| <?xml version="1.0"?> |
| <!DOCTYPE document [ |
| <!ENTITY project SYSTEM "project.xml"> |
| ]> |
| <document url="apache.html"> |
| |
| &project; |
| |
| <properties> |
| <author email="mturk@apache.org">Mladen Turk</author> |
| <title>Configuring Apache</title> |
| </properties> |
| |
| <body> |
| |
| <section name="Configuration Directives"> |
| <p> |
| Most of the directives are allowed once in the global part of the Apache httpd |
| configuration and once in every <VirtualHost> elements. Exceptions from this rule are |
| explicitely listed in the table below. |
| </p> |
| <p> |
| Values are inherited from the main server to the virtual hosts. |
| Since version 1.2.20 they can be overwritten in the virtual hosts. |
| Exceptions from this rule are |
| again explicitely listed in the table below. |
| </p> |
| <p><b>Waring: If Apache httpd and Tomcat are configured to serve content from |
| the same filing system location then care must be taken to ensure that httpd is |
| not able to serve inappropriate content such as the contents of the WEB-INF |
| directory or JSP source code.</b> This could occur if the httpd DocumentRoot |
| overlaps with a Tomcat Host's appBase or the docBase of any Context. It could |
| also occur when using the httpd Alias directive with a Tomcat Host's appBase or |
| the docBase of any Context. |
| </p> |
| <p> |
| Here are the all directives supported by Apache: |
| </p> |
| <attributes name="Directive"> |
| <attribute name="JkWorkersFile" required="false"><p> |
| The name of a worker file for the Tomcat servlet containers. |
| <br/> |
| This directive is only allowed once. It must be put into |
| the global part of the configuration. |
| <br/> |
| If you don't use the JkWorkerProperty directives, then you must |
| define your workers with a valid JkWorkersFile. There is no default |
| value. |
| </p></attribute> |
| <attribute name="JkWorkerProperty" required="false"><p> |
| Enables setting worker properties inside Apache configuration file. |
| The syntax is the same as in the JkWorkersFile (usually workers.properties). |
| Simply prefix each line with "JkWorkerProperty" to put it directly into |
| the Apache httpd config files. |
| <br/> |
| This directive is allowed multiple times. |
| It must be put into the global part of the configuration. |
| <br/> |
| If you don't use the JkWorkerProperty directives, then you must |
| define your workers with a valid JkWorkersFile. There is no default |
| value. |
| <br/> |
| This directive is available in jk1.2.7 version and later. |
| </p></attribute> |
| <attribute name="JkShmFile" required="false"><p> |
| Shared memory file name. Used only on unix platforms. |
| <br/> |
| This directive is only allowed once. It must be put into |
| the global part of the configuration. |
| <br/> |
| The default value is logs/jk-runtime-status. |
| </p></attribute> |
| <attribute name="JkShmSize" required="false"><p> |
| Size of the shared memory file name. |
| <br/> |
| This directive is only allowed once. It must be put into |
| the global part of the configuration. |
| <br/> |
| The default value depends on the platform. It is usually less than 64KB. |
| </p></attribute> |
| <attribute name="JkMountFile" required="false"><p> |
| File containing multiple mappings from a context to a Tomcat worker. |
| It is usually called uriworkermap.properties. |
| <br/> |
| For inheritance rules, see: JkMountCopy. |
| <br/> |
| There is no default value. |
| </p></attribute> |
| <attribute name="JkMountFileReload" required="false"><p> |
| This directive configures the reload check interval in seconds. |
| The JkMountFile is checked periodically for changes. |
| A changed file gets reloaded automatically. If you set |
| this directive to "0", reload checking is turned off. |
| <br/> |
| The default value is 60 seconds. |
| <br/> |
| This directive has been added in version 1.2.20 of mod_jk. |
| </p></attribute> |
| <attribute name="JkMount" required="false"><p> |
| A mount point from a context to a Tomcat worker. |
| <br/> |
| This directive is allowed multiple times. |
| It is allowed in the global configuration and in VirtualHost. |
