Apache, Tomcat, JK Configuration Example
Example of worker.properties:
worker.list=myWorker,yourWorker worker.myWorker.port=7505 worker.myWorker.host=my.host.com worker.myWorker.type=ajp13 worker.myWorker.secret=secretword worker.yourWorker.port=7505 worker.yourWorker.host=your.host.com worker.yourWorker.type=ajp13 worker.yourWorker.secret=yoursecretword
Example of httpd.conf
#
## httpd.conf -- Apache HTTP server main configuration file
##
## This is an attempt to make a minimal, generic and yet useful configuration
##
## For INTERNAL UBS IB users (read the comments #@).
## - See complete original file ./conf/original/httpd.conf with syntax comments.
## - More documentation: http://goto/apache and http://httpd.apache.org
##
## For EXTERNAL Hosted web servers, you MUST read and change all sections marked #@SECURITY
#
# 'Main' server configuration
ServerRoot "/home/tp/apache"
ServerAdmin someone@qq.com
ServerName someone.host.com:8585
DocumentRoot "/home/tp/apache/htdocs"
# User and group Apache run-as
User someone_id
#Group some_group_id
# UseCanonicalName: how SERVER_NAME and SERVER_PORT variables are set.
# Off -> Apache will use the Hostname and Port supplied by the client.
# On -> Apache will use the value of the ServerName directive.
UseCanonicalName Off
Listen 8585
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#LockFile logs/accept.lock
#ScoreBoardFile logs/apache_runtime_status
#PidFile /sbclocal/web/dyn/data/myproject/logs/httpd.pid
# location for the core dump
CoreDumpDirectory logs
# Performance settings
# ServerLimit default is 16 (worker) and 256 (prefork,compiled hard limit 20000)
# Performance settings - prefork MPM
#ServerLimit 256
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 10000
# Performance settings - Threaded MPM
#ThreadLimit 64
#ServerLimit 16
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
#@ Uncomment for a potential performance boost on Solaris, although at the expense of %cpu
#AcceptMutex sysvsem
# Persistence connections
KeepAlive On
MaxKeepAliveRequests 500
KeepAliveTimeout 1
# Amount of time the server will wait for certain events before failing a request
#@ you might want to consider lowering this amount
Timeout 300
#@SECURITY to minimize a kind of DoS attack - limit the headers (see docs for more directives)
#LimitRequestFields 30
#RequestReadTimeout header=2 body=10
#@ or more complete and select appropriate values for TIMEOUT MINRATE for your application
#RequestReadTimeout header=TIMEOUT,MinRate=MINRATE body=TIMEOUT,MinRate=MINRATE
#@ Due to large cookies you might see errors such as 413 Request Entity Too Large or 400 Bad Reques,
#@ to mitigate uncomment the following
#LimitRequestFieldSize 12288
#@ Give reasonable requests the chance to stop naturally before they are ended
#@ but keep the wait short enough to not frustrate support people
GracefulShutDownTimeout 5
HostnameLookups Off
# Turned off when serving from networked-mounted
EnableMMAP off
EnableSendfile off
#
# Dynamic Shared Object (DSO) Support (see ./conf/original/httpd.conf)
#@SECURITY load only what you really need - Comment all other LoadModules you don't need
#
LoadModule alias_module modules/mod_alias.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
#@ mod_rewrite is not required by default
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule headers_module modules/mod_headers.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule imagemap_module modules/mod_imagemap.so
#LoadModule actions_module modules/mod_actions.so
#@SECURITY Commenting the following line ensures that there will be no accidental directory listing
#@ Also check/uncomment httpd-autoindex.conf below
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
# On threaded servers, the path to the UNIX socket used to communicate with the CGI daemon.
#Scriptsock logs/cgisock
LoadModule ssl_module modules/mod_ssl.so
LoadModule perl_module apache_modules/2.2.20/mod_perl/2.0.5+perl-5.12.3/modules/mod_perl.so
#@SECURITY PLEASE DO NOT REMOVE - SECURITY RISK EXCEPTION
TraceEnable Off
#@SECURITY PLEASE UNCOMMENT FOR EXTERNAL CUSTOMER SITES (amber or green zone) - IT AUDIT
#ServerTokens Prod
#ServerSignature Off
# protect the document root
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
<Directory "/home/tp/apache/htdocs">
#@SECURITY FOR PRODUCTION - EXTERNAL CUSTOMER SITES (amber or green zone)
#@ Replace with Options None
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
DirectoryIndex index.html
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
# Logging
ErrorLog logs/error.log
# Possible values: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
# You need to uncomment mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combined
CustomLog logs/access.log combined
#@SECURITY FOR PRODUCTION - REMOVE OR SECURE AS REQUIRED THIS cgi-bin section !!
#ScriptAlias /cgi-bin/ "/sbcimp/run/pd/apache/2.2.20/cgi-bin/"
<Directory "/sbcimp/run/pd/apache/2.2.20/cgi-bin/">
AllowOverride None
Options None
Order allow,deny
Allow from all
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
TypesConfig /sbcimp/run/pd/apache/2.2.20/conf/mime.types
MIMEMagicFile /sbcimp/run/pd/apache/2.2.20/conf/magic
#@ Sample custom error message - repeat for 404, 503,... can be a html or a script.
