Tomcat – How to get real IP (not 127.0.0.1) to show up as remote IP when forwarding requests in httpd

httpdtomcat

I've got a httpd server sitting in front of tomcat. Both services are running on the same machine.

The machine has 2 IP address and I have domain names that are bound to the different IPs.

In the access logs for tomcat all the remote IP addresses show 127.0.0.1. I think this is because all tomcat knows is that the request originated from a client identifying itself with IP 127.0.0.1 and that this client is actually Apache.

Is there any way to get Apache to identify itself with the actual IP the domain name is bound to?

EDIT : A slightly longer story…

What I'm actually trying to do is determine whether requests are coming from our internal network or from the internet. We have 2 host names which resolve to 2 different IP addresses. One of these addresses is visible from the internet and one is not. My hope was that I could determine which IP/URL the user actually typed into their browser and use this to disable certain features we do not want accessible from outside the intranet.

Cheers,
Peter

Best Answer

Tomcat needs to support the X-Forwarded-For header (Apache does that with the rpaf module), and httpd (Apache, I guess) needs to set that header for you.

BTW, if using a proxy, aren't you better off using Nginx?

Related Solutions

Tomcat6 clustering, loadbalancing ,session sharing ,failover

Check out Terracotta: http://www.terracotta.org/web/display/orgsite/Web+Sessions

Cheers

Tomcat – Multiple Tomcat Instances

My tomcat virtual hosts settings:

first enable mod_jk for apache:

a2enmod mod_jk

then restart apache

cat /etc/apache2/sites-enabled/tomcat:

NameVirtualHost *:80

    <VirtualHost *:80>
 DocumentRoot /usr/share/tomcat5.5/webapps/mydomain1.com
 ServerName mydomain1.com
 JkMount /* mydomain1
 ErrorLog /usr/share/tomcat5.5/logs/mydomain1.com-error_log
 CustomLog "|/usr/sbin/rotatelogs -l /usr/share/tomcat5.5/logs/mydomain1.com-access-%Y-%m-%d.log 86400" combined
</VirtualHost>

<VirtualHost *:80>
 DocumentRoot /usr/share/tomcat5.5/webapps/mydomain2.com
 ServerName mydomain2.com
 JkMount /* mydomain2
 ErrorLog /usr/share/tomcat5.5/logs/mydomain2.com-error_log
 CustomLog "|/usr/sbin/rotatelogs -l /usr/share/tomcat5.5/logs/mydomain2.com-access-%Y-%m-%d.log 86400" combined
</VirtualHost>

cat /etc/apache2/workers.properties

workers.tomcat_home=/usr/share/tomcat5.5/
workers.java_home=/usr/lib/jvm/java-6-sun
ps=/
worker.list=mydomain1, mydomain2

worker.lic.type=ajp13
worker.lic.host=mydomain1.com
worker.lic.port=8009
worker.lic.lbfactor=1

worker.wideok.type=ajp13
worker.wideok.host=mydomain2.com
worker.wideok.port=8009
worker.wideok.lbfactor=1

cat /usr/share/tomcat5.5/conf/server.xml

<Server port="8005" shutdown="SHUTDOWN">

  <Listener className="org.apache.catalina.core.AprLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
  <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
  <GlobalNamingResources>
    <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
    <Resource name="UserDatabase" auth="Container"
        type="org.apache.catalina.UserDatabase"
        description="User database that can be updated and saved"
        factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
        pathname="conf/tomcat-users.xml" />

  </GlobalNamingResources>
  <Service name="Catalina">

    <Connector port="8080" maxHttpHeaderSize="8192"
               maxThreads="150000" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="3600000" disableUploadTimeout="true" />


    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" SSLEnabled="true"
               keystoreFile="/usr/share/tomcat5.5/webapps/somedomain.com/ROOT/WEB-INF/ssl/sms_ssl.key" keystorePass="changeit"
            sslProtocol="SSL" />

 <Connector port="8009" 
     enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

<Engine name="Catalina" defaultHost="localhost">
 <Listener className="org.apache.jk.config.ApacheConfig"
    modJk="/usr/lib/apache2/modules/mod_jk.so"
    workersConfig="/etc/apache2/workers.properties"/>

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase"/>

 <Host name="localhost" appBase="webapps"
       unpackWARs="true" autoDeploy="true"
       xmlValidation="false" xmlNamespaceAware="false">
 </Host>

 <Host name="mydomain1.com"
    appBase="/usr/share/tomcat5.5/webapps/mydomain1.com"
    unpackWARs="true"
    autoDeploy="true"
    xmlValidation="false"
    xmlNamespaceAware="false">
 </Host>

 <Host name="mydomain2.com"
    appBase="/usr/share/tomcat5.5/webapps/mydomain2.com"
    unpackWARs="true"
    autoDeploy="true"
    xmlValidation="false"
    xmlNamespaceAware="false">
 </Host>

</Engine></Service></Server>

and dir structure for /usr/share/tomcat5.5/webapps

/usr/share/tomcat5.5/webapps/
                             ROOT/WEB-INF
                             ROOT/index.jsp

/usr/share/tomcat5.5/webapps/mydomain1.com/
                                          ROOT/WEB-INF
                                          ROOT/index.jsp

/usr/share/tomcat5.5/webapps/mydomain2.com/
                                          ROOT/WEB-INF
                                          ROOT/index.jsp

Hope that helps :)

Best Answer

Related Solutions

Tomcat6 clustering, loadbalancing ,session sharing ,failover

Tomcat – Multiple Tomcat Instances

Related Topic