Re: Apache Accessing Tomcat Issue
On 29/03/2013 10:29 AM, Chris Arnold carn...@electrichendrix.com wrote: Apache Tomcat/7.0.30 on SLES11 SP2. I am trying to configure access to a webapp using http://share.domain.com. This webapp uses port 8080 and works fine from inside the LAN. However, we have an apache2 server acting as a proxy and we want users to not have to type in a port number. Now when accessing http://share.domain.com, the result is directories and files are listed, the jsp files are not running. Here is my complete setup: You cant overlap apache and tomcat file system jk.conf- # simple configuration for apache (for AJP connector, modul mod_jk.so) IfModule mod_jk.c JkWorkersFile /opt/alfresco/tomcat/workers.properties JkLogFile /var/log/alfresco/mod_jk.log JkShmFile /var/log/alfresco/shm # Log level to be used by mod_jk JkLogLevel error # The following line mounts all JSP files and the /servlet/ uri to tomcat #JkMount /servlets-examples/servlet/* ajp13 JkMount /share/*.jsp ajp13 /IfModule virtualhost- VirtualHost *:80 ServerName share.domain.com #RewriteEngine On #RewriteCond %{REQUEST_URI} !^/share/ #RewriteCond %{HTTPS} on #RewriteRule ^/. http://share.paradixent.com/share/ [P] #JkMount /share/* worker1 IfModule mod_jk.c # The following line makes apache aware of the location of # the /jsp-examples context Alias /share /opt/alfresco/tomcat/webapps/share Directory /opt/alfresco/tomcat/webapps/share Options Indexes FollowSymLinks allow from all /Directory # The following line mounts all JSP files and the /servlet/ uri to tomcat #JkMount /servlets-examples/servlet/* ajp13 JkMount /share/*.jsp ajp13 # The following line prohibits users from directly accessing WEB-INF Location /share/WEB-INF/ #AllowOverride None deny from all /Location # if not specified, the global error log is used ErrorLog /var/log/apache2domain.com-error_log CustomLog /var/log/apache2/domain.com-access_log combined /IfModule /VirtualHost httpd.conf- # mod_jk Include /opt/alfresco/tomcat/conf/jk.conf Mod_jk is loaded: web:~ # /usr/sbin/httpd2 -M Loaded Modules: ... jk_module (shared) perl_module (shared) php5_module (shared) Syntax OK Here is the log from apache: [Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading from remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var [Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout specified has expired: proxy: error reading status line from remote server share.paradixent.com [Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading from remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var Any ideas why the folder and files are being listed instead of running? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Setting up tomcat to run on port 443 on ubuntu system
Hi, I want to run my tomcat on port 443 with https on an Ubuntu machine. what are the required steps i should take, please guide me through it. I search Internet but did not get any proper solution that is why i am here sending you this mail. Please help me. this will be really appreciating. Thanks Regards, Shyam Yadav
Re: Setting up tomcat to run on port 443 on ubuntu system
Shyam, On 29.3.2013 9:38, Shyam Yadav wrote: I want to run my tomcat on port 443 with https on an Ubuntu machine. what are the required steps i should take, please guide me through it. I search Internet but did not get any proper solution that is why i am here sending you this mail. Please help me. this will be really appreciating. 1. Read about connectors and choose whether you are going to use APR, NIO or BIO: http://people.apache.org/~markt/presentations/2009-04-01-TomcatTuning.pdf (starting form slide 15) http://tomcat.apache.org/tomcat-7.0-doc/config/http.html 2. Read how to generate certificate: http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html Note that if you use APR connector you should generate certificates using openssl, and if you use NIO/BIO connectors you should use Java keytool.* You may start with generating self-signed certificate, but later you may want to use CA-signed certificate. 3. Configure https connector to use certificates. Again APR uses one set of connector parameters, while NIO/BIO uses the other. Read the connector documentation carefully. -Ognjen * There are other possibilities but using tool that matches the connector is the easiest to start with. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Accessing Tomcat Issue