| You can also use it inside Location with a different syntax. |
| Inside Location, one omits the first argument (path), |
| which gets inherited from the Location. |
| For inheritance rules, see: JkMountCopy. |
| </p></attribute> |
| <attribute name="JkUnMount" required="false"><p> |
| An exclusion mount point from a context to a Tomcat worker. |
| All exclusion mounts are checked after mapping a request |
| to a tomcat worker. If the request maps also to an exclusion, |
| it will not be forwarded to tomcat, and instead be served locally. |
| <br/> |
| This directive is allowed multiple times. |
| It is allowed in the global configuration and in VirtualHost. |
| You can also use it inside Location with a different syntax. |
| Inside Location, one omits the first argument (path), |
| which gets inherited from the Location. |
| For inheritance rules, see: JkMountCopy. |
| <br/> |
| This directive is available in jk1.2.7 version and later. |
| </p></attribute> |
| <attribute name="JkAutoAlias" required="false"><p> |
| Automatically Alias webapp context directories into the Apache |
| document space. |
| <br/> |
| Care should be taken to ensure that only static content is served via httpd as a |
| result of using this directive. Any static content served by httpd will bypass any |
| security constraints defined in the application's web.xml. |
| <br/> |
| For inheritance rules, see: JkMountCopy. |
| <br/> |
| There is no default value. |
| </p></attribute> |
| <attribute name="JkMountCopy" required="false"><p> |
| If this directive is set to On in some virtual server, |
| the mounts from the global server will be copied to the |
| virtual server, more precisely all mounts defined by JkMount |
| or JkUnMount. The Mounts defined by JkMountFile and JkAutoAlias |
| will only be inherited, if the VirtualHost does not define |
| it's own JkMountFile or JkAutoAlias. |
| <br/> |
| This directive is only allowed inside VirtualHost. |
| <br/> |
| The default is Off. |
| </p></attribute> |
| <attribute name="JkWorkerIndicator" required="false"><p> |
| Name of the Apache environment variable that can be used to set worker names |
| in combination with SetHandler jakarta-servlet. |
| <br/> |
| This directive is only allowed once per virtual server. |
| It is allowed in the global configuration and in VirtualHost. |
| <br/> |
| The default value is JK_WORKER_NAME. |
| </p></attribute> |
| <attribute name="JkLogFile" required="false"><p> |
| Full or server relative path to the Tomcat Connector module log file. |
| It will also work with pipe, by using a value of the form "| ...". |
| <br/> |
| The default value is logs/mod_jk.log. |
| <br/> |
| Pipes are supported for Apache 1.3 only since version 1.2.16. |
| The default value exists only since version 1.2.20. |
| </p></attribute> |
| <attribute name="JkLogLevel" required="false"><p> |
| The Tomcat Connector module log level, can be debug, info, warn |
| error or trace. |
| <br/> |
| The default value is info. |
| </p></attribute> |
| <attribute name="JkLogStampFormat" required="false"><p> |
| The Tomcat Connector module <b>date</b> log format, follow strftime syntax. |
| This format will be used for the time stamps in the JkLogFile. |
| <br/> |
| The default value is "[%a %b %d %H:%M:%S %Y] ". |
| </p></attribute> |
| <attribute name="JkRequestLogFormat" required="false"><p> |
| Request log format string. See detailed description below. |
| <br/> |
| There is no default value. Without defining a value, the request logging |
| is turned off. |
| </p></attribute> |
| <attribute name="JkExtractSSL" required="false"><p> |
| Turns on SSL processing and information gathering by mod_jk |
| <br/> |
| The default value is On. |
| </p></attribute> |
| <attribute name="JkHTTPSIndicator" required="false"><p> |
| Name of the Apache environment variable that contains SSL indication. |
| <br/> |
| The default value is "HTTPS". |
| </p></attribute> |
| <attribute name="JkCERTSIndicator" required="false"><p> |
| Name of the Apache environment variable that contains SSL client certificates. |
| <br/> |
| The default value is "SSL_CLIENT_CERT". |
| </p></attribute> |
| <attribute name="JkCIPHERIndicator" required="false"><p> |
