Using Tomcat with Apache (mod jk): Difference between revisions
No edit summary |
|||
Line 92: | Line 92: | ||
JkRequestLogFormat "%w %V %T" | JkRequestLogFormat "%w %V %T" | ||
# JkMount points | # JkMount points | ||
JkMount /zimbra/* | JkMount /zimbra/* localhost | ||
JkMount /service/* | JkMount /service/* localhost | ||
JkMount /zimbraAdmin/* | JkMount /zimbraAdmin/* localhost | ||
[NOTE: the last argument given in the JkMount directive should be the name of the worker defined in workers.properties ] | |||
Restart Tomcat and Apache | Restart Tomcat and Apache |
Revision as of 22:13, 17 March 2006
As standard, Zimbra runs itself on port 80. However, this means you can't use Apache or access any other website through that server. If you are using your server only as a groupware box, this is no bother. But if you are using it in the situation I am with other servers, this is no good. This tutorial will:
a.) Configure Tomcat to host on Port 7070 (as in M1) and 7443 for the SSL port
b.) Download and install the mod_jk RPM
c.) Configure mod_jk to access Zimbra on http://your-custome-apache-server/zimbra/
d.) Configure Apache to start on system boot
Original Tutorial from the forums [1]
a.) Configure Tomcat to host on Port 7070 (as in M1)
zmprov ms <servername> zimbraMailPort 7070
zmprov ms <servername> zimbraMailSSLPort 7443
b.) Download and install the mod_jk RPM
For CentOS 4.2:
wget http://mirrors.dotsrc.org/jpackage/1.6/redhat-el-3.0/free/RPMS/mod_jk-ap20-1.2.14.1-2jpp.i386.rpm rpm -ivh mod_jk-ap20-1.2.14.1-2jpp.i386.rpm
For other distributions: Make sure that Apache has the mod_jk.so module located in the modules folder.
Edit server.xml
/opt/zimbra/tomcat/conf $ diff -u server.xml.bak server.xml --- server.xml.bak 2006-02-27 15:03:24.000000000 -0500 +++ server.xml 2006-02-24 13:35:21.000000000 -0500 @@ -34,6 +34,8 @@ clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/zimbra/tomcat/conf/keystore" keystorePass="zimbra"/> + <Connector port="8009" + enableLookups="false" redirectPort="8443" protocol="AJP/1.3" /> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" />
Edit server.xml.in
/opt/zimbra/tomcat/conf $ diff -u server.xml.in.orig server.xml.in --- server.xml.in.orig 2006-02-27 15:05:21.000000000 -0500 +++ server.xml.in 2006-02-24 12:51:40.000000000 -0500 @@ -34,6 +34,8 @@ clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/zimbra/tomcat/conf/keystore" keystorePass="zimbra"/> + <Connector port="8009" + enableLookups="false" redirectPort="8443" protocol="AJP/1.3" /> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" />
Create the workers.properties file /etc/httpd/conf.d/workers.properties
worker.list=localhost worker.localhost.port=8009 worker.localhost.host=localhost worker.localhost.type=ajp13 worker.localhost.lbfactor=1 workers.tomcat_home=/opt/zimbra/tomcat5 workers.java_home=/opt/zimbra/java
Next, configure Apache by editing httpd.conf or vhost specific file.
# Load mod_jk module LoadModule jk_module modules/mod_jk.so # Where to find workers.properties JkWorkersFile /etc/httpd/conf.d/workers.properties # Where to put jk logs JkLogFile /var/log/httpd/mod_jk.log # Set the jk log level [debug/error/info] JkLogLevel debug # SHM info JkShmFile /etc/httpd/logs/jk.shm JkShmSize 10M # Select the log format JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories # JkRequestLogFormat set the request format JkRequestLogFormat "%w %V %T" # JkMount points JkMount /zimbra/* localhost JkMount /service/* localhost JkMount /zimbraAdmin/* localhost
[NOTE: the last argument given in the JkMount directive should be the name of the worker defined in workers.properties ]
Restart Tomcat and Apache
/opt/zimbra/bin/tomcat restart apachectl restart
Issues
The login should be http only [2] It seems that mixed login is broken (eg, if you hit http://, it redirects to https for login then returns to http for session. If you hit https:// originally, the login is in https, and the session is in https).