[xwiki-users] Xwiki Enterprise 2.6 Apache2 + Tomcat6 + AJP connector + ProxyPass results in Infinite redirect loop on login page
Dear all, I have recently installed Xwiki Enterprise 2.6 on our server (Ubuntu 10), deployed in Tomcat6. For this server we use two domains: domain1.example.com and domain2.example.com. By default Tomcat (and the XWiki) can be accessed via http://domain1.example.com:8080/xwiki/, but for security and easy-access we need the xwiki to be accessed from http://domain2.example.com/xwiki. This is why Tomcat is fronted by Apache2 using the AJP connector via a proxy pass which is configured in Apache sites-enabled: <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /var/www ServerName domain2.example.com <Proxy *> AddDefaultCharset Off Order deny,allow Allow from all </Proxy> ProxyPass /xwiki ajp://localhost:8009/xwiki/ ProxyPassReverse /xwiki ajp://localhost:8009/xwiki/ </VirtualHost> This configuration works, the xwiki can be accessed from domain1 and domain2 however there are some problems. The first thing I noticed is that the same wiki has has a different skin on each domain (no xar loaded, no user logged in). Second whereas I can access the login page athttp://domain1.example.com:8080/xwiki/bin/login/XWiki/XWikiLogin, trying to access the login page athttp://domain2.example.com/xwiki/bin/login/XWiki/XWikiLogin fails with an infinite http redirect (redirecting to the same login page, HTTP/1.1 302 Moved Temporarily). My questions are: is this type of configuration supported? If so, why is xwiki generating a redirect on the login page to the login page on domain2 and not on domain1? Thank you for the help. Best, Mark
Hi Mark, if I understand correctly, domain1 and domain2 are different names for the same server?! This type of problem can be solved with a special Tomcat connector configuration. In Apache you've defined a virtual host named domain2.example.com. So in Tomcat you should define a second connector on a different port with the attributes proxyName="domain2.example.com" and proxyPort="80". You may copy this from your original ajp connector definition and simply change the port for the connector and add the attributes. This you should do for every virtual host defined in your apache config, allowing Tomcat to return exactly the name of the host, the request was directed to. Hope this helps Best wishes Werner Greßhoff Am 01.12.2010 08:16, schrieb Mark Blokpoel:
Dear all,
I have recently installed Xwiki Enterprise 2.6 on our server (Ubuntu 10), deployed in Tomcat6. For this server we use two domains: domain1.example.com and domain2.example.com. By default Tomcat (and the XWiki) can be accessed via http://domain1.example.com:8080/xwiki/, but for security and easy-access we need the xwiki to be accessed from http://domain2.example.com/xwiki.
This is why Tomcat is fronted by Apache2 using the AJP connector via a proxy pass which is configured in Apache sites-enabled:
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /var/www ServerName domain2.example.com
<Proxy *> AddDefaultCharset Off Order deny,allow Allow from all </Proxy>
ProxyPass /xwiki ajp://localhost:8009/xwiki/ ProxyPassReverse /xwiki ajp://localhost:8009/xwiki/ </VirtualHost>
This configuration works, the xwiki can be accessed from domain1 and domain2 however there are some problems. The first thing I noticed is that the same wiki has has a different skin on each domain (no xar loaded, no user logged in). Second whereas I can access the login page athttp://domain1.example.com:8080/xwiki/bin/login/XWiki/XWikiLogin, trying to access the login page athttp://domain2.example.com/xwiki/bin/login/XWiki/XWikiLogin fails with an infinite http redirect (redirecting to the same login page, HTTP/1.1 302 Moved Temporarily).
My questions are: is this type of configuration supported? If so, why is xwiki generating a redirect on the login page to the login page on domain2 and not on domain1? Thank you for the help.
Best, Mark _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
Hi Mark, because the f arming issue with postgresql I have to run also 2 xwiki instances. Both are associated with completely different urls - and it run fine. But first I run in a bug, if the context contains a hyphen (XE-738). So I changed the context names to /xwiki/ and /xwiki2/. Best Regards, H.-Dirk Schmitt Am 01.12.2010 08:16, schrieb Mark Blokpoel:
Dear all,
I have recently installed Xwiki Enterprise 2.6 on our server (Ubuntu 10), deployed in Tomcat6. For this server we use two domains: domain1.example.com and domain2.example.com. By default Tomcat (and the XWiki) can be accessed via http://domain1.example.com:8080/xwiki/, but for security and easy-access we need the xwiki to be accessed from http://domain2.example.com/xwiki.
This is why Tomcat is fronted by Apache2 using the AJP connector via a proxy pass which is configured in Apache sites-enabled:
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /var/www ServerName domain2.example.com
<Proxy *> AddDefaultCharset Off Order deny,allow Allow from all </Proxy>
ProxyPass /xwiki ajp://localhost:8009/xwiki/ ProxyPassReverse /xwiki ajp://localhost:8009/xwiki/ </VirtualHost>
This configuration works, the xwiki can be accessed from domain1 and domain2 however there are some problems. The first thing I noticed is that the same wiki has has a different skin on each domain (no xar loaded, no user logged in). Second whereas I can access the login page athttp://domain1.example.com:8080/xwiki/bin/login/XWiki/XWikiLogin, trying to access the login page athttp://domain2.example.com/xwiki/bin/login/XWiki/XWikiLogin fails with an infinite http redirect (redirecting to the same login page, HTTP/1.1 302 Moved Temporarily).
