Re: Apache Accessing Tomcat Issue
On 29/03/2013 10:29 AM, Chris Arnold carn...@electrichendrix.com wrote:
Apache Tomcat/7.0.30 on SLES11 SP2. I am trying to configure access to a
webapp using http://share.domain.com. This webapp uses port 8080 and works
fine from inside the LAN. However, we have an apache2 server acting as a
proxy and we want users to not have to type in a port number.
Now when accessing http://share.domain.com, the result is directories and
files are listed, the jsp files are not running. Here is my complete setup:
You cant overlap apache and tomcat file system
jk.conf-
# simple configuration for apache (for AJP connector, modul mod_jk.so)
IfModule mod_jk.c
JkWorkersFile /opt/alfresco/tomcat/workers.properties
JkLogFile /var/log/alfresco/mod_jk.log
JkShmFile /var/log/alfresco/shm
# Log level to be used by mod_jk
JkLogLevel error
# The following line mounts all JSP files and the /servlet/ uri to
tomcat
#JkMount /servlets-examples/servlet/* ajp13
JkMount /share/*.jsp ajp13
/IfModule
virtualhost-
VirtualHost *:80
ServerName share.domain.com
#RewriteEngine On
#RewriteCond %{REQUEST_URI} !^/share/
#RewriteCond %{HTTPS} on
#RewriteRule ^/. http://share.paradixent.com/share/ [P]
#JkMount /share/* worker1
IfModule mod_jk.c
# The following line makes apache aware of the location of
# the /jsp-examples context
Alias /share /opt/alfresco/tomcat/webapps/share
Directory /opt/alfresco/tomcat/webapps/share
Options Indexes FollowSymLinks
allow from all
/Directory
# The following line mounts all JSP files and the /servlet/ uri to
tomcat
#JkMount /servlets-examples/servlet/* ajp13
JkMount /share/*.jsp ajp13
# The following line prohibits users from directly accessing WEB-INF
Location /share/WEB-INF/
#AllowOverride None
deny from all
/Location
# if not specified, the global error log is used
ErrorLog /var/log/apache2domain.com-error_log
CustomLog /var/log/apache2/domain.com-access_log combined
/IfModule
/VirtualHost
httpd.conf-
# mod_jk
Include /opt/alfresco/tomcat/conf/jk.conf
Mod_jk is loaded:
web:~ # /usr/sbin/httpd2 -M
Loaded Modules:
...
jk_module (shared)
perl_module (shared)
php5_module (shared)
Syntax OK
Here is the log from apache:
[Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading
from remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
[Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout
specified has expired: proxy: error reading status line from remote server
share.paradixent.com
[Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading
from remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
Any ideas why the folder and files are being listed instead of running?
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Setting up tomcat to run on port 443 on ubuntu system
Hi, I want to run my tomcat on port 443 with https on an Ubuntu machine. what are the required steps i should take, please guide me through it. I search Internet but did not get any proper solution that is why i am here sending you this mail. Please help me. this will be really appreciating. Thanks Regards, Shyam Yadav
Re: Setting up tomcat to run on port 443 on ubuntu system
Shyam, On 29.3.2013 9:38, Shyam Yadav wrote: I want to run my tomcat on port 443 with https on an Ubuntu machine. what are the required steps i should take, please guide me through it. I search Internet but did not get any proper solution that is why i am here sending you this mail. Please help me. this will be really appreciating. 1. Read about connectors and choose whether you are going to use APR, NIO or BIO: http://people.apache.org/~markt/presentations/2009-04-01-TomcatTuning.pdf (starting form slide 15) http://tomcat.apache.org/tomcat-7.0-doc/config/http.html 2. Read how to generate certificate: http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html Note that if you use APR connector you should generate certificates using openssl, and if you use NIO/BIO connectors you should use Java keytool.* You may start with generating self-signed certificate, but later you may want to use CA-signed certificate. 3. Configure https connector to use certificates. Again APR uses one set of connector parameters, while NIO/BIO uses the other. Read the connector documentation carefully. -Ognjen * There are other possibilities but using tool that matches the connector is the easiest to start with. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Accessing Tomcat Issue
On 29.03.2013 00:24, Chris Arnold wrote:
Apache Tomcat/7.0.30 on SLES11 SP2. I am trying to configure access to a
webapp using http://share.domain.com. This webapp uses port 8080 and works
fine from inside the LAN. However, we have an apache2 server acting as a
proxy and we want users to not have to type in a port number.
