From: Christophe Jaillet <jailletc36@apache.org>
Date: Sun, 28 Feb 2021 14:28:53 +0000 (+0000)
Subject: Add an example.
X-Git-Tag: 2.4.47~107
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=322c51e1f5fd6e7c24c3fe3b3c736447eca33a26;p=thirdparty%2Fapache%2Fhttpd.git

Add an example.
Synch with 2.4.x (syntax highlight) + secret introduced in 2.4.42.
Small doc rearrangement so that the "Beyond this list of basic attributes" is actually after the description of all items.

Mostly r 1792168 + r1886996 on trunk


[skip ci]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1886997 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_proxy_ajp.xml b/docs/manual/mod/mod_proxy_ajp.xml
index e999f855cad..c729423cd1e 100644
--- a/docs/manual/mod/mod_proxy_ajp.xml
+++ b/docs/manual/mod/mod_proxy_ajp.xml
@@ -58,7 +58,18 @@
 
     <example><title>Simple Reverse Proxy</title>
     <highlight language="config">
-    ProxyPass "/app" "ajp://backend.example.com:8009/app"
+ProxyPass "/app" "ajp://backend.example.com:8009/app"
+    </highlight>
+    </example>
+
+    <p>Options such as the <code>secret</code> option of Tomcat (required by
+    default since Tomcat 8.5.51 and 9.0.31) can just be added as a separate
+    parameter at the end of <directive module="mod_proxy">ProxyPass</directive>
+    or <directive module="mod_proxy">BalancerMember</directive>. This parameter
+    is available in Apache HTTP Server 2.4.42 and later:</p>
+    <example><title>Simple Reverse Proxy with <code>secret</code> option</title>
+    <highlight language="config">
+ProxyPass "/app" "ajp://backend.example.com:8009/app" secret=YOUR_AJP_SECRET
     </highlight>
     </example>
 
@@ -80,7 +91,7 @@ ProxyPass "/app" "balancer://cluster/app"
     header given to the proxy, and the application server can be expected
     to generate self-referential headers relative to this host, so no
     rewriting is necessary.</p>
-    
+
     <p>The main exception is when the URL path on the proxy differs from that
     on the
     backend. In this case, a redirect header can be rewritten relative to the
@@ -100,7 +111,7 @@ ProxyPassReverse "/apps/foo" "http://www.example.com/foo"
 <section id="env"><title>Environment Variables</title>
     <p>Environment variables whose names have the prefix <code>AJP_</code>
     are forwarded to the origin server as AJP request attributes
-    (with the AJP_ prefix removed from the name of the key).</p>
+    (with the <code>AJP_</code> prefix removed from the name of the key).</p>
 </section>
 
 <section id="overviewprotocol"><title>Overview of the protocol</title>
@@ -492,11 +503,19 @@ attribute_value := (string)
     username and the type of authentication used to establish their identity
     (e.g. Basic, Digest).</p>
     <p>The <code>query_string</code>, <code>ssl_cert</code>,
-    <code>ssl_cipher</code>, and <code>ssl_session</code> refer to the
+    <code>ssl_cipher</code>, <code>ssl_session</code> and
+    <code>ssl_key_size</code> refer to the
     corresponding pieces of HTTP and HTTPS.</p>
     <p>The <code>jvm_route</code>, is used to support sticky
     sessions -- associating a user's sesson with a particular Tomcat instance
     in the presence of multiple, load-balancing servers.</p>
+    <p>The <code>secret</code> is sent when the <code>secret=secret_keyword</code>
+    parameter is used in
+    <directive module="mod_proxy">ProxyPass</directive> or
+    <directive module="mod_proxy">BalancerMember</directive> directives.
+    The backend needs to support secret and the values must match.
+    <code>request.secret</code> or <code>requiredSecret</code> are documented in the AJP
+    configuration of the Apache Tomcat.</p>
     <p>Beyond this list of basic attributes, any number of other attributes
     can be sent via the <code>req_attribute</code> code <code>0x0A</code>.
     A pair of strings to represent the attribute name and value are sent