Nice going Umberto,
Umberto Nicoletti <[EMAIL PROTECTED]>
10/22/2002 07:07 AM
Please respond to "Tomcat Users List"
To: [EMAIL PROTECTED]
cc:
Subject: [HOWTO] VIRTUAL HOSTING, APACHE 2.0.43, JK2, TOMCAT 4.1.12
I posted to this mailing list before with the subject: JK2 connector and
virtual hosting,
but got no answer.
After some more reading through the ML archives and the documentation
I eventually came up with a solution.
Just to annoy some more people I wrote a little HOWTO ;-).
Hope it will be useful to somebody.
Umberto
--
Umberto Nicoletti - [EMAIL PROTECTED] | [EMAIL PROTECTED]
Tel. 049-8239380 (assistenza)
"We'll try to make different mistakes this time." - Larry
Wall-------------------------------------------------------------------------
Apache 2.0.43 - Tomcat 4.1.12 - jk2 - virtual host HOWTO
-------------------------------------------------------------------------
Tue 22 Oct 2002 11:58:28 AM GMT-5
Umberto Nicoletti [unicoletti at prometeo.it]
DISCLAIMER
Insert usual disclaimer here.
unusual disclaimer
Please forget:
1) my English
2) typos
3) names of hosts and installation directories
Also be warned that this is a beta version I just wrote as a reminder. if
you
encounter errors or discrepancies between what it is written here and what
happens to
you following this howto (or just want to point out something more
clearly) please
email me a corrected version of this HOWTO.
/unusual disclaimer
SCENARIO
RedHat Linux 7.2
Latest 1.4.x Sun JDK:
#java -version
java version "1.4.1_01"
Java(TM) 2 Runtime Environment, Standard Edition (build
1.4.1_01-b01)
Java HotSpot(TM) Client VM (build 1.4.1_01-b01, mixed
mode)
Tomcat 4.1.12 binary
Apache 2.0.43 built from source
[./configure -prefix=/usr/local/apache2.0.43
--sysconfdir=/etc/apache --localstatedir=/var --disable-dav --enable-so
--enable-proxy --enable-proxy-connect --enable-proxy-http]
jk2 connector binary from jakarta.apache.org
REQUIREMENTS
Deploy three (in my case) web applications under three different virtual
hosts, making the default vhost
respond to any name and to the bare IP address.
GETTING STARTED
Download all the packages listed above, get a mug of hot coffee (or beer
if you're German),
do what I say here and you'll be just fine.
INSTALLING JDK
Note: download the jdk, not just the jre!
Uncompress the jdk somewhere in the filesystem:
I chose /usr/local/:
[root@ARLIN72AGE279 apache]# ll /usr/local/
total 48
lrwxrwxrwx 1 root root 13 Oct 18 17:20 apache ->
apache2.0.43/
drwxr-xr-x 15 root root 4096 Oct 21 16:40 apache2.0.43
drwxr-xr-x 2 root root 4096 Feb 6 1996 bin
drwxr-xr-x 2 root root 4096 Feb 6 1996 doc
drwxr-xr-x 2 root root 4096 Feb 6 1996 etc
drwxr-xr-x 2 root root 4096 Feb 6 1996 games
drwxr-xr-x 2 root root 4096 Jun 22 2001 include
drwxr-xr-x 9 root root 4096 Oct 18 16:37 j2sdk1.4.1_01
lrwxrwxrwx 1 root root 14 Oct 18 16:38 java ->
j2sdk1.4.1_01/
drwxr-xr-x 2 root root 4096 Feb 6 1996 lib
drwxr-xr-x 2 root root 4096 Jun 22 2001 libexec
drwxr-xr-x 2 root root 4096 Feb 6 1996 sbin
drwxr-xr-x 4 root root 4096 Oct 18 13:07 share
drwxr-xr-x 2 root root 4096 Feb 6 1996 src
make a symlink named java to j2sdk1.4.1_01/ so that you can easily switch
back and forth
between different jvms. We will use the same trick for apache and tomcat
afterwards.
Now tell your bash shell where to find java binaries: create a file named
java.sh in
/etc/profile.d with the following content:
[root@ARLIN72AGE279 apache]# cat /etc/profile.d/java.sh
# set java environment
export JAVA_HOME=/usr/local/java
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=$JAVA_HOME/lib
#EOF
do a chmod:
#chmod 700 /etc/profile.d/java.sh
Now open a new shell and try this:
[root@ARLIN72AGE279 apache]# which java
/usr/local/java/bin/java
You should get the answer given above. If not chek your environment and
make sure that java.sh is executed
when opening a new shell.
Try to run a java program or the following: java -version.
If you don't like this way of installing java please ignore it.
Make sure everything is ok and then jump to next step.
