OK this isn’t rocket science however I thought it worth documenting since I will probably forget in 6 months to a year when asked to do this again.
The Situation: Tomcat running with an Apache front-end using AJP to pass all traffic through to Tomcat after authenticating against CAS.
The Problem: The tomcat application did not exist in the root context so traffic needed to be forwarded to DOMAIN/sub-dir using HTTPS to insure data is secure. We were simply forwarding all HTTP traffic to HTTPS and forwarding any URL with DOMAIN/sub-dir in the path. That meant anyone going to DOMAIN/ was not being redirected to the application.
Where we were:
#/etc/httpd/conf/httpd.conf
<VirtualHost *:80>
Redirect / https://DOMAIN/SUB-DIR
#/etc/httpd/conf.d/ssl/conf
<Location /SUB-DIR>
ProxyPass ajp://localhost:8009/SUB-DIR
ProxyPassReverse ajp://localhost:8009/SUB-DIR
</Location>
For a reason I don’t have the details for (a change on the tomcat application side) this stopped working. Following CAS authentication the user was being returned to HTTPS://DOMAIN/SUB-DIRSUB-DIR which of course didn’t work. Since the application was now configured as desired I needed to fix the rewrite/redirection issue.
Before I get to the solution. For all previous cases we had a consulting firm working with us, they would simply put a redirection statement in tomcat root context. Not really a great idea but hey I don’t get paid the big bucks as a consultant so what do I know!
The Solution:
First to handle all HTTP traffic:
#/etc/httpd/conf/httpd.conf
<VirtualHost *:80>
Redirect / https://jenkins.uits.uconn.edu/
</VirtualHost>
Now to handle the secure HTTPD traffic. My first attempt (without thinking) was to do this:
#/etc/httpd/conf.d/ssl.conf
<Location />
ProxyPass ajp://localhost:8009/SUB-DIR
ProxyPassReverse ajp://localhost:8009/SUB-DIR
</Location>
<Location /SUB-DIR>
ProxyPass ajp://localhost:8009/SUB-DIR
ProxyPassReverse ajp://localhost:8009/SUB-DIR
</Location>
This of course did not work because Apache was never reaching the /SUB-DIR test! So a quick cut and paste and I had this:
#/etc/httpd/conf.d/ssl.conf
<Location /SUB-DIR>
ProxyPass ajp://localhost:8009/SUB-DIR
ProxyPassReverse ajp://localhost:8009/SUB-DIR
</Location>
<Location />
ProxyPass ajp://localhost:8009/SUB-DIR
ProxyPassReverse ajp://localhost:8009/SUB-DIR
</Location>
This works. It is clean and quick the way it is supposed to be. To recap