Step-by-Step:Installation and Configuration of a secure web application using MySQL,OpenSA Web Server, Tomcat and OpenSSL,on a N

Installation and Configuration of a secure web application using MySQL, OpenSA Web Server, Tomcat and OpenSSL
on a NT4.0 or w2k box
?Nikolas A. Rathert - Version 0.2d - July, August 2002
Today more and more applications are only accessible via internet. The main advantage for the customer is, that there is no need for complicatied and complex installation procedures. All the customer has to have is an internet connection and a modern browser. All the work is done on serverside where all logical components reside. This offers the most reliable security settings and configuration possibilities that are completely independent from client-sides' configurations.
As it is often not clear how to set up such a web deployment environment, I wrote this tutorial for my own. But I think, that it could be quite useful for others. Comments are highly appreciated and I will take some time to answer every eMail I get. If there are any hints, please feel free to contact

Please note that I used specific software versions for this Step-by-Step-Tutorial. If you want to use other software than this, feel free to comment if there are topics that are not covered by this tutorial and send those to me.
  • MySQL 3.23.51
  • Tomcat 4.0.3
  • OpenSA Web Server 1.0.1 (based on Apache 1.3.23)
  • OpenSSL 0.9.6b

In this section you will learn
  • some bla bla about MySQL

MySQL is one of the famous open source database projects. It is a stable and reliable database that cost nothing due to the fact that it is licenced via GPL. MySQL is this stable because the company that develops MySQL is still improving the software and additionally some freaks that are interested in porting the source to other platforms or adding some additional functionality that is not yet covered by the existing version.

Obtaining MySQL

In this section you will learn
  • how to obtain MySQL via CD-ROM 
  • how to obtain MySQL via Internet

You could get the newest binaries of MySQL from this site: But there is also a version of MySQL with this CD-ROM.
So download the file to your hard drive or copy the provided file somewhere on your harddisk, unpack it an proceed to the next chapter.

Installation of MySQL
In this section you will learn
  • that you have to unzip the file you just downloaded or copied
  • where to install MySQL

After unpacking the .zip-archive you now should doubleclick the setup.exe and follow the on screen messages. The installation process should not be complicated. The time it takes depend on the hardware you use. In most cases it is recommended to install MySQL in the root directory of your server. Do not use names with german "Umlaute" (e.g. ?,?,ü,?) oder spaces.

Configuration of MySQL
In this section you will learn
  • how to get a my.cnf file to start
  • how to modify my.cnf
  • where my.cnf has to be placed in your system
  • how to register mysql as a system service

This is the most interesting chapter ;-). But it is not that complicated as it seems to be. To get MySQL running on your server you have to modify one small configuration file and have a look at the settings in another small file.
The configuration files could be found in the root directory of your MySQL installation folder.
They may look like this:
  • my-huge.cnf
  • my-large.cnf
  • my-medium.cnf
  • my-small.cnf
It is possible, that Windoze corrupts those files in a way that you are not able to edit them. Therefore, I will provide an example configuration filefor medium systems here. I tested it along with my server and I know that it works! So I encourage you for the first start to use this file. Just copy and paste it and remember to set the appropriate paths.

# Example mysql config file for medium systems.
# This is for a system with little memory (32M - 64M) where MySQL plays
# a important part and systems up to 128M where MySQL is used together with
# other programs (like a web server)
# You can copy this file to
# my.cnf to set global options,
# mysql-data-dir/my.cnf to set server-specific options (in this
# installation this directory is /usr/local/mysql/var) or
# ~/.my.cnf to set user-specific options.
# One can in this file use all long options that the program supports.
# If you want to know which options a program support, run the program
# with --help option.

# The following options will be passed to all MySQL clients
password    = root
port        = 3306
socket        = /tmp/mysql.sock

# The MySQL server
port        = 3306
socket        = /tmp/mysql.sock
set-variable    = key_buffer=16M
set-variable    = max_allowed_packet=1M
set-variable    = table_cache=64
set-variable    = sort_buffer=512K
set-variable    = net_buffer_length=8K
set-variable    = myisam_sort_buffer_size=8M
server-id    = 1

