Re: THREDDS and Apache ProxyPass

Hi Michael,

Thanks for this note. We haven't done any proxying of Tomcat so I'd like 
to add your text to our documentation if you don't mind.

I was looking at the Tomcat docs 
(http://tomcat.apache.org/tomcat-6.0-doc/proxy-howto.html) and it 
mentions adding a <Connector> element to the Tomcat configuration. Did 
you do this step as well? Or maybe this is an alternate to the 
"ProxyPreserveHost On" line?

Anyone else with experience in this matter have comments or additions?

Thanks,

Ethan

Godin, Michael wrote:
> I have not seen this come up in the THREDDS discussion or documentation, and I 
> was scratching my head for a while today to get it to work right, so here's a 
> tech note for consideration in the THREDDS documentation:
>
> THREDDS and Apache ProxyPass
>
> If you are using Tomcat on port 8080 (for example) and Apache on the default 
> port 80, you can use the Apache proxy module to hide the Tomcat port in the 
> URLs used to connect to THREDDS.  This may be critical if your server is behind 
> a firewall that only allows port 80 access.  It is also important if THREDDS is 
> running on a machine that is completely behind a firewall, but you have a 
> server running Apache that can talk to the machine.
>
> You will need to edit the Apache httpd.conf file (on Linux, it is stored in /etc/httpd/conf/).  
>
> Find the lines that start with "<IfModule mod_proxy.c>" and end with 
> "</IfModule>".  These lines may need to be uncommented.  Between these lines, make sure the 
> following line exists and is uncommented:
>
>     ProxyRequests On
>
> Then add the following lines:
>
>     ProxyPreserveHost On
>     <Location /thredds>
>         ProxyPass http://myhost.mydomain:8080/thredds
>         ProxyPassReverse http://myhost.mydomain:8080/thredds
>     </Location>
>     <Proxy http://myhost.mydomain:8080/thredds>
>         AllowOverride None
>         Order allow,deny
>         Allow from All
>     </Proxy>
>
> You of course need to replace "http://myhost.mydomain:8080/thredds"; with the 
> full URL of the THREDDS web application.
>
> The section between <Proxy... And </Proxy> can usually be omitted, but in some 
> cases a server is sufficiently locked down that you need to explicitly allow access to 
> resources.  It can also be edited to restrict access to registered users via Apache 
> authentication mechanisms.
>
> Finally, on the server command line (as a super/admin user), execute:
>
> apachectl graceful
>
> In my configuration, I initially failed to add the line "ProxyPreserveHost On", which caused me many headaches as links generated by THREDDS kept directing the client back to port 8080 (which was blocked by a firewall). 
>
> Best of luck, 
> Mike
> _____________________________________________
> Michael A. Godin
> Software Engineer
> Monterey Bay Aquarium Research Institute
> http://www.mbari.org
>
>
> ===============================================================================
> To unsubscribe thredds, visit:
> http://www.unidata.ucar.edu/mailing-list-delete-form.html
> ===============================================================================
>   

--
Ethan R. Davis                                Telephone: (303) 497-8155
Software Engineer                             Fax:       (303) 497-8690
UCAR Unidata Program Center                   E-mail:    address@hidden
P.O. Box 3000
Boulder, CO  80307-3000                       http://www.unidata.ucar.edu/
---------------------------------------------------------------------------


===============================================================================
To unsubscribe thredds, visit:
http://www.unidata.ucar.edu/mailing-list-delete-form.html
===============================================================================