httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] httpd.conf file configuration for <VirtualHost></VirtualHost>
Date Mon, 21 Jul 2008 22:54:38 GMT
Tomcat User6 wrote:
> hi,
> 
> I am having a problem in configuring the <VirtualHost></VirtualHost> tab
in
> httpd.cong file fro apache web server. I have my application deployed on
> Tomcat 6.0 server with below configuration in server.xml.
> 
> <Host name="forum.dev.abc.com"
>   appBase="/usr/local/apache-tomcat-6.0.16/webapps"
>   unpackWARs="true" autoDeploy="true"
>   xmlValidation="false" xmlNamespaceAware="false">
>   <Valve className="org.apache.catalina.valves.AccessLogValve"
>     directory="logs"
>     prefix="local_roller_access_log."
>     suffix=".txt"
>     pattern="common"
>     resolveHosts="false"/></Host>
> 
> The application is deployed at Tomcat's webapps directory
> "/usr/local/apache-tomcat-6.0.16/webapps" under roller directory. 
> 
> My website uses the apache server so first when I typed
> "http://forum.dev.abc.com/roller/" on web browser the action will go to
> Tomcat server to run application. Each request is made on apache server and
> and requested to tomcat server.
> 
> My apache server's httpd.conf file's configuration is as below:
> 
> # NameVirtualHost forum.dev.abc.com:80
> <VirtualHost forum.dev.abc.com:80>
>         ServerName  forum.dev.abc.com
>         ServerAlias  forum.dev.abc.com
>         DocumentRoot /usr/local/apache-tomcat-6.0.16/webapps
>         DirectoryIndex index.jsp 
> 				
>         ErrorLog logs/forum_error_log
>         <Directory / >
>             Options FollowSymLinks
>             AllowOverride all
>             Order allow,deny
>             Allow from all
>         </Directory>
> 
> 	JkMount /*.jsp wrkr
>         JkMount /*.do  wrkr
>         JkMount /*.action wrkr
> </VirtualHost>
> 
> 
> my problem is when I typed at browser as
> "http://forum.dev.abc.com:8080/roller/" then as it is running on Tomcat it
> works fine. each and every actions and links are working fine. but when I
> typed in "http://forum.dev.abc.com:80/roller/"  or
> "http://forum.dev.abc.com/roller/" at browser then as it is running on
> apache server and redirecting all requests to tomcat
No, it is probably not.
Because the DocumentRoot of Apache is (also) 
/usr/local/apache-tomcat-6.0.16/webapps
it is probably Apache which is going to serve your first index page, not 
Tomcat.

  the links are not
> working. The first page loaded same for both the requests
No, they are probably not being loaded in the same way.
When you enter
http://forum.dev.abc.com:8080/roller/
it is Tomcat that serves the index page, according to the logic of the 
webapp.
But when you enter
http://forum.dev.abc.com/roller/
then it is Apache serving the index page, and it completely bypasses 
Tomcat (and the jsp processing, and the Tomcat security).

  but links on first
> page is not working on apache server i.e. working on tomcat server.
> 
> I am pretty much sure that its a problem with configuration with  httpd.conf
> file for <VirtualHost></VirtualHost>. If you help me out with this, this
> will be  a great help.
> 
I believe there are a couple of mistakes in your configuration above.
First, because your DocumentRoot is set to the the top of the webapps 
directory of Tomcat, it means that all your webapp configuration files 
are visible to the world.
Try for example :
http://forum.dev.abc.com/roller/WEB-INF
or
http://forum.dev.abc.com/roller/WEB-INF/web.xml

I would redo this as follows :

1) create a new, empty directory /var/www/forum-dev/docs, and give it 
r+x permissions for the user:group which is used to run Apache.
(www-data ?).

2) httpd.conf :

    ...
NameVirtualHost *:80

  <VirtualHost *:80>
       ServerName  forum.dev.abc.com

#  (Note : the ServerAlias is totally redundant, unless it is
#     different from the ServerName

       DocumentRoot /var/www/forum-dev/docs
       ErrorLog logs/forum_error_log

       DirectoryIndex index.jsp index.html

   # Protect your system's root directory !!
   <Directory / >
     Options None
     AllowOverride None
     Order allow,deny
     Deny from all
   </Directory>

   # This is now the Apache DocumentRoot
   <Directory /var/www/forum-dev/docs >
     Options FollowSymLinks
     #AllowOverride All     # are you sure ?
     Order allow,deny
     Allow from all
   </Directory>

   <Location /roller>
     SetHandler jakarta-servlet
     #SetEnvIf REQUEST_URI "\.(css|gif|jpg|js|html?)$" no-jk
   </Location>

</VirtualHost>

Some differences :
1) <Directory /> means your system disk's root directory. You don't want 
to give access to everyone to that one (and everything below it), do you ?
2) <Directory /var/www/forum-dev/docs>
That is now the top directory that users can (possibly) see.
You can put everything you want them to see under there (in 
sub-directories if you want), and it will be served directly by Apache.
(Except if it is in a <Location> like /roller).
3) <Location /roller> section :
For all URLs that start with "/roller", Apache will pass this to mod_jk, 
and mod_jk to Tomcat.

An alternative way to write this would be :
   <Location /roller>
     JkMount *.jsp wrkr
     JkMount *.do  wrkr
     JkMount *.action wrkr
     #JkUnMount *.css
     #JkUnMount *.gif
     #JkUnMount *.jpg
     ....
   </Location>

or (no <Location /roller>)

   JkMount /roller wrkr
   JkMount /roller/* wrkr

4) Tomcat will always refuse to serve anything that is in a "WEB-INF" 
directory (but Apache does not care).  Because the only place where 
there is a WEB-INF directory is under /roller, and everything under 
/roller goes through Tomcat, now /roller/WEB-INF/* is safe.

5) Because there is no directory /var/www/forum-dev/docs/roller,
any URL starting with /roller must be either served by Tomcat, or else 
it will give a "Not Found" error.
That is more secure than your previous configuration.

Of course, the above is not tested.  So save your current http 
configuration first. ;-)

André

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message