• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Rob Spoor
  • Henry Wong
  • Liutauras Vilda
Saloon Keepers:
  • Tim Moores
  • Carey Brown
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh
  • Jj Roberts

Apache mod_jk SSL & appBase

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm setting up mod_jk for Apache to use with Tomcat and there are two issues I've ran into.

SSL

I have SSL enabled on Apache and all traffic is going through HTTPS, including the requests forwarded to Tomcat. Does Tomcat also need to be configured for SSL in any way or does Apache handle it completely? Everything I have found doesn't say Tomcat needs any configuration but I'm getting the following error in Tomcat which could be related.



appBase/mounting

My appBase in Tomcat is the typical "path/to/webapps" and when Apache forwards a request it naturally gives it the full path. However, since I only want to forward certain URLs to Tomcat, my JkMount looks something like "JkMount /apps/* worker1". The problem is that Tomcat will be looking for the applications in "path/to/webapps/apps/" which is not the directory the applications get deployed in. Using RewriteRule to remove the "apps" from the path I assume would cause it to not be forwarded to Tomcat. I'm not sure if there are any better solutions.
 
Saloon Keeper
Posts: 23409
159
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tomcat does not work with "directories", unlike Apache. The  appBase directory contains WARs in either standard (xxx.war file) or exploded form (TOMCAT_HOME/webapps/xxx directory). By default, Tomcat will automatically explode WAR files.

Assuming that you didn't set up a custom context, the Tomcat server then deploys each WAR using its warfile/directory name. So TOMCAT_HOME/webapps/payroll will have the context path /payroll, TOMCAT_HOME/webapps/personnel will have the context path /personnel, and so forth, so that the basic URL for the payroll /index.jsp page would be http://localhost:8080/payroll/index.jsp.

When you set up mod_jk as a connection, you map an Apache VirtualHost to a Tomcat webapp context via jkmount. Disclaimer: It has been a LOOOONG time since I've used mod_jk and I don't remember all the details of setting it up, but basically I believe that you have to set up the destination webapp server address, port, and context in the worker definition file.

Actually, most of the mod_jk documentation I can find is quite old. For the most part, mod_proxy or mod_proxy_ajp are preferred these days. The main advantage of mod_jk seems to have been for load-balancing and that's not been an issue for me. The mod_proxy setup is much more straightforward.
 
Ryan Medina
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Holloway wrote:Tomcat does not work with "directories", unlike Apache. The  appBase directory contains WARs in either standard (xxx.war file) or exploded form (TOMCAT_HOME/webapps/xxx directory). By default, Tomcat will automatically explode WAR files.

Assuming that you didn't set up a custom context, the Tomcat server then deploys each WAR using its warfile/directory name. So TOMCAT_HOME/webapps/payroll will have the context path /payroll, TOMCAT_HOME/webapps/personnel will have the context path /personnel, and so forth, so that the basic URL for the payroll /index.jsp page would be http://localhost:8080/payroll/index.jsp.

When you set up mod_jk as a connection, you map an Apache VirtualHost to a Tomcat webapp context via jkmount. Disclaimer: It has been a LOOOONG time since I've used mod_jk and I don't remember all the details of setting it up, but basically I believe that you have to set up the destination webapp server address, port, and context in the worker definition file.

Actually, most of the mod_jk documentation I can find is quite old. For the most part, mod_proxy or mod_proxy_ajp are preferred these days. The main advantage of mod_jk seems to have been for load-balancing and that's not been an issue for me. The mod_proxy setup is much more straightforward.



If I can't get mod_jk to work properly I may try switching to mod_proxy. For mod_jk, for the mounting/appBase problem, I could just create a mount for each individual application instead of trying to use one mount for all of them. Still not sure about the SSL configuration for Tomcat, I haven't been able to find any info or docs to say if it's needed.
 
Tim Holloway
Saloon Keeper
Posts: 23409
159
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, if you're using a connector from Apache (or IIS, or Nginx), Tomcat does not require SSL setup. The SSL de/encryption is normally done in the proxy end. Though if you were really paranoid, the AJP channel could be encrypted.
 
You didn't tell me he was so big. Unlike this tiny ad:
SKIP - a book about connecting industrious people with elderly land owners
https://coderanch.com/t/skip-book
reply
    Bookmark Topic Watch Topic
  • New Topic