GIS Tutorials >> GeoServer >> Intermediate GeoServer Tutorials >> Configuring GeoServer Proxy for Public and Remote Data Access

Main Menu

GIS Application Tutorials

GIS Programming Tutorials

GIS Theoretical Tutorials

GISTutor Newsletter



GISTutor Poll

How did you hear about us?
 

GISTutor Users Online

We have 12 guests online
Configuring GeoServer Proxy for Public and Remote Data Access
( 5 Votes )

This tutorial is designed for intermediate level users of GeoServer as it explains how to properly configure your GeoServer installation to run outside of localhost:8080 using an Apache ProxyPass.  This tutorial will also explain how to configure your web server to request data from a remote host by setting up your own proxy.cgi.  This can help solve a common issue of trying to load data via WFS from a remotely hosted server, when using OpenLayers with GeoServer WFS.

I strongly recommend using a web browser that has access to developer tools which allow for greater debugging ability, ie Google Chrome or Mozilla Firefox (with the latest Firebug extension installed).  By completing this tutorial users will also learn how to change the default GeoServer login and password information.

 

Setting up the Apache ProxyPass for GeoServer Public Data Access

 

By default, GeoServer installs itself to run through localhost:8080, which is evident by the location of the GeoServer Web Admin Interface which can be found at http://localhost:8080/geoserver/web.  This configuration is great for rendering GIS graphical information on your own server using your own data.  However it does not allow you to publish your layers to public areas, ie. http://yourdomain.com/geoserver/web.  In order to setup the Apache ProxyPass we will have to modify the httpd.conf configuration file on your server, add in the ProxyPass information and restart your Apache Web Server for the settings to take effect.  On Linux systems enter the following commands:

su –
vi /etc/httpd/conf/httpd.conf

Use the arrow keys to scroll down to the <VirtualHost *:80> section used for yourdomain.com, press ‘I’ to enter INSERT mode, copy the text below and right click to paste the ProxyPass into your httpd.conf file right above the </VirtualHost> tag.

ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /geoserver http://localhost:8080/geoserver
ProxyPassReverse /geoserver http://localhost:8080/geoserver

Press the ‘Esc’ key to exit INSERT mode, then save and close the file by entering :wq.

Now you must restart your Apache Web Server for the settings to take effect.

service httpd restart

To test the Apache ProxyPass try navigating to http://yourdomain.com/geoserver/web and see if the GeoServer Admin Web Interface appears.  Now requests sent to the public web address will be passed through the Apache ProxyPass to your GeoServer installation.

 

Changing the Default GeoServer Admin Login and Password Information

 

Now that your GeoServer is accessible to the outside world via http://yourdomain.com/geoserver/web, it is essential to modify the default administrator login of user ‘admin’ and password ‘geoserver’.  This information is stored within a file called users.properties which can be found in the GeoServer security directory, ex. /usr/local/geoserver/data_dir/security/users.properties.  To modify the login information enter the following commands on Linux:

vi /usr/local/geoserver/data_dir/security/users.properties

Again use the arrow keys to navigate to the line that says

admin=geoserver,ROLE_ADMINISTRATOR

 

Press ‘I’ to enter INSERT mode and change the username and password, when finished press ‘Esc’ and enter :wq to save and close.  Now try logging in using the new information you just setup.

 

Configuring an OpenLayers proxy.cgi for Loading Local and Remotely Hosted GeoServer WFS Data

 

A common problem when starting off using GeoServer and OpenLayers occurs when you try and host WFS data from your own GeoServer in an online public application.  If you are running a script stored on yourdomain.com and your OpenLayers code is trying to load a GeoServer WFS layer stored on your localhost you may run into the following error message.

 

XMLHttpRequest cannot load http://www.yourdomain.com/geoserver/wfs. Origin http://localhost is not allowed by Access-Control-Allow-Origin.

 

This error is caused by a security feature in XMLHttpRequest which was designed to request only from the domain it was loaded.  Because the request is coming from the online space, and trying to access the localhost it determines that the origins do not match.  A work around for this is to create a proxy.cgi script, and save it in the cgi-bin directory of your Apache Web Server, /var/www/cgi-bin/proxy.cgi.  Make sure to save your proxy.cgi to have executable permissions. An example OpenLayers proxy.cgi can be downloaded from here. http://trac.osgeo.org/openlayers/browser/trunk/openlayers/examples/proxy.cgi

 

Modify the file using the vi technique described above, adding into the allowedHosts variable ‘localhost’ and ‘localhost:8080’.  Save and close the file, :wq and restart the Apache Web Server for the settings to take effect

service httpd restart

To test if you have properly setup the OpenLayers proxy.cgi, navigate to http://yourdomain.com/cgi-bin/proxy.cgi.  If all goes well you should see the OpenLayers site.

