I got it to work but I don’t know why it worked. I changed the BalancerMember to use the http connector instead of the ajp connector. So changed to http://tomcat-hostname:9080
So the question is, why would that matter and why would it work going to webserver directly but not netscaler? We use the ajp connector everywhere else. The only difference is everywhere else is Apache WebServer 2.4.39 and Tomcat 9.0.31 where this is Apache WebServer 2.4.46 and Tomcat 9.0.45
Shawn? Beard
Sr. Systems Engineer |
BTS
Middleware Engineering | +1-515-564-2528<tel:+1-515-564-2528> | SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>
From: Beard, Shawn <SBeard@wrberkley.com.INVALID>
Sent: Tuesday, June 8, 2021 8:21 AM
To: users@httpd.apache.org
Subject: [users@httpd] 404 error [EXTERNAL]
** CAUTION: External message
We have put Apache behind a Netscaler load balancer. We have the VIP set up with ssl and it is terminating SSL at the netscaler. The backend webserver is not SSL. When we go to the https vanity url, we get a 404 error. But when I go to webserver directly on using host:port, it works just fine. Im getting this in the access logs when I use the netscaler URL so I know the netscaler is getting to the webserver:
XX.XX.XX.XX- - [08/Jun/2021:08:58:09 -0400] "GET /sample HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36" 802 250
So http://hostname:8080/sample<https://urldefense.com/v3/__http:/hostname:8080/sample__;!!Li8W9_Um1Taa!vaSru_L24erjqjHPBvhitZg7zhMELI5zL2xAZSsdg80eRX3gpUOUIczYsg0IuGnU$> works
But netscaler url https://my.domain.com/sample<https://urldefense.com/v3/__https:/my.domain.com/sample__;!!Li8W9_Um1Taa!vaSru_L24erjqjHPBvhitZg7zhMELI5zL2xAZSsdg80eRX3gpUOUIczYsm4YsElu$> gets 404 with the above error in access logs. I have tried commenting out the rewrite engine stuff with same results.
Here is the virtual hosts from the httpd-vhosts.conf file. Some information changed for security reasons.
<VirtualHost *:8080>
DocumentRoot "/path/to/httpd/htdocs"
ServerName hostname:8080
ServerAlias my.domain.com
Options None
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy "balancer://loadbalancer">
BalancerMember ajp://tomcat-hostname:8009 route=sbx-bts01 connectiontimeout=300 timeout=600
ProxySet stickysession=ROUTEID
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPass / balancer://loadbalancer/
ProxyPassReverse / balancer://loadbalancer/
RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/1\.1$
RewriteRule .* - [F]
RewriteOptions Inherit
ErrorLog "/path/to/httpd/error_log"
CustomLog "/path/to/httpd/access_log" combinedio
</VirtualHost>
Shawn Beard • Sr. Systems Engineer
Middleware Engineering
[cid:image085436.PNG@fbcb1466.43bb3916]
3840 109th Street Urbandale, IA 50322
Phone: +1-515-564-2528
Email: SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>
Website: berkleytechnologyservices.com<https://www.berkleytechnologyservices.com/>
Technology Leadership Unleashing Business Potential
Shawn?
Beard
Sr. Systems Engineer
|
BTS
Middleware Engineering
|
+1-515-564-2528<tel:+1-515-564-2528>
|
SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>
CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
So the question is, why would that matter and why would it work going to webserver directly but not netscaler? We use the ajp connector everywhere else. The only difference is everywhere else is Apache WebServer 2.4.39 and Tomcat 9.0.31 where this is Apache WebServer 2.4.46 and Tomcat 9.0.45
Shawn? Beard
Sr. Systems Engineer |
BTS
Middleware Engineering | +1-515-564-2528<tel:+1-515-564-2528> | SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>
From: Beard, Shawn <SBeard@wrberkley.com.INVALID>
Sent: Tuesday, June 8, 2021 8:21 AM
To: users@httpd.apache.org
Subject: [users@httpd] 404 error [EXTERNAL]
** CAUTION: External message
We have put Apache behind a Netscaler load balancer. We have the VIP set up with ssl and it is terminating SSL at the netscaler. The backend webserver is not SSL. When we go to the https vanity url, we get a 404 error. But when I go to webserver directly on using host:port, it works just fine. Im getting this in the access logs when I use the netscaler URL so I know the netscaler is getting to the webserver:
XX.XX.XX.XX- - [08/Jun/2021:08:58:09 -0400] "GET /sample HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36" 802 250
So http://hostname:8080/sample<https://urldefense.com/v3/__http:/hostname:8080/sample__;!!Li8W9_Um1Taa!vaSru_L24erjqjHPBvhitZg7zhMELI5zL2xAZSsdg80eRX3gpUOUIczYsg0IuGnU$> works
But netscaler url https://my.domain.com/sample<https://urldefense.com/v3/__https:/my.domain.com/sample__;!!Li8W9_Um1Taa!vaSru_L24erjqjHPBvhitZg7zhMELI5zL2xAZSsdg80eRX3gpUOUIczYsm4YsElu$> gets 404 with the above error in access logs. I have tried commenting out the rewrite engine stuff with same results.
Here is the virtual hosts from the httpd-vhosts.conf file. Some information changed for security reasons.
<VirtualHost *:8080>
DocumentRoot "/path/to/httpd/htdocs"
ServerName hostname:8080
ServerAlias my.domain.com
Options None
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy "balancer://loadbalancer">
BalancerMember ajp://tomcat-hostname:8009 route=sbx-bts01 connectiontimeout=300 timeout=600
ProxySet stickysession=ROUTEID
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPass / balancer://loadbalancer/
ProxyPassReverse / balancer://loadbalancer/
RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/1\.1$
RewriteRule .* - [F]
RewriteOptions Inherit
ErrorLog "/path/to/httpd/error_log"
CustomLog "/path/to/httpd/access_log" combinedio
</VirtualHost>
Shawn Beard • Sr. Systems Engineer
Middleware Engineering
[cid:image085436.PNG@fbcb1466.43bb3916]
3840 109th Street Urbandale, IA 50322
Phone: +1-515-564-2528
Email: SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>
Website: berkleytechnologyservices.com<https://www.berkleytechnologyservices.com/>
Technology Leadership Unleashing Business Potential
Shawn?
Beard
Sr. Systems Engineer
|
BTS
Middleware Engineering
|
+1-515-564-2528<tel:+1-515-564-2528>
|
SBeard@wrberkley.com<mailto:SBeard@wrberkley.com>
CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
CONFIDENTIALITY NOTICE: This e-mail and the transmitted documents contain private, privileged and confidential information belonging to the sender. The information therein is solely for the use of the addressee. If your receipt of this transmission has occurred as the result of an error, please immediately notify us so we can arrange for the return of the documents. In such circumstances, you are advised that you may not disclose, copy, distribute or take any other action in reliance on the information transmitted.
Attached Files:
-
image001.png (13.2 KB)