tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From groupalias v <group....@gmail.com>
Subject Re: Debugging tomcat<->apache(mod_jk) bridge
Date Wed, 02 Dec 2009 16:06:15 GMT
In response to Chris' question -   I have only one tomcat instance
running and it picks up the webapps in /srv/tomcat6/webapps/
and the URL www.example.com:8080/test/index.jsp works fine.  I tried
with the mod_jk.c and jk_module with the same result.

In response to André's question this is the first time I am hearing
about the SetHandler construct.  Is there documentation somewhere I
can read?
The issue about security is something I am concerned too and thought
its too error prone.

What is the workers.tomcat_home directive in workers.properties used for?

If the communication is over the 8009 port why does apache care about
one of tomcat's directories?

I will re-create the with mo_jk.c and post them.

Thanks,
- Vas

On Wed, Dec 2, 2009 at 2:30 AM, André Warnier <aw@ice-sa.com> wrote:
> Christopher Schultz wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> All,
>>
>> On 12/1/2009 10:26 AM, André Warnier wrote:
>>>
>>> groupalias v wrote:
>>>>
>>>> httpd.conf
>>>> -------------
>>>>
>>>> LoadModule jk_module          modules/mod_jk.so
>>>>
>>>> <IfModule jk_module>
>>>
>>> What the h.. is this line for : ?
>>
>> It's for conditional inclusion of Apache httpd directives when modules
>> may or may not be loaded.
>
> No. I was talking about the "Alias" which follows. Hence the trailing ":" in
> my question. Ok, following the colon by a question mark wasn't the clearest
> thing either...
>
>
>  The test I have in my httpd.conf is:
>>
>> <IfModule mod_jk.c>
>>
>> I can't find any references online to the use of jk_module in
>> <IfModule>, so the OP might want to change it.
>>
>>>> Alias /test/ "/srv/tomcat6/webapps/A"
>>>
>>> It kind of contradicts these next lines :
>>>
>>>> JKMount        /test/ A
>>>> JkMount     /test/* A
>>>
>>> Because of the Alias line, I don't think that mod_jk even gets to see
>>> your /test/ URLs.
>>
>> No, mod_jk gets higher priority than mod_alias. I'm not entirely sure
>> how the pecking order is decided, but I do know that mod_jk gets first
>> shot.
>
> Yes, +1 about the "not sure". That is why I prefer, rather than JkMount, the
> form with
> <Location /test>
>  SetHandler jakarta-servlet
>  ...
> </Location>
>
> At least in that case the precedences are clear, and I find that this syntax
> fits better with "the Apache way of things", and is much more flexible than
> JkMount/JkUnMount.
>
> My general gripe about that Alias line, is that it generally gives access
> for Apache, to the entire tomcat webapps directory, thus from the start
> bypassing anything configured at Tomcat level in terms of security.  Then
> later, one has to "patch" this hole by a series of conditional Deny rules,
> hoping not to forget one.
> And in 99% of the cases, one does forget something, such as also forbidding
> META-INF e.g.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message