Making Life Simple » linux

Integrate Apache 2 with Tomcat 6

lalit — Mon, 18 Jan 2010 20:08:18 +0000

I have been trying to configure apache/tomcat is such a way that apache comes on the front-end so that I can have all the features of apache like URL rewriting, virtual hosts, PHP etc. and forward only certain requests to tomcat whose only job should be running servlets.

I have CentOS installed on my server with Apache 2 installed through yum and the goal was to install the binaries for Tomcat 6 and make them talk to each other. After some googling, the best tutorial I found to configure tomcat through mod_jk was found here. I have attached the PDF of the instructions here.
After following the steps, I was easily able to create a worker and configure apache to forward the request to /examples to tomcat.
The next issue was how to configure virtual hosts so that I can host multiple websites, some handled by apache and others through tomcat. Following is the snippet of httpd.conf setting that needs to be updated to enable virtual hosting.

NameVirtualHost *:80 # # NOTE: NameVirtualHost cannot be used without a port specifier # (e.g. :80) if mod_ssl is being used, due to the nature of the # SSL protocol. # # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for requests without a known # server name. # # # ServerAdmin webmaster@dummy-host.example.com # DocumentRoot /www/docs/dummy-host.example.com # ServerName dummy-host.example.com # ErrorLog logs/dummy-host.example.com-error_log # CustomLog logs/dummy-host.example.com-access_log common #ServerAdmin webmaster@lalitmehta.com ServerName www.lalitmehta.com ErrorLog logs/lalitmehta.com-error_log CustomLog logs/lalitmehta-access_log common ServerAdmin info@saiyam.com ServerName rsspile.com # No need of DocumentRoot ErrorLog logs/rsspile.com-error_log CustomLog logs/rsspile.com-access_log common JkMount /rss ajp13 JkMount /rss/* ajp13

I do have two questions though:
1. since mod_jk.so is available for download for Linux, what advantage you get by compiling Apache and mod_jk from source? Most of the websites mention the need to compile the source. Let me know
2. How do I enable SSL on my server with the above configuration?

Increase maximum limit of open files per user

lalit — Fri, 15 Jan 2010 16:34:48 +0000

If you want to increase the limit of open files for the current session, simply run

ulimit -n 2048

If you want to increase it by default, edit /etc/security/limits.conf and add

* hard nofile 2048 * soft nofile 2048

or if you want to increase it only for a certain user, set it as

userlogin hard nofile 2048 userlogin soft nofile 2048

Force SSL on apache

lalit — Fri, 10 Jul 2009 15:17:53 +0000

mod rewrite should be enabled on apache. Add the following to your apache config file.
######################################### #### XXX: BEGIN EDIT FOR MOD_REWRITE #### #### This is intended to force HTTPS #### #### for all inbound HTTP requests ####


####

# This module (mod_rewrite) simply tells Apache2 that all connections to

# port 80 need to go to port 443 – SSL – No exceptions

####


LoadModule rewrite_module modules/mod_rewrite.so





RewriteEngine on
####

# The line below sets the rewrite condition for mod_rewrite.so.

# That is, if the server port does not equal 443, then this condition is true

####
ReWriteCond %{SERVER_PORT} !^443$
####

# The line below is the rule, it states that if above condition is true,

# and the request can be any url, then redirect everything to https:// plus

# the original url that was requested.

####
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

#### XXX: END EDIT FOR MOD_REWRITE ####

Linux Disable Hardware Beep Sound For Terminal

lalit — Wed, 08 Jul 2009 13:03:44 +0000

If you are using xterm, open ~/.xsession file
$ cd $ vi .xessionAppend the following line:
xset b offSave and close the file.
If you are using bash shell, open ~/.inputrc file
$ cd $ vi .inputrcAppend following line:
set bell-style noneSave and close the file.
If you want to turn off beep for VIM text editor, open vim config file ~/.vimrc
$ cd $ vi .vimrcAppend following line
set vbSave and close the file.

Remove .svn folders

lalit — Wed, 08 Jul 2009 07:04:41 +0000

In order to clean up the SVN checkout, you can do

#deletes all .svn files/folders find . -name ".svn" -exec rm -rf {} \;

#deletes all .svn folders find . -name ".svn" -type d -exec rm -rf {} \;

TOP 25 Most Dangerous Programming Errors

lalit — Wed, 14 Jan 2009 01:59:07 +0000

CWE-20:Improper Input Validation
CWE-116:Improper Encoding or Escaping of Output
CWE-89:Failure to Preserve SQL Query Structure
CWE-79:Failure to Preserve Web Page Structure
CWE-78:Failure to Preserve OS Command Structure
CWE-319:Cleartext Transmission of Sensitive Information
CWE-352:Cross-Site Request Forgery
CWE-362:Race Condition
CWE-209:Error Message Information Leak
CWE-119:Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-642:External Control of Critical State Data
CWE-73:External Control of File Name or Path
CWE-426:Untrusted Search Path
CWE-94:Failure to Control Generation of Code
CWE-494:Download of Code Without Integrity Check
CWE-404:Improper Resource Shutdown or Release
CWE-665:Improper Initialization
CWE-682:Incorrect Calculation
CWE-285:Improper Access Control
CWE-327:Use of a Broken or Risky Cryptographic Algorithm
CWE-259:Hard-Coded Password
CWE-732:Insecure Permission Assignment for Critical Resource
CWE-330:Use of Insufficiently Random Values
CWE-250:Execution with Unnecessary Privileges
CWE-602:Client-Side Enforcement of Server-Side Security

Full story

oracle XE “cannot access http://127.0.0.1:8080/apex”

lalit — Fri, 26 Dec 2008 17:41:30 +0000

I had installed oracle XE on CentOS and was not able to connect to web admin for past two days. Finally after a long two days of search, found this.

Thanks!

Delete all iptables rules

lalit — Wed, 06 Feb 2008 06:21:16 +0000

Enter the following to delete iptables completely

# iptables -F
# iptables -t nat -F
# iptables -t mangle -F
# iptables -X

Tomcat does not run on port 80 as non-root

lalit — Thu, 31 Jan 2008 04:02:05 +0000

It is not recommended to make tomcat listen in 80 port, since Tomcat would need to run as a privileged user.

It is suggested either you redirect the port traffic using iptables .

# /sbin/iptables -A FORWARD -p tcp --destination-port 80 -j ACCEPT
# /sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp
--destination-port 80 -to-port 8080
# /sbin/iptables-save

Please remember that in this case clients connecting from server itself have to connect to 8080 port itself.

Another option is to use Apache as a front end to all requests and use modules to redirect to tomcat.

java.net.SocketException: Too many open files

lalit — Fri, 18 Jan 2008 22:27:29 +0000

For System Wide settings
To see the settings for maximum open files for the OS level, use following command.
cat /proc/sys/fs/file-max
This should be a value from 36000 to 50000 or more. To increase the system wide maximum open files, as root edit the /etc/sysctl.conf and add the following to the end of the file.

Note: The following example will increase the maximum number of files to 49,500 on your currently running system and will persist after rebooting.

fs.file-max = 49500

Then issue the following command to activate this change to your live system.
sysctl -p

For user level setting

Also, you should update /etc/security/limits.conf for the user.

myuser hard nofile 2048
myuser soft nofile 2048

Type this to see what it’s set at:

ulimit -a