Simple step by step guide on how to set up Apache httpd server and Apache Tomcat java container server on an ec2 instance.
Apache Httpd server is for the rest of this tutorial called apache.
Apache Tomcat java container server is for the rest of this tutorial called tomcat.
If you all you need is plain web sites with perhaps PHP,
then this section is all you need.
To add Tomcat, part of the sections further down require this section as well.
|Install apache and PHP support
sudo aptitude install apache2 php5
|Enable SSL/TSL encryption
sudo a2enmod ssl
|I update the default-ssl virtual host from _default_ to *. This is if you have multipe ssl sites.
sudo vi /etc/apache2/sites-available/default-ssl
|If you want to enable mod_rewrite
sudo a2enmod rewrite
|Enable changes by restarting apache2
|Next enable the web ports in your firewall
sudo vi /etc/shorewall/rules
Web(ACCEPT) net $FW
|You can add more virtual hosts in /etc/apache2/sites-available. and then enable them with:
(Note: mod-jk2 is deprecated, use mod-jk)
If you are having apache and tomcat on the same server,
you can use the old way of mod-jk.
Note however mod-jk2 is now deprecated and you have to use mod-jk (1).
But today mod-proxy as detailed below is even prefered over mod-jk in general.
|Follow Just Apache above.
|Install Tomcat and mod-jk
sudo aptitude install tomcat6 libapache2-mod-jk
|Create mod-jk configuration
sudo cp /usr/share/doc/libapache2-mod-jk/httpd_example_apache2.conf /etc/apache2/conf.d/mod-jk.conf
To enable webapp passthroughs edit your virtual hosts.
/example will be picked up by the tomcat.
/example/contact will be not passed to tomcat and instead handled by apache.
JkMount /example* ajp13_worker
|Enable changes by restarting apache and tomcat
Follow the different servers with mod_proxy below but skip the firewall bit and don't need new aliases.
This will tell you how to set up apache and tomcat
on two different isntance servers in ec2 (or anywhere really).
This is how I have my set up and it works very well.
This is very much based on these guides:
|Fire up two ubuntu servers in Elasticfox. One will be your Apache server. The other your Tomcat server.
Install apache and tomcat.
Note Sun will require you to accept the DLJ license when installing java.
|Follow Just Apache above.
sudo aptitude install sun-java6-jdk tomcat6 tomcat6-admin
|Enable mod proxy
sudo a2enmod proxy_ajp
|And allow proxying by changing the "Deny from all" to "Allow from all"
sudo vi /etc/apache2/mods-enabled/proxy.conf
|Enable AJP port by uncommenting Connector
sudo vi /etc/tomcat6/server.xml
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
|Add an admin and manager user
sudo vi /etc/tomcat6/tomcat-users.xml
Bump up the memory available to Tomcat.
And disable tomcat security
sudo vi /etc/default/tomcat6
JAVA_OPTS="-Djava.awt.headless=true -Xms128M -Xmx1280M -XX:MaxPermSize=256m"
Open the firewall up on the tomcat server
to AJP traffic by enabling port 8009.
(You can also test if the tomcat server works by enabled Web from the net zone temporarily)
sudo vi /etc/shorewall/rules
ACCEPT ec2 $FW tcp 8009
sudo shorewall check;
Now since both servers
are in ec2 you probably want to run them
on traffic just across the ec2 to avoid
extra traffic charges, for performance and security.
But if you use virtual hosts
then e.g. your tomcat server at apps.example.com
will not resolve across ec2 private IP range.
There are various ways to resolve this.
One solution is this: Create aliases such as: local.apps.example.com, local.another.example.com, etc in the apache server hosts file or the actual DNS with the tomcat servers internal IP which for example is 10.2.3.4. (The private IP can be found in Elasticfox by right clicking on the tomcat instance and selecting copy Private IP)
sudo vi /etc/hosts
|Create a folder to put virtual hosts in eg /var/lib/tomcat6/vhosts
sudo mkdir /var/lib/tomcat6/vhosts;
|Create virtual hosts on the tomcat server towards the end of the file after the default host.
sudo mkdir /var/lib/tomcat6/vhosts/example.com;
<Host name="www.example.com" appBase="vhosts/example.com"
Now you should upload a war file to the folders.
E.g as a subcontext www.example.com/example
or as the default root application www.example.com/:
sudo cp example-2.1-SNAPSHOT.war /var/lib/tomcat6/vhosts/example.com/example.war
sudo cp example-2.1-SNAPSHOT.war /var/lib/tomcat6/vhosts/example.com/ROOT.war
|For each virtual host (/etc/apache2/sites-available/) and within its <VirtualHost> tag, you need to start the delegation section with:
|And end with:
To preserve the host requested by the user when using virtual hosts on tomcat,
otherwise tomcat uses the actual ProxyPass alias.
|To delegate /example to the webapp use this
ProxyPass /example ajp://local.apps.example.com:8009/
|To enable the manager app do this
ProxyPass /manager ajp://local.apps.example.com:8009/manager
|To delegate everything in this virtual host:
ProxyPass / ajp://local.apps.example.com:8009/
To delegate everything but not the images folder do this:
Note the "not" bits must come first.
ProxyPass /images !
If tomcat listens to a different alias than the user connects with,
you want to disable preserve hosts and use the alias in proxypass.
Also make sure your apache machine knows of this alias.
You need to reverse proxy the cookies as well:
This is a full example.
Note manager is commented out as the full delegation already covers it.
|Now restart apache and tomcat
sudo /etc/init.d/tomcat6 restart
That should be it!
If you do not want to use mod_ajp, then mod_http works fine too.
Remember to open different firewall ports. And use the proxypass http:// instead of ajp and the correct ports.
Similar to section above tomcat on different servers,
with different ports etc in the mod-proxy ProxyPass commands.
As I myself use plenty of maven jetty plugin apps this is very usefull.
More detail to come...
Quick rundown on how to set up virtual hosting, ie listen to several domain names and showing different websites.
The configuration is in /etc/apache2/sites-available.
Each site generally has separate files.
E.g : if we host two domains example.com and invalid.net, then convention say they are configured in:
/etc/apache2/sites-available/example.com & /etc/apache2/sites-available/invalid.net.
Within each of these files you might have several
<VirtualHost> sections, but minimum one.
You might have one for www.example.com, another which redirects example.com to www.example.com, a third for intra.example.com etc.
Here is a typical virtual host files (without any tomcat delegation):
CustomLog /var/log/apache2/access-example.com.log vhost_combined
CustomLog /var/log/apache2/redirect-access.log vhost_combined
Redirect permanent / http://www.example.com/
Once configured, you can enable this virtual host with this command:
sudo a2ensite example.com
This basically puts a softlink in /etc/apache2/sites-enabled to the example.com file in /etc/apache2/sites-available.
The opposite to this is the a2dissite command.
Remember feedback is important!
back to flurdy's ec2 docs for more ec2 tips and howtos.