| Name of the Apache environment variable that contains SSL client cipher. |
| <br/> |
| The default value is "SSL_CIPHER". |
| </p></attribute> |
| <attribute name="JkCERTCHAINPrefix" required="false"><p> |
| Name of the Apache environment (prefix) that contains SSL client chain certificates. |
| <br/> |
| The default value is "SSL_CLIENT_CERT_CHAIN_". |
| </p></attribute> |
| <attribute name="JkSESSIONIndicator" required="false"><p> |
| Name of the Apache environment variable that contains SSL session. |
| <br/> |
| The default value is "SSL_SESSION_ID". |
| </p></attribute> |
| <attribute name="JkKEYSIZEIndicator" required="false"><p> |
| Name of the Apache environment variable that contains SSL key size in use. |
| <br/> |
| The default value is "SSL_CIPHER_USEKEYSIZE". |
| </p></attribute> |
| <attribute name="JkOptions" required="false"><p> |
| Set one of more options to configure the mod_jk module. See below for |
| details about this directive. |
| <br/> |
| This directive can be used multiple times per virtual server. |
| <br/> |
| The default value is "ForwardURICompatUnparsed" since version 1.2.23. |
| Until version 1.2.22 the default value was "ForwardURICompat". |
| </p></attribute> |
| <attribute name="JkEnvVar" required="false"><p> |
| Adds a name and an optional default value of environment variable |
| that should be sent to servlet-engine as a request attribute. |
| If the default value is not given explicitely, the variable |
| will only be send, if it is set during runtime. |
| <br/> |
| This directive can be used multiple times per virtual server. |
| <br/> |
| The default is empty, so no additional variables will be sent. |
| <br/> |
| Empty default values are supported since version 1.2.20. |
| Not sending variables with empty defaults and empty runtime value |
| has been introduced in version 1.2.21. |
| </p></attribute> |
| <attribute name="JkStripSession" required="false"><p> |
| If this directive is set to On in some virtual server, |
| the session IDs <code>;jsessionid=...</code> will be |
| removed for non matched URLs. |
| <br/> |
| This directive is only allowed inside VirtualHost. |
| <br/> |
| The default is Off. |
| <br/> |
| This directive has been introduced in version 1.2.21. |
| </p></attribute> |
| |
| </attributes> |
| </section> |
| |
| <section name="Configuration Directives Types"> |
| <p> |
| We'll discuss here the mod_jk directive types. |
| </p> |
| |
| <subsection name="Define workers"> |
| <p> |
| <b>JkWorkersFile</b> specify the location where mod_jk will find the workers definitions. |
| Take a look at <a href="workers.html">Workers documentation</a> for detailed description. |
| |
| <source> |
| |
| JkWorkersFile /etc/httpd/conf/workers.properties |
| </source> |
| |
| <br/> |
| <br/> |
| </p> |
| |
| </subsection> |
| |
| <subsection name="Logging"> |
| <p> |
| <b>JkLogFile</b> specify the location where mod_jk is going to place its log file. |
| </p> |
| |
| <source> |
| JkLogFile /var/log/httpd/mod_jk.log |
| </source> |
| |
| <p> |
| Since JK 1.2.3 for Apache 2.0 and JK 1.2.16 for Apache 1.3 this can also |
| be used for piped logging: |
| </p> |
| |
| <source> |
| JkLogFile "|/usr/bin/rotatelogs /var/log/httpd/mod_jk.log 86400" |
| </source> |
| |
| <p> |
| <b>JkLogLevel</b> |
| set the log level between : |
| </p> |
| |
| <ul> |
| <li> |
| <b>info</b> log will contain standard mod_jk activity (default). |
| </li> |
| <li> |
| <b>warn</b> log will contain non fatal error reports. |
| </li> |
| <li> |
| <b>error</b> log will contain also error reports. |
| </li> |
| <li> |
| <b>debug</b> log will contain all information on mod_jk activity |
| </li> |
| <li> |
| <b>trace</b> log will contain all tracing information on mod_jk activity |
| </li> |
| </ul> |
| |
| <source> |
| JkLogLevel info |
| </source> |
| |
| <p> |
| <code>info</code> should be your default selection for normal operations. |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| <b>JkLogStampFormat</b> will configure the date/time format found on mod_jk log file. |
| Using the strftime() format string it's set by<br /> |
| default to <b>"[%a %b %d %H:%M:%S %Y]"</b> |
| </p> |
