OCSP Java Bug (Part II)
Saturday, May 18 2013
Debian 7.0 released!
Sunday, May 5 2013
Glassfish HA using EJB
Sunday, April 7 2013
BUG in Java OCSP Implementation (PKIX)?
Friday, March 15 2013
SPNEGO/Kerberos in JavaEE (spnego.java.net)
Sunday, March 3 2013
Saturday, February 16 2013
SPNEGO/Kerberos in JavaEE (PAC)
Saturday, February 2 2013
SPNEGO/Kerberos in JavaEE
Friday, January 18 2013
Thursday, December 27 2012
Sunday, December 2 2012
ricky about Debian Multiarch
Thu, 04.04.2013 10:13
Hi Rulet, Usually this is a bug in the distribution packages, I suppose you're using ubuntu [...]
rulet about Debian Multiarch
Wed, 03.04.2013 18:05
Whem trying to install libasound2:i386 it gives an error that /usr/share/alsa/alsa.conf cannot [...]
Tung Le about Introducing CalDAV (Part I)
Sat, 16.02.2013 14:07
I have a set of events saved in my database (a very special database, so I can't use some popu [...]
Bruno PC about Signature Applet - Using Browser Store
Sat, 22.12.2012 15:26
Thanks Ricky, You are the guy! This is the way.. I can see it now! Thanks again!!!
ricky about Signature Applet - Using Browser Store
Sat, 22.12.2012 15:17
No Bruno, a login is never done using a Java applet. The web server is configured to request u [...]
Bruno PC about Signature Applet - Using Browser Store
Thu, 20.12.2012 21:29
Thanks for the answer Ricky! Please, look the link above: https://cav.receita.fazenda.gov. [...]
ricky about Debian Multiarch
Thu, 20.12.2012 14:43
Hi Semko, That error means the apt-get doesn't find the libasound2:i386 package. Are you u [...]
ricky about Signature Applet - Using Browser Store
Thu, 20.12.2012 14:31
Hi Bruno, In order to authenticate a user using a certificate you need to read another of [...]
Friday, January 6. 2012
These weeks I am finishing a long project which uses Apache (more precisely OHS / Oracle HTTP Server) in a reverse proxy configuration. Usually default apache mod_proxy modules are more than enough to configure a good reverse proxy but, sometimes, a special module called mod_proxy_html is necessary. When the pages served by the backend server manage absolute links (the ones that start by / or by the complete protocol://host:port uri) typical mod_proxy configuration falls short, because those mods never parse or change the HTML code (just the headers). Obviously mod_proxy_html does exactly that, parsing and replacing the conflicting links in the html page. It is important to remark that this behavior is not recommended, take in mind that the cost of parsing every HTML is not small.
My initial idea was only using the module in those applications which were problematic, there were no other solution (like specific application server plugin or a smart proxy uri that fits with the final backend server location) and the customer did not want to modify. But the problem is that mod_proxy_html is not distributed with the default Apache source bundle (it seems that it will be integrated in forthcoming Apache 2.4 cos it was donated by its creator to the foundation but currently it should be installed separately). All linux distros distribute the module as a separate package (because, as I explained, it is quite important in some reverse proxy configurations) but this is not the case of OHS. So my only chance was compiling the module by myself.
Although custom modules are not supported, OHS provides the apxs command to add them to the server at customers own risk and I desperately needed a plan B just in case an app was problematic. But the other painful point was that my OHS server is running in a Windows 2008 host. Cos I have no experience at all compiling in Windows I decided to start smoothly: compiling mod_html_proxy in an Apache/debian installation, then in a Linux OHS and finally in a Windows OHS. I compiled 3.0.1 version of the module and not current 3.1.2 for several reasons: new version uses two modules (I did not want to compile two times), my first try with 3.1.2 did not work as expected (I spent short time with the problem) and it is the current version in debian (you already know my total confidence in this distribution).
