Jazz Library TN0002: Configuring Jazz Team Server to use IBM HTTP Server and Apache Tomcat
Author name

jazz-foundation

Fri, 11 Jan 2008
5 min read
0

TN0002: Configuring Jazz Team Server to use IBM HTTP Server and Apache Tomcat

Last Updated: 11 January 2008

Summary

IBM HTTP Server is an extension of Apache HTTP Server that provides advanced web server configuration capabilities. This document describes how to configure IBM HTTP Server, Apache Tomcat, and Jazz Team Server to work together.

Note that this configuration is recommended for deployers who wish to use Jazz Team Server’s optional support for Basic Authentication.

Note: IBM HTTP Server is an extension of Apache HTTP Server. This configuration has not been tested with Apache HTTP Server.

More Information

Certain users may require more advanced web server configuration than are provided by Apache Tomcat. In these cases, a common solution is to front the Tomcat installation with Apache HTTP Server. The Jazz Team Server team has tested this configuration with IBM HTTP Server, which extends the base Apache HTTP Server.

One scenario where we recommend this configuration is if you wish to use Jazz Team Server’s optional support for Basic Authentication (though Form-based Authentication is recommended). When configured to use Basic Authentication, Tomcat does not cache credentials, leading to massive load on the backing user registry (for example, an LDAP server) which can severely hurt system scalability. IBM HTTP Server does support Basic Auth credential caching, so this document also describes how to configure this.

Follow these steps to configure Jazz Team Server to use Apache Tomcat fronted by IBM HTTP Server:

  1. Install the latest Tomcat connectors so IBM HTTP Server is capable of forwarding requests to Tomcat. You can follow the documentation on the Tomcat website for installing the connectors.

  2. Create an <IBM_HTTP_Server_ROOT>/conf/ldap.prop_jazzldap config file with your LDAP settings. You can use the <IBM_HTTP_Server_ROOT>/conf/ldap.prop.sample file as an example

  3. Create a <IBM_HTTP_Server_ROOT>/conf/worker.properties config file for IBM HTTP Server as follows:

       worker.list=wrkr     worker.wrkr.port=8009     worker.wrkr.host=localhost     worker.wrkr.type=ajp13     worker.wrkr.connection_pool_size=25     worker.wrkr.connection_pool_timeout=600     worker.wrkr.socket_timeout=300
    Note: While port 8009 is the standard connector port, you can customize the worker.wrkr.port for your server.

  4. In your <IBM_HTTP_Server_ROOT>/conf/httpd.conf config file:
    1. Load the LDAP and mod_jk modules: 
         LoadModule ibm_ldap_module modules/mod_ibm_ldap.so     LoadModule jk_module modules/mod_jk.so
    2. Configure the mod_jk module: 
         <IfModule worker.c>       ThreadLimit         25       ServerLimit         64       StartServers         2       MaxClients         600       MinSpareThreads     25       MaxSpareThreads     75       ThreadsPerChild     25       MaxRequestsPerChild  0     </IfModule>
    3. Listen to the appropriate port: 
         Listen <Your IP address>:<Port #>
      For example: 
         Listen 1.2.3.4:80
    4. Configure the mod_jk settings appropriately: 
         JkWorkersFile "<IBM_HTTP_Server_ROOT>/conf/worker.properties"     JkLogFile  "<IBM_HTTP_Server_ROOT>/logs/mod_jk.log"     JkLogLevel warn     JkMount /* wrkr
    5. Setup IBM HTTP Server to authenticate all of /jazz/secure and cache LDAP credentials for 10 minutes: 
         <Location /jazz/secure>         AuthName Jazz         LdapConfigFile <IBM_HTTP_Server_ROOT>/conf/ldap.prop_jazzldap         AuthType Basic         Require valid-user         ldap.cache.timeout 600     </Location>
    6. Setup a dummy DocumentRoot. IBM HTTP Server requires that you specify a document root that exists, but it won’t be used since all requests are redirected to Tomcat. For example: 
      DocumentRoot "/data/dummy"
  5. Comment out the port 9080 and 9443 connectors in Tomcat’s <TOMCAT_ROOT>/conf/server.xml. You will only need the connector on port 8009
  6. Start IBM HTTP Server by running <IBM_HTTP_Server_ROOT>/bin/apachectl start
  7. Start Tomcat by running the server.startup script included in the Jazz installation package. This will extract the jazz.war file.
  8. Comment out the <security-constraint>, <login-config>, and <security-role> sections in <TOMCAT_ROOT>/webapps/jazz/WEB-INF/web.xml. These security settings are being handled by IBM HTTP Server now.
  9. Restart Tomcat by running server.shutdown followed by server.startup

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Fri, 11 Jan 2008