Getting Apache (server in DMZ) to pass all web traffic to Tomcat (server on LAN) - mod_jk?

Posted on 2005-05-04
Last Modified: 2013-11-24

First, I am not sure if I need to go the mod_jk route?  The WebServer is running in the DMZ and I want it to pass all traffic (including static pages) to the Tomcat App Server located on the LAN.  Assuming the mod_jk route is the way to go, how do I configure both servers so that they talk to each other.  

I have read through every post I could find on the net.  It is still unclear to me how I do this.  I am looking for a detailed response including example configuration files for the Apache and the Tomcat Servers.  Remember, these are two different machines.  

Thanks in advance :)

Question by:grouparmstrong
    LVL 15

    Expert Comment


    Author Comment

    The difference is that they are on two different machines...where should the mod_jk reside?  The tomcat server, the apche server or both?  Which binary of mod_jk can I use for RH ES 3?

    LVL 15

    Expert Comment

    That should not matter.
    mod_jk module is needed for Apache configuration.
    Tomcat has already code that can speak with the mod_jk using the AJP protocol.
    You just need to enable Tomcat of using it by having such an entry (see example link):

    <Connector className="org.apache.tomcat.service.PoolTcpConnector">
      <Parameter name="handler"  value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
      <Parameter name="port" value="8009"/>

    Mod_jk can speak with many Tomcat instance on different machines if needed.

    LVL 29

    Expert Comment

    Just as a confirmation to aozarov's comments.

     It's fairly standard to use mod_jk to connect apache to tomcat, and it's fairly standard for production environments to have apache and tomcat on different machines (as well as the database on a different machine.)
    I would go as far as to recommend that there is a firewall between them so that the tomcat machine only responds to requests from the IP of the apache machine (which I'm guessing you have if the apache server is in the DMZ).

    You have all the links you need above as it's surprising easy to set up.

    As far as binaries go, this is probably your best bet with the latest version of mod_jk being 1.2.11

    Author Comment

    This  came with my Tomcat default server.xml file :

        <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
        <Connector port="8009"
                   enableLookups="false" redirectPort="8443" debug="0"
                   protocol="AJP/1.3" />

    Do I need to comment this out and put in it's place :

    <Connector className="org.apache.tomcat.service.PoolTcpConnector">
      <Parameter name="handler"  value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
      <Parameter name="port" value="8009"/>

    LVL 15

    Expert Comment

    No, the one you have is fine.
    LVL 15

    Expert Comment

    In the same file (server.xml) don't forget to uncomment:

        <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
        <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">        

    and comment this instead
    <Engine name="Catalina" defaultHost="localhost" debug="0">

    Also make sure that jvmRoute="jvm1" should  jvmRoute="your_worker_name_as_defined_in_the_Apache__conf/"

    Author Comment

    You mention located in my /etc/httpd/conf


    1.  I assume both the App server and the web server must each have a file?
    2.  What should the web servers file contain?  Some of the examples that I've seen reference local directories/files that are unavailable since I am connecting to a remote app server.

    For example:

    <-- Start -->



    <-- End -->

    3.  Where in the above /etc/httpd/conf/ file would I put jvmRoute="jvm1" should  jvmRoute="your_worker_name_as_defined_in_the_Apache__conf/" ... or better, how can you give me an all purpose that I can try to cut and paste?

    4.  Do I need to manually create a mod_jk.conf since I cannot (I may be wrong) auto generate this file and simply pointto it...being that the app server is reomote?  

    5.  Where do I put the IP address of the remote tomcat server?

    LVL 15

    Expert Comment

    1.  I assume both the App server and the web server must each have a file?
    No, there is no need for it the the Tomcat side (this is Apache config file)

    In Tomcat server.xml keep jvmRoute="jvm1" as is.

    In apache conf/ have
                   # Define jvm1

                   # Load-balancing behaviour

                   # Status worker for managing load balancer

    You need to create the mod-jk.conf file
    see this link for the right mod-jk.conf content as well as more up-to-date setup information
    Just ignore the Jboss part (the part that talks about jboss-service.xml).

    Author Comment

    I ended up using mod_jk2.  Here's is how I got it to work...  

    I have two servers, both running Redhat ES v3.  The Web server resides in my DMZ behind eth0 of my firewall.  I use the Apache 2 binary that I get through the RH subscription (ES Extra's).  The App server is on the LAN, behind eth1 of my firewall.  I have tomcat 5 configured to run over 8080.  I have a rule in my firewall that allows traffic over port 8009 to pass from VLAN IP of the webserver to the VLAN IP of the App server.  

    Configuring the App server was easy.  I just made sure that the following connector statement was in conf/server.xml:

    <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
        <Connector port="8009" enableLookups="false" redirectPort="8443" debug="0" protocol="AJP/1.3" />

    Configuring the Web server took a little more time.  First, I downloaded a binary that I thought was close enough to my OS and put it in the /usr/lib/httpd/modules directory of my Web server.  Second, I created the following file and put in in the same directory as my httpd.conf file:







    Next, I modified the httpd.conf file and put the following LoadModule statement with all the other LoadModule statements:

    LoadModule jk2_module modules/

    That was it.  After starting Apache and Tomcat, it all worked almost perfectly.  I have 4 Virtual Hosts in my Web server.  Once I loaded the module, every virtual host was sent to the App server.  I have no clue how to make it so that only virtual host 2 is sent to the App server.  Everything would be great if I didn't have to run other websites, but I do...  

    Here is an snapshot of my Virtual Hosts 2 taken from httpd.conf of the Web server:

    # Virtual host 2
     ServerName www.<domainname>.com
     ServerAdmin admin@<domainname>.com
     DocumentRoot /var/www/<domainname>/htdocs
     ServerSignature Email
     DirectoryIndex index.html index.htm index.php default.htm default.html
     LogLevel debug
     HostNameLookups off

    Any ideas?  

    LVL 15

    Accepted Solution

    see: (entry "JK directives in httpd.conf")
    You need to add the Location mapping (map url to mod_jk) inside the VirtualHost entry.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    sameEnds challenge 25 57
    EvenOdd challenge 10 68
    matchUp  challenge 9 51
    Printing to a specific printer tray (HP 806dn printer) 3 28
    For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
    In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
    Viewers learn about the third conditional statement “else if” and use it in an example program. Then additional information about conditional statements is provided, covering the topic thoroughly. Viewers learn about the third conditional statement …
    Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now