#point those path to the base (root) directory and
#the directory where your data is stored

set-variable    = max_allowed_packet=16M

# Remove the next comment character if you are not familiar with SQL

set-variable    = key_buffer=20M
set-variable    = sort_buffer=20M
set-variable    = read_buffer=2M
set-variable    = write_buffer=2M

set-variable    = key_buffer=20M
set-variable    = sort_buffer=20M
set-variable    = read_buffer=2M
set-variable    = write_buffer=2M


# End of configuration-file

Now you should save your file named my.conf in the root directory of your system (often C:/my.conf). This is important if you installed MySQL not on your system hard drive. In case that MySQL has been installed on your system hard drive, the configuration information will be read from my.ini which is located in the Windoze system root directory.
The configuration files will be read in this order:
  • C:/WINNT/my.ini
  • C:/my.conf
After this you should tell Windoze to install the mysqld (MySQL demon) as a system service. To do so just browse to
  • {path/to/your/mysql/installation-directory}/bin
then type
  • mysqld --install
Thats it!
You are ready to run MySQL now.

Running MySQL

In this section you will learn
  • how to get MySQL started 
  • how to get MySQL stopped

Running the MySQL Server is quite easy. As you have properly installed the software and spend some effort to configure it rightyou now should switch to the services control panel.
If your operating system either is NT4.0 or w2k,
  • you have to open the control panel,
  • browse to services and doubleclick on it, 
  • then look for the MySQL service and start it by clicking on "Start"..
  • Optional you could configure the service that it will start automatically with the system start
  • and place a shortcut on your desktop for easier access (and less clicking).
  • In order to stop the service you have to use the button "Stop",
Note that the procedure of starting and stopping the MySQL server is for both OS the same. Only the GUIs are slightly different. NT4.0 uses an "traditional" GUI whereas w2k has the services panes integrated into the MMC (Microsoft Management Console). Once the server is running you could go to the next section about managing the MySQL server.

Managing MySQL
In this section you will learn
  • how to manage MySQL via console
  • how to manage MySQL via winmysqladmin

The management of your installed and running MySQL server is easy and could be done via console or via a GUI called "winmysqladmin".
If you want to use the console you have to
  • open a DOS-box,
  • browse to {path/to/your/mysql/installation-directory},
  • switch to the /bin folder
  • and type: mysqladmin --user=root --password=[whatever_your_password_is] command
  • all possible commands are displayed by typing mysqladmin
Remember that the initial password is set in C:/my.cnf.
If you want to use an administration GUI because you think that it is easier to handle,
  • browse to {path/to/your/mysql/installation-directory}by the help of the explorer,
  • switch to the /bin folder,
  • and doubleclick on winmysqladmin.exe. Then a window pops up and minimizes to the systray. 
  • Right click (or left click) on the traffic lights icon and choose "Show me". The window will permanently be visible now.
  • Otherwise you could invoke this window by typing winmysqladmin in a DOS-box (if the prompt is in {installation_directory_of_MySQL}/bin).
For simple things (and command-line lovers), these two administration tools are good enough. If you want to do complexer things (e.g. insert data) and you want to use a GUI have a look at those:
None of them are high-end They are not yet fully functional but some features work very well and therefore I use them both in parallel. After having successfully installed the MySQL database server the next step is the installation and configuration of the tomcat application server.

In this section you will learn
  • some bla bla about tomcat servlet container
Tomcat is a subproject of the Apache Software Foundation. As an application server (or servlet container) it supports Java-based technologies:
If you want to use Tomcat as application server you have to proof if theright Java version is installed on your machine. It is always recommended to install the latest version. You could get it from here: Make sure that you do not only install the JRE (Java Runtime Environment) but the whole J2SDK (Java2 Software Development Kit) as you will need the tools like javac and javaw (in /bin) to operate correctly.

Obtaining Tomcat
In this section you will learn
  • how to obtain Tomcat via CD-ROM 
  • how to obtain Tomcat via Internet

You could get the newest binaries of Tomcat from this site: But there is also a version 4.0.4 of Tomcat with this CD-ROM.So download the file to your hard drive or copy the included file somewhere to your hard drive, unpack it an proceed to the next chapter.

Installation of Tomcat
In this section you will learn
  • how to install Tomcat on your hard drive by unzipping or moving the folder

The installation process of Tomcat is as easy as it could be because there is none. :-)
All you have to do is to unzip the downloaded file and move the folder to a place where you want to have Tomcat on your computer. I created a folder where I placed all of the server related stuff and moved the Tomcat folder to that new directory.