| |
| <source> |
| JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " |
| </source> |
| |
| <p> |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| <b>JkRequestLogFormat</b> will configure the format of mod_jk individual request logging. |
| Request logging is configured and enabled on a per virtual host basis. |
| To enable request logging for a virtual host just add a JkRequestLogFormat config. |
| The syntax of the format string is similar to the Apache LogFormat command, |
| here is a list of the available request log format options: |
| </p> |
| |
| <p> |
| <attributes name="Options"> |
| <attribute name="%b" required="false">Bytes sent, excluding HTTP headers (CLF format)</attribute> |
| <attribute name="%B" required="false">Bytes sent, excluding HTTP headers</attribute> |
| <attribute name="%H" required="false">The request protocol</attribute> |
| <attribute name="%m" required="false">The request method</attribute> |
| <attribute name="%p" required="false">The canonical Port of the server serving the request</attribute> |
| <attribute name="%q" required="false">The query string (prepended with a ? if a query string exists, otherwise an empty string)</attribute> |
| <attribute name="%r" required="false">First line of request</attribute> |
| <attribute name="%s" required="false">Request HTTP status code</attribute> |
| <attribute name="%T" required="false">Request duration, elapsed time to handle request in seconds '.' micro seconds</attribute> |
| <attribute name="%U" required="false">The URL path requested, not including any query string.</attribute> |
| <attribute name="%v" required="false">The canonical ServerName of the server serving the request</attribute> |
| <attribute name="%V" required="false">The server name according to the UseCanonicalName setting</attribute> |
| <attribute name="%w" required="false">Tomcat worker name</attribute> |
| <attribute name="%R" required="false">Real worker name</attribute> |
| </attributes> |
| |
| <source> |
| JkRequestLogFormat "%w %V %T" |
| </source> |
| |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| You can also log mod_jk information using the Apache standard module <b>mod_log_config</b>. |
| The module sets several notes in the Apache httpd notes table. |
| Most of them are are only useful in combination with a load balancer worker. |
| </p> |
| |
| <p> |
| <attributes name="Note"> |
| <attribute name="JK_WORKER_NAME" required="false">Name of the worker selected by the URI mapping</attribute> |
| <attribute name="JK_WORKER_TYPE" required="false">Type of the worker selected by the URI mapping</attribute> |
| <attribute name="JK_WORKER_ROUTE" required="false">Actual worker name selected by the URI mapping (usually a member of the load balancer)</attribute> |
| <attribute name="JK_REQUEST_DURATION" required="false">Request duration in seconds and microseconds. |
| At the moment only available if JkRequestLogFormat is set.</attribute> |
| <attribute name="JK_LB_FIRST_NAME" required="false">Load-Balancer: Name of the first worker tried</attribute> |
| <attribute name="JK_LB_FIRST_TYPE" required="false">Load-Balancer: Type of the first worker tried</attribute> |
| <attribute name="JK_LB_FIRST_ACCESSED" required="false">Load-Balancer: Access count for the first worker tried</attribute> |
| <attribute name="JK_LB_FIRST_READ" required="false">Load-Balancer: Bytes read for the first worker tried</attribute> |
| <attribute name="JK_LB_FIRST_TRANSFERRED" required="false">Load-Balancer: Bytes transferred for the first worker tried</attribute> |
| <attribute name="JK_LB_FIRST_ERRORS" required="false">Load-Balancer: Error count for the first worker tried</attribute> |
| <attribute name="JK_LB_FIRST_BUSY" required="false">Load-Balancer: Busy count for the first worker tried</attribute> |
| <attribute name="JK_LB_FIRST_ACTIVATION" required="false">Load-Balancer: Activation state for the first worker tried</attribute> |
| <attribute name="JK_LB_FIRST_STATE" required="false">Load-Balancer: Error state for the first worker tried</attribute> |
| <attribute name="JK_LB_LAST_NAME" required="false">Load-Balancer: Name of the last worker tried</attribute> |
