I struggle to find a way to disable the trace/track option on one of my RHEL7 servers which is controlled by puppet.
I'm using apache module of puppetlabs.
I want to disable TraceEnable in the httpd.conf file on a single server and not to all servers managed by puppet.
The directive I need to add using puppet is:
TraceEnable Off
I have the YAML file for the server in the location:
/etc/puppetlabs/code/environments/test/data/node/server1.yaml
I can edit this file to apply the config on this server only but I don't know what to put in it.
How to call the HTTP module and how to right the directive in the YAML file?
The reference documentation for the puppetlabs-apache module is available from the Puppet Forge. It would tell you that the main class of that module (apache) has a parameter trace_enable, which controls exactly the httpd configuration property you want to manage:
Controls how Apache handles TRACE requests (per RFC 2616) via the
TraceEnable directive.
Default value: 'On'
Provided that your manifest set is not explicitly specifying a value for that parameter, you should be able to customize it on a per-node basis by setting the apache::trace_enable key in node-specific hiera data. For example, if the node specific data for the node you want to configure is environments/production/data/node/server1.yaml, then in that file, include the line
apache::trace_enable: 'Off'
Related
I want to setup Apache and Glassfish on Ubuntu 16.04 server.
I have installed
apache2
libapache2-mod-jk
glassfish
The following are the steps I have followed
Configuring the MPM module
Set MaxRequestWorkers to 400 in /etc/apache2/mods-available/mpm_event.conf
Configuring the JK Module
<IfModule mod_jk.c>
JkWorkersFile /usr/share/glassfish4/glassfish/domains/<domain-doamin1>/config/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel error
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
JkMountCopy all
</IfModule>
JkMount /myapp/* ajp13
<Location "/myapp/WEB-INF/">
require all denied
</Location>
Create a workers.properties file in your GlassFish domain's config directory
worker.list=ajp13
worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009
# load balancing only: worker.ajp13.lbfactor=50
connection_pool_size=10
connection_pool_timeout=600
worker.ajp13.socket_keepalive=False
worker.ajp13.socket_timeout=30
Create the JK listener in GlassFish using these commands
asadmin create-http-listener --listenerport 8009 --listeneraddress 0.0.0.0 --defaultvs server jk-listener
asadmin set server-config.network-config.network-listeners.network-listener.jk-listener.jk-enabled=true
then I restarted glassfish domain successfully but when i try to restart apache2 with sudo /etc/init.d/apache2 restart I get the error below
[....] Restarting apache2 (via systemctl): apache2.serviceJob for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
failed!
This error occurs when I edit the file jk.conf located under /etc/apache2/mods-available/jk.conf
Where am I going wrong. Is there a complete guide to accomplishing this? Finally the newer apache2 doesn't have the file httpd.conf and all the tutorials allover the Internet rely upon this file. Thanks in advance.
Since your objective is just to forward requests from Apache to GlassFish, not to loadbalance requests from Apache to multiple GlassFish servers, I would recommend avoiding mod_jk. You can certainly achieve your goal with it, but if you are new to the concepts involved, you will find it difficult to understand and maintain.
Instead you can use mod_proxy and, optionally, mod_proxy_ajp.
First, a definition:
AJP vs HTTP
AJP is a protocol like HTTP, but binary rather than text based. It has no secure/insecure options like HTTPS/HTTP since it is normally used behind a firewall and performs much better than HTTP for these scenarios. When you mark any GlassFish network listener as jk-enabled, you are enabling AJP communication, rather than HTTP.
You've installed Apache via the ubuntu apache2 package which has its own example structure to configuration which is different to the layout you would get if you downloaded and unzipped it. This has advantages, but we need to understand the Apache configuration file before getting to that.
Apache Configuration
Generally, you will see internet guides refer to httpd.conf as the configuration file to edit. This is just the default "parent" configuration file. In Debian/Ubuntu systems (and their derivations, like Linux Mint), the file to look for is apache2.conf.
This file is read, and its directives applied, from top to bottom, so if you have set the same property to two different values, the second will apply. (More accurately, they will both apply but the first will only apply until the second setting is read).
This file can also specifically "include" files and folders (where any *.conf file in an included folder will be included). These will be read in and merged with the main configuration at the point where the "include" statement is written. So the very last line in the main configuration file (if it is not specifying another file) will be the last line of configuration to be set, no matter what.
