Installing and Configuring Apache for Use with the Platform
Apache can be installed in front of the tomcat server to serve static content like gif and jpeg images, Javascript files and stylesheets more efficiently, leaving the Application Server free to process incoming requests. This section tells you how to configure Apache to serve the platform's static content.
Overview
With this arrangement, Apache will be in front of Tomcat. Any request that comes to the platform first goes to Apache. Apache determines if the request is a valid request and, if so, will forward the request to Tomcat for processing.
Since Apache will be in front of Tomcat, it needs to be configured to listen on port 80 and port 443 for http and https traffic respectively. Apache also needs to be configured to forward traffic coming on those ports to the port on which Tomcat is listening.
Requirements
The following Apache modules must be enabled when installing Apache. They can be compiled as a static binary into apache or loaded as dynamic modules.
- mod_proxy
- mod_proxy_connect
- mod_proxy_http
- mod_ssl
- mod_expires
- mod_headers
Configuration Process
In outline, the process looks like this:
- Configure Tomcat Connectors.
- Configure Apache Virtual host.
- Start Apache, Tomcat and memcached.
Configure Tomcat Connectors
- In {install_dir}/profiles/LJP/configuration/tomcat/conf, edit server.xml
- Remove connectors pointing to ports 80 and 443.
- Add a connector for traffic forwarded from Apache, as shown here:
<Connector port="8006" maxThreads="450" minSpareThreads="25" debug="0" enableLookups="false" acceptCount="450" connectionTimeout="30000" disableUploadTimeout="true" scheme="https" proxyPort="443" useIPVhosts="true" URIEncoding="UTF-8" maxHttpHeaderSize="8192" maxPostSize="10485760" />
Notes:
- The platform standard is to use port 8006. That value is assumed in the remainder of this section. (It can be changed, if desired.)
- The next step will be to configure Apache so that incoming HTTP and HTTPS traffic on ports 80 and 443 will be forwarded to port 8006, where Tomcat will be listening.
Configure Apache Virtual Hosts
- 1. Add two virtual host entries
- - One in httpd.conf for Apache to listen on port 80 for HTTP traffic.
- - One in httpd-ssl.conf for Apache to listen on port 443 for HTTPS traffic.
- Any traffic meant for the platform coming on these ports is forwarded to Tomcat. This request forwarding is achieved using the mod_proxy module.
- The httpd.conf and httpd-ssl.conf configuration files can be found in the $APACHE_HOME directory. For each virtual host entry, make sure the following are set appropriately:
ServerAdmin root@localhost DocumentRoot "/usr/local/apache/htdocs/" ServerName example.com ServerAlias www.example.com
- 2. Configure certificates for SSL virtual host on port 443
- Make sure the following points to your certificate and private key.
- httpd-ssl.conf:
SSLCertificateFile "{install_dir}/tomcat/conf/RN/<yourdomain>.cer" SSLCertificateKeyFile "{install_dir}/tomcat/conf/RN/<yourdomain>_private_key"
- 3. Enable secure communications
- Set up a secure communications channel between Apache and Tomcat. The URLs for the Proxy are then https://, rather than http://, and all traffic is encrypted.
SSLProxyEngine on
- 4. Configure Proxy Paths in Apache
- Proxy paths need to be configured to enable mod_proxy to recognize the request and forward it to Tomcat appropriately.
- For example:
ProxyPass /networking/* https://tomcat-host-name:8006/networking/* ProxyPassReverse /networking/* https://tomcat-host-name:8006/networking/*
- Note: These instructions assume that Tomcat and Apache are running on the same server. If they are running on different servers, change the settings appropriately.
- 5.Configure virtual hosts
- For each virtual host in httpd.conf and httpd-ssl.conf for ports 80 and 443, copy the settings from {install_dir}/httpd-proxy.conf, changing the standard port assignment of 8006, if needed.
For more information on changing ports, see Controlling Port Access and Can I run Application Server on a different port?
In case of standalone Tomcat server without Apache server, if you use any port number other than 80 and 443, you have to access the AgileApps URLs along with the port numbers. For example: https://vmaalqamain:8284/networking/servicedesk/index.jsp