Contribute to the DSpace Development Fund

The newly established DSpace Development Fund supports the development of new features prioritized by DSpace Governance. For a list of planned features see the fund wiki page.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Running DSpace on Apache HTTPD and Tomcat using the mod_jk connector

For some background on why you'd want to do this, and the principles behind
the configuration, see pages on Securing DSpace and Running DSpace on Standard Ports.

Note: These instructions are for Linux, and may be somewhat specific to Red Hat Enterprise Linux 3.2.3-52 and the following software versions (but hopefully they are still helpful for other distros)

  • DSpace 1.3.x and above
  • Apache HTTPD 2.0.46
  • Tomcat 5.5.9

Anyone who has successfully set up 

mod_jk

connector under different conditions should feel free to add their notes!

Step 1 - Check if mod_jk is installed

Check to see if the 

mod_jk

connector is installed. Most likely (at least on Red Hat), it should be in 

/etc/httpd/modules/

. However, you can try to locate it using the following command:





<nowiki>

locate mod_jk 

</nowiki>








If there is no response, then 




mod_jk




 is not installed.  Otherwise, if it is installed, you can obviously skip the next step!



Step 2 - Install mod_jk from source


(1) Login as the root user. (or someone with "root"-like privileges)



(2) Before trying to build 




mod_jk




, you must make sure you have the following pre-requisite programs installed (use the 




which




 command to check for each):





(3) In addition, you must have the Apache Web Server development tools installed.  A quick way to check for this is to check for the APache eXtenSion tool (




apxs




).  It should probably be in 




/usr/sbin




, if installed:








<nowiki>

which apxs   

</nowiki>








If 




apxs




 is missing, you can use the following command in Red Hat to install the 




httpd-devel




 RPM as root (Other distros may need to find and install this RPM through other means):








<nowiki>

up2date -i httpd-devel

</nowiki>









(4) Download the latest 




mod_jk




 source from the Tomcat Download site http://jakarta.apache.org/site/downloads/downloads_tomcat.html.




(5) Unzip the contents into your home directory:








<nowiki>

gunzip -c jakarta-tomcat-connectors-1.2.14.1-src.tar.gz | tar -xvf -

</nowiki>









(6) Configure the connectors with the path to the 




apxs




 file on your system:








<nowiki>

cd jakarta-tomcat-connectors-1.2.14.1-src

cd jk/native

./configure --with-apxs=/usr/sbin/apxs

</nowiki>









(7)  Build 




mod_jk




 with the following command:








<nowiki>

make

</nowiki>









(8)  Assuming all went well, the 




mod_jk.so




 file will be created in the 




apache-2.0




 subdirectory.  You need to copy this file to Apache's shared object files directory (e.g. 




/etc/httpd/modules/




).  From the same 




jk/native




 directory run the following:








<nowiki>

cp apache-2.0/mod_jk.so /etc/httpd/modules

</nowiki>









(9)  In addition, copy the sample workers.properties file to the Apache configuration directory (e.g. 




/etc/httpd/conf/




).   Assuming you are still in the 




jk/native




 directory, run the following commands:








<nowiki>

cd ../conf

cp workers.properties /etc/httpd/conf

</nowiki>









Step 3 - Configure workers.properties


Once the 




mod_jk




 connector has been installed, you will have to configure Apache to use this connector to communicate with Tomcat.   First, modify the existing 




workers.properties




 file (should be in 




/etc/httpd/conf/




 , or whereever you copied it to in Step 2 above): 

You will need to modify the following Tomcat and Java home directories:








<nowiki>

workers.tomcat_home=tomcat

workers.java_home=java

</nowiki>








In addition, you may need to uncomment (and possibly change) the JVM for Unix:








<nowiki>


    
	
  1. Unix - Sun VM or blackdown
    
worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)lib$(ps)i386$(ps)server$(ps)libjvm.so
    
</nowiki>

    

    

    2. 





Note: initially the path above was 




java/jre/lib/i386/classic/libjvm.so





However, the correct path of the 




libjvm.so




 (at least for Red Hat) is 




java/jre/lib/i386/'''server'''/libjvm.so




  (i.e. "




server/libjvm.so




", not "




classic/libjvm.so




")



Step 4 - Configure mod_jk connector


Next, you need to create a configuration file for the 




mod_jk




 module (alternatively, you could just add the following configuration directly into your Apache 




httpd.conf




.  I just like to separate things out a bit).   In the 




/etc/httpd/conf.d/




 directory (or whatever directory holds your external configuration files, which 




httpd.conf




 loads), create a file called 




jk.conf




 which has the following content (make sure to edit any paths so they are valid on your server!): 








<nowiki>

#


    
	
  1. Use the JK Module to connect to Tomcat Instance
    
#
    2. 
	
  2. Load mod_jk module
    
LoadModule    jk_module  modules/mod_jk.so
    3. 





