Hi all, I am looking for some advice regarding the usual directory layout for Virtual Hosts and tomcat.
Currently I have a working setup of apache and tomcat using mod_jk. I have set things up the way that tomcat seems to prefer (or what others seem to have done based on the documentation I could find). Essentially, I have apache and tomcat both using the same document root so that apache will serve any static html pages and tomcat will do the jsp and servlet stuff. However, I am concerned that from a security point of view, this may not be the best option. In particular, this means that my cgi-bin directory comes below my document root and I have to explicitely deny access to the WEB-INF directory. Anyway, I am a little confused as to the best way to go in terms of security and at the same time most easily separable into Virtual Hosts so that different people can work on their own projects without interfering with others. Any suggestions welcome. In particular, I am interested in how others have set up virtual hosts for tomcat. Regards. Mark. Currently each of my Virtual Hosts has the following directory layout: /www/hostname/ -> all static html files -> also appBase to tomcat host /cgi-bin/ -> perl cgi scripts etc. I have configured Virtual hosts like follows in apache: ... cut ... <VirtualHost *> ServerName www.myhost.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /www/myhost JKMount /servlet/* ajp13 JKMount /*.jsp ajp13 <Directory /www/myhost/> AllowOverride None Options Indexes Order Deny,Allow Allow from all </Directory> ScriptAlias /cgi-bin/ /www/myhost/cgi-bin/ <Directory /www/myhost/cgi-bin/> Allow from all Options ExecCGI </Directory> <Location /WEB-INF/> deny from all </Location> <Location /META-INF/> deny from all </Location> </VirtualHost> And I have the following in my server.xml file: ... cut ... <Service name="Tomcat-Apache"> <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" port="8009" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0"/> <Engine name="Tomcat-Apache" defaultHost="localhost" debug="0"> <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix="" timestamp="true"/> <Realm className="org.apache.catalina.realm.MemoryRealm" /> ... ... ... snip localhost section ... ... ... <!-- www.myhost.com VirtualHost --> <Host name="www.multistep.info" debug="0" unpackWARs="false"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="myhost_access_log." suffix="" pattern="common" /> <Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="myhost_log." suffix="" timestamp="true"/> <Context path="" docBase="/www/myhost" crossContext="false" debug="0" reloadable="true" /> </Host> </Engine> </Service> </Server>
msg66027/pgp00000.pgp
Description: PGP signature