INSTALLING APACHE
Download the latest release, uncompress it, cd into the newly created
directory and run the following:
[root@ARLIN72AGE279 apache]# ./configure -prefix=/usr/local/apache2.0.43
--sysconfdir=/etc/apache --localstatedir=/var --disable-dav --enable-so
Of course you can customize the installation specifying other modules to
enable or whatever you like.
Just don't forget to ENABLE-SO, because that's what you need to load the
apache-tomcat connector.
Run make and make install. Create the log directories and others (you can
skip this if you know how
to configure where apache puts its log files -> edit httpd.conf):
#mkdir /var/logs
#mkdir /usr/local/apache2.0.43/conf
#mkdir /usr/local/apache2.0.43/logs
Create the symlink /usr/local/apache to /usr/local/apache2.0.43 and test
your installation
by executing:
#/usr/local/apache/bin/apachectl start
Open a browser and point it to the linux box: you should get a page
telling you that the apache installation
was successful.
If not check the logs and troubleshoot: common errors in this
configuration
are that some directory holding log or configuration files is missing.
INSTALLING TOMCAT
Uncompress the tomcat binaries in a directory of your choice. In this
howto we will use /opt.
Create a symlink named jakarta to the newly created directory so that you
have something like the following:
[root@ARLIN72AGE279 root]# ll /opt/
total 4
lrwxrwxrwx 1 root root 31 Oct 18 16:38 jakarta ->
jakarta-tomcat-4.1.12-LE-jdk14/
drwxr-xr-x 12 root root 4096 Oct 18 18:10
jakarta-tomcat-4.1.12-LE-jdk14
Start tomcat by running /opt/jakarta/bin/startup.sh. After a few seconds
point your browser at the IP of
the linux box on port 8080 and you should see the tomcat welcome page.
If not check the catalina.out log file in /opt/jakarta/logs and fis all
errors until Tomcat comes up.
CONFIGURING TOMCAT TO LISTEN TO APACHE ajp13 REQUESTS
Here is a sample server.xml file. Please note that the location of
directories and log files is absolutely
arbitrary and you have to edit it to make it suit your needs.
-----Server.xmL----------
<!-- Umberto Server Configuration File -->
<Server port="8005" shutdown="SHUTDOWN" debug="0">
<!-- Define an Apache-Connector Service -->
<Service name="Tomcat-Apache">
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8009" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="8443"
acceptCount="10" debug="0" connectionTimeout="20000"
useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
<Engine name="Apache" defaultHost="www.home.net"
debug="0">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="apache_log." suffix=".txt"
timestamp="true"/>
<!-- Access log processes all requests for this virtual
host. -->
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="localhost_access_log."
suffix=".txt"
pattern="common" resolveHosts="false"/>
<Host name="www.home.net" debug="0"
appBase="/opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/struts-example"
unpackWARs="true" autoDeploy="true">
<Alias>localhost</Alias>
<Alias>www</Alias>
<Alias>10.0.0.10</Alias>
<Context path="" docBase="" debug="1"/>
<Valve
className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="home_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.customer1.it" debug="0"
appBase="/opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/struts-blank"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve
className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="cust1_access_log."
suffix=".txt"
pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.customer2.net" debug="0"
appBase="/opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/root"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve
className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="cust2_log." suffix=".txt"
pattern="common" resolveHosts="false"/>
</Host>
</Engine>
</Service>
</Server>
-------/Server.xmL------
This is a very minimalistic conf file, because we have taken away the
HTTP1.1 connector that allows us to talk directly to Tomcat.
It might not be good for development, but it should be good for
production.
If you feel like you need also the Tomcat Standalone service then copy and
paste it from your original server.xml file
(you did back it up, didn't you?).
Try to start tomcat again and check catalina.out to see if everything is
up and running. If it complains about
missing apr stuff try to edit /opt/jakarta/conf/jk2.properties and make it
look so:
# list of needed handlers.
handler.list=channelSocket,request
# Override the default port for the channelSocket
channelSocket.port=8009
If everything is ok move on to next section.
CONFIGURING APACHE VIRTUAL HOSTING
rtfm: http://httpd.apache.org/docs-2.0/vhosts/
In the appendix you can find the httpd.conf file I used to write and test
this HOWTO.
CONFIGURING APACHE TO TALK TO TOMCAT
Download the jk2 shared library for you version of apache and copy it in
/usr/local/apache/modules
(create the directory if necessary). If you can't find a suitable version
of jk2 ask it to the tomcat-user ml
or download the source and build it yourself (this is another HOWTO).
