URL context dispatching

mikcondo · November 20, 2020, 11:07am

Hello to all,
in a docker sworm environment I have N conatainers that expose, on port 8080, some http context (/ application1, / application2 …)

Then I have a container with Apache http server reachable on port 80 where, inside, I configured reverse proxy rules to reach all contexts from the other containers of the type:

ProxyPass / application1 / http: // container1: 8080 / application1 /
ProxyPassReverse / application1 / http: // container1: 8080 / application1 /

This solution works, but it forces me to edit the file with the reverse proxy rules for each new context.

Is there a more “elegant” mechanism to make the management of contexts dynamic?

Thanks

lewish95 · November 20, 2020, 1:49pm

So, destination doesn’t start with / which makes its location to be dependent on the path of the calling servlet?

Fix it accordingly:

request.getRequestDispatcher("/" + destination).forward(request, response);
By the way, if you’d like to prevent direct access to JSP as well (enduser could change the URL to point to the JSP without calling the controller first), then consider placing the JSPs in /WEB-INF folder. Don’t forget to change the RequestDispatcher path accordingly: “/WEB-INF/” + destination.

mikcondo · November 20, 2020, 4:44pm

I badly explained myself.
What I would like to do is access from a single domain (configured on container with Apache http server) to others context root exposed by different containers on port 8080

meyay · November 21, 2020, 11:04am

Yep, use Treafik traefik as reverse proxy instead. By adding traefik rules as service labels, you get event based updating of the reverse proxy rules whenever a service is deployed/removed.

mikcondo · November 23, 2020, 6:22pm

Great traefik! I already use it to route domains.
Containers with Apace servers have in the docher-compose the labels to publish the domain on traefik.
Then I have many containers in the Back-end that expose contexts that I currently “hook” to the domains with proxypass rules written in Apache configuration files … I would like to avoid this.

meyay · November 23, 2020, 8:24pm

There must be something I can not see…

Your Apache servers must do something additionaly, that prevents you from using Treafik for the context part as well… I would try to cut out the middleman (=the apache acting as reverse proxy).

mikcondo · November 23, 2020, 9:14pm

Yes meyay. Apache plays the role of “controller”. Incorporates a security module that checks authorized and unauthorized URLs.

meyay · November 23, 2020, 9:56pm

Secure module as in WAF (an apache module like mod secure?)? Or as in OIDC Client or SAML Service Provider? Or something entirely different?

You could mimic what treafik or jwilder’s nginx-proxy do: mount the docker.sock into your apache containers, register for docker events, parse their labels, render the values into a template, then reload apache. thought this will involve programming or clever scripting to some degree… If your security module would run with nginx as well (!=non apache module) you might be able to replace apache with jwilder’s nginx-proxy.

I hope someone will provide a better solution. Good luck!