I have configured mod_jk to allow load balance. I want to know if more workers could be dynamically added to workers.properties while apache is running?
No. workers.properties file is configured in some .conf files, to make change to .conf file take effect, you need to restart Apache.
See the thread about mod_jk configuration:
http://milestonenext.blogspot.de/2012/09/ssl-offloading-with-modjk-part-1.html
Related
I want to setup Apache and Glassfish on Ubuntu 16.04 server.
I have installed
apache2
libapache2-mod-jk
glassfish
The following are the steps I have followed
Configuring the MPM module
Set MaxRequestWorkers to 400 in /etc/apache2/mods-available/mpm_event.conf
Configuring the JK Module
<IfModule mod_jk.c>
JkWorkersFile /usr/share/glassfish4/glassfish/domains/<domain-doamin1>/config/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel error
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
JkMountCopy all
</IfModule>
JkMount /myapp/* ajp13
<Location "/myapp/WEB-INF/">
require all denied
</Location>
Create a workers.properties file in your GlassFish domain's config directory
worker.list=ajp13
worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009
# load balancing only: worker.ajp13.lbfactor=50
connection_pool_size=10
connection_pool_timeout=600
worker.ajp13.socket_keepalive=False
worker.ajp13.socket_timeout=30
Create the JK listener in GlassFish using these commands
asadmin create-http-listener --listenerport 8009 --listeneraddress 0.0.0.0 --defaultvs server jk-listener
asadmin set server-config.network-config.network-listeners.network-listener.jk-listener.jk-enabled=true
then I restarted glassfish domain successfully but when i try to restart apache2 with sudo /etc/init.d/apache2 restart I get the error below
[....] Restarting apache2 (via systemctl): apache2.serviceJob for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
failed!
This error occurs when I edit the file jk.conf located under /etc/apache2/mods-available/jk.conf
Where am I going wrong. Is there a complete guide to accomplishing this? Finally the newer apache2 doesn't have the file httpd.conf and all the tutorials allover the Internet rely upon this file. Thanks in advance.
Since your objective is just to forward requests from Apache to GlassFish, not to loadbalance requests from Apache to multiple GlassFish servers, I would recommend avoiding mod_jk. You can certainly achieve your goal with it, but if you are new to the concepts involved, you will find it difficult to understand and maintain.
Instead you can use mod_proxy and, optionally, mod_proxy_ajp.
First, a definition:
AJP vs HTTP
AJP is a protocol like HTTP, but binary rather than text based. It has no secure/insecure options like HTTPS/HTTP since it is normally used behind a firewall and performs much better than HTTP for these scenarios. When you mark any GlassFish network listener as jk-enabled, you are enabling AJP communication, rather than HTTP.
You've installed Apache via the ubuntu apache2 package which has its own example structure to configuration which is different to the layout you would get if you downloaded and unzipped it. This has advantages, but we need to understand the Apache configuration file before getting to that.
Apache Configuration
Generally, you will see internet guides refer to httpd.conf as the configuration file to edit. This is just the default "parent" configuration file. In Debian/Ubuntu systems (and their derivations, like Linux Mint), the file to look for is apache2.conf.
This file is read, and its directives applied, from top to bottom, so if you have set the same property to two different values, the second will apply. (More accurately, they will both apply but the first will only apply until the second setting is read).
This file can also specifically "include" files and folders (where any *.conf file in an included folder will be included). These will be read in and merged with the main configuration at the point where the "include" statement is written. So the very last line in the main configuration file (if it is not specifying another file) will be the last line of configuration to be set, no matter what.
Debian config layout
I would highly recommend you read the opening comment in the apache2.conf file, since it will tell you all you need to know about the layout. Suffice it to say that keeping all the config in one file is very painful to maintain. The Debian package separates configuration into three categories:
sites
Sites are single configuration files for a website or web project. This could be anything: PHP, static HTML or a Java EE application deployed to an app server like GlassFish.
mods
Modules are subdivided into *.load files which load the actual libraries needed to run them, and *.conf files which have global configuration for the modules. Note that this configuration applies to every site that uses the module, so it is best to put any site/app specific module configuration in the appropriate site.conf file
conf
These files are just for any other general configuration which fits into a nice group. This could be SSL configuration like keystore and truststore locations.
When you look at the directory structure, you will see that each of these have 2 folders: *-available and *-enabled. This is because the Debian Apache package comes with 6 helper tools, a2ensite and a2dissite; a2enmod and a2dismod; a2enconf and a2disconf. The idea is that you follow these rules:
Never directly edit the apache2.conf file
only ever add or change files in the *-available folders
Use the helper tools to enable or disable sites/modules/conf files.
