| <?xml version="1.0"?> |
| <document> |
| <copyright> |
| Copyright 1999-2004 The Apache Software Foundation |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| </copyright> |
| <properties> |
| <title>Apache 2.0.43 - Tomcat 4.1.12 - jk2 - virtual host HOWTO</title> |
| <author email="unicoletti at prometeo.it">Umberto Nicoletti</author> |
| <date>Tue 22 Oct 2002 11:58:28 AM GMT-5</date> |
| </properties> |
| <section name="Scenario"> |
| <ul> |
| <li>RedHat Linux 7.2</li> |
| <li>Latest 1.4.x Sun JDK</li> |
| <li>Tomcat 4.1.12 binary</li> |
| <li>Apache 2.0.43 built from source</li> |
| <li>jk2 connector binary from jakarta.apache.org</li> |
| </ul> |
| </section> |
| |
| <section name="Requirements"> |
| <p> |
| Deploy three (in my case) web applications under three different virtual hosts, |
| making the default vhost |
| respond to any name and to the bare IP address. |
| </p> |
| </section> |
| |
| <section name="Installing JDK"> |
| <p>Note: download the jdk, not just the jre!</p> |
| <screen> |
| <note> |
| Uncompress the jdk somewhere in the filesystem. |
| I chose /usr/local/: |
| </note> |
| <type> |
| ll /usr/local/ |
| </type> |
| <read> |
| drwxr-xr-x 9 root root 4096 Oct 18 16:37 j2sdk1.4.1_01 |
| </read> |
| <read> |
| lrwxrwxrwx 1 root root 14 Oct 18 16:38 java -> j2sdk1.4.1_01/ |
| </read> |
| </screen> |
| <p> |
| make a symlink named java to j2sdk1.4.1_01/ so that you can |
| easily switch back and forth |
| between different jvms. We will use the same trick for apache and tomcat afterwards. |
| </p> |
| <p> |
| Now tell your bash shell where to find java binaries: create a file named java.sh in |
| /etc/profile.d with the following content: |
| </p> |
| <screen> |
| <type> |
| cat /etc/profile.d/java.sh |
| </type>type> |
| <read># set java environment</read> |
| <read></read> |
| <read>export JAVA_HOME=/usr/local/java</read> |
| <read>export PATH=$PATH:$JAVA_HOME/bin</read> |
| <read></read> |
| <read>export CLASSPATH=$JAVA_HOME/lib</read> |
| </screen> |
| <p> |
| do a chmod: |
| </p> |
| <screen> |
| <note> |
| Make java.sh readable and executable by anyone: |
| </note> |
| <type> |
| #chmod 755 /etc/profile.d/java.sh |
| </type> |
| </screen> |
| Now open a new shell and try this: |
| <screen> |
| <type> |
| which java |
| </type> |
| <read> |
| /usr/local/java/bin/java |
| </read> |
| </screen> |
| <p> |
| You should get the answer given above. If not chek your environment and make |
| sure that java.sh is executed |
| when opening a new shell. |
| Try to run a java program or the following: java -version. |
| </p> |
| <p> |
| If you don't like this way of installing java please ignore it. |
| |
| Make sure everything is ok and then jump to the next step. |
| </p> |
| </section> |
| |
| <section name="Installing Apache"> |
| <p> |
| Download the latest release, uncompress it, cd into the newly created directory |
| and run the following: |
| </p> |
| <screen> |
| <type> |
| ./configure -prefix=/usr/local/apache2.0.43 --sysconfdir=/etc/apache --localstatedir=/var --enable-so |
| </type> |
| </screen> |
| <p> |
| Of course you can customize the installation specifying other modules to enable |
| or whatever you like. |
| Just don't forget to ENABLE-SO, because that's what you need to load the |
| apache-tomcat connector. |
| </p> |
| <p> |
| Run make and make install. Create the log directories and others (you can skip |
| this if you know how |
| to configure where apache puts its log files -> edit httpd.conf): |
| </p> |
| <screen> |
| <type> |
| #mkdir /var/logs |
| </type> |
| <type> |
| #mkdir /usr/local/apache2.0.43/conf |
| </type> |
| <type> |
| #mkdir /usr/local/apache2.0.43/logs |
| </type> |
| </screen> |
| <p> |
| Create the symlink /usr/local/apache to /usr/local/apache2.0.43 and test your |
| installation |
| by executing: |
| </p> |
| <screen> |
| <type> |
| #/usr/local/apache/bin/apachectl start |
| </type> |
| </screen> |
| <p> |
| Open a browser and point it to the linux box: you should get a page telling you |
| that the apache installation |
| was successful. |
| If that doesn't happen check the logs and troubleshoot: common errors in this configuration |
| are that some directory holding log or configuration files is missing or maybe you have another web |
| server listening on port 80. |
| </p> |
| </section> |
| |
| <section name="Installing Tomcat"> |
