You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by David Brownlee <os...@hotmail.com> on 2003/04/22 04:38:53 UTC
Passing requests from apache to tomcat with mod_jk and mod_jk2
Hi Folks,
Let me start by saying I'm an admin and not a Java web application
developer. I've been trying to find a way to have apache pass
http://<host>/apps/<appname> requests from apache to tomcat without
restarting either service and I think I have a working solution. The
problem is that I only have a couple sample web apps (which work) and I
don't know enough about servlet programming to know if my solution
introduces security problems or other architectural concerns. I'll describe
what I have and hope someone will shoot it down if I'm doing something
stupid.
I have two machines, a Solaris 2.6 host running apache 1.3.20 with mod_jk
(soon to be upgraded) and a Red Hat 8.0 host running mod_jk2 with the apache
2.0.40 that came in the distribution. On both machines, I've unpacked the
binary version of tomcat 4.1.24 in /opt and both machines have the J2SE
1.4.1 from Sun.
The tomcat binaries worked "out of the box". I left tomcat's default HTTP
listener on port 8080 for testing and I added a user with the "manager" roll
to the default tomcat-users.xml file so that I could use the tomcat manager
web application (http://<host>:8080/manager/html/list). Tomcat is
configured to autodeploy web apps. I added the address="127.0.0.1"
parameter to tomcat's AJP13 connector on port 8009 since apache and tomcat
are running on the same machine. In the httpd.conf file on the Solaris
host, I have "JkMount /apps/* tc41" (tc41 is configured for AJP13 on
127.0.0.1:8009 in the workers.properties file) which configures mod_jk to
pass requests with URLs starting with /apps/ to tomcat whether or not tomcat
will know what to do them. On the Linux host, my
/etc/httpd/conf/workers2.properties file configures mod_jk2 in the same way
using these lines:
[uri:/apps/*]
info=some text here
With this configuration in place, here are the steps I have used to deploy a
web app:
1. Use tomcat's manager app to upload myapp.war. At this point, I can
access the app directly through tomcat using http://<host>:8080/myapp/.
However, both http://<host>:8080/apps/myapp/ and http://<host>/apps/myapp/
return tomcat 404 errors. This is expected and is helpful since it shows
that mod_jk/mod_jk2 is working. Otherwise, the 404 (or 500) would be
comming from apache and not tomcat.
2. Create myapp.xml in tomcat's webapps directory and use tomcat's manager
app to install it. The myapp.xml file contains the following:
<Context path="/apps/myapp" docBase="myapp" debug="0"
privileged="false"></Context>
At this point, tomcat's manager app shows both /myapp and /apps/myapp are
available and following the links shows that both are accessible directly
through tomcat. Also, since apache is passing anything begining with /apps/
to tomcat, http://<host>/apps/myapp/ also works but http://<host>/myapp/
returns a 404 from apache as you would expect.
This setup seems to work and meets my admin requirements. However, since
I'm not a Java web application developer, I can not tell if there is
something "wrong" or "non-standard" about this setup from the web
application's perspective. Please tell me if I have destroyed the web app
paradigm, broken web application security or done something else that will
cause my web developers to curse my name.
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Passing requests from apache to tomcat with mod_jk and mod_jk2
Posted by John Turner <to...@johnturner.com>.
Disable the connector on 8080 when in production, and you should be good to
go.
The only caveat I see is that you will have to do the same thing for each
virtual host, unless your JkMount in httpd.conf is for all hosts. Either
way, you will need multiple Hosts (or Aliases) in server.xml to match the
FQDN used in the URL.
John
On Mon, 21 Apr 2003 19:38:53 -0700, David Brownlee
<os...@hotmail.com> wrote:
> Hi Folks,
>
> Let me start by saying I'm an admin and not a Java web application
> developer. I've been trying to find a way to have apache pass
> http://<host>/apps/<appname> requests from apache to tomcat without
> restarting either service and I think I have a working solution. The
> problem is that I only have a couple sample web apps (which work) and I
> don't know enough about servlet programming to know if my solution
> introduces security problems or other architectural concerns. I'll
> describe what I have and hope someone will shoot it down if I'm doing
> something stupid.
>
> I have two machines, a Solaris 2.6 host running apache 1.3.20 with mod_jk
> (soon to be upgraded) and a Red Hat 8.0 host running mod_jk2 with the
> apache 2.0.40 that came in the distribution. On both machines, I've
> unpacked the binary version of tomcat 4.1.24 in /opt and both machines
> have the J2SE 1.4.1 from Sun.
>
> The tomcat binaries worked "out of the box". I left tomcat's default
> HTTP listener on port 8080 for testing and I added a user with the
> "manager" roll to the default tomcat-users.xml file so that I could use
> the tomcat manager web application (http://<host>:8080/manager/html/list)
> . Tomcat is configured to autodeploy web apps. I added the
> address="127.0.0.1" parameter to tomcat's AJP13 connector on port 8009
> since apache and tomcat are running on the same machine. In the
> httpd.conf file on the Solaris host, I have "JkMount /apps/* tc41" (tc41
> is configured for AJP13 on 127.0.0.1:8009 in the workers.properties file)
> which configures mod_jk to pass requests with URLs starting with /apps/
> to tomcat whether or not tomcat will know what to do them. On the Linux
> host, my /etc/httpd/conf/workers2.properties file configures mod_jk2 in
> the same way using these lines:
> [uri:/apps/*]
> info=some text here
>
> With this configuration in place, here are the steps I have used to
> deploy a web app:
> 1. Use tomcat's manager app to upload myapp.war. At this point, I can
> access the app directly through tomcat using http://<host>:8080/myapp/.
> However, both http://<host>:8080/apps/myapp/ and
> http://<host>/apps/myapp/ return tomcat 404 errors. This is expected and
> is helpful since it shows that mod_jk/mod_jk2 is working. Otherwise, the
> 404 (or 500) would be comming from apache and not tomcat.
> 2. Create myapp.xml in tomcat's webapps directory and use tomcat's
> manager app to install it. The myapp.xml file contains the following:
> <Context path="/apps/myapp" docBase="myapp" debug="0"
> privileged="false"></Context>
> At this point, tomcat's manager app shows both /myapp and /apps/myapp are
> available and following the links shows that both are accessible directly
> through tomcat. Also, since apache is passing anything begining with
> /apps/ to tomcat, http://<host>/apps/myapp/ also works but
> http://<host>/myapp/ returns a 404 from apache as you would expect.
>
> This setup seems to work and meets my admin requirements. However, since
> I'm not a Java web application developer, I can not tell if there is
> something "wrong" or "non-standard" about this setup from the web
> application's perspective. Please tell me if I have destroyed the web
> app paradigm, broken web application security or done something else that
> will cause my web developers to curse my name.
>
> _________________________________________________________________
> The new MSN 8: smart spam protection and 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org