProxyPassReverse /xwikiv2 http://localhost:8080/xwikiv2 -> > -> -> ProxyPreserveHost On -> > -> -> </VirtualHost> -> > -> -> -> > -> -> So all communication should be encrypted and the user should -> > -> -> immediately be redirected to the wiki. -> > -> -> -> > -> -> With these settings we encounter a strange behaviour. For example the -> > -> -> Blog refuses to create a new category (see: [xwiki-users] Server not -> > -> -> responding when creating a new Blog-Category). If I point my browser -> > -> -> directly to my-domain.de:8080 I can create categories. -> > -> -> -> > -> -> Is the config file correct? Is there a better way? -> > -> -> -> > -> -> Cheers, -> > -> -> Stephanie -> > -> -> -> > -> -> -> > -> -> _______________________________________________ -> > -> -> users mailing list -> > -> -> [email protected] -> > -> -> http://lists.xwiki.org/mailman/listinfo/users -> > -> -> -> > -> _______________________________________________ -> > -> users mailing list -> > -> [email protected] -> > -> http://lists.xwiki.org/mailman/listinfo/users -> > -> -> > _______________________________________________ -> > users mailing list -> > [email protected] -> > http://lists.xwiki.org/mailman/listinfo/users -> > -> -> -> _______________________________________________ -> users mailing list -> [email protected] -> http://lists.xwiki.org/mailman/listinfo/users -> _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