Now when accessing http://share.domain.com, the result is directories and
files are listed, the jsp files are not running. Here is my complete setup:
jk.conf-
# simple configuration for apache (for AJP connector, modul mod_jk.so)
IfModule mod_jk.c
JkWorkersFile /opt/alfresco/tomcat/workers.properties
JkLogFile /var/log/alfresco/mod_jk.log
JkShmFile /var/log/alfresco/shm
# Log level to be used by mod_jk
JkLogLevel error
# The following line mounts all JSP files and the /servlet/ uri to tomcat
#JkMount /servlets-examples/servlet/* ajp13
JkMount /share/*.jsp ajp13
Note that you only forward JSP-Requests here. might be OK, depending on
the application.
/IfModule
virtualhost-
VirtualHost *:80
ServerName share.domain.com
#RewriteEngine On
#RewriteCond %{REQUEST_URI} !^/share/
#RewriteCond %{HTTPS} on
#RewriteRule ^/. http://share.paradixent.com/share/ [P]
#JkMount /share/* worker1
Although the proxy rewrite rules are commented out here, later down the
log indicates you are still somewhere using mod_proxy instead of mod_jk.
IfModule mod_jk.c
# The following line makes apache aware of the location of
# the /jsp-examples context
Alias /share /opt/alfresco/tomcat/webapps/share
Directory /opt/alfresco/tomcat/webapps/share
Options Indexes FollowSymLinks
allow from all
/Directory
You can let Apache serve static content directly from an exploded
webapp, but it is generally not recommended, because you then also open
up stuff that's not expected to be made public to requests from outside.
If below share there's anything that's not meant to be served by
Apache, then it would be beter to copy the stuff that Apache should
serve to a separate directory, which would then be the one to put into
the Alias.
# The following line mounts all JSP files and the /servlet/ uri to tomcat
#JkMount /servlets-examples/servlet/* ajp13
JkMount /share/*.jsp ajp13
# The following line prohibits users from directly accessing WEB-INF
Location /share/WEB-INF/
#AllowOverride None
deny from all
/Location
That's one exampe for stuff you don't want to be served, META-INF as
well (if existing), there could be other stuff as well.
# if not specified, the global error log is used
ErrorLog /var/log/apache2domain.com-error_log
CustomLog /var/log/apache2/domain.com-access_log combined
/IfModule
/VirtualHost
httpd.conf-
# mod_jk
Include /opt/alfresco/tomcat/conf/jk.conf
Mod_jk is loaded:
web:~ # /usr/sbin/httpd2 -M
Loaded Modules:
...
jk_module (shared)
perl_module (shared)
php5_module (shared)
Syntax OK
Here is the log from apache:
[Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading from
remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
[Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout
specified has expired: proxy: error reading status line from remote server
share.paradixent.com
[Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading from
remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
What's the request you send? What's the expected response and what's the
actual response?
The above log snippet tells us that somewhere in your config you have
mod_proxy active, which is an alternative way to connect to a backend.
You should get your idea straight, for which URLs you are using
mod_proxy and for which mod_jk. I would suggest to stick with one.
You didn't show us your worker.properties file.
You didn't show us your mod_jk log file.