On 29.03.2013 00:24, Chris Arnold wrote: Apache Tomcat/7.0.30 on SLES11 SP2. I am trying to configure access to a webapp using http://share.domain.com. This webapp uses port 8080 and works fine from inside the LAN. However, we have an apache2 server acting as a proxy and we want users to not have to type in a port number. Now when accessing http://share.domain.com, the result is directories and files are listed, the jsp files are not running. Here is my complete setup: jk.conf- # simple configuration for apache (for AJP connector, modul mod_jk.so) IfModule mod_jk.c JkWorkersFile /opt/alfresco/tomcat/workers.properties JkLogFile /var/log/alfresco/mod_jk.log JkShmFile /var/log/alfresco/shm # Log level to be used by mod_jk JkLogLevel error # The following line mounts all JSP files and the /servlet/ uri to tomcat #JkMount /servlets-examples/servlet/* ajp13 JkMount /share/*.jsp ajp13 Note that you only forward JSP-Requests here. might be OK, depending on the application. /IfModule virtualhost- VirtualHost *:80 ServerName share.domain.com #RewriteEngine On #RewriteCond %{REQUEST_URI} !^/share/ #RewriteCond %{HTTPS} on #RewriteRule ^/. http://share.paradixent.com/share/ [P] #JkMount /share/* worker1 Although the proxy rewrite rules are commented out here, later down the log indicates you are still somewhere using mod_proxy instead of mod_jk. IfModule mod_jk.c # The following line makes apache aware of the location of # the /jsp-examples context Alias /share /opt/alfresco/tomcat/webapps/share Directory /opt/alfresco/tomcat/webapps/share Options Indexes FollowSymLinks allow from all /Directory You can let Apache serve static content directly from an exploded webapp, but it is generally not recommended, because you then also open up stuff that's not expected to be made public to requests from outside. If below share there's anything that's not meant to be served by Apache, then it would be beter to copy the stuff that Apache should serve to a separate directory, which would then be the one to put into the Alias. # The following line mounts all JSP files and the /servlet/ uri to tomcat #JkMount /servlets-examples/servlet/* ajp13 JkMount /share/*.jsp ajp13 # The following line prohibits users from directly accessing WEB-INF Location /share/WEB-INF/ #AllowOverride None deny from all /Location That's one exampe for stuff you don't want to be served, META-INF as well (if existing), there could be other stuff as well. # if not specified, the global error log is used ErrorLog /var/log/apache2domain.com-error_log CustomLog /var/log/apache2/domain.com-access_log combined /IfModule /VirtualHost httpd.conf- # mod_jk Include /opt/alfresco/tomcat/conf/jk.conf Mod_jk is loaded: web:~ # /usr/sbin/httpd2 -M Loaded Modules: ... jk_module (shared) perl_module (shared) php5_module (shared) Syntax OK Here is the log from apache: [Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading from remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var [Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout specified has expired: proxy: error reading status line from remote server share.paradixent.com [Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading from remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var What's the request you send? What's the expected response and what's the actual response? The above log snippet tells us that somewhere in your config you have mod_proxy active, which is an alternative way to connect to a backend. You should get your idea straight, for which URLs you are using mod_proxy and for which mod_jk. I would suggest to stick with one. You didn't show us your worker.properties file. You didn't show us your mod_jk log file. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Hi Ognjen, Its really very nice that you replied so soon. Thank you for your involvement. I am getting this following exception and the tomcat doesn't start. java.net.BindException: Permission denied null:443 I am really stuck with it. Please help me out with it. Thanks Regards, Shyam Yadav On Fri, Mar 29, 2013 at 2:55 PM, Ognjen Blagojevic ognjen.d.blagoje...@gmail.com wrote: Shyam, On 29.3.2013 9:38, Shyam Yadav wrote: I want to run my tomcat on port 443 with https on an Ubuntu machine. what are the required steps i should take, please guide me through it. I search Internet but did not get any proper solution that is why i am here sending you this mail. Please help me. this will be really appreciating. 1. Read about connectors and choose whether you are going to use APR, NIO or BIO: http://people.apache.org/~**markt/presentations/2009-04-** 01-TomcatTuning.pdfhttp://people.apache.org/%7Emarkt/presentations/2009-04-01-TomcatTuning.pdf(starting form slide 15) http://tomcat.apache.org/**tomcat-7.0-doc/config/http.**htmlhttp://tomcat.apache.org/tomcat-7.0-doc/config/http.html 2. Read how to generate certificate: http://tomcat.apache.org/**tomcat-7.0-doc/ssl-howto.htmlhttp://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html Note that if you use APR connector you should generate certificates using openssl, and if you use NIO/BIO connectors you should use Java keytool.* You may start with generating self-signed certificate, but later you may want to use CA-signed certificate. 