| <p> |
| Uncompress the tomcat binaries in a directory of your choice. In this howto we |
| will use /opt. |
| Create a symlink named jakarta to the newly created directory so that you have |
| something like the following: |
| </p> |
| <screen> |
| <type> |
| ll /opt/ |
| </type> |
| <read>total 4</read> |
| <read>lrwxrwxrwx 1 root root 31 Oct 18 16:38 jakarta ->jakarta-tomcat-4.1.12-LE-jdk14/</read> |
| <read>drwxr-xr-x 12 root root 4096 Oct 18 18:10 jakarta-tomcat-4.1.12-LE-jdk14</read> |
| <note> |
| Start tomcat by running: |
| </note> |
| <type> |
| /opt/jakarta/bin/startup.sh |
| </type> |
| </screen> |
| <p>After a |
| few seconds point your browser at the IP of |
| the linux box on port 8080 and you should see the tomcat welcome page. |
| If not check the catalina.out log file in /opt/jakarta/logs and fix all errors |
| until Tomcat comes up. |
| </p> |
| </section> |
| |
| <section name="Configuring Tomcat to listen to Apache ajp13 requests"> |
| <p> |
| Here is a sample server.xml file. Please note that the location of directories |
| and log files is absolutely |
| arbitrary and you have to edit it to make it suit your needs. |
| <source> |
| <!-- Umberto Server Configuration File --> |
| |
| <Server port="8005" shutdown="SHUTDOWN" debug="0"> |
| <!-- Define an Apache-Connector Service --> |
| |
| <Service name="Tomcat-Apache"> |
| |
| <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 --> |
| <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" |
| port="8009" minProcessors="5" maxProcessors="75" |
| enableLookups="true" redirectPort="8443" |
| acceptCount="10" debug="0" connectionTimeout="20000" |
| useURIValidationHack="false" |
| protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/> |
| |
| <Engine name="Apache" defaultHost="www.home.net" debug="0"> |
| |
| <Logger className="org.apache.catalina.logger.FileLogger" |
| prefix="apache_log." suffix=".txt" |
| timestamp="true"/> |
| <!-- Access log processes all requests for this virtual host. --> |
| <Valve className="org.apache.catalina.valves.AccessLogValve" |
| directory="logs" prefix="localhost_access_log." suffix=".txt" |
| pattern="common" resolveHosts="false"/> |
| |
| <Host name="www.home.net" debug="0" |
| appBase="/opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/struts-example" |
| unpackWARs="true" autoDeploy="true"> |
| <Alias>localhost</Alias> |
| <Alias>www</Alias> |
| <Alias>10.0.0.10</Alias> |
| |
| |
| <Context path="" docBase="" debug="1"/> |
| |
| <Valve className="org.apache.catalina.valves.AccessLogValve" |
| directory="logs" prefix="home_access_log." suffix=".txt" |
| pattern="common" resolveHosts="false"/> |
| </Host> |
| |
| <Host name="www.customer1.it" debug="0" |
| appBase="/opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/struts-blank" |
| unpackWARs="true" autoDeploy="true"> |
| |
| <Context path="" docBase="" debug="1"/> |
| |
| <Valve className="org.apache.catalina.valves.AccessLogValve" |
| directory="logs" prefix="cust1_access_log." suffix=".txt" |
| pattern="common" resolveHosts="false"/> |
| </Host> |
| |
| <Host name="www.customer2.net" debug="0" |
| appBase="/opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/root" |
| unpackWARs="true" autoDeploy="true"> |
| |
| <Context path="" docBase="" debug="1"/> |
| |
| <Valve className="org.apache.catalina.valves.AccessLogValve" |
| directory="logs" prefix="cust2_log." suffix=".txt" |
| pattern="common" resolveHosts="false"/> |
| </Host> |
| |
| </Engine> |
| |
| </Service> |
| |
| </Server> |
| </source> |
| |
| This is a very minimalistic conf file, because we have taken away the HTTP1.1 |
| connector that allows us to talk directly to Tomcat. |
| It might not be good for development, but it should be good for production. |
| If you feel like you need also the Tomcat Standalone service then copy and paste |
| it from your original server.xml file |
| (you did back it up, didn't you?). |
| <br/> |
| Try to start tomcat again and check catalina.out to see if everything is up and |
| running. If it complains about |
| missing apr stuff try to edit /opt/jakarta/conf/jk2.properties and make it look so: |
| |
| <source> |
| # list of needed handlers. |
| handler.list=channelSocket,request |
| # Override the default port for the channelSocket |
| channelSocket.port=8009 |
| </source> |
| |