Regards,
Rainer
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Hi Ognjen, Its really very nice that you replied so soon. Thank you for your involvement. I am getting this following exception and the tomcat doesn't start. java.net.BindException: Permission denied null:443 I am really stuck with it. Please help me out with it. Thanks Regards, Shyam Yadav On Fri, Mar 29, 2013 at 2:55 PM, Ognjen Blagojevic ognjen.d.blagoje...@gmail.com wrote: Shyam, On 29.3.2013 9:38, Shyam Yadav wrote: I want to run my tomcat on port 443 with https on an Ubuntu machine. what are the required steps i should take, please guide me through it. I search Internet but did not get any proper solution that is why i am here sending you this mail. Please help me. this will be really appreciating. 1. Read about connectors and choose whether you are going to use APR, NIO or BIO: http://people.apache.org/~**markt/presentations/2009-04-** 01-TomcatTuning.pdfhttp://people.apache.org/%7Emarkt/presentations/2009-04-01-TomcatTuning.pdf(starting form slide 15) http://tomcat.apache.org/**tomcat-7.0-doc/config/http.**htmlhttp://tomcat.apache.org/tomcat-7.0-doc/config/http.html 2. Read how to generate certificate: http://tomcat.apache.org/**tomcat-7.0-doc/ssl-howto.htmlhttp://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html Note that if you use APR connector you should generate certificates using openssl, and if you use NIO/BIO connectors you should use Java keytool.* You may start with generating self-signed certificate, but later you may want to use CA-signed certificate. 3. Configure https connector to use certificates. Again APR uses one set of connector parameters, while NIO/BIO uses the other. Read the connector documentation carefully. -Ognjen * There are other possibilities but using tool that matches the connector is the easiest to start with. --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Am 2013-03-29 09:38, schrieb Shyam Yadav: Hi, I want to run my tomcat on port 443 with https on an Ubuntu machine. what are the required steps i should take, please guide me through it. I search Internet but did not get any proper solution that is why i am here sending you this mail. Hi Shyam, a few things you need to consider: 1. You have Tomcat already prepackaged on Ubuntu which works very well. 2. Only root is allowed bind ports below 1024. Regarding 1: This is solved by the Ubuntu package Regarding 2: Root must start the binary and perform a so called downgrade Now, you have following options: 1. Use Ubuntu's start-stop-daemon 2. do $ su - tomcat -c startup.sh 3. Evaluate Commons Daemon which will perform that aforementioned downgrade in plain C. Ubuntu actually does that with 1 and 3. HAve a look at Ubuntu's tomcat6 startup script. Michael - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Shyam, On 29.3.2013 11:16, Shyam Yadav wrote: I am getting this following exception and the tomcat doesn't start. java.net.BindException: Permission denied null:443 I am really stuck with it. Please help me out with it. How do you start tomcat? Which user runs the Tomcat process? It is recommended that you run Tomcat with unprivileged user (e.g. 'tomcat'). If you do it like that, process started by unprivileged user may not bind to port under 1024 (443 included). Maybe this is the source for the exception you get? If my assumption is correct, you may try to use jsvc from commons-daemon to run tomcat. More details here: http://tomcat.apache.org/tomcat-7.0-doc/setup.html#Unix_daemon -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Accessing Tomcat Issue
On 29.03.2013 00:24, Chris Arnold wrote:
# The following line mounts all JSP files and the /servlet/ uri to tomcat
#JkMount /servlets-examples/servlet/* ajp13
JkMount /share/*.jsp ajp13
Note that you only forward JSP-Requests here. might be OK, depending on
the application.
The application, just for reference, is alfresco
#RewriteEngine On
#RewriteCond %{REQUEST_URI} !^/share/
#RewriteCond %{HTTPS} on
#RewriteRule ^/. http://share.paradixent.com/share/ [P]
#JkMount /share/* worker1
Although the proxy rewrite rules are commented out here, later down the
log indicates you are still somewhere using mod_proxy instead of mod_jk.
mod_proxy is used on this installation of apache. I am told i need to use
mod_jk in this instance. I need users to access this application like so:
http://share.domain.com and using mod_jk is the easiest way to do this (thats
what i am told)
IfModule mod_jk.c
# The following line makes apache aware of the location of
# the /jsp-examples context
Alias /share /opt/alfresco/tomcat/webapps/share
Directory /opt/alfresco/tomcat/webapps/share
Options Indexes FollowSymLinks
allow from all
/Directory
You can let Apache serve static content directly from an exploded
webapp, but it is generally not recommended, because you then also open
up stuff that's not expected to be made public to requests from outside.