Create, if you haven't already, the /usr/local/apache/conf directory and
create a file named
workers2.properties with this content in it:
----Content-----
# only at beginnin. In production uncomment it out
[logger.apache2]
level=DEBUG
[shm]
file=/usr/local/apache/logs/shm.file
size=1048576
# Example socket channel, override port and host.
[channel.socket:localhost:8009]
port=8009
host=127.0.0.1
# define the worker
[ajp13:localhost:8009]
channel=channel.socket:localhost:8009
# Uri mapping
[uri:10.0.0.10/*.jsp]
worker=ajp13:localhost:8009
[uri:www.home.net/*.jsp]
worker=ajp13:localhost:8009
[uri:www.customer1.it/*.jsp]
worker=ajp13:localhost:8009
[uri:www.customer2.net/*.jsp]
worker=ajp13:localhost:8009
----/Content-----
Edit the file, change ip addresses and names to suit your needs and save
it.
Edit http.conf and add the following line in the Modules section:
LoadModule jk2_module modules/mod_jk2.so
Save http.conf and try to start apache. It should now load the jk2
connector and the configuration
from workers2.properties.
Check the error log to make sure everything is ok.
Start tomcat and try to load a HTML page in your browser: apache should
return the page
without problems.
Now try with a jsp page: it should display after a little.
If you get errors check that the path and host names (double check also
the configuration of DNS
with your network administrator) are ok, the directories are readable by
both Tomcat and Apache.
Again look into the log files.
If everything works go to next section.
THE LAST TRICK
Now ask your network administrator to set up an alias for your brand new
server (use jspsrc if
you like to stick to this howto).
If you don't have easy access to dns try to edit your hosts file (on the
client where you open the browser)
and add a line as follows:
10.0.0.10 jspsrc
where 10.0.0.10 is the ip of your server. Open your browser and type this
in your location bar:
http://jspsrc
and navigate to a jsp page. You should get the source of the jsp page into
your browser!
This is clearly a security problem, if not a major annoyance.
What's wrong with the setup we came up so far? The problem is (or should
be) that the ajp13
connector can't find a virtual host that matches the jspsrc uri.
What we need to do is set up the default virtual host so that ALL *.jsp
requests get handled by tomcat.
How do we do it?
JK DIRECTIVES IN HTTPD.CONF
In addition to the workers2.properties you can put Jk diretives directly
into the httpd.conf file (just as you did
with jk and webapp).
Edit the default virtual host section in httpd.conf and add the following
lines in the end, before
</VirtualHost>:
<Location "/*.jsp">
JkUriSet worker ajp13:localhost:8009
</Location>
Restart Apache and test the jspsrc url again.
The jsp source should not be displayed anymore.
NOTES
I think a better approach would be to remove all uri directives from
workers2.properties
and to put them in http.conf as we did in the previous section for the
defualt virtual host.
Experiment and let me know.
APPENDIX A: httpd.conf
#
# Umberto Nicoletti, 18/10/2002
#
### Section 1: Global Environment
ServerRoot "/usr/local/apache"
ErrorLog logs/error_log
<IfModule !mpm_winnt.c>
<IfModule !mpm_netware.c>
#LockFile logs/accept.lock
</IfModule>
</IfModule>
# ScoreBoardFile: File used to store internal server process information.
<IfModule !mpm_netware.c>
<IfModule !perchild.c>
#ScoreBoardFile logs/apache_runtime_status
</IfModule>
</IfModule>
<IfModule !mpm_netware.c>
PidFile logs/httpd.pid
</IfModule>
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
<IfModule perchild.c>
NumServers 5
StartThreads 5
MinSpareThreads 5
MaxSpareThreads 10
MaxThreadsPerChild 20
MaxRequestsPerChild 0
</IfModule>
# listen on all ports
Listen 80
#
# Dynamic Shared Object (DSO) Support
#
LoadModule jk2_module modules/mod_jk2.so
### Section 2: 'Main' server configuration
<IfModule !mpm_winnt.c>
<IfModule !mpm_netware.c>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
# . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group #-1 on these systems!
#
User nobody
Group #-1
</IfModule>
</IfModule>
ServerAdmin [EMAIL PROTECTED]
ServerName www.home.net
UseCanonicalName Off
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogLevel debug
CustomLog logs/access.log common
DocumentRoot "/opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/struts-example"
<Directory /opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/struts-example>
Options None
AllowOverride None
</Directory>
DirectoryIndex index.html index.jsp
<Directory />
Options None
AllowOverride None
</Directory>
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
<Location /WEB-INF/>
Order Allow,Deny
</Location>
NameVirtualHost *
<VirtualHost *>
ServerName www.home.net
ServerAlias www
ServerAlias localhost
ServerAdmin [EMAIL PROTECTED]
DocumentRoot
/opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/struts-example
ErrorLog logs/home.net-errorlog
CustomLog logs/home.net-access.log common
</VirtualHost>
<VirtualHost *>
ServerName www.customer1.it
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/struts-blank
ErrorLog logs/cust1-errorlog
</VirtualHost>
<VirtualHost *>
ServerName www.customer2.net
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /opt/jakarta-tomcat-4.1.12-LE-jdk14/webapps/root
ErrorLog logs/cust2-errorlog
</VirtualHost>
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
