cc by-sa flurdy

ec2 - Amazon Elastic Compute Cloud tips and howtos

Apache Httpd and Tomcat servers

This page is part of larger set of tips & howtos on ec2 by flurdy.
| More
Other ec2 docs by flurdy

Simple step by step guide on how to set up Apache httpd server and Apache Tomcat java container server on an ec2 instance.

Note: Apache Httpd server is for the rest of this tutorial called apache.
Apache Tomcat java container server is for the rest of this tutorial called tomcat.

Pre requisits

Different setups:

wont fix puta
kill bill devil smile
beast mode dumb people
prophet wtf
us | uk | eu

Just Apache

If you all you need is plain web sites with perhaps PHP, then this section is all you need.
To add Tomcat, part of the sections further down require this section as well.

Description Commands
Install apache and PHP support sudo aptitude install apache2 php5
Enable SSL/TSL encryption sudo a2enmod ssl
I update the default-ssl virtual host from _default_ to *. This is if you have multipe ssl sites. sudo vi /etc/apache2/sites-available/default-ssl <VirtualHost *:443>
If you want to enable mod_rewrite sudo a2enmod rewrite
Enable changes by restarting apache2 apache2ctl -t;
sudo /etc/init.d/apache2 restart
Next enable the web ports in your firewall sudo vi /etc/shorewall/rules Web(ACCEPT)     net   $FW
Web(ACCEPT)     ec2   $FW
You can add more virtual hosts in /etc/apache2/sites-available. and then enable them with: sudo a2ensite virtualhostfile


Apache and Tomcat on the same server with mod_jk

(Note: mod-jk2 is deprecated, use mod-jk)

If you are having apache and tomcat on the same server, you can use the old way of mod-jk.
Note however mod-jk2 is now deprecated and you have to use mod-jk (1).
But today mod-proxy as detailed below is even prefered over mod-jk in general.

Description Commands
Install Apache Follow Just Apache above.
Install Tomcat and mod-jk sudo aptitude install tomcat6 libapache2-mod-jk
Create mod-jk configuration sudo cp /usr/share/doc/libapache2-mod-jk/httpd_example_apache2.conf /etc/apache2/conf.d/mod-jk.conf
To enable webapp passthroughs edit your virtual hosts.
/example will be picked up by the tomcat.
/example/contact will be not passed to tomcat and instead handled by apache.
JkMount /example* ajp13_worker
JkUnMount /example/contact ajp13_worker
Enable changes by restarting apache and tomcat apache2ctl -t;
sudo /etc/init.d/apache2 restart;
sudo /etc/init.d/tomcat6 restart

Apache and Tomcat on the same server with mod_proxy

Follow the different servers with mod_proxy below but skip the firewall bit and don't need new aliases.

Apache and Tomcat on different servers with mod_proxy

This will tell you how to set up apache and tomcat on two different isntance servers in ec2 (or anywhere really).
This is how I have my set up and it works very well.

This is very much based on these guides:

Description Commands
Apache server Tomcat server
Fire up two ubuntu servers in Elasticfox. One will be your Apache server. The other your Tomcat server.
Install apache and tomcat.
Note Sun will require you to accept the DLJ license when installing java.
Follow Just Apache above. sudo aptitude install sun-java6-jdk tomcat6 tomcat6-admin
Enable mod proxy sudo a2enmod proxy_ajp
And allow proxying by changing the "Deny from all" to "Allow from all" sudo vi /etc/apache2/mods-enabled/proxy.conf Order deny,allow
Allow from all
#Deny from all
Enable AJP port by uncommenting Connector sudo vi /etc/tomcat6/server.xml <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Add an admin and manager user sudo vi /etc/tomcat6/tomcat-users.xml <role rolename="admin"/>
<role rolename="manager"/>
<user username="yourUser" password="aPassword" roles="admin,manager"/>
Bump up the memory available to Tomcat.
And disable tomcat security
sudo vi /etc/default/tomcat6 JAVA_OPTS="-Djava.awt.headless=true -Xms128M -Xmx1280M -XX:MaxPermSize=256m"
Open the firewall up on the tomcat server to AJP traffic by enabling port 8009.
(You can also test if the tomcat server works by enabled Web from the net zone temporarily)
sudo vi /etc/shorewall/rules ACCEPT   ec2   $FW   tcp   8009 sudo shorewall check;
sudo shorewall safe-restart
Now since both servers are in ec2 you probably want to run them on traffic just across the ec2 to avoid extra traffic charges, for performance and security. But if you use virtual hosts then e.g. your tomcat server at will not resolve across ec2 private IP range. There are various ways to resolve this.

