Hi,
I just got the news that
Reverse Proxy Plug-in 1.0.2 is
released for Sun Java System WebServer 6.1 SP11 is out , please try it at
https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_SMI-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=SJWS-6.1SP11-RPAddOn1.0.2-G-F@CDS-CDS_SMI
The Release Notes are here: http://docs.sun.com/app/docs/doc/820-7660
Sometimes, you like to get perfdump (/.perf) from web or proxy servers, but the RPP or AM agent may prevent you from doing this. So, you can try below:
1. follow the steps of perfdump at
http://docs.sun.com/app/docs/doc/820-5719/abyaq?l=en&a=view&q=perfdump
2. if you got RPP in your web server, then
<Client match="none" uri="/.perf">
NameTrans fn="map" from="/" name="reverse-proxy-/" to="http:/"
</Client>
then both perf dump and rpp will work ok.
The above will map rpp if uri not equal to /.perf, and will skip rpp
if uri is /.perf
So, both requests to rpp and .perf will work ok.
3. if you got AM agent in your proxy server, then
................
NameTrans fn="assign-name" name="stats-xml" from="(/stats-xml|/stats-xml/.*)"
NameTrans fn="assign-name" name="statistics" from="/.abc/.statistics"
................
PathCheck fn="url-check"
<Client match="none" uri="/.abc(/.*|)">
PathCheck fn="validate_session_policy"
</Client>
Service fn="deny-service"
AddLog fn="flex-log" name="access"
</Object>
.........
<Object name="stats-xml">
Service fn="stats-xml"
</Object>
<Object name="statistics">
Service fn="service-dump"
</Object>
then a request to get the statistics will work ok without the AM agent Path Check .
|
|
|
|
Sometimes, when we found the backend web application not working via the RPP , but working fine when you tried accessing it directly. It may be due to the Host header.
By default, Host header is not rewritten, see docs at
http://docs.sun.com/source/819-0902-05/rpp61.html
"rewrite-host
- (Optional) Boolean that indicates whether
service-passthrough should rewrite the Host header sent to
remote servers, replacing the local server's hostname with the
remote server's hostname. If not specified, rewrite-host
defaults to false."
What it means above is that the Host header passed to backend is the Host header as the incoming request, e.g.
consider the request flow below in a imagined env. :
1. IE or firefox browser incoming request
--->2. RPP web server (hostname=syntax)
-->3. Web server (serving statics here and pass jsp/servlet to another backend App server, hostname=apple here)
-->4. backend App server (e.g. IBM, BEA or called Oracle now, Sun App server, etc, called it pear here)
When we use the default config, e.g.
in syntax host, obj.conf for RPP:
"......
NameTrans fn="assign-name" from="/abc/def/ghi/index.jsp(|/*)" name="david"
<Object name="david">
Service fn="service-passthrough" servers="https://apple.asia.sun.com:443"
</Object>
"
Note, we are using the default above without rewrite-host="true", then a snoop at the RPP web server, syntax for both incoming request and outgoing passthrough will show below headers,
1. incoming request headers:
GET /abc/def/ghi/index.jsp HTTP/1.1
Host: syntax.asia.sun.com:61801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: .....;s_cc=true; s_sq=%5B%5BB%5D%5D
Pragma: no-cache
Cache-Control: no-cache
and the passthrough headers to the intermediate web server relay at apple is :
GET /abc/def/ghi/index.jsp HTTP/1.1
Via: 1.1 https-rpp ***
Host: syntax.asia.sun.com:61801 (note- same as RPP frontend !) ###
Proxy-jroute: 8+V7 ***
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-language: en-us,en;q=0.5
Accept-encoding: gzip,deflate
Accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Pragma: no-cache
Cache-control: no-cache
Cookie: .......; s_cc=true; s_sq=%5B%5BB%5D%5D
Proxy-ip: 129.150.154.121 *** (syntax is 129.158.175.19 and apple is 129.158.175.16 and browser is 129.150.154.121 , the above is the browser IP as noted in docs. )
Note - the *** are new headers added after the RPP.
You can see the same Host header above at
Host: syntax.asia.sun.com:61801 (note- same as RPP frontend!) ###
Sometimes, it can cause a problem to the backend App server because their webapps may expect a Host header like below instead ,
Host: apple.asia.sun.com:443 (which is the intermediate web server hostname)
To workaround any possible issues due to this passthrough, you can add rewrite-host="true" into the RPP frontend config,
e.g.
"......
NameTrans fn="assign-name" from="/abc/def/ghi/index.jsp(|/*)" name="david"
<Object name="david">
Service fn="service-passthrough" servers="https://apple.asia.sun.com:443" rewrite-host="true"
</Object>
"
then if we looked at the passthrough headers again after the RPP, it will change to have the new Host header = apple, e.g.
GET /abc/def/ghi/index.jsp HTTP/1.1
Via: 1.1 https-rpp ***
Host: apple.asia.sun.com:443 (note- same as intermediate web server apple now !) ###
Proxy-jroute: 8+V7 ***
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-language: en-us,en;q=0.5
Accept-encoding: gzip,deflate
Accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Pragma: no-cache
Cache-control: no-cache
Cookie: .......; s_cc=true; s_sq=%5B%5BB%5D%5D
Proxy-ip: 129.150.154.121 *** (syntax is 129.158.175.19 and apple is
129.158.175.16 and browser is 129.150.154.121 , the above is the
browser IP as noted in docs. )
So, hopefully, this can help some users when they run into above issues in RPP.
