Apache and Tomcat with mod_jk
This document show the must basic configuration of
mod_jk for Apache to make
it work connected to Tomcat.
ap-jk package from pkgsrc, that will build and install mod_jk
Just after the install, a message appear and give an example about
LoadModule jk_module lib/httpd/mod_jk.so <IfModule mod_jk.c> JkWorkersFile /usr/pkg/tomcat/conf/workers.properties JkLogFile /var/log/httpd/mod_jk.log JkLogLevel info JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " </IfModule>
So, looking to these configuration is easy to see that there is a
workers.properties file. Tomcat documentation gives a very good example of
workers.properties and httpd.conf. So workers.properties in
workers.tomcat_home=/usr/pkg/tomcat workers.java_home=/usr/pkg/java/sun-1.5 ps=/ worker.list=ajp13 worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13
Tomcat documentation: The AJP Connector
The port used by the protocol (AJP 1.3) to make this connection is 8009, as set in the workers.properties file. The server.xml file also holds this information for Tomcat.
We also need to tell
mod_jk to "mount" the Tomcat application in the http
URL, that is, make HTTP URLs be translated to Tomcat application. Example::
should show the same page as::
(supposing that Tomcat is running in port 8080).
LoadModule jk_module lib/httpd/mod_jk.so <IfModule mod_jk.c> JkWorkersFile /usr/pkg/tomcat/conf/workers.properties JkLogFile /var/log/httpd/mod_jk.log JkLogLevel info JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " JkMount /source/* ajp13 </IfModule>
Just restart Apache and see if it is working.
To make Apache apache work with HTTP authentication, globally, put inside a <Directory> directive, Auth* and Require directives, like in the following example::
<Directory /> Options FollowSymLinks AllowOverride None AuthType Basic AuthName "Authentication Required" AuthUserFile /usr/pkg/etc/httpd/passwd Require user username </Directory>
This will make authentication be required for all directories in the server.
Don't forget to create the passwd file with htpasswd (see that the passwd file can have any name and be anywhere, since you configured its path correctly in the AuthUserFile directive). Also "username" is the name of the user you want to provide access to::
# htpasswd -c /usr/pkg/etc/httpd/passwd username New password: <type password here> Re-type password: <type password again>
Restart the server. Authentication is probably running fine.
LDAP authentication is a bit different from basic authentication. You need to insert some other configuration options. The following example make user login according to its e-mail field on the LDAP database::
<Directory /var/www/html> AuthType Basic AuthName "LDAP authentication" AuthLDAPURL ldap://ldapserver:389/o=bla?mail require valid-user </Directory>
If you have an Organization Unit (ou) called "Groups", with Groups defined on it and users added to the groups (where a user can belong to more than one group, like in Unix groups) and want to authenticate only users belonging to a given group, for instance, the "mygroup" group, follow this example::
<Location /myarea> AuthType Basic AuthName "LDAP authentication" AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPGroupAttributeIsDN off AuthLDAPGroupAttribute memberUid AuthLDAPURL "ldap://ldapserver:389/ou=Users,dc=foo,dc=bar,dc=com?uid" require ldap-group cn=mygroup,ou=Groups,dc=foo,dc=bar,dc=com Order deny,allow allow from all </Location>
You may combine other attributes to authenticate, besides "uid". According to
the mod_authnz_ldap documentation, the standards (RFC 2255, obsoleted by
RFC 4516) allow the use of multiple attributes separated by comma, but
Apache does not support it. You can use filters instead. See how the
AuthLDAPURL directive looks after using the filter mechanism to match
users whose attribute "employeeType" has the "Worker" string::
httpd: apr_sockaddr_info_get() failed for HOST
I'm using Apache 2.2 in NetBSD 5.1 and, just after I started Apache for the first time, I got this error::
httpd: apr_sockaddr_info_get() failed for auron
"auron" is the name of my host.
The problem was that
/etc/hosts didn't have an entry indicating that
127.0.0.1, besides being
localhost, is also
So I just added to
Unknown Authn provider: ldap when implementing LDAP HTTP authentication
If you are trying to configure LDAP HTTP authentication in Apache 2.2 in a Debian system, maybe the following error came up::
Unknown Authn provider: ldap
It is probably because you has a link to
/etc/apache2/mods-enabled but don't have a link to
there, so create it. I'm using Debian, but you might have to check your
Apache and Subversion authentication with Microsoft Active Directory
"File not found" and
AH01071: Got error 'Primary script unknown
Possible solution: Check permissions for all directories in the path to
index.html (or similar) can be accessed by the user that runs Apache.