You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ironclaw hand <ir...@hotmail.com> on 2012/04/23 13:12:16 UTC
Mod_jk returning source code of jsp files
Hi,
I am attempting to set up apache and tomcat together for the first time on a new machine using some existing configuration files. I am not sure what is happening but it looks like apache is just serving up all files so when i acccess a jsp file I get the source as if tomcat never executed it.
I have installed the following versions of software:
httpd 2.4.2
Tomcat connectors 1.2.35
Tomcat 7.0.27
Below are the mod_jk config (workers.properties and mod_jk.conf) files I am currently trying to get working if there is anything else that is needed then I can include this. My worker softcat1 is defined in my server.xml for tomcat.
Tomcat works on its own if I access it directly and it does run the jsp files ok, it just seems to be when I try via apache.
I have included my httpd.conf in case it is needed:
ServerTokens Prod
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 1024
#ServerLimit 50
MaxClients 1024
#MaxClients 50
MaxRequestsPerChild 4000
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
#LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule unixd_module modules/mod_unixd.so
Include conf.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
UseCanonicalName Off
DocumentRoot "/var/webapps"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/webapps">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_userdir.c>
UserDir disable
</IfModule>
DirectoryIndex index.html index.html.var
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
# MIMEMagicFile /usr/share/magic.mime
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature Off
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_dav_fs.c>
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb
</IfModule>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort NameWidth=*
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5 .Big5 .big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8 .utf8
AddCharset GB2312 .gb2312 .gb
AddCharset utf-7 .utf7
AddCharset utf-8 .utf8
AddCharset big5 .big5 .b5
AddCharset EUC-TW .euc-tw
AddCharset EUC-JP .euc-jp
AddCharset EUC-KR .euc-kr
AddCharset shift_jis .sjis
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler imap-file map
AddHandler type-map var
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "/var/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
</IfModule>
</IfModule>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
LoadModule jk_module modules/mod_jk.so
Include /etc/httpd/conf/mod_jk.conf
NameVirtualHost sfta.npfit.nhs.uk:443
<VirtualHost 192.168.25.178:443>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [F]
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
RewriteRule . %1/%2 [R=301,L]
SSLEngine on
ServerName sfta.x.x.x
DocumentRoot "/var/webapps/"
ErrorLog logs/error_sft_log
CustomLog logs/access_sft_log combined
ErrorDocument 404 /sft/error404.html
ErrorDocument 503 /sft/error503.html
SSLProtocol ALL -SSLv2
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile /etc/httpd/conf/ssl.crt/SFTA.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/SFTA.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars +ExportCertData
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars +ExportCertData
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_nww.sft.nhs.uk_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
#Disable Apache supporting HTTP TRACE
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [F]
# Remove multiple slashes anywhere in URL
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
RewriteRule . %1/%2 [R=301,L]
#The TraceEnable command isn't available on this version of apache
#TraceEnable Off
Mod_jk.conf
JkWorkersFile /etc/httpd/conf/workers.properties
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel error
JkExtractSSL On
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID
JkCIPHERIndicator SSL_CIPHER
Alias /sft "/var/webapps/sft"
<Directory "/var/webapps/sft">
Options Indexes FollowSymLinks
</Directory>
JkMount /sft/* loadbalancer
JkUnMount /*.html loadbalancer
<Location "/sft/WEB-INF/">
AllowOverride None
deny from all
</Location>
My workers.properties file:
workers.apache_log=/var/log/httpd/
workers.tomcat_home=/var/tomcat
workers.java_home=/usr/java/latest
ps=/
worker.list=softcat1, loadbalancer
worker.softcat1.port=8009
worker.softcat1.host=localhost
worker.softcat1.type=ajp13
worker.softcat1.lbfactor=100
worker.loadbalancer.type=lb
worker.loadbalancer.balanced_workers=softcat1
If anyone has any ideas about what is wrong in the config I would be very grateful as I have spent hours trying to get this to work to no avail.
Thanks
Re: Mod_jk returning source code of jsp files
Posted by André Warnier <aw...@ice-sa.com>.
ironclaw hand wrote:
> Andre,
>
> Thank you for the detailed response I can see now that the config was probably never actually quite right...
>
> I have amended the log level to debug and I now can see this in the mod_jk.log file:
>
> [Tue Apr 24 10:45:35.203 2012] [20188:3044006768] [debug] jk_map_to_storage::mod_jk.c (3773): missing uri map for sfta.a.b.c:/sft/announcement.jsp
> [Tue Apr 24 10:45:35.266 2012] [20287:2844699504] [debug] jk_map_to_storage::mod_jk.c (3773): missing uri map for sfta.a.b.c:/sft/images/sft.css
> [Tue Apr 24 10:45:35.269 2012] [20188:3033516912] [debug] jk_map_to_storage::mod_jk.c (3773): missing uri map for sfta.a.b.c:/sft/images/logo.gif
>
> It looks like mod_jk is receiving from apache but it doesnt know what to do with the request. Is this correct?
Yes. mod_jk is looking at the URI pattern, and it does not match any pattern in the table
which it has built on the base of its JkMount directives. So it returns "declined" to
Apache, and Apache proceeds to serve that URI itself, as a "blob".
Actually, the mod_jk log, at the moment your httpd server is restarted, should show the
processing of the JkMount/jkUnmount directives, when mod_jk builds its "URI map" which it
refers to above.
What I am not quite sure about anymore, is what the mention in the loglines above of the
actual hostname means, It could be a function of your JkLogFormat directive, or it could
be that these requests are actually processed by the wrong VirtualHost.
I remember that this subject has come up previously on the list, but I don't remember
precisely in which context or when.
Maybe someone else can answer that.
If your Apache configuration is such that you have a separate access log for the different
VirtualHosts (and one for the "main" server), then you should be able to see which
requests go to which VirtualHost (independently of whether they are forwarded to Tomcat or
not).
> I have been reading about this and people have suggested in other forum posts to use:
>
> JKMountCopy On - within the virtual host directive
>
> I have tried this and it doesnt make any difference although I am assuming this is because my JKMounts are actually defined within the virtual host and not globally? If I run a tcpdump on port 8009 I never actually see any packets so it never reaches tomcat again probably because of the missing uri map issue.
>
This takes us into the realm of understanding Apache's VirtualHost workings, and how
VirtualHosts inherit or not some configuration from the "main" configuration part.
I was hoping to avoid that part...
Generally, when a configuration directive is present in the "main" part of httpd.conf, it
acts as a default for all VirtualHosts. That is, it is valid in (or inherited by) each
VirtualHost, unless the <VirtualHost> section specifically overrides it.
JkMount/JkUnmount are an exception. They are not automatically inherited.
So either you put the JkMount/JkUnmount directives directly in each <VirtualHost> section
(as you seem to have done), or you use either one of two "tricks".
Trick #1 : in the main part of the configuration, you put the JkMount/JkUnmount
directives, and you add a "JkMountCopy all" directive. This causes the main
JkMount/JkUnmount directives to be copied to *all* VirtualHosts.
Trick #2 : in the main part of the configuration, you put the JkMount/JkUnmount
directives. In the select VirtualHosts in which you want to inherit the main
JkMount/JkUnmount directives, you add a "JkMountCopy on" directive. This will copy the
main configuration's JkMount/JkUnmount directives to *this* VirtualHost only.
Which one is best to use in your case is a matter of choice depending on your whole setup
(how many VirtualHosts you have and how similar they are).
> As a side note would you reccommend dropping mod_jk and using mod_proxy as some posts suggest?
That is your choice of yourse. But in my view, it is a bit like throwing out the baby
along with the bath water.
I personally prefer mod_jk, and find that it has a lot more configuration options.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Mod_jk returning source code of jsp files
Posted by ironclaw hand <ir...@hotmail.com>.
Andre,
Thank you for the detailed response I can see now that the config was probably never actually quite right...
I have amended the log level to debug and I now can see this in the mod_jk.log file:
[Tue Apr 24 10:45:35.203 2012] [20188:3044006768] [debug] jk_map_to_storage::mod_jk.c (3773): missing uri map for sfta.a.b.c:/sft/announcement.jsp
[Tue Apr 24 10:45:35.266 2012] [20287:2844699504] [debug] jk_map_to_storage::mod_jk.c (3773): missing uri map for sfta.a.b.c:/sft/images/sft.css
[Tue Apr 24 10:45:35.269 2012] [20188:3033516912] [debug] jk_map_to_storage::mod_jk.c (3773): missing uri map for sfta.a.b.c:/sft/images/logo.gif
It looks like mod_jk is receiving from apache but it doesnt know what to do with the request. Is this correct? I have been reading about this and people have suggested in other forum posts to use:
JKMountCopy On - within the virtual host directive
I have tried this and it doesnt make any difference although I am assuming this is because my JKMounts are actually defined within the virtual host and not globally? If I run a tcpdump on port 8009 I never actually see any packets so it never reaches tomcat again probably because of the missing uri map issue.
As a side note would you reccommend dropping mod_jk and using mod_proxy as some posts suggest?
> Date: Tue, 24 Apr 2012 11:11:33 +0200
> From: aw@ice-sa.com
> To: users@tomcat.apache.org
> Subject: Re: Mod_jk returning source code of jsp files
>
> ironclaw hand wrote:
> > Ok thanks for the reply and the points are taken on board but as I said before I havent actually done this before and I am initially trying to get it to work as the existing system does (using the config files from the current installation).
> >
> > I know in an ideal world your suggestion would be best but I was just asked to install current versions of apache, tomcat and mod_jk and get it all to work and I was given some existing config files, as said I have never done this before so initially I would actually like to get mod_jk working so that I can actually see the java code getting executed and the dynamic content returned.
> >
> > I dont think the overhead of tomcat serving static pages is the reason apache is installed on these machines, I think it is because of the load balancing as there are a number of machines with Tomcat installed on them that will be in the load although initially I am only trying to get apache to direct to a tomcat on local host.
> >
> > I was looking for some help understanding why mod_jk doesnt work for me, surely this cant be related to the security issues you mentioned?
> >
> Well, you are probably mistaken there.
> With the current configuration, what is apparently attempted is, for some URLs, to have
> Apache httpd /not/ forwarding them to Tomcat via mod_jk, and instead having Apache httpd
> serving them directly, using a "back door" into Tomcat's webapps/sft/ directory.
>
> This /is/ a security issue, because in this way, any security mechanism that may be in
> place at the Tomcat level to avoid delivering the wrong content, are bypassed.
> That is why, from a security point of view, it is strongly recommended not to allow Apache
> to see, and serve the content of, directories whose content should be controlled by
> Tomcat. Your Alias and <Directory> section at the Apache level do just that, so they
> create a large potential security hole, which then someone tries to plug using other
> instructions (which by the way look like they're wrong and/or incomplete).
>
> But apart from the security issue, this scheme has further drawbacks :
> - it makes things more confusing as to whom is serving what
> - Tomcat "knows" that a .jsp file's content is not to be served as is. It knows that this
> kind of file has to be "compiled" into a servlet, and that instead of delivering the
> content of the .jsp file, it should run the resulting servlet, and serve its response.
> Apache httpd has no idea about that. It sees a .jsp file as just a text file, and happily
> serves its contents as is (even if the .jsp source file contained some information which a
> user should never see).
> And that is exactly what you are seeing.
>
> Something in your present configuration allows Apache to "see" these jsp's, and serve them
> directly. It is not very clear at the moment how this happens. In order to remove some
> potential reasons why this could happen, Chris and I showed you how to modify your
> configuration so that in the principle, it should not happen. Or at least, it should
> remove one potential way in which it could be happening, leaving us with a more
> transparent situation helping to find the real reason.
>
> A useful tool to find out what happens is the mod_jk logfile. Increase JkLogLevel
> gradually, until you see which URLs mod_jk is actually forwarding to Tomcat (and which
> ones it is not, and why not).
>
> A bit of background, to understand what happens :
> When mod_jk is configured within Apache httpd, it acts as a "content generator". For
> Apache httpd, it is mod_jk itself which creates the content that is returned to the user.
> Apache httpd has no idea that behind mod_jk, there are one or more Tomcats who actually
> do the work.
> When it comes time to generate the response to a request URL, Apache passes this URL in
> turn to all configured "content generators" (one of them being mod_jk). Each of these
> content generators gets a shot at deciding whether it wants to generate content for that
> URL, or just decline. If the content generator declines, Apache passes the URL through
> the next content generator in the chain, to see if it does better. The last content
> generator in the chain is the Apache builtin one, which reads the file from disk and sends
> the content back "as is".
> In other words, mod_jk gets to see /every/ request URL, and gets to decide if for this
> one, it wants to pass it on to Tomcat or not. It decides this on the base of an internal
> table it has built at server startup, on the base of the JkMount/JkUnmount instructions it
> knows about. If it decides that this URL is not for Tomcat, it returns a "declined" answer
> to Apache, and Apache proceeds to ask the next module. If mod_jk decides to pass this
> request to Tomcat, then it does so using the AJP connection, and waits for Tomcat's
> response. When it gets the Tomcat response, it returns it to Apache (as if it had created
> it itself), along with a return code that means "here is the response, you do not need to
> call any other module anymore".
>
> What is most probably happening in your case is one of two cases :
> - either this request never makes it to the VirtualHost in which this mod_jk is activated.
> In that case, the mod_jk log would not even show the requests for these .jsp's.
> As a result, Apache defaults to handling the request with its own content generator, which
> just returns the .jsp file from disk.
> - or the request makes it to the VirtualHost, and mod_jk sees it (and puts this in the
> log), but mod_jk for some reason does not find a match with the request patterns that it
> should forward to Tomcat. The log will show you that also.
> As a result, Apache also defaults to handling the request with its own content generator,
> which just returns the .jsp file from disk.
>
> In both these cases, due to your present configuration, Apache /can/ deliver the .jsp file
> "as is", because it can see them, directly in the Tomcat webapps/sft directory. If it
> didn't, then you'd get a 404 error when you request a /sft/*.jsp URL.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Re: Mod_jk returning source code of jsp files
Posted by André Warnier <aw...@ice-sa.com>.
ironclaw hand wrote:
> Ok thanks for the reply and the points are taken on board but as I said before I havent actually done this before and I am initially trying to get it to work as the existing system does (using the config files from the current installation).
