Okay next question:- Can anyone point me to a guide on how to install tomcat and the mod-jk apache connector on Ubuntu 7.04 , including secure socket layer to encrypt web communcations ? I got part of the way though the guide on this website before i realized most of the work in the first 3 pages of the guide can be done using:- apt-get install libapache2-mod-jk However, I am not sure how to move on from that point as it is not clear to me how ispconfig interacts with the standard apache2 settings and configuration files. Can anyone point me in the right direction ? Thanks a lot
You might want to take a look at the Configuring Tomcat5 and Apache2 with Virtual Hosts using mod_jk tutorial.
not working for me That howto is not working for me. Points:- 1. Building from source does not work, so I just used the "apt-get libapache2-mod-jk " method. 2. I tried following all the steps of this tutorial, but when I re-start tomcat after modifying the workers.properties and server.xml files, tomcat crashed as follows. My questions would be:- 1. Can anyone point me to a document that explains how to write the server.xml file ? 2. Is there any way to cut all the c**p out of the server.xml file so it is easier to read ? Sep 20, 2007 7:46:37 PM org.apache.catalina.startup.Catalina load WARNING: Catalina.start using conf/server.xml: java.lang.ClassNotFoundException: org.apache.catalina.storeconfig.StoreConfigLifecycleListener at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2726) at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2752) at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1279) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:501) at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:179) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1337) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2740) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:645) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:508) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1562) at org.apache.catalina.startup.Catalina.load(Catalina.java:504) at org.apache.catalina.startup.Catalina.start(Catalina.java:558) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Sep 20, 2007 7:46:37 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 0 ms java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Caused by: java.lang.NullPointerException at org.apache.catalina.startup.Catalina.await(Catalina.java:630) at org.apache.catalina.startup.Catalina.start(Catalina.java:590) ... 6 more :
everything working now My software bod got everything working for me, so I am a little hazy on the details, however he had mod_jk working on a non-virtual server previously and he tells me that all you have to do to getting working under ispconfig and virtual hosts is paste the code you had in your original httpd.conf file into the following file:- /etc/apache2/mods-available/jk.conf. I think there may be more to it that that, but that is what he tells me....
the contents of /etc/apache2/mods-available/jk.conf JkWorkersFile /opt/apache-tomcat/conf/workers.properties JkShmFile /var/log/httpd/mod_jk.shm JkLogFile /opt/apache-tomcat/logs/mod_jk.log JkLogLevel warn JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " JkMountFile /opt/apache-tomcat/conf/uriworkermap.properties JkRequestLogFormat "%w %V %T"
now I am also starting to understand what is going on... I have just gone through another 3 days trying to set up mod_jk with apache2 and tomcat on another server, so I am now starting to understand what is actually occuring. I am not working using open java or the ubuntu tomcat package, because my software developer prefers to put the webapps and configuration files for tomcat and mod_jk in a separate directory to those for apache . This makes a lot of sense, as you really want to configure tomcat and mod_jk each time you install a new version of tomcat, rather than configuring it each time you install a new version of apache. Here is what i did. NB My versions of tomcat and java are old and you probably want to be using newer ones. I am using older versions as my webapp is based on these software versions for the moment. I have changed my real website address to www.example.com here. install java (I downloaded it from the sun website) install ispconfig. messgaes i got during ispconfig install:- Warning: DocumentRoot [/var/www/web1/web] does not exist Warning: DocumentRoot [/var/www/web1/web] does not exist Syntax error on line 83 of /etc/apache2/vhosts/Vhosts_ispconfig.conf: SSLCertificateFile: file '/var/www/web1/ssl/www.example.com.crt' does not exist or is empty * Stopping Postfix Mail Transport Agent postfix [ OK ] * Starting Postfix Mail Transport Agent postfix [ OK ] * Stopping ftp server proftpd [ OK ] * Starting ftp server proftpd - setting default address to 127.0.0.1 [ OK ] Starting ISPConfig system... /root/ispconfig/httpd/bin/apachectl startssl: httpd started ISPConfig system is now up and running! the install went OK after install:- -login at https://www.example.com:81 as admin with password admin and change the password -click on the top tab MANAGEMENT -click on server in the directory tree >settings >dns set up dns servers to my dns servers which are:- ns1.your-server.de ns.second-ns.com also clicked on "default mx record" click on >isp manager > new client enter title for client:example enter first name foo enter last name bar SAVE Click on "New site" >next Title: www.example.com Server: Hostname: www Domain: example.com IP Address: 88.xx.xx.yy Create DNS: n Create DNS-MX: n Space MB: -1 Traffic MB: -1 Traffic Exceedance: notify Max. User: -1 Max. Domain: -1 Shell Access: n CGI Scripts: n Standard CGIs: n PHP Scripts: n PHP Safe Mode: n SSI: y FTP Access: y MySQL: n Number of Databases: SSL: y Anonymous FTP: n Anon. FTP MB: n WAP: n Individual Error Pages: n Mailuser Login: y after created site, modified client login and password click again on "your website" >create new user realname : your name e_mail address: name@ username: web1_name password xxxxxxxxxxxxxx administrator y Now it is necessary to create an ssl certificate for the website that has been created, otherwise ssl won't work properly :- click on the name of the website you just created in the directory tree click on the "ssl" tab Fill in the info in the top half of the box with your info, and put in the number of days the certificate should be valid for. In the button "action" select "create certificate". Click on save. Log out of the admin application and log back in again. go back to the same location as before, and both of the panels should be filled with the new ssl certificates. Now, you should find it possible to go to https://www.example.com as well as http://www.example.com and see the blue and white ispconfig default page. Now I have to do the following things:- 1. Get tomcat working 2. Get mod_jk working Check java is installed OK:- /usr/java/jdk/bin/java -version java version "1.6.0_05" Java(TM) SE Runtime Environment (build 1.6.0_05-b13) Java HotSpot(TM) Server VM (build 10.0-b19, mixed mode) OK It's working Install tomcat:- copy from http://mirror.nohup.it/apache/tomcat/ 4.downloaded apache-tomcat-6.0.14.tar.gz to server directory /usr/local/src tar -xvxf apache-tomcat-6.0.14.tar.gz mv apache-tomcat-6.0.14 /opt cd /opt NB the location of apache-tomcat directory is referred to as "CATALINA_HOME" ln -s apache-tomcat-6.0.14 apache-tomcat (This link allows you to switch tomcat versions easily). 