Installing Apache Http Server
The Apache Http Server is a very commonly used web-server.
In an Openbravo Installation for production use we recommend to have it running logically before the Tomcat server to take care of the following tasks:
- Compression of Http responses
- https/ssl for security
- Taking care of serving static resources without tomcat
Main steps for doing that independent of the OS are:
- Basic installation of Apache to get it up and running
- Install & activate mod_jk
- define a mod_jk worker of type ajp in worker.properties file pointing to the 8009 connector defined in the tomcat config
- JkMount option to map /openbravo URL to use that worker
- Activate mod_deflate to add http compression and configure for the mime-types used by Openbravo
- Optional but recommended: Activate & configure mod_ssl to add https support
Installing Apache on Windows
The Apache Httpd project itself does not produce a binary installation for windows. However several external sites do.
For the rest of this guide we selected the Apache Lounge site for the following reasons:
- Provides Apache binaries which can be installed as a windows service
- Provides mod_jk binaries directly working with their Apache binaries
- Does not add lots of others software like (php, mysql) also in the same installer which are not required or useful for a Openbravo installation.
Note: Choice of that binary provider is just an example and the user of this guide is in charge of maintaining & updating the installation. However this binaries seem to just work fine for Openbravo use while preparing this guide.
The concrete versions used for this guide were Apache 2.4.12 Win64 VC14 binaries and mod_jk-1.2.40-win64-VC14.
It is strongly recommended when using this guide to use the latest version available at that time as those written here will then most likely be outdated (and probably insecure as new security updates are made available regularly).
Basic Apache installation
This part describes the basic Apache Http server installation on windows to get it installed and running as a windows service.
- Download the Apache binary zip file and decompress it is a temporary folder
- Copy the Apache24 folder to C:\Apache24.
- If you want to choose another location you need to find and edit this in every config files which has this path
- If required download & install the VC runtime as written in the ReadMe.txt from step 1.) above.
- Install the Apache Http server as a install server
cd C:\Apachet24\bin\ httpd -k install
- After that previous step there is a new entry Apache2.4 in the windows services manager. Additionally there is a small application in the bin folder called ApacheMonitor which is similar the tomcat one and which allows to start, stop & restart the service also.
Note: If the Apache service fails to start additionally to the usual logs/error.log file also check the Windows Event Log for the category Application. As some type of problem like errors in the configuration files will only be shown there.
- Test the installation done so far: Openbravo http://localhost in a browser of your choice and if everything works it should show a very simple start page saying It Works!
- If the installation should be accessible from the outside you maybe need to configure the Windows firewall to open up the required networks ports (80 for http, 443 for https/ssl)
Installing & Configuring mod_jk
- Download the mod-jk zipfile and decompress it is a temporary folder
- Out of that zipfile copy the following 3 files:
- Copy mod_jk.so to C:\Apache24\modules\
- Copy conf\workers.properties.minimal to C:\Apache24\conf\workers.properties
- copy conf\httpd-jk.conf to C:\Apache24\conf\
- Edit the conf\workers.properties file you just copied and edit the worker.list line to only keep the basic worker node1 active and remove the lb and jk-status worker.
- Create a new textfile named conf/openbravo.conf with the following content
jkMount /openbravo* node1 jkMount /manager* node1 jkMount /OpenbravoDiagnostics* node1 jkMountCopy all
- Now edit the main conf/httpd.conf file to include the new config files. To do that add the following at the end of this file
Include conf/httpd-jk.conf Include conf/openbravo.conf
- Restart the Apache Http server
- Test that the Openbravo context can now be access via apache. To do that open the following url: http://localhost/openbravo. It should load the Openbravo login page.
This configuration is technically optional but highly recommended.
Goal of it is to transparently compress outgoing data from the server to the client on the fly so that it has reduced size thus less bandwidth is used and the users get a better response time indirectly.
- Edit conf/httpd.conf and activate the following to lines be removing the '#' comment symbol at the start of them to load the compression module
#LoadModule filter_module modules/mod_filter.so #LoadModule deflate_module modules/mod_deflate.so
- Edit the conf/openbravo.conf file created earlier and prepend all the following to it
- Restart the Apache Http Server
- To test using either chrome developer tool or the Firefox Developer network tool verify the Transferred and Size column. Example for js-files there will be a noticeable reduction in transferred size compared to content size.
This section explain how to setup https/ssl handled via Apache.
All the necessary extra code + binaries are already included and the feature just need to be activated.
