Fronting Tomcat with Apache via mod_proxy_ajp
These instructions should work for anyone that wants a simple setup of a single Tomcat instance fronted by a single Apache HTTP server. These instructions are for OS X, so your mileage may vary.
In sakai.properties, adjust your serverUrl:
Save and close.
If you are just running Tomcat standalone you would define a connector on port 8080 like this:
However we want to run Tomcat on an AJP connector, so:
Open for editing:
Comment out the normal connector above, and uncomment the AJP connector:
- Adjust the port if you wish and add in the URIEncoding="UTF-8" attribute.
- Start Tomcat normally.
We now need to tell Apache to talk to Tomcat over AJP. You should note that since OS X Leopard (10.5), the Apache config and modules have been relocated. This guide is for Leopard and for Apache 2.2 (default on Leopard). Also note that in Leopard, the necessary modules are already installed into /usr/libexec/apache2. Thanks Apple!
Navigate to your Apache directory:
Open httpd.confand scroll to the large LoadModule section. Ensure you have the following uncommented:
In my httpd.conf, right at the bottom there is a line:
This will load in all other config files in the other/ directory. In the next step we will create an ajp.conf file and this line will load it. If you don't have this line, create it, or a similar line to load in the ajp.conf file we create in the next step. Save and close httpd.conf
Create an ajp.conffile. You could put the configuration for AJP in the main httpd.conf file but I prefer to keep things separated.
Open ajp.confand paste in the following:
This will forward all requests to Tomcat. You can optionally pass a list of contexts that you want forwarded, like so:
- Adjust the port to be whatever the port is in your Tomcat AJP connector. Save and close.
- Once again, ensure you have the line in httpd.conf that is going to load this ajp.conf file.
You should get no output, signalling the config is ok.
Navigate to http://localhost/portal and Sakai should be alive!
To make sure all traffic is served via SSL:
Comments and feedback very welcome.