Connecting Apache 2.0.## to JBoss-Tomcat via mod_jk2
Audience
Those who wish to connect an Apache2 web server (httpd)with an instance of Tomcat running on a JBoss application server, via mod_jk2.
Purpose
To configure a Windows box as a development (test) server, with Apache2 serving static content for a JBoss application server.
Prerequisites
- A Win32 operating system (these instructions were tested on Windows 2000 SP4)
- Sufficient hard-disk space
- A working installation of Apache2 with SSL (local guidance here)
- A working copy of JBoss 3.2.3 (with embedded Tomcat 4.1.x), checked out from the repository third-party/jboss if you are a CVS user on canvas.berkeley.edu; or JBoss 3.2.5 (with embedded Tomcat 5.0.x); or JBoss 4.0.3 (with embedded Tomcat 5.5.x)
- Access (via internet download or other means) to the mod_jk2 binaries for Windows, which you can find on a mirror linked from http://jakarta.apache.org/site/binindex.cgi (look for the link to "JK 2 Binary Releases")
Connecting Apache2 to JBoss-Tomcat via mod_jk2
The document in this HowTo is largely based on instructions from this site, with some significant differences in the details of the configuration files. It is written for installation of mod_jk2 v 2.0.4 into Apache 2.0.49, to connect to JBoss 3.2.3 with embedded Tomcat 4.1 - but may be useful as a guide for later versions of these components as well (e.g., JBoss 3.2.5 with embedded Tomcat 5; or JBoss 4.0.3 with embedded Tomcat 5.5).
The configuration examples used in this HowTo refer to:
- Apache2 installed in a directory referenced by the environment variable APACHE_HOME
- JBoss-Tomcat installed in a directory referenced by the environment variable JBOSS_HOME
- A JBoss server instance called courseweb, in which an instance of Tomcat called jbossweb-tomcat41.sar (or jbossweb-tomcat50.sar, or jbossweb-tomcat55.sar) is deployed
- UC Berkeley's CourseWeb application, deployed in the above-referenced JBoss server as courseweb-test-#-#-#.ear
- Static content deployed to the directory C:\courseweb\htdocs\ (generally, the static content of an application should be copied to an appropriate place in the filesystem as part of the application's build, controlled by an Ant script or equivalent)
These examples (e.g., filesystem paths, URI mappings, etc.) should be modified to conform to the installation directories and deployed applications in actual use.
Obtain and Install mod_jk2
- Obtain the mod_jk2 binaries for Windows, which you can find on a mirror linked from http://jakarta.apache.org/site/binindex.cgi (look for the link to "JK 2 Binary Releases" under the heading "Tomcat Web Server Connectors").
- Navigate to the Win32 directory to find Windows binaries
- Download and unpack the appropriate file, e.g., jakarta-tomcat-connectors-jk2.0.4-win32-apache2.0.49.zip if you're installing mod_jk2 v. 2.0.4 in Apache 2.0.49.
- In the unpacked (unzipped) directory tree, find the mod_jk2 binary, which is called mod_jk2.so; copy it to the APACHE_HOME/modules/ directory in the httpd web-server tree.
- Add the following directive at the end of the
LoadModule block in APACHE_HOME/conf/httpd.conf:
LoadModule jk2_module modules/mod_jk2.so
Configure Apache to forward requests to mod_jk2
- Create an <IfModule> block in
APACHE_HOME/conf/httpd.conf, in which you identify the
location of the workers2.properties file that configures mod_jk2
(substituting your Apache2 home directory below):
<IfModule mod_jk2.c>
#-----------------------------------------------
# Location of the workers2.properties file
#-----------------------------------------------
#
JkSet config.file APACHE_HOME/conf/workers2.properties
</IfModule>
- Create a file APACHE_HOME/conf/workers2.properties that
contains the following (modified as appropriate to your filesystem and
deployed applications):
# workers2.properties for mod_jk2, connecting Apache2 to JBoss-Tomcat
[config:]
file=d:/UserPrograms/Apache/Apache2/conf/workers2.properties
debug=0
debugEnv=0
# Log file
[shm]
file=d:/UserPrograms/Apache/Apache2/logs/mod_jk2.log
size=1048576
[workerEnv:]
info=Global server options
timing=1
debug=0
# Defines a load balancer named lb. This is recommended even if only one machine
# is being used.
[lb:lb]
[channel.socket:localhost:8009]
#port=80
#host=127.0.0.1
tomcatId=localhost:8009
# jkstatus: view mod_jk2 configuration at http://localhost/jkstatus
[status:]
info=Status worker, displays runtime information
[uri:/jkstatus/*]
info=The Tomcat /jkstatus handler
group=status:
#
# Uri mapping
#
# The JBoss JMX Console
[uri:/jmx-console]
debug=0
group=lb
[uri:/jmx-console/]
debug=0
group=lb
[uri:/jmx-console/*]
debug=0
group=lb
#The JBoss Web Console
[uri:/web-console/*]
debug=0
group=lb
#courseweb-test
# courseweb servlet/jsp uris
# test deployment
# static content served by apache http (cf. httpd.conf Include for location of static content)
[uri:/courseweb-test]
debug=0
group=lb
[uri:/courseweb-test/]
debug=0
group=lb
[uri:/courseweb-test/*.jsp]
debug=0
group=lb
[uri:/courseweb-test/admin/*.jsp]
debug=0
group=lb
[uri:/courseweb-test/pub/*.jsp]
debug=0
group=lb
[uri:/courseweb-test/login/*]
debug=0
group=lb
[uri:/courseweb-test/admin/do/*]
debug=0
group=lb
[uri:/courseweb-test/sys/control/*]
debug=0
group=lb
[uri:/courseweb-test/admin/control/*]
debug=0
group=lb
[uri:/courseweb-test/pub/courses/*]
debug=0
group=lb
[uri:/courseweb-test/pub/control/*]
debug=0
group=lb
[uri:/courseweb-test/control/course/*]
debug=0
group=lb
[uri:/courseweb-test/util/docdownload/*]
debug=0
group=lb
[uri:/courseweb-test/decorators/*.jsp]
debug=0
group=lb
Configure Apache2 to serve static content
If static content is to be served by httpd, and dynamic content by JBoss, the Apache server must be configured to:
- Map URI pattern(s) to a filesystem directory where static content is stored; and,
- Configure permissions for the static content.
The method described here uses an Include directive in the Apache configuration file httpd.conf to point to a file containing appropriate mappings and permissions. (See listing at the beginning of these steps regarding installation and other directory usage assumed in this HowTo's examples.)
- In conf/httpd.conf (in the Apache2 install directory),
add the following inside the <IfModule mod_jk2.c> block
described above (change filesystem paths as appropriate):
#-----------------------------------------------
# Location of static content on the filesystem
#-----------------------------------------------
#
Include c:/courseweb/htdocs/static-content.inc
- Confirm that the file static-content.inc referenced
above contains directives that look something like the following:
Alias /courseweb-test/ "c:/courseweb/htdocs/courseweb-test/"
<Directory "c:/courseweb/htdocs/courseweb-test">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Configure AJP 1.3 connector in Tomcat
A configuration file must be edited to configure the AJP 1.3 connector. The file will be:
- jboss-service.xml configuration file in the jbossweb-tomcat41.sar/META-INF directory (in the JBoss 3.2.3 server instance you will be running, e.g., courseweb in this HowTo's examples); or,
- server.xml in the root directory of jbossweb-tomcat50.sar (in the JBoss 3.2.5 server instance...)
- server.xml in the root directory of jbossweb-tomcat55.sar (in the JBoss 4.0.3 server instance...)
Edit the appropriate configuration file so that:
- All other <Connector> nodes are commented out; and,
- An AJP 1.3 connector is properly configured, as below.
The AJP 1.3 connector in the appropriate configuration file
should look something like this:
<!-- An AJP 1.3 Connector on port 8009 -->
<!-- if Apache not listening on 443 for https, -->
<!-- then change redirectPort accordingly -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
address="${jboss.bind.address}" port="8009" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="443"
acceptCount="10" debug="0" connectionTimeout="20000"
useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
Also confirm that the AJP 1.3 connector configuration (above) and ssl.conf (in APACHE_HOME/conf) are in accord with respect to the port Apache listens to for SSL (e.g., 443 or 8443)
Configure log4j.xml to protect against password logging
Unless logging for org.apache.jk components is limited to a level of WARN (or less verbose), user IDs and passwords will be logged to the JBoss server.log. That is, at a verbosity level of INFO or more, uid and password are written to the log.
To avoid password logging, add appropriate configuration to the Limit Categories section of the log4j file, log4j.xml. This file is located in the conf/ directory of the JBoss server being used (e.g., courseweb in this HowTo's examples).
The configuration node should look something like this:
<!-- Limit the org.apache.jk category to WARN as its INFO echoes
passwords on all login attempts -->
<category name="org.apache.jk">
<priority value="WARN"/>
</category>
Test!
Start JBoss, Apache, and point your browser at the applications you expect to be served up by the web and application servers.
- From a Command window, start the JBoss CourseWeb server
(or a different one if your deployment differs from the example in
this HowTo):
%JBOSS_HOME%/bin/run -c courseweb - Once JBoss-Tomcat are started, start the Apache web server with SSL
from a different Command window:
%APACHE_HOME%\bin\Apache.exe -w -d %APACHE_HOME%\. -D SSL - Point a web browser at the jkstatus page to view your mod_jk2 configuration:
http://localhost/jkstatus - Point a web browser at the jmx-console page (if it is deployed):
http://localhost/jmx-console - Point a web browser at CourseWeb (or another application you deployed):
http://localhost/courseweb-test - If you don't see what you expect (e.g., if you get errors back from the web server), check the JBoss server log, and the Apache2 logs to track down the problem.