| <attribute name="JK_LB_LAST_TYPE" required="false">Load-Balancer: Type of the last worker tried</attribute> |
| <attribute name="JK_LB_LAST_ACCESSED" required="false">Load-Balancer: Access count for the last worker tried</attribute> |
| <attribute name="JK_LB_LAST_READ" required="false">Load-Balancer: Bytes read for the last worker tried</attribute> |
| <attribute name="JK_LB_LAST_TRANSFERRED" required="false">Load-Balancer: Bytes transferred for the last worker tried</attribute> |
| <attribute name="JK_LB_LAST_ERRORS" required="false">Load-Balancer: Error count for the last worker tried</attribute> |
| <attribute name="JK_LB_LAST_BUSY" required="false">Load-Balancer: Busy count for the last worker tried</attribute> |
| <attribute name="JK_LB_LAST_ACTIVATION" required="false">Load-Balancer: Activation state for the last worker tried</attribute> |
| <attribute name="JK_LB_LAST_STATE" required="false">Load-Balancer: Error state for the last worker tried</attribute> |
| </attributes> |
| |
| <source> |
| LogFormat "%h %l %u %t \"%r\" %>s %b %{JK_WORKER_NAME}n %{JK_LB_FIRST_NAME}n \ |
| %{JK_LB_FIRST_BUSY}n %{JK_LB_LAST_NAME}n %{JK_LB_LAST_BUSY}n" mod_jk_log |
| CustomLog logs/access_log mod_jk_log |
| </source> |
| |
| <br/> |
| <br/> |
| </p> |
| |
| </subsection> |
| |
| <subsection name="Forwarding"> |
| <p> |
| The directive JkOptions allow you to set many forwarding options which will enable (+) |
| or disable (-) following option. Without any leading signs, options will be enabled. |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| The three following options <b>+ForwardURIxxx</b> are mutually exclusive. |
| Exactly one of them is required, a negative sign prefix is not allowed with them. |
| The default value is "ForwardURICompatUnparsed" since version 1.2.23. |
| Until version 1.2.22 the default value was "ForwardURICompat". |
| You can turn the default off by switching on one of the other two options. |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| All options are inherited from the global server to virtual hosts. |
| Options that support enabling (plus options) and disabling (minus options), |
| are inherited in the following way: |
| <br/> |
| <br/> |
| options(vhost) = plus_options(global) - minus_options(global) + plus_options(vhost) - minus_options(vhost) |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| Using JkOptions <b>ForwardURICompatUnparsed</b>, the forwarded URI |
| will be unparsed. It's spec compliant and also the safest option. |
| It will always forward the original request URI, so rewriting |
| URIs with mod_rewrite and then forwarding the rewritten URI |
| will not work. |
| |
| <source> |
| JkOptions +ForwardURICompatUnparsed |
| </source> |
| |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| Using JkOptions <b>ForwardURICompat</b>, the forwarded URI will |
| be decoded by Apache httpd. Encoded characters will be decoded and |
| explicit path components like ".." will already be resolved. |
| This is less spec compliant and is <b>not safe</b> if you are using |
| prefix JkMount. This option will allow to rewrite URIs with |
| mod_rewrite before forwarding. |
| |
| <source> |
| JkOptions +ForwardURICompat |
| </source> |
| |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| Using JkOptions <b>ForwardURIEscaped</b>, the forwarded URI will |
| be the encoded form of the URI used by ForwardURICompat. |
| Explicit path components like ".." will already be resolved. |
| This will not work in combination with URL encoded session IDs, |
| but it will allow to rewrite URIs with mod_rewrite before forwarding. |
| |
| <source> |
| JkOptions +ForwardURIEscaped |
| </source> |
| |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| JkOptions <b>ForwardDirectories</b> is used in conjunction with <b>DirectoryIndex</b> |
| directive of Apache web server. As such mod_dir should be available to Apache, |
| statically or dynamically (DSO) |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| When DirectoryIndex is configured, Apache will create sub-requests for |
| each of the local-url's specified in the directive, to determine if there is a |
