In this article I'd like to show you how to use mod_jk as HTTP connector of JBoss AS, and I'll also show you how to configure SSL to work with connector.
- Install JBoss EAP 6.1.0
- Compile & Install Apache Httpd
- Install mod_jk
- Configure mod_jk
- Test Connector
- Start JBoss AS
- Start httpd
- Connection Test
- Using SSL
Go to http://www.jboss.org/jbossas/downloads/ and download EAP 6.1.0.Final:
Unzip jboss-eap-6.1.0.zip and try to start server in standalone mode:
If everything goes fine you can see server is started:
Try to access web port and you should see:
Now we stop server by pressing 'CTRL-C':
Go to http://httpd.apache.org/download.cgi and download httpd 2.2.25:
Unzip httpd-2.2.25.tar.bz2 and run configure:
Please note the command we've used:
We define 'httpd-bin' will be the place that we install our compiled httpd. And we've enabled 'ssl' option so we'll have 'mod_ssl' in our httpd binaries.
If everything goes fine the 'configure' should be finished without any problems:
Now we run 'make' to compile the code:
After it finished we run 'make install':
You can see everything is installed to 'prefix' folder we've defined:
Then we need to verify 'mod_ssl' is installed correctly:
Now let's start the httpd and test its connection:
After verify it works we could shutdown http server for now:
Goto http://tomcat.apache.org/download-connectors.cgi and download JK 1.2.37 Source Release:
Extract downloaded zip and run 'configure':
Please note we have defined the position of our httpd binary:
After configure finished let's compile & install it:
If everything goes fine you can see mod_jk is installed to httpd:
And we can verify 'mod_jk.so' is correctly installed:
But now if you dump modules that is used by httpd you'll see mod_jk is not there yet:
Because we haven't configure httpd to load 'mod_jk.so', in next section let's work on it.
First is to open 'httpd.conf' in 'conf' folder:
Go to the 'Dynamic Shared Object (DSO) Support' section:
And add mod_jk configurations under this section:
After finish the above modifications to 'httpd.conf', let's save the file and exit to test 'mod_jk.so' is loaded by httpd correctly:
Oops, seems we've forgetten to add '/Users/weli/projs/httpd-bin/conf/workers.properties' defined in config, now let's create this file:
Now we open this file and put in the config:
Let's read the above config line by line:
mod_jk supports cluster by using multple workers(workers could be JBossAS or Tomcat, or the application servers that support ajp13 protocol) in behind. Because for this article we just have one 'worker', which is jboss-eap-6.1.0 we've installed, so we just config one worker here, and named it 'worker1'.
We'll use AJP13 protocol for mod_jk to communicate with JBoss AS. You can see in JBoss AS the 'AJP 1.3' procotol stack is enabled in 'standalone-ha.xml':
Now let's go back to 'workers.properties':
This is the worker's working address and port. This is set according to the config in JBoss AS:
After editing the 'worker.properties' and its meanings, now let's save the file and test httpd config again:
Seems mod_jk is loaded correctly now, so it's time to get all components online and do the testing
Goto 'bin' folder of JBoss AS and run the startup script:
Server should start with 'standalone-ha' profile:
After server started, please try to access AJP port:
As we have verified that JBoss AS is configured properly, now let's move to httpd side.
Before using httpd, we need to bind httpd to public IP address. This is similar to the situations in productisation environment: We ask connector to listen to public address and redirect these requests to backend AS servers sits in LAN.
First we need to find our machine's public IP address:
So my machine's public address is. Then we need to configure 'httpd.conf' to listen to this address. Firstly we find 'httpd.conf' and open it:
We goto 'Listen' section:
Next step we need to setup server name of httpd:
Go to 'ServerName' section of httpd:
Add a ServerName below this section:
We've set my ServerName as 'mini'. Now let's save 'httpd.conf' and exit editor. Next step is to map this hostname with the public IP address of this machine in
From the ping output we could see our public IP address is correctly mapped to hostname 'mini'.
Everything seems ready now:
- JBoss AS is started with 'standalone-ha.xml' profile, and listening to AJP port 8009 binding with IP address '127.0.0.1'
- httpd is listening on port 80 binding with public IP address '10.0.1.13', and ready to redirect all the requests to 'worker1', which is actually the AS 7 server sitting behind.
Time to make some fun!
Now let's start httpd:
And let's check the debug log of 'mod_jk.so' to verify it is started correctly:
Now let's access our httpd serving address:
With the help of mod_jk, the requests from public address port 80 has been redirected to the backend(through AJP protocol) JBoss AS server which is listening on localhost port 8009.
Now let's kill the JBoss AS server by using 'CTRL-C':
And now let's connect to 'http://mini' again:
Because the backend service is down, so httpd could no longer redirect requests to worker. Checking the 'mod_jk.log' and you can see it's reporting the errors:
Now we start JBoss AS again:
After server started, we try to connect to 'http://mini' again:
The whole service back to work now.
Using SSL in our system is not as difficult as you think. Because we are using AJP 1.3 protocol in between httpd and JBoss AS, and httpd is listening to public address, so we just need to configure SSL in httpd and that's all:
Now let's see how to enable SSL in httpd:
First we create a 'cert' directory in 'httpd-bin' to store certificates:
Now we enter this directory and create a key:
As show above, we've set the pass phrase as 'secret' and created the key file 'mini.key'. After generating our key, we need to sign it, so next step is to generate a CSR(Certificate Signing Request) file:
In above section, the 'Common Name' section is very important:
This must match your 'ServerName' in your 'httpd.conf' and your hostname in '/etc/hosts'.
Last step is to sign this CSR file, we'll use our own key file to sign it:
Now we have prepared the cert file 'mini.crt':
Next step is to configure httpd to use the cert to enable SSL:
Open httpd.conf, and in 'Listen' section, add:
for httpd to listen to 443 port (which is default port used by https).
Goto the bottom of 'httpd.conf', add:
Now we start httpd:
And don't forget to start JBoss AS:
Now it's time to play with our SSL connection:
Try to access:
And browser will complain the cert provided by web server is not valid because it's not signed by a CA:
We know this cert is signed by ourself so just ignore the warning and continue to access the URL:
Now we can see the https connection is working and the request is successfully send to JBoss AS.