< Previous | Front page | Next >
Skip to end of metadata
Go to start of metadata

In this article I'd like to show you how to use mod_jk as HTTP connector of JBoss AS, and I'll also show you how to configure SSL to work with connector.

Install JBoss EAP 6.1.0

Go to http://www.jboss.org/jbossas/downloads/ and download EAP 6.1.0.Final:

Unzip jboss-eap-6.1.0.zip and try to start server in standalone mode:

If everything goes fine you can see server is started:

Try to access web port and you should see:

Now we stop server by pressing 'CTRL-C':

Compile & Install Apache Httpd

Go to http://httpd.apache.org/download.cgi and download httpd 2.2.25:

Unzip httpd-2.2.25.tar.bz2 and run configure:

Please note the command we've used:

We define 'httpd-bin' will be the place that we install our compiled httpd. And we've enabled 'ssl' option so we'll have 'mod_ssl' in our httpd binaries.

If everything goes fine the 'configure' should be finished without any problems:

Now we run 'make' to compile the code:

After it finished we run 'make install':

You can see everything is installed to 'prefix' folder we've defined:

Then we need to verify 'mod_ssl' is installed correctly:

Now let's start the httpd and test its connection:

After verify it works we could shutdown http server for now:

Install mod_jk

Goto http://tomcat.apache.org/download-connectors.cgi and download JK 1.2.37 Source Release:

Extract downloaded zip and run 'configure':

Please note we have defined the position of our httpd binary:

After configure finished let's compile & install it:

If everything goes fine you can see mod_jk is installed to httpd:

And we can verify 'mod_jk.so' is correctly installed:

But now if you dump modules that is used by httpd you'll see mod_jk is not there yet:

Because we haven't configure httpd to load 'mod_jk.so', in next section let's work on it.

Configure mod_jk

First is to open 'httpd.conf' in 'conf' folder:

Go to the 'Dynamic Shared Object (DSO) Support' section:

And add mod_jk configurations under this section:

After finish the above modifications to 'httpd.conf', let's save the file and exit to test 'mod_jk.so' is loaded by httpd correctly:

Oops, seems we've forgetten to add '/Users/weli/projs/httpd-bin/conf/workers.properties' defined in config, now let's create this file:

Now we open this file and put in the config:

Let's read the above config line by line:

mod_jk supports cluster by using multple workers(workers could be JBossAS or Tomcat, or the application servers that support ajp13 protocol) in behind. Because for this article we just have one 'worker', which is jboss-eap-6.1.0 we've installed, so we just config one worker here, and named it 'worker1'.

We'll use AJP13 protocol for mod_jk to communicate with JBoss AS. You can see in JBoss AS the 'AJP 1.3' procotol stack is enabled in 'standalone-ha.xml':

Now let's go back to 'workers.properties':

This is the worker's working address and port. This is set according to the config in JBoss AS:

After editing the 'worker.properties' and its meanings, now let's save the file and test httpd config again:

Seems mod_jk is loaded correctly now, so it's time to get all components online and do the testing

Test Connector

Start JBoss AS

Goto 'bin' folder of JBoss AS and run the startup script:

Server should start with 'standalone-ha' profile:

After server started, please try to access AJP port:

As we have verified that JBoss AS is configured properly, now let's move to httpd side.

Start httpd

Before using httpd, we need to bind httpd to public IP address. This is similar to the situations in productisation environment: We ask connector to listen to public address and redirect these requests to backend AS servers sits in LAN.

Binding httpd to public IP address

First we need to find our machine's public IP address:

So my machine's public address is

. Then we need to configure 'httpd.conf' to listen to this address. Firstly we find 'httpd.conf' and open it:

We goto 'Listen' section:

Change

to:

Next step we need to setup server name of httpd:

Binding httpd to a hostname

Go to 'ServerName' section of httpd:

Add a ServerName below this section:

We've set my ServerName as 'mini'. Now let's save 'httpd.conf' and exit editor. Next step is to map this hostname with the public IP address of this machine in

From the ping output we could see our public IP address is correctly mapped to hostname 'mini'.

Everything seems ready now:

  • JBoss AS is started with 'standalone-ha.xml' profile, and listening to AJP port 8009 binding with IP address '127.0.0.1'
  • httpd is listening on port 80 binding with public IP address '10.0.1.13', and ready to redirect all the requests to 'worker1', which is actually the AS 7 server sitting behind.

Time to make some fun!

Connection Test

Now let's start httpd:

And let's check the debug log of 'mod_jk.so' to verify it is started correctly:

Now let's access our httpd serving address:

With the help of mod_jk, the requests from public address port 80 has been redirected to the backend(through AJP protocol) JBoss AS server which is listening on localhost port 8009.

Recovery Test

Now let's kill the JBoss AS server by using 'CTRL-C':

And now let's connect to 'http://mini' again:

Because the backend service is down, so httpd could no longer redirect requests to worker. Checking the 'mod_jk.log' and you can see it's reporting the errors:

Now we start JBoss AS again:

After server started, we try to connect to 'http://mini' again:

The whole service back to work now.

Using SSL

Using SSL in our system is not as difficult as you think. Because we are using AJP 1.3 protocol in between httpd and JBoss AS, and httpd is listening to public address, so we just need to configure SSL in httpd and that's all:

Now let's see how to enable SSL in httpd:

Configure SSL in httpd

Prepare Certification File

First we create a 'cert' directory in 'httpd-bin' to store certificates:

Now we enter this directory and create a key:

As show above, we've set the pass phrase as 'secret' and created the key file 'mini.key'. After generating our key, we need to sign it, so next step is to generate a CSR(Certificate Signing Request) file:

In above section, the 'Common Name' section is very important:

This must match your 'ServerName' in your 'httpd.conf' and your hostname in '/etc/hosts'.

Last step is to sign this CSR file, we'll use our own key file to sign it:

Now we have prepared the cert file 'mini.crt':

Next step is to configure httpd to use the cert to enable SSL:

Use Certification File in httpd

Open httpd.conf, and in 'Listen' section, add:

for httpd to listen to 443 port (which is default port used by https).

Goto the bottom of 'httpd.conf', add:

Now we start httpd:

And don't forget to start JBoss AS:

Now it's time to play with our SSL connection:

Test SSL Connector

Try to access:

And browser will complain the cert provided by web server is not valid because it's not signed by a CA:

We know this cert is signed by ourself so just ignore the warning and continue to access the URL:

Now we can see the https connection is working and the request is successfully send to JBoss AS.

Labels:
jboss jboss Delete
as7 as7 Delete
mod_jk mod_jk Delete
ha ha Delete
cluster cluster Delete
http http Delete
eap eap Delete
wildfly wildfly Delete
ssl ssl Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.