I understand this
If below share there's anything that's not meant to be served by
Apache, then it would be beter to copy the stuff that Apache should
serve to a separate directory, which would then be the one to put into
the Alias.
but wouldn't this still have stuff below /share open?
# The following line mounts all JSP files and the /servlet/ uri to tomcat
#JkMount /servlets-examples/servlet/* ajp13
JkMount /share/*.jsp ajp13
# The following line prohibits users from directly accessing WEB-INF
Location /share/WEB-INF/
#AllowOverride None
deny from all
/Location
That's one exampe for stuff you don't want to be served, META-INF as
well (if existing), there could be other stuff as well.
# if not specified, the global error log is used
ErrorLog /var/log/apache2domain.com-error_log
CustomLog /var/log/apache2/domain.com-access_log combined
/IfModule
/VirtualHost
httpd.conf-
# mod_jk
Include /opt/alfresco/tomcat/conf/jk.conf
Mod_jk is loaded:
web:~ # /usr/sbin/httpd2 -M
Loaded Modules:
...
jk_module (shared)
perl_module (shared)
php5_module (shared)
Syntax OK
Here is the log from apache:
[Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading from
remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
[Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout
specified has expired: proxy: error reading status line from remote server
share.paradixent.com
[Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading from
remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
What's the request you send?
i assume you are asking for the link? Which is http://share.domain.com
What's the expected response
a login page
and what's the actual response?
depending on whether i have the rewrite rules commented out or not, uncommented
is a directory listing. Commented out is eventually a 503 Bad Gateway.
The above log snippet tells us that somewhere in your config you have
mod_proxy active, which is an alternative way to connect to a backend.
You should get your idea straight, for which URLs you are using
mod_proxy and for which mod_jk. I would suggest to stick with one.
If it possible to use mod_proxy and have users access http://share.domain.com,
thats what i would like to do. I have been unable to accomplish this result and
therefore have tried mod_jk.
You didn't show us your worker.properties file.
workers.properties-
# OPTIONS ( very important for jni mode )
#
# workers.tomcat_home should point to the location where you
# installed tomcat. This is where you have your conf, webapps and lib
# directories.
#
workers.tomcat_home=/opt/alfresco/tomcat
#
# workers.java_home should point to your Java installation. Normally
# you should have a bin and lib directories beneath it.
#
workers.java_home=/opt/IBMJava2-13
#
# You should configure your environment slash... ps=\ on NT and / on UNIX
# and maybe something different elsewhere.
#
ps=/
#
#-- ADVANCED MODE
#-
#
#
#-- DEFAULT worker list --
#-
#
#
# The workers that your plugins should create and work with
#
# Add 'inprocess' if you want JNI connector
worker.list=ajp12, ajp13
# , inprocess
#
#-- DEFAULT ajp12 WORKER DEFINITION
Re: Apache Accessing Tomcat Issue
What's the request you send? i assume you are asking for the link? Which is http://share.domain.com What's the expected response a login page and what's the actual response? Now, it is a 403: [Fri Mar 29 08:15:24 2013] [error] [client pub ip] Directory index forbidden by Options directive: /srv/www/htdocs/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Hi Ognjen, You are right. I am not running tomcat from root user. But I have an requirement where tomcat should be running from normal user. Is it possible anyway? and is it going to affect system and performance?? Thanks Regards, Shyam Yadav On Fri, Mar 29, 2013 at 4:35 PM, Ognjen Blagojevic ognjen.d.blagoje...@gmail.com wrote: Shyam, On 29.3.2013 11:16, Shyam Yadav wrote: I am getting this following exception and the tomcat doesn't start. java.net.BindException: Permission denied null:443 I am really stuck with it. Please help me out with it. How do you start tomcat? Which user runs the Tomcat process? It is recommended that you run Tomcat with unprivileged user (e.g. 'tomcat'). If you do it like that, process started by unprivileged user may not bind to port under 1024 (443 included). Maybe this is the source for the exception you get? If my assumption is correct, you may try to use jsvc from commons-daemon to run tomcat. More details here: http://tomcat.apache.org/**tomcat-7.0-doc/setup.html#**Unix_daemonhttp://tomcat.apache.org/tomcat-7.0-doc/setup.html#Unix_daemon -Ognjen --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Setting up tomcat to run on port 443 on ubuntu system
