Configuring Tomcat5 and Apache2 with Virtual Hosts using mod_jk - Page 2

Installing and configuring mod_jk

In order to make the connection between Tomcat and Apache, we will need to download and install mod_jk connector. You will find that the Apache documentation recommends that you install the packaged version of mod_jk if it is available for your particular Linux distribution. Many outdated resources recommend installing the mod_jk2 connector, but I have found that it has been deprecated and although mod_jk was developed before mod_jk2, it is still fully supported and is very stable.

Mike Millson gave some good reasoning behind using mod_jk for connecting Tomcat to Apache for Red Hat here: Integrating Tomcat and Apache on Red Hat Linux.

Here is what he had to say:

"At this point, Apache and Tomcat should be working separately in standalone mode. You can run Tomcat in standalone mode as an alternative to Apache. In fact, in some cases, it is said that Tomcat standalone is faster than serving static content from Apache and dynamic content from Tomcat. However, there are the following compelling reasons to use Apache as the front end:

1. You can use Apache to buffer slow connections. Tomcat uses java.io, which uses a thread for each request, so Tomcat can run out of connections as the number of slow requests grows. This could be an issue if your application supports a large number of dial-up users.

2. You can use a connector such as mod_jk to load balance amongst several Tomcat instances.

3. You can take advantage of Apache features such as cgi and PHP.

4. You can take advantage of Apache modules such as mod_rewrite, mod_headers, and mod_expire.

5. You can isolate virtual hosts in their own Tomcat instances.

The increased functionality obtained by using Apache on the front end can outweigh the effort required to install and configure a connector."

At the time of this writing there were no mod_jk packages available from Dedian.org so we will need to build the package from source which will assure it is compiled for you particular installation anyways. I consider this the safer route although it requires more work.

  1. I chose to download the current source from the Apache archives: http://archive.apache.org/dist/jakarta/tomcat-connectors/jk/source/jk-1.2.15/. Download the jakarta-tomcat-connectors-1.2.15-src.tar.gz file to your /usr/src/ directory.

  1. Change to the /usr/src directory.

cd /usr/src

  1. Next, extract the contents to create the /usr/src/jakarta-tomcat-connectors-1.2.15-src directory.

tar xvzf jakarta-tomcat-connectors-1.2.15-src.tar.gz

  1. Change to the /usr/src/jakarta-tomcat-connectors-1.2.15-src/jk/native directory.

cd jakarta-tomcat-connectors-1.2.15-src/jk/native

  1. Now you are ready to create the custom configure file for your system. Execute the following:

./buildconf.sh

This will create a configure file in the /usr/src/jakarta-tomcat-connectors-1.2.15-src/jk/native directory.

  1. Execute the following command in order to configure mod_jk for your system.

Important note: You will need to have apxs2 (APache eXtension tool) installed and configured with Apache. If you do not have it, as was my case, you can download and install the apache2-threaded-dev package (which replaced the former apache-dev package) from www.debian.org. At the time of this writing, the Debian package archive at www.debian.org was down and they referred me to their temporary site until they resolved their issues pdo.debian.net. I found the apache2-threaded-dev package and was able to install it successfully.

Be sure to include the correct location apxs2 on your system in the path of the command.

./configure --with-apxs=/usr/bin/apxs2

  1. Now build the mod_jk with the following:

make

  1. Finally, if you were successful with the previous commands, copy the newly created mod_jk.so to your Apache2 modules directory. My modules were located at /usr/lib/apache2/modules.

cd apache-2.0

cp /usr/src/jakarta-tomcat-connectors-1.2.15-src/jk/native/apache-2.0/mod_jk.so /usr/lib/apache2/modules

You now are ready to move to the next stage which is to begin configuring Apache and Tomcat. You can find more information about the mod_jk connector at http://tomcat.apache.org/connectors-doc/howto/apache.html.

Share this page:

21 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-02-13 23:23:05

Great article! It will be very helpful for those people using Apache and tomcat to handle JSP etc.

