Posts

Posted on

Part II: Setting up Apache, Tomcat, and mod_jk on RHEL4

After managing to get Tomcat5.5 working with Apache2 using mod_jk, my next venture was to enable SSL using a self-signed certificate in Tomcat. This proved to be quite a task.

The system I’m setting up is running RedHat Enterprise Linux 4.4. I installed all the official RedHat RPM’s to get Tomcat and Apache talking together with mod_jk (see Part I of this tutorial).

After 4 days of banging my head on my keyboard, I noticed that when I would run:

#java -version

It spit out this:

Java(TM) 2 Runtime Environment, Standard Edition (build pxi32dev-20061002a (SR3) )
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Linux x86-32 j9vmxi3223-20061001 (JIT enabled)
J9VM - 20060915_08260_lHdSMR
JIT - 20060908_1811_r8
GC - 20060906_AA)
JCL - 20061002

This let me know that I am supposed to be using IBM’s version of java, which apparently is the default on my RedHat system, not Sun’s version. I think somewhere along the way I downloaded Sun’s jvm, and I assumed that I was supposed to be using it’s keytool to generate an SLL certificate for Tomcat, but such is not the case. This caused me much confusion, but here’s how I ended up fixing it:

1. Generate Keystore file
(NOTE: all of this assumes you already have Apache configured with SSL. I used OpenSSL, which I don’t go into here, but there are loads of resources online for you, and it’s relatively easy to do).

Assuming you have the default RedHat java rpm already installed, run this:

# /usr/lib/jvm/java-1.5.0-ibm-1.5.0.3/jre/bin/keytool -genkey -alias tomcat -keyalg RSA

NOTE: I used Tomcat’s default password of ‘changeit’ when prompted.

The keystore file gets dropped in the home directory of whatever user you are logged in as. I was root, so I then moved the keystore file to the tomcat home directory:

# mv /root/.keystore /etc/tomcat5/
# chown tomcat.tomcat /etc/tomcat5/.keystore

2. Next you have to edit Tomcat’s server.xml file

# nano /etc/tomcat5/server.xml

Uncomment the SSL connector and set it up like so:


<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" algorithm="IbmX509" sslProtocol="SSL"
keystoreFile="/etc/tomcat5/.keystore"
keystorePass="changeit" />

Note that I added algorithm=”IbmX509″ and I changed sslProtocol=”TLS” to sslProtocol=”SSL”. This is necessary to get things working with IBM’s jvm.

3. Restart everything

# service tomcat5 stop
# service tomcat5 start
# apachectl restart

If you were following along from my last article, then browse to:

https://yoursite.com:8443/hello.jsp

If all went well, you should see the hello.jsp page showing you the system time!

Posted on

Setting up Apache, Tomcat, and mod_jk on RHEL4

I just got through setting up Tomcat5.5, Apache2, and mod_jk on a RedHat Enterprise AS4.4 machine at work. In the past, I have done this by compiling each component separately and fingling with config files until it all worked. But I wanted to stick with RedHat-approved RPM’s from the RedHat network to ease updates and patch management, and to allow the organization to have support options.

I had a lot of trouble finding any documentation on how to do this anywhere, so I thought I’d throw it out here for anyone in a similar situation in search of help.

The following are my notes, sprinkled with a little help I got from a RedHat support tech.

First, I had to enable the following channel within the RedHat Network for this system:

–Red Hat Application Server v. 2 (AS v. 4 for i386)

If you don’t have a RHEL license for updating your system, you will need one.

Once those channels were enabled, I installed the following packages using up2date at the command line:


# up2date tomcat5
# up2date tomcat5-webapps
# up2date tomcat5-admin-webapps
# up2date mod_jk-ap20

With the packages installed, I set out to configure a virtual host to pass requests to Tomcat as needed by using the mod_jk connector. The following steps explain how to do this for a web site called example.com using IP address 123.123.123.123. Substitute your domain and IP accordingly.