>
> I know in an ideal world your suggestion would be best but I was just asked to install current versions of apache, tomcat and mod_jk and get it all to work and I was given some existing config files, as said I have never done this before so initially I would actually like to get mod_jk working so that I can actually see the java code getting executed and the dynamic content returned.
>
> I dont think the overhead of tomcat serving static pages is the reason apache is installed on these machines, I think it is because of the load balancing as there are a number of machines with Tomcat installed on them that will be in the load although initially I am only trying to get apache to direct to a tomcat on local host.
>
> I was looking for some help understanding why mod_jk doesnt work for me, surely this cant be related to the security issues you mentioned?
>
Well, you are probably mistaken there.
With the current configuration, what is apparently attempted is, for some URLs, to have
Apache httpd /not/ forwarding them to Tomcat via mod_jk, and instead having Apache httpd
serving them directly, using a "back door" into Tomcat's webapps/sft/ directory.
This /is/ a security issue, because in this way, any security mechanism that may be in
place at the Tomcat level to avoid delivering the wrong content, are bypassed.
That is why, from a security point of view, it is strongly recommended not to allow Apache
to see, and serve the content of, directories whose content should be controlled by
Tomcat. Your Alias and <Directory> section at the Apache level do just that, so they
create a large potential security hole, which then someone tries to plug using other
instructions (which by the way look like they're wrong and/or incomplete).
But apart from the security issue, this scheme has further drawbacks :
- it makes things more confusing as to whom is serving what
- Tomcat "knows" that a .jsp file's content is not to be served as is. It knows that this
kind of file has to be "compiled" into a servlet, and that instead of delivering the
content of the .jsp file, it should run the resulting servlet, and serve its response.
Apache httpd has no idea about that. It sees a .jsp file as just a text file, and happily
serves its contents as is (even if the .jsp source file contained some information which a
user should never see).
And that is exactly what you are seeing.
Something in your present configuration allows Apache to "see" these jsp's, and serve them
directly. It is not very clear at the moment how this happens. In order to remove some
potential reasons why this could happen, Chris and I showed you how to modify your
configuration so that in the principle, it should not happen. Or at least, it should
remove one potential way in which it could be happening, leaving us with a more
transparent situation helping to find the real reason.
A useful tool to find out what happens is the mod_jk logfile. Increase JkLogLevel
gradually, until you see which URLs mod_jk is actually forwarding to Tomcat (and which
ones it is not, and why not).
A bit of background, to understand what happens :
When mod_jk is configured within Apache httpd, it acts as a "content generator". For
Apache httpd, it is mod_jk itself which creates the content that is returned to the user.
Apache httpd has no idea that behind mod_jk, there are one or more Tomcats who actually
do the work.
When it comes time to generate the response to a request URL, Apache passes this URL in
turn to all configured "content generators" (one of them being mod_jk). Each of these
content generators gets a shot at deciding whether it wants to generate content for that
URL, or just decline. If the content generator declines, Apache passes the URL through
the next content generator in the chain, to see if it does better. The last content
generator in the chain is the Apache builtin one, which reads the file from disk and sends
the content back "as is".
In other words, mod_jk gets to see /every/ request URL, and gets to decide if for this
one, it wants to pass it on to Tomcat or not. It decides this on the base of an internal
table it has built at server startup, on the base of the JkMount/JkUnmount instructions it
knows about. If it decides that this URL is not for Tomcat, it returns a "declined" answer
to Apache, and Apache proceeds to ask the next module. If mod_jk decides to pass this
request to Tomcat, then it does so using the AJP connection, and waits for Tomcat's
response. When it gets the Tomcat response, it returns it to Apache (as if it had created
it itself), along with a return code that means "here is the response, you do not need to
call any other module anymore".
What is most probably happening in your case is one of two cases :
- either this request never makes it to the VirtualHost in which this mod_jk is activated.
In that case, the mod_jk log would not even show the requests for these .jsp's.
As a result, Apache defaults to handling the request with its own content generator, which
just returns the .jsp file from disk.
- or the request makes it to the VirtualHost, and mod_jk sees it (and puts this in the
log), but mod_jk for some reason does not find a match with the request patterns that it
should forward to Tomcat. The log will show you that also.
As a result, Apache also defaults to handling the request with its own content generator,
which just returns the .jsp file from disk.
In both these cases, due to your present configuration, Apache /can/ deliver the .jsp file
"as is", because it can see them, directly in the Tomcat webapps/sft directory. If it
didn't, then you'd get a 404 error when you request a /sft/*.jsp URL.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Mod_jk returning source code of jsp files
Posted by ironclaw hand <ir...@hotmail.com>.
Hi Andre,
I tried your suggestions but apache is still serving the content plus the WEB-INF directory is now available via the URL. I am only trying to get this set up on one machine initially as I said in my earlier message but the reason the term load balancer is used is because there will actually be a number of machines running tomcat and one machine running apache and tomcat.
I did'nt choose this solution and I dont know why this solution was preferred and I didnt have anything to do with configuring or installing the original set up. The machines are being replaced and I have been asked to install new versions of the software but I cannot even get this working with one apache and localhost tomcat.
> From: ironclawhand@hotmail.com
> To: users@tomcat.apache.org
> Subject: RE: Mod_jk returning source code of jsp files
> Date: Tue, 24 Apr 2012 08:40:08 +0100
>
>
> Ok thanks for the reply and the points are taken on board but as I said before I havent actually done this before and I am initially trying to get it to work as the existing system does (using the config files from the current installation).
>
> I know in an ideal world your suggestion would be best but I was just asked to install current versions of apache, tomcat and mod_jk and get it all to work and I was given some existing config files, as said I have never done this before so initially I would actually like to get mod_jk working so that I can actually see the java code getting executed and the dynamic content returned.
>
> I dont think the overhead of tomcat serving static pages is the reason apache is installed on these machines, I think it is because of the load balancing as there are a number of machines with Tomcat installed on them that will be in the load although initially I am only trying to get apache to direct to a tomcat on local host.
>
> I was looking for some help understanding why mod_jk doesnt work for me, surely this cant be related to the security issues you mentioned?
>
> > Date: Mon, 23 Apr 2012 17:28:00 +0200
> > From: aw@ice-sa.com
> > To: users@tomcat.apache.org
> > Subject: Re: Mod_jk returning source code of jsp files
> >
> > ironclaw hand wrote:
> > > Thanks Christopher I will address the security issues if I am actually able to get mod_jk to execute a jsp!
> >
> > No. You should do things right first, in a secure way. And then, when it works, you can
> > start "optimising" carefully and step by step, and try not to introduce security holes
> > while doing so.
> > I put "optimise" between quotes here, because what you are apparently trying is not much
> > of an optimisation, while it IS creating security issues (and confusing things). It would
> > be better to let Tomcat serve all your content, including the static pages that are inside
> > your webapp directory anyway. This way, you will not compromise whatever access security
> > is implemented at the Tomcat side, and the overhead of having Tomcat serve those static
> > pages is measured in microseconds at worst.
> >
> > >
> > > I have now removed everything from mod_jk.conf except for the global directives and I now have my httpd.conf looking like:
> > >
> > > #
> > > # JK for connections to Tomcat
> > > #
> > > LoadModule jk_module modules/mod_jk.so
> > > Include /etc/httpd/conf/mod_jk.conf
> > >
> > > <IfModule jk_module>
> > > JkWorkersFile /etc/httpd/conf/workers.properties
> > > JkLogFile /var/log/httpd/mod_jk.log
> > > JkLogLevel info
> > >
> >
> > remove from here
> >
> > > Alias /sft "/var/webapps/sft"
> > >
> > > <Directory "/var/webapps/sft">
> > > Options Indexes FollowSymLinks
> > > </Directory>
> > >
> > > <Location "/sft/WEB-INF/">
> > > AllowOverride None
> > > deny from all
> > > </Location>
> > >
> > until here
> >
> > > </IfModule>
> >
> > >
> > > ##
> > > ## SSL Virtual Host Context
> > > <VirtualHost sfta.a.b.c:443>
> >
> > change this
> >
> > > JkMount /sft/* loadbalancer
> > > JkUnMount /*.html loadbalancer
> >
> > to this
> >
> > JkMount /sft loadbalancer
> > JkMount /sft/* loadbalancer
> >
> >
> > > </VirtualHost>
> > >
> > > I still get the jsp file returned as text
> >
> > which means that Apache is serving them, not Tomcat.
> >
> > so I obviously still have problems and initially I would just like to get apache to invoke
> > mod_jk and return me the dynamic content.
> >
> > And let it first return the static content as well, since it is anyway located in your
> > webapps directory.
> >
> > One could also question why you are using the term (or name) "loadbalancer" above, since
> > all your content seems to be on the same host anyway. Do you really have one httpd and
> > several Tomcat's ?
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
RE: Mod_jk returning source code of jsp files
Posted by ironclaw hand <ir...@hotmail.com>.
Ok thanks for the reply and the points are taken on board but as I said before I havent actually done this before and I am initially trying to get it to work as the existing system does (using the config files from the current installation).
I know in an ideal world your suggestion would be best but I was just asked to install current versions of apache, tomcat and mod_jk and get it all to work and I was given some existing config files, as said I have never done this before so initially I would actually like to get mod_jk working so that I can actually see the java code getting executed and the dynamic content returned.
I dont think the overhead of tomcat serving static pages is the reason apache is installed on these machines, I think it is because of the load balancing as there are a number of machines with Tomcat installed on them that will be in the load although initially I am only trying to get apache to direct to a tomcat on local host.
I was looking for some help understanding why mod_jk doesnt work for me, surely this cant be related to the security issues you mentioned?
> Date: Mon, 23 Apr 2012 17:28:00 +0200
> From: aw@ice-sa.com
> To: users@tomcat.apache.org
> Subject: Re: Mod_jk returning source code of jsp files
>
> ironclaw hand wrote:
> > Thanks Christopher I will address the security issues if I am actually able to get mod_jk to execute a jsp!
>
> No. You should do things right first, in a secure way. And then, when it works, you can
> start "optimising" carefully and step by step, and try not to introduce security holes
> while doing so.
> I put "optimise" between quotes here, because what you are apparently trying is not much
> of an optimisation, while it IS creating security issues (and confusing things). It would
> be better to let Tomcat serve all your content, including the static pages that are inside
> your webapp directory anyway. This way, you will not compromise whatever access security
> is implemented at the Tomcat side, and the overhead of having Tomcat serve those static
> pages is measured in microseconds at worst.
>
> >
> > I have now removed everything from mod_jk.conf except for the global directives and I now have my httpd.conf looking like:
> >
> > #
> > # JK for connections to Tomcat
> > #
> > LoadModule jk_module modules/mod_jk.so
> > Include /etc/httpd/conf/mod_jk.conf
> >
> > <IfModule jk_module>
> > JkWorkersFile /etc/httpd/conf/workers.properties
> > JkLogFile /var/log/httpd/mod_jk.log
> > JkLogLevel info
> >
>
> remove from here
>
> > Alias /sft "/var/webapps/sft"
> >
> > <Directory "/var/webapps/sft">
> > Options Indexes FollowSymLinks
> > </Directory>
> >
> > <Location "/sft/WEB-INF/">
> > AllowOverride None
> > deny from all
> > </Location>
> >
> until here
>
> > </IfModule>
>
> >
> > ##
> > ## SSL Virtual Host Context
> > <VirtualHost sfta.a.b.c:443>
>
> change this
>
> > JkMount /sft/* loadbalancer
> > JkUnMount /*.html loadbalancer
>
> to this
>
> JkMount /sft loadbalancer
> JkMount /sft/* loadbalancer
>
>
> > </VirtualHost>
> >
> > I still get the jsp file returned as text
>
> which means that Apache is serving them, not Tomcat.
>
> so I obviously still have problems and initially I would just like to get apache to invoke
> mod_jk and return me the dynamic content.
>
> And let it first return the static content as well, since it is anyway located in your
> webapps directory.
>
> One could also question why you are using the term (or name) "loadbalancer" above, since
> all your content seems to be on the same host anyway. Do you really have one httpd and
> several Tomcat's ?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Re: Mod_jk returning source code of jsp files
Posted by André Warnier <aw...@ice-sa.com>.
ironclaw hand wrote:
> Thanks Christopher I will address the security issues if I am actually able to get mod_jk to execute a jsp!
No. You should do things right first, in a secure way. And then, when it works, you can
start "optimising" carefully and step by step, and try not to introduce security holes
while doing so.
I put "optimise" between quotes here, because what you are apparently trying is not much
of an optimisation, while it IS creating security issues (and confusing things). It would
be better to let Tomcat serve all your content, including the static pages that are inside
your webapp directory anyway. This way, you will not compromise whatever access security
is implemented at the Tomcat side, and the overhead of having Tomcat serve those static
pages is measured in microseconds at worst.
>
> I have now removed everything from mod_jk.conf except for the global directives and I now have my httpd.conf looking like:
>
> #
> # JK for connections to Tomcat
> #
> LoadModule jk_module modules/mod_jk.so
> Include /etc/httpd/conf/mod_jk.conf
>
> <IfModule jk_module>
> JkWorkersFile /etc/httpd/conf/workers.properties
> JkLogFile /var/log/httpd/mod_jk.log
> JkLogLevel info
>
remove from here
> Alias /sft "/var/webapps/sft"
>
> <Directory "/var/webapps/sft">
> Options Indexes FollowSymLinks
> </Directory>
>
> <Location "/sft/WEB-INF/">
> AllowOverride None
> deny from all
> </Location>
>
until here
> </IfModule>
>
> ##
> ## SSL Virtual Host Context
> <VirtualHost sfta.a.b.c:443>
change this
> JkMount /sft/* loadbalancer
> JkUnMount /*.html loadbalancer
to this
JkMount /sft loadbalancer
JkMount /sft/* loadbalancer
> </VirtualHost>
>
> I still get the jsp file returned as text
which means that Apache is serving them, not Tomcat.
so I obviously still have problems and initially I would just like to get apache to invoke
mod_jk and return me the dynamic content.
And let it first return the static content as well, since it is anyway located in your
webapps directory.