#@ and support multilangual
ErrorDocument 500 "Your Custom error 500 message here."
#@ If you uncomment any of these, be sure to uncomment negotiation_module
#Include /sbcimp/run/pd/apache/2.2.20/conf/extra/httpd-autoindex.conf
#Include /sbcimp/run/pd/apache/2.2.20/conf/extra/httpd-multilang-errordoc.conf
#Include /sbcimp/run/pd/apache/2.2.20conf/extra/httpd-languages.conf
# Not needed: Apache user manual and documentation (same as .org)
#Include /sbcimp/run/pd/apache/2.2.20/conf/extra/httpd-manual.conf
# Real-time info on requests and configuration
#@SECURITY FOR PRODUCTION - REMOVE OR SECURE AS REQUIRED THESE Includes !!
#Include /sbcimp/run/pd/apache/2.2.20/conf/extra/httpd-info.conf
# Secure (SSL/TLS) connections if module loaded
Include conf/extra/httpd-ssl.conf
# e.g. Virtual hosts for a virtual site on port 10010
#Include conf/httpd-vsite-10010.conf
# Load Apache JK
LoadModule jk_module "/sbcimp/run/pd/apache_modules/2.2.20/mod_jk/1.2.32/modules/mod_jk.so"
# Set up the JK worker properties
JkWorkersFile conf/workers.properties
# Log and level
#JkLogFile logs/mod_jk.log
JkLogFile "|/sbcimp/run/pd/apache/2.2.20/bin/rotatelogs -l /home/tp/apache/logs/mod_jk.%Y-%m-%d.log 86400"
JkLogLevel info
# Uncomment the following directive to log each jk requests for Tomcat.
# Since 1.2.26 you can log the duration in the apache custom log
# http://tomcat.apache.org/connectors-doc/reference/apache.html
# If commented there will be no requests information in the log
#JkRequestLogFormat "%b %H %m %p %q %r %s %v %w %V %T"
# For the perl analysis scripts:
#JkRequestLogFormat "%w %V %U %s %T %B %H %m"
# Make sure that Apache cannot serve content from these directories
<LocationMatch "/WEB-INF/" >
deny from all
<LocationMatch "/META-INF/" >
deny from all
#@ Customize error pages in the main apache conf and use an html or a cgi
ErrorDocument 503 "Error 503: Tomcat is down, please contact DL-APAC-Ops-SAR-Team-All@ubs.com"
#ErrorDocument 404 "Error 404: not found"
# Some jk options to read about - see http://tomcat -> FAQ
#JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkOptions +FlushPackets
##################################################################
#
# Application mapping to Tomcat
#
##################################################################
# Instead of the jkMount below, you can map dynamically update the mappings
# The file's content is checked by default every 60 sec. The content format is:
# /examples/*=myfirstapp
#JkMountFile conf/uriworkermap.properties
##################################################################
# Enable the JK manager status page access from ipaddr or localhost only.
# This does not work w/o the load balancer setup in worker.properties;
# properties can be set to make the jk status mgr read only or read/write.
JkMount jkstatus
Order deny,allow
Deny from all
Allow from 127.0.0.1 swissbank.com ubsw.net
#or Allow from 127.0.0.1
##################################################################
#
#
# See FAQs to set Apache httpd to serve static content and Tomcat
# only to serve servlet/* and *.jsp
# You can have Tomcat serve it all, see special context: ROOT.xml
# JkMount /* myWorker
#
JkMount /my-web|/* myWorker
JkMount /your-web|/* yourWorker
Example of server.xml
<?xml version='1.0' encoding='utf-8'?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <Server port="8005" shutdown="RaNdOm-SeCrEt-CoDe"> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> <Listener className="org.apache.catalina.core.JasperListener" /> <!-- Prevent memory leaks due to use of particular java/javax APIs--> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html --> <GlobalNamingResources> <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users --> <!-- used for the manager and admin demo not to be used in production as is !! --> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <!-- A "Service" is a collection of one or more "Connectors" that share a single "Container" --> <Service name="Catalina"> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <!-- NOTE: MUST only be used as a development aid. It is banned in production "as-is".--> <Connector protocol="HTTP/1.1" port="8855" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" /> <!-- Define an AJP 1.3 Connector on port 7505 for the Apache mod_jk --> <!-- ** AMEND: port and requiredSecret parameters as required --> <!-- See workers.properties if you need: connectionTimeout="600000" --> <Connector port="7505" protocol="AJP/1.3" enableLookups="false" redirectPort="8443" requiredSecret="secretword"/> <!-- An Engine represents the entry point that processes analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). --> <Engine name="Catalina" defaultHost="localhost"> <!-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack --> <Realm className="org.apache.catalina.realm.LockOutRealm"> <!-- This Realm uses the UserDatabase configured in the global JNDI --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" > <!-- You must set an access log --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs/tomcat" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" resolveHosts="false"/> </Host> </Engine> </Service> </Server>
浙公网安备 33010602011771号