How to bind apache server non localhost to tomcat server?

Goal

We would like to make sur tomcat only listen to apache server which was not on localhost adress. It is a security measure to protect the tomcat port.

In order to do that we need to add the attribute “address” to the connector of the tomcat port.
Few words about the connector :

The HTTP Connector element represents a Connector component that supports the HTTP/1.1 protocol. It enables Catalina to function as a stand-alone web server, in addition to its ability to execute servlets and JSP pages.

http://tomcat.apache.org/tomcat-7.0-doc/config/http.html

 
<Connector port="8111"                
               acceptCount="100"     
            address="127.0.0.1" 
               connectionTimeout="5000"               
               keepAliveTimeout="10000"               
               maxKeepAliveRequests="1"               
               maxConnections="10000"               
               protocol="HTTP/1.1"
               />

Few words about the attribute address :

For servers with more than one IP address, this attribute specifies which address will be used for listening on the specified port. By default, this port will be used on all IP addresses associated with the server.

NOTE : this solution uses HTTP protocol connector to connect to apache instead of AJP protocol. The connector AJP should be used between apache and tomcat for performance reason.
https://www.mulesoft.com/tcat/tomcat-connectors

Problem

At first I used the localhost address(127.0.0.1) to make tomcat listening to this address. I wrongly assume the apache server was at the local address server.

Apache and tomcat would start with no errors. However the application would not start. There was no errors meaningful in the application logs, tomcat logs. At last i found some error in apache server error.log :

[Thu Jun 15 17:56:15 2017] [error] (111)Connection refused: proxy: HTTP: attempt to connect to 191.14.12.14:8111 (machine_adress) failed
[Thu Jun 15 17:56:15 2017] [error] ap_proxy_connect_backend disabling worker for (machine_adress)

This error helped to find a solution to this problem.
I checked the IP address 191.14.12.14 and I found out in /etc/hosts that the adress 191.14.12.14 was link to a server called apache_instance1

Solution :

I check in apache configuration “httpd.conf” and I found out that the name of the server is :

ServerName apache_instance1

Therefore to bind tomcat port to listen only to apache server, I had to do modify the attribute adress like this :

 

 
<Connector port="8111"                
               acceptCount="100"     
            address="apache_instance1" 
               connectionTimeout="5000"               
               keepAliveTimeout="10000"               
               maxKeepAliveRequests="1"               
               maxConnections="10000"               
               protocol="HTTP/1.1"
               />

It fixes my problem.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s