One could also question why you are using the term (or name) "loadbalancer" above, since
all your content seems to be on the same host anyway. Do you really have one httpd and
several Tomcat's ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Mod_jk returning source code of jsp files
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ironclaw,
Let's take a step back.
On 4/23/12 10:19 AM, ironclaw hand wrote:
> Thanks Christopher I will address the security issues if I am
> actually able to get mod_jk to execute a jsp!
I tend to agree with André, here and his assertions that there's no
reason to wait "until it's working". Presumably, since you've been
tasked with getting this to work, it /must/ work at the end...
scrapping httpd isn't an option for you, so you may as well solve this
problem since it's the easier one to solve.
Honestly, I'm not sure exactly why your configuration doesn't work:
I've never had trouble configuring mod_jk.
> I have now removed everything from mod_jk.conf except for the
> global directives and I now have my httpd.conf looking like:
So what *is* in your mod_jk.conf file? I would have expected
"LoadModule" and "Include" to be in there, as well as JkWorkersFile,
JkLogLevel, etc. Basically, everything but Jk(Un)?Mount directives.
Oh! I also usually recommend setting "JkStripSession On" so that URLs
to static content that happen to contain jsessionid path parameters
don't confuse httpd and prevent those resources from loading.
> # # JK for connections to Tomcat # LoadModule jk_module
> modules/mod_jk.so Include /etc/httpd/conf/mod_jk.conf
>
> <IfModule jk_module> JkWorkersFile
> /etc/httpd/conf/workers.properties JkLogFile
> /var/log/httpd/mod_jk.log JkLogLevel info
Put all of the above at the top-level. It's not surprising that it
doesn't work, but I didn't actually know that you can't put
JkWorkersFile in a VirtualHost. I guess the documentation[1] is fairly
clear:
"
JkWorkersFile
The name of a worker file for the Tomcat servlet containers.
This directive is only allowed once. It must be put into the global
part of the configuration.
"
[1] http://tomcat.apache.org/connectors-doc/reference/apache.html
> Alias /sft "/var/webapps/sft"
[security]: we've discussed this
> <Directory "/var/webapps/sft"> Options Indexes FollowSymLinks
[security]: do you really need Indexes enabled? I find that to be a
security vulnerability unless you want people to be able to browse and
download arbitrary files. Sometimes that's what you want, but usually
not within a webapp.
> </Directory>
>
> <Location "/sft/WEB-INF/"> AllowOverride None deny from all
> </Location>
[security]: I would definitely do this as a <Directory> instead of a
<Location>: that way, you're protected no matter how the URL resolves
to the filesystem.
> <VirtualHost sfta.a.b.c:443> JkMount /sft/* loadbalancer JkUnMount
> /*.html loadbalancer
Just for parity, I'd make that:
JkUnMount /sft/*.html loadbalancer
That way, you don't accidentally unmount everything on the whole site
when you really only wanted to allow static files form that one webapp
to be unmounted.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+YELYACgkQ9CaO5/Lv0PDqmACgiPptfKAAC+Lah1I8B1tszZ4f
a0wAoJxU9ft/xII/8ubKM14ariJT5sWL
=lokh
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Mod_jk returning source code of jsp files
Posted by ironclaw hand <ir...@hotmail.com>.
Thanks Christopher I will address the security issues if I am actually able to get mod_jk to execute a jsp!
I have now removed everything from mod_jk.conf except for the global directives and I now have my httpd.conf looking like:
#
# JK for connections to Tomcat
#
LoadModule jk_module modules/mod_jk.so
Include /etc/httpd/conf/mod_jk.conf
<IfModule jk_module>
JkWorkersFile /etc/httpd/conf/workers.properties
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel info
Alias /sft "/var/webapps/sft"
<Directory "/var/webapps/sft">
Options Indexes FollowSymLinks
</Directory>
<Location "/sft/WEB-INF/">
AllowOverride None
deny from all
</Location>
</IfModule>
##
## SSL Virtual Host Context
<VirtualHost sfta.a.b.c:443>
JkMount /sft/* loadbalancer
JkUnMount /*.html loadbalancer
</VirtualHost>
I still get the jsp file returned as text so I obviously still have problems and initially I would just like to get apache to invoke mod_jk and return me the dynamic content. I have looked in the mod_jk.conf file and there are no errors so I assume the versions of software I have installed are compatible? This is in my mod_jk.conf file:
[Mon Apr 23 15:11:51.006 2012] [9293:3078489792] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.35 initialized
> Date: Mon, 23 Apr 2012 10:04:00 -0400
> From: chris@christopherschultz.net
> To: users@tomcat.apache.org
> Subject: Re: Mod_jk returning source code of jsp files
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ironclaw,
>
> On 4/23/12 9:18 AM, ironclaw hand wrote:
> > So are you saying I should do away with the mod_jk.conf
> > completely?
>
> That depends upon what is in mod_jk.conf. Your mod_jk.conf looks like
> a mix between global mod_jk directives (e.g. JkWorkersFile) and
> VirtualHost-specific directives (e.g. <Location> and JkMounts).
>
> I would recommend putting all your global configuration into
> mod_jk.conf and then putting your VirtualHost-specific configuration
> into the appropriate VirtualHost (possibly the default one).
>
> It looks like you have an old example of how to set up mod_jk. The
> following properties are no longer useful in workers.properties:
>
> workers.apache_log=/var/log/httpd/
> workers.tomcat_home=/var/tomcat
> workers.java_home=/usr/java/latest
> ps=/
>
> Finally, if you are going to do this:
>
> Alias /sft "/var/webapps/sft"
> <Directory "/var/webapps/sft">
> Options Indexes FollowSymLinks
> </Directory>
>
> You'll have to protect more than just this:
>
> <Location "/sft/WEB-INF/">
> AllowOverride None
> deny from all
> </Location>
>
> If you have anything sensitive in sft/META-INF (like a context.xml
> containing your LDAP or database credentials for instance).
>
> Also, since the content lives on the filesystem, you might be better
> off using a <Directory> directive instead (or in addition to)
> <Location>. Be very careful if you decide to use an Alias to your
> appBase: it's usually discouraged on a security basis.
>
> > JkMount /sft/* loadbalancer
> >
> > JkUnMount /*.html loadbalancer
>
> JkMounts need to be *inside* a VirtualHost: otherwise, they have no
> effect.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk+VYVAACgkQ9CaO5/Lv0PCkVgCgqw11nIU5ZnJ1DZ165WQQ1ZEN
> UTAAn2CKlcjIiOO+oFkQFGHeJFpfVHQt
> =w8JP
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Re: Mod_jk returning source code of jsp files
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ironclaw,
On 4/23/12 9:18 AM, ironclaw hand wrote:
> So are you saying I should do away with the mod_jk.conf
> completely?
That depends upon what is in mod_jk.conf. Your mod_jk.conf looks like
a mix between global mod_jk directives (e.g. JkWorkersFile) and
VirtualHost-specific directives (e.g. <Location> and JkMounts).
I would recommend putting all your global configuration into
mod_jk.conf and then putting your VirtualHost-specific configuration
into the appropriate VirtualHost (possibly the default one).
It looks like you have an old example of how to set up mod_jk. The
following properties are no longer useful in workers.properties:
workers.apache_log=/var/log/httpd/
workers.tomcat_home=/var/tomcat
workers.java_home=/usr/java/latest
ps=/
Finally, if you are going to do this:
Alias /sft "/var/webapps/sft"
<Directory "/var/webapps/sft">
Options Indexes FollowSymLinks
</Directory>
You'll have to protect more than just this:
<Location "/sft/WEB-INF/">
AllowOverride None
deny from all
</Location>
If you have anything sensitive in sft/META-INF (like a context.xml
containing your LDAP or database credentials for instance).
Also, since the content lives on the filesystem, you might be better
off using a <Directory> directive instead (or in addition to)
<Location>. Be very careful if you decide to use an Alias to your
appBase: it's usually discouraged on a security basis.
> JkMount /sft/* loadbalancer
>
> JkUnMount /*.html loadbalancer
JkMounts need to be *inside* a VirtualHost: otherwise, they have no
effect.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+VYVAACgkQ9CaO5/Lv0PCkVgCgqw11nIU5ZnJ1DZ165WQQ1ZEN
UTAAn2CKlcjIiOO+oFkQFGHeJFpfVHQt
=w8JP
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Mod_jk returning source code of jsp files
Posted by ironclaw hand <ir...@hotmail.com>.
So are you saying I should do away with the mod_jk.conf completely?
I have already tried putting everything into httpd.conf like you suggested:
NameVirtualHost sfta.npfit.nhs.uk:443
<VirtualHost sfta.npfit.nhs.uk:443>
LoadModule jk_module modules/mod_jk.so
</Virtualhost>
<IfModule mod_jk.c>
JkWorkersFile /etc/httpd/conf/workers.properties
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel info
Alias /sft "/var/webapps/sft"
<Directory "/var/webapps/sft">
Options Indexes FollowSymLinks
</Directory>
JkMount /sft/* loadbalancer
JkUnMount /*.html loadbalancer
<Location "/sft/WEB-INF/">
AllowOverride None
deny from all
</Location>
</IfModule>
Whilst apache seemed to start up ok and there were no errors in my mod_jk.log I still had exactly the same issue in that accessing a jsp would return the sourcecode.
Is the example above what you meant?
> Date: Mon, 23 Apr 2012 23:10:55 +1000
> Subject: RE: Mod_jk returning source code of jsp files
> From: icicimov@gmail.com
> To: users@tomcat.apache.org
>
> Well you need to have JkMount command inside the virtual host so its up to
> you how to do it.
> On Apr 23, 2012 10:53 PM, "ironclaw hand" <ir...@hotmail.com> wrote:
>
> >
> >
> > Ok I tried that but apache wont start now. It gives the following error:
> >
> > AH00526: Syntax error on line 1 of /etc/httpd/conf/mod_jk.conf:
> > JkWorkersFile cannot occur within <VirtualHost> section
> > [FAILED]
> >
> >
> > > Date: Mon, 23 Apr 2012 22:36:35 +1000
> > > Subject: Re: Mod_jk returning source code of jsp files
> > > From: icicimov@gmail.com
> > > To: users@tomcat.apache.org
> > >
> > > Put this line
> > >
> > > Include /etc/httpd/conf/mod_jk.conf
> > >
> > > inside virtual host.
> > > On Apr 23, 2012 9:12 PM, "ironclaw hand" <ir...@hotmail.com>
> > wrote:
> > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > > I am attempting to set up apache and tomcat together for the first
> > time on
> > > > a new machine using some existing configuration files. I am not sure
> > what
> > > > is happening but it looks like apache is just serving up all files so
> > when
> > > > i acccess a jsp file I get the source as if tomcat never executed it.
> > > >
> > > > I have installed the following versions of software:
> > > >
> > > > httpd 2.4.2
> > > > Tomcat connectors 1.2.35
> > > > Tomcat 7.0.27
> > > >
> > > > Below are the mod_jk config (workers.properties and mod_jk.conf) files
> > I
> > > > am currently trying to get working if there is anything else that is
> > needed
> > > > then I can include this. My worker softcat1 is defined in my
> > server.xml for
> > > > tomcat.
> > > >
> > > > Tomcat works on its own if I access it directly and it does run the jsp
> > > > files ok, it just seems to be when I try via apache.