From: Shyam Yadav [mailto:shyam.ya...@mobicule.com] Subject: Re: Setting up tomcat to run on port 443 on ubuntu system Hi Ognjen, Don't top-post; it's extremely difficult to figure out exactly what you're replying to when you do so. But I have an requirement where tomcat should be running from normal user. This is in the FAQ: http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F Ignore the bit about front-ending Tomcat with httpd; that's overhead-inducing massive overkill. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Shyam, On 29.3.2013 13:36, Shyam Yadav wrote: You are right. I am not running tomcat from root user. But I have an requirement where tomcat should be running from normal user. Is it possible anyway? It is possible, and recommended. Using jsvc for instance, as I explained in previos post. and is it going to affect system and performance?? No, it won't. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Hi Ognjen, I did all the setting you have mentioned for Unix Daemon for Tomcat, but still i am getting the same problem. i.e. Permission Denied. Thank you very much sir for helping me out but still its not working. This may be my mistake. Thanks Regards, Shyam Yadav
Re: Apache Accessing Tomcat Issue
On 29.03.2013 13:10, Chris Arnold wrote:
On 29.03.2013 00:24, Chris Arnold wrote:
# The following line mounts all JSP files and the /servlet/ uri to tomcat
#JkMount /servlets-examples/servlet/* ajp13
JkMount /share/*.jsp ajp13
Note that you only forward JSP-Requests here. might be OK, depending on
the application.
The application, just for reference, is alfresco
#RewriteEngine On
#RewriteCond %{REQUEST_URI} !^/share/
#RewriteCond %{HTTPS} on
#RewriteRule ^/. http://share.paradixent.com/share/ [P]
#JkMount /share/* worker1
Although the proxy rewrite rules are commented out here, later down the
log indicates you are still somewhere using mod_proxy instead of mod_jk.
mod_proxy is used on this installation of apache. I am told i need to use
mod_jk in this instance. I need users to access this application like so:
http://share.domain.com and using mod_jk is the easiest way to do this (thats
what i am told)
So mod_proxy is loaded but you don't want to use it to access alfresco,
instead just mod_jk, right? Then don't use any ReWriteRule with the [P}
flag or any Proxy... directive.
OK as above, since commented, so not active.
IfModule mod_jk.c
# The following line makes apache aware of the location of
# the /jsp-examples context
Alias /share /opt/alfresco/tomcat/webapps/share
Directory /opt/alfresco/tomcat/webapps/share
Options Indexes FollowSymLinks
allow from all
/Directory
You can let Apache serve static content directly from an exploded
webapp, but it is generally not recommended, because you then also open
up stuff that's not expected to be made public to requests from outside.
I understand this
If below share there's anything that's not meant to be served by
Apache, then it would be beter to copy the stuff that Apache should
serve to a separate directory, which would then be the one to put into
the Alias.
but wouldn't this still have stuff below /share open?
Assume all static images, css, js are in some /path/to/my/folder/static
and there's nothing else underneath it, that folder would be a place to
publish directly via Alias in Apache.
# The following line mounts all JSP files and the /servlet/ uri to tomcat
#JkMount /servlets-examples/servlet/* ajp13
JkMount /share/*.jsp ajp13
# The following line prohibits users from directly accessing WEB-INF
Location /share/WEB-INF/
#AllowOverride None
deny from all
/Location
That's one exampe for stuff you don't want to be served, META-INF as
well (if existing), there could be other stuff as well.
