ubuntu "11.04" "apache2" "tomcat6"
fedora "apache2" "tomcat6"
http://riajava.blogspot.com/2009/03/apache2-tomcat6-java-mysql-on-ubuntu.html
Category: Ubuntu Old
Apache 2.2 and Tomcat 6 Integration
Published by admin on October 2, 2007 07:47 pm under Linux
It is possible to use Apache as the web listener for Tomcat. I have heard several reasons why people do this. The reason I did this is so that I can use Apache to handle security for my web application. This entry will describe the process of connecting Apache to Tomcat using mod_jk.
First you will need to download the latest source for the following applications:
Apache 2.2 (2.2.4 at the time of writing)
Tomcat 6 (6.0.26 at the time of writing)
mod_jk (1.2.22 at the time of writing)
Set the following environment variables. I would recommend placing them in your .bash_profile or .profile. If you place them in either of these files source the file immediately.
# Install Java
apt-get install sun-java6-jdk openjdk-6-jdk
sudo apt-get install sun-java6-jdk openjdk-6-jdk
add-apt-repository "deb http://archive.canonical.com/ubuntu lucid partner"
sudo su
java -version
# Tomcat env settings
export JAVA_OPTS="-Xms512m -Xmx1024m"
export JAVA_HOME=/usr/lib/jvm/java-6-sun-1.6.0.26
export CATALINA_HOME=/home/davidq/tmp/apache-tomcat-6.0.32
JAVA_OPTS sets the minimum and maximum memory that will be available to the JVM running Tomcat. JAVA_HOME and CATALINA_HOME are used by several Tomcat scripts. This configuration will use the Sun JDK version 1.6. You can see that JAVA_HOME points to jdk1.6.0.
Extract the contents of each of the previous in a directory.
cd /home/yourusername/tmp
tar zxvf httpd-2.2.4.tar.gz
tar zxvf apache-tomcat-6.0.13.tar.gz -C /home/davidq/tmp
tar zxvf tomcat-connectors-1.2.22-src.tar.gz
The apache-tomcat-6.0.13 directory will be extracted to /home/davidq/tmp. You can extract it wherever you would like by changing the argument for -C. There is a tiny bit of configuration for Tomcat. vi /home/davidq/tmp/apache-tomcat-6.0.13/conf/tomcat-users.xml and place the following between the tomcat-users tags:
<role rolename="manager"/>
<role rolename="manager-gui"/>
<user username="tomcat" password="s3cret" roles="manager,manager-gui"/>
cd to the httpd-2.2.4 directory
./configure –"prefix=/home/davidq/tmp/apache" –"with-included-apr" –"with-mpm=worker"
make
make install
Notice the –with-mpm=worker? We need this for mod_jk. There are some entries that need to be added to the httpd.conf for mpm worker. vi /home/davidq/tmp/apache/conf/httpd.conf and add the following beneath the “ServerRoot" block:
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule worker.c>
ServerLimit 16
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
</IfModule>
You will want to change “Listen 80″ to “Listen 8079″ because you wont be able to start Apache on port 80 unless you are root. By default Tomcat listens on 8080.
Also in the httpd.conf file look for the LoadModule section and append the following to that section:
LoadModule jk_module modules/mod_jk.so
Include “/home/davidq/tmp/apache/conf/mod_jk.conf"
You will also need to configure Apache for your web application. Here are just some examples. They will be referenced again in the mod_jk section.