The newly released Apache server 2.2 includes AJP Proxy support by default and other new features, I haven't tried it, but I think it should ease the configuration bridging apache and tomcat using the jk module. maybe you can look into it and give us another wonderful HOWTO :)

thank you!

From: lwpro2 at: 2010-10-05 04:05:25

for me, the easy to overlook part is that, apache forward the request to tomcat ajp1.3 connector port 8009(by default), not the container service port 8080(most of the time).

 so workers.properties should be carefully as,

 worker.worker1.type=ajp13

worker.worker1.host=localhost

worker.worker1.port=8009


From: Anonymous at: 2006-03-06 07:10:09

The "Debian-way" of using the JVM would be to convert it to an deb first. This is very simple

apt-get install mpkg-j2sdk

Then simply

mpkg-j2sdk jdk-1_5_0_06-linux-i586.bin

afterwards you can install the correspondig deb by doing a

dpkg -i jdk...deb

From: Anonymous at: 2006-03-06 07:56:58

- JDK is not a requirement anymore, you only need JRE. From Tomcat web site:

"Tomcat 5.5 uses the Eclipse JDT Java compiler for compiling JSP pages. This means you no longer need to have the complete Java Development Kit (JDK) to run Tomcat, but a Java Runtime Environment (JRE) is sufficient. The Eclipse JDT Java compiler is bundled with the binary Tomcat distributions."

- One other thing that you should add in your howto is to configure Tomcat to run as a non-root user. The default is to run as root which is not secure, should tomcat be compromised, and not required, as tomcat listen to port 8080. You will find below an example of init.d file.

Regards,

Gaël

#!/bin/sh

#

# tomcat This shell script takes care of starting and stopping

# tomcat.

# description: tomcat is a servlet/JSP engine, which can be used

# standalone or in conjunction with Apache

### BEGIN INIT INFO

# Provides: Tomcat

# Required-Start: $local_fs $network $remote_fs apache2

# Required-Stop: $local_fs $network $remote_fs apache2

# Default-Start: 3 5

# Default-Stop: 0 1 2 6

# Short-Description: Tomcat

# Description: Tomcat

### END INIT INFO

RETVAL=0

# See how we were called.

case "$1" in

start)

# Start daemons.

echo -n "Starting tomcat: "

cd ~tomcat

su - tomcat -c '/opt/jakarta/tomcat/bin/catalina.sh start'

RETVAL=$?

[ $RETVAL -eq 0 ] && touch /var/lock/subsys/tomcat

echo

;;

stop)

# Stop daemons.

echo -n "Shutting down tomcat: "

cd ~tomcat

su - tomcat -c '/opt/jakarta/tomcat/bin/catalina.sh stop'

RETVAL=$?

[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/tomcat

echo

;;

restart)

$0 stop

$0 start

RETVAL=$?

;;

*)

echo "Usage: tomcat {start|stop|restart}"

exit 1

esac

exit $RETVAL

From: Anonymous at: 2006-03-06 12:57:39

I appreciate your efforts and that you share your work with others.

But if you use Debian why don't you do things the Debian way and reduce your howto to around 5 "apt-get install" statements and a reference to /usr/share/doc/libapache2-mod-jk?

Cheers

jan (yeah (ät) yeahrock (dot) de)

From: Anonymous at: 2006-03-06 20:59:17

mod_jk has a bevy of options that should, in general, be set in workers.properties in order to tune the connection to Apache as well as Tomcat. By default it's pretty wide open as far as connections and timeouts are concerned; it's very easy for Apache to accept way, way way more load than Tomcat sitting behind it can handle. Here are some of the important ones I've found and what I typically set them to, the actual reading of the docs is left up to you. :)


# Specify the size of the open connection cache.
worker.ajp13.cachesize=1
worker.ajp13.retries=3
# below are in seconds
worker.ajp13.cache_timeout=60
worker.ajp13.socket_timeout=30
worker.ajp13.recycle_timeout=60