| local file that matches (this is done by stat-ing the file). |
| </p> |
| |
| <p> |
| If ForwardDirectories is set to false (default) and Apache doesn't find any |
| files that match, Apache will serve the content of the directory (if directive |
| Options specifies Indexes for that directory) or a <code>403 Forbidden</code> response (if |
| directive Options doesn't specify Indexes for that directory). |
| </p> |
| |
| <p> |
| If ForwarDirectories is set to true and Apache doesn't find any files that |
| match, the request will be forwarded to Tomcat for resolution. This is used in |
| cases when Apache cannot see the index files on the file system for various |
| reasons: Tomcat is running on a different machine, the JSP file has been |
| precompiled etc. |
| </p> |
| |
| <p>Note that locally visible files will take precedence over the |
| ones visible only to Tomcat (i.e. if Apache can see the file, that's the one |
| that's going to get served). This is important if there is more then one type of |
| file that Tomcat normally serves - for instance Velocity pages and JSP pages. |
| |
| <source> |
| JkOptions +ForwardDirectories |
| </source> |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| JkOptions <b>ForwardLocalAddress</b>, you ask mod_jk to send the local address, |
| of the Apache web server instead remote client address. This can be used by |
| Tomcat remote address valve for allowing connections only from registered Apache |
| web servers. |
| |
| <source> |
| JkOptions +ForwardLocalAddress |
| </source> |
| |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| JkOptions <b>FlushPackets</b>, you ask mod_jk to flush Apache's connection |
| buffer after each AJP packet chunk received from Tomcat. This option can have |
| a strong performance penalty for Apache and Tomcat as writes are performed |
| more often than would normally be required (ie: at the end of each |
| response). |
| |
| <source> |
| JkOptions +FlushPackets |
| </source> |
| |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| JkOptions <b>FlushHeader</b>, you ask mod_jk to flush Apache's connection |
| buffer after the response headers have been received from Tomcat. |
| |
| <source> |
| JkOptions +FlushHeader |
| </source> |
| |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| JkOptions <b>DisableReuse</b>, you ask mod_jk to close connections immediately |
| after their use. Normally mod_jk uses persistent connections and pools idle |
| connections to reuse them, when new requests have to be sent to Tomcat. |
| </p> |
| |
| <p> |
| Using this option will have a strong performance penalty for Apache and Tomcat. |
| Use this only as a last resort in case of unfixable network problems. |
| If a firewall between Apache and Tomcat silently kills idle connections, |
| try to use the worker attribute socket_keepalive in combination with an appropriate |
| TCP keepalive value in your OS. |
| |
| <source> |
| JkOptions +DisableReuse |
| </source> |
| |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| JkOptions <b>ForwardKeySize</b>, you ask mod_jk, when using ajp13, to forward also the SSL Key Size as |
| required by Servlet API 2.3. |
| This flag shouldn't be set when servlet engine is Tomcat 3.2.x (on by default). |
| |
| <source> |
| JkOptions +ForwardKeySize |
| </source> |
| |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| JkOptions <b>ForwardSSLCertChain</b>, you ask mod_jk, when using ajp13, |
| to forward SSL certificate chain (off by default). |
| Mod_jk only passes the <code>SSL_CLIENT_CERT</code> to the AJP connector. This is not a |
| problem with self-signed certificates or certificates directly signed by the |
| root CA certificate. However, there's a large number of certificates signed by |
| an intermediate CA certificate, where this is a significant problem: A servlet |
| will not have the possibility to validate the client certificate on its own. The |
| bug would be fixed by passing on the <code>SSL_CLIENT_CERT_CHAIN</code> to Tomcat via the AJP connector. |
| <br/> |
| This directive exists only since version 1.2.22. |
| <source> |
| JkOptions +ForwardSSLCertChain |
| </source> |
| |
| <br/> |
| <br/> |
| </p> |