3. Configure https connector to use certificates. Again APR uses one set of connector parameters, while NIO/BIO uses the other. Read the connector documentation carefully. -Ognjen * There are other possibilities but using tool that matches the connector is the easiest to start with. --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Am 2013-03-29 09:38, schrieb Shyam Yadav: Hi, I want to run my tomcat on port 443 with https on an Ubuntu machine. what are the required steps i should take, please guide me through it. I search Internet but did not get any proper solution that is why i am here sending you this mail. Hi Shyam, a few things you need to consider: 1. You have Tomcat already prepackaged on Ubuntu which works very well. 2. Only root is allowed bind ports below 1024. Regarding 1: This is solved by the Ubuntu package Regarding 2: Root must start the binary and perform a so called downgrade Now, you have following options: 1. Use Ubuntu's start-stop-daemon 2. do $ su - tomcat -c startup.sh 3. Evaluate Commons Daemon which will perform that aforementioned downgrade in plain C. Ubuntu actually does that with 1 and 3. HAve a look at Ubuntu's tomcat6 startup script. Michael - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Shyam, On 29.3.2013 11:16, Shyam Yadav wrote: I am getting this following exception and the tomcat doesn't start. java.net.BindException: Permission denied null:443 I am really stuck with it. Please help me out with it. How do you start tomcat? Which user runs the Tomcat process? It is recommended that you run Tomcat with unprivileged user (e.g. 'tomcat'). If you do it like that, process started by unprivileged user may not bind to port under 1024 (443 included). Maybe this is the source for the exception you get? If my assumption is correct, you may try to use jsvc from commons-daemon to run tomcat. More details here: http://tomcat.apache.org/tomcat-7.0-doc/setup.html#Unix_daemon -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Accessing Tomcat Issue
On 29.03.2013 00:24, Chris Arnold wrote: # The following line mounts all JSP files and the /servlet/ uri to tomcat #JkMount /servlets-examples/servlet/* ajp13 JkMount /share/*.jsp ajp13 Note that you only forward JSP-Requests here. might be OK, depending on the application. The application, just for reference, is alfresco #RewriteEngine On #RewriteCond %{REQUEST_URI} !^/share/ #RewriteCond %{HTTPS} on #RewriteRule ^/. http://share.paradixent.com/share/ [P] #JkMount /share/* worker1 Although the proxy rewrite rules are commented out here, later down the log indicates you are still somewhere using mod_proxy instead of mod_jk. mod_proxy is used on this installation of apache. I am told i need to use mod_jk in this instance. I need users to access this application like so: http://share.domain.com and using mod_jk is the easiest way to do this (thats what i am told) IfModule mod_jk.c # The following line makes apache aware of the location of # the /jsp-examples context Alias /share /opt/alfresco/tomcat/webapps/share Directory /opt/alfresco/tomcat/webapps/share Options Indexes FollowSymLinks allow from all /Directory You can let Apache serve static content directly from an exploded webapp, but it is generally not recommended, because you then also open up stuff that's not expected to be made public to requests from outside. I understand this If below share there's anything that's not meant to be served by Apache, then it would be beter to copy the stuff that Apache should serve to a separate directory, which would then be the one to put into the Alias. but wouldn't this still have stuff below /share open? # The following line mounts all JSP files and the /servlet/ uri to tomcat #JkMount /servlets-examples/servlet/* ajp13 JkMount /share/*.jsp ajp13 # The following line prohibits users from directly accessing WEB-INF Location /share/WEB-INF/ #AllowOverride None deny from all /Location That's one exampe for stuff you don't want to be served, META-INF as well (if existing), there could be other stuff as well. # if not specified, the global error log is used ErrorLog /var/log/apache2domain.com-error_log CustomLog /var/log/apache2/domain.com-access_log combined /IfModule /VirtualHost httpd.conf- # mod_jk Include /opt/alfresco/tomcat/conf/jk.conf Mod_jk is loaded: web:~ # /usr/sbin/httpd2 -M Loaded Modules: ... jk_module (shared) perl_module (shared) php5_module (shared) Syntax OK Here is the log from apache: [Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading from remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var [Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout specified has expired: proxy: error reading status line from remote server share.paradixent.com [Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading from remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var What's the request you send? i assume you are asking for the link? Which is http://share.domain.com What's the expected response