I have the following server setup:
- Apache Tomcat 7 running Atlassian's Jira (
http:// <server-ip>:8081/tickets
) - Apache 2.4 web server as reverse proxy serving only the jira application at the moment, but there are more to come (
http://<server-ip>/tickets
)
Now, I want to restrict accesss to the whole system (i.e. http://<server-ip>/*
) by setting up a basic authentication.
This is how the only enabled apache site config looks like:
<VirtualHost *:80> <Proxy *> Require all granted </Proxy> ProxyRequests Off ProxyPreserveHost On ProxyPass /tickets http://localhost:8081/tickets ProxyPassReverse /tickets http://localhost:8081/tickets <Location /> AllowOverride AuthConfig AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require user myuser </Location> </VirtualHost>
But with this config I encounter a problem while trying to log in. After entering the login data, the login window pops up asking again for the login. After three attempts a 401 error is returned by the tomcat! application and not apache.
There is no entry in neither apache's access.log nor error.log for this request. Though apache will log requests with wrong credentials.
How can I configure Apache to proxy all /tickets/*
requests to Tomcat while forcing the client to authenticate when accessing /*
?
Best Answer
It made me suspicious that I got a 401 error from the tomcat application. it seems, that apache fowarded the authorization request, though it shouldn't. I had to remove the
"Authorization"
parameter from the request header.To do this. I enabled
mod_headers
and addedRequestHeader unset "Authorization"
just before the ProxyPass directives.So my config looks like the following now:
EDIT:
Jira uses its own REST-API for the gadgets, so I had to define a Location-Tag for
/tickets/rest
path.Got ideas to solve the problem from: