This document describes how to integrate the
Ozibug web application running in the Jakarta
Tomcat Web Container (Tomcat) with the Apache
Web Server.
Apache can be used to wrap the requests
and responses to and from the Tomcat Web Container.
It can pass through the requests for the Ozibug
servlets but handle the static files and images
itself freeing Tomcat of additional work.
This is useful for several reasons.
Logging
Apache can be configured to produce standard and custom
logging reports. These can then be used to analyze
and perhaps optimize the traffic to and from your
web applications.
Speed
Web applications typically consist of static
files containing images, scripts, and documents
and some dynamically generated content.
These static files can then be served by a
faster Web Server (such as Apache) which is
specifically designed for this purpose rather
than the Web Container, which is tuned for
serving the dynamically generated content.
Security
With the Web Server receiving the HTTP requests
from the Internet, this becomes the first line
of defence against attacks. As such there are
usually many security features that the Web Server
provides which will stop rogue attacks against
the underlying infrastructure (Web Container.)
Integration
By using a Web Server as a common front end
it is easy to integrate multiple applications
and web sites and redirectors behind it. This
usually allows great flexibility in adding,
changing and removing the content and services
behind it.
Communication between Tomcat and Apache is handled by
the JK connector, of which there is two versions,
JK and JK2.
Configuration for both versions is described here,
however it should be noted that as of 15 November 2004,
JK2 is no longer supported by Jakarta . Further
information can be found on the
Apache Jakarta Tomcat Connector
website.
The connector can be downloaded from the
jakarta-tomcat
website. Binaries versions are available for many
versions of Apache and operating systems, otherwise the
source must be downloaded and compiled for your
environment (see compilation hints
for more details). The configuration in the following
sections has been tested with JK 1.2.5 and JK2 2.0.2
(mod_jk.so and mod_jk2.so respectively) for
Apache 2.0.40/Tomcat 4.1.30 and
Apache 2.0.40/Tomcat 5.0.19.
Note: Due a change in the apr
library that is used by both Apache and the JK
connector, care must be taken to use compatible versions
of the packages that both use the same version of the
library. It is probably safest to use the latest
versions of both packages. However if that is not
possible and an error similar to either of the following
is seen on starting Apache/JK or Apache/JK2
respectively, then try using an earlier connector
version. The change in the connector seems to have
occurred between versions 1.2.5 and 1.2.6 of JK, and
2.0.2 and 2.0.4 of JK2.
Cannot load /etc/httpd/modules/mod_jk.so into server: /etc/httpd/modules/mod_jk.so: undefined symbol: apr_filepath_name_get
Cannot load /etc/httpd/modules/mod_jk2.so into server: /etc/httpd/modules/mod_jk2.so: undefined symbol: apr_socket_send
The following paths and files are defined here for
convenience and are used and referenced throughout
this document.
APACHE_HOME
This is the location of Apache.
This directory contains the modules, conf
and bin sub-directories.
This is dependent on where you installed
Apache.
C:\apache
TOMCAT_HOME
This is the location of Tomcat.
The configuration, logging, work and webapps
directories are all underneath this directory.
This location is dependent on where you
installed Tomcat.
The following steps describe the minimal configuration
that is required for the JK2 connector
edit TOMCAT_HOME/conf/jk2.properties
No specific customization is required. The default
file in the Tomcat distribution that has all its
properties disabled is suitable for use.
edit APACHE_HOME/conf/workers2.properties
# Define the communication channel
[channel.socket:localhost:8009]
info=Ajp13 forwarding over socket
tomcatId=localhost:8009
# Map the Ozibug webapp to the Web server uri space
[uri:/ozibug/*]
info=Map the whole webapp
Although JK2 has many things in common with JK, the
configuration is quite different, and all the
directives should be inside the workers2.properties.
This enables JK2 to have the same configuration file
regardless of which type of web server it's
connected to.
Once configuration is complete the following steps should
be followed
Stop and restart both Tomcat and Apache for the
configuration changes to take effect.
Test your installation thoroughly.
Once successfully tested, remove (or comment out) the
connector on port 8080 from the
TOMCAT_HOME/conf/server.xml file.
This will enhance the security of the installation.
Tomcat must then be restarted again for the
configuration changes to take effect.
The following steps describe the process to follow to
compile the connector for Apache 2.0.40 on RedHat Linux
9.0. While the exact process for other operating
systems and connector versions will vary, the basic
steps should still be similar.
Install the rpms for httpd-2.0.40-21 and
httpd-devel-2.0.40-21 from the distribution CDs.
JK
Download the connector source, eg.,
jakarta-tomcat-connectors-jk-1.2.5-src.tar.gz.
Unpack the source, compile and install
$ gunzip -c jakarta-tomcat-connectors-jk-1.2.5-src.tar.gz | tar -xvf -
$ cd jakarta-tomcat-connectors-jk-1.2.5-src
$ cd jk/native
$ ./configure --with-apxs=/usr/sbin/apxs
$ (cd common; make )
$ (cd apache-2.0; make -f Makefile.apxs )
$ make install
JK2
Download the connector source, eg.,
jakarta-tomcat-connectors-jk2-2.0.2-src.tar.gz.
Unpack the source, compile and install
$ gunzip -c jakarta-tomcat-connectors-jk2-2.0.2-src.tar.gz | tar -xvf -
$ cd jakarta-tomcat-connectors-jk2-2.0.2-src
$ cd jk/native2
$ ./configure --with-apxs2=/usr/sbin/apxs
# make jk2-build-apxs
$ (cd server/apache2; make -f Makefile.apxs install )