a login page and what's the actual response? depending on whether i have the rewrite rules commented out or not, uncommented is a directory listing. Commented out is eventually a 503 Bad Gateway. The above log snippet tells us that somewhere in your config you have mod_proxy active, which is an alternative way to connect to a backend. You should get your idea straight, for which URLs you are using mod_proxy and for which mod_jk. I would suggest to stick with one. If it possible to use mod_proxy and have users access http://share.domain.com, thats what i would like to do. I have been unable to accomplish this result and therefore have tried mod_jk. You didn't show us your worker.properties file. workers.properties- # OPTIONS ( very important for jni mode ) # # workers.tomcat_home should point to the location where you # installed tomcat. This is where you have your conf, webapps and lib # directories. # workers.tomcat_home=/opt/alfresco/tomcat # # workers.java_home should point to your Java installation. Normally # you should have a bin and lib directories beneath it. # workers.java_home=/opt/IBMJava2-13 # # You should configure your environment slash... ps=\ on NT and / on UNIX # and maybe something different elsewhere. # ps=/ # #-- ADVANCED MODE #- # # #-- DEFAULT worker list -- #- # # # The workers that your plugins should create and work with # # Add 'inprocess' if you want JNI connector worker.list=ajp12, ajp13 # , inprocess # #-- DEFAULT ajp12 WORKER DEFINITION
Re: Apache Accessing Tomcat Issue
What's the request you send? i assume you are asking for the link? Which is http://share.domain.com What's the expected response a login page and what's the actual response? Now, it is a 403: [Fri Mar 29 08:15:24 2013] [error] [client pub ip] Directory index forbidden by Options directive: /srv/www/htdocs/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Hi Ognjen, You are right. I am not running tomcat from root user. But I have an requirement where tomcat should be running from normal user. Is it possible anyway? and is it going to affect system and performance?? Thanks Regards, Shyam Yadav On Fri, Mar 29, 2013 at 4:35 PM, Ognjen Blagojevic ognjen.d.blagoje...@gmail.com wrote: Shyam, On 29.3.2013 11:16, Shyam Yadav wrote: I am getting this following exception and the tomcat doesn't start. java.net.BindException: Permission denied null:443 I am really stuck with it. Please help me out with it. How do you start tomcat? Which user runs the Tomcat process? It is recommended that you run Tomcat with unprivileged user (e.g. 'tomcat'). If you do it like that, process started by unprivileged user may not bind to port under 1024 (443 included). Maybe this is the source for the exception you get? If my assumption is correct, you may try to use jsvc from commons-daemon to run tomcat. More details here: http://tomcat.apache.org/**tomcat-7.0-doc/setup.html#**Unix_daemonhttp://tomcat.apache.org/tomcat-7.0-doc/setup.html#Unix_daemon -Ognjen --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Setting up tomcat to run on port 443 on ubuntu system
From: Shyam Yadav [mailto:shyam.ya...@mobicule.com] Subject: Re: Setting up tomcat to run on port 443 on ubuntu system Hi Ognjen, Don't top-post; it's extremely difficult to figure out exactly what you're replying to when you do so. But I have an requirement where tomcat should be running from normal user. This is in the FAQ: http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F Ignore the bit about front-ending Tomcat with httpd; that's overhead-inducing massive overkill. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Shyam, On 29.3.2013 13:36, Shyam Yadav wrote: You are right. I am not running tomcat from root user. But I have an requirement where tomcat should be running from normal user. Is it possible anyway? It is possible, and recommended. Using jsvc for instance, as I explained in previos post. and is it going to affect system and performance?? No, it won't. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Hi Ognjen, I did all the setting you have mentioned for Unix Daemon for Tomcat, but still i am getting the same problem. i.e. Permission Denied. Thank you very much sir for helping me out but still its not working. This may be my mistake. Thanks Regards, Shyam Yadav
Re: Apache Accessing Tomcat Issue
