Using Apache 2.4 to proxy Cascade CMS
Overview
This article is provided as an example of using Apache 2.4 to to proxy Cascade CMS. It is for informational purposes only, and Hannon Hill Product Support cannot provide Apache configuration support or assistance.Apache 2.4 modules used
mod_authz_core
mod_deflate
mod_filter
mod_rewrite
mod_proxy
mpd_proxy_ajp
mod_proxy_wstunnel
mod_ssl
Base Configuration
Apache 2.4
Apache 2.4 can be used to proxy requests to the Cascade CMS Tomcat container. The benefit being additional control over request handling and simplified SSL handling. Here is a sample configuration that forces connections over SSL using mod_proxy
, handles SSL using mod_ssl
, proxies requests to the Tomcat container using mod_proxy
and mod_proxy_ajp
and adds compression using mod_deflate
:
Listen 0.0.0.0:443
SSLStrictSNIVHostCheck off
<VirtualHost *:80>
ServerName cascade.example.edu
RewriteEngine on
RewriteRule ^(.*)$ https:/cascade.example.edu$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName cascade.example.edu
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5
SSLCertificateFile /path/to/cert.crt
SSLCertificateKeyFile /path/to/key.key
SSLCertificateChainFile /path/to/intermediate.xrt>
ProxyIOBufferSize 65536
# Websocket configuration
ProxyPass /websocket ws://localhost:8080/websocket
ProxyPassReverse /websocket ws://localhost:8080/websocket
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
AddOutputFilterByType DEFLATE "application/javascript" \
"application/json" \
"application/rss+xml" \
"application/vnd.ms-fontobject" \
"application/font-sfnt" \
"application/font-woff" \
"font/opentype" \
"font/woff2" \
"application/x-javascript" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/css" \
"text/html" \
"text/javascript" \
"text/plain" \
"text/xml"
</VirtualHost>
Tomcat
Given the apove Apache 2.4 configuration, the following Connectors are assumed within the Tomcat container's server.xml configuration:
<Connector port="8080"
maxThreads="256"
maxPostSize="6000000"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxSwallowSize="-1"
compression="on"
compressionMinSize="1024"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="application/javascript,application/json,application/rss+xml,application/vnd.ms-fontobject,application/font-sfnt,application/font-woff,font/opentype,font/woff2,application/x-javascript,application/xhtml+xml,application/xml,font/eot,font/opentype,image/svg+xml,image/vnd.microsoft.icon,image/x-icon,text/css,text/html,text/javascript,text/plain,text/xml" />
<Connector port="8009"
protocol="AJP/1.3"
redirectPort="8443"
tomcatAuthentication="true"
packetSize="65536"
maxPostSize="6000000" />
tomcat/conf.Websocket Support
Cascade CMS utilizes Websockets for almost-real-time notifications and partial UI refreshing, as opposed to repeatedly polling with AJAX requests. As such, the mod_proxy_wstunnel
module and additional configuration are required in order to allow Apache to handle these websocket requests. Note the following section within the above configuration:
# Websocket configuration
ProxyPass /websocket ws://localhost:8080/websocket
ProxyPassReverse /websocket ws://localhost:8080/websocket
The key is the port within this directive needs to match the non-SSL port defined within the Tomcat container. Don't worry about this not being SSL here, normal web requests are forced over SSL and Cascade CMS will automatically change the websocket request over to wss://
, which is the secure protocol for websockets.