6.4.3.3. SUSE 9.2-10

The goal here is to successfully secure Tomcat with Apache by integrating Tomcat's abilities into an existing Apache installation using the mod_jk and Ajp13Connector.

1. Download the gria-services.conf sample file and place it in /etc/apache2/vhosts.d
2. Edit gria-services.conf so that the file locations of the following settings give the locations of the files you exported from your keystore on the previous page.
   • SSLCertificateFile
   • SSLCertificateKeyFile
   • SSLCACertificateFile
   • SSLCARevocationFile
3. Edit the /etc/sysconfig/apache2 file and do the following:
   • Add "-D SSL" to the APACHE_SERVER_FLAGS variable to allow SSL to be enabled when the Apache Sever is started:

     APACHE_SERVER_FLAGS="-D SSL"

   • Set a reasonable value for the time required to enter the password when starting apache:

     APACHE_START_TIMEOUT="30"

   • Include the module "jk" to the list of apache2 modules within the APACHE_MODULES variable, e.g.:

     APACHE_MODULES="access actions alias auth auth_dbm dir env expires include log_config mime negotiation setenvif ssl jk"

4. Copy the file /usr/share/doc/packages/mod_jk-ap20/jk.conf to /etc/apache2/conf.d:

   # cp /usr/share/doc/packages/mod_jk-ap20/jk.conf /etc/apache2/conf.d

5. Copy the file /usr/share/doc/packages/mod_jk-ap20/workers.properties to /etc/tomcat5/base:

   # cp /usr/share/doc/packages/mod_jk-ap20/workers.properties /etc/tomcat5/base

6. The apache2 configuration must then be updated using the following command:

   # SuSEconfig --module apache2
   

7. Stop the Tomcat server with the following command:

   # rctomcat5 stop

8. Edit the file /etc/apache2/conf.d/jk.conf and add the following pieces of code to the file within the <IfModule> tag:
   • For GRIA Basic App Services add the following section:

     # The following line mounts /GRIA basic app services/ uri (and all files) to tomcat
     JkMount /gria-basic-app-services/* ajp13
     	
     Alias /gria-basic-app-services "/srv/www/tomcat5/base/webapps/gria-basic-app-services"
     <Directory "/srv/www/tomcat5/base/webapps/gria-basic-app-services">
      Options Indexes FollowSymLinks
      allow from all
     </Directory>
     #To prevent users from listing contents
     <Location "/gria-basic-app-services/WEB-INF/">
      AllowOverride None
      deny from all
     </Location>

   • For GRIA Service Provider Management add the following section:

     # The following line mounts /GRIA service provider management / uri (and all files) to tomcat
     JkMount /gria-service-provider-mgt/* ajp13
     	
     Alias /gria-service-provider-mgt "/srv/www/tomcat5/base/webapps/gria-service-provider-mgt"
     <Directory "/srv/www/tomcat5/base/webapps/gria-service-provider-mgt">
      Options Indexes FollowSymLinks
      allow from all
     </Directory>
     #To prevent users from listing contents
     <Location "/gria-service-provider-mgt/WEB-INF/">
      AllowOverride None
      deny from all
     </Location>

   • For GRIA Client Management add the following section:

     # The following line mounts /GRIA client management / uri (and all files) to tomcat
     JkMount /gria-client-mgt/* ajp13
     	
     Alias /gria-client-mgt "/srv/www/tomcat5/base/webapps/gria-client-mgt"
     <Directory "/srv/www/tomcat5/base/webapps/gria-client-mgt">
      Options Indexes FollowSymLinks
      allow from all
     </Directory>
     #To prevent users from listing contents
     <Location "/gria-client-mgt/WEB-INF/">
      AllowOverride None
      deny from all
     </Location>

9. 
   
10. Start the Tomcat server with the command:

    # rctomcat5 start

11. Restart the apache2 server with the following command:

    # rcapache2 restart

12. Access the GRIA admin pages through HTTPS, eg using https://localhost/gria-basic-app-services.

Next: Apache 2.2 Previous: Fedora Core 10