| If everything is ok move on to next section. |
| </p> |
| </section> |
| |
| <section name="Configuring Apache virtual hosting"> |
| <p> |
| rtfm at <a |
| href="http://httpd.apache.org/docs-2.0/vhosts/">http://httpd.apache.org/docs-2.0/vhosts/</a> |
| In the appendix you can find the httpd.conf file I used to write and test this |
| HOWTO. |
| </p> |
| </section> |
| |
| <section name="Configuring Apache to talk to Tomcat"> |
| <p> |
| Download the jk2 shared library for you version of apache and copy it in |
| /usr/local/apache/modules |
| (create the directory if necessary). If you can't find a suitable version of |
| jk2 ask it to the tomcat-user mailing list |
| or download the source and build it yourself (this is another HOWTO). |
| </p> |
| <p> |
| Create, if you haven't already, the /usr/local/apache/conf directory and create |
| a file named |
| workers2.properties with this content in it: |
| |
| <source> |
| # only at beginnin. In production uncomment it out |
| [logger.apache2] |
| level=DEBUG |
| |
| [shm] |
| file=/usr/local/apache/logs/shm.file |
| size=1048576 |
| |
| # Example socket channel, override port and host. |
| [channel.socket:localhost:8009] |
| port=8009 |
| host=127.0.0.1 |
| |
| # define the worker |
| [ajp13:localhost:8009] |
| channel=channel.socket:localhost:8009 |
| |
| # Uri mapping |
| [uri:10.0.0.10/*.jsp] |
| worker=ajp13:localhost:8009 |
| |
| [uri:www.home.net/*.jsp] |
| worker=ajp13:localhost:8009 |
| |
| [uri:www.customer1.it/*.jsp] |
| worker=ajp13:localhost:8009 |
| |
| [uri:www.customer2.net/*.jsp] |
| worker=ajp13:localhost:8009 |
| </source> |
| |
| Edit the file, change ip addresses and names to suit your needs and save it. |
| </p> |
| <p> |
| Edit http.conf and add the following line in the Modules section: |
| |
| <source> |
| LoadModule jk2_module modules/mod_jk2.so |
| </source> |
| |
| Save http.conf and try to start apache. It should now load the jk2 connector and |
| the configuration |
| from workers2.properties. |
| Check the error log to make sure everything is ok. |
| </p> |
| <p> |
| Start tomcat and try to load a HTML page in your browser: apache should return |
| the page |
| without problems. |
| Now try with a jsp page: it should display after a little. |
| <br/> |
| If you get errors check that the path and host names (double check also the |
| configuration of DNS |
| with your network administrator) are ok, the directories are readable by both |
| Tomcat and Apache. |
| Again look into the log files. |
| </p> |
| <p> |
| If everything works go to next section. |
| </p> |
| </section> |
| |
| <section name="The last trick"> |
| <p> |
| Now ask your network administrator to set up an alias for your brand new server |
| (use jspsrc if |
| you like to stick to this howto). |
| If you don't have easy access to dns try to edit your hosts file (on the client |
| where you open the browser) |
| and add a line as follows: |
| |
| <source> |
| 10.0.0.10 jspsrc |
| </source> |
| |
| where 10.0.0.10 is the ip of your server. Open your browser and type this in |
| your location bar: |
| |
| <source> |
| http://jspsrc |
| </source> |
| |
| and navigate to a jsp page. You should get the source of the jsp page into your |
| browser! |
| </p> |
| <p> |
| This is clearly a security problem, if not a major annoyance. |
| </p> |
| <p> |
| What's wrong with the setup we came up so far? The problem is (or should be) |
| that the ajp13 |
| connector can't find a virtual host that matches the jspsrc uri. |
| What we need to do is set up the default virtual host so that ALL *.jsp requests |
| get handled by tomcat. |
| </p> |
| <p> |
| How do we do it? |
| </p> |
| <p> |
| Read on if you want to know how. |
| </p> |
| </section> |
| |
| <section name="JK directives in httpd.conf"> |
| <p> |
| In addition to the workers2.properties you can put Jk diretives directly into |
| the httpd.conf file (just as you did |
| with jk and webapp). |
| Edit the default virtual host section in httpd.conf and add the following lines |
| in the end, before |
| <code></VirtualHost></code>: |
| |
| <source> |
| <Location "/*.jsp"> |
| JkUriSet worker ajp13:localhost:8009 |
| </Location> |
| </source> |
| |
| Restart Apache and test the jspsrc url again. |
| </p> |
| <p> |
| The jsp source should not be displayed anymore. |
| </p> |
| </section> |
| |
| <section name="Notes"> |