To activate the module for ssl edit the main conf/httpd.conf file and uncommented the following 3 lines:
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so #LoadModule ssl_module modules/mod_ssl.so #Include conf/extra/httpd-ssl.conf
Then edit the conf/extra/httpd-ssl.conf file to add your certificate related files. For example if you placed those into C:\Apache24\ssl then you will need to edit the following 3 lines to point them to your filenames:
SSLCertificateFile C:\Apache24\ssl\<key-name>.pem SSLCertificateKeyFile C:\Apache24\ssl\<key-name>.key SSLCertificateChainFile C:\Apache24\ssl\<key-name>-ca.crt
For more information about those files please check the following page.
Possible conflicts with security systems
As said in Apache's Documentation, the AcceptFilter default configuration from apache can have conflicts with some security systems (spam, virus or spyware filters) in Windows. If this happens, these security systems can shutdown Apache, in these cases this additional configuration is needed:
AcceptFilter https none AcceptFilter http none EnableMMAP off
Installing Apache on RedHat
Install the Apache server package:
yum install httpd yum install httpd-devel
Installing mod_jk on RedHat
- Download the sources from mod_jk download page
- Uncompress it:
tar xzvf tomcat-connectors-*-src.tar.gz
./configure --with-apxs=%(sbindir)s/apxs --with-apr-config=%(bindir)s/apr-config
- For install, copy the 'apache-2.0/mod_jk.so' file into httpd/modules
Edit the jk-workers.properties base on this configuration:
# workers.properties - # # This file provides jk derived plugins with the needed information to # connect to the different tomcat workers. Note that the distributed # version of this file requires modification before it is usable by a # plugin. # # The list of Tomcat workers # worker.list=ajp13 #------ DEFAULT ajp13 WORKER DEFINITION ------------------------------ #--------------------------------------------------------------------- # # Defining a worker named ajp13 and of type ajp13 # Note that the name and the type do not have to match. # worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 # # Specifies the load balance factor when used with # a load balancing worker. # Note: # ----> lbfactor must be > 0 # ----> Low lbfactor means less work done by the worker. worker.ajp13.lbfactor=1 # # Specify the size of the open connection cache. #worker.ajp13.cachesize=10
Edit the mod_jk.conf file base on this configuration:
LoadModule jk_module modules/mod_jk.so JkWorkersFile /etc/httpd/conf/jk-workers.properties JkShmFile /etc/httpd/logs/jk-runtime-status JkLogFile /var/log/httpd/mod_jk.log JkLogLevel info JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat "%w %V %T" jkAutoAlias /var/lib/tomcat/webapps/ jkMount /openbravo* ajp13 jkMount /manager* ajp13 jkMount /OpenbravoDiagnostics* ajp13
Now that apache connects to tomcat by the apj_13 port (8009) you can disable for security reasons the 8080 connector in server.xml file of tomcat configuration.
Also for security reasons configure the Tomcat Manager so only Openbravo can access to it, create a file in httpd/conf.d/ with these contents:
<Location /manager/> Order deny,allow Deny from all Allow from 127.0.0.1 </Location>
Once it's installed and configured, update the Openbravo.properties files removing the tomcat (8080) port from the URLs, since apache uses the default (80) and it's not needed to be specified: context.url=http://localhost/openbravo tomcat.manager.url=http://localhost/manager
And to apply these changes, move to the OpenbravoERP-#version# directory in a command line terminal and run:
Edit httpd.conf and add the following lines:
LoadModule deflate_module modules/mod_deflate.so
The LoadModule path may vary depending on the distribution.
- Download the sources from tomcat native download page
- Uncompress it:
tar xzvf tomcat-native-*-src.tar.gz
configure --with-apr=%(bindir)s/apr-1-config --with-ssl=/usr'
- Delete no necessary files:
- Install .libs/* into /usr/lib or /usr/local/lib
- Create these symlinks:
ln -s %(libdir)s/libtcnative-1.so.0.1.%(upver)s %(libdir)s/libtcnative-1.so
ln -s %(libdir)s/libtcnative-1.so.0.1.%(upver)s %(libdir)s/libtcnative-1.so.0
- Append "-Djava.library.path=%(libdir)s" to the CATALINA_OPTS.
- Restart Tomcat. At this moment it should not show this warning any more:
- INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/
Restart & Test
Restart Tomcat and Apache and test it in http://hostname/openbravo
sudo /etc/init.d/httpd restart sudo /etc/init.d/tomcat restart
Installing Apache on Ubuntu
Install the apache2 server package:
sudo apt-get install apache2 libapache2-mod-jk
Redirect / to /openbravo
There are many ways to do this redirect, a simple way to do it is creating an index.html with this content:
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=openbravo">