Answer
So to (finally) answer your question, I would do the following steps:
Enable mod_proxy_ajp
a2enmod mod_proxy_ajp
Create a new myApp.conf in sites-available. You can copy the default one, which is a good example. Assuming you have just want to forward all requests to GlassFish, you can use the default VirtualHost settings of ` which will process a request for any hostname on port 80. Use port 443 if you want to add HTTPS.
Add ProxyPass and ProxyPassReverse directives to the location of your server. If Apache and GlassFish are on the same server, it is likely you will want to use ajp://localhost:8080
ProxyPass / ajp://host_name:0000
ProxyPassReverse / ajp://host_name:0000
Note: This assumes you are using AJP. If that causes you problems, switch to HTTP by changing ajp to http above and disabling the jk-listener in GlassFish.
Once you have completed your myApp.conf configuration, remember to disable the default site:
a2dissite 000-default-site.conf
And enable your new site:
a2ensite myApp.conf
Those commands will appropriately modify the main apache2.conf and create the appropriate links in the sites-enabled folder.
That should be all you need. Now, everything that points to your hostname after the root / of the URL will be forwarded to the root context / of GlassFish.
I have an Apache httpd and a Tomcat server connected together using mod_proxy.
I need to add both a ProxyPass and ProxyPassReverse to my httpd.conf and vhost.conf for each of my REST-style functions to configure the reverse proxy.
Is there any possibility to configure these dynamically?
You can't really dynamically-configure mod_proxy, nor would you want to do so, because you want the configuration to stay on the disk so you can reload it, survive server restarts, etc.
What you could do is include a separate file (or whole directory) each of which contains the configuration for a single function. You could have your build process auto-generate the configuration file(s) for all your functions. Just place those files in the right places and reload Apache httpd.
I'm trying to set up the Tomcat 7 connector mod_jk.so on OS X (10.8.3) so that calls to Tomcat will go through httpd from apache 2.2. The file mod_jk.so is in place. But where does workers.properties go? The instructions at http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html just don't seem to say.
I know you're now using mod_proxy but I'm answering this for the record, at least to include the info when your *nix packaging framework is involved.
In Debian, the package apache2 installs apache with the configuration directory /etc/apache2/mods-available and the seperate package libapache2-mod-jk places an apache config file in this directory called jk.conf, which gets pulled in by apache at start-up.
jk.conf has the JkWorkersFile directive.
The libapache2-mod-jk package also installs a workers.properties file under /etc/libapache2-mod-jk.
So for OS X, you put your workers.properties file anywhere, e.g. rationally in the same dir as the httpd.conf, and then you have to put the directive either in your httpd.conf file, or that might contain an Include to pull in everything in a directory, e.g. conf.d where you can put custom stuff in your own files that won't get interfered with at package upgrades.
Please put your workers.properties file according to your JkWorkersFile configuration:
JkWorkersFile /etc/httpd/conf/workers.properties
I had the same problem. But later I found that I should first look whether I am using mod_jk.so or mod_proxy_ajp in httpd.conf. I turned out to be tha later one. So instead of editing the worker.properties, which I don't have, I should edit the httpd.conf: Add a ProxyIOBufferSize directive to Apache httpd's configuration.
ProxyIOBufferSize 65536
Hope it helps.
Ref: Here at the bottom of the page.
I have both Apache 2 and JBoss 4.2.3 on the same machine and would like both of them to use port 80. There are several ways I see people doing this mod_jk, mod_proxy, but I'm not sure which one is the best.
I don't need any load balancing, but I do need HTTPS.
You can't have two applications listening to the same tcp port (80) at the same time. You can use mod_jk to have http requests on port 80 routed from Apache server to the JBoss server. This is the method I am most familiar with and prefer. mod_proxy should also work, but I find that method a little more complicated.
Configuring https on Apache is probably best dealt with as a separate topic. There are issues with purchasing a ssl certificate, creating a self-signed certificate, etc.
There are two steps to accomplish configure mod_jk to route requests from the Apache server to the JBoss server:
Configure the Apache web server to forward some requests to the JBoss server.
The Apache configuration will vary depending on the distribution of Apache that you are using (windows, RHEL, debian, built from source, etc.) but the concepts should be similar for any Apache installation.
You need to download mod_jk for your platform from the tomcat web site:
http://tomcat.apache.org/download-connectors.cgi
Your OS vendor may provide a binary for you, so check there first. You may also compile mod_jk yourself if you prefer.
