Crowd behind Apache reverse proxy not working

Nicolas Grussenmeyer August 18, 2017

Hi,

I could not get a working solution in this post so i'm creating a new topic to get more visibility:

I've installed crowd on Windows2k12 x64 and then installed Apache 2.4 in order to handle the reverse proxy service for inbound port 80 connections split.

I followed the Atlassian documentation on how to setup apache reverse proxy with atlassian products. When using the exact same config they do, I have a 404 error because i'm redirected to myserver.com/crowdcrowd/ instead of myserver.com/crowd.

Here are the edited config files (according to the above documentation) with changes in bold:

Crowd :

"%crowd_install_dir%\apache-tomcat\conf\server.xml":

<?xml version="1.0" encoding="UTF-8"?>
<Server port="8020" shutdown="SHUTDOWN">

<Service name="Catalina">

<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8095"
redirectPort="8443"
useBodyEncodingForURI="true"
URIEncoding="UTF-8"
compression="on"
compressableMimeType="text/html,text/xml,application/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
proxyName="my.public.url.com"
proxyPort="80"
scheme="http" />

<Engine defaultHost="localhost" name="Catalina">
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"/>
</Engine>

<!-- To connect to an external web server (typically Apache) -->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
-->
</Service>

<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

</Server>

"%crowd_home_dir%\crowd.properties":

Here you can notice that in this documentation they say "set the application base URL" and the link to the crowd how to talks about a "crowd.base.url" option which is not in the config file example of the same page...

#Tue Aug 01 17:16:56 CEST 2017
session.lastvalidation=session.lastvalidation
session.tokenkey=session.tokenkey
crowd.server.url=http\://localhost\:8095/crowd/services/
application.name=crowd
http.timeout=30000
session.isauthenticated=session.isauthenticated
application.login.url=http\://localhost\:8095/crowd
session.validationinterval=0
application.password=xI7zRhJbnldWLclxRRJ9cJ

Apache config 

(the correct modules are activated in httpd.conf)

crowd_vhost.conf:

<VirtualHost *:80>
ServerName my.public.url.com

ErrorLog "logs/my.public.url.com-error.log"
CustomLog "logs/my.public.url.com-access.log" common

ProxyRequests Off
ProxyVia Off

<Proxy *>
Require all granted
</Proxy>

# ProxyPreserveHost on
ProxyPass /crowd http://localhost:8095/crowd
ProxyPassReverse /crowd http://localhost:8095/crowd
</VirtualHost>

With this Apache conf, i'm redirected to my localhost:8095 instead of localhost:8095/crowd

if i change it to :

ProxyPass / http://localhost:8095/crowd
ProxyPassReverse / http://localhost:8095/crowd

it redirects me to localhost:8095/crowdcrowd/ and I get a 404 from crowd's tomcat7

 

I'm stuck and can't figure out what's not good here. Any help appreciated. 

Thanks

3 answers

0 votes
Juho Itä February 8, 2020

I realise this is an old topic, but I'm upgrading some ancient systems and I stumbled to this issue.
There are some differences between versions, but I solved /crowd/crowd redirection issue with configuration below on Crowd 2.8.3 version.

The ProxyPass* rules are inside <Location> directive as I have some IP restriction rules also inside the directive.

* Crowd 2.8.3 requires both / and /crowd/ proxy to 8095/crowd/
* Crowd 2.6.4 required only / proxy to 8095/

# Apache configuration for Crowd 2.8.3
<Location />
ProxyPass http://10.10.10.11:8095/crowd/
ProxyPassReverse http://10.10.10.11:8095/crowd/
</Location>

<Location /crowd/>
ProxyPass http://10.10.10.11:8095/crowd/
ProxyPassReverse http://10.10.10.11:8095/crowd/
</Location>
0 votes
Johan Almqvist October 22, 2017

It seems I was able to resolve this with

 ProxyPass /rest/ http://localhost:8095/crowd/rest/ connectiontimeout=10 keepalive=On
ProxyPassReverse /rest/ http://localhost:8095/crowd/rest/
ProxyPass / http://localhost:8095/ connectiontimeout=10 keepalive=On
ProxyPassReverse / http://localhost:8095/
0 votes
edwin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 19, 2017

Try uncommenting ProxyPreserveHost 

Use it with ProxyPass /

Nicolas Grussenmeyer August 21, 2017

Hi,

 

Thanks for the suggestion. i tried it but same result, it redirects me on myrul.com/crowdcrowd/

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events