Configuring Tomcat5 and Apache2 with Virtual Hosts using mod_jk - Page 3

Configure Tomcat

Create the file

Important note: Be sure to make a backup copy of your config files before modifying.

The file contains the details about how each process is linked to Tomcat by defining workers that communicate through the ajpv13 protocol. Refer to the Workers HowTo for more detail.

  1. First create the file in your Apache2 root directory.

touch /etc/apache2/

  1. Next, open the file and ad the following. You can find many other examples of the file on the internet, but this is the one that I created and it seems to work fine with the other portions that have already been configured in this tutorial.












  1. Save and close the file.

  1. Now we need to configure the server.xml file located at /usr/lib/apache-tomcat/conf/. There are endless ways to configure the server.xml file, but I will provide to you how I did it on this server based on the other sections of this tutorial. First make a copy of your original server.xml file and rename it.

  1. Delete the original contents and add the following to the original server.xml file.

<Server port="8005" shutdown="SHUTDOWN">

<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>

<!-- Global JNDI resources -->

<!-- Test entry for demonstration purposes -->
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>

<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<Resource name="UserDatabase" auth="Container"
description="User database that can be updated and saved"
pathname="conf/tomcat-users.xml" />


<!-- Define the Tomcat Stand-Alone Service -->
<Service name="Catalina">

<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Each Connector passes requests on to the
associated "Container" (normally an Engine) for processing.

<!-- Define a non-SSL HTTP/1.1 Connector on port 2117 (default 8080) -->
<Connector port="2117" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="5" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

<!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
<!-- See proxy documentation for more information about using this. -->
<Connector port="8082"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" acceptCount="100" connectionTimeout="20000"
proxyPort="80" disableUploadTimeout="true" />

<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host). -->

<!-- Define the top level container in our container hierarchy -->
<Engine name="Catalina" defaultHost="localhost">

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"

<!-- Define the default virtual host -->

<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">

<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="localhost_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>

<!-- -->
<Host name="" appBase="/home/www/web1/web"
unpackWARs="true" autoDeploy="true">

<Context path="" docBase="jsp-examples" debug="0" reloadable="true"/>

<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="web1_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>

<Listener className="org.apache.jk.config.ApacheConfig"




  1. In order to run the Tomcat auto-config you need to assure that the following line represents the appropriate locations to your file and file.

<Listener className="org.apache.jk.config.ApacheConfig" modJk="/usr/lib/apache2/modules/" workersConfig="/etc/apache2/" />

  1. Restart Tomcat to create the auto-config file.

Important note: Make sure Apache2 is not running before restarting Tomcat or else auto-config will not create the config file.

cd /usr/lib/apache-tomcat/bin



  1. Provided you didn’t have any errors restarting Tomcat, you should have a newly created file in /usr/lib/apache-tomcat/conf/auto/ called mod_jk.conf.

  1. Now we need to open the /etc/apache2/apache2.conf file and add the following line at the bottom.

Include /usr/lib/apache-tomcat/conf/auto/mod_jk.conf 
Share this page:

21 Comment(s)

Add comment


From: Anonymous at: 2006-02-13 23:23:05

Great article! It will be very helpful for those people using Apache and tomcat to handle JSP etc.

The newly released Apache server 2.2 includes AJP Proxy support by default and other new features, I haven't tried it, but I think it should ease the configuration bridging apache and tomcat using the jk module. maybe you can look into it and give us another wonderful HOWTO :)

thank you!

From: lwpro2 at: 2010-10-05 04:05:25

for me, the easy to overlook part is that, apache forward the request to tomcat ajp1.3 connector port 8009(by default), not the container service port 8080(most of the time).

 so should be carefully as,



From: Anonymous at: 2006-03-06 07:10:09

The "Debian-way" of using the JVM would be to convert it to an deb first. This is very simple

apt-get install mpkg-j2sdk

Then simply

mpkg-j2sdk jdk-1_5_0_06-linux-i586.bin

afterwards you can install the correspondig deb by doing a

dpkg -i jdk...deb

From: Anonymous at: 2006-03-06 07:56:58

- JDK is not a requirement anymore, you only need JRE. From Tomcat web site:

"Tomcat 5.5 uses the Eclipse JDT Java compiler for compiling JSP pages. This means you no longer need to have the complete Java Development Kit (JDK) to run Tomcat, but a Java Runtime Environment (JRE) is sufficient. The Eclipse JDT Java compiler is bundled with the binary Tomcat distributions."

- One other thing that you should add in your howto is to configure Tomcat to run as a non-root user. The default is to run as root which is not secure, should tomcat be compromised, and not required, as tomcat listen to port 8080. You will find below an example of init.d file.