 

To use this proxy.cgi within your OpenLayers application, you must include the following line.

OpenLayers.ProxyHost = "/cgi-bin/proxy.cgi?url=";

Now OpenLayers XMLHttpRequests are allowed to load information hosted on localhost or localhost:8080.  Now that the OpenLayers proxy.cgi has been setup, to allow further access to remotely hosted GeoServer WFS data simply add in all the remote host names you would like your application to access, then restart your Apache Web Server.

 

Users should now have a thorough understanding of how to configure their GeoServer installation for public and remote data access.  Users should also have the ability to modify the default GeoServer login information for greater security.  Users should also have gained the understanding of allowing public display of layers stored within their local GeoServer installation.
 

Comments  

 
0 #25 2012-11-30 03:12
please help, iam an unable to see the editing tool bar. Iam loading my data from local host:8080/geoserver/index.html.
I can see the save icon and if i hover over the supposed locations for the other icons, i can read them and even use them. I followed the example give by mes, one of the users to remove (../) and replace it with ("theme/ default/img/pan_on.pgn") and this works from a file system if i open the index page and not from local host. please help!
Quote
 
 
0 #24 2012-11-10 16:59
I think that this work is really interesting, thank you very much. I don't know if you can help me, because i use windows and not Linux, however i try to ask you. I have the error XMLHttpRequest; the folder cgi-bin where must i put? In WebContent or WEB-INF of my web application? In C:\\programs\ap ache.tomcat\lib or other? Thanks in each case.
Quote
 
 
0 #23 2012-07-17 19:34
I just installed geoserver on linux servers, and would like to access from window pc. Anyone please kindly advise what I need to configure. when I tried to acess to linux server from my window pc:
10.1xx.1x.3x:8080/.../web

I got the error page can't display.
Quote
 
 
0 #22 2012-05-21 17:21
I am following your tutorial and I was able to configure the tomcat 6 and apache but I am still unable to display the WFS using your proxy.cgi. I am getting the following error.

POST localhost/.../... 404 (Not Found)
Quote
 
 
-1 #21 2012-02-29 15:00
ı want to execute this tutorial on windows machine and ı made until proxypass but ı cant do proxy.cgi part ı download proxy.cgi and put into apache cgi-bin folder and add openlayers.proxyhost sentence but it not works help mee pls
Quote
 
 
0 #20 2012-01-26 20:16
Carlos,

Try to setup the proxy.cgi as described in the tutorial, adding '192.168.10.1' and '192.168.10.1:6060' to the allowedHosts array.

Hope it works out for you.
Quote
 
 
0 #19 2012-01-26 19:58
Hi, if my error is:
XMLHttpRequest cannot load 192.168.10.1:6060/.../wfs. Origin null is not allowed by Access-Control-Allow-Origin.

Here the Origin is null and not localhost. Is the same solution for this?
Quote
 
 
0 #18 2011-11-11 14:59
Hi Admin,

thx for article. Could you write something similar for Win users?

I've my geoserver 2.1.2 intalled on Win 7 32b Ultimate virtual drive. I istalled apache+php+pyth on via OSGeo4W intaller, modified alias in .conf file. I'm able to run cgi scripts, but for some reasons, it can't find urllib2 library (by default, OSGeo4W installs python.exe to different dir then .py libs). How do I adress .py library in proxy.cgi script? Is there any possibility to use PHP scripts? If yes, could you point me, pls?

Thank you,
Tom
Quote
 
 
+2 #17 2011-11-02 17:27
Nahom,

As I mentioned before I do not use Glassfish and am not familiar with it's configuration. I believe Glassfish can be configured to enable CGI use, but I'm not sure how this is achieved. Therefore I am unable to provide you with any proxy script or alternatives for Glassfish as this is not my area of expertise. You will have to look elsewhere for information on using OpenLayers and GeoServer with Glassfish.

