Configuring Tomcat5 and Apache2 with Virtual Hosts using mod_jk - Page 4

Configure Apache

Important note: Be sure to make a copy of your config files before modifying.

  1. Open your Apache2 configuration file and add the following just below the line Include /usr/lib/apache-tomcat/conf/auto/mod_jk.conf.

# Where to find workers.properties
JkWorkersFile /etc/apache2/workers.properties

# Where to put jk logs
JkLogFile /var/log/apache2/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel info

# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories

# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"

# Globally deny access to the WEB-INF directory
<LocationMatch '.*WEB-INF.*'>
AllowOverride None
deny from all
</LocationMatch>

  1. This next section assumes you are using virtual hosts. In this system I am running ISPConfig where all of my Vhosts are defined in a separate file.

Otherwise, if you are not using ISPConfig and your Vhosts are defined within your main Apache2 config file, you just need to add this code there within the desired Vhosts that you want to utilize Tomcat (JSP/Servlets).

If you are not running Vhosts, simply add this code at the bottom of your main Apache2 config file.

For those running ISPConfig as I am, you will need to either manually place this code in the master Vhost (localhost) in the /etc/apache2/vhosts/Vhosts_ispconfig.conf or the selected Vhosts that you want to utilize Tomcat (JSP/Servlets) using the ISPConfig control panel—in the Apache Directives window for each website.

This is up to you.

For this server, I have the ISPConfig Vhosts defined in /etc/apache2/vhosts/Vhosts_ispconfig.conf.

You can either place this code after the <VirtualHost ipaddress:port> tag or just before the </VirtualHost> end tag. ISPConfig documentation recommends that you use the control panel to include any additional virtual host directives.

# Send servlet for context /servlets-examples to worker named worker1
JkMount /*/servlet/* worker1
# Send JSPs for context /jsp-examples to worker named worker1
JkMount /*.jsp worker1

Conclusion

To finalize and test this configuration you will need to copy the Tomcat example JSP files to the virtual host web directory that was defined in the server.xml, apache2.conf, and Vhosts_ispconfig.conf files. In the server.xml file you will notice that I am referencing the jsp-examples directory where jsp-examples is the name of the docbase. This will give you some idea of how the web applications will be setup for your website. You can find more details on the Tomcat website on how to generate your original web applications. In order to define another web application, you would need to define another worker (i.e. worker2) in the workers.properties file, add another host in the server.xml file, and add the same directives (using worker2 of course) to the respective VHost section.

      <!-- www.domain1.org -->
<Host name="www.domain1.org" appBase="/home/www/web2/web"
unpackWARs="true" autoDeploy="true">

<Context path="" docBase="jsp-examples" debug="0" reloadable="true"/>

<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="web1_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>
</Host>

  1. First copy just the jsp-examples directory to web1.

cp -R /usr/lib/apache-tomcat/webapps/jsp-examples /home/www/web1/web

  1. Next you need to restart Tomcat as described earlier and then restart Apache. Remember to restart Tomcat first so you will regenerate the mod_jk.conf file.

cd /usr/lib/apache-tomcat/bin

sh shutdown.sh

sh startup.sh

/etc/init.d/apache2 restart

  1. Finally test the websites by entering the respective url into your browser:

http://www.domain1.org/jsp-examples/

You should see the same jsp-examples html as you did in the default Tomcat page from earlier.

Congratulations! Your server should now be ready to support JSP/Servlets. Again, if you find any inconsistencies within this tutorial, please contact me so I can make the appropriate corrections.

Resources/Links

This tutorial was compiled using several resources that I found on the internet. Due to the trouble I had finding all of this information it only made sense to put it all together.

http://blog.gilluminate.com/?s=10

Integrating Tomcat and Apache on Red Hat Linux

Apache website

Tomcat website

Workers HowTo

http://tomcat.apache.org/connectors-doc-archive/jk2/jk2/vhosthowto.html

http://tomcat.apache.org/connectors-doc/howto/apache.html

The Perfect Setup - Debian Sarge (3.1)

http://archive.apache.org/dist/jakarta/tomcat-connectors/jk/source/jk-1.2.15/

pdo.debian.net

Share this page:

21 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-02-13 23:23:05

Great article! It will be very helpful for those people using Apache and tomcat to handle JSP etc.

