Few years back I was working for a project which have given me a chance to work around Apache and tomcat,there are a few reasons why we’d want to configure Tomcat to run with Apache. For me the most important is security and the fact that I’d like to run my web servers on port 80. In order to run Tomcat on port 80 it has to run as root which is not safe and absolutely not recommended. I am going to show you how to configure your Apache to run and pass connections to Tomcat.
What I normally like to do in such situation is to compile Apache instead of installing from repositories, install and configure Java and Tomcat, and then complile mod_jk to provide Tomcat/Apache connector. Basically all steps will be manual. Perhaps all this can be done using repositories too, but this way I can keep things updated as they updates come out by the developers, not when they become available in repositories.
To simplify the solution and make it a universal tutorial, I am going to refer to each product by its name. Therefore we will be renaming all extracted folders to their generic names. For instance, latest versions of Apache, Tomcat, Java and mod_jk are 2.2.11, 6.0.18, 6u11 and 1.2.27 respectively (Jan 09), but we are going to refer to them as just Apache, Tomcat, Java and mod_jk. I have actually renamed them right after they were extracted before I placed them onto their permanent directories. I am going to use /opt as my installation directory but you can place them in /opt or any other directory you wish.
Most steps are performed under a non-root account. I will let you know when to use the root account.
Installing Apache:
- Log on with your non-root account.
- Download Apache tar package from http://www.apache.org and extract. This directory will be called “apache” from this point forward.
- Change directory to apache ‘cd apache’.
- In apache directory:
./configure --prefix=/opt/apache
- make
- Change to root user: su
- make install
/opt/apache/bin/apachectl starttest installation by browsing the target address. If it’s running then stop the process:
/opt/apache/bin/apachectl stopInstall Java (I’m using jdk):
- Download Java self-extracting package from http://www.java.com. Whatever this file is, we call it java.bin.
- Make it executable:
chmod +x java.bin - Execute:
./java.bin - Once you’re done with the installation you will have a directory jre1xxxxx. We will refer to this directory as “java”.
- Become root: su (to move directory to /opt)
- Move the directory to its final resting place. Mine sits in /opt:
mv java /opt
- Download Tomcat from http://tomcat.apache.org and extract the tar ball. We will call this directory “tomcat” from now on.
- Become root: su (to move directory to /opt)
- Move this directory to /opt:
mv tomcat /opt
STOP: This is local to the user running Tomcat. Each user who’ll be running Tomcat should have a bash_profile in their own home directory.
nano ~/.bash_profile
and add the following lines:
export JRE_HOME=/opt/java export JAVA_HOME=/opt/java export CATALINA_HOME=/opt/tomcatSave and exit, then execute the following command:
source ~/.bash_profile
Now test your Tomcat: as non-root user:
/opt/tomcat/bin/startup.shbrowse to http://localhost:8080. If it’s working then shut it down:
/opt/tomcat/bin/shutdown.shInstalling connector (mod_jk):
- Download mod_jk connector from http://tomcat.apache.org/download-connectors.cgi and extract. We will call this new directory “connector”.
- Go to connector/native.
- To prepare:
./configure --with-apxs=/opt/apache/bin/apxs
- make
- Become root and:
make install - Check to see if mod_jk.so is in /opt/apache/modules. If it’s there then you’ve so far been successful.
Create a file called “connector.conf” in apache/conf directory:
vi /opt/apache/conf/connector.confand copy/paste the following lines in that file, save and exit:
workers.tomcat_home=/opt/tomcat workers.java_home=/opt/java ps=/ worker.list=myworker worker.myworker.port=8009 worker.myworker.host=localhost worker.myworker.type=ajp13 worker.myworker.lbfactor=1Add the following lines to httpd.conf:
LoadModule jk_module modules/mod_jk.so JkWorkersFile conf/connector.conf JkLogFile logs/mod_jk.log JkLogLevel error JkLogStampFormat "[%a %b %d %H:%M:%S %Y]" JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat "%w %V %T" JkMount /*.jsp myworker JkMount /* myworkerNow, start both Apache and Tomcat. You should be able to view the Tomcat default page in http://localhost AND http://localhost:8080. This means that the connector is working. To increase security disable http access to Tomcat through port 8080.
Note: Apache will automatically start after reboot, but you will have to add Tomcat to your startup script manually. Here is a startup script you can copy to your /etc/init.d and make it executable to start/stop your server. I don’t remember where I got this script from, but just so you know, it’s not mine. Good thing about this script is that even if you run this as root, it will run your Tomcat server as user specified in line 6.
Note: become root to run Apache. If you use the following script for your Tomcat, you may also run it as root. It will switch to specified user once it’s executed. I don’t use the script, however, what I do is to add it to my root crontab and have run it as non-root user. This is the command I use:
su - <username> -c /opt/tomcat/bin/startup.shHere is the script to run Tomcat (not mine, I found it in a mailing list):
#!/bin/sh
# Tomcat Startup Script
TOMCAT_OWNER=<user who will run tomcat>; export TOMCAT_OWNER
start() {
echo -n "Starting Tomcat: "
su $TOMCAT_OWNER -c $CATALINA_HOME/bin/startup.sh
sleep 2
}
stop() {
echo -n "Stopping Tomcat: "
su $TOMCAT_OWNER -c $CATALINA_HOME/bin/shutdown.sh
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage: tomcat {start|stop|restart}"
exit
esac
No comments:
Post a Comment