Apache/Tomcat/JK2 How-To

This document provides step-by-step instructions for the installation of Tomcat 5 with Apache 2 and the JK2 Connector on RedHat 9. These instructions also apply to RedHat Enterprise 3.

We'll also be installing OpenSSL and Ant.

All packages (except Ant) will be built from source code.

This document has been provided by Reliable Penguin in the hope that it might prove to be useful. We make no warranties or guarantees about the accuracy of the information contained herein.

These instruction originally assumed that you were installing Apache and Tomcat on the same server. See the end of the document for notes about installing on different servers.

You may find that more recent versions of some packages are avaliable. Use the most recent versions whenever possible.

Begin the process by logging in as "root".

At Reliable Penguin, we always do source builds in /root/archive. If this directory does not exist on your system then you can create it with:

mkdir /root/archive

You may choose to do the build work from else where but you'll need to adjust the file paths that we provide as needed.

Part I - Install J2SDK

Part II - Install OpenSSL

We are installing OpenSSL from source for two reasons: (1) we want the latest version of the code with the most bug and security fixes; and (2) the Apache build will fail unless we have the most recent headers.

Download source distribution.
Use wget or a utility of your choice to fetch the latest version of OpenSSL.
```
cd /root/archive
wget http://www.openssl.org/source/openssl-0.9.7d.tar.gz
```
Verify distribution.
The OpenSSL project provides MD5 checksums for the purpose of verifing download integrity but the supplied file is not formated properly to work with the md5sum utility provided by Linux. This means that you'll need to do the comparison by hand.
```
wget ftp://ftp.openssl.org/source/openssl-0.9.7d.tar.gz.md5
cat openssl-0.9.7d.tar.gz.md5
```
The checksum will be displayed:
```
c54fb36218adaaaba01ef733cd88c8ec
```
Now compute the checksum of the downloaded file:
```
md5sum openssl-0.9.7c.tar.gz
```
Which yeilds:
```
c54fb36218adaaaba01ef733cd88c8ec  openssl-0.9.7d.tar.gz
```
Verify that the downloaded and the generated checksums are the same.
Unpack the distribution
Use the tar utility to unpack the distribution and change into the resulting directory:
```
tar -xvzf openssl-0.9.7d.tar.gz
cd openssl-0.9.7d
```
Configure the distribution
OpenSSL provides it's own unique configuration script instead of the more common "configure" utility. We'll run the supplied "config" utility with a "--prefix" option to set the install location to match the defaults for Red Hat.
```
./config --prefix=/usr
```
Build the software
The build process is standard ... just issue the "make" command.
```
make
```
Test
The OpenSSL project includes a handy test facility to verify that the resulting code performs to spec. It's a good idea to run the test before installing the code.
```
make test
```
Install the software.
Finally, we'll install the software using the "make install".
```
make install
```
Congratulations - OpenSSL is now installed!
You can verify the newly installed version like this:
```
/usr/bin/openssl version
```
Which should yield:
```
OpenSSL 0.9.7c 30 Sep 2003
```

Part III - Install Apache

Download Apache 2
Download the source code for the latest version of the Apache 2 server.
```
cd /root/archive
wget http://mirrors.midco.net/pub/apache.org/httpd/httpd-2.0.48.tar.gz
```
We're using a mirror in this case. Go to http://httpd.apache.org/download.cgi and choose a mirror close to you.
Verify the download
Download the MD5 checksums that correspond to your distribution from the main Apache site. Look in this directory: http://www.apache.org/dist/httpd/
```
wget http://www.apache.org/dist/httpd/httpd-2.0.48.tar.gz.md5
md5sum --check httpd-2.0.48.tar.gz.md5
```
The output should look like:
```
httpd-2.0.48.tar.gz: OK
```
Unpack the distribution.
```
tar -xvzf httpd-2.0.48.tar.gz
```
This will create an httpd-2.0.48 directory.

Configure source code.

