[thredds] Addition to THREDDS documentation: Masking THREDDS-generated URLS on file access pages using mod_proxy_ajp

• To: thredds@xxxxxxxxxxxxxxxx
• Subject: [thredds] Addition to THREDDS documentation: Masking THREDDS-generated URLS on file access pages using mod_proxy_ajp
• From: Greg Keith <Greg.Keith@xxxxxxxx>
• Date: Wed, 17 Dec 2008 15:25:13 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 

The THREDDS doc page at
http://www.unidata.ucar.edu/projects/THREDDS/tech/reference/TomcatBehindProxyServer.html
shows how to use mod_proxy to have Apache proxy requests to THREDDS so
that it just looks like it's a subdirectory in the virtual host you
are running. Which is great, but I added a datasetScan element and all
the TDS-generated pages showed the machine name and port in the base
URL for the request. So I wondered - how can you mask the machine name
and port on the TDS-generated pages as well?

I noticed NGDC had this already set up on their server - for example:
http://www.ngdc.noaa.gov/thredds/catalog/sst/SST_50km/catalog.html?dataset=sst/SST_50km/NPR.STGL.NL.D02012.nc

rather than

http://machine
name:port/thredds/catalog/sst/SST_50km/catalog.html?dataset=sst/SST_50km/NPR.STGL.NL.D02012.nc

So with a tip from Ernie Joynt, a sysad there, and some experimenting,
I found the solution. After the sentence: "The section between
<Proxy... And </Proxy> can usually be omitted...",  you could add:

"You can also add additional proxy directives to mask the THREDDS URL
and port in any TDS-generated file access pages. The above ProxyPass
and ProxyPassReverse directives mask the machine name and port using
mod_proxy during an initial THREDDS URL request, but leave this
information visible on the data access page generated by TDS.

If you add the following directives BEFORE the directives above,
Apache will use mod_proxy_ajp in addition to the mod_proxy directives,
so that any TDS-generated access pages will use the same URL as shown
in the initial THREDDS request (example shown for Apache 2.2):

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
ProxyPass /thredds              ajp://localhost:8009/thredds
ProxyPassReverse /thredds              ajp://localhost:8009/thredds

This also requires uncommenting the AJP connector (port 8009) in the
Tomcat server.xml file."

Thanks to Ernie Joynt at NGDC for the tip-off on this. This made my
security guy happy.

Greg

- --
Greg Keith - Web System Administrator   greg.keith(-at-)noaa.gov
NOAA ESRL Physical Sciences Division  http://www.esrl.noaa.gov/psd
R/PSD, 325 Broadway, Boulder, CO         phone: 303-497-6645


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
 
iD8DBQFJSXxI8IR34NeP2BwRAk/8AJ94W9e24O4qL3BzdNZ/E6d9oT0utgCeOc2A
rBAYuY9DfLt6uq1sdDTDp8o=
=Gbnd
-----END PGP SIGNATURE-----

• References:
  • [thredds] Java heap problems with large ASCII downloads
    • From: Heiko Klein
  • Re: [thredds] Java heap problems with large ASCII downloads
    • From: Roy Mendelssohn
  • Re: [thredds] Java heap problems with large ASCII downloads
    • From: Nathan Potter
  • Re: [thredds] Java heap problems with large ASCII downloads
    • From: Roy Mendelssohn
  • Re: [thredds] Java heap problems with large ASCII downloads
    • From: Ethan Davis
  • Re: [thredds] Java heap problems with large ASCII downloads
    • From: Heiko Klein
  • Re: [thredds] Java heap problems with large ASCII downloads
    • From: John Caron