| |
| <p> |
| The directive <b>JkEnvVar</b> allows you to forward environment variables from Apache server to Tomcat engine. |
| The variables can be retrieved on the Tomcat side as request attributes. |
| You can add a default value as a second parameter to the directive. |
| If the default value is not given explicitely, the variable |
| will only be send, if it is set during runtime. |
| <br/> |
| <br/> |
| The variables are inherited from the global server to virtual hosts. |
| |
| <source> |
| JkEnvVar SSL_CLIENT_V_START undefined |
| </source> |
| <br/> |
| <br/> |
| </p> |
| |
| </subsection> |
| |
| <subsection name="Assigning URLs to Tomcat"> |
| <p> |
| If you have created a custom or local version of mod_jk.conf-local as noted above, |
| you can change settings such as the workers or URL prefix. |
| </p> |
| <p> |
| <b>JkMount</b> directive assign specific URLs to Tomcat. |
| In general the structure of a JkMount directive is: |
| </p> |
| |
| <source> |
| JkMount [URL prefix] [Worker name] |
| </source> |
| |
| <source> |
| # send all requests ending in .jsp to worker1 |
| JkMount /*.jsp worker1 |
| # send all requests ending /servlet to worker1 |
| JkMount /*/servlet/ worker1 |
| # send all requests jsp requests to files located in /otherworker will go worker2 |
| JkMount /otherworker/*.jsp worker2 |
| </source> |
| |
| <p> |
| You can use the JkMount directive at the top level or inside <VirtualHost> |
| sections of your httpd.conf file. |
| </p> |
| <p><b>JkUnmount</b> directive acts as an opposite to JkMount and blocks access |
| to a particular URL. The purpose is to be able to filter out the particular content |
| types from mounted context. The following example mounts /servlet/* |
| context, but all .gif files that belongs to that context are not served. |
| </p> |
| <source> |
| # send all requests ending with /servlet to worker1 |
| JkMount /servlet/* worker1 |
| # do not send requests ending with .gif to worker1 |
| JkUnMount /servlet/*.gif worker1 |
| </source> |
| <p> |
| JkUnMount takes precedence over JkMount directives, meaning that the JK |
| will first look for unmount and then for mount directives. The following |
| example will block all .gif files. |
| </p> |
| <source> |
| # do not send requests ending with .gif to worker1 |
| JkUnMount /*.gif worker1 |
| # The .gif files will not be mounted cause JkUnMount takes |
| # precedence over JkMount directive |
| JkMount /servlet/*.gif worker1 |
| </source> |
| |
| <p> |
| <b>JkAutoAlias</b> directive automatically <b>Alias</b> webapp context directories into |
| the Apache document space. It enables Apache to serve a static context while Tomcat |
| serving dynamic context. This directive is used for convenience so that you don't |
| have to put an apache Alias directive for each application directory inside Tomcat's |
| webapp directory. For security reasons is is strongly recommended that JkMount |
| is used to pass all requests to Tomcat by default and JkUnMount is used to |
| explicitly exclude static content to be served by httpd. It should also be noted |
| that content served by httpd will bypass any security constraints defined in the |
| applciation's web.xml. |
| </p> |
| <source> |
| # enter the full path to the tomcat webapps directory |
| JkAutoAlias /opt/tomtact/webapps |
| </source> |
| <p>The following example shows how to serve a dynamic context by |
| Tomcat and static using Apache. The webapps directory has to |
| be accessible by apache.</p> |
| |
| <source> |
| # enter the full path to the tomcat webapps directory |
| JkAutoAlias /opt/tomtact/webapps |
| |
| # Mount 'servlets-examples' directory. It's physical location |
| # is assumed to be in the /opt/tomtact/webapps/servlets-examples |
| # ajp13w is a worker defined in the workers.properties |
| JkMount /servlets-examples/* ajp13w |
| |
| # Unmount desired static content from servlets-examples webapp. |
| # This content will be served by the httpd directly. |
| JkUnMount /servlets-examples/*.gif ajp13w |
| JkUnMount /servlets-examples/*.jpg ajp13w |
| </source> |
| <p>Note that you can have a single JkAutoAlias directive per virtual |
| host inside your httpd.conf |
