Apache, Tomcat, JK Configuration Example

Example of worker.properties:

worker.list=myWorker,yourWorker

worker.myWorker.port=7505
worker.myWorker.host=my.host.com
worker.myWorker.type=ajp13
worker.myWorker.secret=secretword

worker.yourWorker.port=7505
worker.yourWorker.host=your.host.com
worker.yourWorker.type=ajp13
worker.yourWorker.secret=yoursecretword

 

Example of httpd.conf

技术分享
#
## httpd.conf -- Apache HTTP server main configuration file
##
## This is an attempt to make a minimal, generic and yet useful configuration
##
## For INTERNAL UBS IB users (read the comments #@).
## - See complete original file ./conf/original/httpd.conf with syntax comments.
## - More documentation: http://goto/apache and http://httpd.apache.org
##
## For EXTERNAL Hosted web servers, you MUST read and change all sections marked #@SECURITY
#

# ‘Main‘ server configuration
ServerRoot "/home/tp/apache"
ServerAdmin [email protected]
ServerName someone.host.com:8585
DocumentRoot "/home/tp/apache/htdocs"
# User and group Apache run-as
User  someone_id
#Group some_group_id

# UseCanonicalName: how SERVER_NAME and SERVER_PORT variables are set.
# Off -> Apache will use the Hostname and Port supplied by the client.
# On  -> Apache will use the value of the ServerName directive.
UseCanonicalName Off

Listen 8585

# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#LockFile logs/accept.lock
#ScoreBoardFile logs/apache_runtime_status
#PidFile /sbclocal/web/dyn/data/myproject/logs/httpd.pid
# location for the core dump
CoreDumpDirectory logs

# Performance settings
# ServerLimit default is 16 (worker) and 256 (prefork,compiled hard limit 20000)

# Performance settings - prefork MPM

    #ServerLimit        256
    StartServers          5
    MinSpareServers       5
    MaxSpareServers      10
    MaxClients          150
    MaxRequestsPerChild  10000


# Performance settings - Threaded MPM

    #ThreadLimit         64
    #ServerLimit         16
    StartServers          2
    MaxClients          150
    MinSpareThreads      25
    MaxSpareThreads      75
    ThreadsPerChild      25
    MaxRequestsPerChild   0

    #@ Uncomment for a potential performance boost on Solaris, although at the expense of %cpu
    #AcceptMutex sysvsem



# Persistence connections
KeepAlive On
MaxKeepAliveRequests 500
KeepAliveTimeout 1

# Amount of time the server will wait for certain events before failing a request
#@ you might want to consider lowering this amount
Timeout 300

#@SECURITY to minimize a kind of DoS attack - limit the headers (see docs for more directives)
#LimitRequestFields 30
#RequestReadTimeout header=2 body=10
#@ or more complete and select appropriate values for TIMEOUT MINRATE for your application
#RequestReadTimeout header=TIMEOUT,MinRate=MINRATE body=TIMEOUT,MinRate=MINRATE

#@ Due to large cookies you might see errors such as 413 Request Entity Too Large or 400 Bad Reques,
#@ to mitigate uncomment the following
#LimitRequestFieldSize 12288

#@ Give reasonable requests the chance to stop naturally before they are ended
#@ but keep the wait short enough to not frustrate support people
GracefulShutDownTimeout 5

HostnameLookups Off

# Turned off when serving from networked-mounted
EnableMMAP off
EnableSendfile off

#
# Dynamic Shared Object (DSO) Support (see ./conf/original/httpd.conf)
#@SECURITY load only what you really need - Comment all other LoadModules you don‘t need
#
LoadModule alias_module            modules/mod_alias.so
LoadModule authz_host_module       modules/mod_authz_host.so
LoadModule deflate_module          modules/mod_deflate.so
LoadModule dir_module              modules/mod_dir.so
#@ mod_rewrite is not required by default
#LoadModule rewrite_module          modules/mod_rewrite.so
LoadModule log_config_module       modules/mod_log_config.so
#LoadModule logio_module            modules/mod_logio.so
LoadModule env_module              modules/mod_env.so
LoadModule expires_module          modules/mod_expires.so
LoadModule mime_magic_module       modules/mod_mime_magic.so
LoadModule mime_module             modules/mod_mime.so
LoadModule headers_module          modules/mod_headers.so
LoadModule reqtimeout_module       modules/mod_reqtimeout.so
LoadModule setenvif_module         modules/mod_setenvif.so
LoadModule version_module          modules/mod_version.so

#LoadModule asis_module             modules/mod_asis.so
#LoadModule ident_module            modules/mod_ident.so
#LoadModule negotiation_module      modules/mod_negotiation.so
#LoadModule usertrack_module        modules/mod_usertrack.so
#LoadModule unique_id_module        modules/mod_unique_id.so
#LoadModule vhost_alias_module      modules/mod_vhost_alias.so
#LoadModule imagemap_module         modules/mod_imagemap.so
#LoadModule actions_module          modules/mod_actions.so

#@SECURITY Commenting the following line ensures that there will be no accidental directory listing
#@ Also check/uncomment httpd-autoindex.conf below
LoadModule autoindex_module        modules/mod_autoindex.so


   LoadModule cgi_module    modules/mod_cgi.so



   LoadModule cgid_module    modules/mod_cgid.so

   # On threaded servers, the path to the UNIX socket used to communicate with the CGI daemon.
   #Scriptsock logs/cgisock



   LoadModule ssl_module modules/mod_ssl.so



   LoadModule perl_module apache_modules/2.2.20/mod_perl/2.0.5+perl-5.12.3/modules/mod_perl.so


#@SECURITY PLEASE DO NOT REMOVE - SECURITY RISK EXCEPTION
TraceEnable Off

#@SECURITY PLEASE UNCOMMENT FOR EXTERNAL CUSTOMER SITES (amber or green zone) - IT AUDIT
#ServerTokens Prod
#ServerSignature Off

# protect the document root

    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all


<Directory "/home/tp/apache/htdocs">
    #@SECURITY FOR PRODUCTION - EXTERNAL CUSTOMER SITES (amber or green zone) 
    #@ Replace with Options None
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all



    DirectoryIndex index.html


<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All


# Logging
ErrorLog logs/error.log

# Possible values: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common


   # You need to uncomment mod_logio.c to use %I and %O
     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combined


CustomLog logs/access.log combined

#@SECURITY FOR PRODUCTION - REMOVE OR SECURE AS REQUIRED THIS cgi-bin section !!
#ScriptAlias /cgi-bin/ "/sbcimp/run/pd/apache/2.2.20/cgi-bin/"

<Directory "/sbcimp/run/pd/apache/2.2.20/cgi-bin/">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all


DefaultType text/plain


    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz


TypesConfig /sbcimp/run/pd/apache/2.2.20/conf/mime.types
MIMEMagicFile /sbcimp/run/pd/apache/2.2.20/conf/magic

#@ Sample custom error message - repeat for 404, 503,... can be a html or a script.
#@ and support multilangual
ErrorDocument 500 "Your Custom error 500 message here."

#@ If you uncomment any of these, be sure to uncomment negotiation_module
#Include /sbcimp/run/pd/apache/2.2.20/conf/extra/httpd-autoindex.conf
#Include /sbcimp/run/pd/apache/2.2.20/conf/extra/httpd-multilang-errordoc.conf
#Include /sbcimp/run/pd/apache/2.2.20conf/extra/httpd-languages.conf
# Not needed: Apache user manual and documentation (same as .org)
#Include /sbcimp/run/pd/apache/2.2.20/conf/extra/httpd-manual.conf

# Real-time info on requests and configuration
#@SECURITY FOR PRODUCTION - REMOVE OR SECURE AS REQUIRED THESE Includes !!
#Include /sbcimp/run/pd/apache/2.2.20/conf/extra/httpd-info.conf

# Secure (SSL/TLS) connections if module loaded

   Include conf/extra/httpd-ssl.conf


# e.g. Virtual hosts for a virtual site on port 10010
#Include conf/httpd-vsite-10010.conf

# Load Apache JK
LoadModule jk_module "/sbcimp/run/pd/apache_modules/2.2.20/mod_jk/1.2.32/modules/mod_jk.so"

# Set up the JK worker properties
JkWorkersFile conf/workers.properties

# Log and level
#JkLogFile logs/mod_jk.log
JkLogFile "|/sbcimp/run/pd/apache/2.2.20/bin/rotatelogs -l /home/tp/apache/logs/mod_jk.%Y-%m-%d.log 86400"
JkLogLevel info
# Uncomment the following directive to log each jk requests for Tomcat.
# Since 1.2.26 you can log the duration in the apache custom log
# http://tomcat.apache.org/connectors-doc/reference/apache.html
# If commented there will be no requests information in the log
#JkRequestLogFormat "%b %H %m %p %q %r %s %v %w %V %T"
# For the perl analysis scripts:
#JkRequestLogFormat "%w %V %U %s %T %B %H %m"

# Make sure that Apache cannot serve content from these directories
<LocationMatch "/WEB-INF/" >
deny from all


<LocationMatch "/META-INF/" >
deny from all


#@ Customize error pages in the main apache conf and use an html or a cgi
ErrorDocument 503 "Error 503: Tomcat is down, please contact [email protected]"
#ErrorDocument 404 "Error 404: not found"

# Some jk options to read about - see http://tomcat -> FAQ
#JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkOptions +FlushPackets
##################################################################
#
# Application mapping to Tomcat
#
##################################################################
# Instead of the jkMount below, you can map dynamically update the mappings
# The file‘s content is checked by default every 60 sec. The content format is:
# /examples/*=myfirstapp
#JkMountFile conf/uriworkermap.properties
##################################################################

# Enable the JK manager status page access from ipaddr or localhost only.
# This does not work w/o the load balancer setup in worker.properties;
# properties can be set to make the jk status mgr read only or read/write.

JkMount jkstatus
Order deny,allow
Deny from all
Allow from 127.0.0.1 swissbank.com ubsw.net
#or Allow from 127.0.0.1


##################################################################
#
#
# See FAQs to set Apache httpd to serve static content and Tomcat
# only to serve servlet/* and *.jsp
# You can have Tomcat serve it all, see special context: ROOT.xml
# JkMount /* myWorker
#
JkMount /my-web|/* myWorker
JkMount /your-web|/* yourWorker
View Code

 

Example of server.xml

技术分享
<?xml version=‘1.0‘ encoding=‘utf-8‘?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<Server port="8005" shutdown="RaNdOm-SeCrEt-CoDe">

  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
  <Listener className="org.apache.catalina.core.JasperListener" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -->
    <!-- used for the manager and admin demo not to be used in production as is !! -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <!-- A "Service" is a collection of one or more "Connectors" that share a single "Container" -->
  <Service name="Catalina">
  
    <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
    <!-- NOTE: MUST only be used as a development aid. It is banned in production "as-is".-->
    <Connector          protocol="HTTP/1.1"
                            port="8855" 
           maxHttpHeaderSize="8192"
                      maxThreads="150"
                 minSpareThreads="25"
                   enableLookups="false" 
                    redirectPort="8443" 
                     acceptCount="100"
               connectionTimeout="20000" 
            disableUploadTimeout="true" /> 
            

    <!-- Define an AJP 1.3 Connector on port 7505 for the Apache mod_jk -->
    <!-- ** AMEND: port and requiredSecret parameters as required       -->
    <!-- See workers.properties if you need: connectionTimeout="600000" -->
    <Connector port="7505"
                protocol="AJP/1.3"
           enableLookups="false"
            redirectPort="8443"
          requiredSecret="secretword"/>

    <!-- An Engine represents the entry point that processes analyzes the HTTP headers
         included with the request, and passes them on to the appropriate Host (virtual host). -->    
    <Engine name="Catalina" defaultHost="localhost">

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">

        <!-- This Realm uses the UserDatabase configured in the global JNDI -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
            resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
          unpackWARs="true" autoDeploy="true" >

             <!-- You must set an access log -->
         <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs/tomcat"  
               prefix="localhost_access_log." suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" resolveHosts="false"/>

      </Host>
    </Engine>
  </Service>
</Server>
View Code

 

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。