Making config changes to Apache for mod jk

From MyWiki
Jump to: navigation, search

Apache, SSL and mod_jk

yum install httpd httpd-devel libtool gcc* mod_ssl

I assume you know how to add SSL support in apache.
One thing I noted here is you can use self assigned certificate.

openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out aws.crt -keyout aws.pem

And included into your apache ssl configuration.

Now fun part, how to connect your Apache with tomcat! you need read http://tomcat.apache.org/connectors-doc/

In a short version, you do NOT have mod_jk build for CentOS 6. You have to do it from source code. So follow https://www.centos.org/modules/newbb/viewtopic.php?topic_id=33416

But only need to do

cd native/
./configure --with-apxs=/usr/sbin/apxs && make all ls apache-2.0/.libs/mod_jk.so

Copy the mod_jk.so to /etc/httpd/modules/

So here is my /etc/httpd/conf.d/ssl.conf

LoadModule ssl_module modules/mod_ssl.so<br>
LoadModule jk_module modules/mod_jk.so<br>
 
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
 
<VirtualHost _default_:443>
  ErrorLog logs/ssl_error_log
  TransferLog logs/ssl_access_log
  LogLevel warn
  SSLEngine on
  SSLCertificateFile /opt/ssl/aws.crt
  SSLCertificateKeyFile /opt/ssl/aws.pem
  CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
JkWorkersFile conf.d/workers.properties
JkLogFile logs/mod_jk.log
JkLogLevel debug
JkMount /idp/* worker1
jkMountCopy ALL

In /etc/httpd/conf.d/workers.properties 

worker.list=worker1
worker.type=ajp13
worker.host=localhost
worker.port=8009

Restart the apache

/etc/init.d/httpd restart

you should get ok from

curl --insecure "https://localhost/idp/profile/Status"

Also you should be able to see https://localhost/idp/shibboleth.

More important, according to here, you might wanna change the web.xml at /var/lib/tomcat6/webapps/idp/WEB-INF/web.xml so that you can see https://hostname/idp/status from another host.

OK, you have the basic Shibboleth Idp setup.

Retrieved from "https://wiki.twig.es/index.php?title=Making_config_changes_to_Apache_for_mod_jk&oldid=2630"