Configuration of Tomcat
In this section you will learn
  • how to configure Tomcats manager application by editing tomcat-users.xml
  • how to set CATALINA_HOME as new environment variable

After unpacking and accordingly moving of the Tomcat folder to the right place on your computer you should now configure the manager application. With the manager application you have the possibility to maintain the webapps within your webapp directory.
To edit tomcat-users.xml, you have to complete the following steps:
  • browse to your {path/to/you/tomcat/installation-directory}/conf,
  • open tomcat-users.xml in any editor,
  • add the following line after the other users:
     <user name="myname" password="mypassword" roles="manager" />
  • save the document.
You now have to set a new environment variable the startup und shutdown skripts need in order to fulfill their tasks. Setting of this variable is for both systems (Nt4.0 and w2k) the same - of course with different GUIs.
This is how you get along with this task on a w2k machine:
  • open control panel
  • doubleclick on System
  • click on the tab Advanced
  • click on Environment Settings
  • and add the following for name: CATALINA_HOME 
  • add the following for value: {path/to/your/tomcat/installation-directory}
Now you are ready to start Tomcat. Note: Tomcat works without prior configuration of tomcat-users.xml. So may be you are interested in first running Tomcat and then configuring it. But you need to set the variable. Otherwise Tomcat will not work.

Running Tomcat
In this section you will learn
  • how to start Tomcat
  • how to stop Tomcat

Starting and stopping Tomcat is as easy as the installation procedure.
All you have to do is:
  • browse to {path/to/your/tomcat/installation-directory}/bin,
  • look for startup.bat and doubleclick it: a DOS-box will show up and say something like this:
                       Starting service Tomcat-Standalone
            Apache Tomcat/4.0.3
            Starting service Tomcat-Apache
            Apache Tomcat/4.0.3

If the DOS-box disappears after a few milli-seconds there might be a problem with your CATALINA_HOME environmental variable: either you did not set it at all or there is a misconfiguration. Go back to the previous section and have a close look at how to configure it correctly. If the DOS-box will not disappear but show those lines your server is running.
What you have to do to proof if Tomcat is running is the following:
  • open your favourite web browser
  • point it to http://your-domain:8080/
This should show up the Tomcat testing page. Now you know at least that your server is running.
But you do not know that it is configured properly. To assure that everything is correct,
  • point your browser to http://your-domain:8080/examples/jsp/index.html
  • choose one of the examples
If you have everything set up in the right way you should be able to execute any of those examples.
If you get an error
  • confirm that you have set the JAVA_HOME variable
  • confirm that you have the J2SDK and not only the JRE installed
If you don't get an error: Congratulations! You made it an installed and configured Tomcat in the right way.

Maintaining Tomcat
In this section you will learn
  • how you prevent your directories from being watched from the internet (deny directory listing)
  • how to maintain Tomcat by using the manager application (overview)

Normally you want to prevent anybody from viewing the files in your directories that you put on the server. To do so you just need to edit your server.xml within the conf directory of your Tomcat installation in a way that the directory listing is no longer available.
  • browse to {path/to/you/tomcat/installation-directory}/conf
  • open server.xml with your favourite text editor
  • move to
  • and change
    <param-value>true</param-value> to
That's all: you set the parameter for every web-application that is underneath your webapps directory.

To use the manager application you first have to edit tomcat-user.xml (if you have not already done so). For adding a user please read Configuring Tomcat once more and follow the steps.
If you have already added a user with "manager" role
  • open your favourite webbrowser
  • point it to http://your-domain:8080/manager/list
As result you should get a pop-up which asks for authentication. If the pop-up will not show up, you either have not added a user with the role "manager" or you made a mistake (e.g. a misspelling).
If it pops up enter the correct values (those included in tomcat-users.xml) and the browser window will display something like that:     
OK - Listed applications for virtual host localhost
The manager application offers the possibility to maintain the server content that is served to the internet community. I just wanted to give an overview over the manager application in this section.To learn more about all the feature that come with that application point your favourite browser to

Publishing Posssibilities of Tomcat
In this section you will learn
  • how the folder structure of a web application (webapp) looks like
  • how to publish your project by adding a context entry in server.xml
  • how to publish a project using the manager application
  • how to publish a project putting a .war file into the /webapp directory
  • how to publish a project copying the folder with your web application into the /webapp directory

