Versions Compared

Old Version 1

changes.mady.by.user Unknown User (wiki_transfer)

Saved on

compared with

New Version Current

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Fix link to mailing lists

...

For some background on why you'd want to do this, and the principles behind
the configuration, see pages on Securing DSpace and Running DSpace on Standard Ports.

Note: These instructions are for Linux, and may be somewhat specific to Red Hat Enterprise Linux 3.2.3-52 and the following software versions (but hopefully they are still helpful for other distros)

  • DSpace 1.3.x and above
  • Apache HTTPD 2.0.46
  • Tomcat 5.5.9 and above

Anyone who has successfully set up

...

mod_jk

...

connector under different conditions should feel free to add their notes!

Step 1 - Check if mod_jk is installed

Check to see if the

...

mod_jk

...

connector is installed. Most likely (at least on Red Hat), it should be in

...

/etc/httpd/modules/

...

. However, you can try to locate it using the following command:

Code Block

...

locate mod_jk

...

...

If there is no response, then

...

mod_jk

...

is not installed. Otherwise, if it is installed, you can obviously skip the next step!

...

(2) Before trying to build

...

mod_jk

...

, you must make sure you have the following pre-requisite programs installed (use the

...

which

...

command to check for each):

  • Code Blocklibtool (ftp://ftp.gnu.org/gnu/libtoolImage Removed)code
  • autoconf (http://ftp.gnu.org/gnu/autoconfImage Removed)
  • Code Block

    ant

    (http://jakarta.apache.org/ant/

    Image Removedcode

    )


    ant

    should already be installed (since it's necessary for DSpace). If

    Code Block

    libtool

    or

    Code Block

    autoconf

    are missing (both should be in

    Code Block

    /usr/bin

    ), download the source and compile using the following commands:

    Code Block
    <nowiki>
    ./configure

    
make

    
make install

    </nowiki> Code Block


(3) In addition, you must have the Apache Web Server development tools installed. A quick way to check for this is to check for the APache eXtenSion tool (

...

apxs

...

). It should probably be in

...

/usr/sbin

...

, if installed:

Code Block

...

which apxs

...

If apxs

...

If

Code Block
apxs

is missing, you can use the following command in Red Hat to install the

...

httpd-devel

...

RPM as root (Other distros may need to find and install this RPM through other means):

Code Block

...

up2date -i httpd-devel

...

...

(4) Download the latest

...

mod_jk

...

source from the Tomcat Download site http://jakarta.apache.org/site/downloads/downloads_tomcat.htmlImage Removed.

...

(5) Unzip the contents into your home directory:

Code Block

...

gunzip -c jakarta-tomcat-connectors-1.2.14.1-src.tar.gz | tar -xvf

...

code
 -

(6) Configure the connectors with the path to the

...

apxs

...

file on your system:

Code Block

...

cd jakarta-tomcat-connectors-1.2.14.1-src

...


cd jk/native

...


./configure --with-apxs=/usr/sbin/apxs

...

(7) Build

...

mod_jk

...

with the following command:

Code Block

<nowiki>
make
</nowiki>

...

make

(8) Assuming all went well, the

...

mod_jk.so

...

file will be created in the

...

apache-2.0

...

subdirectory. You need to copy this file to Apache's shared object files directory (e.g.

...

/etc/httpd/modules/

...

). From the same

...

jk/native

...

directory run the following:

Code Block

...

cp apache-2.0/mod_jk.so /etc/httpd/modules

...

code

(9) In addition, copy the sample workers.properties file to the Apache configuration directory (e.g.

...

/etc/httpd/conf/

...

). Assuming you are still in the

...

jk/native

...

directory, run the following commands:

Code Block

...

cd ../conf

...


cp workers.properties /etc/httpd/conf

...

code

Step 3 - Configure workers.properties

Once the

...

mod_jk

...

connector has been installed, you will have to configure Apache to use this connector to communicate with Tomcat. First, modify the existing

...

workers.properties

...

.minimal file (should be in

...

/etc/httpd/conf/

...

, or whereever wherever you copied it to in Step 2 above):
You will need to modify the following Tomcat and Java home directories:

Code Block

...

workers.tomcat_home=tomcat

...


workers.java_home=java

Also add ajp13 to the worker list:
</nowiki>

Code Block
worker.list=ajp13,lb,jk-status

In addition, you may need to uncomment (and possibly change) the JVM for Unix:

...

<nowiki>

...

Warning

For later versions of mod_jk (I installed 1.2.40) worker.iprocess.jvm_lib is deprecated and would throw an warning. I omitted this line with no problems.


Code Block
# Unix - Sun VM or blackdown
worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)lib$(ps)i386$(ps)server$(ps)libjvm.so

...

...

Note: initially the path above was

...

java/jre/lib/i386/classic/libjvm.so

However, the correct path of the

...

libjvm.so

...

(at least for Red Hat) is

...

java/jre/lib/i386/

...

server

...

/libjvm.so

...

(i.e. "

...

server/libjvm.so

...

