RegisterLog In to Jazz.net

TN0002: Configuring Jazz Team Server to use IBM HTTP Server and Apache Tomcat

Last Updated: 11 January 2008

Summary

IBM HTTP Server is an extension of Apache HTTP Server that provides advanced web server configuration capabilities. This document describes how to configure IBM HTTP Server, Apache Tomcat, and Jazz Team Server to work together.

Note that this configuration is recommended for deployers who wish to use Jazz Team Server's optional support for Basic Authentication.

Note: IBM HTTP Server is an extension of Apache HTTP Server. This configuration has not been tested with Apache HTTP Server.

More Information

Certain users may require more advanced web server configuration than are provided by Apache Tomcat. In these cases, a common solution is to front the Tomcat installation with Apache HTTP Server. The Jazz Team Server team has tested this configuration with IBM HTTP Server, which extends the base Apache HTTP Server.

One scenario where we recommend this configuration is if you wish to use Jazz Team Server's optional support for Basic Authentication (though Form-based Authentication is recommended). When configured to use Basic Authentication, Tomcat does not cache credentials, leading to massive load on the backing user registry (for example, an LDAP server) which can severely hurt system scalability. IBM HTTP Server does support Basic Auth credential caching, so this document also describes how to configure this.

Follow these steps to configure Jazz Team Server to use Apache Tomcat fronted by IBM HTTP Server:

  1. Install the latest Tomcat connectors so IBM HTTP Server is capable of forwarding requests to Tomcat. You can follow the documentation on the Tomcat website for installing the connectors.

  2. Create an <IBM_HTTP_Server_ROOT>/conf/ldap.prop_jazzldap config file with your LDAP settings. You can use the <IBM_HTTP_Server_ROOT>/conf/ldap.prop.sample file as an example

  3. Create a <IBM_HTTP_Server_ROOT>/conf/worker.properties config file for IBM HTTP Server as follows:

       worker.list=wrkr
       worker.wrkr.port=8009
       worker.wrkr.host=localhost
       worker.wrkr.type=ajp13
       worker.wrkr.connection_pool_size=25
       worker.wrkr.connection_pool_timeout=600
       worker.wrkr.socket_timeout=300
    Note: While port 8009 is the standard connector port, you can customize the worker.wrkr.port for your server.

  4. In your <IBM_HTTP_Server_ROOT>/conf/httpd.conf config file:
    1. Load the LDAP and mod_jk modules:
         LoadModule ibm_ldap_module modules/mod_ibm_ldap.so
         LoadModule jk_module modules/mod_jk.so
    2. Configure the mod_jk module:
         <IfModule worker.c>
           ThreadLimit         25
           ServerLimit         64
           StartServers         2
           MaxClients         600
           MinSpareThreads     25
           MaxSpareThreads     75
           ThreadsPerChild     25
           MaxRequestsPerChild  0
         </IfModule>
    3. Listen to the appropriate port:
         Listen <Your IP address>:<Port #>
      For example:
         Listen 1.2.3.4:80
    4. Configure the mod_jk settings appropriately:
         JkWorkersFile "<IBM_HTTP_Server_ROOT>/conf/worker.properties"
         JkLogFile  "<IBM_HTTP_Server_ROOT>/logs/mod_jk.log"
         JkLogLevel warn
         JkMount /* wrkr
    5. Setup IBM HTTP Server to authenticate all of /jazz/secure and cache LDAP credentials for 10 minutes:
         <Location /jazz/secure>
             AuthName Jazz
             LdapConfigFile <IBM_HTTP_Server_ROOT>/conf/ldap.prop_jazzldap
             AuthType Basic
             Require valid-user
             ldap.cache.timeout 600
         </Location>
    6. Setup a dummy DocumentRoot. IBM HTTP Server requires that you specify a document root that exists, but it won't be used since all requests are redirected to Tomcat. For example:
      DocumentRoot "/data/dummy"
  5. Comment out the port 9080 and 9443 connectors in Tomcat's <TOMCAT_ROOT>/conf/server.xml. You will only need the connector on port 8009
  6. Start IBM HTTP Server by running <IBM_HTTP_Server_ROOT>/bin/apachectl start
  7. Start Tomcat by running the server.startup script included in the Jazz installation package. This will extract the jazz.war file.
  8. Comment out the <security-constraint>, <login-config>, and <security-role> sections in <TOMCAT_ROOT>/webapps/jazz/WEB-INF/web.xml. These security settings are being handled by IBM HTTP Server now.
  9. Restart Tomcat by running server.shutdown followed by server.startup
Feedback
Was this information helpful? Yes No 0 people rated this as helpful.