Alias /jktest /home/davidq/tmp/jktest
<Directory /home/davidq/tmp/jktest>
Options FollowSymLinks Includes
DirectoryIndex index.html
AddHandler server-parsed shtml
order allow,deny
allow from all
</Directory>
<Location /jktest/TestServlet>
<Limit POST>
Order deny,allow
Deny from all
Allow from localhost
Satisfy any
</Limit>
</Location>
The mod_jk connector needs to be installed now. Here are the steps:
cd to the tomcat-connectors-1.2.22-src/native directory
./configure –"with-apxs=/home/davidq/tmp/apache/bin/apxs"
make
make install
vi /home/davidq/tmp/apache/conf/mod_jk.conf and add the following:
<IfModule mod_jk.c>
JkShmFile /home/davidq/tmp/apache/logs/jk-runtime-status
JkLogFile /home/davidq/tmp/apache/logs/mod_jk.log
JkLogLevel info
JkWorkersFile /home/davidq/tmp/apache/conf/workers.properties
JkMount /jktest/*.jsp wkr01
JkMount /jktest/TestServlet wkr01
</IfModule>
vi /home/davidq/tmp/apache/conf/workers.properties and add the following:
# workers.properties – ajp13
#
# List workers
worker.list=wkr01
#
# Define ajp13 worker
worker.wkr01.type=ajp13
worker.wkr01.host=localhost
worker.wkr01.port=8009
worker.wkr01.connection_pool_size=25
worker.wkr01.connection_pool_minsize=13
We need to create a test jsp file so that we can ensure the connector is working. First make a directory /home/davidq/tmp/jktest. After the directory is created, vi /home/davidq/tmp/jktest/testfile.jsp and paste the following in it:
<HTML>
<HEAD>
<TITLE>mod_jk test</TITLE>
</HEAD>
<BODY>
<%out.println("Hello World");%> !
</BODY>
</HTML>
Now we need to create a context file for our application. vi /home/davidq/tmp/jktest/jktest.xml and paste the following in it:
<?xml version=’1.0′ encoding=’utf-8′?>
<Context displayName="JkTest" docBase="/home/davidq/tmp/jktest" path="/jktest" workDir="work/Catalina/localhost/jktest">
</Context>
To start Tomcat and Apache run the following:
/home/davidq/tmp/apache-tomcat-6.0.13/bin/startup.sh
/home/davidq/tmp/apache/bin/apachectl start
With Tomcat started you will need to configure the jktest context. Enter the following URL in your browser. When you are prompted for a username and password, enter tomcat for the username and s3cret for the password.
http://yourmachine:8080/manager/html
After logging in look to the bottom of the page for a section named “Deploy". Fill in the following fields and click Deploy.
Context Path (optional): /jktest
XML Configuration file URL: file:/home/davidq/tmp/jktest/jktest.xml
WAR or Directory URL: LEAVE BLANK
Now all you need to do is test. You should be able to access testfile.jsp via the following URL:
http://yourservername.domain.com:8079/jktest/testfile.jsp
SSL apache tomcat ubuntu 11.04
http://www.howtoforge.com/how-to-set-up-an-ssl-vhost-under-apache2-on-ubuntu-9.10-debian-lenny
This article explains how you can set up an SSL vhost under Apache2 on Ubuntu 9.10 and Debian Lenny so that you can access the vhost over HTTPS (port 443). SSL is short for Secure Sockets Layer and is a cryptographic protocol that provides security for communications over networks by encrypting segments of network connections at the transport layer end-to-end. We use the mod_ssl Apache module here to provide strong cryptography for Apache2 via SSL by the help of the Open Source SSL toolkit OpenSSL.
This document comes without warranty of any kind! I do not issue any guarantee that this will work for you!
1 Preliminary Note
I'm assuming that you have a working LAMP setup on your Ubuntu 9.10 or Debian Lenny box, as shown in these tutorials:
- Installing Apache2 With PHP5 And MySQL Support On Debian Lenny (LAMP)
- Installing Apache2 With PHP5 And MySQL Support On Ubuntu 9.10 (LAMP)
I will set up SSL for my vhost v in this tutorial – hostmauritius.com is a domain that I own – replace it with your own domain. I will show how to use a self-signed certificate (this will result in a browser warning when you access https://v) and how to get a certificate from a trusted certificate authority (CA) such as Verisign, Thawte, Comodo, etc. – with a certificate from a trusted CA, your visitors won't see any browser warnings, as is the case with a self-signed certificate. I will use a certificate from CAcert.org – these certificates are free, but are not recognized by all browsers, but it should give you the idea how to install a certificate from a trusted CA.
It is important to know that you can have just one SSL vhost per IP address – if you want to host multiple SSL vhost, you need multiple IP addresses!
I'm running all the steps in this tutorial with root privileges, so make sure you're logged in as root. On Ubuntu, run
sudo su
to become the root user.
