TN0002: Configuring Jazz Team Server to use IBM HTTP Server and Apache TomcatLast Updated: 11 January 2008
IBM HTTP Server is an extension of Apache HTTP Server that provides advanced web server configuration capabilities. This document describes how to configure IBM HTTP Server, Apache Tomcat, and Jazz Team Server to work together.
Note that this configuration is recommended for deployers who wish to use Jazz Team Server's optional support for Basic Authentication.
Note: IBM HTTP Server is an extension of Apache HTTP Server. This configuration has not been tested with Apache HTTP Server.
Certain users may require more advanced web server configuration than are provided by Apache Tomcat. In these cases, a common solution is to front the Tomcat installation with Apache HTTP Server. The Jazz Team Server team has tested this configuration with IBM HTTP Server, which extends the base Apache HTTP Server.
One scenario where we recommend this configuration is if you wish to use Jazz Team Server's optional support for Basic Authentication (though Form-based Authentication is recommended). When configured to use Basic Authentication, Tomcat does not cache credentials, leading to massive load on the backing user registry (for example, an LDAP server) which can severely hurt system scalability. IBM HTTP Server does support Basic Auth credential caching, so this document also describes how to configure this.
Follow these steps to configure Jazz Team Server to use Apache Tomcat fronted by IBM HTTP Server:
- Install the latest Tomcat connectors
so IBM HTTP Server is capable of forwarding requests to Tomcat. You can follow the documentation on the Tomcat website
for installing the connectors.
- Create an
<IBM_HTTP_Server_ROOT>/conf/ldap.prop_jazzldapconfig file with your LDAP settings. You can use the
<IBM_HTTP_Server_ROOT>/conf/ldap.prop.samplefile as an example
- Create a
<IBM_HTTP_Server_ROOT>/conf/worker.propertiesconfig file for IBM HTTP Server as follows:
worker.list=wrkr worker.wrkr.port=8009 worker.wrkr.host=localhost worker.wrkr.type=ajp13 worker.wrkr.connection_pool_size=25 worker.wrkr.connection_pool_timeout=600 worker.wrkr.socket_timeout=300Note: While port 8009 is the standard connector port, you can customize the
worker.wrkr.portfor your server.
- In your
- Load the LDAP and mod_jk modules:
LoadModule ibm_ldap_module modules/mod_ibm_ldap.so LoadModule jk_module modules/mod_jk.so
- Configure the mod_jk module:
<IfModule worker.c> ThreadLimit 25 ServerLimit 64 StartServers 2 MaxClients 600 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule>
- Listen to the appropriate port:
Listen <Your IP address>:<Port #>For example:
- Configure the mod_jk settings appropriately:
JkWorkersFile "<IBM_HTTP_Server_ROOT>/conf/worker.properties" JkLogFile "<IBM_HTTP_Server_ROOT>/logs/mod_jk.log" JkLogLevel warn JkMount /* wrkr
- Setup IBM HTTP Server to authenticate all of /jazz/secure and cache LDAP credentials for 10 minutes:
<Location /jazz/secure> AuthName Jazz LdapConfigFile <IBM_HTTP_Server_ROOT>/conf/ldap.prop_jazzldap AuthType Basic Require valid-user ldap.cache.timeout 600 </Location>
- Setup a dummy DocumentRoot. IBM HTTP Server requires that you specify a document root that exists, but
it won't be used since all requests are redirected to Tomcat. For example:
- Load the LDAP and mod_jk modules:
- Comment out the port 9080 and 9443 connectors in Tomcat's
<TOMCAT_ROOT>/conf/server.xml. You will only need the connector on port 8009
- Start IBM HTTP Server by running
- Start Tomcat by running the
server.startupscript included in the Jazz installation package. This will extract the jazz.war file.
- Comment out the
<TOMCAT_ROOT>/webapps/jazz/WEB-INF/web.xml. These security settings are being handled by IBM HTTP Server now.
- Restart Tomcat by running