I have Apache HTTPD server in our product and I need to add the AJP proxy to some specific application.
The Tomcat AJP port is 8009 and the Tomcat HTTP port is 8080 (the SSL termination is in Apache). This is the AJP proxy I need to configure.
<Directory /app>
AuthType None
Allow from all
Satisfy any
AllowOverride None
Options None FollowSymLinks
</Directory>
<Proxy http://localhost:8080/app >
AuthType None
Allow from all
Order Deny,Allow
Satisfy any
Options None FollowSymLinks
</Proxy>
ProxyPass /app ajp://localhost:8009/app
<Location /app>
ProxyPassReverse ajp://localhost:8009/app
</Location>
Question:
What should be configured in <Proxy … >
?
<Proxy http://localhost:8080/app >
or
<Proxy ajp://localhost:8009/app >
Added Clarification. The whole configuration contains the root configuration (see below).
I just need to add AJP proxy to some specific application.
<Directory />
Deny from all
Allow from localhost
Order Deny,Allow
AuthType Basic
Require valid-user
AllowOverride None
Satisfy any
Options None FollowSymLinks
</Directory>
<Proxy *>
Deny from all
Order Deny,Allow
AuthType Basic
Require valid-user
Satisfy any
Options None FollowSymLinks
</Proxy>
OK, you have several misconceptions about Apache configuration that need correcting.
<Directory>
blocks refer to absolute file system paths. Not URI Paths or ones relative to the document root. When proxying, as mentioned by David Hutchinson, you should be using<Location>
blocks instead.<Proxy>
blocks are (almost) exclusively use to configure forward proxies, not reverse ones. Remove these blocks, you do not need them. Again, use<Location>
blocks.ProxyPass
orProxyPassReverse
inside<Location>
. Although it is valid, it can complicate things. Simply use the two argument versions of these directive. Also, unless you have a reason not to, use trailing slashes in both these directives.The order of the location blocks may need to be reversed (I can't remember off the top of my head the correct order), but start with something like:
I have remove directives where they were the default.
You don't need the "<Proxy" block at all to do what you are trying to achieve.
The ProxyPass and ProxyPassReverse directives are all you require. For readability I'd advise however to either stick both in the Location block, or neither.
If you need to configure different settings for your app path, for instance client certificate authentication, use a Location (or LocationMatch) block as you have already in your configuration.
You can just use
<Proxy *>
. I think it will be good with this.