| <p> |
| I think a better approach would be to remove all uri directives from |
| workers2.properties |
| and to put them in http.conf as we did in the previous section for the defualt |
| virtual host. |
| Experiment and let me know. |
| </p> |
| </section> |
| |
| <section name="APPENDIX A: httpd.conf"> |
| <p> |
| <source> |
| # |
| # Umberto Nicoletti, 18/10/2002 |
| # |
| |
| ### Section 1: Global Environment |
| |
| ServerRoot "/usr/local/apache" |
| ErrorLog logs/error_log |
| |
| <IfModule !mpm_winnt.c> |
| <IfModule !mpm_netware.c> |
| #LockFile logs/accept.lock |
| </IfModule> |
| </IfModule> |
| |
| # ScoreBoardFile: File used to store internal server process information. |
| <IfModule !mpm_netware.c> |
| <IfModule !perchild.c> |
| #ScoreBoardFile logs/apache_runtime_status |
| </IfModule> |
| </IfModule> |
| |
| <IfModule !mpm_netware.c> |
| PidFile logs/httpd.pid |
| </IfModule> |
| |
| Timeout 300 |
| |
| KeepAlive On |
| MaxKeepAliveRequests 100 |
| KeepAliveTimeout 15 |
| |
| <IfModule prefork.c> |
| StartServers 5 |
| MinSpareServers 5 |
| MaxSpareServers 10 |
| MaxClients 150 |
| MaxRequestsPerChild 0 |
| </IfModule> |
| |
| <IfModule worker.c> |
| StartServers 2 |
| MaxClients 150 |
| MinSpareThreads 25 |
| MaxSpareThreads 75 |
| ThreadsPerChild 25 |
| MaxRequestsPerChild 0 |
| </IfModule> |
| |
| <IfModule perchild.c> |
| NumServers 5 |
| StartThreads 5 |
| MinSpareThreads 5 |
| MaxSpareThreads 10 |
| MaxThreadsPerChild 20 |
| MaxRequestsPerChild 0 |
| </IfModule> |
| |
| # listen on all ports |
| Listen 80 |
| |
| # |
| # Dynamic Shared Object (DSO) Support |
| # |
| LoadModule jk2_module modules/mod_jk2.so |
| |
| ### Section 2: 'Main' server configuration |
| |
| <IfModule !mpm_winnt.c> |
| <IfModule !mpm_netware.c> |
| # |
| # If you wish httpd to run as a different user or group, you must run |
| # httpd as root initially and it will switch. |
| # |
| # User/Group: The name (or #number) of the user/group to run httpd as. |
| # . On SCO (ODT 3) use "User nouser" and "Group nogroup". |
| # . On HPUX you may not be able to use shared memory as nobody, and the |
| # suggested workaround is to create a user www and use that user. |
| # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) |
| # when the value of (unsigned)Group is above 60000; |
| # don't use Group #-1 on these systems! |
| # |
| User nobody |
| Group #-1 |
| </IfModule> |
| </IfModule> |
| |
| ServerAdmin whatever@you.want |
| ServerName www.home.net |
| UseCanonicalName Off |
| |
| # |
| # The following directives define some format nicknames for use with |
| # a CustomLog directive (see below). |
| # |
| LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined |
| LogFormat "%h %l %u %t \"%r\" %>s %b" common |
| LogFormat "%{Referer}i -> %U" referer |
| LogFormat "%{User-agent}i" agent |
| |
| LogLevel debug |
| CustomLog logs/access.log common |
| |
| DocumentRoot "/opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/struts-example" |
| |
| <Directory /opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/struts-example> |
| Options None |
| AllowOverride None |
| </Directory> |
| |
| DirectoryIndex index.html index.jsp |
| |
| <Directory /> |
| Options None |
| AllowOverride None |
| </Directory> |
| |
| <Files ~ "^\.ht"> |
| Order allow,deny |
| Deny from all |
| </Files> |
| |
| <Location /WEB-INF/> |
| Order Allow,Deny |
| </Location> |
| |
| NameVirtualHost * |
| |
| <VirtualHost *> |
| ServerName www.home.net |
| ServerAlias www |
| ServerAlias localhost |
| ServerAdmin sysmaster@arpa.veneto.it |
| DocumentRoot /opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/struts-example |
| |
| ErrorLog logs/home.net-errorlog |
| CustomLog logs/home.net-access.log common |
| |
| <Location "/*.jsp"> |
| JkUriSet worker ajp13:localhost:8009 |
| </Location> |
| </VirtualHost> |
| |
| <VirtualHost *> |
| ServerName www.customer1.it |
| ServerAdmin sysmaster@arpa.veneto.it |
| DocumentRoot /opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/struts-blank |
| ErrorLog logs/cust1-errorlog |
| </VirtualHost> |
| |
| <VirtualHost *> |
| ServerName www.customer2.net |
| ServerAdmin sysmaster@arpa.veneto.it |
| DocumentRoot /opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/root |
| ErrorLog logs/cust2-errorlog |
| </VirtualHost> |
| </source> |
| </p> |
| |
| </section> |
| </document> |