Can you have two separate apache servers running on the same system in parallel, as long as they make use of different ports?
I have a system I need to install JIRA on, but the system is already in-use and running an Apache server for a separate project. The JIRA installer comes with a pre-configured apache tomcat server. If I just installed JIRA, would I run into a problem from the pre-existing apache server?
If you’re asking about running two Apache Tomcat instances, then this is not a problem. Moreover you can share the same CATALINA_HOME between many separate instances of Tomcat, each with own CATALINA_BASE. I’m often running separate Tomcat instance per application on production servers. See this init script for a hint about parameters.
But if you’re asking about running Apache HTTP Server and Apache Tomcat on the same server, then it’s a little bit trickier. Commonly used approach is to use a web server (Apache HTTP, nginx, …) as a reverse proxy in front of Tomcat. Then many applications can run under the same port and IP address. In case of Apache HTTP Server, see mod_proxy_ajp.
Apache HTTPD and Tomcat are 2 different servers. Also, JIRA doesn't run on port 80 so in this case there will not be a conflict for port numbers. If you want to expose your JIRA on port 80, you can use mod_proxy for the Apache HTTPD to relay the requests to the actual port JIRA is running on, so that it is transparent to the user.
So basically: Yes, you can run both Apache HTTPD and Apache Tomcat on the same machine if not using the same port.
Related
I was wondering if it's possible to use Apache to request websites on a local network, with apache being the gateway so to speak? On my home network I currently have a Windows box running an ASP.NET site, it has to run under Windows/IIS, a server I'm not particularly fond of, but I can live with it... Alongside this I'm thinking about running an Apache server on a separate machine, for my PHP applications, as well as some other applications (e.g. Plex).o
Ideally I'd like to have Apache on port 80, listening for requests, and using the sort of functionality I have with a virtual hosts file to load content from another webserver on my network, that isn't directly accessible through it's own port. I know I could just run PHP under IIS, or move one server to another port, but there's no fun in that!
I would like to setup mod_security as a stand alone instance protecting Tomcat instances against web application attacks. Would anyone know the pros and cons of doing this via installing mod_security as an Apache module versus installing mod_security on a reverse proxy? Has anyone implemented mod_security in either of these fashions? And if so is one preferred over the other?
There's really no difference in your two options. What non reverse proxy would you install the module on to protect Tomcat?
The question doesn't really make sense as they are both the same to you.
If you already have an Apache server, then you install ModSecurity in one of two ways:
In embedded mode by installing ModSecurity as module in the existing Apache instance you already have. The advantages are that you won't have to set up a separate Apache instance, and that the ModSecurity will have access to the environment that Apache runs under (so can see environment variables for example or log to same log files).
In a reverse proxy mode. This involves setting up a separate Apache instance, with ModSecurity on it only, and funnel all requests through it, before sending on the requests to your normal Apache. The advantages here are a dedicated web server just for ModSecurity, so you will not share resources with your existing version of Apache, if it is already resource hungry. Disadvantages are that it doubles your infrastructure and the complications that brings.
Personally I prefer option 1.
However, as you want to set up a dedicated web server in front of TomCat, the two options are identical for you. The new instance of Apache (or Nginx) that you set up will be running it in embedded mode and will act as a reverse proxy to your Tomcat server.
Personally I always think it's best to run a dedicated web server like Apache in front of any app server like Tomcat - especially on a public facing website. Granted Tomcat does include a pretty good web server (called Coyote), which may serve most of your web server needs, but a dedicated web server like Apache is more geared towards serving static content and contains other features for performance and security which make it a better end point server (including the ability to run ModSecurity for example!).
And just in case there is any confusion, Apache is actually short for Apache HTTP Server, and is sometimes called Apache httpd after the process that it runs. It is Apache's most popular bit of software hence why the name gets shortened, but Apache actually have lots of bits of software (including Apache Tomcat - usually shortened just to Tomcat).
when https is used on openshift, is my tomcat behind an apache server?
I mean does my clients connect to my tomcat directly or they connect to the apache server, and then the apache server connect to my tomcat through AJP connector?
If apache is the man in the middle, then I will not get my clients' IP address directly, but with x-forward http header. And I lose the control over certificate verification and trust management. At present, I am using mochahost's server. https does not get to my tomcat, but intercepted by an apache. I hate this.
Previously, I used another hosting service, even 2 apache servers are at front of my tomcat server. Even more ridiculous that 2 apache servers and my tomcat servers are on the same machine. This kind of configuration can only show the system architecture does not have the right ability to manage the whole thing.
By the way, I am talking about the Bronze/Silver plan. I guess Openshift is not different though I have not tried it yet. Anyone has a clear answer to my question?
https is against the man in the middle, but with tomcat server, in this world, there is no service that you can avoid the man in the middle. It is not because technology does not allow, but the people in charge does not really understand the thing, so not able and not willing to provide the right service.
I want to ask: if you use tomcat server, is there any hosting service provider who does not act as a man in the middle? No. There is none on this world at present (May 2014)!
jack
There is an apache reverse proxy located in front of your tomcat instance that does ssl termination. The Apache instance is at the node level, then tomcat runs on your gear.
This is my problem:
I have a JBoss server (Running an existing app) and a Apache Tomcat (Running an app created by me) server running on the same server with different ports.
I have two subdomain names which i have routed to the IP of the server.
What i need to do is to bind the subdomain names to the IP, but with different ports.
I saw an easy way to do it with XAMPP and apache, editing the httpd.conf, but i can't find any simular fway to do it with Apache Tomcat or JBoss.