On 29.03.2013 13:10, Chris Arnold wrote: On 29.03.2013 00:24, Chris Arnold wrote: # The following line mounts all JSP files and the /servlet/ uri to tomcat #JkMount /servlets-examples/servlet/* ajp13 JkMount /share/*.jsp ajp13 Note that you only forward JSP-Requests here. might be OK, depending on the application. The application, just for reference, is alfresco #RewriteEngine On #RewriteCond %{REQUEST_URI} !^/share/ #RewriteCond %{HTTPS} on #RewriteRule ^/. http://share.paradixent.com/share/ [P] #JkMount /share/* worker1 Although the proxy rewrite rules are commented out here, later down the log indicates you are still somewhere using mod_proxy instead of mod_jk. mod_proxy is used on this installation of apache. I am told i need to use mod_jk in this instance. I need users to access this application like so: http://share.domain.com and using mod_jk is the easiest way to do this (thats what i am told) So mod_proxy is loaded but you don't want to use it to access alfresco, instead just mod_jk, right? Then don't use any ReWriteRule with the [P} flag or any Proxy... directive. OK as above, since commented, so not active. IfModule mod_jk.c # The following line makes apache aware of the location of # the /jsp-examples context Alias /share /opt/alfresco/tomcat/webapps/share Directory /opt/alfresco/tomcat/webapps/share Options Indexes FollowSymLinks allow from all /Directory You can let Apache serve static content directly from an exploded webapp, but it is generally not recommended, because you then also open up stuff that's not expected to be made public to requests from outside. I understand this If below share there's anything that's not meant to be served by Apache, then it would be beter to copy the stuff that Apache should serve to a separate directory, which would then be the one to put into the Alias. but wouldn't this still have stuff below /share open? Assume all static images, css, js are in some /path/to/my/folder/static and there's nothing else underneath it, that folder would be a place to publish directly via Alias in Apache. # The following line mounts all JSP files and the /servlet/ uri to tomcat #JkMount /servlets-examples/servlet/* ajp13 JkMount /share/*.jsp ajp13 # The following line prohibits users from directly accessing WEB-INF Location /share/WEB-INF/ #AllowOverride None deny from all /Location That's one exampe for stuff you don't want to be served, META-INF as well (if existing), there could be other stuff as well. # if not specified, the global error log is used ErrorLog /var/log/apache2domain.com-error_log CustomLog /var/log/apache2/domain.com-access_log combined /IfModule /VirtualHost httpd.conf- # mod_jk Include /opt/alfresco/tomcat/conf/jk.conf Mod_jk is loaded: web:~ # /usr/sbin/httpd2 -M Loaded Modules: ... jk_module (shared) perl_module (shared) php5_module (shared) Syntax OK Here is the log from apache: [Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading from remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var [Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout specified has expired: proxy: error reading status line from remote server share.paradixent.com [Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading from remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var What's the request you send? i assume you are asking for the link? Which is http://share.domain.com I'm guessing here: what you want is that the request for http://share.domain.com should be forwarded to the Tomcat web application names share. For that I would put the following directives into the Apache VirtualHost that actually serves the request. - Add a redirect for the URI / to /share/ to the Apache config: RedirectMatch ^/$ http://share.domain.com/share/ - Forward all requests that point below /share to Tomcat and let them be served by the webapp: JkMount /share|/* myworker You can choose any name for myworker, but see below for workers.properties. - Remove other JkMount, Alias etc. At this step: - do not try to serve static content from Apache, first get this to work before adding the additional complexity. - do not try to make the webapp /share/ directly available under the top level directory. It is OK to redirect the a request for http://share.domain.com/ to http://share.domain.com/share/ and proceed from there as above, but it is harder to remove the share URI path component from each request. If you really need to do this, then use mod_proxy, not mod_jk. What's the expected response a login page and what's the actual response? depending on whether i have the rewrite rules commented out or not, uncommented is a directory listing. Commented out is
Re: Apache Accessing Tomcat Issue
This thread is getting kinda messy so i am going to snip a bunch of stuff and answer your latest info. So mod_proxy is loaded but you don't want to use it to access alfresco, instead just mod_jk, right? Then don't use any ReWriteRule with the [P} flag or any Proxy... directive. No, if this can be done with mod_proxy, i would prefer to do that. I have been unable to get mod_proxy working so users type http://share.domain.com and get the required results (which is http://share.domain.com/share) Assume all static images, css, js are in some /path/to/my/folder/static and there's nothing else underneath it, that folder would be a place to publish directly via Alias in Apache. OK I'm guessing here: what you want is that the request for http://share.domain.com should be forwarded to the Tomcat web application names share. Exactly For that I would put the following directives into the Apache VirtualHost that actually serves the request. - Add a redirect for the URI / to /share/ to the Apache config: RedirectMatch ^/$ http://share.domain.com/share/ - Forward all requests that point below /share to Tomcat and let them be served by the webapp: JkMount /share|/* myworker - Remove other JkMount, Alias etc. Here is the modified virtualhost file: VirtualHost *:80 ServerName share.domain.com #RewriteEngine On #RewriteCond %{REQUEST_URI} !