Personal tools
 

6.3.3.3. SUSE 9.2-10

Up one level
Configuring Apache2 for HTTPS in SUSE versions 9.2-10

The goal here is to successfully secure Tomcat with Apache by integrating Tomcat's abilities into an existing Apache installation using the mod_jk and Ajp13Connector.

  1. Download the gria-services.conf sample file and place it in /etc/apache2/vhosts.d
  2. Edit gria-services.conf so that the file locations of the following settings give the locations of the files you exported from your keystore on the previous page.
    • SSLCertificateFile
    • SSLCertificateKeyFile
    • SSLCACertificateFile
    • SSLCARevocationFile
  3. Edit the /etc/sysconfig/apache2 file and do the following:
    • Add "-D SSL" to the APACHE_SERVER_FLAGS variable to allow SSL to be enabled when the Apache Sever is started: 
      APACHE_SERVER_FLAGS="-D SSL"
    • Set a reasonable value for the time required to enter the password when starting apache: 
      APACHE_START_TIMEOUT="30"
    • Include the module "jk" to the list of apache2 modules within the APACHE_MODULES variable, e.g.: 
      APACHE_MODULES="access actions alias auth auth_dbm dir env expires include log_config mime negotiation setenvif ssl jk"
  4. Copy the file /usr/share/doc/packages/mod_jk-ap20/jk.conf to /etc/apache2/conf.d: 
    # cp /usr/share/doc/packages/mod_jk-ap20/jk.conf /etc/apache2/conf.d
  5. Copy the file /usr/share/doc/packages/mod_jk-ap20/workers.properties to /etc/tomcat5/base: 
    # cp /usr/share/doc/packages/mod_jk-ap20/workers.properties /etc/tomcat5/base
  6. The apache2 configuration must then be updated using the following command: 
    # SuSEconfig --module apache2
  7. Stop the Tomcat server with the following command: 
    # rctomcat5 stop
  8. Edit the file /etc/apache2/conf.d/jk.conf and add the following pieces of code to the file within the <IfModule> tag:
    • For GRIA Basic App Services add the following section: 
      # The following line mounts /GRIA basic app services/ uri (and all files) to tomcat
      JkMount /gria-basic-app-services/* ajp13
	
      Alias /gria-basic-app-services "/srv/www/tomcat5/base/webapps/gria-basic-app-services"
      <Directory "/srv/www/tomcat5/base/webapps/gria-basic-app-services">
       Options Indexes FollowSymLinks
       allow from all
      </Directory>
      #To prevent users from listing contents
      <Location "/gria-basic-app-services/WEB-INF/">
       AllowOverride None
       deny from all
      </Location>
    • For GRIA Service Provider Management add the following section: 
      # The following line mounts /GRIA service provider management / uri (and all files) to tomcat
      JkMount /gria-service-provider-mgt/* ajp13
	
      Alias /gria-service-provider-mgt "/srv/www/tomcat5/base/webapps/gria-service-provider-mgt"
      <Directory "/srv/www/tomcat5/base/webapps/gria-service-provider-mgt">
       Options Indexes FollowSymLinks
       allow from all
      </Directory>
      #To prevent users from listing contents
      <Location "/gria-service-provider-mgt/WEB-INF/">
       AllowOverride None
       deny from all
      </Location>
    • For GRIA Client Management add the following section: 
      # The following line mounts /GRIA client management / uri (and all files) to tomcat
      JkMount /gria-client-mgt/* ajp13
	
      Alias /gria-client-mgt "/srv/www/tomcat5/base/webapps/gria-client-mgt"
      <Directory "/srv/www/tomcat5/base/webapps/gria-client-mgt">
       Options Indexes FollowSymLinks
       allow from all
      </Directory>
      #To prevent users from listing contents
      <Location "/gria-client-mgt/WEB-INF/">
       AllowOverride None
       deny from all
      </Location>
  10. Start the Tomcat server with the command: 
    # rctomcat5 start
  11. Restart the apache2 server with the following command: 
    # rcapache2 restart
  12. Access the GRIA admin pages through HTTPS, eg using https://localhost/gria-basic-app-services.
Next: Apache 2.2 Previous: Fedora Core 5