5.set catalina home variable in the files /etc/profile and /root/.bashrc by adding the line: CATALINA_HOME=/opt/apache-tomcat export CATALINA_HOME Mod jk was not installed so, use apt to install modjk:- apt-get install libapache2-mod-jk Checked that mod_jk.so was in the directory /usr/lib/apache2/modules * Create a file by the name “worker.properties” in /opt/apache-tomcat/conf/ directory:- workers.properties: ****************** worker.list=worker1 worker.maintain=60 worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8009 * Create a file by the name “uriworkermap.properties” in /opt/apache-tomcat/conf/ directory. This file is used instead of the jkload statement in the workers.properties to give more flexibility in the case of multiple webapps. Note you have to subsitute the name of your webapps in this file:- uriworkermap.properties: *********************** /nameofyourwebapp=worker1 /nameofanotherofyourwebapps=worker1 /nameofyourwebapp/*=worker1 /nameofanotherofyourwebapps/*=worker1 * Edit the file by the name “jk.conf” in /etc/apache2/mods-available/ directory:- # Where to find workers.properties JkWorkersFile /opt/apache-tomcat/conf/workers.properties JkShmFile /var/log/httpd/mod_jk.shm # Where to put jk logs JkLogFile /opt/apache-tomcat/logs/mod_jk.log # Set the jk log level [debug/error/info] JkLogLevel warn # Select the log format JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " #specify the location of the jkmount file JkMountFile /opt/apache-tomcat/conf/uriworkermap.properties # set the request format JkRequestLogFormat "%w %V %T" # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories If the mod has been enabled using the debian a2enmod command , the above file will be appended to the apache2.conf file and then loaded by the following two commands that should be present in the apache2.conf file:- # Include module configuration: Include /etc/apache2/mods-enabled/*.load Include /etc/apache2/mods-enabled/*.conf As you can see, apache loads any files ending with .load first and .conf after, in /etc/apache2/mods-enabled/. All a2enmod does is create links from the directory mods-enables to the relevant .load and .conf files in the directory mods-available so, basically issue the commands a2enmod jk the system should then tell you jk has been enabled and the relevant files should have been set up. Set up the server.xml file as shown:- copy of my /opt/apache-tomcat/server.xml file:- <?xml version='1.0' encoding='utf-8'?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <!-- Note: A "Server" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/server.html --> <Server port="8005" shutdown="SHUTDOWN"> <!--APR library loader. Documentation at /docs/apr.html --> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> <Listener className="org.apache.catalina.core.JasperListener" /> <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html --> <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html --> <GlobalNamingResources> <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users --> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <!-- A "Service" is a collection of one or more "Connectors" that share a single "Container" Note: A "Service" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/service.html --> <Service name="Catalina"> <!--The connectors can use a shared executor, you can define one or more named thread pools--> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="150" minSpareThreads="4"/> --> <!-- A "Connector" represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> --> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <!-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html --> <!-- You should set jvmRoute to support load-balancing via AJP ie : <Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1"> --> <Engine name="Catalina" defaultHost="localhost"> <!--For clustering, please take a look at documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) --> <!-- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> --> <!-- The request dumper valve dumps useful debugging information about the request and response data received and sent by Tomcat. Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.valves.RequestDumperValve"/> --> <!-- This Realm uses the UserDatabase configured in the global JNDI resources under the key "UserDatabase". Any edits that are performed against this UserDatabase are immediately available for use by the Realm. --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> <!-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. --> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> --> <!-- Access log processes all example. Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/> --> </Host> </Engine> </Service> </Server> set up a script to start tomcat automatically:- touch /etc/init.d/tomcat vi /etc/init.d/tomcat and add:- #!/bin/sh #!/bin/bash #description: Starts Tomcat #processname: tomcat export CATALINA_HOME=/opt/apache-tomcat export JAVA_HOME=/usr/java/jdk $CATALINA_HOME/bin/catalina.sh $* make sure it's executable:- chmod +x /etc/init.d/tomcat added to runlevel: update-rc.d tomcat defaults Adding system startup for /etc/init.d/tomcat ... /etc/rc0.d/K20tomcat -> ../init.d/tomcat /etc/rc1.d/K20tomcat -> ../init.d/tomcat /etc/rc6.d/K20tomcat -> ../init.d/tomcat /etc/rc2.d/S20tomcat -> ../init.d/tomcat /etc/rc3.d/S20tomcat -> ../init.d/tomcat /etc/rc4.d/S20tomcat -> ../init.d/tomcat /etc/rc5.d/S20tomcat -> ../init.d/tomcat To check if the tomcat server is working stand-alone, install the text-based browser lynx:- apt-get install lynx then type:- lynx http://localhost:8080 To check if tomcat is working via apache, type:- lynx http://localhost/server-status You can apparently set up the system so as it will only allow access to your webapps via https by editing the web.xml file. However, I don't know how to do this yet, so this setup runs both stand-alone on port 8080 and via port 443 and https, which is a bit pointless really.