> > > >
> > > > I have included my httpd.conf in case it is needed:
> > > >
> > > >
> > > > ServerTokens Prod
> > > >
> > > >
> > > > ServerRoot "/etc/httpd"
> > > >
> > > > PidFile run/httpd.pid
> > > >
> > > >
> > > > Timeout 120
> > > >
> > > >
> > > > KeepAlive Off
> > > >
> > > > MaxKeepAliveRequests 100
> > > >
> > > >
> > > > KeepAliveTimeout 15
> > > >
> > > >
> > > > <IfModule prefork.c>
> > > > StartServers 8
> > > > MinSpareServers 5
> > > > MaxSpareServers 20
> > > > ServerLimit 1024
> > > > #ServerLimit 50
> > > > MaxClients 1024
> > > > #MaxClients 50
> > > > MaxRequestsPerChild 4000
> > > > </IfModule>
> > > >
> > > >
> > > > <IfModule worker.c>
> > > > StartServers 2
> > > > MaxClients 150
> > > > MinSpareThreads 25
> > > > MaxSpareThreads 75
> > > > ThreadsPerChild 25
> > > > MaxRequestsPerChild 0
> > > > </IfModule>
> > > >
> > > >
> > > > LoadModule access_compat_module modules/mod_access_compat.so
> > > > LoadModule authz_core_module modules/mod_authz_core.so
> > > > LoadModule authz_host_module modules/mod_authz_host.so
> > > > LoadModule auth_basic_module modules/mod_auth_basic.so
> > > > LoadModule authn_file_module modules/mod_authn_file.so
> > > > LoadModule authn_anon_module modules/mod_authn_anon.so
> > > > LoadModule authn_dbm_module modules/mod_authn_dbm.so
> > > > LoadModule auth_digest_module modules/mod_auth_digest.so
> > > > LoadModule ldap_module modules/mod_ldap.so
> > > > LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
> > > > LoadModule include_module modules/mod_include.so
> > > > LoadModule log_config_module modules/mod_log_config.so
> > > > LoadModule env_module modules/mod_env.so
> > > > LoadModule mime_magic_module modules/mod_mime_magic.so
> > > > LoadModule cern_meta_module modules/mod_cern_meta.so
> > > > LoadModule expires_module modules/mod_expires.so
> > > > LoadModule deflate_module modules/mod_deflate.so
> > > > LoadModule headers_module modules/mod_headers.so
> > > > LoadModule usertrack_module modules/mod_usertrack.so
> > > > LoadModule setenvif_module modules/mod_setenvif.so
> > > > LoadModule mime_module modules/mod_mime.so
> > > > LoadModule dav_module modules/mod_dav.so
> > > > LoadModule status_module modules/mod_status.so
> > > > LoadModule autoindex_module modules/mod_autoindex.so
> > > > LoadModule asis_module modules/mod_asis.so
> > > > LoadModule info_module modules/mod_info.so
> > > > LoadModule dav_fs_module modules/mod_dav_fs.so
> > > > LoadModule vhost_alias_module modules/mod_vhost_alias.so
> > > > LoadModule negotiation_module modules/mod_negotiation.so
> > > > LoadModule dir_module modules/mod_dir.so
> > > > LoadModule imagemap_module modules/mod_imagemap.so
> > > > LoadModule actions_module modules/mod_actions.so
> > > > LoadModule speling_module modules/mod_speling.so
> > > > LoadModule userdir_module modules/mod_userdir.so
> > > > LoadModule alias_module modules/mod_alias.so
> > > > LoadModule rewrite_module modules/mod_rewrite.so
> > > > LoadModule proxy_module modules/mod_proxy.so
> > > > LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
> > > > LoadModule proxy_http_module modules/mod_proxy_http.so
> > > > LoadModule proxy_connect_module modules/mod_proxy_connect.so
> > > > LoadModule cache_module modules/mod_cache.so
> > > > LoadModule suexec_module modules/mod_suexec.so
> > > > #LoadModule disk_cache_module modules/mod_disk_cache.so
> > > > LoadModule file_cache_module modules/mod_file_cache.so
> > > > #LoadModule mem_cache_module modules/mod_mem_cache.so
> > > > LoadModule cgi_module modules/mod_cgi.so
> > > > LoadModule version_module modules/mod_version.so
> > > > LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
> > > > LoadModule unixd_module modules/mod_unixd.so
> > > >
> > > >
> > > > Include conf.d/*.conf
> > > >
> > > > User apache
> > > > Group apache
> > > >
> > > >
> > > > ServerAdmin root@localhost
> > > >
> > > >
> > > > UseCanonicalName Off
> > > >
> > > > DocumentRoot "/var/webapps"
> > > >
> > > >
> > > > <Directory />
> > > > Options FollowSymLinks
> > > > AllowOverride None
> > > > </Directory>
> > > >
> > > >
> > > > <Directory "/var/webapps">
> > > >
> > > >
> > > > Options Indexes FollowSymLinks
> > > >
> > > > AllowOverride None
> > > >
> > > > Order allow,deny
> > > > Allow from all
> > > >
> > > > </Directory>
> > > >
> > > >
> > > > <IfModule mod_userdir.c>
> > > >
> > > > UserDir disable
> > > >
> > > >
> > > >
> > > > </IfModule>
> > > >
> > > >
> > > > DirectoryIndex index.html index.html.var
> > > >
> > > >
> > > > AccessFileName .htaccess
> > > >
> > > > <Files ~ "^\.ht">
> > > > Order allow,deny
> > > > Deny from all
> > > > </Files>
> > > >
> > > >
> > > > TypesConfig /etc/mime.types
> > > >
> > > > DefaultType text/plain
> > > >
> > > >
> > > > <IfModule mod_mime_magic.c>
> > > > # MIMEMagicFile /usr/share/magic.mime
> > > > MIMEMagicFile conf/magic
> > > > </IfModule>
> > > >
> > > >
> > > > HostnameLookups Off
> > > >
> > > >
> > > > ErrorLog logs/error_log
> > > >
> > > >
> > > > LogLevel warn
> > > >
> > > >
> > > > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> > \"%{User-Agent}i\""
> > > > combined
> > > > LogFormat "%h %l %u %t \"%r\" %>s %b" common
> > > > LogFormat "%{Referer}i -> %U" referer
> > > > LogFormat "%{User-agent}i" agent
> > > >
> > > >
> > > > CustomLog logs/access_log combined
> > > >
> > > >
> > > > ServerSignature Off
> > > >
> > > >
> > > > Alias /icons/ "/var/www/icons/"
> > > >
> > > > <Directory "/var/www/icons">
> > > > Options Indexes MultiViews
> > > > AllowOverride None
> > > > Order allow,deny
> > > > Allow from all
> > > > </Directory>
> > > >
> > > >
> > > > <IfModule mod_dav_fs.c>
> > > > # Location of the WebDAV lock database.
> > > > DAVLockDB /var/lib/dav/lockdb
> > > > </IfModule>
> > > >
> > > >
> > > > ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
> > > >
> > > >
> > > > <Directory "/var/www/cgi-bin">
> > > > AllowOverride None
> > > > Options None
> > > > Order allow,deny
> > > > Allow from all
> > > > </Directory>
> > > >
> > > >
> > > > IndexOptions FancyIndexing VersionSort NameWidth=*
> > > >
> > > >
> > > > AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
> > > >
> > > > AddIconByType (TXT,/icons/text.gif) text/*
> > > > AddIconByType (IMG,/icons/image2.gif) image/*
> > > > AddIconByType (SND,/icons/sound2.gif) audio/*
> > > > AddIconByType (VID,/icons/movie.gif) video/*
> > > >
> > > > AddIcon /icons/binary.gif .bin .exe
> > > > AddIcon /icons/binhex.gif .hqx
> > > > AddIcon /icons/tar.gif .tar
> > > > AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
> > > > AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
> > > > AddIcon /icons/a.gif .ps .ai .eps
> > > > AddIcon /icons/layout.gif .html .shtml .htm .pdf
> > > > AddIcon /icons/text.gif .txt
> > > > AddIcon /icons/c.gif .c
> > > > AddIcon /icons/p.gif .pl .py
> > > > AddIcon /icons/f.gif .for
> > > > AddIcon /icons/dvi.gif .dvi
> > > > AddIcon /icons/uuencoded.gif .uu
> > > > AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
> > > > AddIcon /icons/tex.gif .tex
> > > > AddIcon /icons/bomb.gif core
> > > >
> > > > AddIcon /icons/back.gif ..
> > > > AddIcon /icons/hand.right.gif README
> > > > AddIcon /icons/folder.gif ^^DIRECTORY^^
> > > > AddIcon /icons/blank.gif ^^BLANKICON^^
> > > >
> > > >
> > > > DefaultIcon /icons/unknown.gif
> > > >
> > > >
> > > > ReadmeName README.html
> > > > HeaderName HEADER.html
> > > >
> > > >
> > > > IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
> > > >
> > > >
> > > > AddLanguage ca .ca
> > > > AddLanguage cs .cz .cs
> > > > AddLanguage da .dk
> > > > AddLanguage de .de
> > > > AddLanguage el .el
> > > > AddLanguage en .en
> > > > AddLanguage eo .eo
> > > > AddLanguage es .es
> > > > AddLanguage et .et
> > > > AddLanguage fr .fr
> > > > AddLanguage he .he
> > > > AddLanguage hr .hr
> > > > AddLanguage it .it
> > > > AddLanguage ja .ja
> > > > AddLanguage ko .ko
> > > > AddLanguage ltz .ltz
> > > > AddLanguage nl .nl
> > > > AddLanguage nn .nn
> > > > AddLanguage no .no
> > > > AddLanguage pl .po
> > > > AddLanguage pt .pt
> > > > AddLanguage pt-BR .pt-br
> > > > AddLanguage ru .ru
> > > > AddLanguage sv .sv
> > > > AddLanguage zh-CN .zh-cn
> > > > AddLanguage zh-TW .zh-tw
> > > >
> > > >
> > > > LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl
> > nn no
> > > > pl pt pt-BR ru sv zh-CN zh-TW
> > > >
> > > >
> > > > ForceLanguagePriority Prefer Fallback
> > > >
> > > >
> > > > AddDefaultCharset UTF-8
> > > >
> > > >
> > > > AddCharset ISO-8859-1 .iso8859-1 .latin1
> > > > AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
> > > > AddCharset ISO-8859-3 .iso8859-3 .latin3
> > > > AddCharset ISO-8859-4 .iso8859-4 .latin4
> > > > AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
> > > > AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
> > > > AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
> > > > AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
> > > > AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
> > > > AddCharset ISO-2022-JP .iso2022-jp .jis
> > > > AddCharset ISO-2022-KR .iso2022-kr .kis
> > > > AddCharset ISO-2022-CN .iso2022-cn .cis
> > > > AddCharset Big5 .Big5 .big5
> > > > # For russian, more than one charset is used (depends on client,
> > mostly):
> > > > AddCharset WINDOWS-1251 .cp-1251 .win-1251
> > > > AddCharset CP866 .cp866
> > > > AddCharset KOI8-r .koi8-r .koi8-ru
> > > > AddCharset KOI8-ru .koi8-uk .ua
> > > > AddCharset ISO-10646-UCS-2 .ucs2
> > > > AddCharset ISO-10646-UCS-4 .ucs4
> > > > AddCharset UTF-8 .utf8
> > > >
> > > >
> > > > AddCharset GB2312 .gb2312 .gb
> > > > AddCharset utf-7 .utf7
> > > > AddCharset utf-8 .utf8
> > > > AddCharset big5 .big5 .b5
> > > > AddCharset EUC-TW .euc-tw
> > > > AddCharset EUC-JP .euc-jp
> > > > AddCharset EUC-KR .euc-kr
> > > > AddCharset shift_jis .sjis
> > > >
> > > >
> > > > AddType application/x-compress .Z
> > > > AddType application/x-gzip .gz .tgz
> > > >
> > > >
> > > > AddHandler imap-file map
> > > >
> > > >
> > > > AddHandler type-map var
> > > >
> > > >
> > > > AddType text/html .shtml
> > > > AddOutputFilter INCLUDES .shtml
> > > >
> > > >
> > > >
> > > > Alias /error/ "/var/www/error/"
> > > >
> > > > <IfModule mod_negotiation.c>
> > > > <IfModule mod_include.c>
> > > > <Directory "/var/www/error">
> > > > AllowOverride None
> > > > Options IncludesNoExec
> > > > AddOutputFilter Includes html
> > > > AddHandler type-map var
> > > > Order allow,deny
> > > > Allow from all
> > > > LanguagePriority en es de fr
> > > > ForceLanguagePriority Prefer Fallback
> > > > </Directory>
> > > >
> > > >
> > > > </IfModule>
> > > > </IfModule>
> > > >
> > > >
> > > > BrowserMatch "Mozilla/2" nokeepalive
> > > > BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
> > force-response-1.0
> > > > BrowserMatch "RealPlayer 4\.0" force-response-1.0
> > > > BrowserMatch "Java/1\.0" force-response-1.0
> > > > BrowserMatch "JDK/1\.0" force-response-1.0
> > > >
> > > >
> > > > BrowserMatch "Microsoft Data Access Internet Publishing Provider"
> > > > redirect-carefully
> > > > BrowserMatch "^WebDrive" redirect-carefully
> > > > BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
> > > > BrowserMatch "^gnome-vfs" redirect-carefully
> > > >
> > > >
> > > >
> > > > LoadModule jk_module modules/mod_jk.so
> > > > Include /etc/httpd/conf/mod_jk.conf
> > > >
> > > >
> > > > NameVirtualHost sfta.npfit.nhs.uk:443
> > > >
> > > > <VirtualHost 192.168.25.178:443>
> > > >
> > > > RewriteEngine On
> > > > RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
> > > > RewriteCond %{REQUEST_METHOD} ^TRACK
> > > > RewriteRule .* - [F]
> > > >
> > > >
> > > > RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
> > > > RewriteRule . %1/%2 [R=301,L]
> > > >
> > > > SSLEngine on
> > > >
> > > >
> > > > ServerName sfta.x.x.x
> > > >
> > > > DocumentRoot "/var/webapps/"
> > > >
> > > > ErrorLog logs/error_sft_log
> > > > CustomLog logs/access_sft_log combined
> > > > ErrorDocument 404 /sft/error404.html
> > > > ErrorDocument 503 /sft/error503.html
> > > >
> > > > SSLProtocol ALL -SSLv2
> > > > SSLCipherSuite HIGH:MEDIUM
> > > >
> > > >
> > > > SSLCertificateFile /etc/httpd/conf/ssl.crt/SFTA.crt
> > > >
> > > > SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/SFTA.key
> > > >
> > > > <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> > > > SSLOptions +StdEnvVars +ExportCertData
> > > > SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> > > > </Files>
> > > > <Directory "/var/www/cgi-bin">
> > > > SSLOptions +StdEnvVars +ExportCertData
> > > > SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> > > > </Directory>
> > > >
> > > > # SSL Protocol Adjustments:
> > > > # The safe and default but still SSL/TLS standard compliant shutdown
> > > > # approach is that mod_ssl sends the close notify alert but doesn't
> > wait
> > > > for
> > > > # the close notify alert from client. When you need a different
> > shutdown
> > > > # approach you can use one of the following variables:
> > > > # o ssl-unclean-shutdown:
> > > > # This forces an unclean shutdown when the connection is closed,
> > i.e.
> > > > no
> > > > # SSL close notify alert is send or allowed to received. This
> > violates
> > > > # the SSL/TLS standard but is needed for some brain-dead browsers.
> > Use
> > > > # this when you receive I/O errors because of the standard approach
> > > > where
> > > > # mod_ssl sends the close notify alert.
> > > > # o ssl-accurate-shutdown:
> > > > # This forces an accurate shutdown when the connection is closed,
> > i.e.
> > > > a
> > > > # SSL close notify alert is send and mod_ssl waits for the close
> > notify
> > > > # alert of the client. This is 100% SSL/TLS standard compliant,
> > but in
> > > > # practice often causes hanging connections with brain-dead
> > browsers.
> > > > Use
> > > > # this only for browsers where you know that their SSL
> > implementation
> > > > # works correctly.
> > > > # Notice: Most problems of broken clients are also related to the
> > HTTP
> > > > # keep-alive facility, so you usually additionally want to disable
> > > > # keep-alive for those clients, too. Use variable "nokeepalive" for
> > this.
> > > > # Similarly, one has to force some clients to use HTTP/1.0 to
> > workaround
> > > > # their broken HTTP/1.1 implementation. Use variables
> > "downgrade-1.0" and
> > > > # "force-response-1.0" for this.
> > > > SetEnvIf User-Agent ".*MSIE.*" \
> > > > nokeepalive ssl-unclean-shutdown \
> > > > downgrade-1.0 force-response-1.0
> > > >
> > > > # Per-Server Logging:
> > > > # The home of a custom SSL log file. Use this when you want a
> > > > # compact non-error SSL logfile on a virtual host basis.
