I also use mod_jk 1.2 with virtual hosting and allow the appBase
for Tomcat to be the document root for apache.
I use JkAutoAlias. It will automatically serve static files for
any webapp and return a 403 error if someone tries to access
a webapps /WEB-INF or /META-INF directories.
See the docs here and search for JkAutoAlias:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/aphowto.html
This works great for me.
Regards,
Glenn
mdevin wrote:
Hi all,
I am looking for some advice regarding the usual directory layout for
Virtual Hosts and tomcat.
Currently I have a working setup of apache and tomcat using mod_jk. I
have set things up the way that tomcat seems to prefer (or what others
seem to have done based on the documentation I could find).
Essentially, I have apache and tomcat both using the same document root
so that apache will serve any static html pages and tomcat will do the
jsp and servlet stuff. However, I am concerned that from a security
point of view, this may not be the best option. In particular, this
means that my cgi-bin directory comes below my document root and I have
to explicitely deny access to the WEB-INF directory.
Anyway, I am a little confused as to the best way to go in terms of
security and at the same time most easily separable into Virtual Hosts
so that different people can work on their own projects without
interfering with others.
Any suggestions welcome. In particular, I am interested in how others
have set up virtual hosts for tomcat.
Regards.
Mark.
Currently each of my Virtual Hosts has the following directory layout:
/www/hostname/- all static html files
- also appBase to tomcat host
/cgi-bin/- perl cgi scripts etc.
I have configured Virtual hosts like follows in apache:
... cut ...
VirtualHost *
ServerName www.myhost.com
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /www/myhost
JKMount /servlet/* ajp13
JKMount /*.jsp ajp13
Directory /www/myhost/
AllowOverride None
Options Indexes
Order Deny,Allow
Allow from all
/Directory
ScriptAlias /cgi-bin/ /www/myhost/cgi-bin/
Directory /www/myhost/cgi-bin/
Allow from all
Options ExecCGI
/Directory
Location /WEB-INF/
deny from all
/Location
Location /META-INF/
deny from all
/Location
/VirtualHost
And I have the following in my server.xml file:
... cut ...
Service name=Tomcat-Apache
Connector className=org.apache.ajp.tomcat4.Ajp13Connector
port=8009 minProcessors=5 maxProcessors=75
enableLookups=true acceptCount=10 debug=0/
Engine name=Tomcat-Apache defaultHost=localhost debug=0
Logger className=org.apache.catalina.logger.FileLogger
prefix=catalina_log. suffix=
timestamp=true/
Realm className=org.apache.catalina.realm.MemoryRealm /
......
... snip localhost section ...
......
!-- www.myhost.com VirtualHost --
Host name=www.multistep.info debug=0 unpackWARs=false
Valve className=org.apache.catalina.valves.AccessLogValve
directory=logs prefix=myhost_access_log. suffix=
pattern=common /
Logger className=org.apache.catalina.logger.FileLogger
directory=logs prefix=myhost_log. suffix=
timestamp=true/
Context path= docBase=/www/myhost
crossContext=false debug=0 reloadable=true /
/Host
/Engine
/Service
/Server
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