Debian config layout
I would highly recommend you read the opening comment in the apache2.conf file, since it will tell you all you need to know about the layout. Suffice it to say that keeping all the config in one file is very painful to maintain. The Debian package separates configuration into three categories:
sites
Sites are single configuration files for a website or web project. This could be anything: PHP, static HTML or a Java EE application deployed to an app server like GlassFish.
mods
Modules are subdivided into *.load files which load the actual libraries needed to run them, and *.conf files which have global configuration for the modules. Note that this configuration applies to every site that uses the module, so it is best to put any site/app specific module configuration in the appropriate site.conf file
conf
These files are just for any other general configuration which fits into a nice group. This could be SSL configuration like keystore and truststore locations.
When you look at the directory structure, you will see that each of these have 2 folders: *-available and *-enabled. This is because the Debian Apache package comes with 6 helper tools, a2ensite and a2dissite; a2enmod and a2dismod; a2enconf and a2disconf. The idea is that you follow these rules:
Never directly edit the apache2.conf file
only ever add or change files in the *-available folders
Use the helper tools to enable or disable sites/modules/conf files.
Answer
So to (finally) answer your question, I would do the following steps:
Enable mod_proxy_ajp
a2enmod mod_proxy_ajp
Create a new myApp.conf in sites-available. You can copy the default one, which is a good example. Assuming you have just want to forward all requests to GlassFish, you can use the default VirtualHost settings of ` which will process a request for any hostname on port 80. Use port 443 if you want to add HTTPS.
Add ProxyPass and ProxyPassReverse directives to the location of your server. If Apache and GlassFish are on the same server, it is likely you will want to use ajp://localhost:8080
ProxyPass / ajp://host_name:0000
ProxyPassReverse / ajp://host_name:0000
Note: This assumes you are using AJP. If that causes you problems, switch to HTTP by changing ajp to http above and disabling the jk-listener in GlassFish.
Once you have completed your myApp.conf configuration, remember to disable the default site:
a2dissite 000-default-site.conf
And enable your new site:
a2ensite myApp.conf
Those commands will appropriately modify the main apache2.conf and create the appropriate links in the sites-enabled folder.
That should be all you need. Now, everything that points to your hostname after the root / of the URL will be forwarded to the root context / of GlassFish.
I have an apache server configured with multiple NameVirtualHosts running on the same IP. This all works fine.
However, because of the "include conf.d/*" directive, apache also picks up config for cacti and phpmyadmin, which add in aliases for /cacti and /phpmyadmin, and those aliases appear to be valid for all virtualhosts. That is to say, I can go to http://firstvirtualhost/cacti and also http://secondvirtualhost/cacti, and I get the same page.
In my case, the default namevirtualhost is publicly visible, and I do not want tools like phpmyadmin or cacti to be visible under that URL
In fact, I don't want any random package to be able to make itself visible across all virtualhosts simply by creating a file for itself in conf.d.
You have to delete the line include conf.d from the global Apache configuration file, and optionally add it to your own private virtual host configuration file.
I recently installed apache2 on ubuntu but I have a problem, my httpd.conf is empty. Can someone give me a clean copy of httpd.conf for apache2 on ubuntu?
Thanks!
Edit: I saw your answers but on wampserver httpd.conf is not empty and as you mentioned it is for user options. SO what should I do?
Edit2 : That's what I got on my apache2.conf, how I add modules, enable gzip and all of that?
[Deleted the contents, as they render the question unreadable and are useless, because that were the default Apache2 configuration under Ubuntu.]
The /etc/apache2/httpd.conf is empty in Ubuntu, because the Apache configuration resides in /etc/apache2/apache2.conf!
“httpd.conf is for user options.” No it isn't, it's there for historic reasons.
Using Apache server, all user options should go into a new *.conf-file inside /etc/apache2/conf.d/. This method should be "update-safe", as httpd.conf or apache2.conf may get overwritten on the next server update.
Inside /etc/apache2/apache2.conf, you will find the following line, which includes those files:
# Include generic snippets of statements
Include conf.d/
As of Apache 2.4+ the user configuration directory is /etc/apache2/conf-available/. Use a2enconf FILENAME_WITHOUT_SUFFIX to enable the new configuration file or manually create a symlink in /etc/apache2/conf-enabled/. Be aware that as of Apache 2.4 the configuration files must have the suffix .conf (e.g. conf-available/my-settings.conf);
It's empty by default. You'll find a bunch of settings in /etc/apache2/apache2.conf.
In there it does this:
# Include all the user configurations:
Include httpd.conf
OK - what you're missing is that its designed to be more industrial and serve many sites, so the config you want is probably:
/etc/apache2/sites-available/default
which on my system is linked to from /etc/apache2/sites-enabled/
if you want to have different sites with different options, copy the file and then change those...
It seems to me, that it is by design that this file is empty.
