Running Tomcat Behind a Proxy Server

Tomcat and Apache mod_proxy

[Thanks to Michael Godin (MBARI) for the following documentation.]

If you are using Tomcat on port 8080 (for example) and Apache on the default port 80, you can use the Apache proxy module to hide the Tomcat port in the URLs used to connect to THREDDS.  This may be critical if your server is behind a firewall that only allows port 80 access.  It is also important if THREDDS is running on a machine that is completely behind a firewall, but you have a server running Apache that can talk to the machine.

You will need to edit the Apache httpd.conf file (on Linux, it is stored in /etc/httpd/conf/).

Find the lines that start with "<IfModule mod_proxy.c>" and end with "</IfModule>".  These lines may need to be uncommented.  Between these lines, make sure the following line exists and is uncommented:

    ProxyRequests On

Then add the following lines:

    ProxyPreserveHost On
    <Location /thredds>
        ProxyPass http://myhost.mydomain:8080/thredds
        ProxyPassReverse http://myhost.mydomain:8080/thredds
    </Location>
    <Proxy http://myhost.mydomain:8080/thredds>
        AllowOverride None
        Order allow,deny
        Allow from All
    </Proxy>

You of course need to replace "http://myhost.mydomain:8080/thredds" with the full URL of the THREDDS web application.

The section between <Proxy... And </Proxy> can usually be omitted, but in some cases a server is sufficiently locked down that you need to explicitly allow access to resources.  It can also be edited to restrict access to registered users via Apache authentication mechanisms.

Finally, on the server command line (as a super/admin user), execute:

    apachectl graceful

In my configuration, I initially failed to add the line "ProxyPreserveHost On", which caused me many headaches as links generated by THREDDS kept directing the client back to port 8080 (which was blocked by a firewall).

Tomcat Documentation

• Tomcat 6.0 Proxy Support HOW-TO
• Tomcat 5.5 Proxy Support HOW-TO

Tomcat and Apache mod_jk

Sounds like mod_jk is more powerful than mod_proxy. If anyone has experience using mod_jk and could contribute some text here, please let us know at thredds@unidata.ucar.edu.

Tomcat Documentation

• Apache Tomcat Connector - Webserver HowTo

This document is maintained by Unidata and was last updated on July 10, 2007. Send comments to thredds@unidata.ucar.edu or support-thredds@unidata.ucar.edu.