We're going to install apache in the same way that the Red Hat RPM would do the install. Change the configure command as needed for your requirements.

cd httpd-2.0.48
./configure -C \
   --prefix=/etc --exec-prefix=/etc \
   --bindir=/usr/bin --sbindir=/usr/sbin \
   --mandir=/usr/share/man --libdir=/usr/lib \
   --sysconfdir=/etc/httpd/conf --includedir=/usr/include/httpd \
   --libexecdir=/usr/lib/httpd/modules --datadir=/var/www \
   --enable-suexec --with-suexec --with-suexec-caller=apache --with-suexec-docroot=/var/www \
   --with-suexec-logfile=/var/log/httpd/suexec.log --with-suexec-bin=/usr/sbin/suexec \
   --with-suexec-uidmin=500 --with-suexec-gidmin=500 \
   --with-devrandom \
   --enable-cache=shared --enable-disk-cache=shared --enable-mem-cache=shared \
   --enable-ssl=shared --with-ssl \
   --enable-deflate --enable-access=shared --enable-auth=shared --enable-include=shared \
   --enable-deflate=shared --enable-log-config=shared --enable-env=shared --enable-setenvif=shared \ 
   --enable-mime=shared --enable-auth-anon=shared --enable-status=shared --enable-autoindex=shared \ 
   --enable-asis=shared --enable-suexec=shared --enable-auth-dbm=shared --enable-cgi=shared \
   --enable-negotiation=shared --enable-dir=shared --enable-auth-digest=shared --enable-imap=shared \ 
   --enable-actions=shared --enable-userdir=shared --enable-mime-magic=shared --enable-alias=shared \ 
   --enable-cern-meta=shared --enable-expires=shared --enable-headers=shared --enable-unique-id=shared \
   --enable-usertrack=shared --enable-dav=shared --enable-info=shared --enable-dav-fs=shared \
   --enable-vhost-alias=shared --enable-speling=shared --enable-rewrite=shared \
   --enable-proxy=shared --enable-proxy-http=shared --enable-proxy-ftp=shared --enable-proxy-connect=shared

Use the --help option to configure to view a full list of configure options.

Build the source code.
```
make
```
Install the compiled code.
```
make install
```
Setup service control script.
The apache distribution includes a suitable init script so we just need to copy it into place.
```
cp build/rpm/httpd.init /etc/init.d/httpd
```
Setup startup symlinks.
We'll use the chkconfig utility to create the required start/stop symlinks. This is easier then doing it by hand. We're going to start the server in runlevels 3, 4, and 5.
```
chkconfig --add httpd
chkconfig --levels 345 httpd on
```
To test the results do:
```
chkconfig --list httpd
```
And look for output like this:
```
httpd           0:off   1:off   2:off   3:on    4:on    5:on    6:off
```
Setup log rotation.
Again the apache distribution has the need config file so we just copy it into place.
```
cp build/rpm/httpd.logrotate /etc/logrotate.d/httpd
```
Modify httpd.conf as needed.
In a default installation no changes are required at this stage.
Remove unwanted config files.
RedHat includes default configurations for several modules for which support is beyond the scope of this document. We'll need to move these config files out of the way so that Apache can start.
```
mv /etc/httpd/conf.d/python.conf /etc/httpd/
mv /etc/httpd/conf.d/php.conf /etc/httpd/
mv /etc/httpd/conf.d/perl.conf /etc/httpd/
```
On RedHat Enterprise Linux you'll also need to do:
```
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/
```
Manually start the server.
```
service httpd start
```
If the server fails to start the check /var/log/httpd/error_log to determine the cause.

For an error like:
```
[Sat May 29 08:08:14 2004] [alert] (EAI 2)Name or service not known: mod_unique_id: unable to find IPv4 address of "myhostname"
```
You'll need to add an entry to your /etc/hosts file that maps the server's hostname to it's IP address. This problem was observed on a RedHat Enterprise install.
Verify that server is running.
Open a web browser and enter the address of the server. The default welcome page should be displayed.
Congratulations - Apache is now installed!