# Advanced ping-pong options
# 0 (full recovery)
# 1 (don't recover if tomcat failed after getting the request)
# 2 (don't recover if tomcat failed after sending the headers to client)
# 3 (don't recover if tomcat failed getting the request or after sending
# the headers to client).
worker.ajp13.recovery_options=0
# below are in milliseconds
worker.ajp13.prepost_timeout=5000
worker.ajp13.connect_timeout=5000
# under load it can take awhile to get a reply when doing an initial JSP compile
worker.ajp13.reply_timeout=60000

From: noota at: 2006-10-27 09:46:32

great article, man! helped me a lot and the best thing is that it actually works)

From: at: 2007-07-17 19:14:16

Thank you for the very good article. Besides the valuable configuration hints you are providing I took benefit from the advanced worker properties posted by Anonymous on Mon, 2006-03-06 21:59.

 I want to add that for "heavy" load on the tomcat workers it can be necessary to increase to maximum amount of threads. I specifiied that in each of the server.xml of my tomcats

<Connector
port="8009"
  enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
  useBodyEncodingForURI="false" URIEncoding="UTF-8"
  maxThreads="350" minSpareThreads="25" maxSpareThreads="75" />
-Toddy (info (the-at) tinyimage (the-dot) com)

From: atc at: 2008-11-27 22:54:27
From: Anonymous at: 2006-02-14 08:26:06

In step 6, the command should be

./configure --with-apxs=/usr/bin/apxs2

but not ./configure --with-apxs2=/usr/bin/apxs2

I've tried using the second one and ended in some very needless confusion down the road: "./configure" wasn't finished successfully with the the second one and complained that the "webserver" (parameter) is missing. But that should not be the case because we are configuring for a shared library, not a static one.

From: ctroyp at: 2006-02-24 21:02:30

Thanks for catching that.

Troy

From: Anonymous at: 2006-03-06 11:42:46

if you're on a RPM based distribution it is probably wise to stick to using RPMs, jpackage.org provides RPMs for all things java.

From: Anonymous at: 2006-03-30 19:22:14

Please Note that by default Ubuntu does not come with a C++ compiler (At least Hoary 5.04). It may be necessary to get it so that the ./buildconf.sh command doesn't bomb. you can get that using the command: sudo aptitude install build-essential

From: Anonymous at: 2006-05-08 15:38:18

Your tutorial is really good, but on a debian (ubuntu) with jdk1.5 and apache2 you only need to do:

$ apt-get install libapache2-mod-jk2

And then enable the mod_jk module with 2 symbolic links on /etc/apache2/mod-enable

Thanks a lot for your work.

From: Anonymous at: 2006-07-18 12:41:16

mod_jk and mod_jk2 are two different connectors! As sarge only offers the deprecated mod_jk2 through the official repositories, you either have use backports.org or build mod_jk from the source.

From: at: 2007-09-19 10:49:21

I checked out the repository, and the version available now via the apt-get command is version JK NOT version jk2, so a simple

apt-get install libapache2-mod-jk

seems to work for me.

The version of debian under Ubuntu 7.04 is apparently debian 4.0 

From: Lalit Negi at: 2012-01-25 15:16:23

hi,

 I tried following all steps , on step 6 i got stuck , it always gives below error :

could not find /usr/bin/apxs2

configure: error: You must specify a valid --with-apxs path

 

I tried with other location of the apxs2 files like : 

/home/lnegi/SETUPS/apache2-threaded-dev_2.2.21-5_i386/usr/bin/apxs2 but get the same error everytime.

 

Kindly help.

From: Anonymous at: 2006-03-07 07:06:22

If you setup tomcat this way 1 tomcat to rule them all, every user can read another users home dir, isn't that a major security issue?

From: Anonymous at: 2006-04-07 08:15:42

It is not recommeded to place <Context> elements directly in the server.xml file. See http://tomcat.apache.org/tomcat-5.5-doc/config/context.html

From: at: 2007-06-10 20:10:46

I get a "Useless use of AllowOverride" message when I start Apache2. I guess thats because the <LocationMatch> does now support AllowOverride option. Only <Directory> support it according to http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride

From: Dan Kelleher at: 2011-11-01 20:02:46

The clearest and easiest to follow guide for mod_jk I found. Thanks very much.