Adjust Apache reverse proxy to allow forwarding via the AJP protocol

2021-03-04 22:46:02 +01:00 · 2021-03-04 22:46:02 +01:00 · 695e6ccdd9
parent df31224348
commit 695e6ccdd9
5 changed files with 28 additions and 8 deletions
--- a/example-deployments/disnix/processes-with-tomcat-mysql.nix
+++ b/example-deployments/disnix/processes-with-tomcat-mysql.nix
@ -38,6 +38,16 @@ rec {
    webapps = [
      pkgs.tomcat9.webapps # Include the Tomcat example and management applications
    ];
+    enableAJP = true;
+  };
+
+  apache = {
+    pkg = constructors.reverseProxyApache {
+      dependency = tomcat;
+      serverAdmin = "admin@localhost";
+      targetProtocol = "ajp";
+      portPropertyName = "ajpPort";
+    };
  };

  mysql = containerProviderConstructors.mysql {};
--- a/service-containers-agnostic/apache-tomcat/simple-appserving-tomcat.nix
+++ b/service-containers-agnostic/apache-tomcat/simple-appserving-tomcat.nix
@ -10,6 +10,7 @@
 , commonLibs ? []
 , sharedLibs ? []
 , webapps ? [ tomcat.webapps ]
+, enableAJP ? false
 , type ? null
 , properties ? {}
 }:
@ -18,7 +19,7 @@ let
  catalinaBaseDir = "${stateDir}/${instanceName}";

  pkg = tomcatConstructorFun {
-    inherit instanceName serverPort httpPort httpsPort ajpPort javaOpts catalinaOpts commonLibs sharedLibs webapps;
+    inherit instanceName serverPort httpPort httpsPort ajpPort javaOpts catalinaOpts commonLibs sharedLibs webapps enableAJP;

    postInstall = ''
      # Add Dysnomia container configuration file for a Tomcat web application
@ -26,6 +27,7 @@ let
      cat > $out/etc/dysnomia/containers/${containerName} <<EOF
      tomcatPort=${toString httpPort}
      catalinaBaseDir=${catalinaBaseDir}
+      ${lib.optionalString enableAJP "ajpPort=${toString ajpPort}"}
      EOF

      # Copy the Dysnomia module that manages MySQL database
@ -37,7 +39,7 @@ in
 rec {
  name = instanceName;

-  inherit pkg catalinaBaseDir;
+  inherit pkg catalinaBaseDir ajpPort;
  tomcatPort = httpPort;

  providesContainer = containerName;
--- a/services-agnostic/apache-tomcat/simple-appserving-tomcat.nix
+++ b/services-agnostic/apache-tomcat/simple-appserving-tomcat.nix
@ -11,6 +11,7 @@
 , commonLibs ? []
 , sharedLibs ? []
 , webapps ? [ tomcat.webapps ]
+, enableAJP ? false
 , postInstall ? ""
 }:

@ -28,9 +29,14 @@ let
        -e 's|<Server port="8005" shutdown="SHUTDOWN">|<Server port="${toString serverPort}" shutdown="SHUTDOWN">|' \
        -e 's|<Connector port="8080" protocol="HTTP/1.1"|<Connector port="${toString httpPort}" protocol="HTTP/1.1"|' \
        -e 's|redirectPort="8443"|redirectPort="${toString httpsPort}"|' \
-        -e 's|<Connector port="8009" protocol="AJP/1.3"|<Connector port="${toString ajpPort}" protocol="AJP/1.3"|' \
        conf/server.xml

+      ${lib.optionalString enableAJP ''
+        sed -i \
+          -e '/<Service name="Catalina">/a <Connector protocol="AJP/1.3" address="127.0.0.1" port="${toString ajpPort}" redirectPort="8443" secretRequired="false" />' \
+          conf/server.xml
+      ''}
+
      # Create a modified catalina.properties file
      # Change all references from CATALINA_HOME to CATALINA_BASE to support loading files from our mutable state directory
      # and add support for shared libraries
--- a/services-agnostic/apache/reverse-proxy-apache.nix
+++ b/services-agnostic/apache/reverse-proxy-apache.nix
@ -1,4 +1,4 @@
-{createManagedProcess, stdenv, runCommand, apacheHttpd, php, writeTextFile, logDir, runtimeDir, cacheDir, forceDisableUserChange}:
+{createManagedProcess, stdenv, lib, runCommand, apacheHttpd, php, writeTextFile, logDir, runtimeDir, cacheDir, forceDisableUserChange}:

 { instanceSuffix ? ""
 , instanceName ? "apache${instanceSuffix}"
@ -8,13 +8,15 @@
 , documentRoot ? ../http-server-common/webapp
 , enablePHP ? false
 , enableCGI ? false
+, targetProtocol ? "http"
+, portPropertyName ? "port"
 , dependency
 , extraConfig ? ""
 , postInstall ? ""
 }:

 import ./simple-webapp-apache.nix {
-  inherit createManagedProcess stdenv runCommand apacheHttpd php writeTextFile logDir runtimeDir cacheDir forceDisableUserChange;
+  inherit createManagedProcess lib runCommand apacheHttpd php writeTextFile logDir runtimeDir cacheDir forceDisableUserChange;
 } {
  inherit instanceSuffix instanceName port serverName serverAdmin documentRoot enablePHP enableCGI postInstall;
  dependencies = [ dependency.pkg ];
@ -49,8 +51,8 @@ import ./simple-webapp-apache.nix {
    ProxyPreserveHost On
    ProxyPass         /apache-errors !
    ErrorDocument 503 /apache-errors/503.html
-    ProxyPass         /       http://127.0.0.1:${toString dependency.port}/ retry=5 disablereuse=on
-    ProxyPassReverse  /       http://127.0.0.1:${toString dependency.port}/
+    ProxyPass         /       ${targetProtocol}://127.0.0.1:${toString dependency.${portPropertyName}}/ retry=5 disablereuse=on
+    ProxyPassReverse  /       ${targetProtocol}://127.0.0.1:${toString dependency.${portPropertyName}}/
    ${extraConfig}
  '';
 }
--- a/services-agnostic/constructors.nix
+++ b/services-agnostic/constructors.nix
@ -29,7 +29,7 @@ in

  reverseProxyApache = import ./apache/reverse-proxy-apache.nix {
    inherit createManagedProcess logDir cacheDir runtimeDir forceDisableUserChange;
-    inherit (pkgs) stdenv runCommand apacheHttpd php writeTextFile;
+    inherit (pkgs) stdenv lib runCommand apacheHttpd php writeTextFile;
  };

  tomcat = import ./apache-tomcat {