Part IV - Install Ant

Ant is a java build utility. It is the only package in this project that we'll install from a binary distribution instead of building the source. There reason for the use of a binary is that there are too many prerequisites for the build and it will not be used in production operations. (http://ant.apache.org)

Download binary distribution.
Download the lastest stable binary distribution from the mirror site of your choice. You can use wget or your utility of preference.
```
cd /root/archive
wget http://apache.mirrors.versehost.com/ant/binaries/apache-ant-1.6.1-bin.tar.gz
```
Verify the distribution.
The Ant project provides MD5 checksums for the purpose of verifing download integrity but the supplied file is not formated properly to work with the md5sum utility provided by Linux. This means that you'll need to do the comparison by hand.
```
wget http://www.apache.org/dist/ant/binaries/apache-ant-1.6.1-bin.tar.gz.md5
cat apache-ant-1.6.1-bin.tar.gz.md5
```
The checksum will be displayed:
```
c5764ae0e1a782f50701a920d2366dad
```
Now compute the checksum of the downloaded file:
```
md5sum apache-ant-1.6.1-bin.tar.gz
```
Which yeilds:
```
c5764ae0e1a782f50701a920d2366dad  apache-ant-1.6.1-bin.tar.gz
```
Verify that the downloaded and the generated checksums are the same.
Unpack the distribution.
Use the tar utility to unpack the distribution:
```
tar -xvzf apache-ant-1.6.1-bin.tar.gz
```
Install the distribution.
Since we're using a binary distribution we don't have to configure or compile anything ... just copy the entire distribution to it's final install location. In this case we'll but it in /usr/local/.
```
mv apache-ant-1.6.1 /usr/local/
```

Setup environment variables.

Edit /etc/profile and add the following lines at the end:

ANT_HOME=/usr/local/apache-ant-1.6.1
export ANT_HOME

PATH=$PATH:/usr/local/apache-ant-1.6.1/bin
export PATH

Now log out and back in so that the changes can take effect.

Verify the new environment by typing:

echo $ANT_HOME

Which should display:

/usr/local/apache-ant-1.6.1

Now try:

echo $PATH

Which will display:

/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/apache-ant-1.6.1/bin:/root/bin

Verify that ant is now in the above path.

Congratulations - Ant is now installed!

WARNING - You may already have an old version of ant installed on your system. This older version will in most cases not be usable. Also the old version may be found in the path before the newer version. To test try:

> ant -version

Your should get back something like:

Apache Ant version 1.6.1 compiled on February 12 2004

If you get something like:

Apache Ant version 1.5.2-20 compiled on September 25 2003

Then the old version of ant is being found in the path. To solve this problem use a full path to run ant as shown in the remainder of this document.

ANOTHER WARNING - If your system already has an old version of ant installed then you may need to update the /etc/ant.conf configuration file. If there is a file named /etc/ant.conf on your system then edit it and change the contents to read:

# /etc/ant.conf

# Options for classic-ant

# ANT_HOME is the directory in which the jarfiles that are required by
# classic-ant are located.
ANT_HOME=/usr/local/apache-ant-1.6.1

# If JAVA_HOME is not defined on your system, or if it is but you wish
# to run classic-ant using a different JVM then you should set
# JAVA_HOME here.
#JAVA_HOME=