    
	
  1. Where to find workers.properties
    
JkWorkersFile /etc/httpd/conf/workers.properties
    2. 





    
	
  1. Where to put jk logs
    
JkLogFile     /var/log/httpd/mod_jk.log
    2. 





    
	
  1. Set the jk log level debug/error/info
    
JkLogLevel    info
    2. 





    
	
  1. Select the log format
    
JkLogStampFormat "%a %b %d %H:%M:%S %Y "
    2. 





    
	
  1. JkOptions indicate to send SSL KEY SIZE,
    
#JkOptions     +ForwardKeySize +ForwardUICompat -ForwardDirectories
    2. 
	
  2. Found that these options were necessary with Apache 2.2:
    
JkOptions     +ForwardKeySize +ForwardUIEscaped +ForwardDirectories
    3. 





    
	
  1. JkRequestLogFormat set the request format
    
JkRequestLogFormat     "%w %V %T"
    2. 





    
	
  1. Send all requests for /dspace context to worker ajp13
    2. 
	
  2. Note: ajp13 is defined in workers.properties and
    3. 
	
  3. uses the AJP 1.3 Protocol
    
JkMount  /dspace/* ajp13
    4. 





    
	
  1. ... and ditto if you want OAI
    
JkMount  /dspace-oai/* ajp13
    2. 





#For extra security, deny direct access to any WEB-INF and META-INF directories

<LocationMatch "/WEB-INF/">

AllowOverride None

Deny from all

</LocationMatch>



<LocationMatch "/META-INF/">

AllowOverride None

Deny from all

</LocationMatch>

</nowiki>








The big thing to pay attention to is the context which you specify in 




JkMount




!  If you specify 




/dspace/*




, then only requests to 




http://my-host-name/dspace/*




 will be forwarded to Tomcat!   However, if you specify 




/*




, then all requests to 




http://my-host-name/*




 will be forwarded to Tomcat.



You can get a little tricky by doing something like:








<nowiki>


    
	
  1. Send all requests for root context / to worker ajp13
    2. 
	
  2. Note: ajp13 is defined in workers.properties and
    3. 
	
  3. uses the AJP 1.3 Protocol
    
JkMount  /* ajp13
    4. 





    
	
  1. Use SetEnvIf to set "no-jk" when /cgi-bin/ is encountered.
    2. 
	
  2. This is necessary so that /cgi-bin/ scripts
    3. 
	
  3. are run in Apache (and not forwarded to Tomcat).
    
SetEnvIf Request_URI "/cgi-bin/*" no-jk
    4. 





    
	
  1. Set "no-jk" for /anotherApp/ as well (so it is run from Apache)
    
SetEnvIf Request_URI "/anotherApp/*" no-jk
    
</nowiki>

    

    

    2. 





Notice, first you specify that all requests should be forwarded to Tomcat.  But, then for specific UI's you can specify to ignore 




mod_jk




 (using the 




no-jk




 environment variable).  So, the above specifies that everything except paths matching 




http://my-host-name/cgi-bin/*




 or 




http://my-host-name/anotherApp/*




 are forwarded to Tomcat.



Step 5 - Configure Tomcat


Next, you need to take a look at the Tomcat 




server.xml




 configuration file (in the 




/conf




 subdirectory, whereever Tomcat is installed).  Ensure that the following AJP 1.3 Connector is uncommented:








<nowiki>

<!-- Define an AJP 1.3 Connector on port 8009 -->

<Connector port="8009" UIEncoding="UTF-8" tomcatAuthentication="false"

enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

</nowiki>









Make sure that the 




port




 specified corresponds to the port you defined for the 




ajp13




 worker (this port number is defined in the 




workers.properties




 file, as shown above).  In addition, make sure the 




UIEncoding




 is set to 




UTF-8




, and 




tomcatAuthentication




 is set to 




false




 (assuming you want authentication taken care of in Apache rather than Tomcat).  Finally, make sure you set the 




redirectPort




 to be the port that Tomcat is running on (usually either 8443, for HTTPS, or 8080, for HTTP).



Step 6 - Restart everything and Test!


Restart Tomcat and Apache!

Now, test the connection between Apache and Tomcat.   You should now be able to get to DSpace whether you specify port 8080 (for Tomcat) or not.   For example, the following URLs should bring you to the same DSpace (you may need to replace 




localhost




 with your server path):


    
	
  • 

    http://localhost:8080/dspace
    

    • 
	
  • 

    http://localhost/dspace
    

    • 





Hopefully everything works for you!  If it doesn't, ask questions to the dspace-tech@lists.sourceforge.net DSpace-Tech mailing list.  If you find any problems with the above instructions, feel free to edit and enhance them!


                
        
    
        


                        
    





    

	

		
    
    
            
  • 
            No labels
        
    • 
            


    





        
		
            




            
        








                        
    


        
    





        


                
    
            



    

    




    
    

    
    
    


    

        



                    
        

            
All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.