Hi all, I am looking for some advice regarding the usual directory layout for Virtual Hosts and tomcat.
Currently I have a working setup of apache and tomcat using mod_jk. I
have set things up the way that tomcat seems to prefer (or what others
seem to have done based on the documentation I could find).
Essentially, I have apache and tomcat both using the same document root
so that apache will serve any static html pages and tomcat will do the
jsp and servlet stuff. However, I am concerned that from a security
point of view, this may not be the best option. In particular, this
means that my cgi-bin directory comes below my document root and I have
to explicitely deny access to the WEB-INF directory.
Anyway, I am a little confused as to the best way to go in terms of
security and at the same time most easily separable into Virtual Hosts
so that different people can work on their own projects without
interfering with others.
Any suggestions welcome. In particular, I am interested in how others
have set up virtual hosts for tomcat.
Regards.
Mark.
Currently each of my Virtual Hosts has the following directory layout:
/www/hostname/ -> all static html files
-> also appBase to tomcat host
/cgi-bin/ -> perl cgi scripts etc.
I have configured Virtual hosts like follows in apache:
... cut ...
<VirtualHost *>
ServerName www.myhost.com
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /www/myhost
JKMount /servlet/* ajp13
JKMount /*.jsp ajp13
<Directory /www/myhost/>
AllowOverride None
Options Indexes
Order Deny,Allow
Allow from all
</Directory>
ScriptAlias /cgi-bin/ /www/myhost/cgi-bin/
<Directory /www/myhost/cgi-bin/>
Allow from all
Options ExecCGI
</Directory>
<Location /WEB-INF/>
deny from all
</Location>
<Location /META-INF/>
deny from all
</Location>
</VirtualHost>
And I have the following in my server.xml file:
... cut ...
<Service name="Tomcat-Apache">
<Connector className="org.apache.ajp.tomcat4.Ajp13Connector"
port="8009" minProcessors="5" maxProcessors="75"
enableLookups="true" acceptCount="10" debug="0"/>
<Engine name="Tomcat-Apache" defaultHost="localhost" debug="0">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=""
timestamp="true"/>
<Realm className="org.apache.catalina.realm.MemoryRealm" />
... ...
... snip localhost section ...
... ...
<!-- www.myhost.com VirtualHost -->
<Host name="www.multistep.info" debug="0" unpackWARs="false">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="myhost_access_log." suffix=""
pattern="common" />
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="myhost_log." suffix=""
timestamp="true"/>
<Context path="" docBase="/www/myhost"
crossContext="false" debug="0" reloadable="true" />
</Host>
</Engine>
</Service>
</Server>
msg66027/pgp00000.pgp
Description: PGP signature