Step 1. – Add mod_jk to Apache

In /etc/httpd/conf/httpd.conf add this:


LoadModule jk_module modules/mod_jk.so
<ifmodule mod_jk.c>
JkWorkersFile "/etc/httpd/conf/workers.properties"
JkLogFile "/etc/httpd/logs/mod_jk.log"
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
</ifmodule>

That loads the module into Apache, tells apache where the worker is that will handle jsp/servlets, and tells Apache where to record log entries for mod_jk.

Step 2. – create a new file called /etc/httpd/conf/workers.properties and add this to it:


[channel.socket:example.com:8009]
port=8009
host=example.com
[uri:example.com/*.jsp]
worker=ajp13:example.com:8009

Step 3. Create a virtual host in /etc/httpd/conf/httpd.conf like so:


<virtualhost 123.123.123.123:80>
ServerAdmin webmaster@example.com
ServerName www.example.com
DocumentRoot /var/www/html
JkMount /*.jsp ajp13
JkMount /servlet/* ajp13
# Deny direct access to WEB-INF
</virtualhost>

Step 4. Set up Tomcat5 by adding this to /etc/tomcat5/server.xml just before the very last </Engine> tag at the bottom of the document:


<host name="example" appBase="/var/www/html" unpackWARs="true" autoDeploy="true">
<context path="" docBase="" debug="0" reloadable="true"/>
<alias>www.example.com</alias>
<valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="web1_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
</host>

Still with me? We are almost done.

Step 6. Create a sample jsp file called /var/www/html/test.jsp and add this to it:


Time: < %= new java.util.Date() %>

Step 7. Start up the services

# apachectl start
# service tomcat5 start

Step 8. Try it!

Browse to http://www.example.com/test.jsp

If all went well, you should see the system’s current date and time when you load the web page. Congrats. Hope it works for you!

Posted on

Pardon Our Dust

I was updating WordPress tonight to the latest patch and ran into some troubles with my custom layout, so I threw up this prefab one until I have time to fix the problems. Something in the menu was causing an error. I’ll get it sorted out sooner or later.

In the mean time, I’ve been anxiously awaiting the arrival of my iPod, which seemed to have gotten a little too close to a high-powered magnet, which the hard drive seemed to disagree with. Luckily I had the 3 year protection plan on it, so I am waiting for it to come back from Apple. I am secretly hoping they decide it will be easier to send me a new one, in which case I may end up with a newer model. We will see what happens.

It’s been a couple of weeks without the iPod, and I am missing it sorely. Woe is me.

Posted on

Coincidences

I had one of those strange series of coincidences today. This woman from AFLAC was at work today and was taking my information for some insurance crap I was enrolling for (the one where they pay you like $5000 for each finger you lose…hmmm). She was asking me my birthday, and I told her when it was. She said that was her father’s birthday too. A moment later, she asked my address, and she said, “Wow, my mom and dad live on your street”. So the next thing that made it all really weird was when I looked at my watch to see what the date was, and I noticed it as 2:22 on 2/22. Far out, d00d.

Aside from those types of things happening, I went and saw Mastodon at the Orange Peel the other night. I was mostly excited to go out and see a show in the first place, but these guys rocked the jams, which made it even better. I’m not usually into metal, but it was great nonetheless. The only downside was that the sound was not mixed very well at all, and often, it was really hard to distinguish what was going on.

That brings me to my next coincidence, which happened when I first got to the show and was mingling through the crowd trying to find a good spot to stand before the band started. This guy walked up to me and stopped, pointing at me. My first thought was it was someone I knew from Louisville back in the day, but I didn’t think that was very likely, so I dismissed it. I was like, “Dude, who are you?”

It turned out my first impression was correct. It was Andy Tinsley from Louisville, a guy that was part of the Bardstown Road crowd back in the day. I asked him what the heck he was doing there, and it turns out he was the sound engineer for Mastodon. Go figure.

I promise I won’t wait for more strange coincidences to happen before I do some more writing here. I’ve been slack, I know.

Posted on

Oh baby!!!