^/share/ #RewriteCond %{HTTPS} on #RewriteRule ^/. http://share.domain.com/share/ [P] JkMount /share|/* worker1 RedirectMatch ^/$ http://share.domain.com/share/ IfModule mod_jk.c # The following line makes apache aware of the location of # the /jsp-examples context #Alias /share /opt/alfresco/tomcat/webapps/share #Directory /opt/alfresco/tomcat/webapps/share #Options Indexes FollowSymLinks #allow from all #/Directory # The following line mounts all JSP files and the /servlet/ uri to tomcat #JkMount /servlets-examples/servlet/* ajp13 #JkMount /share/*.jsp ajp13 # The following line prohibits users from directly accessing WEB-INF #Location /share/WEB-INF/ #AllowOverride None #deny from all #/Location # if not specified, the global error log is used ErrorLog /var/log/apache2/domain.com-error_log CustomLog /var/log/apache2/domain.com-access_log combined /IfModule /VirtualHost At this step: - do not try to serve static content from Apache, first get this to work before adding the additional complexity. - do not try to make the webapp /share/ directly available under the top level directory. It is OK to redirect the a request for http://share.domain.com/ to http://share.domain.com/share/ and proceed from there as above, but it is harder to remove the share URI path component from each request. If you really need to do this, then use mod_proxy, not mod_jk. Doing the above, does that take care of what you stated here? Don't use this configuration. It is garbage. Download a mod_jk source distribution (recent is version 1.2.37) which contains a nive default workers.properties file. You can also get it here: http://svn.apache.org/viewvc/tomcat/jk/trunk/conf/workers.properties?view=co In that file, remove all lines referring to node2 and replace node1 by whatever worker name you have chosen in JkMount (myworker or whatever). Finally set host and port of that worker to whatever port and server name your Tomcat listens to. Here is the new workers.properties file: .. # the final value for y will be value\something # Define two status worker: # - jk-status for read-only use # - jk-manager for read/write use worker.list=jk-status worker.jk-status.type=status worker.jk-status.read_only=true worker.list=jk-manager worker.jk-manager.type=status # We define a load balancer worker # with name balancer worker.list=balancer worker.balancer.type=lb # error_escalation_time: seconds, default = recover_time/2 (=30) # Determines, how fast a detected error should switch from # local error state to global error state # Since: 1.2.28 worker.balancer.error_escalation_time=0 # - max_reply_timeouts: number, default=0 # If there are to many reply timeouts, a worker # is put into the error state, i.e. it will become # unavailable for all sessions residing on the respective # Tomcat. The number of tolerated reply timeouts is # configured with max_reply_timeouts. The number of # timeouts occuring is divided by 2 once a minute and the # resulting counter is compared against max_reply_timeouts. # If you set max_reply_timeouts to N and the errors are # occuring equally distributed over time, you will # tolerate N/2 errors per minute. If they occur in a burst # you will tolerate N errors. # Since: 1.2.24 worker.balancer.max_reply_timeouts=10 # Now we add members to the load balancer # First member is node1, most # attributes are inherited from the # template worker.template. worker.balancer.balance_workers=worker1
Re: Apache Accessing Tomcat Issue
On 29.03.2013 18:02, Chris Arnold wrote: This thread is getting kinda messy so i am going to snip a bunch of stuff and answer your latest info. Good. So mod_proxy is loaded but you don't want to use it to access alfresco, instead just mod_jk, right? Then don't use any ReWriteRule with the [P} flag or any Proxy... directive. No, if this can be done with mod_proxy, i would prefer to do that. I have been unable to get mod_proxy working so users type http://share.domain.com and get the required results (which is http://share.domain.com/share) Let's stick to mod_jk for the moment. I think you are close. Here is the modified virtualhost file: VirtualHost *:80 ServerName share.domain.com #RewriteEngine On #RewriteCond %{REQUEST_URI} !