Part V - Install Tomcat

Create user account.
We need to create a user account under which the Tomcat server will run. This step is critical for good security.
```
groupadd tomcat
useradd -g tomcat -c "Tomcat User" -d /usr/local/jakarta-tomcat-5 tomcat
passwd tomcat
```
Choose a very good password.
Download Tomcat
Download the lastest source distribution from the mirror site of your choice. Use wget or other utility as you prefer.
```
cd /root/archive
wget http://apache.mirrors.redwire.net/jakarta/tomcat-5/v5.0.25/src/jakarta-tomcat-5.0.25-src.tar.gz
```
Verify the distribution.
The Tomcat project provides MD5 checksums for the purpose of verifing download integrity but the supplied file is not formated properly to work with the md5sum utility provided by Linux. This means that you'll need to do the comparison by hand.
```
wget http://www.apache.org/dist/jakarta/tomcat-5/v5.0.25/src/jakarta-tomcat-5.0.25-src.tar.gz.md5
cat jakarta-tomcat-5.0.25-src.tar.gz.md5
```
The checksum will be displayed:
```
25d4d89fa234d64224674c4d436192b7
```
Now compute the checksum of the downloaded file:
```
md5sum jakarta-tomcat-5.0.25-src.tar.gz
```
Which yeilds:
```
25d4d89fa234d64224674c4d436192b7  jakarta-tomcat-5.0.25-src.tar.gz
```
Verify that the downloaded and the generated checksums are the same.

Unpack the distribution.

Use the tar utility to unpack the distribution:

tar -xvzf jakarta-tomcat-5.0.25-src.tar.gz
cd jakarta-tomcat-5.0.25-src

Build the distribution.
We'll do the build using the Ant build utility installed in the previous section.
```
/usr/local/apache-ant-1.6.1/bin/ant
```
WARNING: Running this command will checkout the Tomcat 5 sources from CVS, as well as download binaries to the /usr/share/java directory.
Install distribution.
To install we just move the jakarta-tomcat-5/build directory into place ... in this case /usr/local/.
```
mv jakarta-tomcat-5/build /usr/local/tomcat5
```

Setup permissions.

chown --recursive tomcat.root /usr/local/tomcat5/conf
chown --recursive tomcat.root /usr/local/tomcat5/logs
chown --recursive tomcat.root /usr/local/tomcat5/work
chown --recursive tomcat.root /usr/local/tomcat5/webapps
chown --recursive tomcat.root /usr/local/tomcat5/temp

Setup admin logins.

Edit the file /usr/local/tomcat5/conf/tomcat-users.xml. Remove the example entries and change the contents to:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="admin"/>
<role rolename="manager"/>
<user username="admin" password="myadminpass" roles="admin,manager"/>
</tomcat-users>

Replace "myadminpass" with a password of your choice.

Build jsvc.

cd /usr/local/tomcat5/bin/
tar -xvzf jsvc.tar.gz
cd jsvc-src
sh support/buildconf.sh
chmod 755 configure
./configure --with-java=/usr/local/j2sdk1.4.2_04/
make
cp jsvc ..

Setup init script.

cp native/Tomcat.sh /etc/init.d/tomcat
chmod 755 /etc/init.d/tomcat

Edit /etc/init.d/tomcat and set the following:

JAVA_HOME=/usr/local/j2sdk1.4.2_04
CATALINA_HOME=/usr/local/tomcat5
DAEMON_HOME=/usr/local/tomcat5/bin
TOMCAT_USER=tomcat
TMP_DIR=/tmp
CATALINA_OPTS=
CLASSPATH=\
$JAVA_HOME/lib/tools.jar:\
$DAEMON_HOME/commons-daemon.jar:\
$CATALINA_HOME/bin/bootstrap.jar
export LD_PRELOAD=/usr/lib/libgdbm.so.2:/usr/lib/libexpat.so.0.3.0:/lib/libdb-4.0.so
serverRoot=/etc/httpd
export serverRoot

Also change the line:

    org.apache.catalina.startup.BootstrapService

to:

    org.apache.catalina.startup.Bootstrap

Also change:

$DAEMON_HOME/dist/jsvc

to:

$DAEMON_HOME/jsvc

Finally add the following lines to the top of the file after the shell:

# chkconfig: 345 86 15
# description: Tomcat Server

You can download a ready-to-go copy of the init script from http://www.reliablepenguin.com/clients/misc/tomcat/tomcat.service.

