Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 82603 invoked from network); 2 Dec 2009 16:06:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 Dec 2009 16:06:48 -0000 Received: (qmail 66613 invoked by uid 500); 2 Dec 2009 16:06:45 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 66542 invoked by uid 500); 2 Dec 2009 16:06:44 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 66531 invoked by uid 99); 2 Dec 2009 16:06:44 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Dec 2009 16:06:44 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of group.vas@gmail.com designates 209.85.223.199 as permitted sender) Received: from [209.85.223.199] (HELO mail-iw0-f199.google.com) (209.85.223.199) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Dec 2009 16:06:37 +0000 Received: by iwn37 with SMTP id 37so249548iwn.30 for ; Wed, 02 Dec 2009 08:06:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=0N1dAbLM3lkpscbEjcPUDuTuT9piNh43KjU7rsLFxKI=; b=q/JWHg4SdOr97kH5+0c6UBsbNTjRSk9NtXCyu0c2Z5+dECNWcvfjvgeL/ojJ9m8tXb 00tS08hYnh1k89TLaTltTWm8hiQJYrjNL6HMS5ORNkJmgV0VwQCH5FSIknU7616ABU9Q +cJ+Et5T7C8aNCeezq5KO/J8qZ7HlwKSqg0wE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=AxBCiZhezxXJO7E4qh/I2aCgqdfqFsg27ns6HwhbcMEnAli4ZSRJ/FGR4NKBBeXoau ZCVCwUPvHSzVuIXsfIzhK8CvN2yFgUZd8LQsntfocxZpwPUGPiGJ0vBnNe3lOj+XIqnZ k+qAK69pR/6QhxIOr12UkMwC8V+779B5J5IHI= MIME-Version: 1.0 Received: by 10.231.123.41 with SMTP id n41mr471618ibr.46.1259769976036; Wed, 02 Dec 2009 08:06:16 -0800 (PST) In-Reply-To: <4B1641DB.6080506@ice-sa.com> References: <4B15358C.3050305@ice-sa.com> <4B15CD1B.2020609@christopherschultz.net> <4B1641DB.6080506@ice-sa.com> Date: Wed, 2 Dec 2009 08:06:15 -0800 Message-ID: Subject: Re: Debugging tomcat<->apache(mod_jk) bridge From: groupalias v To: Tomcat Users List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org In response to Chris' question - I have only one tomcat instance running and it picks up the webapps in /srv/tomcat6/webapps/ and the URL www.example.com:8080/test/index.jsp works fine. I tried with the mod_jk.c and jk_module with the same result. In response to Andr=E9's question this is the first time I am hearing about the SetHandler construct. Is there documentation somewhere I can read? The issue about security is something I am concerned too and thought its too error prone. What is the workers.tomcat_home directive in workers.properties used for? If the communication is over the 8009 port why does apache care about one of tomcat's directories? I will re-create the with mo_jk.c and post them. Thanks, - Vas On Wed, Dec 2, 2009 at 2:30 AM, Andr=E9 Warnier wrote: > Christopher Schultz wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> All, >> >> On 12/1/2009 10:26 AM, Andr=E9 Warnier wrote: >>> >>> groupalias v wrote: >>>> >>>> httpd.conf >>>> ------------- >>>> >>>> LoadModule jk_module =A0 =A0 =A0 =A0 =A0modules/mod_jk.so >>>> >>>> >>> >>> What the h.. is this line for : ? >> >> It's for conditional inclusion of Apache httpd directives when modules >> may or may not be loaded. > > No. I was talking about the "Alias" which follows. Hence the trailing ":"= in > my question. Ok, following the colon by a question mark wasn't the cleare= st > thing either... > > > =A0The test I have in my httpd.conf is: >> >> >> >> I can't find any references online to the use of jk_module in >> , so the OP might want to change it. >> >>>> Alias /test/ "/srv/tomcat6/webapps/A" >>> >>> It kind of contradicts these next lines : >>> >>>> JKMount =A0 =A0 =A0 =A0/test/ A >>>> JkMount =A0 =A0 /test/* A >>> >>> Because of the Alias line, I don't think that mod_jk even gets to see >>> your /test/ URLs. >> >> No, mod_jk gets higher priority than mod_alias. I'm not entirely sure >> how the pecking order is decided, but I do know that mod_jk gets first >> shot. > > Yes, +1 about the "not sure". That is why I prefer, rather than JkMount, = the > form with > > =A0SetHandler jakarta-servlet > =A0... > > > At least in that case the precedences are clear, and I find that this syn= tax > fits better with "the Apache way of things", and is much more flexible th= an > JkMount/JkUnMount. > > My general gripe about that Alias line, is that it generally gives access > for Apache, to the entire tomcat webapps directory, thus from the start > bypassing anything configured at Tomcat level in terms of security. =A0Th= en > later, one has to "patch" this hole by a series of conditional Deny rules= , > hoping not to forget one. > And in 99% of the cases, one does forget something, such as also forbiddi= ng > META-INF e.g. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org