Child pages
  • Fronting Tomcat with Apache via mod_proxy_ajp
Skip to end of metadata
Go to start of metadata

Fronting Tomcat with Apache via mod_proxy_ajp

These instructions should work for anyone that wants a simple setup of a single Tomcat instance fronted by a single Apache HTTP server. These instructions are for OS X, so your mileage may vary.

Configure Sakai

In, adjust your serverUrl:


Save and close.

Configure Tomcat

If you are just running Tomcat standalone you would define a connector on port 8080 like this:

<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
    <Connector port="8080" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"/>

However we want to run Tomcat on an AJP connector, so:

  1. Open for editing:

  2. Comment out the normal connector above, and uncomment the AJP connector:

    <!-- Define an AJP 1.3 Connector on port 8009 -->
        <Connector port="8009" 
                   enableLookups="false" redirectPort="8443" protocol="AJP/1.3" URIEncoding="UTF-8" />
  3. Adjust the port if you wish and add in the URIEncoding="UTF-8" attribute.
  4. Start Tomcat normally.

Configure Apache

We now need to tell Apache to talk to Tomcat over AJP. You should note that since OS X Leopard (10.5), the Apache config and modules have been relocated. This guide is for Leopard and for Apache 2.2 (default on Leopard). Also note that in Leopard, the necessary modules are already installed into /usr/libexec/apache2. Thanks Apple!

  1. Navigate to your Apache directory:

    cd /etc/apache2
  2. Open httpd.confand scroll to the large LoadModule section. Ensure you have the following uncommented:

    LoadModule proxy_module libexec/apache2/
    LoadModule proxy_ajp_module libexec/apache2/
  3. In my httpd.conf, right at the bottom there is a line:

    Include /private/etc/apache2/other/*.conf

    This will load in all other config files in the other/ directory. In the next step we will create an ajp.conf file and this line will load it. If you don't have this line, create it, or a similar line to load in the ajp.conf file we create in the next step. Save and close httpd.conf

  4. Create an ajp.conffile. You could put the configuration for AJP in the main httpd.conf file but I prefer to keep things separated.

    sudo touch other/ajp.conf
  5. Open ajp.confand paste in the following:

    ProxyRequests Off
    <Proxy *>
            Order deny,allow
            Deny from all
            Allow from localhost
    ProxyPass 		/ ajp://localhost:8009/
    ProxyPassReverse 	/ ajp://localhost:8009/

    This will forward all requests to Tomcat. You can optionally pass a list of contexts that you want forwarded, like so:

    ProxyRequests Off
    ProxyPass 		/somecontext ajp://localhost:8009/somecontext
    ProxyPassReverse 	/somecontext ajp://localhost:8009/somecontext
  6. Adjust the port to be whatever the port is in your Tomcat AJP connector. Save and close.
  7. Once again, ensure you have the line in httpd.conf that is going to load this ajp.conf file.
  8. Restart Apache:

    sudo httpd -k restart

    You should get no output, signalling the config is ok.


Navigate to http://localhost/portal and Sakai should be alive!

To make sure all traffic is served via SSL:

LoadModule rewrite_module libexec/apache2/

RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

Comments and feedback very welcome.