How to run phpMyAdmin alongside Tomcat web applications

I was asked to look into this problem at my alma mater where the administrators wanted to have access to their Tomcat web application, without specifying the port number, or the application name. That is, visiting www.myecampus.info should open the application in Tomcat, and not serve Apache's home page that displays the Fedora logo. At the same time, they needed access to applications running on Apache itself, such as phpMyAdmin, which cannot be ported to Tomcat.

Initial attempt

My initial attempt was to make Tomcat run on port 80, and change the port for Apache to 85. This worked flawlessly, but there were two important issues with this setup:

  1. Tomcat needed to be run as root in order to allow it to listen on port 80. This is a security risk, since any vulnerabilities present in Tomcat or the applications that run in it will have root privileges to carry out attacks.
  2. This setup only allowed one application to be tied to a domain name. That is, we could not have domains myecampus.info and myprojectwindow.com point to different web applications.

A Better Approach

When I thought about the above issues, I started looking for a way to leave the servers running on their original port numbers (80 for Apache and 9080 for Tomcat), and asking Apache to forward requests meant for Tomcat to Tomcat.

After a lot of Googling and experimenting, the following worked for me:

Configure Tomcat to understand requests forwarded from Apache

This step involved configuring Tomcat to listen to requests from Apache sent using the ajp13 protocol. Documentation for this is available here. I only added the following <Service> element in server.xml inside the <Server> element:

<Service name="Tomcat-Apache">
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
    <Connector protocol="AJP/1.3" className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8009" minProcessors="5" maxProcessors="75"
               enableLookups="true" redirectPort="8443"
               acceptCount="10" debug="0" connectionTimeout="20000"
               useURIValidationHack="false"
          protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>



        <Engine name="Apache" defaultHost="www.myecampus.info" debug="0">
           <Host name="www.myecampus.info" appBase="/usr/java/tomcat-5.5/webapps/jsp-examples/">
                <Context path="" docBase="" debug="1" />
            </Host>
        </Engine>
</Service>

Note that the appBase above needs to point the appropriate webapps directory for your app. I used jsp-examples above.

Also, make sure that no other connection is configured to listen to the same port (8009). Either remove or change the other definition, or change this one.

Restart tomcat: /etc/init.d/tomcat55 restart

Configure Apache to Forward Requests to Tomcat

mod_jk is the Apache plugin that can forward requests to Tomcat. This comes built-in with Apache (that's what it was on the machine I was using).

1) Create a worker that mod_jk can use

Modify /etc/httpd/conf/workers.properties:

  1. Add ecampus to worker.list. "ecampus" can be named anything else too.
    worker.list=wlb,jkstatus, ecampus
  2. Add the definition of "ecampus". Note that the port number should match the number specified in the Connector definition above.
    # Defining our worker 
    worker.ecampus.type=ajp13
    worker.ecampus.host=localhost
    worker.ecampus.port=8009

2) Ask Apache to forward all requests to our "ecampus" worker

Add the following line to /etc/httpd/conf/httpd.conf:

JkMount /* ecampus
JkUnMount /phpMyAdmin* ecampus

The second line is required so that requests to phpMyAdmin are NOT redirected to Tomcat.

3) Restart Apache

service httpd restart

Testing

After the above steps, all the following URLs worked:

www.myecampus.info - opens jsp-examples
www.myecampus.info/phpMyAdmin - opens phpMyAdmin
www.myecampus.info:9080 - opens the Tomcat ROOT application, from where the Tomcat manager and admin applications can be accessed

Next steps

The next step would be figuring out how to use this setup to allow multiple sites point to different applications running in Tomcat. I'll surely blog about it if I'm involved in figuring that out. Until then, goodbye!

Resources

Configuring Tomcat to listen to Apache ajp13 requests

Quick Start HowTo for mod_jk

Apache HowTo for mod_jk

Did this guide help you? Please let us know in the comments below!



Comments

Add new comment