Notes on how to set up Tomcat with an Apache proxy in front of it – useful for adding SSL or serving other content via Apache on the same port – written up because a *lot* of the online howtos out there are either out of date or generally unhelpful. This is a quick-and-dirty setup and works well enough for a small server with not much traffic; it’s probably not the best for a larger-scale site.
Ingredients:
- Tomcat 7.0
- OpenJDK Runtime Environment 1.7 (aka, Java 7)
- Apache 2.2
- Debian Wheezy (Linux)
Assumptions:
Already functioning LAMP server .. there are stacks of good howtos out there for getting Apache up and running, so I won’t rehash it here.
Recipe:
JRE/Tomcat Install and Config
sudo aptitude install openjdk-7-jre sudo aptitude install tomcat7 tomcat-common tomcat-admin
Once Tomcat is installed and any dependencies are satisfied, modify /etc/tomcat7/tomcat-users.xml to allow access to the Manager webapp – add the following to the bottom of the file before </tomcat-users> (obviously substituting admin and password with something a little more creative..):
<user username="admin" password="password" roles="manager-gui,admin-gui"/>
Save and then restart Tomcat:
sudo service tomcat7 restart
Add a rule in to the firewall to allow access to port 8080, then try to load http://server.name.here:8080 – the default Tomcat page (It works !) should appear – navigate to the Manager webapp link and log in with the user/pass configured earlier in tomcat-users.xml.
At this point, it would be helpful to deploy and test a Java webapp (in a .war file) using the Manager webapp if you have one handy..
If everything works up to this point, enable the AJP connector for Tomcat – in /etc/tomcat7/server.xml, find and remove the following highlighted lines:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-->Save and then restart Tomcat:
sudo service tomcat7 restart
Apache Proxy Config
Enable the proxy and proxy_ajp modules:
sudo a2enmod proxy proxy_ajp
Configure the Apache proxy for the deployed webapp in an already-functioning VirtualHost – this can be done a number of ways, but easiest inside a Location declaration (the ProxyPassReverse line should reference http:// or https:// as appropriate):
<Location /WebappName> ProxyPass ajp://server.name.here:8009/WebappName ProxyPassReverse https://server.name.here/WebappName </Location>
Restart Apache:
sudo service apache2 restart
The deployed webapp should now be available at http(s)://server.name.here/WebappName.