| </p> |
| <p> |
| <b>JkWorkerProperty</b> is a new directive available from JK 1.2.7 |
| version. It is a convenient method for setting directives that are |
| usually set inside <b>workers.propeties</b>file. The parameter for |
| that directive is raw line from workers.properties file. |
| </p> |
| <source> |
| # Just like workers.properties but exact line is prefixed |
| # with JkWorkerProperty |
| |
| # Minimal jk configuration |
| JkWorkerProperty worker.list=ajp13w |
| JkWorkerProperty worker.ajp13w.type=ajp13 |
| JkWorkerProperty worker.ajp13w.host=localhost |
| JkWorkerProperty worker.ajp13w.port=8009 |
| </source> |
| <p> |
| <b>JkMountFile</b> is a new directive available from JK 1.2.9 |
| version. It is used for dynamic updates of mount points at runtime. |
| When the mount file is changed, JK will reload it's content. |
| </p> |
| <source> |
| # Load mount points |
| |
| JkMountFile conf/uriworkermap.properties |
| </source> |
| <p>If the mount point uri starts with an exclamation mark '!' |
| it defines an exclusion in the same way JkUnmount does. |
| If the mount point uri starts with minus sign '-' |
| the mount point will only be disabled. A disabled mount can be reenabled |
| by deleting the minus sign and waiting for the JkMountFile to reload. |
| An exclusion can be disabled by prefixing it with a mninus sign. |
| </p> |
| <source> |
| # Sample uriworkermap.properties file |
| |
| /servlets-examples/*=ajp13w |
| # Do not map .jpeg files |
| !/servlets-examples/*.jpeg=ajp13w |
| # Make jsp examples initially disabled |
| -/jsp-examples/*=ajp13w |
| </source> |
| <p>At run time you can change the content of this file. For example |
| removing minus signs will enable the previously disabled uri mappings. |
| You can add any number of new entries at runtime that reflects the newly deployed |
| applications. Apache will reload the file and update the mount |
| points within 60 second interval. |
| </p> |
| <p> |
| There is no way to delete entries by dynamic reloading, but you can disable or |
| exclude mappings. |
| <br/> |
| <br/> |
| </p> |
| |
| </subsection> |
| |
| <subsection name="Using SetHandler and Environment Variables"> |
| <p> |
| Alternatively to the mod_jk specific directives, you can also use |
| SetHandler and environment variables to control, which requests |
| are being forwarded via which worker. This gives you more flexibility, |
| but the results might be more difficult to understand. If you mix both |
| ways of defining the forwards, in general to mod_jk directives will win. |
| </p> |
| <p> |
| <b>SetHandler jakarta-servlet</b> forces requests to be handled by mod_jk. |
| If you neither specify any workers via JkMount and the related directives, |
| not via the environment variable described below, |
| the first worker in the list of all worker will be chosen. You can use SetHandler |
| for example in Location blocks or with Apache 2.2 also in RewriteRule. |
| </p> |
| <p> |
| In order to control the worker using <b>SetEnvIf</b> or <b>RewriteRule</b> |
| for more complex rules, you can set the environment variable <b>JK_WORKER_NAME</b> |
| to the name of your chosen target worker. This enables you to decide on |
| the chosen worker in a more flexible way, including dependencies on cookie values. |
| This feature has been added in version 1.2.19 of mod_jk. |
| </p> |
| <p> |
| In order to use another variable than <b>JK_WORKER_NAME</b>, you can set the name |
| of this variable via the <b>JkWorkerIndicator</b> directive. |
| </p> |
| <p> |
| Finally you can define exclusions from mod_jk forwards by setting the environment |
| variable <b>no-jk</b>. |
| </p> |
| <source> |
| # Automatically map all encoded urls |
| <Location *;jsessionid=> |
| SetHandler jakarta-servlet |
| SetEnv JK_WORKER_NAME my_worker |
| </Location> |
| |
| # Map all subdirs to workers via naming rule |
| # and exclude static content. |
| <Location /apps/> |
| SetHandler jakarta-servlet |
| SetEnvIf REQUEST_URI ^/apps/([^/]*)/ JK_WORKER_NAME=$1 |
| SetEnvIf REQUEST_URI ^/apps/([^/]*)/static no-jk |
| </Location> |
| </source> |
| |
| </subsection> |
| </section> |
| </body> |
| </document> |