Introduction / FirstSpirit Server configuration / Integration into an external web server / Apache HTTP Server with the Tomcat servlet engine
Apache HTTP Server with the Tomcat servlet engine
Apache HTTP Server is used in this configuration in conjunction with the Tomcat servlet engine. AJP is used as the protocol between Apache and Tomcat.
Currently, mod_jk and mod_proxy_ajp are available as AJP connectors for Apache. This Chapter describes the use of mod_proxy_ajp, since this module has been included with the software since version 2.2 and thus simplifies installation compared to mod_jk. Load balancing across multiple servlet engines is possible with both modules (see balancing on multiple servlet engines).
The Apache configuration environment depends on the operating system and is usually distributed across multiple configuration files. A standard convention is to use the file /etc/apache2/httpd.conf for general parameters, to use the directory /etc/apache2/mods-available for the module configuration, and to use a file under /etc/apache2/sites-available for each virtual web server.
FirstSpirit should have its own virtual web server that is configured using the following entries so that HTTP queries are forwarded to Tomcat for FirstSpirit web applications via mod_proxy_ajp. From the FirstSpirit web applications installed under Tomcat, an internal HTTP connection is then also made automatically, if necessary, for delivery of specific file types such as PHP or ASP.
In the configuration example, the lines labeled “EXAMPLE” must be adapted to point to the paths and addresses for the local configuration. The entry “# EXAMPLE” must then be deleted; otherwise a syntax error will be displayed when the web server is started.
PHP module configuration
LoadModule php5_module modules/libphp5.so # EXAMPLE
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
mod_proxy_ajp module configuration (Example Apache HTTPD 2.2)
LoadModule proxy_module modules/mod_proxy.so # EXAMPLE
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so # EXAMPLE
LoadModule rewrite_module modules/mod_rewrite.so # EXAMPLE
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so # EXAMPLE
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
order deny,allow
deny from all
</Proxy>
Virtual web server:
<VirtualHost *:80>
ServerName fs5.yourdomain.net # EXAMPLE
ServerAlias fs5 # EXAMPLE
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
\"%{COOKIE}i\" %{BALANCER_WORKER_ROUTE}e %D" route_and_requesttime
CustomLog /var/log/apache2/fs5.access.log route_and_requesttime # EXAMPLE
ErrorLog /var/log/apache2/fs5.error.log # EXAMPLE
ServerSignature off
UseCanonicalName off
AddDefaultCharset off
ProxyRequests off
RewriteEngine on
DocumentRoot /opt/tomcat/webapps # EXAMPLE
DirectoryIndex index.html index.jsp index.php
# Protect configuration files.
<LocationMatch "\.htaccess|/WEB-INF/">
order deny,allow
deny from all
</LocationMatch>
# Protect FirstSpirit previews, to be accessible
# from Servlet-Engine only, not from Web-Browser.
<LocationMatch preview_cache>
order deny,allow
deny from all
# All LAN addresses where Servlet-Engine is connecting from:
allow from 127.0.0.1
allow from 10.11.12.13 # EXAMPLE
allow from 172.111.12.13 # EXAMPLE
</LocationMatch>
# status monitor for mod_proxy and balancer
<Location /balancer-manager>
SetHandler balancer-manager
order deny,allow
deny from all
# allow access from administation network only
allow from 192.168.1. # EXAMPLE
</Location>
<Proxy balancer://fsajp>
BalancerMember ajp://localhost:8009 retry=10 connectiontimeout=10 ping=5 ttl=1800
timeout=1200 # EXAMPLE
</Proxy>
# forward requests for FirstSpirit-Webapps to Servlet-Engine
RewriteCond %{REQUEST_URI} !^/balancer-manager
RewriteCond %{REQUEST_URI} !^/manager/
RewriteCond %{REQUEST_URI} !^/server-status
RewriteCond %{REQUEST_URI} !^/fs5preview(_[0-9]+)?/preview_cache
RewriteCond %{REQUEST_URI} !^/fs5webedit(_[0-9]+)?/preview_cache
RewriteRule ^/(.*) balancer://fsajp/$1 [proxy,last]
</VirtualHost>
mod_proxy_ajp module configuration (Example Apache HTTPD 2.4)
LoadModule alias_module modules/mod_alias.so # EXAMPLE
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so # EXAMPLE
LoadModule proxy_module modules/mod_proxy.so # EXAMPLE
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so # EXAMPLE
LoadModule rewrite_module modules/mod_rewrite.so # EXAMPLE
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so # EXAMPLE
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so # EXAMPLE
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Require all denied
</Proxy>
Virtual web server:
<VirtualHost *:80>
ServerName fs5.yourdomain.net # EXAMPLE
ServerAlias fs5 # EXAMPLE
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
\"%{COOKIE}i\" %{BALANCER_WORKER_ROUTE}e %D" route_and_requesttime
CustomLog /var/log/apache2/fs5.access.log route_and_requesttime # EXAMPLE
ErrorLog /var/log/apache2/fs5.error.log # EXAMPLE
ServerSignature off
UseCanonicalName off
AddDefaultCharset off
ProxyRequests off
RewriteEngine on
DocumentRoot /opt/tomcat/webapps # EXAMPLE
DirectoryIndex index.html index.jsp index.php
<Location />
Require all granted
</Location>
# Protect configuration files.
<LocationMatch "\.htaccess|/WEB-INF/">
Require all denied
</LocationMatch>
# Protect FirstSpirit previews, to be accessible
# from Servlet-Engine only, not from Web-Browser.
<LocationMatch preview_cache>
# All LAN addresses where Servlet-Engine is connecting from:
Require local
Require ip 10.11.12.13 # EXAMPLE
Require ip 172.111.12.13 # EXAMPLE
</LocationMatch>
# status monitor for mod_proxy and balancer
<Location /balancer-manager>
SetHandler balancer-manager
# allow access from administation network only
Require ip 192.168.1.0/24 # EXAMPLE
</Location>
<Proxy balancer://fsajp>
BalancerMember ajp://localhost:8009 retry=10 connectiontimeout=10 ping=5 ttl=1800
timeout=1200 # EXAMPLE
</Proxy>
RewriteCond %{REQUEST_URI} !^/balancer-manager
RewriteCond %{REQUEST_URI} !^/manager/
RewriteCond %{REQUEST_URI} !^/server-status RewriteCond %{REQUEST_URI} !^/fs5preview(_[0-9]+)?
/preview_cache
RewriteCond %{REQUEST_URI} !^/fs5webedit(_[0-9]+)?/preview_cache
RewriteRule ^/(.*) balancer://fsajp/$1 [proxy,last]
</VirtualHost>