2 Enabling mod_ssl
To enable apache's SSL module, run…
a2enmod ssl
… and restart Apache:
/etc/init.d/apache2 restart
Apache should now be listening on port 443 (HTTPS):
netstat -tap | grep https
root@server1:~# netstat -tap | grep https
tcp6 0 0 [::]:https [::]:* LISTEN 1238/apache2
root@server1:~#
3 Setting Up The Vhost
I will now create the vhost server1.example.com with the document root /var/www/server1.example.com. First I create that directory:
mkdir /var/www/server1.example.com
Apache comes with a default SSL vhost configuration in the file /etc/apache2/sites-available/default-ssl. We use that file as a template for the server1.example.com vhost…
cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/server1.example.com-ssl
… and open /etc/apache2/sites-available/server1.example.com-ssl:
vi /etc/apache2/sites-available/server1.example.com-ssl
Make sure you use the correct IP address in the <VirtualHost xxx.xxx.xxx.xxx:443> line (192.168.0.100 in this example); Also fill in the correct ServerAdmin email address and add the ServerName line. Adjust the paths in the DocumentRoot line and in the <Directory > directives, if necessary:
<IfModule mod_ssl.c> <VirtualHost 192.168.0.100:443> ServerAdmin webmaster@hostmauritius.com ServerName server1.example.com:443 DocumentRoot /var/www/server1.example.com <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/server1.example.com/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. |
As you see, this vhost uses the default self-signed snakeoil certificate that comes with Ubuntu/Debian:
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Now disable the default SSL vhost (if it is enabled), enable the server1.example.com vhost and reload apache:
a2dissite default-ssl
a2ensite server1.example.com-ssl
/etc/init.d/apache2 reload
Now open a browser and go to your new SSL vhost (https://server1.example.com in this case). Because we are using Debian's/Ubuntu's default self-signed certificates, we should get a warning that the connection is untrusted (to use that web site anyway, click on I Understand the Risks and follow the instructions in your browser):
4 Creating A Self-Signed Certificate
Until now, we've used Debian's/Ubuntu's default self-signed certificate. I will now show you how to create your own self-signed certificate. With this certificate, you will still get browser warnings, but this certificate is required to get a trusted certificate from a trusted CA later on.
Make sure that the package ssl-cert is installed:
aptitude install ssl-cert
You can now create a self-signed certificate for server1.example.com as follows:
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/server1.example.com.crt
You will be asked for the hostname:
Host name: <– server1.example.com
This will create the self-signed certificate and the private key in one file, /etc/ssl/private/server1.example.com.crt:
cat /etc/ssl/private/server1.example.com.crt
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDWuQUCXjDucCdKnowwclux0Tb392+I/KSLkqp4bY577U4EcS0V J28eWIYOTiA38UDteLMXZSFyzWtq1QREzU0sPeQXWjJ/r6sDGSNlOFxnBJlg/ll2 2JHTeMZQZ4QoLejaS8SBU2v8mQFIZrvT+/RUsAyFNVvfVA+dm5bQS9dH5QIDAQAB AoGBAMBwsfydTl1kRtKpphsFYwjK6Ojz6hJr20z79axZBAotdG6mwDDlVsFrtTm8 60M4BWjPdDLTgFbTpCHrKBhBp5cJqgSXntd2i2JjOFpIQSlinGJ6HncFEC3AAxeE PVTH77k2sVckwQ5tnOVX6gGuYt5E5wd3J43mLyyHCpFXz4dBAkEA/O4q2CpCXlT0 Mklt/8rlzzIhxyoOuPI3WH+lr5tO3LSNpLbzW74l/lTvFhCbQCKsb3eyZVhzE+f+ 9ZJM+ao5kwJBANlUJPyc2bYpY2124c83rYtK6Xth9c+sxxUdWbkkyEdaF1ixlR+r 8Qoze+ISHBr9DCZWbQGZirwoX/+qufvFA6cCQHECcT44U4MWbi1xxaY+n8Od4J2+ Wumjv7rY/cyile/i9E6eN8nMAenLRTAUp2lWlLkRQDIr/O7t/2r1vVLoDeUCQQCO 5R+opS0U9CO27srMZ+yIwMnB4Ygxc4Y24OSEsqWpHJhrLeBCQdir/2v+GjA2oplh f8QOoDkzPEzamxPMch7TAkEAyLke88CR1awZQQnTGKho6g5npdGgntjBVO+ZEl18 PfCIyGk5bsLrAsprgS+Xp5SSQfAG2fUatpXqsYGBO8q2dA== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIBqzCCARQCCQDDCFjQ7Ii1gjANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDEw93 d3cuZXhhbXBsZS5jb20wHhcNMTAwMTEyMTY1NDI2WhcNMjAwMTEwMTY1NDI2WjAa MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBANa5BQJeMO5wJ0qejDByW7HRNvf3b4j8pIuSqnhtjnvtTgRxLRUnbx5Y hg5OIDfxQO14sxdlIXLNa2rVBETNTSw95BdaMn+vqwMZI2U4XGcEmWD+WXbYkdN4 xlBnhCgt6NpLxIFTa/yZAUhmu9P79FSwDIU1W99UD52bltBL10flAgMBAAEwDQYJ KoZIhvcNAQEFBQADgYEAJ/tYRc3CImo2c4FyG+UJTUIgu+p8IcMH9egGaMc335a5 IwA2BBsiS3YAux8mteE2N03Nae6wTVbgEl8J68z1XyzklGtC/EG7ygtnOlfFTJWn U5HMaGOGBvOnFViF4e/DuBs7VPePKzqF2mmKIeAvoMA5GTH/iA4yJIFlgHhCMU8= -----END CERTIFICATE----- |
I will now split up that file in two, the private key /etc/ssl/private/server1.example.com.key and the self-signed certificate /etc/ssl/certs/server1.example.com.pem:
vi /etc/ssl/private/server1.example.com.key
This file must contain the part beginning with —–BEGIN RSA PRIVATE KEY—– and ending with —–END RSA PRIVATE KEY—–:
-----BEGIN CERTIFICATE----- MIIBqzCCARQCCQDDCFjQ7Ii1gjANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDEw93 d3cuZXhhbXBsZS5jb20wHhcNMTAwMTEyMTY1NDI2WhcNMjAwMTEwMTY1NDI2WjAa MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBANa5BQJeMO5wJ0qejDByW7HRNvf3b4j8pIuSqnhtjnvtTgRxLRUnbx5Y hg5OIDfxQO14sxdlIXLNa2rVBETNTSw95BdaMn+vqwMZI2U4XGcEmWD+WXbYkdN4 xlBnhCgt6NpLxIFTa/yZAUhmu9P79FSwDIU1W99UD52bltBL10flAgMBAAEwDQYJ KoZIhvcNAQEFBQADgYEAJ/tYRc3CImo2c4FyG+UJTUIgu+p8IcMH9egGaMc335a5 IwA2BBsiS3YAux8mteE2N03Nae6wTVbgEl8J68z1XyzklGtC/EG7ygtnOlfFTJWn U5HMaGOGBvOnFViF4e/DuBs7VPePKzqF2mmKIeAvoMA5GTH/iA4yJIFlgHhCMU8= -----END CERTIFICATE----- |
The key must be readable and writable by root only:
chmod 600 /etc/ssl/private/server1.example.com.key
vi /etc/ssl/certs/server1.example.com.pem
This file must contain the part beginning with —–BEGIN CERTIFICATE—– and ending with —–END CERTIFICATE—–:
-----BEGIN CERTIFICATE----- MIIBqzCCARQCCQDDCFjQ7Ii1gjANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDEw93 d3cuZXhhbXBsZS5jb20wHhcNMTAwMTEyMTY1NDI2WhcNMjAwMTEwMTY1NDI2WjAa MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBANa5BQJeMO5wJ0qejDByW7HRNvf3b4j8pIuSqnhtjnvtTgRxLRUnbx5Y hg5OIDfxQO14sxdlIXLNa2rVBETNTSw95BdaMn+vqwMZI2U4XGcEmWD+WXbYkdN4 xlBnhCgt6NpLxIFTa/yZAUhmu9P79FSwDIU1W99UD52bltBL10flAgMBAAEwDQYJ KoZIhvcNAQEFBQADgYEAJ/tYRc3CImo2c4FyG+UJTUIgu+p8IcMH9egGaMc335a5 IwA2BBsiS3YAux8mteE2N03Nae6wTVbgEl8J68z1XyzklGtC/EG7ygtnOlfFTJWn U5HMaGOGBvOnFViF4e/DuBs7VPePKzqF2mmKIeAvoMA5GTH/iA4yJIFlgHhCMU8= -----END CERTIFICATE----- |
Now we can delete the /etc/ssl/private/server1.example.com.crt file:
rm -f /etc/ssl/private/server1.example.com.crt
Next we adjust our SSL vhost to use the new private key and the self-signed certificate:
vi /etc/apache2/sites-available/server1.example.com-ssl
[...] # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See #/usr/share/doc/apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/ssl/certs/server1.example.com.pem SSLCertificateKeyFile /etc/ssl/private/server1.example.com.key SSLEngine on |
Reload Apache:
/etc/init.d/apache2 reload
The SSL vhost will now use your new private key and self-signed certificate for encryption (but because it is a self-signed certificate, you will still get the browser warning when you access https://server1.example.com).
