Blogging Techstacks

Let's say you don't feel like compiling mod-jk yourself and you can't find a binary of mod_jk compiled against your platform. Or maybe you just simply don't want to use mod_jk. If you're using apache 2.2, you can use mod_proxy_ajp in place of mod_jk in order to talk to your tomcat servers as it is already "built-in" to apache.

If you're running apache 2.2 and tomcat 5.5 or 6.0 locally, this post is for you. I'll create a base configuration that includes everything you would need to talk to a local tomcat instance using mod_proxy_ajp while also providing you with the basic mod_jk equivalent configuration for comparison.

mod_proxy_ajp configuration

The first thing you are going to want to make sure you add are the correct shared modules to the apache httpd.conf. It is also important to stress that when proxying requests to a back end server, you are configuring apache to work in reverse-proxy mode for these types of requests. The following items will get you off and running communicating to your local tomcat/jboss/geronimo/jetty-hosted webapp.

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

ProxyRequests Off

ProxyPass /webapp ajp://localhost:8009/webapp
ProxyPassReverse /webapp ajp://localhost:8009/webapp

<Proxy /webapp>
Order Deny,Allow
Allow from All
</Proxy>

<Proxy /webapp/WEB-INF>
Order Deny,Allow
Deny from All
</Proxy>

The first two lines are self-explanatory and load the modules that provide proxy and proxy-with-ajp support. The third line enables reverse proxy mode--don't ask me why it is worded this way because it is a common question that everyone asks and the documentation on httpd.apache.org doesn't really provide a reason why. The next two lines are required but seem a bit redundant--again, don't ask me why both are needed. One would assume that since this is a reverse proxy, only ProxyPassReverse would really be needed but both appear to be necessary. The next blocks of code are standard blocks--one allowing All access to the newly mounted webapp and the other denying access to WEB-INF. In 13 lines, we have created a basic mod_proxy_ajp mount to a tomcat instance running on localhost with the added bonus of only needing to add it all in the one httpd.conf configuration file.

Corresponding mod_jk entries reside in two different files, httpd.conf and workers.properties. Although you can place all of these entries in httpd.conf using mod_jk-specific directives, I don't know anyone who actually does it.

mod_jk configuration

Changes to http.conf:

LoadModule jk_module modules/mod_kl.so

JkWorkersFiles conf/workers.properties

JkLogFile logs/mod_jk.log <!although this should be piped to rotatelogs -->
JkLogLevel info
JkMount /webapp ajp13

<Location /webapp>
Order Deny,Allow
Allow from All
</Location>

<Location /webapp/WEB-INF>
Order Deny,Allow
Deny from All
</Location>

and the changes necessary to workers.properties

 # Define 1 real worker using ajp13
worker.list=ajp13

# Set properties for worker1 (ajp13)

worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009

Two files and 17 lines (excluding the 2 comment lines in workers.properties) to achieve the same affect that 13 lines in a mod_proxy_ajp configuration provides.