As a side issue, I found rewrite-host="true" can be used in some redirection issues in some situations, e.g.
from http to https or vice versa and there is a redirect with a new Location: header from backend server,
then add the rewrite-host="true" will likely help resolve the issues.
|
|
|
|
One common mistake in setting up Load Balancing (LB) with Sun Java Web Server Reverse Proxy Plugin (RPP) is the use of commas or semi-colons to separate different backend hosts in the "servers" parameter.
See http://docs.sun.com/source/819-0902-05/rpp61.html#wp010
"servers
- A quoted, space-delimited list of the servers that receive
the forwarded requests. Individual server names may optionally
be prefixed with http:// or https:// to indicate the protocol
and/or suffixed with a colon and integer to indicate the port."
So, in my env,
I set up my RPP front-end to backend to two web instances, e.g. in RPP front-end obj.conf,
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="assign-name" from="/amserver(|/*)" name="amserver"
NameTrans fn="assign-name" from="/amconsole(|/*)" name="amconsole"
....
<Object name="amserver">
ObjectType fn="force-type" type="magnus-internal/passthrough"
Service fn="service-passthrough" servers="https://apple.asia.sun.com:61602 https://apple.asia.sun.com:61802" rewrite-host="true"
Error reason="Bad Gateway" fn="send-error" uri="/badgateway.html"
</Object>
<Object name="amconsole">
ObjectType fn="force-type" type="magnus-internal/passthrough"
Service fn="service-passthrough" servers="https://apple.asia.sun.com:61602 https://apple.asia.sun.com:61802" rewrite-host="true"
Error reason="Bad Gateway" fn="send-error" uri="/badgateway.html"
</Object>
You can see my AM server backends at servers="https://apple.asia.sun.com:61602 https://apple.asia.sun.com:61802" .
(Note - the space delimiter above, NOT any comma or semi-colons!)
When we hit http://apple.asia.sun.com:61904/amserver/ (which is the front-end RPP url) 4 times,
I got LB hits across the two backends evenly,
e.g. from https://apple.asia.sun.com:61602 backend instance logs,
129.158.175.16 - - [24/Jun/2008:11:45:47 +0800] "GET /amserver/ HTTP/1.1" 200 38 -- 750
129.158.175.16 - - [24/Jun/2008:11:46:05 +0800] "GET /amserver/ HTTP/1.1" 200 38 -- 750
and from https://apple.asia.sun.com:61802 backend instance logs,
129.158.175.16 - - [24/Jun/2008:11:45:53 +0800] "GET /amserver/ HTTP/1.1" 200 38
129.158.175.16 - - [24/Jun/2008:11:46:10 +0800] "GET /amserver/ HTTP/1.1" 200 38
(You can see the alternate time stamps above for the LB)
When I tested and stopped 1st backend instance https://apple.asia.sun.com:61602 backend instance, then all hits will go to the 2nd backend instance,
129.158.175.16 - - [24/Jun/2008:11:45:53 +0800] "GET /amserver/ HTTP/1.1" 200 38
129.158.175.16 - - [24/Jun/2008:11:46:10 +0800] "GET /amserver/ HTTP/1.1" 200 38
(after I stopped 1st backend instance, then all hits go to 2nd instance below)
129.158.175.16 - - [24/Jun/2008:11:47:22 +0800] "GET /amserver/ HTTP/1.1" 200 38
129.158.175.16 - - [24/Jun/2008:11:47:26 +0800] "GET /amserver/ HTTP/1.1" 200 38
Hope this shows how to set up and test RPP functions in Sun Java Web Server .
|
|
|
|
There are two versions of RPPs , you can see their banners at the web server errors log after a start up, e.g.
older one banner in errors logs when start up web server :
[18/Dec/2007:11:35:54] info (22836): PASS1000: Sun ONE Web Server 6.1SP3 Reverse Proxy Plugin B09/09/2004 11:59
newer RPP banner :
[15/Feb/2008:15:48:43] info (10935): PASS1000: Sun ONE Web Server 6.1SP7 Reverse Proxy Plugin B01/11/2007 23:21
You can see their docs at below:
newer 6.1SP8,
http://docs.sun.com/app/docs/doc/820-1647/funcs?a=view
"Introduction
The Reverse Proxy Plug-in is a NSAPI plug-in designed for use with the Sun Java System Web Server 6.1 SP8 and later Service packs. "
and
older 6.1SP3 RPP,
http://docs.sun.com/source/819-0902-05/rpp61.html
"
Introduction
The Reverse Proxy Plugin is a NSAPI plugin designed for use with the Sun Java System Web Server 6.1 SP3 and later Service Packs.
"
Please use the suggested Sun Java System Web Server versions as noted in the above docs.
|
|
|
|
.perf /var 4.0.10 4.0.8 4.0.9 500 6.1 7 7.0 alerts andrii backup certificate client close_wait collection data database deny-existence directory disable enabled example expires faq file gdd give gui hang header headers hung ie include innodb installation jes lecture log md5 memory migrate mismatch mysql never opensource out pack package package-based painting password pausch perfdump pk12util pkg_app pkgapp plugin promise proxy redirect release restore reverse rewrite-host rpp script scripts security server servers service set-variable single solais source sp10 sp11 sp12 ssl ssl_dump stacks startup status sun tag transplant troubleshooting ulimit upgrade upload version vulnerability web wiki written wshang wshang.ksh xss
This theme brought to you by the Sun Green Team.
Go Green!