> > > > CustomLog logs/ssl_request_nww.sft.nhs.uk_log \
> > > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > > >
> > > > </VirtualHost>
> > > >
> > > >
> > > > #Disable Apache supporting HTTP TRACE
> > > > RewriteEngine On
> > > > RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
> > > > RewriteCond %{REQUEST_METHOD} ^TRACK
> > > > RewriteRule .* - [F]
> > > >
> > > > # Remove multiple slashes anywhere in URL
> > > > RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
> > > > RewriteRule . %1/%2 [R=301,L]
> > > >
> > > > #The TraceEnable command isn't available on this version of apache
> > > > #TraceEnable Off
> > > >
> > > >
> > > >
> > > > Mod_jk.conf
> > > >
> > > > JkWorkersFile /etc/httpd/conf/workers.properties
> > > > JkLogFile /var/log/httpd/mod_jk.log
> > > > JkLogLevel error
> > > >
> > > >
> > > > JkExtractSSL On
> > > >
> > > > JkHTTPSIndicator HTTPS
> > > >
> > > > JkSESSIONIndicator SSL_SESSION_ID
> > > >
> > > > JkCIPHERIndicator SSL_CIPHER
> > > >
> > > > Alias /sft "/var/webapps/sft"
> > > > <Directory "/var/webapps/sft">
> > > > Options Indexes FollowSymLinks
> > > > </Directory>
> > > >
> > > >
> > > > JkMount /sft/* loadbalancer
> > > >
> > > >
> > > > JkUnMount /*.html loadbalancer
> > > >
> > > >
> > > > <Location "/sft/WEB-INF/">
> > > > AllowOverride None
> > > > deny from all
> > > > </Location>
> > > >
> > > > My workers.properties file:
> > > >
> > > >
> > > >
> > > > workers.apache_log=/var/log/httpd/
> > > >
> > > >
> > > > workers.tomcat_home=/var/tomcat
> > > >
> > > > workers.java_home=/usr/java/latest
> > > >
> > > >
> > > > ps=/
> > > >
> > > >
> > > > worker.list=softcat1, loadbalancer
> > > >
> > > > worker.softcat1.port=8009
> > > > worker.softcat1.host=localhost
> > > > worker.softcat1.type=ajp13
> > > > worker.softcat1.lbfactor=100
> > > >
> > > >
> > > > worker.loadbalancer.type=lb
> > > > worker.loadbalancer.balanced_workers=softcat1
> > > >
> > > > If anyone has any ideas about what is wrong in the config I would be
> > very
> > > > grateful as I have spent hours trying to get this to work to no avail.
> > > >
> > > > Thanks
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> >
RE: Mod_jk returning source code of jsp files
Posted by Igor Cicimov <ic...@gmail.com>.
Well you need to have JkMount command inside the virtual host so its up to
you how to do it.
On Apr 23, 2012 10:53 PM, "ironclaw hand" <ir...@hotmail.com> wrote:
>
>
> Ok I tried that but apache wont start now. It gives the following error:
>
> AH00526: Syntax error on line 1 of /etc/httpd/conf/mod_jk.conf:
> JkWorkersFile cannot occur within <VirtualHost> section
> [FAILED]
>
>
> > Date: Mon, 23 Apr 2012 22:36:35 +1000
> > Subject: Re: Mod_jk returning source code of jsp files
> > From: icicimov@gmail.com
> > To: users@tomcat.apache.org
> >
> > Put this line
> >
> > Include /etc/httpd/conf/mod_jk.conf
> >
> > inside virtual host.
> > On Apr 23, 2012 9:12 PM, "ironclaw hand" <ir...@hotmail.com>
> wrote:
> >
> > >
> > >
> > > Hi,
> > >
> > > I am attempting to set up apache and tomcat together for the first
> time on
> > > a new machine using some existing configuration files. I am not sure
> what
> > > is happening but it looks like apache is just serving up all files so
> when
> > > i acccess a jsp file I get the source as if tomcat never executed it.
> > >
> > > I have installed the following versions of software:
> > >
> > > httpd 2.4.2
> > > Tomcat connectors 1.2.35
> > > Tomcat 7.0.27
> > >
> > > Below are the mod_jk config (workers.properties and mod_jk.conf) files
> I
> > > am currently trying to get working if there is anything else that is
> needed
> > > then I can include this. My worker softcat1 is defined in my
> server.xml for
> > > tomcat.
> > >
> > > Tomcat works on its own if I access it directly and it does run the jsp
> > > files ok, it just seems to be when I try via apache.
> > >
> > > I have included my httpd.conf in case it is needed:
> > >
> > >
> > > ServerTokens Prod
> > >
> > >
> > > ServerRoot "/etc/httpd"
> > >
> > > PidFile run/httpd.pid
> > >
> > >
> > > Timeout 120
> > >
> > >
> > > KeepAlive Off
> > >
> > > MaxKeepAliveRequests 100
> > >
> > >
> > > KeepAliveTimeout 15
> > >
> > >
> > > <IfModule prefork.c>
> > > StartServers 8
> > > MinSpareServers 5
> > > MaxSpareServers 20
> > > ServerLimit 1024
> > > #ServerLimit 50
> > > MaxClients 1024
> > > #MaxClients 50
> > > MaxRequestsPerChild 4000
> > > </IfModule>
> > >
> > >
> > > <IfModule worker.c>
> > > StartServers 2
> > > MaxClients 150
> > > MinSpareThreads 25
> > > MaxSpareThreads 75
> > > ThreadsPerChild 25
> > > MaxRequestsPerChild 0
> > > </IfModule>
> > >
> > >
> > > LoadModule access_compat_module modules/mod_access_compat.so
> > > LoadModule authz_core_module modules/mod_authz_core.so
> > > LoadModule authz_host_module modules/mod_authz_host.so
> > > LoadModule auth_basic_module modules/mod_auth_basic.so
> > > LoadModule authn_file_module modules/mod_authn_file.so
> > > LoadModule authn_anon_module modules/mod_authn_anon.so
> > > LoadModule authn_dbm_module modules/mod_authn_dbm.so
> > > LoadModule auth_digest_module modules/mod_auth_digest.so
> > > LoadModule ldap_module modules/mod_ldap.so
> > > LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
> > > LoadModule include_module modules/mod_include.so
> > > LoadModule log_config_module modules/mod_log_config.so
> > > LoadModule env_module modules/mod_env.so
> > > LoadModule mime_magic_module modules/mod_mime_magic.so
> > > LoadModule cern_meta_module modules/mod_cern_meta.so
> > > LoadModule expires_module modules/mod_expires.so
> > > LoadModule deflate_module modules/mod_deflate.so
> > > LoadModule headers_module modules/mod_headers.so
> > > LoadModule usertrack_module modules/mod_usertrack.so
> > > LoadModule setenvif_module modules/mod_setenvif.so
> > > LoadModule mime_module modules/mod_mime.so
> > > LoadModule dav_module modules/mod_dav.so
> > > LoadModule status_module modules/mod_status.so
> > > LoadModule autoindex_module modules/mod_autoindex.so
> > > LoadModule asis_module modules/mod_asis.so
> > > LoadModule info_module modules/mod_info.so
> > > LoadModule dav_fs_module modules/mod_dav_fs.so
> > > LoadModule vhost_alias_module modules/mod_vhost_alias.so
> > > LoadModule negotiation_module modules/mod_negotiation.so
> > > LoadModule dir_module modules/mod_dir.so
> > > LoadModule imagemap_module modules/mod_imagemap.so
> > > LoadModule actions_module modules/mod_actions.so
> > > LoadModule speling_module modules/mod_speling.so
> > > LoadModule userdir_module modules/mod_userdir.so
> > > LoadModule alias_module modules/mod_alias.so
> > > LoadModule rewrite_module modules/mod_rewrite.so
> > > LoadModule proxy_module modules/mod_proxy.so
> > > LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
> > > LoadModule proxy_http_module modules/mod_proxy_http.so
> > > LoadModule proxy_connect_module modules/mod_proxy_connect.so
> > > LoadModule cache_module modules/mod_cache.so
> > > LoadModule suexec_module modules/mod_suexec.so
> > > #LoadModule disk_cache_module modules/mod_disk_cache.so
> > > LoadModule file_cache_module modules/mod_file_cache.so
> > > #LoadModule mem_cache_module modules/mod_mem_cache.so
> > > LoadModule cgi_module modules/mod_cgi.so
> > > LoadModule version_module modules/mod_version.so
> > > LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
> > > LoadModule unixd_module modules/mod_unixd.so
> > >
> > >
> > > Include conf.d/*.conf
> > >
> > > User apache
> > > Group apache
> > >
> > >
> > > ServerAdmin root@localhost
> > >
> > >
> > > UseCanonicalName Off
> > >
> > > DocumentRoot "/var/webapps"
> > >
> > >
> > > <Directory />
> > > Options FollowSymLinks
> > > AllowOverride None
> > > </Directory>
> > >
> > >
> > > <Directory "/var/webapps">
> > >
> > >
> > > Options Indexes FollowSymLinks
> > >
> > > AllowOverride None
> > >
> > > Order allow,deny
> > > Allow from all
> > >
> > > </Directory>
> > >
> > >
> > > <IfModule mod_userdir.c>
> > >
> > > UserDir disable
> > >
> > >
> > >
> > > </IfModule>
> > >
> > >
> > > DirectoryIndex index.html index.html.var
> > >
> > >
> > > AccessFileName .htaccess
> > >
> > > <Files ~ "^\.ht">
> > > Order allow,deny
> > > Deny from all
> > > </Files>
> > >
> > >
> > > TypesConfig /etc/mime.types
> > >
> > > DefaultType text/plain
> > >
> > >
> > > <IfModule mod_mime_magic.c>
> > > # MIMEMagicFile /usr/share/magic.mime
> > > MIMEMagicFile conf/magic
> > > </IfModule>
> > >
> > >
> > > HostnameLookups Off
> > >
> > >
> > > ErrorLog logs/error_log
> > >
> > >
> > > LogLevel warn
> > >
> > >
> > > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\""
> > > combined
> > > LogFormat "%h %l %u %t \"%r\" %>s %b" common
> > > LogFormat "%{Referer}i -> %U" referer
> > > LogFormat "%{User-agent}i" agent
> > >
> > >
> > > CustomLog logs/access_log combined
> > >
> > >
> > > ServerSignature Off
> > >
> > >
> > > Alias /icons/ "/var/www/icons/"
> > >
> > > <Directory "/var/www/icons">
> > > Options Indexes MultiViews
> > > AllowOverride None
> > > Order allow,deny
> > > Allow from all
> > > </Directory>
> > >
> > >
> > > <IfModule mod_dav_fs.c>
> > > # Location of the WebDAV lock database.
> > > DAVLockDB /var/lib/dav/lockdb
> > > </IfModule>
> > >
> > >
> > > ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
> > >
> > >
> > > <Directory "/var/www/cgi-bin">
> > > AllowOverride None
> > > Options None
> > > Order allow,deny
> > > Allow from all
> > > </Directory>
> > >
> > >
> > > IndexOptions FancyIndexing VersionSort NameWidth=*
> > >
> > >
> > > AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
> > >
> > > AddIconByType (TXT,/icons/text.gif) text/*
> > > AddIconByType (IMG,/icons/image2.gif) image/*
> > > AddIconByType (SND,/icons/sound2.gif) audio/*
> > > AddIconByType (VID,/icons/movie.gif) video/*
> > >
> > > AddIcon /icons/binary.gif .bin .exe
> > > AddIcon /icons/binhex.gif .hqx
> > > AddIcon /icons/tar.gif .tar
> > > AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
> > > AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
> > > AddIcon /icons/a.gif .ps .ai .eps
> > > AddIcon /icons/layout.gif .html .shtml .htm .pdf
> > > AddIcon /icons/text.gif .txt
> > > AddIcon /icons/c.gif .c
> > > AddIcon /icons/p.gif .pl .py
> > > AddIcon /icons/f.gif .for
> > > AddIcon /icons/dvi.gif .dvi
> > > AddIcon /icons/uuencoded.gif .uu
> > > AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
> > > AddIcon /icons/tex.gif .tex
> > > AddIcon /icons/bomb.gif core
> > >
> > > AddIcon /icons/back.gif ..