Add startup symlinks.
We'll use the chkconfig utility to create the required start/stop symlinks. This is easier then doing it by hand. We're going to start the server in runlevels 3, 4, and 5.
```
chkconfig --add tomcat
chkconfig --levels 345 tomcat on
```
To test the results do:
```
chkconfig --list tomcat
```
And look for output like this:
```
tomcat          0:off   1:off   2:off   3:on    4:on    5:on    6:off
```
Setup log file rotation.
Create a file named /etc/logrotate.d/tomcat with the following contents:
```
/usr/local/tomcat5/logs/* {
    rotate 5
    missingok
    notifempty
    size 5M
    sharedscripts
    prerotate
        service tomcat stop
    endscript
    postrotate
        service tomcat start
    endscript
} 
```
Thanks to T. Adams for the updated logrotate script. The original script hat the potential to drop log entries that occured while the rotation was taking place.
Start Tomcat service.
```
service tomcat start
```
Test
With a web browser go to:
```
http://myserver:8080/
```
You should get a page that looks similar to:

Now point your browser to:
```
http://myserver:8080/admin
```
You should get the login screen for the Tomcat Administration Tool:

Login with the username "admin" and the password choosen in Step 8 above and you should see:

Be aware that the "Commit Changes" button in the Administration Tool will not work properly since Tomcat is running as user "tomcat" instead of user "root". After making configuration changes you will need to restart Tomcat from the command line using the service command.
```
service tomcat stop
service tomcat start
```
Next try going to:
```
http://myserver:8080/manager/html
```
A page similar to the next image should be displayed:

Finally, lets take a look at the status application at:
```
http://myserver:8080/manager/status
```
You'll get a page similar to this:
Congratulations - Tomcat is now installed!

Part VI - Install JK2 Connector

Upgrade PCRE libs.
```
cd /root/archive/
```
We need the pcre-3.9-10.i386.rpm and pcre-devel-3.9-10.i386.rpm packages which can be downloaded from the RedHat Network or from www.rpmfind.net. The exact download link may be different.
```
wget ftp://195.220.108.108/linux/redhat/9/en/os/i386/RedHat/RPMS/pcre-3.9-10.i386.rpm
wget ftp://195.220.108.108/linux/redhat/9/en/os/i386/RedHat/RPMS/pcre-devel-3.9-10.i386.rpm
rpm -U pcre-3.9-10.i386.rpm pcre-devel-3.9-10.i386.rpm
```
Note: On RedHat Enterprise, the PCRE libraries were already installed to this step was not needed.
Upgrade GDBM libs.
We need the gdbm-1.8.0-20.i386.rpm and the gdbm-devel-1.8.0-20.i386.rpm packages which can be downloaded from the RedHat Network or from www.rpmfind.net. The exact download link may be different.
```
wget ftp://195.220.108.108/linux/redhat/9/en/os/i386/RedHat/RPMS/gdbm-1.8.0-20.i386.rpm
wget ftp://195.220.108.108/linux/redhat/9/en/os/i386/RedHat/RPMS/gdbm-devel-1.8.0-20.i386.rpm
rpm -U gdbm-1.8.0-20.i386.rpm gdbm-devel-1.8.0-20.i386.rpm
```
Note: On RedHat Enterprise, the GDBM libraries were already installed so this step was not needed.

Compile the connector.

cd /root/archive/jakarta-tomcat-5.0.25-src/jakarta-tomcat-connectors/jk/native2
export CPPFLAGS="-I/usr/include/httpd"
sh ./buildconf.sh
./configure --with-apxs2=/usr/sbin/apxs \
   --with-apr-lib=/usr/lib \
   --with-tomcat-41=/usr/local/tomcat5 \
   --with-java-home=/usr/local/j2sdk1.4.2_04/ \
   --with-jni --with-pcre

We have to tweak the make file by hand to get a working compile. Without these changes the compile may complete sucessfully but the resulting code will throw errors when used. The exact changes needed are somewhat system dependant so the best I can do here is tell you what worked for me.

