Reverse Proxy with SSL

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
borki
Member II

Reverse Proxy with SSL

Hi

We tried to reverse-proxy Alfreso with Apache/SSL in order to support secure access.

We did the following:

1. Create a local socket in tomcat/conf/server.xml
    <Connector port="8081" address="127.0.0.1" maxHttpHeaderSize="8192" debug="5"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true"
               proxyName="proxyhostname" proxyPort="443" scheme="https" />

2. Created a proxy rule in apache (in the SSL virtualhost)
RewriteCond    %{HTTP_HOST}            ^proxyhostname$
RewriteRule    ^/+alfresco/(.*)        http://localhost:8081/alfresco/$1 [P]

So far so good.. "Everything" works, but when we try to upload a new docment, the server produces the following error message:
javax.servlet.ServletException: return-page parameter has not been supplied
   org.alfresco.web.app.Application.handleServletError(Application.java:162)
   org.alfresco.web.app.servlet.UploadFileServlet.service(UploadFileServlet.java:137)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

(On the same installation, it works without reverse proxy)

We do not see, why this should not be possible.. we do reverse-proxy almost every application this way.

Any ideas?

Regards,
Reto
5 Replies
macbar
Member II

Re: Reverse Proxy with SSL

There are better ways to reverse proxy using apache, like mod_proxy, or in the case of tomcat/jboss apps, mod_jk.

However, I have to say that both approaches have their problems right now:

using mod_jk (version 1.2.14), using the webdav interface from within Mac OS X's Finder ( and presumable other webdav clients)  does not work.
(apache logs say: PROPFIND /alfresco/webdav HTTP/1.1: 404)

using mod_proxy, using the webdav interface does work, but not for renaming or moving files.

Pieter.
borki
Member II

Re: Reverse Proxy with SSL

In fact, using a RewriteRule with [P] flag is calling mod_proxy in the background. We see absolutely no indication, why this should not work since we are proxying every application we want to access from the Internet. This works for all kinds of apps (PHP stuff, Java/Tomcat stuff, CGIs, etc.).

WebDAV may be another problem, because it uses other HTTP methods which mod_jk/mod_proxy probably can not handle corectly (the normal web frontend only uses GET and POST, WebDAV also uses PROPFIND and maybe others..)

Any other ideas?

-Reto
tryke
Member II

Re: Reverse Proxy with SSL

Actually this is a bug in mod_proxy. Check http://issues.apache.org/bugzilla/show_bug.cgi?id=37145

Works fine for me.

t.
borki
Member II

Re: Reverse Proxy with SSL

You're right, thanks a lot…

Regards,
Reto  Smiley Very Happy
alarocca
Member II

Re: Reverse Proxy with SSL

I still have that issue (return-page parameter has not been supplied) using Apache 2.2.4, Alfresco 2.0 and mod_proxy (both ajp and http). Do you have any solution?

Best regards,
Alessandro