Tomcat proxified by Apache

Notes on how to set up Tomcat with an Apache proxy in front of it – useful for adding SSL or serving other content via Apache on the same port – written up because a *lot* of the online howtos out there are either out of date or generally unhelpful. This is a quick-and-dirty setup and works well enough for a small server with not much traffic; it’s probably not the best for a larger-scale site.


  • Tomcat 7.0
  • OpenJDK Runtime Environment 1.7 (aka, Java 7)
  • Apache 2.2
  • Debian Wheezy (Linux)


Already functioning LAMP server .. there are stacks of good howtos out there for getting Apache up and running, so I won’t rehash it here.


JRE/Tomcat Install and Config

sudo aptitude install openjdk-7-jre
sudo aptitude install tomcat7 tomcat-common tomcat-admin

Once Tomcat is installed and any dependencies are satisfied, modify /etc/tomcat7/tomcat-users.xml to allow access to the Manager webapp – add the following to the bottom of the file before </tomcat-users> (obviously substituting admin and password with something a little more creative..):

<user username="admin" password="password" roles="manager-gui,admin-gui"/>

Save and then restart Tomcat:

sudo service tomcat7 restart

Add a rule in to the firewall to allow access to port 8080, then try to load – the default Tomcat page (It works !) should appear – navigate to the Manager webapp link and log in with the user/pass configured earlier in tomcat-users.xml.

At this point, it would be helpful to deploy and test a Java webapp (in a .war file) using the Manager webapp if you have one handy..

If everything works up to this point, enable the AJP connector for Tomcat – in /etc/tomcat7/server.xml, find and remove the following highlighted lines:

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

Save and then restart Tomcat:

sudo service tomcat7 restart

Apache Proxy Config

Enable the proxy and proxy_ajp modules:

sudo a2enmod proxy proxy_ajp

Configure the Apache proxy for the deployed webapp in an already-functioning VirtualHost – this can be done a number of ways, but easiest inside a Location declaration (the ProxyPassReverse line should reference http:// or https:// as appropriate):

  <Location /WebappName>
    ProxyPass ajp://

Restart Apache:

sudo service apache2 restart

The deployed webapp should now be available at http(s)://