HTTP Proxy
Apache HTTPD, Hudson and Tomcat
Hudson Prefix
We want to see hudson running on servername/hudson/. The first step is to change the prefix hudson uses, so we get from servername:8080/ to servername:8080/hudson/. To do that pico /etc/default/hudson, add
–prefix=/hudson to below line.
HUDSON_ARGS="–webroot=/var/run/hudson/war –httpPort=$HTTP_PORT –ajp13Port=$AJP_PORT –prefix=/hudson"
sudo /etc/init.d/hudson force-reload
apt-get install apache2
apt-get install libapache2-mod-proxy-html
a2enmod proxy
a2enmod proxy_http
By default it is configured to deny all proxying, so edit /etc/apache2/mods-enabled/proxy.conf to allow proxying:
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
In your /etc/apache2/sites-enabled/ directory there should be some file like 000-default or similar, with settings for the site. Add proxy configurations in it for mapping the /hudson path on the website to localhost:8080/hudson:
pico /etc/apache2/sites-enabled/000-default
and add below:
###ProxyPass /hudson http://http:8080/hudson
ProxyPass /hudson http://127.0.0.1:8080/hudson
ProxyPassReverse /hudson http://127.0.0.1:8080/hudson
ProxyRequests Off
# Local reverse proxy authorization override
# Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
<Proxy http://127.0.0.1:8080/hudson*>
Order deny,allow
Allow from all
</Proxy>
Restart Apache2
/etc/init.d/apache2 force-reload
=====================================
IGNORE BELOW
=====================================
In situations where you have existing web sites on your server, you may find it useful to run Hudson (or the servlet container that Hudson runs in) behind Apache, so that you can bind Hudson to the part of a bigger website that you may have. This document discusses some of the approaches for doing this.
Make sure that you change the Hudson httpListenAddress from its default of 0.0.0.0 to 127.0.0.1 or any Apache-level restrictions can be easily bypassed by hitting the Hudson port directly.
mod_proxy
mod_proxy works by making Apache perform "reverse proxy" — when a request arrives for certain URLs, Apache becomes a proxy and further forward that request to Hudson, then it forwards the response back to the client.
The following Apache modules must be installed :
a2enmod proxya2enmod proxy_http
A typical set up for mod_proxy would look like this:
ProxyPass /hudson http://localhost:8081/hudsonProxyPassReverse /hudson http://localhost:8081/hudsonProxyRequests Off# Local reverse proxy authorization override# Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)<Proxy http://localhost:8081/hudson*>Order deny,allowAllow from all</Proxy>
This assumes that you run Hudson on port 8081.
 |
For this set up to work, the context path of Hudson must be the same between your Apache and Hudson (that is, you can't run Hudson on http://localhost:8081/ci and have it exposed at http://localhost:80/hudson).
Set the context path in Windows by modifying the hudson.xml configuration file and adding –prefix=/hudson (or similar) to the <arguments> entry. |
The ProxyRequests Off prevents Apache from functioning as a forward proxy server (except for ProxyPass), it is advised to include it unless the server should function as a proxy.
|
If you are running Apache on a Security-Enhanced Linux (SE-Linux) machine it is essential to make SE-Linux do the right thing by issuing as root
setsebool -P httpd_can_network_connect true If this is not issued Apache will not be allowed to forward proxy requests to Hudson and only an error message will be displayed. |
|
Because hudson already compress its output, you can not use the normal proxy-html filter to modify urls:
SetOutputFilter proxy-html Instead you can use the following: SetOutputFilter INFLATE;proxy-html;DEFLATE ProxyHTMLURLMap http://your_server:8080/hudson /hudson
http://wiki.uniformserver.com/index.php/Reverse_Proxy_Server_2:_mod_proxy_html_2 |
|
If there are problems with hudson sometimes servicing random garbage pages, then the following may help:
SetEnv proxy-nokeepalive 1 |
mod_proxy with HTTPS
If you'd like to run Hudson with reverse proxy in HTTPS, one user reported that HTTPS needs to be terminated at Hudson, not at the front-end Apache. See this e-mail thread for more discussion.