Does anyone have any ideas about this?
I rather have a solution on the question above, but the question below can be accepted as a backup solution:
Since i could not figure that out, i had to at least have a solution to one of the applications (the one running at JBoss).
So i configured JBoss to port 80 instead of 8080.
What happens now if i go to the subdomains is that i get the JBoss welcome window.
How can i change the default JBoss "app" to my app?
Thanks in advance
There's no way to get this:
sub1.domain.com(192.168.0.1) on port 80 --> jboss app
sub2.domain.com(192.168.0.1) on port 80 --> tomcat app
without either adding to or subtracting from your software stack.
Your options are:
use jboss to run your tomcat app
add a reverse-proxy
use an HTTP-aware layer 7 firewall
The first is probably easiest; jboss deploys web applications using tomcat (or, in more recent versions, a fork of tomcat called jbossweb), so you can probably just drop your .war into the deploy directory.
If that's not possible for some reason, I'd use a reverse-proxy. Apache HTTPD with mod_proxy or mod_jk is fairly common. If you go the mod_jk route and you have non-trivial load, I'd review this.
The last I'm not familiar with. I imagine that the spendy Cisco firewalls can do this, and I'm sure it's possible to hack iptables to do it too, but my google-fu failed to find specifics.
Recently our Software Analytic provider (NETTRACKER) sent us a plugin in order to be able to capture visitors in a better way. This plugin is for Apache 1.x and Apache 2.x. They said and I quote
that since Apache Tomcat is built on Apache HTTP server the configuration of the plugin should be the same.
I have looked for a httpd.conf in our tomcat deployment but we cannot find one, the only configuration that is similar to that one is the server.xml under the /conf directory.
If someone has better information regarding these two incredible products (Apache HTTP server and Apache Tomcat) I will greatly appreciate to draw the differences.
EDIT:
In case you are curious we know that Apache Web Server and Tomcat can work together using the mod_jk option and other proxys. But this will be too complex for our deployment.
Apache Tomcat and Apache HTTP are completely different server technologies. It is impossible to use a plugin for Apache HTTP server with Tomcat.
Apache HTTP server is developed in C and so are the plug-ins. On the contrary Tomcat is now completely developed in Java. Tomcat doesn't only serve static content, but it can also serve JSP pages and servlets.
Tomcat is used for hosting Java Web Applications. It can sure serve static content - you can host a web application using only Tomcat. Secure connections are supported and the performance is also very good (comparable with the performance of HTTP server).
A plain installation of Apache serves static content. Using the appropriate plug-ins, HTTP requests can be redirected to an application server (Tomcat, JBoss, Glassfish) or a script language interpreter (PHP). With this way dynamic content can be generated. The big advantages of Apache are the numerous plug-ins available, which allows administrators to configure and monitor web sites any way they want and that is the most widespread server available. This makes it the most secure solution, since it is thoroughly tested and any discovered flaw is corrected very quickly.
The best solution would be to use Tomcat proxied by an Apache server. It isn't so difficult to set up. If you can't do this, then you can't take advantage of Apache's plug-ins.
You see this confusion all the time. Many people think that Apache is a web server where in reality it is the name of an organization that has a web server project called "The Apache HTTP Server Project". In short the web server is called HTTPD (D as in daemon or Unix process).
Tomcat is another Apache project. This project implements a Java servlet engine to serve JSP pages and servlets. Tomcat and HTTPD have nothing to do with each other. However, you can set up HTTPD and Tomcat so that they work together. This way you can have HTTPD serve all static content, do URL rewriting and much more fancy stuff that the built in Tomcat web server can't do (or can't do very well). Whenever a JSP page is requested, HTTPD will pass the request on to Tomcat. Tomcat will process the request and will hand the output back to HTTPD which in turn will send it to the client.
Apache has many interesting projects. E.g. there is also a project called Geronimo which is a Java Enterprise server (J2EE). You can e.g. choose to embed Tomcat inside Geronimo to handle requests for JSP's and servlets where Geronimo does the more enterprisy stuff (LDAP, Messaging etc.). And you guessed it probably already, you can use HTTPD as a static content server for Geronimo as well.
totally bogus. Apache httpd plugins are written in C, Tomcat is pure Java.
Tomcat is a Java servlet engine. It can be hosted under Apache or IIS or quite a number of other external facing web servers. It sounds like you may be currently running your Tomcat instance standalone...
If you serve the JSP/servlets off of port 8080 and have it do things standalone, on the same host machine that Apache is running on, this can allow you to have them loosely coupled. Having multiple web servers fielding independent requests is not recommended, especially if you want to use server-based authentication along with Apache. Typically, you have one outside facing server that shepherds everything through it... Apache does this quite well, and the plugin you mention probably relies on this type of setup (everything gets wired through Apache) for its features/capabilities, based on your brief description of it.
If you would like to serve up your Tomcat servlets under Apache, you could configure apache to forward a class of URIs to your tomcat server instances. you could achieve this type of forwarding through mod_rewrite. this is a slower option performance-wise, as it adds slight overhead on everything you server up. You could also proxy incoming requests via a CGI mechanism similarly, from Apache to Tomcat.
mod_jk will simplify deployment and increase performance for placing Tomcat into an Apache server config. It is pretty painless to configure if you follow the docs, so I am not sure what you mean by "too complex" for your deployment -- if you want Apache and have Tomcat already, it would seem only a matter of slight config changes to get mod_jk downloaded and installed.