I'm a new technical. My problem is, I have the web application that running on tomcat7. now i want to install and configure mod_jk on windows server to connect apache and tomcat.
Please tell me, how to do that?
Thanks
First of all you must download the correct mod_jk connector binaries depending on your apache httpd version from here:
http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/windows/
If your apache is a 2.2 version, choose this:
http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/windows/tomcat-connectors-1.2.40-windows-i386-httpd-2.2.x.zip
If it is a 2.4, choose one of them depending if you prefer 64 or 32 bit version:
http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/windows/tomcat-connectors-1.2.40-windows-i386-httpd-2.4.x.zip
http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/windows/tomcat-connectors-1.2.40-windows-x86_64-httpd-2.4.x.zip
Download and unzip correct one. Then, extract mod_jk.so from the zip and place it in your apache httpd modules folder, typically [APACHE_HOME]/modules
Once done it, you must create a workers.properties file, typically in apache conf directory or any other inside it (conf.d, extra, etc).
Usually workers.properties file has following content:
worker.list=worker1,jkstatus
#Set properties for worker19 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.ping_timeout=1000
worker.worker1.connect_timeout=10000
worker.worker1.prepost_timeout=10000
worker.worker1.socket_timeout=10
worker.worker1.connection_pool_timeout=60
worker.worker1.connection_pool_size=90
worker.worker1.retries=2
worker.worker1.reply_timeout=300000
# status worker
worker.jkstatus.type=status
You must check that worker.worker1.host and worker.worker1.port have correct values to reach your tomcat's ajp connector. 8009 port is the commonly used, but better check that in your tomcat's server.xml and set the correct one in workers.properties.
Then, in httpd.conf or any other external conf file, add the following:
# Load mod_jk module
LoadModule jk_module modules/tomcat-connector/mod_jk.so
# Add the module (activate this lne for Apache 1.3)
# AddModule mod_jk.c
# Where to find workers.properties
JkWorkersFile conf/extra/workers.properties # Check the path is correct to your workers.properties
# Where to put jk shared memory
JkShmFile logs/mod_jk.shm
# Where to put jk logs
JkLogFile logs/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
Once done this, you could try restarting Apache httpd to see if everything already done is correct. If apache starts correctly, now you can start planning how you would redirect matching requests from httpd to tomcat. The easiest way is to redirect every request which matches the context path of your Tomcat webapp.
If your application listens in http://localhost:8080/app-context/ then you could simply add this in httpd.conf or the file where you set the load_module sentences, just after JKLogLevel:
JkMount /app-context/* worker1
Note here that worker1 must match the name you gave to the worker in workers.properties file.
Now, just restart apache httpd, make sure that Tomcat is running and then try in a browser next url:
http://localhost/app-context/
And if you reach your Tomcat webapp, everything is done.
Related
Hope you guys are doing well.
I have one query so I have added the below lines in my windows Apache httpd.conf file with the below tags:-
ServerSignature Off,
ServerTokens Prod,
HostnameLookups Off,
TraceEnable off
And I am getting the below O/P like Server: Apache by using curl -I
Actually I am looking for the O/P like Server: Unknown or Server:""
Note :- Here my windows Apache version is Server version: Apache/2.4.46 (Win64)
Kindly help me here how I can hide this Server information as well, as its a security threat to our Instances.
Thanks
Apache say:
Also note that disabling the Server: header does nothing at all to make your server more secure. The idea of "security through obscurity" is a myth and leads to a false sense of safety.
You would need to modify the source code, or install mod_security, and then you can add:
SecRuleEngine On
SecServerSignature Unknown
You can modify the source code as follows: How to change Apache's 'Server:' header without mod_security?
To remove server header by editing source: https://stackoverflow.com/a/66667833/12154890
Editing the source is probably the only way to remove the Server: header completely.
Since you are using windows, if you cannot install additional modules like mod_security or recompile, you cannot remove it.
Moqui Framework Version : 2.1.3
The Framework runs on the default port 8080 just fine, i would like to change the default ports and i did read https://www.moqui.org/m/docs/framework/Run+and+Deploy#a2.RuntimeDirectoryandMoquiConfigurationXMLFile
which states > "Each of these can be system environment variables (with underscores) or Java properties (with underscores or dots) using the -D command-line argument.
i did find the webapp_ variables are referenced in MoquiDefaultConf.xml as mentioned in the above material and tried using the below start command >
$sudo nohup java -Dwebapp_http_host=localhost -Dwebapp_http_port=9080 -Dwebapp_https_port=9443 -jar moqui.war conf=conf/MoquiDevConf.xml &
However the above command does not seem to change the port, Moqui is still running on default port 8080, What could i be missing?
I also tried the solution to update the webapp tag in MoquiDevConf.xml as mentioned in Running Moqui on Tomcat over SSL (setting http-port and htts-port) - return code 302 with no joy,
Appreciate any pointers, i'm really stuck
The environment variables or Java properties you mention are for setting the ports to use when building URLs. These are the external ports used for accessing your server and if a load balancer or reverse proxy is used may be different from the ports the servlet container is running on. For more information see:
https://moqui.org/m/docs/framework/Run+and+Deploy#EnvironmentVariables
If you are running Moqui with the embedded Jetty server you can specify the port it listens on using the port argument as described in the Executable WAR File section of the Run and Deploy document:
https://moqui.org/m/docs/framework/Run+and+Deploy#a3.ExecutableWARFile
Note that the embedded Jetty server can be used in production but it does not support https and is meant to be used behind a reverse proxy like nginx or Apache httpd that forwards requests to the embedded Jetty server.
