Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.albasani.net!newsfeed00.sul.t-online.de!t-online.de!news.nask.pl!news.nask.org.pl!news.cyf-kr.edu.pl!agh.edu.pl!news.agh.edu.pl!news.onet.pl!.POSTED!not-for-mail
From: Michal Kleczek <kleku75@gmail.com>
Newsgroups: alt.apache.configuration,comp.lang.java.programmer
Subject: SSL Frontend(F5) - Apache - AJP - Tomcat howto
Date: Thu, 31 Mar 2011 14:51:18 +0200
Organization: http://onet.pl
Lines: 51
Message-ID: <in1tc7$ttt$1@news.onet.pl>
NNTP-Posting-Host: 77-252-124-164.ip.netia.com.pl
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7Bit
X-Trace: news.onet.pl 1301575879 30653 77.252.124.164 (31 Mar 2011 12:51:19 GMT)
X-Complaints-To: niusy@onet.pl
NNTP-Posting-Date: Thu, 31 Mar 2011 12:51:19 +0000 (UTC)
User-Agent: KNode/4.4.9
Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:2650

Does anybody know how to configure Apache/Tomcat in such a configuration:

  Internet
     |
     |
SSL Frontend (BIG-IP)
     |
     |
     |
Apache (with mod_jk or mod_proxy_ajp)
     |
     |
 Tomcat (JBoss)

The requirements are that:
1. Redirects from Tomcat work (IOW Tomcat knows if it is http or https 
request and external hostname )
2. ServletRequest.isSecure() returns true if there was SSL connection from 
the Internet to SSL Frontend
3. ServletRequest.getRemoteAddr() returns an address of the client (a 
browser)

I've search through the web but the only info I could find was about either:
Apache + Tomcat
or
BIG-IP + Apache

Preferably the solution:
1) should be done by configuring Apache (of course SSL-Frontend as well) - 
not require any custom code (a Valve or a Filter) on Tomcat
2) should not require configuring multiple connectors in Tomcat (since AJP 
handles all this internally a single AJP connector should be enough)

We can assume information about remote IP and protocol is sent to Apache in 
request headers. Since AJP defines fields to pass this information to 
backend servlet container I would like mod_jk or mod_proxy_ajp to somehow 
pick it up from request headers received by httpd.
Would mod_rewrite setting apropriate environment variables in Apache be 
enough? (I could not test it yet since it requires setting up a test 
environment and it is going to take a while)

The above architecture is pretty fine for Weblogic (with a WL plugin to 
Apache instead of mod_jk/mod_proxy_ajp).
But JBoss support could not (so far) come up with anything not intrusive to 
the application (which I find weird since I thought this setup is a pretty 
standard one for larger sites).

Any ideas or links?

-- 
Michal