I was asked to look into this problem at my alma mater where the administrators wanted to have access to their Tomcat web application, without specifying the port number, or the application name. That is, visiting www.myecampus.info should open the application in Tomcat, and not serve Apache’s home page that displays the Fedora logo. At the same time, they needed access to applications running on Apache itself, such as phpMyAdmin, which cannot be ported to Tomcat.
My initial attempt was to make Tomcat run on port 80, and change the port for Apache to 85. This worked flawlessly, but there were two important issues with this setup:
- Tomcat needed to be run as root in order to allow it to listen on port 80. This is a security risk, since any vulnerabilities present in Tomcat or the applications that run in it will have root privileges to carry out attacks.
- This setup only allowed one application to be tied to a domain name. That is, we could not have domains myecampus.info and myprojectwindow.com point to different web applications.
A Better Approach
When I thought about the above issues, I started looking for a way to leave the servers running on their original port numbers (80 for Apache and 9080 for Tomcat), and asking Apache to forward requests meant for Tomcat to Tomcat.
After a lot of Googling and experimenting, the following worked for me:
Configure Tomcat to understand requests forwarded from Apache
This step involved configuring Tomcat to listen to requests from Apache sent using the ajp13 protocol. Documentation for this is available here. I only added the following <Service> element in server.xml inside the <Server> element:
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
<Connector protocol="AJP/1.3" className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8009" minProcessors="5" maxProcessors="75"
acceptCount="10" debug="0" connectionTimeout="20000"
<Engine name="Apache" defaultHost="www.myecampus.info" debug="0">
<Host name="www.myecampus.info" appBase="/usr/java/tomcat-5.5/webapps/jsp-examples/">
<Context path="" docBase="" debug="1" />
Note that the appBase above needs to point the appropriate webapps directory for your app. I used jsp-examples above.
Also, make sure that no other connection is configured to listen to the same port (8009). Either remove or change the other definition, or change this one.
Configure Apache to Forward Requests to Tomcat
mod_jk is the Apache plugin that can forward requests to Tomcat. This comes built-in with Apache (that’s what it was on the machine I was using).
1) Create a worker that
mod_jk can use
- Add ecampus to worker.list. “ecampus” can be named anything else too.
- Add the definition of “ecampus”. Note that the port number should match the number specified in the
Connector definition above.
# Defining our worker
2) Ask Apache to forward all requests to our “ecampus” worker
Add the following line to
JkMount /* ecampus
JkUnMount /phpMyAdmin* ecampus
The second line is required so that requests to phpMyAdmin are NOT redirected to Tomcat.
3) Restart Apache
service httpd restart
After the above steps, all the following URLs worked:
www.myecampus.info – opens jsp-examples
www.myecampus.info/phpMyAdmin – opens phpMyAdmin
www.myecampus.info:9080 – opens the Tomcat ROOT application, from where the Tomcat manager and admin applications can be accessed
The next step would be figuring out how to use this setup to allow multiple sites point to different applications running in Tomcat. I’ll surely blog about it if I’m involved in figuring that out. Until then, goodbye!
Configuring Tomcat to listen to Apache ajp13 requests
Quick Start HowTo for mod_jk
Apache HowTo for mod_jk
Did this guide help you? Please let us know in the comments below!