> > > AddIcon /icons/hand.right.gif README
> > > AddIcon /icons/folder.gif ^^DIRECTORY^^
> > > AddIcon /icons/blank.gif ^^BLANKICON^^
> > >
> > >
> > > DefaultIcon /icons/unknown.gif
> > >
> > >
> > > ReadmeName README.html
> > > HeaderName HEADER.html
> > >
> > >
> > > IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
> > >
> > >
> > > AddLanguage ca .ca
> > > AddLanguage cs .cz .cs
> > > AddLanguage da .dk
> > > AddLanguage de .de
> > > AddLanguage el .el
> > > AddLanguage en .en
> > > AddLanguage eo .eo
> > > AddLanguage es .es
> > > AddLanguage et .et
> > > AddLanguage fr .fr
> > > AddLanguage he .he
> > > AddLanguage hr .hr
> > > AddLanguage it .it
> > > AddLanguage ja .ja
> > > AddLanguage ko .ko
> > > AddLanguage ltz .ltz
> > > AddLanguage nl .nl
> > > AddLanguage nn .nn
> > > AddLanguage no .no
> > > AddLanguage pl .po
> > > AddLanguage pt .pt
> > > AddLanguage pt-BR .pt-br
> > > AddLanguage ru .ru
> > > AddLanguage sv .sv
> > > AddLanguage zh-CN .zh-cn
> > > AddLanguage zh-TW .zh-tw
> > >
> > >
> > > LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl
> nn no
> > > pl pt pt-BR ru sv zh-CN zh-TW
> > >
> > >
> > > ForceLanguagePriority Prefer Fallback
> > >
> > >
> > > AddDefaultCharset UTF-8
> > >
> > >
> > > AddCharset ISO-8859-1 .iso8859-1 .latin1
> > > AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
> > > AddCharset ISO-8859-3 .iso8859-3 .latin3
> > > AddCharset ISO-8859-4 .iso8859-4 .latin4
> > > AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
> > > AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
> > > AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
> > > AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
> > > AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
> > > AddCharset ISO-2022-JP .iso2022-jp .jis
> > > AddCharset ISO-2022-KR .iso2022-kr .kis
> > > AddCharset ISO-2022-CN .iso2022-cn .cis
> > > AddCharset Big5 .Big5 .big5
> > > # For russian, more than one charset is used (depends on client,
> mostly):
> > > AddCharset WINDOWS-1251 .cp-1251 .win-1251
> > > AddCharset CP866 .cp866
> > > AddCharset KOI8-r .koi8-r .koi8-ru
> > > AddCharset KOI8-ru .koi8-uk .ua
> > > AddCharset ISO-10646-UCS-2 .ucs2
> > > AddCharset ISO-10646-UCS-4 .ucs4
> > > AddCharset UTF-8 .utf8
> > >
> > >
> > > AddCharset GB2312 .gb2312 .gb
> > > AddCharset utf-7 .utf7
> > > AddCharset utf-8 .utf8
> > > AddCharset big5 .big5 .b5
> > > AddCharset EUC-TW .euc-tw
> > > AddCharset EUC-JP .euc-jp
> > > AddCharset EUC-KR .euc-kr
> > > AddCharset shift_jis .sjis
> > >
> > >
> > > AddType application/x-compress .Z
> > > AddType application/x-gzip .gz .tgz
> > >
> > >
> > > AddHandler imap-file map
> > >
> > >
> > > AddHandler type-map var
> > >
> > >
> > > AddType text/html .shtml
> > > AddOutputFilter INCLUDES .shtml
> > >
> > >
> > >
> > > Alias /error/ "/var/www/error/"
> > >
> > > <IfModule mod_negotiation.c>
> > > <IfModule mod_include.c>
> > > <Directory "/var/www/error">
> > > AllowOverride None
> > > Options IncludesNoExec
> > > AddOutputFilter Includes html
> > > AddHandler type-map var
> > > Order allow,deny
> > > Allow from all
> > > LanguagePriority en es de fr
> > > ForceLanguagePriority Prefer Fallback
> > > </Directory>
> > >
> > >
> > > </IfModule>
> > > </IfModule>
> > >
> > >
> > > BrowserMatch "Mozilla/2" nokeepalive
> > > BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
> force-response-1.0
> > > BrowserMatch "RealPlayer 4\.0" force-response-1.0
> > > BrowserMatch "Java/1\.0" force-response-1.0
> > > BrowserMatch "JDK/1\.0" force-response-1.0
> > >
> > >
> > > BrowserMatch "Microsoft Data Access Internet Publishing Provider"
> > > redirect-carefully
> > > BrowserMatch "^WebDrive" redirect-carefully
> > > BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
> > > BrowserMatch "^gnome-vfs" redirect-carefully
> > >
> > >
> > >
> > > LoadModule jk_module modules/mod_jk.so
> > > Include /etc/httpd/conf/mod_jk.conf
> > >
> > >
> > > NameVirtualHost sfta.npfit.nhs.uk:443
> > >
> > > <VirtualHost 192.168.25.178:443>
> > >
> > > RewriteEngine On
> > > RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
> > > RewriteCond %{REQUEST_METHOD} ^TRACK
> > > RewriteRule .* - [F]
> > >
> > >
> > > RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
> > > RewriteRule . %1/%2 [R=301,L]
> > >
> > > SSLEngine on
> > >
> > >
> > > ServerName sfta.x.x.x
> > >
> > > DocumentRoot "/var/webapps/"
> > >
> > > ErrorLog logs/error_sft_log
> > > CustomLog logs/access_sft_log combined
> > > ErrorDocument 404 /sft/error404.html
> > > ErrorDocument 503 /sft/error503.html
> > >
> > > SSLProtocol ALL -SSLv2
> > > SSLCipherSuite HIGH:MEDIUM
> > >
> > >
> > > SSLCertificateFile /etc/httpd/conf/ssl.crt/SFTA.crt
> > >
> > > SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/SFTA.key
> > >
> > > <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> > > SSLOptions +StdEnvVars +ExportCertData
> > > SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> > > </Files>
> > > <Directory "/var/www/cgi-bin">
> > > SSLOptions +StdEnvVars +ExportCertData
> > > SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> > > </Directory>
> > >
> > > # SSL Protocol Adjustments:
> > > # The safe and default but still SSL/TLS standard compliant shutdown
> > > # approach is that mod_ssl sends the close notify alert but doesn't
> wait
> > > for
> > > # the close notify alert from client. When you need a different
> shutdown
> > > # approach you can use one of the following variables:
> > > # o ssl-unclean-shutdown:
> > > # This forces an unclean shutdown when the connection is closed,
> i.e.
> > > no
> > > # SSL close notify alert is send or allowed to received. This
> violates
> > > # the SSL/TLS standard but is needed for some brain-dead browsers.
> Use
> > > # this when you receive I/O errors because of the standard approach
> > > where
> > > # mod_ssl sends the close notify alert.
> > > # o ssl-accurate-shutdown:
> > > # This forces an accurate shutdown when the connection is closed,
> i.e.
> > > a
> > > # SSL close notify alert is send and mod_ssl waits for the close
> notify
> > > # alert of the client. This is 100% SSL/TLS standard compliant,
> but in
> > > # practice often causes hanging connections with brain-dead
> browsers.
> > > Use
> > > # this only for browsers where you know that their SSL
> implementation
> > > # works correctly.
> > > # Notice: Most problems of broken clients are also related to the
> HTTP
> > > # keep-alive facility, so you usually additionally want to disable
> > > # keep-alive for those clients, too. Use variable "nokeepalive" for
> this.
> > > # Similarly, one has to force some clients to use HTTP/1.0 to
> workaround
> > > # their broken HTTP/1.1 implementation. Use variables
> "downgrade-1.0" and
> > > # "force-response-1.0" for this.
> > > SetEnvIf User-Agent ".*MSIE.*" \
> > > nokeepalive ssl-unclean-shutdown \
> > > downgrade-1.0 force-response-1.0
> > >
> > > # Per-Server Logging:
> > > # The home of a custom SSL log file. Use this when you want a
> > > # compact non-error SSL logfile on a virtual host basis.
> > > CustomLog logs/ssl_request_nww.sft.nhs.uk_log \
> > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > >
> > > </VirtualHost>
> > >
> > >
> > > #Disable Apache supporting HTTP TRACE
> > > RewriteEngine On
> > > RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
> > > RewriteCond %{REQUEST_METHOD} ^TRACK
> > > RewriteRule .* - [F]
> > >
> > > # Remove multiple slashes anywhere in URL
> > > RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
> > > RewriteRule . %1/%2 [R=301,L]
> > >
> > > #The TraceEnable command isn't available on this version of apache
> > > #TraceEnable Off
> > >
> > >
> > >
> > > Mod_jk.conf
> > >
> > > JkWorkersFile /etc/httpd/conf/workers.properties
> > > JkLogFile /var/log/httpd/mod_jk.log
> > > JkLogLevel error
> > >
> > >
> > > JkExtractSSL On
> > >
> > > JkHTTPSIndicator HTTPS
> > >
> > > JkSESSIONIndicator SSL_SESSION_ID
> > >
> > > JkCIPHERIndicator SSL_CIPHER
> > >
> > > Alias /sft "/var/webapps/sft"
> > > <Directory "/var/webapps/sft">
> > > Options Indexes FollowSymLinks
> > > </Directory>
> > >
> > >
> > > JkMount /sft/* loadbalancer
> > >
> > >
> > > JkUnMount /*.html loadbalancer
> > >
> > >
> > > <Location "/sft/WEB-INF/">
> > > AllowOverride None
> > > deny from all
> > > </Location>
> > >
> > > My workers.properties file:
> > >
> > >
> > >
> > > workers.apache_log=/var/log/httpd/
> > >
> > >
> > > workers.tomcat_home=/var/tomcat
> > >
> > > workers.java_home=/usr/java/latest
> > >
> > >
> > > ps=/
> > >
> > >
> > > worker.list=softcat1, loadbalancer
> > >
> > > worker.softcat1.port=8009
> > > worker.softcat1.host=localhost
> > > worker.softcat1.type=ajp13
> > > worker.softcat1.lbfactor=100
> > >
> > >
> > > worker.loadbalancer.type=lb
> > > worker.loadbalancer.balanced_workers=softcat1
> > >
> > > If anyone has any ideas about what is wrong in the config I would be
> very
> > > grateful as I have spent hours trying to get this to work to no avail.
> > >
> > > Thanks
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
>
RE: Mod_jk returning source code of jsp files
Posted by ironclaw hand <ir...@hotmail.com>.
Ok I tried that but apache wont start now. It gives the following error:
AH00526: Syntax error on line 1 of /etc/httpd/conf/mod_jk.conf:
JkWorkersFile cannot occur within <VirtualHost> section
[FAILED]
> Date: Mon, 23 Apr 2012 22:36:35 +1000
> Subject: Re: Mod_jk returning source code of jsp files
> From: icicimov@gmail.com
> To: users@tomcat.apache.org
>
> Put this line
>
> Include /etc/httpd/conf/mod_jk.conf
>
> inside virtual host.
> On Apr 23, 2012 9:12 PM, "ironclaw hand" <ir...@hotmail.com> wrote:
>
> >
> >
> > Hi,
> >
> > I am attempting to set up apache and tomcat together for the first time on
> > a new machine using some existing configuration files. I am not sure what
> > is happening but it looks like apache is just serving up all files so when
> > i acccess a jsp file I get the source as if tomcat never executed it.
> >
> > I have installed the following versions of software:
> >
> > httpd 2.4.2
> > Tomcat connectors 1.2.35
> > Tomcat 7.0.27
> >
> > Below are the mod_jk config (workers.properties and mod_jk.conf) files I
> > am currently trying to get working if there is anything else that is needed
> > then I can include this. My worker softcat1 is defined in my server.xml for
> > tomcat.
> >
> > Tomcat works on its own if I access it directly and it does run the jsp
> > files ok, it just seems to be when I try via apache.
> >
> > I have included my httpd.conf in case it is needed:
> >
> >
> > ServerTokens Prod
> >
> >
> > ServerRoot "/etc/httpd"
> >
> > PidFile run/httpd.pid
> >
> >
> > Timeout 120
> >
> >
> > KeepAlive Off
> >
> > MaxKeepAliveRequests 100
> >
> >
> > KeepAliveTimeout 15
> >
> >
> > <IfModule prefork.c>
> > StartServers 8
> > MinSpareServers 5
> > MaxSpareServers 20
> > ServerLimit 1024
> > #ServerLimit 50
> > MaxClients 1024
> > #MaxClients 50
> > MaxRequestsPerChild 4000
> > </IfModule>
> >
> >
> > <IfModule worker.c>
> > StartServers 2
> > MaxClients 150
> > MinSpareThreads 25
> > MaxSpareThreads 75
> > ThreadsPerChild 25
> > MaxRequestsPerChild 0
> > </IfModule>
> >
> >
> > LoadModule access_compat_module modules/mod_access_compat.so
> > LoadModule authz_core_module modules/mod_authz_core.so
> > LoadModule authz_host_module modules/mod_authz_host.so
> > LoadModule auth_basic_module modules/mod_auth_basic.so
> > LoadModule authn_file_module modules/mod_authn_file.so
> > LoadModule authn_anon_module modules/mod_authn_anon.so
> > LoadModule authn_dbm_module modules/mod_authn_dbm.so
> > LoadModule auth_digest_module modules/mod_auth_digest.so
> > LoadModule ldap_module modules/mod_ldap.so
> > LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
> > LoadModule include_module modules/mod_include.so
> > LoadModule log_config_module modules/mod_log_config.so
> > LoadModule env_module modules/mod_env.so
> > LoadModule mime_magic_module modules/mod_mime_magic.so
> > LoadModule cern_meta_module modules/mod_cern_meta.so
> > LoadModule expires_module modules/mod_expires.so
> > LoadModule deflate_module modules/mod_deflate.so
> > LoadModule headers_module modules/mod_headers.so
> > LoadModule usertrack_module modules/mod_usertrack.so
> > LoadModule setenvif_module modules/mod_setenvif.so
> > LoadModule mime_module modules/mod_mime.so
> > LoadModule dav_module modules/mod_dav.so
> > LoadModule status_module modules/mod_status.so
> > LoadModule autoindex_module modules/mod_autoindex.so
> > LoadModule asis_module modules/mod_asis.so
> > LoadModule info_module modules/mod_info.so
> > LoadModule dav_fs_module modules/mod_dav_fs.so
> > LoadModule vhost_alias_module modules/mod_vhost_alias.so
> > LoadModule negotiation_module modules/mod_negotiation.so
> > LoadModule dir_module modules/mod_dir.so
> > LoadModule imagemap_module modules/mod_imagemap.so
> > LoadModule actions_module modules/mod_actions.so
> > LoadModule speling_module modules/mod_speling.so
> > LoadModule userdir_module modules/mod_userdir.so
> > LoadModule alias_module modules/mod_alias.so
> > LoadModule rewrite_module modules/mod_rewrite.so
> > LoadModule proxy_module modules/mod_proxy.so
> > LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
> > LoadModule proxy_http_module modules/mod_proxy_http.so
> > LoadModule proxy_connect_module modules/mod_proxy_connect.so
> > LoadModule cache_module modules/mod_cache.so
> > LoadModule suexec_module modules/mod_suexec.so
> > #LoadModule disk_cache_module modules/mod_disk_cache.so
> > LoadModule file_cache_module modules/mod_file_cache.so
> > #LoadModule mem_cache_module modules/mod_mem_cache.so
> > LoadModule cgi_module modules/mod_cgi.so
> > LoadModule version_module modules/mod_version.so
> > LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
> > LoadModule unixd_module modules/mod_unixd.so
> >
> >
> > Include conf.d/*.conf
> >
> > User apache
> > Group apache
> >
> >
> > ServerAdmin root@localhost
> >
> >
> > UseCanonicalName Off
> >
> > DocumentRoot "/var/webapps"
> >
> >
> > <Directory />
> > Options FollowSymLinks
> > AllowOverride None
> > </Directory>
> >
> >
> > <Directory "/var/webapps">
> >
> >
> > Options Indexes FollowSymLinks
> >
> > AllowOverride None
> >
> > Order allow,deny
> > Allow from all
> >
> > </Directory>
> >
> >
> > <IfModule mod_userdir.c>
> >
> > UserDir disable
> >
> >
> >
> > </IfModule>
> >
> >
> > DirectoryIndex index.html index.html.var
> >
> >
> > AccessFileName .htaccess
> >
> > <Files ~ "^\.ht">
> > Order allow,deny
> > Deny from all
> > </Files>
> >
> >
> > TypesConfig /etc/mime.types
> >
> > DefaultType text/plain
> >
> >
> > <IfModule mod_mime_magic.c>
> > # MIMEMagicFile /usr/share/magic.mime
> > MIMEMagicFile conf/magic
> > </IfModule>
> >
> >
> > HostnameLookups Off
> >
> >
> > ErrorLog logs/error_log
> >
> >
> > LogLevel warn
> >
> >
> > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
> > combined
> > LogFormat "%h %l %u %t \"%r\" %>s %b" common
> > LogFormat "%{Referer}i -> %U" referer
> > LogFormat "%{User-agent}i" agent
> >
> >
> > CustomLog logs/access_log combined
> >
> >
> > ServerSignature Off
> >
> >
> > Alias /icons/ "/var/www/icons/"
> >
> > <Directory "/var/www/icons">
> > Options Indexes MultiViews
> > AllowOverride None
> > Order allow,deny
> > Allow from all
> > </Directory>
> >
> >
> > <IfModule mod_dav_fs.c>
> > # Location of the WebDAV lock database.