# if not specified, the global error log is used
ErrorLog /var/log/apache2domain.com-error_log
CustomLog /var/log/apache2/domain.com-access_log combined
/IfModule
/VirtualHost
httpd.conf-
# mod_jk
Include /opt/alfresco/tomcat/conf/jk.conf
Mod_jk is loaded:
web:~ # /usr/sbin/httpd2 -M
Loaded Modules:
...
jk_module (shared)
perl_module (shared)
php5_module (shared)
Syntax OK
Here is the log from apache:
[Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading from
remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
[Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout
specified has expired: proxy: error reading status line from remote server
share.paradixent.com
[Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading from
remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
What's the request you send?
i assume you are asking for the link? Which is http://share.domain.com
I'm guessing here: what you want is that the request for
http://share.domain.com should be forwarded to the Tomcat web
application names share.
For that I would put the following directives into the Apache
VirtualHost that actually serves the request.
- Add a redirect for the URI / to /share/ to the Apache config:
RedirectMatch ^/$ http://share.domain.com/share/
- Forward all requests that point below /share to Tomcat and let them be
served by the webapp:
JkMount /share|/* myworker
You can choose any name for myworker, but see below for
workers.properties.
- Remove other JkMount, Alias etc.
At this step:
- do not try to serve static content from Apache, first get this to work
before adding the additional complexity.
- do not try to make the webapp /share/ directly available under the top
level directory. It is OK to redirect the a request for
http://share.domain.com/ to http://share.domain.com/share/ and proceed
from there as above, but it is harder to remove the share URI path
component from each request. If you really need to do this, then use
mod_proxy, not mod_jk.
What's the expected response
a login page
and what's the actual response?
depending on whether i have the rewrite rules commented out or not,
uncommented is a directory listing. Commented out is
Re: Apache Accessing Tomcat Issue
This thread is getting kinda messy so i am going to snip a bunch of stuff and
answer your latest info.
So mod_proxy is loaded but you don't want to use it to access alfresco,
instead just mod_jk, right? Then don't use any ReWriteRule with the [P}
flag or any Proxy... directive.
No, if this can be done with mod_proxy, i would prefer to do that. I have been
unable to get mod_proxy working so users type http://share.domain.com and get
the required results (which is http://share.domain.com/share)
Assume all static images, css, js are in some /path/to/my/folder/static
and there's nothing else underneath it, that folder would be a place to
publish directly via Alias in Apache.
OK
I'm guessing here: what you want is that the request for
http://share.domain.com should be forwarded to the Tomcat web
application names share.
Exactly
For that I would put the following directives into the Apache
VirtualHost that actually serves the request.
- Add a redirect for the URI / to /share/ to the Apache config:
RedirectMatch ^/$ http://share.domain.com/share/
- Forward all requests that point below /share to Tomcat and let them be
served by the webapp:
JkMount /share|/* myworker
- Remove other JkMount, Alias etc.
Here is the modified virtualhost file:
VirtualHost *:80
ServerName share.domain.com
#RewriteEngine On
#RewriteCond %{REQUEST_URI} !^/share/
#RewriteCond %{HTTPS} on
#RewriteRule ^/. http://share.domain.com/share/ [P]
JkMount /share|/* worker1
RedirectMatch ^/$ http://share.domain.com/share/
IfModule mod_jk.c
# The following line makes apache aware of the location of
# the /jsp-examples context
#Alias /share /opt/alfresco/tomcat/webapps/share
#Directory /opt/alfresco/tomcat/webapps/share
#Options Indexes FollowSymLinks
#allow from all
#/Directory
# The following line mounts all JSP files and the /servlet/ uri to tomcat
#JkMount /servlets-examples/servlet/* ajp13
#JkMount /share/*.jsp ajp13
# The following line prohibits users from directly accessing WEB-INF
#Location /share/WEB-INF/
#AllowOverride None
#deny from all
#/Location
# if not specified, the global error log is used
ErrorLog /var/log/apache2/domain.com-error_log
CustomLog /var/log/apache2/domain.com-access_log combined
/IfModule
/VirtualHost
At this step:
- do not try to serve static content from Apache, first get this to work
before adding the additional complexity.