The only alternative I can suggest would be to use Apache, and follow along the detailed instructions provided in this tutorial.
Quote
 
 
-3 #16 2011-10-31 06:40
Dear Admin there is no such CGI directory in Glassfish server,will you please provide me a script of proxy for Windows with instruction to place it where??
Quote
 
 
-4 #15 2011-10-30 12:38
well when will i get that proxy.cgi script for glassfish.and another thing there is no such cgi directory on glassfish and i'm doing my project in Windows
Quote
 
 
0 #14 2011-10-28 00:12
Nahom,

I have never used Glassfish but I assume it functions similar to Apache. I would try to create a proxy.cgi script and place it in the Glassfish CGI directory. Then point the Openlayers.Proxyhost to the relative web location of your proxy.cgi script.
Quote
 
 
0 #13 2011-10-24 08:10
hey admin I'm using geoserver2.1.1 glassfish-3.0.1 and postgis as a database site.so what should i do for Openlayers.Proxyhost.
Quote
 
 
+1 #12 2011-09-27 00:04
The default geoserver login information is as follow:
user: admin
pass: geoserver

These user account and password settings are stored in a file called users.properties and should be modified. They can be found in your Geoserver directory, ex. /usr/local/geoserver/data_dir/security/users.properties. I suggest you navigate to the location you installed geoserver and modify this file with your desired user name and password for login.
Quote
 
 
0 #11 2011-09-26 18:49
This for LINUX users. I've installed geoserver locally, under Apache Tomcat 6. Even if I had installed under Linux, what UserName and Password is to be installed?
Quote
 
 
0 #10 2011-09-07 02:00
In the article,the Geoserver is installed in the Apache.
But what should i do,if i had installed the Geoserver in the Tomcat, or used the "geoserver-2.1.1.exe" that is not any one between Apache and Tomcat,but is Jetty.
Quote
 
 
0 #9 2011-08-26 01:33
Derek,

Have you taken a look at your error log? The usual location is /var/log/httpd/error_log. It might be able to provide a bit more information as to what is causing your internal server error.

I normally store my proxy.cgi in the /var/www/cgi-bin/ directory, and I see that you have stored yours in /usr/lib/cgi-bin. Can you confirm that is your apache web directory?

Please provide any additional information that you can to help me look further into your problem.
Quote
 
 
+1 #8 2011-08-25 15:18
Looking for some help; when I try an access localhost/cgi-bin/proxy.cgi, I get the dreaded:
Internal Server Error
The server encountered an internal error or misconfiguratio n and was unable to complete your request.

What are possible causes of this? I have checked the proxy.cgi in the /usr/lib/cgi-bin directory has executable permissions.
Quote
 
 
0 #7 2011-08-12 18:21
Hi, total newbee here. I'm really glad I found your tutorial, thanks a lot!
However as I'm running geoserver on windows7 and with apache tomcat, I have no idea where to find the httpd.conf file to add the proxypass. Do I miss a program or something else?
Any help would be super appreciated but again, merci beaucoup pour le tutorial.
Quote
 
 
0 #6 2011-05-05 17:07
Unfortunately I do not have enough experience with configuring windows GIS servers to provide a direct solution. Looking at the proxy.cgi script I can see that the first line #!/usr/bin/env python is a linux specific path. You will have to make modifications to the example proxy script if you are planning on running this on a windows server.

Some links that may help point you in the right direction are listed below.
osgeo-org.1803224.n2.nabble.com/.../

gis.stackexchange.com/.../...
Quote
 
 
+1 #5 2011-05-05 15:25
first I d like to thank u for yr support but i d like to let know i am using windows xp, i am using apache 2.2 installed on windows only for this cgi file, also i ve tried to configure ir for iis i ve installed perl & configured the iis "Default web site" to use the perl .exe for my cgi file. after doing this a new error message happened, it is
-----------------------------------------
CGI Error

The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are:
Can't exec /usr/bin/env at c:\inetpub\wwwr oot\cgi-bin\proxy.cgi line 1.
-----------------------------------------
please help me to overcome this problem.

thanx
Quote
 
 
+1 #4 2011-05-04 21:04
Wael, I suspect that it could be your file ownership or permission settings for your proxy.cgi or your cgi-bin directory. Make sure to check your error log located at /var/log/httpd/error_log

To setup the permissions and ownership, I recommend the following commands
cd /var/www
chmod -R 755 cgi-bin/
chown -R root.apache cgi-bin/
This will grant the read and execute permissions to the apache user for the cgi-bin directory and all files within it, while keeping the write permissions under your root user account.


Alternatively, the forbidden message could also be caused by your Apache configuration which has some access restrictions in place. Read through questions 14 and 15 from this website for further information about Apache configuration. httpd.apache.org/.../...
Quote
 
 
+2 #3 2011-05-04 14:25
Please help
i ve done all what is mentioned here but i receive this message when testing the step of proxy cgi is working
"Forbidden

You don't have permission to access /cgi-bin/proxy.cgi on this server."

anyone can help !!!!


thank u all
Quote
 
 
0 #2 2011-04-05 17:30
Thanks karlg

I have updated the tutorial to include the executable file permissions.
Quote
 
 
+2 #1 2011-04-03 16:19
The proxy.cgi file needs to be made executable.

Nice tutorials though!
Quote
 

Add comment


Security code
Refresh