This document provides the steps to have an Apache front for Jboss or Tomcat. The following topics are included:
The following instructions are from the Jboss community docs.
# Include mod_jk configuration file Include conf/mod-jk.conf |
# Load mod_jk module # Specify the filename of the mod_jk lib LoadModule jk_module modules/mod_jk.so # Where to find workers.properties JkWorkersFile conf/workers.properties # Where to put jk logs JkLogFile /var/log/mod_jk.log # Set the jk log level [debug-error-info] JkLogLevel info # Select the log format JkLogStampFormat "[%a %b %d %H:%M.%S %Y]" # JkOptions indicates to send SSK KEY SIZE # Notes: # 1 ) Changed from +ForwardURICompat. # 2 ) For mod_rewrite compatibility, use +ForwardURIProxy ( default since 1.2 . 24 ) JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories # JkRequestLogFormat JkRequestLogFormat "%w %V %T" # Mount your applications JkMount /__application__/* loadbalancer # You can use external file for mount points. # It will be checked for updates each 60 seconds. # The format of the file is: /url=worker # /examples/*=loadbalancer JkMountFile conf/uriworkermap.properties # Add shared memory. # This directive is present with 1.2 . 10 and # later versions of mod_jk, and is needed for # for load balancing to work properly # Note: Replaced JkShmFile logs/jk.shm due to SELinux issues. Refer to JkShmFile run/jk.shm # Add jkstatus for managing runtime data <Location /jkstatus></Location> JkMount status Order deny,allow Deny from all Allow from 127.0 . 0.1 </Location> |
Note Everything in this mod-jk.conf is loaded into httpd.conf which defaults to the port 80 settings. |
# Define list of workers that will be used # for mapping requests # The configuration directives are valid # for the mod_jk version 1.2 . 18 and later # worker.list=loadbalancer,status # Define Node1 # modify the host as your host IP or DNS name. worker.node1.port= 8009 worker.node1.host=node1.mydomain.com worker.node1.type=ajp13 worker.node1.lbfactor= 1 # worker.node1.connection_pool_size= 10 ( 1 ) # Define Node2 # modify the host as your host IP or DNS name. worker.node2.port= 8009 worker.node2.host= node2.mydomain.com worker.node2.type=ajp13 worker.node2.lbfactor= 1 # worker.node1.connection_pool_size= 10 ( 1 ) # Load-balancing behaviour worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=node1,node2 # Status worker for managing load balancer worker.status.type=status |
# Simple worker configuration file # # Mount the Servlet context to the ajp13 worker /jmx-console=loadbalancer /jmx-console/*=loadbalancer /web-console=loadbalancer /web-console/*=loadbalancer |
cd $JBOSS_HOME/server/ default find * -name server.xml |
<Engine name= "jboss.web" defaultHost= "localhost" jvmRoute= "node1" > . </Engine> |
<Connector port= "8009" address= "$\{jboss.bind.address\}" emptySessionPath= "true" enableLookups= "false" redirectPort= "8443" protocol= "AJP/1.3" ></Connector> |
On the Apache server:
SSLCertificateFile /etc/pki/tls/certs/www.example.com.cert |
SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt |
JkMount /__application__/* loadbalancer JkMountFile conf/uriworkermap.properties |
RewriteEngine On RewriteCond %\{SERVER_PORT\} \!^ 443 $ RewriteRule ^/SERVERNAMEHERE(.*)$ https: //%\{SERVER_NAME\}/SERVERNAMEHERE$1 [L,R] RewriteLog "/var/log/httpd/rewrite.log" RewriteLogLevel 2 |
Some jboss applications have more than one server inside the jboss instance and these will have to be mapped via uriworkermap.properties as well. To check this:
find * -name server.xml -exec grep -H "Connector port" \{\} \; |
for myport in $(ps -ef |grep jboss|grep -v grep|awk \{ 'print $2;' \}|xargs); do netstat -anp |grep $myport|grep LISTEN;done |
For deploying caTissue in the Apache front end JBOSS environment you need to take care of the following properties in the caTissueInstall.properties file:
Apache by default listens on both port 80 and 443 (HTTP and HTTPS). You should properly configure the Apache server to match your deployment environment. For example, if you are deploying caTissue with HTTPS then only port 443 should be opened.
You need to specify the JBOSS IP in the worker.properties[-i] file, and to map the application URLs
like /catissuecore, /cas you need to modify the uriworker.properties[-i] file in Apache Server.
Please note that for secure caTissue connections to work properly, SSL termination should not happen before Apache (or JBoss). For example, you should not terminate your SSL connections at the load balancer.