- do not try to make the webapp /share/ directly available under the top
level directory. It is OK to redirect the a request for
http://share.domain.com/ to http://share.domain.com/share/ and proceed
from there as above, but it is harder to remove the share URI path
component from each request. If you really need to do this, then use
mod_proxy, not mod_jk.
Doing the above, does that take care of what you stated here?
Don't use this configuration. It is garbage.
Download a mod_jk source distribution (recent is version 1.2.37) which
contains a nive default workers.properties file. You can also get it here:
http://svn.apache.org/viewvc/tomcat/jk/trunk/conf/workers.properties?view=co
In that file, remove all lines referring to node2 and replace node1
by whatever worker name you have chosen in JkMount (myworker or whatever).
Finally set host and port of that worker to whatever port and server
name your Tomcat listens to.
Here is the new workers.properties file:
..
# the final value for y will be value\something
# Define two status worker:
# - jk-status for read-only use
# - jk-manager for read/write use
worker.list=jk-status
worker.jk-status.type=status
worker.jk-status.read_only=true
worker.list=jk-manager
worker.jk-manager.type=status
# We define a load balancer worker
# with name balancer
worker.list=balancer
worker.balancer.type=lb
# error_escalation_time: seconds, default = recover_time/2 (=30)
# Determines, how fast a detected error should switch from
# local error state to global error state
# Since: 1.2.28
worker.balancer.error_escalation_time=0
# - max_reply_timeouts: number, default=0
# If there are to many reply timeouts, a worker
# is put into the error state, i.e. it will become
# unavailable for all sessions residing on the respective
# Tomcat. The number of tolerated reply timeouts is
# configured with max_reply_timeouts. The number of
# timeouts occuring is divided by 2 once a minute and the
# resulting counter is compared against max_reply_timeouts.
# If you set max_reply_timeouts to N and the errors are
# occuring equally distributed over time, you will
# tolerate N/2 errors per minute. If they occur in a burst
# you will tolerate N errors.
# Since: 1.2.24
worker.balancer.max_reply_timeouts=10
# Now we add members to the load balancer
# First member is node1, most
# attributes are inherited from the
# template worker.template.
worker.balancer.balance_workers=worker1
Re: Apache Accessing Tomcat Issue
On 29.03.2013 18:02, Chris Arnold wrote:
This thread is getting kinda messy so i am going to snip a bunch of stuff and
answer your latest info.
Good.
So mod_proxy is loaded but you don't want to use it to access alfresco,
instead just mod_jk, right? Then don't use any ReWriteRule with the [P}
flag or any Proxy... directive.
No, if this can be done with mod_proxy, i would prefer to do that. I have
been unable to get mod_proxy working so users type http://share.domain.com
and get the required results (which is http://share.domain.com/share)
Let's stick to mod_jk for the moment. I think you are close.
Here is the modified virtualhost file:
VirtualHost *:80
ServerName share.domain.com
#RewriteEngine On
#RewriteCond %{REQUEST_URI} !^/share/
#RewriteCond %{HTTPS} on
#RewriteRule ^/. http://share.domain.com/share/ [P]
JkMount /share|/* worker1
RedirectMatch ^/$ http://share.domain.com/share/
IfModule mod_jk.c
# The following line makes apache aware of the location of
# the /jsp-examples context
#Alias /share /opt/alfresco/tomcat/webapps/share
#Directory /opt/alfresco/tomcat/webapps/share
#Options Indexes FollowSymLinks
#allow from all
#/Directory
# The following line mounts all JSP files and the /servlet/ uri to tomcat
#JkMount /servlets-examples/servlet/* ajp13
#JkMount /share/*.jsp ajp13
# The following line prohibits users from directly accessing WEB-INF
#Location /share/WEB-INF/
#AllowOverride None
#deny from all
#/Location
# if not specified, the global error log is used
ErrorLog /var/log/apache2/domain.com-error_log
CustomLog /var/log/apache2/domain.com-access_log combined
/IfModule
/VirtualHost
Looks good to me, you can remove the IfModule tags. They don't contain
anything mod_jk specific any more and in fact if mod_jk is not loaded
you'd want the whole thing to bomb at startup and not just ignore mod_jk
config.