My questions are: is this type of configuration supported? If so, why is xwiki generating a redirect on the login page to the login page on domain2 and not on domain1? Thank you for the help.
Best, Mark _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- ------------------------------------------------------------------------ * H.-Dirk Schmitt <http://www.computer42.org> * Dipl. Math. eMail:/[email protected]/ mobile:/+49 177 616 8564/ phone: /+49 2642 99 41 10/ fax: /+49 2642 99 41 15/ Kripper Str. 35, D-53489 Sinzig
Hi Werner, Thank you very much for your quick reply, it helped us one step further but I'm afraid we are still having a problem. This is my configuration: (sites-enabled for apache2) <VirtualHost *:80> [...] ServerName tcs.dcc.ru.nl <Proxy *> AddDefaultCharset Off Order deny,allow Allow from all </Proxy> ProxyPass /xwiki http://localhost:8080/xwiki/ ProxyPassReverse /xwiki http://localhost:8080/xwiki/ </VirtualHost> (server.xml for tomcat6) <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" proxyName="tcs.dcc.ru.nl" proxyPort="80" /> We also tried this with AJP on port 8009 with a corresponding connector without success: we still get the recursive redirection on the login page. We have the feeling that the connector works, because it rewrites the URL from http://tcs.dcc.ru.nl:8080/xwiki to http://tcs.dcc.ru.nl/xwiki/bin/view/Main/. It looks like that somehow the Servlet wrongly judges the url generated by the login button invalid and redirect to the same login page. To reproduce the bug you can try visiting the url http://tcs.dcc.ru.nl/xwiki and click the login button. We hope you can shed some light on this. Thank you very much. Best, Mark -- View this message in context: http://xwiki.475771.n2.nabble.com/Xwiki-Enterprise-2-6-Apache2-Tomcat6-AJP-c... Sent from the XWiki- Users mailing list archive at Nabble.com.
On 12/02/2010 04:52 PM, markblokpoel wrote:
Hi Werner,
Thank you very much for your quick reply, it helped us one step further but I'm afraid we are still having a problem. This is my configuration: (sites-enabled for apache2) <VirtualHost *:80> [...] ServerName tcs.dcc.ru.nl
<Proxy *> AddDefaultCharset Off Order deny,allow Allow from all </Proxy>
ProxyPass /xwiki http://localhost:8080/xwiki/ ProxyPassReverse /xwiki http://localhost:8080/xwiki/ </VirtualHost>
The problem might be that the source URL doesn't have a trailing / while the destination URL does. Try this: ProxyPreserveHost On ProxyPass /xwiki ajp://localhost:8009/xwiki ProxyPassReverse /xwiki ajp://localhost:8009/xwiki
(server.xml for tomcat6) <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" proxyName="tcs.dcc.ru.nl" proxyPort="80" />
We also tried this with AJP on port 8009 with a corresponding connector without success: we still get the recursive redirection on the login page. We have the feeling that the connector works, because it rewrites the URL from http://tcs.dcc.ru.nl:8080/xwiki to http://tcs.dcc.ru.nl/xwiki/bin/view/Main/. It looks like that somehow the Servlet wrongly judges the url generated by the login button invalid and redirect to the same login page.
To reproduce the bug you can try visiting the url http://tcs.dcc.ru.nl/xwiki and click the login button.
We hope you can shed some light on this. Thank you very much.
Best, Mark
-- Sergiu Dumitriu http://purl.org/net/sergiu/
Am 02.12.2010 17:01, schrieb Sergiu Dumitriu:
On 12/02/2010 04:52 PM, markblokpoel wrote:
Hi Werner,
Thank you very much for your quick reply, it helped us one step further but I'm afraid we are still having a problem. This is my configuration: (sites-enabled for apache2) <VirtualHost *:80> [...] ServerName tcs.dcc.ru.nl
<Proxy *> AddDefaultCharset Off Order deny,allow Allow from all </Proxy>
ProxyPass /xwiki http://localhost:8080/xwiki/ ProxyPassReverse /xwiki http://localhost:8080/xwiki/ </VirtualHost>
The problem might be that the source URL doesn't have a trailing / while the destination URL does. Try this:
ProxyPreserveHost On ProxyPass /xwiki ajp://localhost:8009/xwiki ProxyPassReverse /xwiki ajp://localhost:8009/xwiki
I can confirm that, I'm running it just like that without the trailing /.
(server.xml for tomcat6) <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" proxyName="tcs.dcc.ru.nl" proxyPort="80" />
We also tried this with AJP on port 8009 with a corresponding connector without success: we still get the recursive redirection on the login page. We have the feeling that the connector works, because it rewrites the URL from http://tcs.dcc.ru.nl:8080/xwiki to http://tcs.dcc.ru.nl/xwiki/bin/view/Main/. It looks like that somehow the Servlet wrongly judges the url generated by the login button invalid and redirect to the same login page.
To reproduce the bug you can try visiting the url http://tcs.dcc.ru.nl/xwiki and click the login button.
We hope you can shed some light on this. Thank you very much.
Best, Mark
That seemed to do the trick! It's working now. Thanks for all the help. :) Best, Mark -- View this message in context: http://xwiki.475771.n2.nabble.com/Xwiki-Enterprise-2-6-Apache2-Tomcat6-AJP-c... Sent from the XWiki- Users mailing list archive at Nabble.com.
participants (5)
-
H.-Dirk Schmitt -
Mark Blokpoel -
markblokpoel
-
Sergiu Dumitriu -
Werner Greßhoff