> > DAVLockDB /var/lib/dav/lockdb
> > </IfModule>
> >
> >
> > ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
> >
> >
> > <Directory "/var/www/cgi-bin">
> > AllowOverride None
> > Options None
> > Order allow,deny
> > Allow from all
> > </Directory>
> >
> >
> > IndexOptions FancyIndexing VersionSort NameWidth=*
> >
> >
> > AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
> >
> > AddIconByType (TXT,/icons/text.gif) text/*
> > AddIconByType (IMG,/icons/image2.gif) image/*
> > AddIconByType (SND,/icons/sound2.gif) audio/*
> > AddIconByType (VID,/icons/movie.gif) video/*
> >
> > AddIcon /icons/binary.gif .bin .exe
> > AddIcon /icons/binhex.gif .hqx
> > AddIcon /icons/tar.gif .tar
> > AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
> > AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
> > AddIcon /icons/a.gif .ps .ai .eps
> > AddIcon /icons/layout.gif .html .shtml .htm .pdf
> > AddIcon /icons/text.gif .txt
> > AddIcon /icons/c.gif .c
> > AddIcon /icons/p.gif .pl .py
> > AddIcon /icons/f.gif .for
> > AddIcon /icons/dvi.gif .dvi
> > AddIcon /icons/uuencoded.gif .uu
> > AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
> > AddIcon /icons/tex.gif .tex
> > AddIcon /icons/bomb.gif core
> >
> > AddIcon /icons/back.gif ..
> > AddIcon /icons/hand.right.gif README
> > AddIcon /icons/folder.gif ^^DIRECTORY^^
> > AddIcon /icons/blank.gif ^^BLANKICON^^
> >
> >
> > DefaultIcon /icons/unknown.gif
> >
> >
> > ReadmeName README.html
> > HeaderName HEADER.html
> >
> >
> > IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
> >
> >
> > AddLanguage ca .ca
> > AddLanguage cs .cz .cs
> > AddLanguage da .dk
> > AddLanguage de .de
> > AddLanguage el .el
> > AddLanguage en .en
> > AddLanguage eo .eo
> > AddLanguage es .es
> > AddLanguage et .et
> > AddLanguage fr .fr
> > AddLanguage he .he
> > AddLanguage hr .hr
> > AddLanguage it .it
> > AddLanguage ja .ja
> > AddLanguage ko .ko
> > AddLanguage ltz .ltz
> > AddLanguage nl .nl
> > AddLanguage nn .nn
> > AddLanguage no .no
> > AddLanguage pl .po
> > AddLanguage pt .pt
> > AddLanguage pt-BR .pt-br
> > AddLanguage ru .ru
> > AddLanguage sv .sv
> > AddLanguage zh-CN .zh-cn
> > AddLanguage zh-TW .zh-tw
> >
> >
> > LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no
> > pl pt pt-BR ru sv zh-CN zh-TW
> >
> >
> > ForceLanguagePriority Prefer Fallback
> >
> >
> > AddDefaultCharset UTF-8
> >
> >
> > AddCharset ISO-8859-1 .iso8859-1 .latin1
> > AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
> > AddCharset ISO-8859-3 .iso8859-3 .latin3
> > AddCharset ISO-8859-4 .iso8859-4 .latin4
> > AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
> > AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
> > AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
> > AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
> > AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
> > AddCharset ISO-2022-JP .iso2022-jp .jis
> > AddCharset ISO-2022-KR .iso2022-kr .kis
> > AddCharset ISO-2022-CN .iso2022-cn .cis
> > AddCharset Big5 .Big5 .big5
> > # For russian, more than one charset is used (depends on client, mostly):
> > AddCharset WINDOWS-1251 .cp-1251 .win-1251
> > AddCharset CP866 .cp866
> > AddCharset KOI8-r .koi8-r .koi8-ru
> > AddCharset KOI8-ru .koi8-uk .ua
> > AddCharset ISO-10646-UCS-2 .ucs2
> > AddCharset ISO-10646-UCS-4 .ucs4
> > AddCharset UTF-8 .utf8
> >
> >
> > AddCharset GB2312 .gb2312 .gb
> > AddCharset utf-7 .utf7
> > AddCharset utf-8 .utf8
> > AddCharset big5 .big5 .b5
> > AddCharset EUC-TW .euc-tw
> > AddCharset EUC-JP .euc-jp
> > AddCharset EUC-KR .euc-kr
> > AddCharset shift_jis .sjis
> >
> >
> > AddType application/x-compress .Z
> > AddType application/x-gzip .gz .tgz
> >
> >
> > AddHandler imap-file map
> >
> >
> > AddHandler type-map var
> >
> >
> > AddType text/html .shtml
> > AddOutputFilter INCLUDES .shtml
> >
> >
> >
> > Alias /error/ "/var/www/error/"
> >
> > <IfModule mod_negotiation.c>
> > <IfModule mod_include.c>
> > <Directory "/var/www/error">
> > AllowOverride None
> > Options IncludesNoExec
> > AddOutputFilter Includes html
> > AddHandler type-map var
> > Order allow,deny
> > Allow from all
> > LanguagePriority en es de fr
> > ForceLanguagePriority Prefer Fallback
> > </Directory>
> >
> >
> > </IfModule>
> > </IfModule>
> >
> >
> > BrowserMatch "Mozilla/2" nokeepalive
> > BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
> > BrowserMatch "RealPlayer 4\.0" force-response-1.0
> > BrowserMatch "Java/1\.0" force-response-1.0
> > BrowserMatch "JDK/1\.0" force-response-1.0
> >
> >
> > BrowserMatch "Microsoft Data Access Internet Publishing Provider"
> > redirect-carefully
> > BrowserMatch "^WebDrive" redirect-carefully
> > BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
> > BrowserMatch "^gnome-vfs" redirect-carefully
> >
> >
> >
> > LoadModule jk_module modules/mod_jk.so
> > Include /etc/httpd/conf/mod_jk.conf
> >
> >
> > NameVirtualHost sfta.npfit.nhs.uk:443
> >
> > <VirtualHost 192.168.25.178:443>
> >
> > RewriteEngine On
> > RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
> > RewriteCond %{REQUEST_METHOD} ^TRACK
> > RewriteRule .* - [F]
> >
> >
> > RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
> > RewriteRule . %1/%2 [R=301,L]
> >
> > SSLEngine on
> >
> >
> > ServerName sfta.x.x.x
> >
> > DocumentRoot "/var/webapps/"
> >
> > ErrorLog logs/error_sft_log
> > CustomLog logs/access_sft_log combined
> > ErrorDocument 404 /sft/error404.html
> > ErrorDocument 503 /sft/error503.html
> >
> > SSLProtocol ALL -SSLv2
> > SSLCipherSuite HIGH:MEDIUM
> >
> >
> > SSLCertificateFile /etc/httpd/conf/ssl.crt/SFTA.crt
> >
> > SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/SFTA.key
> >
> > <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> > SSLOptions +StdEnvVars +ExportCertData
> > SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> > </Files>
> > <Directory "/var/www/cgi-bin">
> > SSLOptions +StdEnvVars +ExportCertData
> > SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> > </Directory>
> >
> > # SSL Protocol Adjustments:
> > # The safe and default but still SSL/TLS standard compliant shutdown
> > # approach is that mod_ssl sends the close notify alert but doesn't wait
> > for
> > # the close notify alert from client. When you need a different shutdown
> > # approach you can use one of the following variables:
> > # o ssl-unclean-shutdown:
> > # This forces an unclean shutdown when the connection is closed, i.e.
> > no
> > # SSL close notify alert is send or allowed to received. This violates
> > # the SSL/TLS standard but is needed for some brain-dead browsers. Use
> > # this when you receive I/O errors because of the standard approach
> > where
> > # mod_ssl sends the close notify alert.
> > # o ssl-accurate-shutdown:
> > # This forces an accurate shutdown when the connection is closed, i.e.
> > a
> > # SSL close notify alert is send and mod_ssl waits for the close notify
> > # alert of the client. This is 100% SSL/TLS standard compliant, but in
> > # practice often causes hanging connections with brain-dead browsers.
> > Use
> > # this only for browsers where you know that their SSL implementation
> > # works correctly.
> > # Notice: Most problems of broken clients are also related to the HTTP
> > # keep-alive facility, so you usually additionally want to disable
> > # keep-alive for those clients, too. Use variable "nokeepalive" for this.
> > # Similarly, one has to force some clients to use HTTP/1.0 to workaround
> > # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
> > # "force-response-1.0" for this.
> > SetEnvIf User-Agent ".*MSIE.*" \
> > nokeepalive ssl-unclean-shutdown \
> > downgrade-1.0 force-response-1.0
> >
> > # Per-Server Logging:
> > # The home of a custom SSL log file. Use this when you want a
> > # compact non-error SSL logfile on a virtual host basis.
> > CustomLog logs/ssl_request_nww.sft.nhs.uk_log \
> > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> > </VirtualHost>
> >
> >
> > #Disable Apache supporting HTTP TRACE
> > RewriteEngine On
> > RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
> > RewriteCond %{REQUEST_METHOD} ^TRACK
> > RewriteRule .* - [F]
> >
> > # Remove multiple slashes anywhere in URL
> > RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
> > RewriteRule . %1/%2 [R=301,L]
> >
> > #The TraceEnable command isn't available on this version of apache
> > #TraceEnable Off
> >
> >
> >
> > Mod_jk.conf
> >
> > JkWorkersFile /etc/httpd/conf/workers.properties
> > JkLogFile /var/log/httpd/mod_jk.log
> > JkLogLevel error
> >
> >
> > JkExtractSSL On
> >
> > JkHTTPSIndicator HTTPS
> >
> > JkSESSIONIndicator SSL_SESSION_ID
> >
> > JkCIPHERIndicator SSL_CIPHER
> >
> > Alias /sft "/var/webapps/sft"
> > <Directory "/var/webapps/sft">
> > Options Indexes FollowSymLinks
> > </Directory>
> >
> >
> > JkMount /sft/* loadbalancer
> >
> >
> > JkUnMount /*.html loadbalancer
> >
> >
> > <Location "/sft/WEB-INF/">
> > AllowOverride None
> > deny from all
> > </Location>
> >
> > My workers.properties file:
> >
> >
> >
> > workers.apache_log=/var/log/httpd/
> >
> >
> > workers.tomcat_home=/var/tomcat
> >
> > workers.java_home=/usr/java/latest
> >
> >
> > ps=/
> >
> >
> > worker.list=softcat1, loadbalancer
> >
> > worker.softcat1.port=8009
> > worker.softcat1.host=localhost
> > worker.softcat1.type=ajp13
> > worker.softcat1.lbfactor=100
> >
> >
> > worker.loadbalancer.type=lb
> > worker.loadbalancer.balanced_workers=softcat1
> >
> > If anyone has any ideas about what is wrong in the config I would be very
> > grateful as I have spent hours trying to get this to work to no avail.
> >
> > Thanks
> >
> >
> >
> >
> >
> >
> >
> >
> >
Re: Mod_jk returning source code of jsp files
Posted by Igor Cicimov <ic...@gmail.com>.
Put this line
Include /etc/httpd/conf/mod_jk.conf
inside virtual host.
On Apr 23, 2012 9:12 PM, "ironclaw hand" <ir...@hotmail.com> wrote:
>
>
> Hi,
>
> I am attempting to set up apache and tomcat together for the first time on
> a new machine using some existing configuration files. I am not sure what
> is happening but it looks like apache is just serving up all files so when
> i acccess a jsp file I get the source as if tomcat never executed it.
>
> I have installed the following versions of software:
>
> httpd 2.4.2
> Tomcat connectors 1.2.35
> Tomcat 7.0.27
>
> Below are the mod_jk config (workers.properties and mod_jk.conf) files I
> am currently trying to get working if there is anything else that is needed
> then I can include this. My worker softcat1 is defined in my server.xml for
> tomcat.
>
> Tomcat works on its own if I access it directly and it does run the jsp
> files ok, it just seems to be when I try via apache.