You've chosen the worker name worker1. Fine.
At this step:
- do not try to serve static content from Apache, first get this to work
before adding the additional complexity.
- do not try to make the webapp /share/ directly available under the top
level directory. It is OK to redirect the a request for
http://share.domain.com/ to http://share.domain.com/share/ and proceed
from there as above, but it is harder to remove the share URI path
component from each request. If you really need to do this, then use
mod_proxy, not mod_jk.
Doing the above, does that take care of what you stated here?
Looks good to me.
Here is the new workers.properties file:
..
# the final value for y will be value\something
# Define two status worker:
# - jk-status for read-only use
# - jk-manager for read/write use
worker.list=jk-status
worker.jk-status.type=status
worker.jk-status.read_only=true
worker.list=jk-manager
worker.jk-manager.type=status
# We define a load balancer worker
# with name balancer
worker.list=balancer
worker.balancer.type=lb
# error_escalation_time: seconds, default = recover_time/2 (=30)
# Determines, how fast a detected error should switch from
# local error state to global error state
# Since: 1.2.28
worker.balancer.error_escalation_time=0
# - max_reply_timeouts: number, default=0
# If there are to many reply timeouts, a worker
# is put into the error state, i.e. it will become
# unavailable for all sessions residing on the respective
# Tomcat. The number of tolerated reply timeouts is
# configured with max_reply_timeouts. The number of
# timeouts occuring is divided by 2 once a minute and the
# resulting counter is compared against max_reply_timeouts.
# If you set max_reply_timeouts to N and the errors are
# occuring equally distributed over time, you will
# tolerate N/2 errors per minute. If they occur in a burst
# you will tolerate N errors.
# Since: 1.2.24
worker.balancer.max_reply_timeouts=10
# Now we add members to the load balancer
# First member is node1, most
# attributes are inherited from the
# template worker.template.
worker.balancer.balance_workers=worker1
worker.worker1.reference=worker.template
worker.worker1.host=localhost
worker.worker1.port=8080
# Activation allows to configure
# whether this node should actually be used
# A: active (use node fully)
# D: disabled (only use, if sticky session needs this node)
# S: stopped (do not use)
# Since: 1.2.19
worker.worker1.activation=A
# Second member is node2, most
# attributes are inherited from the
# template worker.template.
#worker.balancer.balance_workers=node2
#worker.node2.reference=worker.template
#worker.node2.host=localhost
#worker.node2.port=8209
# Activation allows to configure
# whether this node should actually be used
# A: active (use node fully)
# D: disabled (only use, if sticky session needs this node)
# S: stopped (do not
Re: Setting up tomcat to run on port 443 on ubuntu system
Did you read and follow: http://commons.apache.org/proper/commons-daemon/jsvc.html On 30/03/13 12:54 AM, Shyam Yadav shyam.ya...@mobicule.com wrote: Hi Ognjen, I did all the setting you have mentioned for Unix Daemon for Tomcat, but still i am getting the same problem. i.e. Permission Denied. Thank you very much sir for helping me out but still its not working. This may be my mistake. Thanks Regards, Shyam Yadav - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
If installed from package open /etc/default/tomcat7, uncomment thr last line and make it AUTHBIND=yes and then youll be able to bind tomcat to port 80 and/or 443 On 30/03/2013 1:22 AM, Shyam Yadav shyam.ya...@mobicule.com wrote: Hi Ognjen, I did all the setting you have mentioned for Unix Daemon for Tomcat, but still i am getting the same problem. i.e. Permission Denied. Thank you very much sir for helping me out but still its not working. This may be my mistake. Thanks Regards, Shyam Yadav
