Friday May 15, 2009

web 6.1 Reverse Proxy Plug-in 1.0.2 is out !

Hi,


I just got the news that 


Reverse Proxy Plug-in 1.0.2 is
released for Sun Java System WebServer 6.1 SP11 is out , please try it at


https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_SMI-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=SJWS-6.1SP11-RPAddOn1.0.2-G-F@CDS-CDS_SMI

The Release Notes are here: http://docs.sun.com/app/docs/doc/820-7660

Thursday Jan 01, 2009

how to bypass RPP and AM agent to get perfdump

Sometimes, you like to get perfdump (/.perf) from web or proxy servers, but the RPP or AM agent may prevent you from doing this. So, you can try below:


 1. follow the steps of perfdump at


http://docs.sun.com/app/docs/doc/820-5719/abyaq?l=en&a=view&q=perfdump


 2. if you got RPP in your web server, then


<Client match="none" uri="/.perf">

NameTrans fn="map" from="/" name="reverse-proxy-/" to="http:/"
</Client> 


then both perf dump and rpp will work ok.

The above will map rpp if uri not equal to /.perf, and will skip rpp
if uri is /.perf


So, both requests to rpp and .perf will work ok.

3. if you got AM agent in your proxy server, then


................ 


NameTrans fn="assign-name" name="stats-xml" from="(/stats-xml|/stats-xml/.\*)"
NameTrans fn="assign-name" name="statistics" from="/.abc/.statistics"
................


PathCheck fn="url-check"
<Client match="none" uri="/.abc(/.\*|)">
PathCheck fn="validate_session_policy"
</Client>

Service fn="deny-service"
AddLog fn="flex-log" name="access"
</Object>


.........


<Object name="stats-xml">
Service fn="stats-xml"
</Object>

<Object name="statistics">
Service fn="service-dump"
</Object>


 then a request to get the statistics will work ok without the AM agent Path Check .





Monday Jun 30, 2008

What will happen when rewrite-host="true" is set in Sun Java web server RPP ?

Sometimes, when we found the backend web application not working via the RPP , but working fine when you tried accessing it directly. It may be due to the Host header. 


 By default, Host header is not rewritten, see docs at


http://docs.sun.com/source/819-0902-05/rpp61.html 


 "rewrite-host
- (Optional) Boolean that indicates whether
service-passthrough should rewrite the Host header sent to
remote servers, replacing the local server's hostname with the
remote server's hostname. If not specified, rewrite-host
defaults to false."


 What it means above is that the Host header passed to backend is the Host header as the incoming request, e.g.


consider the request flow below in a imagined env. : 


1. IE or firefox browser incoming request  


 --->2. RPP web server (hostname=syntax)


      -->3.  Web server (serving statics here and pass jsp/servlet to another backend App server,  hostname=apple here)


          -->4.  backend App server (e.g. IBM, BEA or called Oracle now, Sun App server, etc, called it pear here)


 When we use the default config, e.g.


in syntax host, obj.conf for RPP:


"...... 


NameTrans fn="assign-name" from="/abc/def/ghi/index.jsp(|/\*)" name="david"

<Object name="david">
Service fn="service-passthrough" servers="https://apple.asia.sun.com:443"
</Object>
"


Note, we are using the default above without rewrite-host="true", then a snoop at the RPP web server, syntax for both incoming request and outgoing passthrough will show below headers,


 1. incoming request headers:

GET /abc/def/ghi/index.jsp  HTTP/1.1
Host: syntax.asia.sun.com:61801
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,\*/\*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,\*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: .....;s_cc=true; s_sq=%5B%5BB%5D%5D
Pragma: no-cache
Cache-Control: no-cache

and the passthrough headers to the intermediate web server relay at apple is :


GET /abc/def/ghi/index.jsp  HTTP/1.1
Via: 1.1 https-rpp \*\*\*
Host: syntax.asia.sun.com:61801  (note- same as RPP frontend !) ###
Proxy-jroute: 8+V7 \*\*\*
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,\*/\*;q=0.5
Accept-language: en-us,en;q=0.5
Accept-encoding: gzip,deflate
Accept-charset: ISO-8859-1,utf-8;q=0.7,\*;q=0.7
Pragma: no-cache
Cache-control: no-cache
Cookie: .......; s_cc=true; s_sq=%5B%5BB%5D%5D
Proxy-ip: 129.150.154.121 \*\*\* (syntax is 129.158.175.19   and apple is 129.158.175.16  and browser is  129.150.154.121 , the above is the browser IP as noted in docs. )


Note - the \*\*\* are new headers added after the RPP. 


You can see the same Host header above at


Host: syntax.asia.sun.com:61801  (note- same as RPP frontend!) ###



Sometimes, it can cause a problem to the backend App server because their webapps may expect a Host header like below instead ,


 Host: apple.asia.sun.com:443  (which is the intermediate web server hostname)


 To workaround any possible issues due to this passthrough, you can add rewrite-host="true" into the RPP frontend config,


e.g.


 


"...... 


NameTrans fn="assign-name" from="/abc/def/ghi/index.jsp(|/\*)" name="david"


<Object name="david">

Service fn="service-passthrough" servers="https://apple.asia.sun.com:443"  rewrite-host="true"

</Object>

"


then if we looked at the passthrough headers again after the RPP, it will change to have the new Host header = apple, e.g.