^/share/ #RewriteCond %{HTTPS} on #RewriteRule ^/. http://share.domain.com/share/ [P] JkMount /share|/* worker1 RedirectMatch ^/$ http://share.domain.com/share/ IfModule mod_jk.c # The following line makes apache aware of the location of # the /jsp-examples context #Alias /share /opt/alfresco/tomcat/webapps/share #Directory /opt/alfresco/tomcat/webapps/share #Options Indexes FollowSymLinks #allow from all #/Directory # The following line mounts all JSP files and the /servlet/ uri to tomcat #JkMount /servlets-examples/servlet/* ajp13 #JkMount /share/*.jsp ajp13 # The following line prohibits users from directly accessing WEB-INF #Location /share/WEB-INF/ #AllowOverride None #deny from all #/Location # if not specified, the global error log is used ErrorLog /var/log/apache2/domain.com-error_log CustomLog /var/log/apache2/domain.com-access_log combined /IfModule /VirtualHost Looks good to me, you can remove the IfModule tags. They don't contain anything mod_jk specific any more and in fact if mod_jk is not loaded you'd want the whole thing to bomb at startup and not just ignore mod_jk config. You've chosen the worker name worker1. Fine. At this step: - do not try to serve static content from Apache, first get this to work before adding the additional complexity. - do not try to make the webapp /share/ directly available under the top level directory. It is OK to redirect the a request for http://share.domain.com/ to http://share.domain.com/share/ and proceed from there as above, but it is harder to remove the share URI path component from each request. If you really need to do this, then use mod_proxy, not mod_jk. Doing the above, does that take care of what you stated here? Looks good to me. Here is the new workers.properties file: .. # the final value for y will be value\something # Define two status worker: # - jk-status for read-only use # - jk-manager for read/write use worker.list=jk-status worker.jk-status.type=status worker.jk-status.read_only=true worker.list=jk-manager worker.jk-manager.type=status # We define a load balancer worker # with name balancer worker.list=balancer worker.balancer.type=lb # error_escalation_time: seconds, default = recover_time/2 (=30) # Determines, how fast a detected error should switch from # local error state to global error state # Since: 1.2.28 worker.balancer.error_escalation_time=0 # - max_reply_timeouts: number, default=0 # If there are to many reply timeouts, a worker # is put into the error state, i.e. it will become # unavailable for all sessions residing on the respective # Tomcat. The number of tolerated reply timeouts is # configured with max_reply_timeouts. The number of # timeouts occuring is divided by 2 once a minute and the # resulting counter is compared against max_reply_timeouts. # If you set max_reply_timeouts to N and the errors are # occuring equally distributed over time, you will # tolerate N/2 errors per minute. If they occur in a burst # you will tolerate N errors. # Since: 1.2.24 worker.balancer.max_reply_timeouts=10 # Now we add members to the load balancer # First member is node1, most # attributes are inherited from the # template worker.template. worker.balancer.balance_workers=worker1 worker.worker1.reference=worker.template worker.worker1.host=localhost worker.worker1.port=8080 # Activation allows to configure # whether this node should actually be used # A: active (use node fully) # D: disabled (only use, if sticky session needs this node) # S: stopped (do not use) # Since: 1.2.19 worker.worker1.activation=A # Second member is node2, most # attributes are inherited from the # template worker.template. #worker.balancer.balance_workers=node2 #worker.node2.reference=worker.template #worker.node2.host=localhost #worker.node2.port=8209 # Activation allows to configure # whether this node should actually be used # A: active (use node fully) # D: disabled (only use, if sticky session needs this node) # S: stopped (do not
Re: Setting up tomcat to run on port 443 on ubuntu system
Did you read and follow: http://commons.apache.org/proper/commons-daemon/jsvc.html On 30/03/13 12:54 AM, Shyam Yadav shyam.ya...@mobicule.com wrote: Hi Ognjen, I did all the setting you have mentioned for Unix Daemon for Tomcat, but still i am getting the same problem. i.e. Permission Denied. Thank you very much sir for helping me out but still its not working. This may be my mistake. Thanks Regards, Shyam Yadav - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
If installed from package open /etc/default/tomcat7, uncomment thr last line and make it AUTHBIND=yes and then youll be able to bind tomcat to port 80 and/or 443 On 30/03/2013 1:22 AM, Shyam Yadav shyam.ya...@mobicule.com wrote: Hi Ognjen, I did all the setting you have mentioned for Unix Daemon for Tomcat, but still i am getting the same problem. i.e. Permission Denied. Thank you very much sir for helping me out but still its not working. This may be my mistake. Thanks Regards, Shyam Yadav