Now edit the file at server/apache2/Makefile and change the define for LIBTOOL from:

LIBTOOL=/bin/sh /var/www/build/libtool --silent

LIBTOOL=/usr/bin/libtool

Next we need to adjust the list of libraries that will be linked with jk. Look for the following lines:

ifdef APR_LIBDIR_LA
JK_LDFLAGS=-L${APACHE2_LIBDIR} -lcrypt -L${exec_prefix}/lib -lpcre -lpcreposix
else
JK_LDFLAGS=-lcrypt ${APR_LIBS} -L${exec_prefix}/lib -lpcre -lpcreposix
endif

Change to read:

ifdef APR_LIBDIR_LA
JK_LDFLAGS=-L${APACHE2_LIBDIR} -lcrypt -L${exec_prefix}/lib -lpcre -lpcreposix
else
JK_LDFLAGS=-lcrypt ${APR_LIBS} -L${exec_prefix}/lib -lpcre -lpcreposix -lapr-0 -laprutil-0 -lgdbm -ldb-4.1 -lexpat
endif

The list of libraries to append was found with the following command:

apu-config --link-ld --libs

When the list was wrong, errors like the following were seen in the log files:

INFO: APR not loaded, disabling jni components: java.io.IOException: java.lang.UnsatisfiedLinkError: /usr/lib/httpd/modules/libjkjni.so: 
/usr/lib/libaprutil-0.so.0: undefined symbol: gdbm_errno

or:

INFO: APR not loaded, disabling jni components: java.io.IOException: java.lang.UnsatisfiedLinkError: /usr/lib/httpd/modules/libjkjni.so: 
/usr/lib/httpd/modules/libjkjni.so: undefined symbol: apr_md5_final

Recently on a RedHat Enterprise 3 server JK2 would not compile until the JK_LDFLAGS were changed from:

JK_LDFLAGS=-lcrypt ${APR_LIBS} -L${exec_prefix}/lib -lpcre -lpcreposix -lapr-0 -laprutil-0 -lgdbm -ldb-4.1 -lexpat

to:

JK_LDFLAGS=-lcrypt ${APR_LIBS} -L${exec_prefix}/lib -lapr-0 -laprutil-0 -lgdbm -ldb-4.1 -lexpat

If you are having compile problems then this might help.

Finally run the build:

make
libtool --finish /usr/lib/httpd/modules

The resulting shared object files will be in ../../../build/jk2/apache2/ and can be copied into place:

cp ../build/jk2/apache2/mod_jk2.so /etc/httpd/modules
cp ../build/jk2/apache2/libjkjni.so  /etc/httpd/modules

Stop Apache and Tomcat processes.
```
service tomcat stop
service httpd stop
```

Setup jk2.properties.

touch /usr/local/tomcat5/work/jk2.socket
chown tomcat.root /usr/local/tomcat5/work/jk2.socket
touch /usr/local/tomcat5/logs/jk2.shm
chown tomcat.root /usr/local/tomcat5/logs/jk2.shm
usermod -G apache,tomcat apache

In /usr/local/tomcat5/conf/jk2.properties place the following line:

# jk2.properties
# Configured for channel UNIX

# Set the desired handler list
handler.list=apr,request,channelUnix

# UNIX Domain socket location
channelUnix.file=/usr/local/tomcat5/work/jk2.socket

# Dynamic Library
serverRoot=/etc/httpd
apr.NativeSo=/etc/httpd/modules/libjkjni.so

Setup workers2.properties

Create the file /etc/httpd/conf/workers2.properties with the following lines:

# workers2.properties

# Shared memory handling. Needs to be set.
[shm]
info=Scoreboard. Required for reconfiguration and status with multiprocess serve
rs
file=/usr/local/tomcat5/logs/jk2.shm
size=1048576
debug=0
disabled=0

# UNIX domain socket
[channel.un:/usr/local/tomcat5/work/jk2.socket]
tomcatId=localhost:8009
debug=0

# define the worker
[ajp13:/usr/local/tomcat5/work/jk2.socket]
channel=channel.un:/usr/local/tomcat5/work/jk2.socket

# Announce a "status" worker
[status:status]
info=Status worker. Displays runtime information.

[uri:/jkstatus/*]
group=status:status

# Uri mapping
[uri:/jsp-examples/*]

Apache config

Create a file /etc/httpd/conf.d/jk2.conf with the following:

LoadModule jk2_module modules/mod_jk2.so
JkSet config.file /etc/httpd/conf/workers2.properties

Retart the servers.

service tomcat start
service httpd start

Test
With a web browser try accessing the URL:
```
http://yourserver.com/jkstatus
```
A page similar to the following should be displayed:

Next try this URL:
```
http://yourserver.com/jsp-examples
```
You should get a page similar to following:
Congratulations - JK2 is now installed!