Adding mod_proxy_html to Debian/Apache
Although debian has a libapache2-mod-proxy-html package I compiled it by myself downloading the debian source package (remember I was training to compile it in OHS later). In order to do that I needed first some development packages: apache and libxml (this module uses libxml to parse the HTML pages and perform the replacements):
# apt-get install apache2-prefork-dev libxml2-dev
Then the module was compiled and installed:
# apxs2 -c -I /usr/include/libxml2 -I . -i mod_proxy_html.c /usr/share/apr-1.0/build/libtool --silent --mode=compile --tag=disable-static x86_64-linux-gnu-gcc -prefer-pic -DLINUX=2 -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_REENTRANT -I/usr/include/apr-1.0 -I/usr/include/openssl -I/usr/include/xmltok -pthread -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include/libxml2 -I. -c -o mod_proxy_html.lo mod_proxy_html.c && touch mod_proxy_html.slo /usr/share/apr-1.0/build/libtool --silent --mode=link --tag=disable-static x86_64-linux-gnu-gcc -o mod_proxy_html.la -rpath /usr/lib/apache2/modules -module -avoid-version mod_proxy_html.lo /usr/share/apache2/build/instdso.sh SH_LIBTOOL='/usr/share/apr-1.0/build/libtool' mod_proxy_html.la /usr/lib/apache2/modules /usr/share/apr-1.0/build/libtool --mode=install cp mod_proxy_html.la /usr/lib/apache2/modules/ libtool: install: cp .libs/mod_proxy_html.so /usr/lib/apache2/modules/mod_proxy_html.so libtool: install: cp .libs/mod_proxy_html.lai /usr/lib/apache2/modules/mod_proxy_html.la libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin" ldconfig -n /usr/lib/apache2/modules ---------------------------------------------------------------------- Libraries have been installed in: /usr/lib/apache2/modules If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,-rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- chmod 644 /usr/lib/apache2/modules/mod_proxy_html.so
Some configuration files were created to include the custom module in a2enmod/a2dismod debian commands. So I included the /etc/apache2/mods-available/proxy_html.load and /etc/apache2/mods-available/proxy_html.conf (load the module and default configuration). Once the module was integrated in debian scripts I enabled all the needed ones to perform reverse proxying:
# a2enmod proxy proxy_connect proxy_http proxy_ftp proxy_html
Finally I setup a Location directive which performed a reverse proxy from /proxy-test/ to a Tomcat running in my laptop (I added it to the default site, /etc/apache2/sites-enabled/000-default).
<Location /proxy-test/> ProxyPass http://magneto:8080/ ProxyPassReverse http://magneto:8080/ SetOutputFilter proxy-html ProxyHTMLURLMap http://magneto:8080/ /proxy-test/ ProxyHTMLURLMap / /proxy-test/ </Location>
The location proxifies (pass and reverse) all requests from the /proxy-test/ uri to my tomcat installation but with a filter, the proxy-html one. This filter searches and replaces the two annoying absolute links with our location uri (this is the goal of the ProxyHTMLURLMap directive). If you need more examples about the configuration please check this page.
And that was all! The Apache worked as a reverse proxy perfectly. I also prepared a simple html test page with some conflicting links to test.
Adding mod_proxy_html to Linux/OHS
The second step was doing the same but with OHS in a Linux box. I installed a new Linux KVM virtual box, OHS 220.127.116.11.0 binaries and perform the same actions. This time oracle system user is used for compiling and installing, and some parameters are different (take into account that I am using the libxml provided by OHS and not the system one):
$ export ORACLE_HOME=/opt/oracle/middleware/Oracle_WT1 $ export ORACLE_INSTANCE=$ORACLE_HOME/instances/instance1 $ export CONFIG_FILE_PATH=$ORACLE_INSTANCE/config/OHS/ohs1 $ export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$ORACLE_HOME/ohs/lib:$LD_LIBRARY_PATH $ /opt/oracle/middleware/Oracle_WT1/ohs/bin/apxs -I /usr/include/libxml2 -I . -L/opt/oracle/middleware/Oracle_WT1/ohs/lib -lxml2 -c -o mod_proxy_html.so -i mod_proxy_html.c /opt/oracle/middleware/Oracle_WT1/ohs/build/libtool --tag=CC --mode=compile cc -O -DNO_RC2 -DNO_RC5 -DNO_IDEA -DBSAFE -fPIC -DLINUX=260 -DMOD_SSL=206104 -DMOD_PERL -DUSE_PERL_SSI -I/include -DEAPI -D_LARGEFILE64_SOURCE -DUSE_EXPAT -I../lib/expat-lite -I/opt/oracle/middleware/Oracle_WT1/ohs/include -I/opt/oracle/middleware/Oracle_WT1/ohs/include -I/opt/oracle/middleware/Oracle_WT1/ohs/include -I/usr/include/libxml2 -I. -c -o mod_proxy_html.lo mod_proxy_html.c && touch mod_proxy_html.slo cc -O -DNO_RC2 -DNO_RC5 -DNO_IDEA -DBSAFE -fPIC -DLINUX=260 -DMOD_SSL=206104 -DMOD_PERL -DUSE_PERL_SSI -I/include -DEAPI -D_LARGEFILE64_SOURCE -DUSE_EXPAT -I../lib/expat-lite -I/opt/oracle/middleware/Oracle_WT1/ohs/include -I/opt/oracle/middleware/Oracle_WT1/ohs/include -I/opt/oracle/middleware/Oracle_WT1/ohs/include -I/usr/include/libxml2 -I. -c mod_proxy_html.c -fPIC -DPIC -o .libs/mod_proxy_html.o cc -O -DNO_RC2 -DNO_RC5 -DNO_IDEA -DBSAFE -fPIC -DLINUX=260 -DMOD_SSL=206104 -DMOD_PERL -DUSE_PERL_SSI -I/include -DEAPI -D_LARGEFILE64_SOURCE -DUSE_EXPAT -I../lib/expat-lite -I/opt/oracle/middleware/Oracle_WT1/ohs/include -I/opt/oracle/middleware/Oracle_WT1/ohs/include -I/opt/oracle/middleware/Oracle_WT1/ohs/include -I/usr/include/libxml2 -I. -c mod_proxy_html.c -o mod_proxy_html.o >/dev/null 2>&1 /opt/oracle/middleware/Oracle_WT1/ohs/build/libtool --tag=CC --mode=link cc -O -DNO_RC2 -DNO_RC5 -DNO_IDEA -DBSAFE -fPIC -o mod_proxy_html.la -L/opt/oracle/middleware/Oracle_WT1/ohs/lib -lxml2 -rpath /opt/oracle/middleware/Oracle_WT1/ohs/modules -module -avoid-version mod_proxy_html.lo rm -fr .libs/mod_proxy_html.a .libs/mod_proxy_html.la .libs/mod_proxy_html.lai .libs/mod_proxy_html.so /usr/bin/gcc -shared .libs/mod_proxy_html.o -L/opt/oracle/middleware/Oracle_WT1/ohs/lib -lxml2 -Wl,-soname -Wl,mod_proxy_html.so -o .libs/mod_proxy_html.so ar cru .libs/mod_proxy_html.a mod_proxy_html.o ranlib .libs/mod_proxy_html.a creating mod_proxy_html.la (cd .libs && rm -f mod_proxy_html.la && ln -s ../mod_proxy_html.la mod_proxy_html.la) /opt/oracle/middleware/Oracle_WT1/ohs/build/instdso.sh SH_LIBTOOL='/opt/oracle/middleware/Oracle_WT1/ohs/build/libtool' mod_proxy_html.la /opt/oracle/middleware/Oracle_WT1/ohs/modules /opt/oracle/middleware/Oracle_WT1/ohs/build/libtool --mode=install cp -f mod_proxy_html.la /opt/oracle/middleware/Oracle_WT1/ohs/modules/ cp -f .libs/mod_proxy_html.so /opt/oracle/middleware/Oracle_WT1/ohs/modules/mod_proxy_html.so cp -f .libs/mod_proxy_html.lai /opt/oracle/middleware/Oracle_WT1/ohs/modules/mod_proxy_html.la cp -f .libs/mod_proxy_html.a /opt/oracle/middleware/Oracle_WT1/ohs/modules/mod_proxy_html.a ranlib /opt/oracle/middleware/Oracle_WT1/ohs/modules/mod_proxy_html.a chmod 644 /opt/oracle/middleware/Oracle_WT1/ohs/modules/mod_proxy_html.a PATH="$PATH:/sbin" ldconfig -n /opt/oracle/middleware/Oracle_WT1/ohs/modules ---------------------------------------------------------------------- Libraries have been installed in: /opt/oracle/middleware/Oracle_WT1/ohs/modules If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- chmod 755 /opt/oracle/middleware/Oracle_WT1/ohs/modules/mod_proxy_html.so
OHS provides the includes for Apache but not for libxml (they are not part of the distribution). I checked with this simple test.c that the version is a 2.7.x so I just compiled against system headers which were of the same version.
OHS does not have the beautiful organization of the configuration files that debian uses, so I added the lines directly in the httpd.conf. They are exactly the same changes I presented before but in raw mode .
And it worked again! So this step was done very quickly.
Adding mod_proxy_html to Windows/OHS
This was my final goal but I was sure it was going to be painfully done. I will try to explain all the steps I did but maybe I forget any of them (I did so many things that I am not sure which were necessary and which were useless).
After all that hell I finally got a mod_proxy_html.dll valid for OHS 18.104.22.168.0 (win64) on Windows 2008r2. Again I did the same modifications in the httpd.conf file and the reverse proxy worked fine. Now a video is presented in which I first access directly to my tomcat installation and request the test page. There it is clear that some links are absolute. Then I change to my windows virtual box using the proxy location. Same tomcat page is shown and now the test HTML have the links modified to point to the correct URI (mod_proxy_html is in action!). Finally I request the server info page, the Apache is a OHS Windows X64 with my mod_proxy_html.cpp perfectly loaded.
This entry summarizes how to add mod_proxy_html (a proxy module that modifies the links inside the HTML sent by the backend in order to fix them) to Apache and OHS. The entry shows how to compile the module in Debian/Apache, Linux/OHS and Windows/OHS. My final goal was adding the module to an OHS (64 bits bundle) running in a Windows 2008r2. I usually never work with Windows and I spent so much time doing that that I wanted to preserve the information here. The next time someone tells me how easy Windows is I am going to ask him to compile something, an Apache module for example.
May the force be with you!
(Page 1 of 1, totaling 1 entries)