Integrate Apache 2 with Tomcat 6
I have been trying to configure apache/tomcat is such a way that apache comes on the front-end so that I can have all the features of apache like URL rewriting, virtual hosts, PHP etc. and forward only certain requests to tomcat whose only job should be running servlets.
I have CentOS installed on my server with Apache 2 installed through yum and the goal was to install the binaries for Tomcat 6 and make them talk to each other. After some googling, the best tutorial I found to configure tomcat through mod_jk was found here. I have attached the PDF of the instructions here.
After following the steps, I was easily able to create a worker and configure apache to forward the request to /examples to tomcat.
The next issue was how to configure virtual hosts so that I can host multiple websites, some handled by apache and others through tomcat. Following is the snippet of httpd.conf setting that needs to be updated to enable virtual hosting.
NameVirtualHost *:80
#
# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.
#
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@lalitmehta.com
ServerName www.lalitmehta.com
ErrorLog logs/lalitmehta.com-error_log
CustomLog logs/lalitmehta-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin info@saiyam.com
ServerName rsspile.com
# No need of DocumentRoot
ErrorLog logs/rsspile.com-error_log
CustomLog logs/rsspile.com-access_log common
JkMount /rss ajp13
JkMount /rss/* ajp13
</VirtualHost>
I do have two questions though:
1. since mod_jk.so is available for download for Linux, what advantage you get by compiling Apache and mod_jk from source? Most of the websites mention the need to compile the source. Let me know 
2. How do I enable SSL on my server with the above configuration?
Increase maximum limit of open files per user
If you want to increase the limit of open files for the current session, simply run
ulimit -n 2048
If you want to increase it by default, edit /etc/security/limits.conf and add
* hard nofile 2048
* soft nofile 2048
or if you want to increase it only for a certain user, set it as
userlogin hard nofile 2048
userlogin soft nofile 2048
Force SSL on apache
mod rewrite should be enabled on apache. Add the following to your apache config file.
#########################################
#### XXX: BEGIN EDIT FOR MOD_REWRITE ####
#### This is intended to force HTTPS ####
#### for all inbound HTTP requests ####
####
# This module (mod_rewrite) simply tells Apache2 that all connections to
# port 80 need to go to port 443 – SSL – No exceptions
####
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine on
####
# The line below sets the rewrite condition for mod_rewrite.so.
# That is, if the server port does not equal 443, then this condition is true
####
ReWriteCond %{SERVER_PORT} !^443$
####
# The line below is the rule, it states that if above condition is true,
# and the request can be any url, then redirect everything to https:// plus
# the original url that was requested.
####
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
#### XXX: END EDIT FOR MOD_REWRITE ####
Linux Disable Hardware Beep Sound For Terminal
- If you are using xterm, open ~/.xsession file
$ cdAppend the following line:
$ vi .xession
xset b offSave and close the file.
- If you are using bash shell, open ~/.inputrc file
$ cdAppend following line:
$ vi .inputrc
set bell-style noneSave and close the file.
- If you want to turn off beep for VIM text editor, open vim config file ~/.vimrc
$ cdAppend following line
$ vi .vimrc
set vbSave and close the file.
Remove .svn folders
In order to clean up the SVN checkout, you can do
#deletes all .svn files/folders
find . -name ".svn" -exec rm -rf {} \;
OR
#deletes all .svn folders
find . -name ".svn" -type d -exec rm -rf {} \;
TOP 25 Most Dangerous Programming Errors
- CWE-20:Improper Input Validation
- CWE-116:Improper Encoding or Escaping of Output
- CWE-89:Failure to Preserve SQL Query Structure
- CWE-79:Failure to Preserve Web Page Structure
- CWE-78:Failure to Preserve OS Command Structure
- CWE-319:Cleartext Transmission of Sensitive Information
- CWE-352:Cross-Site Request Forgery
- CWE-362:Race Condition
- CWE-209:Error Message Information Leak
- CWE-119:Failure to Constrain Operations within the Bounds of a Memory Buffer
- CWE-642:External Control of Critical State Data
- CWE-73:External Control of File Name or Path
- CWE-426:Untrusted Search Path
- CWE-94:Failure to Control Generation of Code
- CWE-494:Download of Code Without Integrity Check
- CWE-404:Improper Resource Shutdown or Release
- CWE-665:Improper Initialization
- CWE-682:Incorrect Calculation
- CWE-285:Improper Access Control
- CWE-327:Use of a Broken or Risky Cryptographic Algorithm
- CWE-259:Hard-Coded Password
- CWE-732:Insecure Permission Assignment for Critical Resource
- CWE-330:Use of Insufficiently Random Values
- CWE-250:Execution with Unnecessary Privileges
- CWE-602:Client-Side Enforcement of Server-Side Security
oracle XE “cannot access http://127.0.0.1:8080/apex”
I had installed oracle XE on CentOS and was not able to connect to web admin for past two days. Finally after a long two days of search, found this.
Thanks!
Delete all iptables rules
Enter the following to delete iptables completely
# iptables -F
# iptables -t nat -F
# iptables -t mangle -F
# iptables -X
Tomcat does not run on port 80 as non-root
It is not recommended to make tomcat listen in 80 port, since Tomcat would need to run as a privileged user.
It is suggested either you redirect the port traffic using iptables .
# /sbin/iptables -A FORWARD -p tcp --destination-port 80 -j ACCEPT # /sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 80 -to-port 8080 # /sbin/iptables-save
Please remember that in this case clients connecting from server itself have to connect to 8080 port itself.
OR
Another option is to use Apache as a front end to all requests and use modules to redirect to tomcat.
java.net.SocketException: Too many open files
For System Wide settings
To see the settings for maximum open files for the OS level, use following command.
cat /proc/sys/fs/file-max
This should be a value from 36000 to 50000 or more. To increase the system wide maximum open files, as root edit the /etc/sysctl.conf and add the following to the end of the file.
Note: The following example will increase the maximum number of files to 49,500 on your currently running system and will persist after rebooting.
fs.file-max = 49500
Then issue the following command to activate this change to your live system.
sysctl -p
For user level setting
Also, you should update /etc/security/limits.conf for the user.
myuser hard nofile 2048
myuser soft nofile 2048
Type this to see what it’s set at:
ulimit -a