Dual Server Install Notes

For environments with higher loads it is often desirable to setup seperate web and application servers. The web server runs Apache and the app server(s) run Tomcat.

Follow these steps to complete a dual server install:

Install Web Server
On the web server we only need Apache so you'll need to complete the steps in Part II and Part III above.

You might be tempted to try and use a version of Apache that was preinstalled with your linux distribution. Don't do this! When we compile JK2 on the app server we must use the same Apache headers as used on the web server.
Install App Server
On the app server we need to complete the entire install process described above including the Apache install in Part II. Once integration is complete, we can turn off the Apache service on the app server but it is useful for testing and troubleshooting to integrate locally first and then proceed to complete the dual server setup. Also building the jk2 connector requires that we have Apache available.

Integrate With JK

Install JK2 on Web Server

Copy libjkjni.so and mod_jk2.so from the app server to the web server.

app> scp /etc/httpd/modules/libjkjni.so root@www.mywebserver.com:/etc/httpd/modules
app> scp /etc/httpd/modules/mod_jk2.so root@www.mywebserver.com:/etc/httpd/modules

Configure Apache on Web Server

Create a file /etc/httpd/conf.d/jk2.conf with the following:

LoadModule jk2_module modules/mod_jk2.so
JkSet config.file /etc/httpd/conf/workers2.properties

Setup workers2.properties on Web Server

Create the file /etc/httpd/conf/workers2.properties with the following lines:

# workers2.properties

# Shared memory handling. Needs to be set.
[shm]
info=Scoreboard. Required for reconfiguration and status with multiprocess serve
file=/var/logs/httpd/jk2.shm
size=1048576
debug=1
disabled=0

[channel.socket:app:8009]
port=8009
host=x.x.x.x

# define the worker
[ajp13:app:8009]
channel=channel.socket:app:8009
debug=0

# Announce a "status" worker
[status:status]
info=Status worker. Displays runtime information.

[uri:/jkstatus/*]
group=status:status

# Uri mapping
[uri:/jsp-examples/*]

Replace "x.x.x.x" with the IP address of the App Server.

Configure workers2.properties on App Server.

# workers2.properties

# Shared memory handling. Needs to be set.
[shm]
info=Scoreboard. Required for reconfiguration and status with multiprocess servers
file=/usr/local/tomcat5/logs/jk2.shm
size=1048576
debug=0
disabled=0

[channel.socket:app:8009]
port=8009
host=x.x.x.x

# define the worker
[ajp13:app:8009]
channel=channel.socket:app:8009
debug=0

# Announce a "status" worker
[status:status]
info=Status worker. Displays runtime information.

[uri:/jkstatus/*]
group=status:status

# Uri mapping
[uri:/jsp-examples/*]

Replace "x.x.x.x" with the IP address of the App Server.

Configure jk2.properties on App Server.

Modify /usr/local/tomcat5/conf/jk2.properties to contain the following:

# jk2.properties
# Configured for channel socket

# Set the desired handler list
handler.list=apr,channelSocket,request

# Dynamic Library
serverRoot=/etc/httpd
apr.NativeSo=/etc/httpd/modules/libjkjni.so

# Override the default port for the channelSocket
channelSocket.port=8009

Restart Apache & Tomcat
On the Web Server, restart Apache with:
```
service httpd stop
service httpd start
```
On the App Server, restart Tomcat with:
```
service tomcat stop
service tomcat start
```