ESOE Installation Additions - Apache and Mod Proxy AJP

Authors
Bradley Beddoes

Applicable versions
Beta 2

Overview

This document explains requirements for getting Apache and mod_proxy_ajp working as a front end to your ESOE Tomcat deployment.

ESOE Startup Config

Naturally with Apache offloading you should only configure URL's and host addresses with the standard http[s]://. There is no requirement to specify ports of 80 or 443 for this kind of deployment.

Setup

We have left the configuration of virtual hosts and your Apache server itself out of this documentation. There are many excellent resources online if you need assistance with this. We recommend:
http://httpd.apache.org/docs/2.0/vhosts/ and http://httpd.apache.org/docs/2.0/mod/mod_proxy.html as starting points.

Once your VirtualHost is configured correctly and you have Mod Proxy and Mod Proxy AJP installed and operational you will require the following configuration:
<Location />
    Allow from all
    ProxyPass ajp://localhost:8009/
    ProxyPassReverse http://esoe.debian.intient.test/
</Location>

<Location /esoemanager/>
    Allow from all
    ProxyPass ajp://localhost:8009/esoemanager/
    ProxyPassReverse http://esoe.debian.intient.test/esoemanager/
</Location>

<Location /spep/>
    Allow from all
    ProxyPass ajp://localhost:8009/spep/
    ProxyPassReverse http://esoe.debian.intient.test/spep/
</Location>

<Location /web/>
    Allow from all
    ProxyPass ajp://localhost:8009/web/
    ProxyPassReverse http://esoe.debian.intient.test/web/
</Location>

Please Note: "Allow from all" is probably to generous for a production environment, we recommend you review these options in the Apache documentation and configure your security according to you own environment.

SSL

Having Apache handle your SSL is fine and won't effect the operation of ESOE except for Metadata resolution. If you are using a Self Signed Certificate you must ensure that the JVM running tomcat trusts this certificate. Failure to do this will result in spep.data/logging/spep.log and esoe.data/logging/esoe.log complaining about being unable to resolve Metadata, this is because the https connection has been terminated due to the use of an untrusted CA. Certificates signed by external commercial providers should not require any additional JVM configuration.

Feedback

We aim to continually improve this documentation set to make it as easy as possible to configure Apache as a front end for ESOE and Tomcat. We welcome any comments or additions you may have on the ESOE users mailing list at any time.

Also available in: HTML TXT