GET /abc/def/ghi/index.jsp  HTTP/1.1

Via: 1.1 https-rpp \*\*\*

Host:  apple.asia.sun.com:443 (note- same as intermediate web server apple now !) ###

Proxy-jroute: 8+V7 \*\*\*

User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,\*/\*;q=0.5

Accept-language: en-us,en;q=0.5

Accept-encoding: gzip,deflate

Accept-charset: ISO-8859-1,utf-8;q=0.7,\*;q=0.7

Pragma: no-cache

Cache-control: no-cache

Cookie: .......; s_cc=true; s_sq=%5B%5BB%5D%5D

Proxy-ip: 129.150.154.121 \*\*\* (syntax is 129.158.175.19   and apple is
129.158.175.16  and browser is  129.150.154.121 , the above is the
browser IP as noted in docs. )


 So, hopefully, this can help some users when they run into above issues in RPP.


As a side issue, I found rewrite-host="true"  can be used in some redirection issues in some situations, e.g.


from http to https or vice versa and there is a redirect with a new Location: header from backend server,


then add the rewrite-host="true"  will likely help resolve the issues.

Tuesday Jun 24, 2008

Simple Load Balancing (LB) in Sun Java Web Server Reverse Proxy Plugin (RPP)

One common mistake in setting up Load Balancing (LB) with Sun Java Web Server Reverse Proxy Plugin (RPP) is the use of commas or semi-colons to separate different backend hosts in the "servers" parameter.


See http://docs.sun.com/source/819-0902-05/rpp61.html#wp010


 "servers
- A quoted, space-delimited list of the servers that receive
the forwarded requests. Individual server names may optionally
be prefixed with http:// or https:// to indicate the protocol
and/or suffixed with a colon and integer to indicate the port."


 So, in my env,


I set up my RPP front-end to backend to two web instances, e.g. in RPP front-end obj.conf,


<Object name="default">
AuthTrans fn="match-browser" browser="\*MSIE\*" ssl-unclean-shutdown="true"
NameTrans fn="assign-name" from="/amserver(|/\*)" name="amserver"
NameTrans fn="assign-name" from="/amconsole(|/\*)" name="amconsole"
....


<Object name="amserver">
ObjectType fn="force-type" type="magnus-internal/passthrough"
Service  fn="service-passthrough" servers="https://apple.asia.sun.com:61602 https://apple.asia.sun.com:61802"  rewrite-host="true"
Error reason="Bad Gateway" fn="send-error" uri="/badgateway.html"
</Object>

<Object name="amconsole">
ObjectType fn="force-type" type="magnus-internal/passthrough"
Service fn="service-passthrough" servers="https://apple.asia.sun.com:61602 https://apple.asia.sun.com:61802" rewrite-host="true"
Error reason="Bad Gateway" fn="send-error" uri="/badgateway.html"
</Object>


You can see my AM server backends at servers="https://apple.asia.sun.com:61602 https://apple.asia.sun.com:61802" .
 (Note - the space delimiter above, NOT any comma or semi-colons!)


When we hit http://apple.asia.sun.com:61904/amserver/   (which is the front-end RPP url) 4 times,


I got LB hits across the two backends evenly,


 e.g. from https://apple.asia.sun.com:61602  backend instance logs,


129.158.175.16 - - [24/Jun/2008:11:45:47 +0800] "GET /amserver/ HTTP/1.1" 200 38 -- 750
129.158.175.16 - - [24/Jun/2008:11:46:05 +0800] "GET /amserver/ HTTP/1.1" 200 38 -- 750


and from https://apple.asia.sun.com:61802 backend  instance logs,


129.158.175.16 - - [24/Jun/2008:11:45:53 +0800] "GET /amserver/ HTTP/1.1" 200 38
129.158.175.16 - - [24/Jun/2008:11:46:10 +0800] "GET /amserver/ HTTP/1.1" 200 38


(You can see the alternate  time stamps above for the LB)  


When I tested and stopped 1st backend  instance https://apple.asia.sun.com:61602  backend instance, then all hits will go to the 2nd backend instance,


129.158.175.16 - - [24/Jun/2008:11:45:53 +0800] "GET /amserver/ HTTP/1.1" 200 38
129.158.175.16 - - [24/Jun/2008:11:46:10 +0800] "GET /amserver/ HTTP/1.1" 200 38



(after I stopped 1st backend instance, then all hits go to 2nd instance below)

129.158.175.16 - - [24/Jun/2008:11:47:22 +0800] "GET /amserver/ HTTP/1.1" 200 38
129.158.175.16 - - [24/Jun/2008:11:47:26 +0800] "GET /amserver/ HTTP/1.1" 200 38


Hope this shows how to set up and test RPP functions in Sun  Java Web Server .




Friday Jun 13, 2008

Sun Java System Web Server 6.1 Add-Ons Reverse Proxy Plugin

There are two versions of RPPs , you can see their banners at the web server errors log after a start up, e.g.


older one banner in errors logs when start up web server :
[18/Dec/2007:11:35:54] info (22836): PASS1000: Sun ONE Web Server 6.1SP3 Reverse Proxy Plugin B09/09/2004 11:59

newer RPP banner :
[15/Feb/2008:15:48:43] info (10935): PASS1000: Sun ONE Web Server 6.1SP7 Reverse Proxy Plugin B01/11/2007 23:21


You can see their docs at below:


newer 6.1SP8,

http://docs.sun.com/app/docs/doc/820-1647/funcs?a=view
"Introduction

The Reverse Proxy Plug-in is a NSAPI plug-in designed for use with the Sun Java System Web Server 6.1 SP8 and later Service packs.  "

and

older 6.1SP3 RPP,



http://docs.sun.com/source/819-0902-05/rpp61.html
"
Introduction

The Reverse Proxy Plugin is a NSAPI plugin designed for use with the Sun Java System Web Server 6.1 SP3 and later Service Packs.
"


 Please use the suggested Sun Java System Web Server versions as noted in the above docs.

About

Wing-Yip Walter Lee

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today