Circuit City finally got a new shipment of the Ion USB turntables, so I ran and snatched one up before someone else did. The first thing I did was convert the Bastro single of “Nothing Special” that Mr. Jeter hooked me up with to a nice rich MP3 encoding. Hopefully this won’t piss off David Grubbs too much (hey, we did go to the same church as kids), but here it is for your listening pleasure:

Bastro – Nothing Special

I was so stoked to hear this song again after about 15 years. Good, isn’t it?

I’m trying to find a permanent place to set this thing up to enable quick conversions of all my old vinyl, and when I do, I will be posting a lot of good stuff that needs to be heard, so stay tuned!

Posted on

Several Things Of Note

Please don’t send me Microsoft Word Documents. ‘Nuff said.

The Origami Boulder Company sells finely crafted works of art.

The 419 Eater details a hilarious scamming of the scammer in this effort to fight back against infamous Nigerian Scams (419’s).

Me and Jeremy getting mad props for Channel 18 on Mefi Music

Another Chatham family right-time-right-place newspaper appearance.

On those Interwebs, you have to know how to ask questions the smart way.

Sometimes, it’s useful to know how to snatch an expiring domain.

Another useful thing is A List of Every Website Statistic Publicly Available.

Sit back and laugh as you make your best friend talk to his/her ex boyfriend/girlfriend on the phone.

Joey’s history of bands in Louisville is good. That’s pretty much how I remember it too.

Posted on

The Old Switcheroo

On January 2 I’ll be going back to work at the Air Force Combat Climatology Center, but this time with a new contractor, P3I. My previous time there ended when the contract ran out and there was no money left to rehire me, but the new contract started with the new company, and it is good for a few years. They made me an offer I couldn’t refuse, and Alicia and I decided we were in need of a little stability in the work scenario right now. My position will be Web Applications Developer and Designer. That’s a mouthful.

I’m really looking forward to being back there in a lot of ways. I had a lot of good friends there, and have missed the comradarie as well as being able to work on some high-end applications and systems. I’ll be able to hit the ground running since I spent a year and a half there already.

However, I’ll definitely miss the flexibility I’ve had and the fun time I’ve enjoyed with Position Builders, especially the hacky sack breaks. It was really tough to make this decision, and I feel bad about leaving what was an excellent job with great people.

So that’s the news.

Following up on the previous post about the Ion ITTUSB turntable, I can’t find one in stock anywhere. I went ahead and placed an order with Amazon, but they said they wouldn’t have it in stock until January 27 – February 15. If anyone knows of anywhere that has one of these things in stock, PLEASE let me know! I can’t wait that long!

Posted on

New Music!

Back in August I was in Louisville and got to record some tunes in an airplane hangar with Jeremy. It was too much fun. Check out the free tunes to hear them. Jeremy provides the guitar and bass, while I do the drums and other banging of things. Listen closely on one of the tracks for the jet plane taking off, which cleverly disguises an error in the song we made.

On another note, Jeter completely rocked my world this week by sending me the previously mentioned 7″ recording of Bastro doing My Dad Is Dead’s Nothing Special, a song which is very important to me because of its awesome drumming. Not to mention the fact that it’s just an awesome song, and I have been dying to hear it since 1992. I couldn’t believe it when it showed up in my mail, and my wife and kids looked at me funny when I shouted with glee and jumped onto the coffee table. Thank you, Mr. Jeter. I owe you one. Or 100.

Now, I must go buy a turntable. This 7″ has pushed me into deciding to delve in and get the Ion iTTUSB, which will allow me to start converting my 400+ vinyl albums to digital format. This will take a while to do, but there is so much vinyl I have that never came out on CD that it will be worth it.

Lastly, I’ve decided to start a new band. I’m going to put an ad out soon seeking one guitarist and one bass player to form the power trio from hell. If it doesn’t leave my ears ringing and my knuckles bloody, then I will have to try again. So, who wants to play?

Posted on

Fingernails and Toenails

For all you sick weirdos out there, here is the video of my toenail and fingernail licking ceremony. This was submitted by popular demand. One person asked me to do this.

clicky