A similar question has been asked here:
https://stackoverflow.com/questions/2567432/ubuntu-apache-httpd-conf-or-apache2-conf
So, you should have a look for /etc/apache2/apache2.conf
I'm running tomcat and I want to change the default webroot so that it points to another location. Is there a way to find out what's running tomcat or where the default webroot is set as I can't find httpd.conf which is where I believe it's usually set?
Cheers,
Alexei Blue.
**UPDATE:**
It's been a long time since I looked at this question that I forgot about it. In the end it turned out that we were using Apache HTTPD to accept requests from port 80. From there we had the webroot and ProxyPass rules set in the /etc/httpd/conf/virtual-hosts/default.conf file (these can also be set in /etc/httpd/conf/httpd.conf). From there we had several tomcat instances running, all hosted on different ports which are setup in apache-tomcat-x/conf/server.xml.
When I wrote this question I was trying to setup a new tomcat instance to run an application in development and was told I would need to change the webroot to access my application, which was incorrect. Instead what I needed was to include a ProxyPass rule so that when my application name was recognised in the URL, HTTPD would send the request to the correct tomcat instance to be processed.
E.g.
www.domain.com/myApplication
In /etc/httpd/conf/virtual-hosts/default.conf
ProxyPass /myApplication/ ajp://127.0.0.1:<ajp_port>/myApplication/
ProxyPassReverse /myApplication/ ajp://127.0.0.1:<ajp_port>/myApplication/
Where the ajp_port is setup in apache-tomcat-x/conf/server.xml. I needed to ensure that non of the ports conflicted with other tomcat instances so remember to check all ports i.e. Shutdown, HTTP, HTTP with SSL, AJP etc.
Tomcat doesn't use httpd.conf, that is an apache file. The location of the individual webapps are kept in their individual web.xml files, but the location of all the configs are in ../tomcat6/conf/server.xml and web.xml
Is it where the files come from you want to move, or where it compiles and executes them from?
As #Woody says, Tomcat does not use httpd.conf files: that's an Apache httpd thing (httpd is a web server, Tomcat is a Java application server).
You didn't mention what OS you are using or what package management software you are using (e.g. yum, apt, etc.) so I'll give you generic information as if you had downloaded and installed Tomcat directly from apache.org (which I usually recommend people do for a number of reasons).
Tomcat keeps its server-wide configuration in the conf/server.xml file in the Tomcat base installation directory (often called $CATALINA_BASE for convenience): here, you configure things like what types of connectors (e.g. HTTP, HTTPS, AJP, etc.) to use and which ports they should listen to, clustering configuration, session persistence, global JNDI and realm resources. There are also conf/web.xml and conf/context.xml files that define defaults for all webapps deployed on that instance of Tomcat, but it's best to leave those files alone unless you have a really good reason to modify them.
When you want to deploy a webapp (under the default configuration), all you need to do is drop a .WAR file into the $CATALINA_BASE/webapps/ directory and the webapp will be deployed into a "context path" (aka URL prefix) that matches the name of the file minus the ".WAR" suffix. So, if you have a WAR file called mygreatwebapp.war, then it will be deployed such that your clients can reach it at http://yourhost/mygreatwebapp/. There is a special name you can give a WAR file so that it has an empty context path: if you name your WAR file ROOT.war (case matters), then your webapp can be reached at http://yourhost/. (If you would rather use exploded-WAR directories instead of WAR files, everything above still applies except the directories simply don't have the .war extension).
Given your original question, it sounds like all you want to do is drop a ROOT.war file into $CATALINA_BASE/webapps (or replace the one that is already there): this will deploy whatever webapp you want into the URL space that you might call the "default webroot".
Update
If you want to change the directory where all the webapps live for a host, you can modify $CATALINA_BASE/conf/server.xml and change the <Host>'s appBase attribute to point to, say, /cfusion/main/www/. That will deploy all the WAR files and directories in /cfusion/main/www/ as separate webapps.
If you just want to serve a single webapp from an arbitrary location, you may create a deployment file under $CATALINA_BASE/conf/[EngineName]/[HostName]/[appname].xml. This is a standard file like META-INF/context.xml and contains a <Context> element except that you will have to specify a docBase which points to your webapp (e.g. /cfusion/main/www/mywebapp).
I have setup Apache2 with SSL on a Debian Linux (squeeze) box. In the /etc/apache2/sites-available/default-ssl the SSL Engine is already configured and working. Packages with web software often come with an extra pkg-apache.conf file with some virtualhost, alias and directory directives. How could I make such package available via https without putting the content of pkg-apache.conf into default-ssl? Adapting the to *:433 results in load errors.
You can use the Include directive within your SSL virtual host to point to your extra configuration file. You'll need to make sure that the directives within that extra file can be used within a VirtualHost section.