The newly released Apache server 2.2 includes AJP Proxy support by default and other new features, I haven't tried it, but I think it should ease the configuration bridging apache and tomcat using the jk module. maybe you can look into it and give us another wonderful HOWTO :)

thank you!

From: lwpro2 at: 2010-10-05 04:05:25

for me, the easy to overlook part is that, apache forward the request to tomcat ajp1.3 connector port 8009(by default), not the container service port 8080(most of the time).

 so workers.properties should be carefully as,

 worker.worker1.type=ajp13

worker.worker1.host=localhost

worker.worker1.port=8009


From: Anonymous at: 2006-03-06 07:10:09

The "Debian-way" of using the JVM would be to convert it to an deb first. This is very simple

apt-get install mpkg-j2sdk

Then simply

mpkg-j2sdk jdk-1_5_0_06-linux-i586.bin

afterwards you can install the correspondig deb by doing a

dpkg -i jdk...deb

From: Anonymous at: 2006-03-06 07:56:58

- JDK is not a requirement anymore, you only need JRE. From Tomcat web site:

"Tomcat 5.5 uses the Eclipse JDT Java compiler for compiling JSP pages. This means you no longer need to have the complete Java Development Kit (JDK) to run Tomcat, but a Java Runtime Environment (JRE) is sufficient. The Eclipse JDT Java compiler is bundled with the binary Tomcat distributions."

- One other thing that you should add in your howto is to configure Tomcat to run as a non-root user. The default is to run as root which is not secure, should tomcat be compromised, and not required, as tomcat listen to port 8080. You will find below an example of init.d file.

Regards,

Gaël

#!/bin/sh

#

# tomcat This shell script takes care of starting and stopping

# tomcat.

# description: tomcat is a servlet/JSP engine, which can be used

# standalone or in conjunction with Apache

### BEGIN INIT INFO

# Provides: Tomcat

# Required-Start: $local_fs $network $remote_fs apache2

# Required-Stop: $local_fs $network $remote_fs apache2

# Default-Start: 3 5

# Default-Stop: 0 1 2 6

# Short-Description: Tomcat

# Description: Tomcat

### END INIT INFO

RETVAL=0

# See how we were called.

case "$1" in

start)

# Start daemons.

echo -n "Starting tomcat: "

cd ~tomcat

su - tomcat -c '/opt/jakarta/tomcat/bin/catalina.sh start'

RETVAL=$?

[ $RETVAL -eq 0 ] && touch /var/lock/subsys/tomcat

echo

;;

stop)

# Stop daemons.

echo -n "Shutting down tomcat: "

cd ~tomcat

su - tomcat -c '/opt/jakarta/tomcat/bin/catalina.sh stop'

RETVAL=$?

[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/tomcat

echo

;;

restart)

$0 stop

$0 start

RETVAL=$?

;;

*)

echo "Usage: tomcat {start|stop|restart}"

exit 1

esac

exit $RETVAL

From: Anonymous at: 2006-03-06 12:57:39

I appreciate your efforts and that you share your work with others.

But if you use Debian why don't you do things the Debian way and reduce your howto to around 5 "apt-get install" statements and a reference to /usr/share/doc/libapache2-mod-jk?

Cheers

jan (yeah (ät) yeahrock (dot) de)

From: Anonymous at: 2006-03-06 20:59:17

mod_jk has a bevy of options that should, in general, be set in workers.properties in order to tune the connection to Apache as well as Tomcat. By default it's pretty wide open as far as connections and timeouts are concerned; it's very easy for Apache to accept way, way way more load than Tomcat sitting behind it can handle. Here are some of the important ones I've found and what I typically set them to, the actual reading of the docs is left up to you. :)


# Specify the size of the open connection cache.
worker.ajp13.cachesize=1
worker.ajp13.retries=3
# below are in seconds
worker.ajp13.cache_timeout=60
worker.ajp13.socket_timeout=30
worker.ajp13.recycle_timeout=60

