Ok thanks for the reply and the points are taken on board but as I said before I havent actually
done this before and I am initially trying to get it to work as the existing system does (using
the config files from the current installation).
I know in an ideal world your suggestion would be best but I was just asked to install current
versions of apache, tomcat and mod_jk and get it all to work and I was given some existing
config files, as said I have never done this before so initially I would actually like to
get mod_jk working so that I can actually see the java code getting executed and the dynamic
content returned.
I dont think the overhead of tomcat serving static pages is the reason apache is installed
on these machines, I think it is because of the load balancing as there are a number of machines
with Tomcat installed on them that will be in the load although initially I am only trying
to get apache to direct to a tomcat on local host.
I was looking for some help understanding why mod_jk doesnt work for me, surely this cant
be related to the security issues you mentioned?
> Date: Mon, 23 Apr 2012 17:28:00 +0200
> From: aw@ice-sa.com
> To: users@tomcat.apache.org
> Subject: Re: Mod_jk returning source code of jsp files
>
> ironclaw hand wrote:
> > Thanks Christopher I will address the security issues if I am actually able to get
mod_jk to execute a jsp!
>
> No. You should do things right first, in a secure way. And then, when it works, you
can
> start "optimising" carefully and step by step, and try not to introduce security holes
> while doing so.
> I put "optimise" between quotes here, because what you are apparently trying is not much
> of an optimisation, while it IS creating security issues (and confusing things). It
would
> be better to let Tomcat serve all your content, including the static pages that are inside
> your webapp directory anyway. This way, you will not compromise whatever access security
> is implemented at the Tomcat side, and the overhead of having Tomcat serve those static
> pages is measured in microseconds at worst.
>
> >
> > I have now removed everything from mod_jk.conf except for the global directives
and I now have my httpd.conf looking like:
> >
> > #
> > # JK for connections to Tomcat
> > #
> > LoadModule jk_module modules/mod_jk.so
> > Include /etc/httpd/conf/mod_jk.conf
> >
> > <IfModule jk_module>
> > JkWorkersFile /etc/httpd/conf/workers.properties
> > JkLogFile /var/log/httpd/mod_jk.log
> > JkLogLevel info
> >
>
> remove from here
>
> > Alias /sft "/var/webapps/sft"
> >
> > <Directory "/var/webapps/sft">
> > Options Indexes FollowSymLinks
> > </Directory>
> >
> > <Location "/sft/WEB-INF/">
> > AllowOverride None
> > deny from all
> > </Location>
> >
> until here
>
> > </IfModule>
>
> >
> > ##
> > ## SSL Virtual Host Context
> > <VirtualHost sfta.a.b.c:443>
>
> change this
>
> > JkMount /sft/* loadbalancer
> > JkUnMount /*.html loadbalancer
>
> to this
>
> JkMount /sft loadbalancer
> JkMount /sft/* loadbalancer
>
>
> > </VirtualHost>
> >
> > I still get the jsp file returned as text
>
> which means that Apache is serving them, not Tomcat.
>
> so I obviously still have problems and initially I would just like to get apache to invoke
> mod_jk and return me the dynamic content.
>
> And let it first return the static content as well, since it is anyway located in your
> webapps directory.
>
> One could also question why you are using the term (or name) "loadbalancer" above, since
> all your content seems to be on the same host anyway. Do you really have one httpd and
> several Tomcat's ?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
|