Apache, Tomcat, JK Configuration Example
Example of worker.properties:
worker.list=myWorker,yourWorker worker.myWorker.port=7505 worker.myWorker.host=my.host.com worker.myWorker.type=ajp13 worker.myWorker.secret=secretword worker.yourWorker.port=7505 worker.yourWorker.host=your.host.com worker.yourWorker.type=ajp13 worker.yourWorker.secret=yoursecretword
Example of httpd.conf
# ## httpd.conf -- Apache HTTP server main configuration file ## ## This is an attempt to make a minimal, generic and yet useful configuration ## ## For INTERNAL UBS IB users (read the comments #@). ## - See complete original file ./conf/original/httpd.conf with syntax comments. ## - More documentation: http://goto/apache and http://httpd.apache.org ## ## For EXTERNAL Hosted web servers, you MUST read and change all sections marked #@SECURITY # # ‘Main‘ server configuration ServerRoot "/home/tp/apache" ServerAdmin [email protected] ServerName someone.host.com:8585 DocumentRoot "/home/tp/apache/htdocs" # User and group Apache run-as User someone_id #Group some_group_id # UseCanonicalName: how SERVER_NAME and SERVER_PORT variables are set. # Off -> Apache will use the Hostname and Port supplied by the client. # On -> Apache will use the value of the ServerName directive. UseCanonicalName Off Listen 8585 # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. #LockFile logs/accept.lock #ScoreBoardFile logs/apache_runtime_status #PidFile /sbclocal/web/dyn/data/myproject/logs/httpd.pid # location for the core dump CoreDumpDirectory logs # Performance settings # ServerLimit default is 16 (worker) and 256 (prefork,compiled hard limit 20000) # Performance settings - prefork MPM #ServerLimit 256 StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 10000 # Performance settings - Threaded MPM #ThreadLimit 64 #ServerLimit 16 StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 #@ Uncomment for a potential performance boost on Solaris, although at the expense of %cpu #AcceptMutex sysvsem # Persistence connections KeepAlive On MaxKeepAliveRequests 500 KeepAliveTimeout 1 # Amount of time the server will wait for certain events before failing a request #@ you might want to consider lowering this amount Timeout 300 #@SECURITY to minimize a kind of DoS attack - limit the headers (see docs for more directives) #LimitRequestFields 30 #RequestReadTimeout header=2 body=10 #@ or more complete and select appropriate values for TIMEOUT MINRATE for your application #RequestReadTimeout header=TIMEOUT,MinRate=MINRATE body=TIMEOUT,MinRate=MINRATE #@ Due to large cookies you might see errors such as 413 Request Entity Too Large or 400 Bad Reques, #@ to mitigate uncomment the following #LimitRequestFieldSize 12288 #@ Give reasonable requests the chance to stop naturally before they are ended #@ but keep the wait short enough to not frustrate support people GracefulShutDownTimeout 5 HostnameLookups Off # Turned off when serving from networked-mounted EnableMMAP off EnableSendfile off # # Dynamic Shared Object (DSO) Support (see ./conf/original/httpd.conf) #@SECURITY load only what you really need - Comment all other LoadModules you don‘t need # LoadModule alias_module modules/mod_alias.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule deflate_module modules/mod_deflate.so LoadModule dir_module modules/mod_dir.so #@ mod_rewrite is not required by default #LoadModule rewrite_module modules/mod_rewrite.so LoadModule log_config_module modules/mod_log_config.so #LoadModule logio_module modules/mod_logio.so LoadModule env_module modules/mod_env.so LoadModule expires_module modules/mod_expires.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule mime_module modules/mod_mime.so LoadModule headers_module modules/mod_headers.so LoadModule reqtimeout_module modules/mod_reqtimeout.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so #LoadModule asis_module modules/mod_asis.so #LoadModule ident_module modules/mod_ident.so #LoadModule negotiation_module modules/mod_negotiation.so #LoadModule usertrack_module modules/mod_usertrack.so #LoadModule unique_id_module modules/mod_unique_id.so #LoadModule vhost_alias_module modules/mod_vhost_alias.so #LoadModule imagemap_module modules/mod_imagemap.so #LoadModule actions_module modules/mod_actions.so #@SECURITY Commenting the following line ensures that there will be no accidental directory listing #@ Also check/uncomment httpd-autoindex.conf below LoadModule autoindex_module modules/mod_autoindex.so LoadModule cgi_module modules/mod_cgi.so LoadModule cgid_module modules/mod_cgid.so # On threaded servers, the path to the UNIX socket used to communicate with the CGI daemon. #Scriptsock logs/cgisock LoadModule ssl_module modules/mod_ssl.so LoadModule perl_module apache_modules/2.2.20/mod_perl/2.0.5+perl-5.12.3/modules/mod_perl.so #@SECURITY PLEASE DO NOT REMOVE - SECURITY RISK EXCEPTION TraceEnable Off #@SECURITY PLEASE UNCOMMENT FOR EXTERNAL CUSTOMER SITES (amber or green zone) - IT AUDIT #ServerTokens Prod #ServerSignature Off # protect the document root Options FollowSymLinks AllowOverride None Order deny,allow Deny from all <Directory "/home/tp/apache/htdocs"> #@SECURITY FOR PRODUCTION - EXTERNAL CUSTOMER SITES (amber or green zone) #@ Replace with Options None Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all DirectoryIndex index.html <FilesMatch "^\.ht"> Order allow,deny Deny from all Satisfy All # Logging ErrorLog logs/error.log # Possible values: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common # You need to uncomment mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combined CustomLog logs/access.log combined #@SECURITY FOR PRODUCTION - REMOVE OR SECURE AS REQUIRED THIS cgi-bin section !! #ScriptAlias /cgi-bin/ "/sbcimp/run/pd/apache/2.2.20/cgi-bin/" <Directory "/sbcimp/run/pd/apache/2.2.20/cgi-bin/"> AllowOverride None Options None Order allow,deny Allow from all DefaultType text/plain TypesConfig conf/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz TypesConfig /sbcimp/run/pd/apache/2.2.20/conf/mime.types MIMEMagicFile /sbcimp/run/pd/apache/2.2.20/conf/magic #@ Sample custom error message - repeat for 404, 503,... can be a html or a script. #@ and support multilangual ErrorDocument 500 "Your Custom error 500 message here." #@ If you uncomment any of these, be sure to uncomment negotiation_module #Include /sbcimp/run/pd/apache/2.2.20/conf/extra/httpd-autoindex.conf #Include /sbcimp/run/pd/apache/2.2.20/conf/extra/httpd-multilang-errordoc.conf #Include /sbcimp/run/pd/apache/2.2.20conf/extra/httpd-languages.conf # Not needed: Apache user manual and documentation (same as .org) #Include /sbcimp/run/pd/apache/2.2.20/conf/extra/httpd-manual.conf # Real-time info on requests and configuration #@SECURITY FOR PRODUCTION - REMOVE OR SECURE AS REQUIRED THESE Includes !! #Include /sbcimp/run/pd/apache/2.2.20/conf/extra/httpd-info.conf # Secure (SSL/TLS) connections if module loaded Include conf/extra/httpd-ssl.conf # e.g. Virtual hosts for a virtual site on port 10010 #Include conf/httpd-vsite-10010.conf # Load Apache JK LoadModule jk_module "/sbcimp/run/pd/apache_modules/2.2.20/mod_jk/1.2.32/modules/mod_jk.so" # Set up the JK worker properties JkWorkersFile conf/workers.properties # Log and level #JkLogFile logs/mod_jk.log JkLogFile "|/sbcimp/run/pd/apache/2.2.20/bin/rotatelogs -l /home/tp/apache/logs/mod_jk.%Y-%m-%d.log 86400" JkLogLevel info # Uncomment the following directive to log each jk requests for Tomcat. # Since 1.2.26 you can log the duration in the apache custom log # http://tomcat.apache.org/connectors-doc/reference/apache.html # If commented there will be no requests information in the log #JkRequestLogFormat "%b %H %m %p %q %r %s %v %w %V %T" # For the perl analysis scripts: #JkRequestLogFormat "%w %V %U %s %T %B %H %m" # Make sure that Apache cannot serve content from these directories <LocationMatch "/WEB-INF/" > deny from all <LocationMatch "/META-INF/" > deny from all #@ Customize error pages in the main apache conf and use an html or a cgi ErrorDocument 503 "Error 503: Tomcat is down, please contact [email protected]" #ErrorDocument 404 "Error 404: not found" # Some jk options to read about - see http://tomcat -> FAQ #JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkOptions +FlushPackets ################################################################## # # Application mapping to Tomcat # ################################################################## # Instead of the jkMount below, you can map dynamically update the mappings # The file‘s content is checked by default every 60 sec. The content format is: # /examples/*=myfirstapp #JkMountFile conf/uriworkermap.properties ################################################################## # Enable the JK manager status page access from ipaddr or localhost only. # This does not work w/o the load balancer setup in worker.properties; # properties can be set to make the jk status mgr read only or read/write. JkMount jkstatus Order deny,allow Deny from all Allow from 127.0.0.1 swissbank.com ubsw.net #or Allow from 127.0.0.1 ################################################################## # # # See FAQs to set Apache httpd to serve static content and Tomcat # only to serve servlet/* and *.jsp # You can have Tomcat serve it all, see special context: ROOT.xml # JkMount /* myWorker # JkMount /my-web|/* myWorker JkMount /your-web|/* yourWorker
Example of server.xml
<?xml version=‘1.0‘ encoding=‘utf-8‘?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <Server port="8005" shutdown="RaNdOm-SeCrEt-CoDe"> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> <Listener className="org.apache.catalina.core.JasperListener" /> <!-- Prevent memory leaks due to use of particular java/javax APIs--> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html --> <GlobalNamingResources> <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users --> <!-- used for the manager and admin demo not to be used in production as is !! --> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <!-- A "Service" is a collection of one or more "Connectors" that share a single "Container" --> <Service name="Catalina"> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <!-- NOTE: MUST only be used as a development aid. It is banned in production "as-is".--> <Connector protocol="HTTP/1.1" port="8855" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" /> <!-- Define an AJP 1.3 Connector on port 7505 for the Apache mod_jk --> <!-- ** AMEND: port and requiredSecret parameters as required --> <!-- See workers.properties if you need: connectionTimeout="600000" --> <Connector port="7505" protocol="AJP/1.3" enableLookups="false" redirectPort="8443" requiredSecret="secretword"/> <!-- An Engine represents the entry point that processes analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). --> <Engine name="Catalina" defaultHost="localhost"> <!-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack --> <Realm className="org.apache.catalina.realm.LockOutRealm"> <!-- This Realm uses the UserDatabase configured in the global JNDI --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" > <!-- You must set an access log --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs/tomcat" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" resolveHosts="false"/> </Host> </Engine> </Service> </Server>
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。