# tomcat This shell script takes care of starting and stopping

# tomcat.

# description: tomcat is a servlet/JSP engine, which can be used

# standalone or in conjunction with Apache


# Provides: Tomcat

# Required-Start: $local_fs $network $remote_fs apache2

# Required-Stop: $local_fs $network $remote_fs apache2

# Default-Start: 3 5

# Default-Stop: 0 1 2 6

# Short-Description: Tomcat

# Description: Tomcat



# See how we were called.

case "$1" in


# Start daemons.

echo -n "Starting tomcat: "

cd ~tomcat

su - tomcat -c '/opt/jakarta/tomcat/bin/ start'


[ $RETVAL -eq 0 ] && touch /var/lock/subsys/tomcat




# Stop daemons.

echo -n "Shutting down tomcat: "

cd ~tomcat

su - tomcat -c '/opt/jakarta/tomcat/bin/ stop'


[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/tomcat




$0 stop

$0 start




echo "Usage: tomcat {start|stop|restart}"

exit 1


exit $RETVAL

From: Anonymous at: 2006-03-06 12:57:39

I appreciate your efforts and that you share your work with others.

But if you use Debian why don't you do things the Debian way and reduce your howto to around 5 "apt-get install" statements and a reference to /usr/share/doc/libapache2-mod-jk?


jan (yeah (ät) yeahrock (dot) de)

From: Anonymous at: 2006-03-06 20:59:17

mod_jk has a bevy of options that should, in general, be set in in order to tune the connection to Apache as well as Tomcat. By default it's pretty wide open as far as connections and timeouts are concerned; it's very easy for Apache to accept way, way way more load than Tomcat sitting behind it can handle. Here are some of the important ones I've found and what I typically set them to, the actual reading of the docs is left up to you. :)

# Specify the size of the open connection cache.
# below are in seconds

# Advanced ping-pong options
# 0 (full recovery)
# 1 (don't recover if tomcat failed after getting the request)
# 2 (don't recover if tomcat failed after sending the headers to client)
# 3 (don't recover if tomcat failed getting the request or after sending
# the headers to client).
# below are in milliseconds
# under load it can take awhile to get a reply when doing an initial JSP compile

From: noota at: 2006-10-27 09:46:32

great article, man! helped me a lot and the best thing is that it actually works)

From: at: 2007-07-17 19:14:16

Thank you for the very good article. Besides the valuable configuration hints you are providing I took benefit from the advanced worker properties posted by Anonymous on Mon, 2006-03-06 21:59.

 I want to add that for "heavy" load on the tomcat workers it can be necessary to increase to maximum amount of threads. I specifiied that in each of the server.xml of my tomcats

  enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
  useBodyEncodingForURI="false" URIEncoding="UTF-8"
  maxThreads="350" minSpareThreads="25" maxSpareThreads="75" />
-Toddy (info (the-at) tinyimage (the-dot) com)

From: atc at: 2008-11-27 22:54:27
From: Anonymous at: 2006-02-14 08:26:06

In step 6, the command should be

./configure --with-apxs=/usr/bin/apxs2

but not ./configure --with-apxs2=/usr/bin/apxs2

I've tried using the second one and ended in some very needless confusion down the road: "./configure" wasn't finished successfully with the the second one and complained that the "webserver" (parameter) is missing. But that should not be the case because we are configuring for a shared library, not a static one.

From: ctroyp at: 2006-02-24 21:02:30

Thanks for catching that.


From: Anonymous at: 2006-03-06 11:42:46

if you're on a RPM based distribution it is probably wise to stick to using RPMs, provides RPMs for all things java.

From: Anonymous at: 2006-03-30 19:22:14

Please Note that by default Ubuntu does not come with a C++ compiler (At least Hoary 5.04). It may be necessary to get it so that the ./ command doesn't bomb. you can get that using the command: sudo aptitude install build-essential

From: Anonymous at: 2006-05-08 15:38:18

Your tutorial is really good, but on a debian (ubuntu) with jdk1.5 and apache2 you only need to do:

$ apt-get install libapache2-mod-jk2

And then enable the mod_jk module with 2 symbolic links on /etc/apache2/mod-enable

Thanks a lot for your work.

From: Anonymous at: 2006-07-18 12:41:16

mod_jk and mod_jk2 are two different connectors! As sarge only offers the deprecated mod_jk2 through the official repositories, you either have use or build mod_jk from the source.

From: at: 2007-09-19 10:49:21

I checked out the repository, and the version available now via the apt-get command is version JK NOT version jk2, so a simple

apt-get install libapache2-mod-jk

seems to work for me.

The version of debian under Ubuntu 7.04 is apparently debian 4.0 

From: Lalit Negi at: 2012-01-25 15:16:23


 I tried following all steps , on step 6 i got stuck , it always gives below error :

could not find /usr/bin/apxs2

configure: error: You must specify a valid --with-apxs path


I tried with other location of the apxs2 files like : 

/home/lnegi/SETUPS/apache2-threaded-dev_2.2.21-5_i386/usr/bin/apxs2 but get the same error everytime.


Kindly help.

From: Anonymous at: 2006-03-07 07:06:22

If you setup tomcat this way 1 tomcat to rule them all, every user can read another users home dir, isn't that a major security issue?

From: Anonymous at: 2006-04-07 08:15:42

It is not recommeded to place <Context> elements directly in the server.xml file. See

From: at: 2007-06-10 20:10:46

I get a "Useless use of AllowOverride" message when I start Apache2. I guess thats because the <LocationMatch> does now support AllowOverride option. Only <Directory> support it according to

From: Dan Kelleher at: 2011-11-01 20:02:46

The clearest and easiest to follow guide for mod_jk I found. Thanks very much.