1.6 Tomcat-Apache HTTP Integration
The Apache Jakarta Tomcat servlet container is one of the most popular and best supported
open-source engines that Moab Access Portal®
can be run in, and when combined with the
powerful open-source Apache HTTP web server, provide greater efficiency, security
, and stability. Other propreitary offerings such as IBM
WebSphere, BEA Weblogic, etc. provide even higher levels of support and equal performance
gains. Although we recommend none of these solutions above another, this section was written to help those who wish to integrate Tomcat and
HTTP in order to host the Access Portal.
1) First ensure that a recent JVM (Java Virtual Machine) is present on your system. Tomcat
requires that a JVM be present in order to properly run. It is important that the Java
version installed also includes tools to compile Java code, as this is used by Tomcat to
compile JSP pages on the fly. The Java 2 SDK 1.4.x available from Sun Microsystems meets all of these
2) Next download both Tomcat (Apache Jakarta
Project) and Apache HTTP (Apache HTTP) in
preparation for installation. At time of writing we recommend Tomcat 5.0.x and Apache
HTTP 2.0.x. Newer iterations are available, but at this time they are still in development
and have not been extensively tested with Access Portal. Binary installation for
Tomcat is almost always best, and the same goes with HTTP.
2) Next install the Tomcat binary files. Simply decompress the downloaded file to the
location where you wish Tomcat to reside. (Will be referred to as $TOMCAT_HOME for
the duration of this document.) The default file permissions should suffice for
this stage in installation. (A comprehensive installation guide of Tomcat is beyond this
document's scope. Please refer to Tomcat's own documentation for additional help and
3) Prepare to start Tomcat by ensuring the environment variable JAVA_HOME is set
and points to the location of the installed JVM. (Running which javac may reveal the
root directory of the JVM.) Now execute the $TOMCAT_HOME/bin/startup.sh file to
start the Tomcat service. Open a browser and abempt to access Tomcat's built-in
stand-alone web server at http://hostname:8080/. If you are welcomed by Tomcat's start web
page your installation has been thus far successful.
4) Proceed by installing Access Portal. Detailed instructions are given in Installing Access Portal.
5) Test Access Portal's installation by visiting, in a browser,
http://hostname:8080/map/. A login screen for the Access Portal should now
be visible. If not, check to ensure firewall settings are not restricting packet flow on
6) Next install Apache HTTP web server. (A comprehensive installation guide of Apache HTTP is
beyond this document's scope. Please refer to Apache HTTP's own documentation for additional help and
7) Test the Apache installation by browsing to http://hostname/ (defaults to port 80). You
should see a page confirming you successfully installed Apache. If not, check firewall
settings and ensure Apache was correctly installed. A vast community of support exists for
the Apache HTTP server and may be able to further assist in exceptional installation issues.
8) Prepare Apache to communicate with Tomcat via the Tomcat Connector. The recommended
connector version is JK-1.2.x, as it is the most stable and best supported. Use an already
compiled binary that matches your OS and version of Apache HTTP most closely. Simply copy
the mod_js.so file found in the compressed installation file into the
$HTTP_CONF/modules/ directory, where $HTTP_CONF is usually
/etc/httpd/. Ensure it has file permissions matching those of other module
files in the same directory.
9) Next copy files found in the Access Portal tools directory to the
$HTTP_CONF/conf/ directory. The required files include tomcat.conf and
10) Next edit tomcat.conf in its new location and update each line following a
CUSTOMIZE comment to reflect the configuration on your system. Save the changes
and exit the file.
11) Make a backup of $HTTP_CONF/conf/httpd.conf and then open it for editing.
Append the line Include $HTTP_CONF/conf/tomcat.conf to the end of the
file (where $HTTP_CONF is the actual directory location.)
12) Restart Apache HTTP. (On most systems, as root, run /etc/init.d/httpd
13) Verify that Apache is now communicating with Tomcat to service JSP/Servlets and Access Portal by visiting the URL http://hostname/map/ (note that this is on port 80!) You
should be directed to MAP's login screen as you were earlier when testing Tomcat's
installation. Be aware it may take several seconds for Apache to create an initial
connection with Tomcat.
14) Secure Tomcat by restricting access to port 8080 either with firewall settings, or by
disabling the stand-alone web server built into Tomcat. You do this by commenting out the
XML tag '<Connector port="8080" ...' in $TOMCAT_HOME/conf/server.xml
15) Restart Tomcat to load in configuration changes.
At this point Apache HTTP will serve all static content to users of Access Portal
(html, graphics, etc.) while Tomcat will only service dynamic pages created by JSP/Servlet
1.6.2 Enabling a SSL Connection
It is often desirable to also add an additional layer of security between
the end-user's browser and Access Portal by encrypting all data in a SSL connection.
By default, Apache 2.x comes built with SSL support, and may already have an available
secure connection. Check this by running 'netstat -tpan | grep 443'. If no output
is given, you will need to perform additional configuration. (A comprehensive installation
guide of SSL is beyond this document's scope. Please refer to OpenSSL and mod_ssl documentation
for more complete instruction.) The next few steps give an overview of this process:
1) Ensure OpenSSL is installed on the web server machine.
(Running which openssl as superuser should return a path.)
2) Ensure the Apache module mod_ssl
is installed on the web server machine. (Look in $HTTP_CONF/modules.)
3) If there is already a ssl.conf file in the $HTTP_CONF/conf directory,
simply include this into the httpd.conf file by appending the line Include
$HTTP_CONF/conf/ssl.conf to the end of the file. If there is no ssl.conf
file available, add the following to your httpd.conf file:
LoadModule ssl_module modules/mod_ssl.so
4) Verify that the files $HTTP_CONF/ssl.crt/server.crt and
$HTTP_CONF/ssl.key/server.key exist. If they do not exist, then a SSL key needs
to be created and signed by a CA authority and copied into these locations. If you wish to
create a self-signed certificate then you then execute the following commands:
openssl genrsa -out hostname.domain.key 1024
openssl req -new -key hostname.domain.key -out hostname.domain.csr
openssl x509 -days 730 -req -in hostname.domain.csr -signkey hostname.domain.key -out hostname.domain.cert
cp hostname.domain.key $HTTP_CONF/ssl.key/server.key
cp hostname.domain.cert $HTTP_CONF/ssl.crt/server.crt
5) Restart Apache HTTP server and verify that a SSL connection is now open on the server
(Be wary of firewall settingsettings that may prohibit the binding of port 443!) You can use the
'netstat -tpan | grep 443' to check if HTTP has activated a secure SSL
6) Finally test the SSL connection in a browser by visiting https://hostname/map/.