Fronting Tomcat with Apache via mod_proxy_ajp
These instructions should work for anyone that wants a simple setup of a single Tomcat instance fronted by a single Apache HTTP server. These instructions are for OS X, so your mileage may vary.
Configure Sakai
In sakai.properties, adjust your serverUrl:
serverUrl=http://localhost:80
Save and close.
Configure Tomcat
If you are just running Tomcat standalone you would define a connector on port 8080 like this:
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector port="8080" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"/>
However we want to run Tomcat on an AJP connector, so:
- Open for editing:
TOMCAT/conf/server.xml
- Comment out the normal connector above, and uncomment the AJP connector:
<!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" URIEncoding="UTF-8" />
- Adjust the port if you wish and add in the URIEncoding="UTF-8" attribute.
- Start Tomcat normally.
Configure Apache
We now need to tell Apache to talk to Tomcat over AJP. You should note that since OS X Leopard (10.5), the Apache config and modules have been relocated. This guide is for Leopard and for Apache 2.2 (default on Leopard). Also note that in Leopard, the necessary modules are already installed into /usr/libexec/apache2. Thanks Apple!
- Navigate to your Apache directory:
cd /etc/apache2
- Open httpd.conf and scroll to the large LoadModule section. Ensure you have the following uncommented:
LoadModule proxy_module libexec/apache2/mod_proxy.so LoadModule proxy_ajp_module libexec/apache2/mod_proxy_ajp.so
- In my httpd.conf, right at the bottom there is a line:
This will load in all other config files in the other/ directory. In the next step we will create an ajp.conf file and this line will load it. If you don't have this line, create it, or a similar line to load in the ajp.conf file we create in the next step. Save and close httpd.conf
Include /private/etc/apache2/other/*.conf
- Create an ajp.conf file. You could put the configuration for AJP in the main httpd.conf file but I prefer to keep things separated.
sudo touch other/ajp.conf
- Open ajp.conf and paste in the following:
ProxyRequests Off <Proxy *> Order deny,allow Deny from all Allow from localhost </Proxy> ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/
- Adjust the port to be whatever the port is in your Tomcat AJP connector. Save and close.
- Once again, ensure you have the line in httpd.conf that is going to load this ajp.conf file.
- Restart Apache:
You should get no output, signalling the config is ok.
sudo httpd -k restart
Test
Navigate to http://localhost/portal and Sakai should be alive!
To make sure all traffic is server via SSL:
#LoadModule rewrite_module libexec/apache2/mod_rewrite.so RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
Comments and feedback very welcome.