", not "

...

classic/libjvm.so

...

")

 

Step 4 - Configure mod_jk connector

Next, you need to create a configuration file for the

...

mod_jk

...

module (alternatively, you could just add the following configuration directly into your Apache

...

httpd.conf

...

. I just like to separate things out a bit). In the

...

/etc/httpd/conf.d/

...

directory (or whatever directory holds your external configuration files, which

...

httpd.conf

...

loads), create a file called

...

jk.conf

...

which has the following content (make sure to edit any paths so they are valid on your server!):

Code Block

...

#
#

...

 Use the JK Module to connect to Tomcat Instance

...


#
#

...

 Load mod_jk module

...


LoadModule    jk_module  modules/mod_jk.so

...



# Where to find workers.properties

...


JkWorkersFile /etc/httpd/conf/workers.properties

...



# Where to put jk logs

...


JkLogFile     /var/log/httpd/mod_jk.log

...



# Set the jk log level debug/error/info

...


JkLogLevel

...

    info

# Select the log format
JkLogStampFormat "%a %b %d %H:%M:%S %Y "

...



# JkOptions indicate to send SSL KEY SIZE,

...

 
#JkOptions     +ForwardKeySize +

...

ForwardURICompat -ForwardDirectories

...


# Found that these options were necessary with Apache 2.2:

...


JkOptions     +ForwardKeySize +

...

ForwardURIEscaped +ForwardDirectories

...



# JkRequestLogFormat set the request format

...

 
JkRequestLogFormat     "%w %V %T"

...



# Send all requests for /dspace context to worker ajp13

...


# Note: ajp13 is defined in workers.properties and

...


# uses the AJP 1.3 Protocol

...


JkMount  /dspace/* ajp13

...



# ... and ditto if you want OAI

...


JkMount  /dspace-oai/* ajp13

...



#For extra security, deny direct access to any WEB-INF and META-INF directories

...


<LocationMatch "/WEB-INF/">

...


AllowOverride None

...


Deny from all

...


</LocationMatch>

...



<LocationMatch "/META-INF/">

...


AllowOverride None

...


Deny from all

...


</LocationMatch>

...

The big thing to pay attention to is the context which you specify in

...

JkMount

...

! If you specify

...

/dspace/*

...

, then only requests to

...

http://my-host-name/dspace/*

...

will be forwarded to Tomcat! However, if you specify

...

/*

...

, then all requests to

...

http://my-host-name/*

...

will be forwarded to Tomcat.

You can get a little tricky by doing something like:

Code Block

<nowiki>

# Send all requests for root context / to worker ajp13

...


# Note: ajp13 is defined in workers.properties and

...


# uses the AJP 1.3 Protocol

...


JkMount  /* ajp13

...



# Use SetEnvIf to set "no-jk" when /cgi-bin/ is encountered.

...


# This is necessary so that /cgi-bin/ scripts

...


# are run in Apache (and not forwarded to Tomcat).

...


SetEnvIf Request_URI "/cgi-bin/*" no-jk

...



# Set "no-jk" for /anotherApp/ as well (so it is run from Apache)

...


SetEnvIf Request_URI "/anotherApp/*" no-jk

...

Notice, first you specify that all requests should be forwarded to Tomcat. But, then for specific UI's you can specify to ignore

...

mod_jk

...

(using the

...

no-jk

...

environment variable). So, the above specifies that everything except paths matching

...

http://my-host-name/cgi-bin/*

...

or

...

http://my-host-name/anotherApp/*

...

are forwarded to Tomcat.

Step 5 - Configure Tomcat

Next, you need to take a look at the Tomcat

...

server.xml

...

configuration file (in the

...

/conf

...

} subdirectory, whereever Tomcat is installed). Ensure that the following AJP 1.3 Connector is uncommented:

Code Block

...

<!-- Define an AJP 1.3 Connector on port 8009 -->

...


<Connector port="8009" UIEncoding="UTF-8" tomcatAuthentication="false"

...


enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

...

Make sure that the

...

port

...

specified corresponds to the port you defined for the

...

ajp13

...

worker (this port number is defined in the

...

workers.properties

...

file, as shown above). In addition, make sure the

...

UIEncoding

...

is set to

...

UTF-8

...

, and

...

tomcatAuthentication

...

is set to

...

false

...

(assuming you want authentication taken care of in Apache rather than Tomcat). Finally, make sure you set the

...

redirectPort

...

to be the port that Tomcat is running on (usually either 8443, for HTTPS, or 8080, for HTTP).

...

Restart Tomcat and Apache!
Now, test the connection between Apache and Tomcat. You should now be able to get to DSpace whether you specify port 8080 (for Tomcat) or not. For example, the following URLs should bring you to the same DSpace (you may need to replace

...

localhost

...

with your server path):

...

Hopefully everything works for you! If it doesn't, ask questions to the dspace-tech@lists.sourceforge.net DSpace-Tech mailing list Mailing Lists. If you find any problems with the above instructions, feel free to edit and enhance them!