# Advanced ping-pong options
# 0 (full recovery)
# 1 (don't recover if tomcat failed after getting the request)
# 2 (don't recover if tomcat failed after sending the headers to client)
# 3 (don't recover if tomcat failed getting the request or after sending
# the headers to client).
worker.ajp13.recovery_options=0
# below are in milliseconds
worker.ajp13.prepost_timeout=5000
worker.ajp13.connect_timeout=5000
# under load it can take awhile to get a reply when doing an initial JSP compile
worker.ajp13.reply_timeout=60000

From: noota at: 2006-10-27 09:46:32

great article, man! helped me a lot and the best thing is that it actually works)

From: at: 2007-07-17 19:14:16

Thank you for the very good article. Besides the valuable configuration hints you are providing I took benefit from the advanced worker properties posted by Anonymous on Mon, 2006-03-06 21:59.

 I want to add that for "heavy" load on the tomcat workers it can be necessary to increase to maximum amount of threads. I specifiied that in each of the server.xml of my tomcats

<Connector
port="8009"
  enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
  useBodyEncodingForURI="false" URIEncoding="UTF-8"
  maxThreads="350" minSpareThreads="25" maxSpareThreads="75" />
-Toddy (info (the-at) tinyimage (the-dot) com)

From: atc at: 2008-11-27 22:54:27
From: Anonymous at: 2006-02-14 08:26:06

In step 6, the command should be

./configure --with-apxs=/usr/bin/apxs2

but not ./configure --with-apxs2=/usr/bin/apxs2

I've tried using the second one and ended in some very needless confusion down the road: "./configure" wasn't finished successfully with the the second one and complained that the "webserver" (parameter) is missing. But that should not be the case because we are configuring for a shared library, not a static one.

From: ctroyp at: 2006-02-24 21:02:30

Thanks for catching that.

Troy

From: Anonymous at: 2006-03-06 11:42:46

if you're on a RPM based distribution it is probably wise to stick to using RPMs, jpackage.org provides RPMs for all things java.

From: Anonymous at: 2006-03-30 19:22:14

Please Note that by default Ubuntu does not come with a C++ compiler (At least Hoary 5.04). It may be necessary to get it so that the ./buildconf.sh command doesn't bomb. you can get that using the command: sudo aptitude install build-essential

From: Anonymous at: 2006-05-08 15:38:18

Your tutorial is really good, but on a debian (ubuntu) with jdk1.5 and apache2 you only need to do:

$ apt-get install libapache2-mod-jk2

And then enable the mod_jk module with 2 symbolic links on /etc/apache2/mod-enable

Thanks a lot for your work.

From: Anonymous at: 2006-07-18 12:41:16

mod_jk and mod_jk2 are two different connectors! As sarge only offers the deprecated mod_jk2 through the official repositories, you either have use backports.org or build mod_jk from the source.

From: at: 2007-09-19 10:49:21

I checked out the repository, and the version available now via the apt-get command is version JK NOT version jk2, so a simple

apt-get install libapache2-mod-jk

seems to work for me.

The version of debian under Ubuntu 7.04 is apparently debian 4.0 

From: Lalit Negi at: 2012-01-25 15:16:23

hi,

 I tried following all steps , on step 6 i got stuck , it always gives below error :

could not find /usr/bin/apxs2

configure: error: You must specify a valid --with-apxs path

 

I tried with other location of the apxs2 files like : 

/home/lnegi/SETUPS/apache2-threaded-dev_2.2.21-5_i386/usr/bin/apxs2 but get the same error everytime.

 

Kindly help.

From: Anonymous at: 2006-03-07 07:06:22

If you setup tomcat this way 1 tomcat to rule them all, every user can read another users home dir, isn't that a major security issue?

From: Anonymous at: 2006-04-07 08:15:42

It is not recommeded to place <Context> elements directly in the server.xml file. See http://tomcat.apache.org/tomcat-5.5-doc/config/context.html

From: at: 2007-06-10 20:10:46

I get a "Useless use of AllowOverride" message when I start Apache2. I guess thats because the <LocationMatch> does now support AllowOverride option. Only <Directory> support it according to http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride

From: Dan Kelleher at: 2011-11-01 20:02:46

The clearest and easiest to follow guide for mod_jk I found. Thanks very much.