Alternatively, you can add an additional ProxyPassReverse directive to redirect non-SSL URLs generated by Hudson to the SSL side. Assuming that your webserver is your.host.com, placing the following within the SSL virtual host definition will do the trick:
ProxyRequests OffProxyPreserveHost On<Proxy http://localhost:8081/hudson*>Order deny,allowAllow from all</Proxy>ProxyPass /hudson http://localhost:8081/hudsonProxyPassReverse /hudson http://localhost:8081/hudsonProxyPassReverse /hudson http://your.host.com/hudson
Yet another option is to rewrite the Location headers that contain non-ssl URL's generated by Hudson. If you want to access hudson from https://www.example.com/hudson, placing the following within the SSL virtual host definition also works:
ProxyRequests OffProxyPreserveHost OnProxyPass /hudson/ http://localhost:8081/hudson/<Location /hudson/>ProxyPassReverse /Order deny,allowAllow from all</Location>Header edit Location ^http://www.example.com/hudson/ https://www.example.com/hudson/
mod_ajp/mod_proxy_ajp
More info welcome. Probably we should move the contents from here
I wanted to have Hudson running in a different workspace than my normal Tomcat server, but both available via the Apache web server. So, first up, modify Hudson to use a different web and ajp port than Tomcat:
HTTP_PORT=9080AJP_PORT=9009...nohup java -jar "$WAR" --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT --prefix=/hudson >> "$LOG" 2>&1 &
Then setup Apache so that it knows that the prefix /hudson is being served by AJP in the httpd.conf file:
LoadModule jk_module libexec/httpd/mod_jk.soAddModule mod_jk.c#== AJP hooks ==JkWorkersFile /etc/httpd/workers.propertiesJkLogFile /private/var/log/httpd/mod_jk.logJkLogLevel infoJkLogStampFormat "[%a %b %d %H:%M:%S %Y] "JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectoriesJkRequestLogFormat "%w %V %T"# Here are 3 sample applications - 2 that are being served by Tomcat, and HudsonJkMount /friki/* worker1JkMount /pebble/* worker1JkMount /hudson/* worker2
Then finally the workers.conf file specified above, that just tells AJP which port to use for which web application:
# Define 2 real workers using ajp13worker.list=worker1,worker2# Set properties for worker1 (ajp13)worker.worker1.type=ajp13worker.worker1.host=localhostworker.worker1.port=8009worker.worker1.lbfactor=50worker.worker1.cachesize=10worker.worker1.cache_timeout=600worker.worker1.socket_keepalive=1# Set properties for worker2 (ajp13)worker.worker2.type=ajp13worker.worker2.host=localhostworker.worker2.port=9009worker.worker2.lbfactor=50worker.worker2.cachesize=10worker.worker2.cache_timeout=600worker.worker2.socket_keepalive=1worker.worker2.recycle_timeout=300
mod_rewrite
Some people attempted to use mod_rewrite to do this, but this will never work if you do not add a ProxyPassReverse.
See the thread if you'd like to know why.
The following Apache modules must be installed :
a2enmod rewritea2enmod proxya2enmod proxy_http
A typical set up for mod_rewrite would look like this:
# Use last flag because no more rewrite can be applied after proxy passRewriteRule ^/hudson(.*)$ http://localhost:8081/hudson$1 [P,L]ProxyPassReverse /hudson http://localhost:8081/hudsonProxyRequests Off# Local reverse proxy authorization override# Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)<Proxy http://localhost:8081/hudson*>Order deny,allowAllow from all</Proxy>
This assumes that you run Hudson on port 8081. For this set up to work, the context path of Hudson must be the same between your Apache and Hudson (that is, you can't run Hudson on http://localhost:8081/ci and have it exposed at http://localhost:80/hudson)
The ProxyRequests Off prevents Apache from functioning as a forward proxy server (except for ProxyPass), it is advised to include it unless the server should function as a proxy.
======================
RewriteEngine onRewriteCond %{REQUEST_URI} !^/Concentration/RewriteRule ^(.*)$ /Concentration/$1 [P,L]