Skip to content

apache fronting tomcat

Jump to bottom
Nelson Loyola edited this page Jan 22, 2020 · 3 revisions

WikiServer InstallationApache fronting Tomcat

Apache fronting Tomcat

These instructions allow for the Apache Web server to front the Web Application running under Tomcat.

Installation instructions

  1. Install Apache: in Ubuntu execute the following command on the command line:

    sudo apt-get update
sudo apt-get install apache2

  2. Install mod_jk: To install @mod_jk@ in Ubuntu execute the following command on the command line:

    sudo apt-get install libapache2-mod-jk libapache2-mod-security2

    This wil also enable the module.

  3. Ensure the following settings are enabled in /etc/apache2/mods-enabled/jk.conf:

    JkWorkersFile /etc/libapache2-mod-jk/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel info
JkOptions +RejectUnsafeURI
JkStripSession On

  4. Configure the workers properties file: Edit /etc/libapache2-mod-jk/workers.properties and Set workers.tomcat_home to point to the Biobank Tomcat directory.

    workers.tomcat_home=/opt/tomcat/apache-tomcat-8.5.30

    Set workers.java_home to point to your Java JRE.

    workers.java_home=/data/java-7-oracle

  5. Enable SSL connections on Apache server:

    sudo a2ensite default-ssl.conf

    Enable the ssl module on Apache:

    sudo a2enmod ssl

  6. Set server name: Edit the SSL configuration file:

    ServerName __your_server_name_here__
ServerAlias __your_alias_here__

    And add the following line in the <VirtualHost> section:

    JkMount /biobank* ajp13_worker

  7. Optional: create a self signed certificate. Use these instructions.

  8. Restart: restart the appache server and start the Biobank Tomcat server:

    sudo service apache2 reload
/etc/init.d/tomcat start

For more SSL certificate info see /usr/share/doc/apache2/README.Debian.gz.

SSL Certificate for Apache

Usa a TLS/SSL certificate from Let’s Encrypt for the Apache server.

This section uses the DNS name biobank.cbsr.ualberta.ca as an example. Please substitute it with the DNS name for your server.

Port 80 Open

  1. Add the repository:

    sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache

  2. Set up the SSL certificate.

    sudo certbot --apache -d biobank.cbsr.ualberta.ca

    Replace biobank.cbsr.ualberta.ca with your server's full DNS name.

  3. Set up auto renewal. First, edit the crontab file:

    sudo crontab -e

    Add the following line to the end of the file:

    15 3 * * * /usr/bin/certbot renew --quiet

    This will run a cron job every morning at 3:15 AM and renew the certificate if it has expired. A log of the command's excution is saved to /var/log/le-renew.log.

If you cannot log in with the client and get the error

java.lang.RuntimeException: Could not generate DH keypair and
java.security.InvalidAlgorithmParameterException: Prime size must be
multiple of 64, and can only range from 512 to 1024 (inclusive)
/var/log/le-renew.log

Add the following to the end of the first certificate file you have configured using the SSLCertificateFile directive in /etc/apache2/sites-enabled/default-ssl.conf.

-----BEGIN DH PARAMETERS-----
MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
-----END DH PARAMETERS-----

For the server at biobank.cbsr.ualberta.ca this was added to the file /etc/letsencrypt/live/biobank.cbsr.ualberta.ca/fullchain.pem.

Port 80 Behind Firewall

Using Acme Shell script.

  1. Switch to the root user and install using curl:

    sudo -i
curl https://get.acme.sh | sh

  2. Logout of the root shell.

  3. Switch to the root user again, and install certificate:

    sudo -i
.acme.sh/acme.sh --issue --alpn --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2" -d biobank.cbsr.ualberta.ca
systemctl start apache2

  4. Restart the Apache server:

    sudo systemctl start apache2

Main Page

Clone this wiki locally