tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ironclaw hand <ironclawh...@hotmail.com>
Subject RE: Mod_jk returning source code of jsp files
Date Tue, 24 Apr 2012 07:40:08 GMT

Ok thanks for the reply and the points are taken on board but as I said before I havent actually
done this before and I am initially trying to get it to work as the existing system does (using
the config files from the current installation).

I know in an ideal world your suggestion would be best but I was just asked to install current
versions of apache, tomcat and mod_jk and get it all to work and I was given some existing
config files, as said I have never done this before so initially I would actually like to
get mod_jk working so that I can actually see the java code getting executed and the dynamic
content returned.

I dont think the overhead of tomcat serving static pages is the reason apache is installed
on these machines, I think it is because of the load balancing as there are a number of machines
with Tomcat installed on them that will be in the load although initially I am only trying
to get apache to direct to a tomcat on local host.

I was looking for some help understanding why mod_jk  doesnt work for me, surely this cant
be related to the security issues you mentioned?

> Date: Mon, 23 Apr 2012 17:28:00 +0200
> From: aw@ice-sa.com
> To: users@tomcat.apache.org
> Subject: Re: Mod_jk returning source code of jsp files
> 
> ironclaw hand wrote:
> > Thanks Christopher I will address the security issues if I am actually able to get
mod_jk to execute a jsp!
> 
> No.  You should do things right first, in a secure way.  And then, when it works, you
can 
> start "optimising" carefully and step by step, and try not to introduce security holes

> while doing so.
> I put "optimise" between quotes here, because what you are apparently trying is not much

> of an optimisation, while it IS creating security issues (and confusing things).  It
would 
> be better to let Tomcat serve all your content, including the static pages that are inside

> your webapp directory anyway.  This way, you will not compromise whatever access security

> is implemented at the Tomcat side, and the overhead of having Tomcat serve those static

> pages is measured in microseconds at worst.
> 
> > 
> > I have now removed everything from mod_jk.conf except for the global directives
and I now have my httpd.conf looking like:
> > 
> > #
> > # JK for connections to Tomcat
> > #
> > LoadModule jk_module modules/mod_jk.so
> > Include /etc/httpd/conf/mod_jk.conf
> > 
> > <IfModule jk_module>
> > JkWorkersFile /etc/httpd/conf/workers.properties
> > JkLogFile     /var/log/httpd/mod_jk.log
> > JkLogLevel info
> > 
> 
> remove from here
> 
> > Alias /sft "/var/webapps/sft"
> > 
> > <Directory "/var/webapps/sft">
> >  Options Indexes FollowSymLinks
> > </Directory>
> > 
> > <Location "/sft/WEB-INF/">
> >    AllowOverride None
> >    deny from all
> > </Location>
> > 
> until here
> 
>  > </IfModule>
> 
> > 
> > ##
> > ## SSL Virtual Host Context
> > <VirtualHost sfta.a.b.c:443>    
> 
> change this
> 
> > JkMount /sft/* loadbalancer
> > JkUnMount /*.html loadbalancer
> 
> to this
> 
> JkMount /sft loadbalancer
> JkMount /sft/* loadbalancer
> 
> 
> > </VirtualHost>
> > 
> > I still get the jsp file returned as text 
> 
> which means that Apache is serving them, not Tomcat.
> 
> so I obviously still have problems and initially I would just like to get apache to invoke

> mod_jk and return me the dynamic content.
> 
> And let it first return the static content as well, since it is anyway located in your

> webapps directory.
> 
> One could also question why you are using the term (or name) "loadbalancer" above, since

> all your content seems to be on the same host anyway.  Do you really have one httpd and

> several Tomcat's ?
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message