Versions Compared

Old Version 5

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version Current

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Fix link to mailing lists

...

For some background on why you'd want to do this, and the principles behind
the configuration, see pages on Securing DSpace and Running DSpace on Standard Ports.

Note: These instructions are for Linux, and may be somewhat specific to Red Hat Enterprise Linux 3.2.3-52 and the following software versions (but hopefully they are still helpful for other distros)

  • DSpace 1.3.x and above
  • Apache HTTPD 2.0.46
  • Tomcat 5.5.9 and above

Anyone who has successfully set up mod_jk connector under different conditions should feel free to add their notes!

...

Check to see if the mod_jk connector is installed. Most likely (at least on Red Hat), it should be in /etc/httpd/modules/ . However, you can try to locate it using the following command:

Code Block

locate mod_jk

If there is no response, then mod_jk is not installed. Otherwise, if it is installed, you can obviously skip the next step!

...

(3) In addition, you must have the Apache Web Server development tools installed. A quick way to check for this is to check for the APache eXtenSion tool (apxs). It should probably be in /usr/sbin, if installed:

Code Block

which apxs

If apxs is missing, you can use the following command in Red Hat to install the httpd-devel RPM as root (Other distros may need to find and install this RPM through other means):

Code Block

up2date -i httpd-devel

(4) Download the latest mod_jk source from the Tomcat Download site http://jakarta.apache.org/site/downloads/downloads_tomcat.html.

(5) Unzip the contents into your home directory:

Code Block

gunzip -c jakarta-tomcat-connectors-1.2.14.1-src.tar.gz | tar -xvf -

(6) Configure the connectors with the path to the apxs file on your system:

Code Block

cd jakarta-tomcat-connectors-1.2.14.1-src
cd jk/native
./configure --with-apxs=/usr/sbin/apxs

(7) Build mod_jk with the following command:

Code Block

make

(8) Assuming all went well, the mod_jk.so file will be created in the apache-2.0 subdirectory. You need to copy this file to Apache's shared object files directory (e.g. /etc/httpd/modules/). From the same jk/native directory run the following:

Code Block

cp apache-2.0/mod_jk.so /etc/httpd/modules

(9) In addition, copy the sample workers.properties file to the Apache configuration directory (e.g. /etc/httpd/conf/). Assuming you are still in the jk/native directory, run the following commands:

Code Block

cd ../conf
cp workers.properties /etc/httpd/conf

...

Once the mod_jk connector has been installed, you will have to configure Apache to use this connector to communicate with Tomcat. First, modify the existing workers.properties.minimal file (should be in /etc/httpd/conf/ , or whereever wherever you copied it to in Step 2 above):
You will need to modify the following Tomcat and Java home directories:

Code Block

workers.tomcat_home=tomcat
workers.java_home=java

Also add ajp13 to the worker list:

Code Block
worker.list=ajp13,lb,jk-status

In addition, you may need to uncomment (and possibly change) the JVM for Unix:

Warning

For later versions of mod_jk (I installed 1.2.40) worker.iprocess.jvm_lib is deprecated and would throw an warning. I omitted this line with no problems.


Code Block
Code Block

# Unix - Sun VM or blackdown
worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)lib$(ps)i386$(ps)server$(ps)libjvm.so

...

However, the correct path of the libjvm.so (at least for Red Hat) is java/jre/lib/i386/server/libjvm.so (i.e. "server/libjvm.so", not "classic/libjvm.so")

 

Step 4 - Configure mod_jk connector

Next, you need to create a configuration file for the mod_jk module (alternatively, you could just add the following configuration directly into your Apache httpd.conf. I just like to separate things out a bit). In the /etc/httpd/conf.d/ directory (or whatever directory holds your external configuration files, which httpd.conf loads), create a file called jk.conf which has the following content (make sure to edit any paths so they are valid on your server!):

Code Block

#
# Use the JK Module to connect to Tomcat Instance
#
# Load mod_jk module
LoadModule    jk_module  modules/mod_jk.so

# Where to find workers.properties
JkWorkersFile /etc/httpd/conf/workers.properties

# Where to put jk logs
JkLogFile     /var/log/httpd/mod_jk.log

# Set the jk log level debug/error/info
JkLogLevel    info

# Select the log format
JkLogStampFormat "%a %b %d %H:%M:%S %Y "

# JkOptions indicate to send SSL KEY SIZE, 
#JkOptions     +ForwardKeySize +ForwardUICompatForwardURICompat -ForwardDirectories
# Found that these options were necessary with Apache 2.2:
JkOptions     +ForwardKeySize +ForwardUIEscapedForwardURIEscaped +ForwardDirectories

# JkRequestLogFormat set the request format 
JkRequestLogFormat     "%w %V %T"

# Send all requests for /dspace context to worker ajp13
# Note: ajp13 is defined in workers.properties and
# uses the AJP 1.3 Protocol
JkMount  /dspace/* ajp13

# ... and ditto if you want OAI
JkMount  /dspace-oai/* ajp13

#For extra security, deny direct access to any WEB-INF and META-INF directories
<LocationMatch "/WEB-INF/">
AllowOverride None
Deny from all
</LocationMatch>

<LocationMatch "/META-INF/">
AllowOverride None
Deny from all
</LocationMatch>

...

You can get a little tricky by doing something like:

Code Block

# Send all requests for root context / to worker ajp13
# Note: ajp13 is defined in workers.properties and
# uses the AJP 1.3 Protocol
JkMount  /* ajp13

# Use SetEnvIf to set "no-jk" when /cgi-bin/ is encountered.
# This is necessary so that /cgi-bin/ scripts
# are run in Apache (and not forwarded to Tomcat).
SetEnvIf Request_URI "/cgi-bin/*" no-jk

# Set "no-jk" for /anotherApp/ as well (so it is run from Apache)
SetEnvIf Request_URI "/anotherApp/*" no-jk

...

Next, you need to take a look at the Tomcat server.xml configuration file (in the /conf} subdirectory, whereever Tomcat is installed). Ensure that the following AJP 1.3 Connector is uncommented:

Code Block

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" UIEncoding="UTF-8" tomcatAuthentication="false"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

...

Hopefully everything works for you! If it doesn't, ask questions to the dspace-tech@lists.sourceforge.net DSpace-Tech mailing list Mailing Lists. If you find any problems with the above instructions, feel free to edit and enhance them!