If you deploy the WAR file by dropping it in a Servlet Container (ie as an actual WAR file, not treating it as an executable JAR file) then the port configuration would be done with the Servlet Container (Tomcat, Jetty, etc).
I'm working on an automated deployment of HCL Connections 6.5 using Ansible on CentOS 7. It already includes IBM IM, WAS (Dmgr + Node), DB2 and Connections itself. The HTTP Server (IHS) is installed, but now I need to configure it. I need to configure the WebSphere Plugin using WCT.
For education purpose, I did this in the past on another testserver using GUI mode like this:
cd /opt/IBM/WebSphere/Toolbox/WCT
./wct.sh
Now we get an wizard with several steps that asks for the plugin location, webserver definition name, port of the HTTP Server and so on.
Automate the wizard
I found wctcmd.sh
as CLI equivalent of wtc.sh to configure webservers automatically. So I made the following response file
configType=remote
enableAdminServerSupport=true
enableUserAndPass=true
enableWinService=false
ihsAdminCreateUserAndGroup=true
ihsAdminPassword=password
ihsAdminPort=8008
ihsAdminUnixUserGroup=ihsadmin
ihsAdminUnixUserID=ihsadmin
mapWebServerToApplications=true
wasMachineHostname=cnx65.internal
webServerConfigFile1=/opt/IBM/HTTPServer/conf/httpd.conf
webServerDefinition=webserver1
webServerHostName=cnx65.internal
webServerOS=operating_system_value
webServerPortNumber=80
webServerSelected=ihs
and ran wctcmd.sh like this:
cd /opt/IBM/WebSphere/Toolbox/WCT
./wctcmd.sh -tool pct -createDefinition -defLocPathname /opt/IBM/WebSphere/Plugins -response resp-file
It says that the tool was executed successfully. But when I open the webserver config /opt/IBM/HTTPServer/conf/httpd.conf it has added the following two lines:
LoadModule was_ap22_module ${WAS_PLUGIN_DRIVER}
WebSpherePluginConfig /opt/IBM/WebSphere/Plugins/config/webserver1/plugin-cfg.xml
This variable is not defined and raise an error when starting the webserver:
# /opt/IBM/HTTPServer/bin/apachectl start
httpd: Syntax error on line 915 of /opt/IBM/HTTPServer/conf/httpd.conf: Cannot load ${WAS_PLUGIN_DRIVER} into server: ${WAS_PLUGIN_DRIVER}: cannot open shared object file: No such file or directory
I assume that the presence of ${WAS_PLUGIN_DRIVER} indicates something went wrong with wctcmd.sh because I looked at another test server with Connections 6 installed manually (with GUI) and the manually installed server has no variable there:
LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/IBM/WebSphere/Plugins/config/webserver1/plugin-cfg.xml
A consultant with over 10 years of experience in WebSphere/Connections confirmed that LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so is correct when everything worked correctly, so there should be no variable.
Questions
Why does the tool place the ${WAS_PLUGIN_DRIVER} variable in my http config without resolving them?
What am I doing wrong that this occurs?
Figured out that I misinterpreted the operating_system_value value for webServerOS. I thought the script would detect the OS automatically, but the docs say
The valid values for the webServerOS parameter, which is used to specify the web server operating system, are Windows, Linux, Solaris, AIX, HPUX, OS390, and OS400.
I also set webServerType=IHS. Now it generates the following working configuration:
LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/IBM/WebSphere/Plugins/config/webserver1/plugin-cfg.xml
After I have changed the ports for my Apache server, and I try and run it, it comes up with this error message:
Apache Service detected with wrong path
Change XAMPP Apache and Control Panel settings or
Uninstall/disable the other service manually first
Found Path: "C:\apache24\bin\httpd.exe" -k runservice
Expected Path: "c:\xampp\apache\bin\httpd.exe" -k runservice
I think this might be because I tried to download Apache separately from XAMPP, and I stored the httpd in that file location. However, I have deleted that file and that area, and I think XAMPP is trying to access that file when it doesn't exist. So how do I change XAMPP apache and control panel settings to the desired field?
Our security team has scanned our production server and identified vulnerabilities with Apache Tomcat server v 6.0.20.
They have recommended that Apache be upgraded to 6.0.24. Reading through the forums, I believe this is the process to do so
Take a backup of httpd.conf file
Using add remove programs, uninstall version 6.0.20
Install 6.0.24
But, I have some questions depending on a quick test I did to install 6.0.20 and upgrade it to 6.0.24
Where do I get Tomcat administrator login information?
Is it enough just to backup the HTTPD.CONF file? I was thinking to back up everything in the Apache folder instead.
Is it possible not to upgrade 6.0.20 to 6.0.24 by running the MSI installer over the same Apache folder? Is it due to the HTTP/1.1 Connector Port being busy/used that doesn't allow an update of Tomcat on the same port?
Is a restart of the server required after upgrade?
Last but not the least, I am using these executables to test the upgrade. 6.0.20 gets installed fine but when I run 6.0.24, it prompts me for the JRE path and directing it to 6.0.20 JVM Path gives me a message that "JVM is not found". The JVM info on the Apache manager is in this directory
What am I missing here?
I need your thoughts and advice to make this as easy as possible since this is a production server.