# yum install httpd**
2) Download the latest tomcat and tomcat connectors
# wget http://mirror.khlug.org/apache/tomcat/tomcat-6/v6.0.20/bin/apache-tomcat-6.0.20.tar.gz # wget http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.28/tomcat-connectors-1.2.28-src.tar.gz
3) Compile tomcat connectors
# tar -xvfz http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.28/tomcat-connectors-1.2.28-src.tar.gz # cd tomcat-connectors-1.2.28-src/native # ./configure --with-apxs=/usr/sbin/apxs # make # su -c 'make install'
4) Configurations
4-1) Add jk module to httpd.conf.
# vi /etc/httpd/conf/httpd.conf LoadModule jk_module modules/mod_jk.so //JkMount /*.jsp ajp13 <ifmodule jk_module=""> JkWorkersFile conf/workers.properties JkLogFile logs/mod_jk.log JkLogLevel error </ifmodule>
4-2) Set an tomcat/jdk home path.
# vi /etc/httpd/conf/workers.properties workers.tomcat_home=/usr/local/src/tomcat6 workers.java_home=/usr/java/jdk_1.6.0.17
4-3) Edit {$TOMCAT_HOME}/server.xml
...
<Host name="centos.com" appbase="/home/test" unpackWARS="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Context Path="" docBase="" debug="1" allowLinking="true" reloadable="true"></Context>
...
5) Changes SELinux policy
If you see something along the lines of:
Sep 15 10:56:57 fc5test kernel: audit(1158314217.408:259): avc:
denied { name_connect } for pid=2245 comm="httpd"
dest=8009 scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:port_t:s0 tclass=tcp_socketthen there is some work to do. Note, the “avc: denied” message references httpd (the Apache daemon) and port 8009 as the destination for a tcp socket connection (this is the Tomcat port from earlier). To allow Apache to perform network connects, you can do the following:
setsebool -P httpd_can_network_connect=1
This will allow Apache to perform network connections and will store this change in the booleans.local file in /etc/selinux/targeted/modules/active so it wil be reloaded at next boot.
No comments:
Post a Comment