Nginx/Httpd reverse proxy tomcat configuration tutorial

In the previous blog, we learned about the usage and function of each component in tomcat's server.xml; among them, for tomcat connectors, it is divided into three categories, one is http connector, one is https connector, and one is ajp connector; usually, as an application server, we do not recommend and should not let tomcat provide services directly to the client; therefore, the only access to tomcat is requests from other anti-generation servers; if tomcat uses other anti-generation servers to provide services to the outside world, then the access to https should be implemented by the proxy server. From the proxy server to tomcat, we should still use http or ajp protocol. In summary, the commonly used connectors are http and ajp; http is a text format protocol, which is supported by browsers; ajp protocol is a binary format protocol, which is not supported by browsers; so for the anti-generation server, it provides http protocol access to the client and ajp protocol to the server; it is relatively safer to anti-generation tomcat in this way, at least the client cannot bypass the proxy to directly access tomcat;

Common anti-proxy servers include haproxy, nginx, and httpd. Among these three software, haproxy and nginx can proxy tomcat based on the http protocol; httpd can proxy tomcat based on the http protocol, and also supports ajp protocol to proxy tomcat. If ajp protocol is used to proxy tomcat, a proxy_ajp_module must be enabled on httpd.

1. nginx reverses tomcat

The configuration of nginx based on http protocol to proxy tomcat is essentially the same as that of other web servers. We define a location and then proxy_pass the corresponding URL to the backend tomcat server.

Example: nginx reverses www.test1.com and localhost hosts in tomcat

Tip: The above configuration means that if the access path matches the root, the request will be proxied to 192.168.0.22:8080. In fact, after the request reaches tomcat, it will find out whether the corresponding host exists. If so, it will respond from the matched host, otherwise it will respond from the default host. Obviously, 192.168.0.22 cannot match the host of tomcat, so it will respond from the default host localhost, which is equivalent to reverse proxying the request for accessing / to the virtual host localhost; for resources that match the ending of .jsp or .do, the second location will be used to reverse the request to the virtual host www.test1.com;

Verification: Access 192.168.0.22 to see if you can access the page provided by the localhost virtual host of tomcat?

Tip: You can see that when we access 192.168.0.22, the browser returns the homepage provided by localhost in tomcat;

Verification: Visit 192..168.0.22/index.jsp to see if you can access the homepage provided by www.test1.com on tomcat?

Tip: You can see that when you visit 192.168.0.22/index.jsp, the browser responds to the homepage provided by the virtual host www.test1.com in tomcat;

2. httpd reverses tomcat

Example: httpd uses http protocol to replace tomcat

Tip: The above configuration means that when you visit www.test1.com, the request will be reversed to http://127.0.0.1:8080; it should be noted that proxypreservehost off means that the host header sent by the client will not be passed to tomcat, which means that when we visit www.test1.com, we cannot access the virtual host www.test1.com in tomcat, because the client accesses httpd, and the host header is www.test1.com. After reaching httpd, httpd encapsulates the message, and it will not pass the client host header intact to the back tomcat, but re-encapsulate the host header as 127.0.0.1. Because the value of the host header of the encapsulated message is 127.0.0.1, after reaching tomcat, it cannot match the virtual host of 127.0.0.1, so it will return from the default virtual host localhost. Therefore, when the client visits www.teste1.com, it will respond to the page of the localhost virtual host in tomcat;

Verification: Use a browser to access www.test1.com and see if it responds to the localhost page in tomcat?

Tip: You can see that when we visit www.test1.com, the response is not the page provided by the www.test1.com virtual host in Tomcat, but the page provided by the localhost virtual host; the reason for this is proxypreservehost off; it does not pass the client's host header to Tomcat;

Change proxypreservehost off to on, restart httpd, and then visit www.test1.com to see if it still returns the page of the localhost virtual host to us?

Tip: The above modification of proxypreservehost on means passing the value of the client host header to the backend tomcat; in this way, tomcat can respond to pages on different virtual hosts according to the host header passed by the client;

Verification: Restart the httpd service and visit www.test1.com to see if the page of the www.test1.com virtual host in tomcat will be responded to us?

Tip: You can see that when we visit www.test1.com now, we no longer respond to the page of the localhost virtual host, but the page of the www.test1.com virtual host, which means that httpd passes the value of the client hosts header to the backend tomcat;

Test: Visit 192.168.0.22 to see if you can access the default localhost virtual host page?

Tip: You can see that when we visit 192.168.0.22, the response to us is the localhost virtual host page in tomcat; the reason is that after httpd passes the value 192.168.0.22 of the client host header to the backend tomcat, it does not find the virtual host 192.168.0.22 on tomcat, so tomcat responds to httpd with the default virtual host localhost, and then responds to the browser; so what we see is the page of the localhost virtual host in tomcat;

3. httpd uses ajp protocol to replace tomcat

In the above example, there is no essential difference between httpd using http protocol to represent tomcat and using ajp protocol to represent tomcat. The only difference is changing the http protocol to ajp protocol and changing the backend tomcat port 8080 to port 8009. The rest are the same.

Tip: One thing to note here is that httpd uses the ajp protocol to proxy tomcat. You need to use the proxy_ajp_module module, otherwise httpd does not support the ajp protocol.

Verification: Access www.test1.com and 192.168.0.22 on the browser respectively to see if you can access the page of the corresponding virtual host in Tomcat?

Tip: You can see that there is no difference in access between using anti-Tomcat based on ajp protocol and anti-Tomcat based on http;

This is the end of this article about the Nginx/Httpd reverse generation tomcat configuration tutorial. For more relevant Nginx/Httpd reverse generation tomcat configuration content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!