/
Fronting JBoss with Apache
Got feedback or spotted a mistake?

Leave a comment at the end of this page or email contact@krishagni.com

Fronting JBoss with Apache

Jun 17, 2015

This document provides the steps to have an Apache front for Jboss or Tomcat. The following topics are included:

Configuring Apache

The following instructions are from the Jboss community docs.

  • Add this line at the very bottom in APACHE_HOME/conf/httpd.conf:

     

  • Under APACHE_HOME/conf, create mod-jk.conf and populate it as follows:

     

  • If you are going to multiple Jboss applications and will be defining workers other than loadbalancer in workers.properties make sure to JkMount those as well in mod-jk.conf.

 

Note

Everything in this mod-jk.conf is loaded into httpd.conf which defaults to the port 80 settings.

 

  • Under APACHE_HOME/conf, create workers.properties and populate it as follows (customize Nodes as needed):

     

  • Create a uriworkermap.properties file in the APACHE_HOME/conf directory. This file should contain the URL mappings you want Apache to forward to Tomcat. The format of the file is /url=worker_name. To get things started, paste this example into the file you created. This will configure mod_jk to forward requests to /jmx-console and /web-console to Tomcat.

     

  • Restart Apache

Configuring JBoss/Tomcat

  • Locate the server.xml file in your JBoss instance. If you are using the default JBoss server, use the following command:

     

  • If you are using a different server, replace "default" with the name of the server you are using.

  • Locate the <Engine/.> element and add a jvmRoute attribute. The jvmRoute attribute value must match the name specified in workers.properties:

     

  • Make sure that at least one AJP 1.3 connector port is uncommented in the server.xml as follows. Apache talks to Jboss/tomcat using this AJP 1.3 port, not the standard port:

     

  • Start JBoss with the "-b 0.0.0.0" argument so it will listen on all network interfaces, allowing apache to communicate with it.

Adding SSL

On the Apache server:

  • edit /etc/httpd/conf.d/ssl.conf

     

  • If your CA gave you an intermediate cert edit this line to include it:

     

  • Add to the bottom of ssl.conf but before </VirtualHost>:

     

  • If you are pointing to multiple jboss applications, make sure to put those JkMount statements here as well.

  • If the Apache server needs to have port 80 as well as 443 open for secure and nonsecure content, use the following to force secure connections for sites that require it. Add this to httpd.conf replacing SERVERNAMEHERE with your jboss server name:

     

Notes

Some jboss applications have more than one server inside the jboss instance and these will have to be mapped via uriworkermap.properties as well. To check this:

  • Go to the jboss home directory.

  • Go to defaut/work/jboss.web/localhost •ls -al

  • Anything that isn't invoked, web-console, jbossws, jbossmq-httpil, or jmx-console, is a Jboss server instance.

What Ports

  • To see what ports jboss is configured to listen to, go to jboss home and:

     

  • To see what ports Jboss is ACTUALLY listening to:

     

Deploying OpenSpecimen in Apache Front Ending Environment

For deploying OpenSpecimen in the Apache front end JBOSS environment you need to take care of the following properties in the caTissueInstall.properties file:

  • jboss.server.host = Specify the IP address/host name of the Apache server, with which the end users are going to access the application. Here you need not specify the actual JBOSS host because that information is only required by Apache for communicating with JBOSS.

  • jboss.container.secure = Set it to true if your Apache server is running on secure port.

  • jboss.server.port = Specify the port on which the Apache server is listening (by default it listens on port 80, if you are running it on https then the port should be 443.).

Apache by default listens on both port 80 and 443 (HTTP and HTTPS).  You should properly configure the Apache server to match your deployment environment.  For example, if you are deploying OpenSpecimen with HTTPS then only port 443 should be opened.

You need to specify the JBOSS IP in the worker.properties[-i] file, and to map the application URLs
like /openspecimen you need to modify the uriworker.properties[-i] file in Apache Server.

Got feedback or spotted a mistake?

Leave a comment at the end of this page or email contact@krishagni.com