Copy the mod_jk binary (mod_jk.so for Linux/UNIX system, not sure about windows) into your Apache servers modules directory (this depends on the Apache distribution you are using).
Add the equivalent directive to your Apache configuration:
LoadModule jk\_module /usr/lib/apache2/modules/mod\_jk.so
You should add two configuration files to the Apache configuration directory: mod_jk.conf and workers.properties. You should include mod_jk.conf from the main Apache configuration file:
Include /etc/apache2/mod\_jk.conf
The workers.properties file is included by mod_jk.conf with the JkWorkersFile directive.
More detailed settings for mod_jk.conf can be found at the tomcat documentation page:
http://tomcat.apache.org/connectors-doc/reference/apache.html
The important directives are:
JkWorkersFile (specifies where the workers.properties file lives)
JkMount (mount point for mapping of URI to tomcat worker)
An example:
JkWorkersFile /etc/apache2/workers.properties<br>
JkMount /examples/* myworker<br>
JkMount /examples myworker
These directives map the /examples and /examples/ URI to the myworker tomcat worker.
Conceptually you can think of a worker as representing a tomcat or JBoss instance and the mount as a way of mapping a URI to a worker. This way of representing things allows one Apache server to be the front end for several tomcat or JBoss servers. This can be handy if you have only one IP address you can use but wish to run several application servers behind one Apache server.
The workers.properties files describes the tomcat or JBoss server(s) that the Apache server will connect to. Important entries in this file are:
worker.list=myworker<br>
worker.tomcat.type=ajp13<br>
worker.tomcat.host=localhost<br>
worker.tomcat.port=8009
There are other worker properties that can be found in the tomcat documentation page for the workers.properties file:
http://tomcat.apache.org/connectors-doc/reference/workers.html
Configure the JBoss server to accept connections from the Apache server
The JBoss server is configured to accept mod_jk connections on port 8009 (the default ajp port) out of the box, but it is good to know where to configure this in case you want to change any of this in the future.
The configuration is in the tomcat based portion of the JBoss server located in ${JBOSS_SERVER_CONFIGURATION}/deploy/jbossweb.sar/server.xml. This is for JBoss AS 5.1.0.GA, previous versions are in a similar location. The mod_jk connector is configured in the Connector section for the AJP 1.3 protocol and looks like:
<Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}" redirectPort="8443" />
The most common reason to modify this section is if you have multiple tomcat or JBoss servers connecting to apache via the AJP protocol, you can adjust the port number that the AJP connector will listens on so there are no conflicts.
I'm working on my first Java site. I'm running Apache Tomcat on port 8080, and Apache HTTPD on port 80. The current URL that I can access the site at is (for example) 123.4.5.6:8080. I want to remove the port number from the URL before I point the domain at the new IP.
At the moment I am only using Apache for phpmyadmin, however I plan on using it for CGI scripts and other stuff once I figure out mod_jk etc... So I don't want to change Tomcat's port to 80 and turn off Apache.
I hope this makes sense.
The correct way to do things is to leave Apache at 80 and Tomcat at 8080 and use a plug in (preferably mod_proxy) to proxy Tomcat from Apache. mod_proxy would only take you 10 minutes to set up.
This how-to is very simple to follow.
The usual way this is done, as you already mentioned, is to use mod_jk from Apache HTTPD to forward that content that you want to be processed by Tomcat.
There is a Quick HowTo at tomcat.apache.org. You need to do the following:
Copy mod_jk.so into the appropriate modules directory for Apache HTTPD.
Create a configuration file workers.properties
In Apache HTTPD's httpd.conf, add a section to configure mod_jk.
Ensure that Tomcat is configured to accept the mod_jk protocol, which is usually on port 8009.
The lines in httpd.conf with JkMount:
JkMount /examples/* worker1
tell Apache HTTPD which requests are to be forwarded to Tomcat.
Both the helpful answers above are good, but I much prefer mod_proxy over mod_jk. There's no extra installation to do for mod_proxy, unlike mod_jk, and the setup is much easier. mod_jk gives you more control over detailed tuning of Tomcat parameters, but if you just want a simple redirect from Apache to Tomcat, mod_proxy is the way to go.
If you want static content to be served by Apache instead of Tomcat you should use mod_jk : http://tomcat.apache.org/tomcat-6.0-doc/proxy-howto.html
And what about SSL - if we want Apache to handle HTTPS, because it is faster then java/Tomcat?
you should configure your tomcat using this link. for tomcat 7
http://tomcat.apache.org/tomcat-7.0-doc/proxy-howto.html