Difference between revisions of "Making config changes to Apache for mod jk"
(Created page with "'''Apache, SSL and mod_jk''' yum install httpd httpd-devel libtool gcc* mod_ssl") |
|||
| Line 1: | Line 1: | ||
'''Apache, SSL and mod_jk''' | '''Apache, SSL and mod_jk''' | ||
| − | yum install httpd httpd-devel libtool gcc* mod_ssl | + | yum install httpd httpd-devel libtool gcc* mod_ssl<br> |
| + | |||
| + | I assume you know how to add SSL support in apache.<br> | ||
| + | One thing I noted here is you can use self assigned certificate.<br> | ||
| + | |||
| + | openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out aws.crt -keyout aws.pem<br> | ||
| + | |||
| + | And included into your apache ssl configuration.<br> | ||
| + | |||
| + | Now fun part, how to connect your Apache with tomcat! you need read http://tomcat.apache.org/connectors-doc/<br> | ||
| + | |||
| + | In a short version, you do NOT have mod_jk build for CentOS 6. You have to do it from source code. So follow https://www.centos.org/modules/newbb/viewtopic.php?topic_id=33416<br> | ||
| + | |||
| + | But only need to do<br> | ||
| + | |||
| + | cd native/<br> | ||
| + | ./configure --with-apxs=/usr/sbin/apxs && make all | ||
| + | ls apache-2.0/.libs/mod_jk.so<br> | ||
| + | |||
| + | Copy the mod_jk.so to /etc/httpd/modules/<br> | ||
| + | |||
| + | So here is my /etc/httpd/conf.d/ssl.conf<br> | ||
| + | <source lang="text"> | ||
| + | |||
| + | LoadModule ssl_module modules/mod_ssl.so<br> | ||
| + | LoadModule jk_module modules/mod_jk.so<br> | ||
| + | |||
| + | Listen 443 | ||
| + | SSLPassPhraseDialog builtin | ||
| + | SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) | ||
| + | SSLSessionCacheTimeout 300 | ||
| + | SSLMutex default | ||
| + | SSLRandomSeed startup file:/dev/urandom 256 | ||
| + | SSLRandomSeed connect builtin | ||
| + | SSLCryptoDevice builtin | ||
| + | |||
| + | <VirtualHost _default_:443> | ||
| + | ErrorLog logs/ssl_error_log | ||
| + | TransferLog logs/ssl_access_log | ||
| + | LogLevel warn | ||
| + | SSLEngine on | ||
| + | SSLCertificateFile /opt/ssl/aws.crt | ||
| + | SSLCertificateKeyFile /opt/ssl/aws.pem | ||
| + | CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | ||
| + | </VirtualHost> | ||
| + | JkWorkersFile conf.d/workers.properties | ||
| + | JkLogFile logs/mod_jk.log | ||
| + | JkLogLevel debug | ||
| + | JkMount /idp/* worker1 | ||
| + | jkMountCopy ALL | ||
| + | </source> | ||
| + | |||
| + | In /etc/httpd/conf.d/workers.properties | ||
| + | <source lang="text"> | ||
| + | worker.list=worker1 | ||
| + | worker.type=ajp13 | ||
| + | worker.host=localhost | ||
| + | worker.port=8009 | ||
| + | </source> | ||
| + | |||
| + | Restart the apache<br> | ||
| + | |||
| + | /etc/init.d/httpd restart<br> | ||
| + | |||
| + | you should get ok from<br> | ||
| + | |||
| + | curl --insecure "https://localhost/idp/profile/Status"<br> | ||
| + | |||
| + | Also you should be able to see https://localhost/idp/shibboleth.<br> | ||
| + | |||
| + | More important, according to here, you might wanna change the web.xml at /var/lib/tomcat6/webapps/idp/WEB-INF/web.xml so that you can see https://hostname/idp/status from another host.<br> | ||
| + | |||
| + | OK, you have the basic Shibboleth Idp setup.<br> | ||
Latest revision as of 12:04, 9 October 2015
Apache, SSL and mod_jk
yum install httpd httpd-devel libtool gcc* mod_ssl
I assume you know how to add SSL support in apache.
One thing I noted here is you can use self assigned certificate.
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out aws.crt -keyout aws.pem
And included into your apache ssl configuration.
Now fun part, how to connect your Apache with tomcat! you need read http://tomcat.apache.org/connectors-doc/
In a short version, you do NOT have mod_jk build for CentOS 6. You have to do it from source code. So follow https://www.centos.org/modules/newbb/viewtopic.php?topic_id=33416
But only need to do
cd native/
./configure --with-apxs=/usr/sbin/apxs && make all
ls apache-2.0/.libs/mod_jk.so
Copy the mod_jk.so to /etc/httpd/modules/
So here is my /etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so<br>
LoadModule jk_module modules/mod_jk.so<br>
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLCertificateFile /opt/ssl/aws.crt
SSLCertificateKeyFile /opt/ssl/aws.pem
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
JkWorkersFile conf.d/workers.properties
JkLogFile logs/mod_jk.log
JkLogLevel debug
JkMount /idp/* worker1
jkMountCopy ALLIn /etc/httpd/conf.d/workers.properties
worker.list=worker1 worker.type=ajp13 worker.host=localhost worker.port=8009
Restart the apache
/etc/init.d/httpd restart
you should get ok from
curl --insecure "https://localhost/idp/profile/Status"
Also you should be able to see https://localhost/idp/shibboleth.
More important, according to here, you might wanna change the web.xml at /var/lib/tomcat6/webapps/idp/WEB-INF/web.xml so that you can see https://hostname/idp/status from another host.
OK, you have the basic Shibboleth Idp setup.