>
> I have included my httpd.conf in case it is needed:
>
>
> ServerTokens Prod
>
>
> ServerRoot "/etc/httpd"
>
> PidFile run/httpd.pid
>
>
> Timeout 120
>
>
> KeepAlive Off
>
> MaxKeepAliveRequests 100
>
>
> KeepAliveTimeout 15
>
>
> <IfModule prefork.c>
> StartServers 8
> MinSpareServers 5
> MaxSpareServers 20
> ServerLimit 1024
> #ServerLimit 50
> MaxClients 1024
> #MaxClients 50
> MaxRequestsPerChild 4000
> </IfModule>
>
>
> <IfModule worker.c>
> StartServers 2
> MaxClients 150
> MinSpareThreads 25
> MaxSpareThreads 75
> ThreadsPerChild 25
> MaxRequestsPerChild 0
> </IfModule>
>
>
> LoadModule access_compat_module modules/mod_access_compat.so
> LoadModule authz_core_module modules/mod_authz_core.so
> LoadModule authz_host_module modules/mod_authz_host.so
> LoadModule auth_basic_module modules/mod_auth_basic.so
> LoadModule authn_file_module modules/mod_authn_file.so
> LoadModule authn_anon_module modules/mod_authn_anon.so
> LoadModule authn_dbm_module modules/mod_authn_dbm.so
> LoadModule auth_digest_module modules/mod_auth_digest.so
> LoadModule ldap_module modules/mod_ldap.so
> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
> LoadModule include_module modules/mod_include.so
> LoadModule log_config_module modules/mod_log_config.so
> LoadModule env_module modules/mod_env.so
> LoadModule mime_magic_module modules/mod_mime_magic.so
> LoadModule cern_meta_module modules/mod_cern_meta.so
> LoadModule expires_module modules/mod_expires.so
> LoadModule deflate_module modules/mod_deflate.so
> LoadModule headers_module modules/mod_headers.so
> LoadModule usertrack_module modules/mod_usertrack.so
> LoadModule setenvif_module modules/mod_setenvif.so
> LoadModule mime_module modules/mod_mime.so
> LoadModule dav_module modules/mod_dav.so
> LoadModule status_module modules/mod_status.so
> LoadModule autoindex_module modules/mod_autoindex.so
> LoadModule asis_module modules/mod_asis.so
> LoadModule info_module modules/mod_info.so
> LoadModule dav_fs_module modules/mod_dav_fs.so
> LoadModule vhost_alias_module modules/mod_vhost_alias.so
> LoadModule negotiation_module modules/mod_negotiation.so
> LoadModule dir_module modules/mod_dir.so
> LoadModule imagemap_module modules/mod_imagemap.so
> LoadModule actions_module modules/mod_actions.so
> LoadModule speling_module modules/mod_speling.so
> LoadModule userdir_module modules/mod_userdir.so
> LoadModule alias_module modules/mod_alias.so
> LoadModule rewrite_module modules/mod_rewrite.so
> LoadModule proxy_module modules/mod_proxy.so
> LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
> LoadModule proxy_http_module modules/mod_proxy_http.so
> LoadModule proxy_connect_module modules/mod_proxy_connect.so
> LoadModule cache_module modules/mod_cache.so
> LoadModule suexec_module modules/mod_suexec.so
> #LoadModule disk_cache_module modules/mod_disk_cache.so
> LoadModule file_cache_module modules/mod_file_cache.so
> #LoadModule mem_cache_module modules/mod_mem_cache.so
> LoadModule cgi_module modules/mod_cgi.so
> LoadModule version_module modules/mod_version.so
> LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
> LoadModule unixd_module modules/mod_unixd.so
>
>
> Include conf.d/*.conf
>
> User apache
> Group apache
>
>
> ServerAdmin root@localhost
>
>
> UseCanonicalName Off
>
> DocumentRoot "/var/webapps"
>
>
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
>
>
> <Directory "/var/webapps">
>
>
> Options Indexes FollowSymLinks
>
> AllowOverride None
>
> Order allow,deny
> Allow from all
>
> </Directory>
>
>
> <IfModule mod_userdir.c>
>
> UserDir disable
>
>
>
> </IfModule>
>
>
> DirectoryIndex index.html index.html.var
>
>
> AccessFileName .htaccess
>
> <Files ~ "^\.ht">
> Order allow,deny
> Deny from all
> </Files>
>
>
> TypesConfig /etc/mime.types
>
> DefaultType text/plain
>
>
> <IfModule mod_mime_magic.c>
> # MIMEMagicFile /usr/share/magic.mime
> MIMEMagicFile conf/magic
> </IfModule>
>
>
> HostnameLookups Off
>
>
> ErrorLog logs/error_log
>
>
> LogLevel warn
>
>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
> combined
> LogFormat "%h %l %u %t \"%r\" %>s %b" common
> LogFormat "%{Referer}i -> %U" referer
> LogFormat "%{User-agent}i" agent
>
>
> CustomLog logs/access_log combined
>
>
> ServerSignature Off
>
>
> Alias /icons/ "/var/www/icons/"
>
> <Directory "/var/www/icons">
> Options Indexes MultiViews
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
>
>
> <IfModule mod_dav_fs.c>
> # Location of the WebDAV lock database.
> DAVLockDB /var/lib/dav/lockdb
> </IfModule>
>
>
> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
>
>
> <Directory "/var/www/cgi-bin">
> AllowOverride None
> Options None
> Order allow,deny
> Allow from all
> </Directory>
>
>
> IndexOptions FancyIndexing VersionSort NameWidth=*
>
>
> AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
>
> AddIconByType (TXT,/icons/text.gif) text/*
> AddIconByType (IMG,/icons/image2.gif) image/*
> AddIconByType (SND,/icons/sound2.gif) audio/*
> AddIconByType (VID,/icons/movie.gif) video/*
>
> AddIcon /icons/binary.gif .bin .exe
> AddIcon /icons/binhex.gif .hqx
> AddIcon /icons/tar.gif .tar
> AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
> AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
> AddIcon /icons/a.gif .ps .ai .eps
> AddIcon /icons/layout.gif .html .shtml .htm .pdf
> AddIcon /icons/text.gif .txt
> AddIcon /icons/c.gif .c
> AddIcon /icons/p.gif .pl .py
> AddIcon /icons/f.gif .for
> AddIcon /icons/dvi.gif .dvi
> AddIcon /icons/uuencoded.gif .uu
> AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
> AddIcon /icons/tex.gif .tex
> AddIcon /icons/bomb.gif core
>
> AddIcon /icons/back.gif ..
> AddIcon /icons/hand.right.gif README
> AddIcon /icons/folder.gif ^^DIRECTORY^^
> AddIcon /icons/blank.gif ^^BLANKICON^^
>
>
> DefaultIcon /icons/unknown.gif
>
>
> ReadmeName README.html
> HeaderName HEADER.html
>
>
> IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
>
>
> AddLanguage ca .ca
> AddLanguage cs .cz .cs
> AddLanguage da .dk
> AddLanguage de .de
> AddLanguage el .el
> AddLanguage en .en
> AddLanguage eo .eo
> AddLanguage es .es
> AddLanguage et .et
> AddLanguage fr .fr
> AddLanguage he .he
> AddLanguage hr .hr
> AddLanguage it .it
> AddLanguage ja .ja
> AddLanguage ko .ko
> AddLanguage ltz .ltz
> AddLanguage nl .nl
> AddLanguage nn .nn
> AddLanguage no .no
> AddLanguage pl .po
> AddLanguage pt .pt
> AddLanguage pt-BR .pt-br
> AddLanguage ru .ru
> AddLanguage sv .sv
> AddLanguage zh-CN .zh-cn
> AddLanguage zh-TW .zh-tw
>
>
> LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no
> pl pt pt-BR ru sv zh-CN zh-TW
>
>
> ForceLanguagePriority Prefer Fallback
>
>
> AddDefaultCharset UTF-8
>
>
> AddCharset ISO-8859-1 .iso8859-1 .latin1
> AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
> AddCharset ISO-8859-3 .iso8859-3 .latin3
> AddCharset ISO-8859-4 .iso8859-4 .latin4
> AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
> AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
> AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
> AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
> AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
> AddCharset ISO-2022-JP .iso2022-jp .jis
> AddCharset ISO-2022-KR .iso2022-kr .kis
> AddCharset ISO-2022-CN .iso2022-cn .cis
> AddCharset Big5 .Big5 .big5
> # For russian, more than one charset is used (depends on client, mostly):
> AddCharset WINDOWS-1251 .cp-1251 .win-1251
> AddCharset CP866 .cp866
> AddCharset KOI8-r .koi8-r .koi8-ru
> AddCharset KOI8-ru .koi8-uk .ua
> AddCharset ISO-10646-UCS-2 .ucs2
> AddCharset ISO-10646-UCS-4 .ucs4
> AddCharset UTF-8 .utf8
>
>
> AddCharset GB2312 .gb2312 .gb
> AddCharset utf-7 .utf7
> AddCharset utf-8 .utf8
> AddCharset big5 .big5 .b5
> AddCharset EUC-TW .euc-tw
> AddCharset EUC-JP .euc-jp
> AddCharset EUC-KR .euc-kr
> AddCharset shift_jis .sjis
>
>
> AddType application/x-compress .Z
> AddType application/x-gzip .gz .tgz
>
>
> AddHandler imap-file map
>
>
> AddHandler type-map var
>
>
> AddType text/html .shtml
> AddOutputFilter INCLUDES .shtml
>
>
>
> Alias /error/ "/var/www/error/"
>
> <IfModule mod_negotiation.c>
> <IfModule mod_include.c>
> <Directory "/var/www/error">
> AllowOverride None
> Options IncludesNoExec
> AddOutputFilter Includes html
> AddHandler type-map var
> Order allow,deny
> Allow from all
> LanguagePriority en es de fr
> ForceLanguagePriority Prefer Fallback
> </Directory>
>
>
> </IfModule>
> </IfModule>
>
>
> BrowserMatch "Mozilla/2" nokeepalive
> BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
> BrowserMatch "RealPlayer 4\.0" force-response-1.0
> BrowserMatch "Java/1\.0" force-response-1.0
> BrowserMatch "JDK/1\.0" force-response-1.0
>
>
> BrowserMatch "Microsoft Data Access Internet Publishing Provider"
> redirect-carefully
> BrowserMatch "^WebDrive" redirect-carefully
> BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
> BrowserMatch "^gnome-vfs" redirect-carefully
>
>
>
> LoadModule jk_module modules/mod_jk.so
> Include /etc/httpd/conf/mod_jk.conf
>
>
> NameVirtualHost sfta.npfit.nhs.uk:443
>
> <VirtualHost 192.168.25.178:443>
>
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
> RewriteCond %{REQUEST_METHOD} ^TRACK
> RewriteRule .* - [F]
>
>
> RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
> RewriteRule . %1/%2 [R=301,L]
>
> SSLEngine on
>
>
> ServerName sfta.x.x.x
>
> DocumentRoot "/var/webapps/"
>
> ErrorLog logs/error_sft_log
> CustomLog logs/access_sft_log combined
> ErrorDocument 404 /sft/error404.html
> ErrorDocument 503 /sft/error503.html
>
> SSLProtocol ALL -SSLv2
> SSLCipherSuite HIGH:MEDIUM
>
>
> SSLCertificateFile /etc/httpd/conf/ssl.crt/SFTA.crt
>
> SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/SFTA.key
>
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars +ExportCertData
> SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> </Files>
> <Directory "/var/www/cgi-bin">
> SSLOptions +StdEnvVars +ExportCertData
> SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> </Directory>
>
> # SSL Protocol Adjustments:
> # The safe and default but still SSL/TLS standard compliant shutdown
> # approach is that mod_ssl sends the close notify alert but doesn't wait
> for
> # the close notify alert from client. When you need a different shutdown
> # approach you can use one of the following variables:
> # o ssl-unclean-shutdown:
> # This forces an unclean shutdown when the connection is closed, i.e.
> no
> # SSL close notify alert is send or allowed to received. This violates
> # the SSL/TLS standard but is needed for some brain-dead browsers. Use
> # this when you receive I/O errors because of the standard approach
> where
> # mod_ssl sends the close notify alert.
> # o ssl-accurate-shutdown:
> # This forces an accurate shutdown when the connection is closed, i.e.
> a
> # SSL close notify alert is send and mod_ssl waits for the close notify
> # alert of the client. This is 100% SSL/TLS standard compliant, but in
> # practice often causes hanging connections with brain-dead browsers.
> Use
> # this only for browsers where you know that their SSL implementation
> # works correctly.
> # Notice: Most problems of broken clients are also related to the HTTP
> # keep-alive facility, so you usually additionally want to disable
> # keep-alive for those clients, too. Use variable "nokeepalive" for this.
> # Similarly, one has to force some clients to use HTTP/1.0 to workaround
> # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
> # "force-response-1.0" for this.
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> # Per-Server Logging:
> # The home of a custom SSL log file. Use this when you want a
> # compact non-error SSL logfile on a virtual host basis.
> CustomLog logs/ssl_request_nww.sft.nhs.uk_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> </VirtualHost>
>
>
> #Disable Apache supporting HTTP TRACE
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
> RewriteCond %{REQUEST_METHOD} ^TRACK
> RewriteRule .* - [F]
>
> # Remove multiple slashes anywhere in URL
> RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
> RewriteRule . %1/%2 [R=301,L]
>
> #The TraceEnable command isn't available on this version of apache
> #TraceEnable Off
>
>
>
> Mod_jk.conf
>
> JkWorkersFile /etc/httpd/conf/workers.properties
> JkLogFile /var/log/httpd/mod_jk.log
> JkLogLevel error
>
>
> JkExtractSSL On
>
> JkHTTPSIndicator HTTPS
>
> JkSESSIONIndicator SSL_SESSION_ID
>
> JkCIPHERIndicator SSL_CIPHER
>
> Alias /sft "/var/webapps/sft"
> <Directory "/var/webapps/sft">
> Options Indexes FollowSymLinks
> </Directory>
>
>
> JkMount /sft/* loadbalancer
>
>
> JkUnMount /*.html loadbalancer
>
>
> <Location "/sft/WEB-INF/">
> AllowOverride None
> deny from all
> </Location>
>
> My workers.properties file:
>
>
>
> workers.apache_log=/var/log/httpd/
>
>
> workers.tomcat_home=/var/tomcat
>
> workers.java_home=/usr/java/latest
>
>
> ps=/
>
>
> worker.list=softcat1, loadbalancer
>
> worker.softcat1.port=8009
> worker.softcat1.host=localhost
> worker.softcat1.type=ajp13
> worker.softcat1.lbfactor=100
>
>
> worker.loadbalancer.type=lb
> worker.loadbalancer.balanced_workers=softcat1
>
> If anyone has any ideas about what is wrong in the config I would be very
> grateful as I have spent hours trying to get this to work to no avail.
>
> Thanks
>
>
>
>
>
>
>
>
>