One solution is this: Create aliases such as:,, etc in the apache server hosts file or the actual DNS with the tomcat servers internal IP which for example is (The private IP can be found in Elasticfox by right clicking on the tomcat instance and selecting copy Private IP)
sudo vi /etc/hosts
Create a folder to put virtual hosts in eg /var/lib/tomcat6/vhosts sudo mkdir /var/lib/tomcat6/vhosts;
sudo chown tomcat6:tomcat6 /var/lib/tomcat6/vhosts
Create virtual hosts on the tomcat server towards the end of the file after the default host. sudo mkdir /var/lib/tomcat6/vhosts/;
sudo chown tomcat6:tomcat6 /var/lib/tomcat6/vhosts/;
sudo vi /etc/tomcat6/server.xml
<Host name="" appBase="vhosts/"
   unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
    <!-- <Alias></Alias> -->
Now you should upload a war file to the folders. E.g as a subcontext
or as the default root application
sudo cp example-2.1-SNAPSHOT.war /var/lib/tomcat6/vhosts/ sudo cp example-2.1-SNAPSHOT.war /var/lib/tomcat6/vhosts/
For each virtual host (/etc/apache2/sites-available/)[1] and within its <VirtualHost> tag, you need to start the delegation section with: <IfModule mod_proxy.c>
And end with: </IfModule>
To preserve the host requested by the user when using virtual hosts on tomcat,
otherwise tomcat uses the actual ProxyPass alias.
ProxyPreserveHost On
To delegate /example to the webapp use this ProxyPass /example ajp://
ProxyPassReverse /example ajp://
To enable the manager app do this ProxyPass /manager ajp://
ProxyPassReverse /manager ajp://
To delegate everything in this virtual host: ProxyPass / ajp://
ProxyPassReverse / ajp://
To delegate everything but not the images folder do this:
Note the "not" bits must come first.
ProxyPass /images !
ProxyPass / ajp://
ProxyPassReverse / ajp://
If tomcat listens to a different alias than the user connects with,
you want to disable preserve hosts and use the alias in proxypass.
Also make sure your apache machine knows of this alias.
You need to reverse proxy the cookies as well:
ProxyPreserveHost Off
ProxyPass / ajp://
ProxyPassReverse / ajp://
This is a full example.
Note manager is commented out as the full delegation already covers it.
<IfModule mod_proxy.c>
  ProxyPreserveHost On
  ProxyPass /css !
  ProxyPass / ajp://
  ProxyPassReverse / ajp://
  # ProxyPassReverseCookieDomain
  # ProxyPass /manager ajp://
  # ProxyPassReverse /manager ajp://
Now restart apache and tomcat apache2ctl -t;
sudo /etc/init.d/apache2 restart
sudo /etc/init.d/tomcat6 restart

That should be it!

If you do not want to use mod_ajp, then mod_http works fine too.
Remember to open different firewall ports. And use the proxypass http:// instead of ajp and the correct ports.

Apache and multiple Jetty on different servers with mod_proxy

Similar to section above tomcat on different servers, with different ports etc in the mod-proxy ProxyPass commands.
As I myself use plenty of maven jetty plugin apps this is very usefull.

More detail to come...

Virtual Hosting

Quick rundown on how to set up virtual hosting, ie listen to several domain names and showing different websites.

The configuration is in /etc/apache2/sites-available. Each site generally has separate files.
E.g : if we host two domains and, then convention say they are configured in:
/etc/apache2/sites-available/ & /etc/apache2/sites-available/

Within each of these files you might have several <VirtualHost> sections, but minimum one.
You might have one for, another which redirects to, a third for etc.

Here is a typical virtual host files (without any tomcat delegation):

<VirtualHost *:80>
   DocumentRoot /var/www/
   ErrorLog /var/log/apache2/
   LogLevel warn
   CustomLog /var/log/apache2/ vhost_combined
   ServerSignature On

<VirtualHost *:80>
   CustomLog /var/log/apache2/redirect-access.log vhost_combined
   Redirect permanent /

Once configured, you can enable this virtual host with this command:

sudo a2ensite

This basically puts a softlink in /etc/apache2/sites-enabled to the file in /etc/apache2/sites-available.
The opposite to this is the a2dissite command.

Remember feedback is important!

back to flurdy's ec2 docs for more ec2 tips and howtos.