...
For some background on why you'd want to do this, and the principles behind
the configuration, see pages on Securing DSpace and Running DSpace on Standard Ports.
Note: These instructions are for Linux, and may be somewhat specific to Red Hat Enterprise Linux 3.2.3-52 and the following software versions (but hopefully they are still helpful for other distros)
- DSpace 1.3.x and above
- Apache HTTPD 2.0.46
- Tomcat 5.5.9 and above
Anyone who has successfully set up mod_jk
connector under different conditions should feel free to add their notes!
...
Check to see if the mod_jk
connector is installed. Most likely (at least on Red Hat), it should be in /etc/httpd/modules/
. However, you can try to locate it using the following command:
Code Block |
---|
locate mod_jk
|
If there is no response, then mod_jk
is not installed. Otherwise, if it is installed, you can obviously skip the next step!
...
libtool
(ftp://ftp.gnu.org/gnu/libtool)autoconf
(http://ftp.gnu.org/gnu/autoconf)ant
(http://jakarta.apache.org/ant/)
ant
should already be installed (since it's necessary for DSpace). Iflibtool
orautoconf
are missing (both should be in/usr/bin
), download the source and compile using the following commands:Code Block ./configure make make install
(3) In addition, you must have the Apache Web Server development tools installed. A quick way to check for this is to check for the APache eXtenSion tool (apxs
). It should probably be in /usr/sbin
, if installed:
Code Block |
---|
which apxs
|
If apxs
is missing, you can use the following command in Red Hat to install the httpd-devel
RPM as root (Other distros may need to find and install this RPM through other means):
Code Block |
---|
up2date -i httpd-devel
|
(4) Download the latest mod_jk
source from the Tomcat Download site http://jakarta.apache.org/site/downloads/downloads_tomcat.html.
(5) Unzip the contents into your home directory:
Code Block |
---|
gunzip -c jakarta-tomcat-connectors-1.2.14.1-src.tar.gz | tar -xvf -
|
(6) Configure the connectors with the path to the apxs
file on your system:
Code Block |
---|
cd jakarta-tomcat-connectors-1.2.14.1-src
cd jk/native
./configure --with-apxs=/usr/sbin/apxs
|
(7) Build mod_jk
with the following command:
Code Block |
---|
make
|
(8) Assuming all went well, the mod_jk.so
file will be created in the apache-2.0
subdirectory. You need to copy this file to Apache's shared object files directory (e.g. /etc/httpd/modules/
). From the same jk/native
directory run the following:
Code Block |
---|
cp apache-2.0/mod_jk.so /etc/httpd/modules
|
(9) In addition, copy the sample workers.properties file to the Apache configuration directory (e.g. /etc/httpd/conf/
). Assuming you are still in the jk/native
directory, run the following commands:
Code Block |
---|
cd ../conf
cp workers.properties /etc/httpd/conf
|
...
Once the mod_jk
connector has been installed, you will have to configure Apache to use this connector to communicate with Tomcat. First, modify the existing workers.properties.minimal
file (should be in /etc/httpd/conf/
, or whereever wherever you copied it to in Step 2 above):
You will need to modify the following Tomcat and Java home directories:
Code Block |
---|
workers.tomcat_home=tomcat
workers.java_home=java
|
Also add ajp13 to the worker list:
Code Block |
---|
worker.list=ajp13,lb,jk-status |
In addition, you may need to uncomment (and possibly change) the JVM for Unix:
Warning |
---|
For later versions of mod_jk (I installed 1.2.40) worker.iprocess.jvm_lib is deprecated and would throw an warning. I omitted this line with no problems. |
Code Block |
---|
Code Block |
# Unix - Sun VM or blackdown
worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)lib$(ps)i386$(ps)server$(ps)libjvm.so
|
...
However, the correct path of the libjvm.so
(at least for Red Hat) is java/jre/lib/i386/server/libjvm.so
(i.e. "server/libjvm.so
", not "classic/libjvm.so
")
Step 4 - Configure mod_jk connector
Next, you need to create a configuration file for the mod_jk
module (alternatively, you could just add the following configuration directly into your Apache httpd.conf
. I just like to separate things out a bit). In the /etc/httpd/conf.d/
directory (or whatever directory holds your external configuration files, which httpd.conf
loads), create a file called jk.conf
which has the following content (make sure to edit any paths so they are valid on your server!):
Code Block |
---|
# # Use the JK Module to connect to Tomcat Instance # # Load mod_jk module LoadModule jk_module modules/mod_jk.so # Where to find workers.properties JkWorkersFile /etc/httpd/conf/workers.properties # Where to put jk logs JkLogFile /var/log/httpd/mod_jk.log # Set the jk log level debug/error/info JkLogLevel info # Select the log format JkLogStampFormat "%a %b %d %H:%M:%S %Y " # JkOptions indicate to send SSL KEY SIZE, #JkOptions +ForwardKeySize +ForwardUICompatForwardURICompat -ForwardDirectories # Found that these options were necessary with Apache 2.2: JkOptions +ForwardKeySize +ForwardUIEscapedForwardURIEscaped +ForwardDirectories # JkRequestLogFormat set the request format JkRequestLogFormat "%w %V %T" # Send all requests for /dspace context to worker ajp13 # Note: ajp13 is defined in workers.properties and # uses the AJP 1.3 Protocol JkMount /dspace/* ajp13 # ... and ditto if you want OAI JkMount /dspace-oai/* ajp13 #For extra security, deny direct access to any WEB-INF and META-INF directories <LocationMatch "/WEB-INF/"> AllowOverride None Deny from all </LocationMatch> <LocationMatch "/META-INF/"> AllowOverride None Deny from all </LocationMatch> |
...
You can get a little tricky by doing something like:
Code Block |
---|
# Send all requests for root context / to worker ajp13
# Note: ajp13 is defined in workers.properties and
# uses the AJP 1.3 Protocol
JkMount /* ajp13
# Use SetEnvIf to set "no-jk" when /cgi-bin/ is encountered.
# This is necessary so that /cgi-bin/ scripts
# are run in Apache (and not forwarded to Tomcat).
SetEnvIf Request_URI "/cgi-bin/*" no-jk
# Set "no-jk" for /anotherApp/ as well (so it is run from Apache)
SetEnvIf Request_URI "/anotherApp/*" no-jk
|
...
Next, you need to take a look at the Tomcat server.xml
configuration file (in the /conf
} subdirectory, whereever Tomcat is installed). Ensure that the following AJP 1.3 Connector is uncommented:
Code Block |
---|
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" UIEncoding="UTF-8" tomcatAuthentication="false"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
|
...
Hopefully everything works for you! If it doesn't, ask questions to the dspace-tech@lists.sourceforge.net DSpace-Tech mailing list Mailing Lists. If you find any problems with the above instructions, feel free to edit and enhance them!