Installing Apache Http Server
The Apache Http Server is a very commonly used web-server.
In an Openbravo Installation for production use we recommend to have it running logically before the Tomcat server to take care of the following tasks:
- Compression of Http responses
- https/ssl for security
- Taking care of serving static resources without tomcat
Main steps for doing that independent of the OS are:
- Basic installation of Apache to get it up and running
- Install & activate mod_jk
- define a mod_jk worker of type ajp in worker.properties file pointing to the 8009 connector defined in the tomcat config
- JkMount option to map /openbravo URL to use that worker
- Activate mod_deflate to add http compression and configure for the mime-types used by Openbravo
- Optional but recommended: Activate & configure mod_ssl to add https support
The details of above steps can vary a lot depending on where apache webserver is installed from. Some distributions pre-configure many details already with good defaults, others offer very little or leave things up to the administrator.
Typically installs also add a redirect for the main site's landing page to /openbravo to avoid every user to need to type this on their own.
There are many ways to do this redirect, a simple way to do it is creating an index.html in the apache webroot with this content:
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=openbravo">
Example Install on Ubuntu 18.04
Install Apache Webserver, mod_jk connector and tomcat native libraries
sudo su - apt-get install apache2 libapache2-mod-jk libtcnative-1
Ubuntu 18.04 has mod_deflate already configured for most mime-types and also already has an mod_jk worker named 'ajp13_worker' pre-configured to point to the AJP 8009 port used by tomcat. That simplifies the configuration a lot as only the following is needed to be added:
Create /etc/apache2/conf-available/openbravo.conf file
<IfModule mod_deflate.c> AddOutputFilterByType DEFLATE application/json </IfModule> jkMount /openbravo* ajp13_worker JkMountCopy all
Activate the new config file
sudo su - a2enconf openbravo
Optionally but recommeded is to add https/SSL support.
The steps needed to configure this are the same as documented for the Openbravo Appliance and can be taken from there.
Example install Apache on Windows
The Apache Httpd project itself does not produce a binary installation for windows. However several external sites do.
For the rest of this guide we selected the Apache Lounge site for the following reasons:
- Provides Apache binaries which can be installed as a windows service
- Provides mod_jk binaries directly working with their Apache binaries
- Does not add lots of others software like (php, mysql) also in the same installer which are not required or useful for a Openbravo installation.
Note: Choice of that binary provider is just an example and the user of this guide is in charge of maintaining & updating the installation. However this binaries seem to just work fine for Openbravo use while preparing this guide.
The concrete versions used for this guide were Apache 2.4.12 Win64 VC14 binaries and mod_jk-1.2.40-win64-VC14.
It is strongly recommended when using this guide to use the latest version available at that time as those written here will then most likely be outdated (and probably insecure as new security updates are made available regularly).
Basic Apache installation
This part describes the basic Apache Http server installation on windows to get it installed and running as a windows service.
- Download the Apache binary zip file and decompress it is a temporary folder
- Copy the Apache24 folder to C:\Apache24.
- If you want to choose another location you need to find and edit this in every config files which has this path
- If required download & install the VC runtime as written in the ReadMe.txt from step 1.) above.
- Install the Apache Http server as a install server
cd C:\Apachet24\bin\ httpd -k install
- After that previous step there is a new entry Apache2.4 in the windows services manager. Additionally there is a small application in the bin folder called ApacheMonitor which is similar the tomcat one and which allows to start, stop & restart the service also.
Note: If the Apache service fails to start additionally to the usual logs/error.log file also check the Windows Event Log for the category Application. As some type of problem like errors in the configuration files will only be shown there.
- Test the installation done so far: Openbravo http://localhost in a browser of your choice and if everything works it should show a very simple start page saying It Works!
- If the installation should be accessible from the outside you maybe need to configure the Windows firewall to open up the required networks ports (80 for http, 443 for https/ssl)
Installing & Configuring mod_jk
- Download the mod-jk zipfile and decompress it is a temporary folder
- Out of that zipfile copy the following 3 files:
- Copy mod_jk.so to C:\Apache24\modules\
- Copy conf\workers.properties.minimal to C:\Apache24\conf\workers.properties
- copy conf\httpd-jk.conf to C:\Apache24\conf\
- Edit the conf\workers.properties file you just copied and edit the worker.list line to only keep the basic worker node1 active and remove the lb and jk-status worker.
- Create a new textfile named conf/openbravo.conf with the following content
jkMount /openbravo* node1 jkMount /manager* node1 jkMount /OpenbravoDiagnostics* node1 jkMountCopy all
- Now edit the main conf/httpd.conf file to include the new config files. To do that add the following at the end of this file
Include conf/httpd-jk.conf Include conf/openbravo.conf
- Restart the Apache Http server
- Test that the Openbravo context can now be access via apache. To do that open the following url: http://localhost/openbravo. It should load the Openbravo login page.
This configuration is technically optional but highly recommended.
Goal of it is to transparently compress outgoing data from the server to the client on the fly so that it has reduced size thus less bandwidth is used and the users get a better response time indirectly.
- Edit conf/httpd.conf and activate the following to lines be removing the '#' comment symbol at the start of them to load the compression module
#LoadModule filter_module modules/mod_filter.so #LoadModule deflate_module modules/mod_deflate.so
- Edit the conf/openbravo.conf file created earlier and prepend all the following to it
- Restart the Apache Http Server
- To test using either chrome developer tool or the Firefox Developer network tool verify the Transferred and Size column. Example for js-files there will be a noticeable reduction in transferred size compared to content size.
This section explain how to setup https/ssl handled via Apache.
All the necessary extra code + binaries are already included and the feature just need to be activated.
To activate the module for ssl edit the main conf/httpd.conf file and uncommented the following 3 lines:
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so #LoadModule ssl_module modules/mod_ssl.so #Include conf/extra/httpd-ssl.conf
Then edit the conf/extra/httpd-ssl.conf file to add your certificate related files. For example if you placed those into C:\Apache24\ssl then you will need to edit the following 3 lines to point them to your filenames:
SSLCertificateFile C:\Apache24\ssl\<key-name>.pem SSLCertificateKeyFile C:\Apache24\ssl\<key-name>.key SSLCertificateChainFile C:\Apache24\ssl\<key-name>-ca.crt
For more information about those files please check the following page.
Possible conflicts with security systems
As said in Apache's Documentation, the AcceptFilter default configuration from apache can have conflicts with some security systems (spam, virus or spyware filters) in Windows. If this happens, these security systems can shutdown Apache, in these cases this additional configuration is needed:
AcceptFilter https none AcceptFilter http none EnableMMAP off