Before we get deep into the different publishing possibilities we first should have a look at the folder structure of a web application. This is important because Tomcat as a servlet container expects web applications to be organised according the J2EE standard. This standard requires web applications to follow a certain folder structure. Mainly there are two possibilities how the web application could be placed underneath the webapp folder:
  • the web application could be presented in an "unpacked" form
  • the web application could be presented in a "packed" file format: .war (for Web ARchive)
As a developer you will prefer the "unpacked" format because you need access to all of the folders and files during the development process. Afterwards if  you want to deploy your web application you could pack it to a .war file (if your production environment offers the possibility for that).
The "document root" for web applications is located here:
  • {path/to/your/tomcat/installation-directory}/webapp/
Underneath this "document root" folder the structure looks like the following:
  • /myProject - name of the project and folder on top level
  • /myProject/WEB-INF/web.xml - this file contains information about servlets and other components of your web application. It is often called Web Application Deployment Descriptor. The structure of this file is described in a special DTD  that could be found here:
  • /myProject/WEB-INF/classes - this folder contains all Java classes and associated resources, mainly servlets and non-servlet classes, that are not combined in a .jar-file. Java classes that are not packed must reflect the folder hierarchy they are put in like e.g. org.later.myPackage.myServlet have to be put in the /classes directory like this: /classes/org/later/myPackage/
  • /myProject/WEB-INF/lib - this directory contains .jar-files that consist of Java classes and associated resources of third-party companies. Often the JDBC  drivers (for databases) are to be found here. 
  • {path/to/your/tomcat/installation-directory}/conf/server.xml is the file that contains the <context path> entries. These are necessary for the webserver in order to publish the web application.
Both /myProject/WEB-INF/classes and /myProject/WEB/INF/lib will be searched by Tomcat after required classes. You don't have to install a sever-wide (global) library. Every web application has her own library. And furthermore you do not have to put the path to the files into a new system variable or $PATH.

|--1--|Adding a <context path> entry in server.xml is the first publishing possibility I want to show here. This is an easy way because you know already the relevant file that has to be edited: server.xml.
To add an entry you have to
  • browse to {path/to/your/tomcat/installation-directory}/conf/server.xml,
  • open that file by doubleclicking and look for <!--Tomcat Root Context-->
  • the file could be displayed like the following:
        <?xml version="1.0" encoding="ISO-8859-1"?>
        <!DOCTYPE web-app  PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"                
                <!--Tomcat Root Context-->
                    <context path="/examples" docBase="examples" debug="0"/>
<context path="/manager" docBase="manager" debug="0"/>

  • insert <context path="/[your-project]" docBase="[/path/to/your-project]" debug="0"/> after the other projects,
  • restart Tomcat,
  • test your new entry by pointing your favourite browser to http://your-domain:8080/your-project/
If you are able to access your web application, everything is configured correctly. Your web application has to be placed into the /webapp folder of Tomcat. If you encounter an error make sure that your web application shows the hierarchy discribed in the section before and all necessary classes are provided.

|--2--|The next possible publishing process could be done by using the manager application. If you had not already created a user with the "manager" role you should do this now (read the appropriate section). Otherwise you could not use the manager application.
This application is called via browser.
You just have to
  • start Tomcat,
  • type in your browsers navigation bar: http://[my-domain]:8080/manager,
  • provide username and password when the popup pops up.
If you then get an error message like FAIL - Unknown command displayed in the browser window don't be afraid. The system is just telling you that you are authenticated. You just missed to provide a command that the manager application could understand.
The syntax for the manager application looks like this:
  • http://[your-domain]:8080/manager/[command]?[parameter(s)]
To list currently installed applications type
  • http://[your-domain]:8080/manager/list
This command should result in something like this
 OK - Listed applications for virtual host localhost
To deploy a new web application that is unpacked, you have to type
  • syntax http://[your-domain]:8080/manager/install?path=/[your-project]&war=file:/path/to/[your-project]
  • example http://localhost/manager/install?path=/nick&war=file:D:/Programme/Server/jakarta-tomcat-4.0.3/webapps
You then should get the message
  • OK - Installed application at context path /nick
To deploy a new web application packed in a .war-file, you have to type
  • syntax http://[your-domain]:8080/manager/install?path=/[your-project]&war=jar:file:/path/to/[your-project].war!/
  • example http://localhost/manager/install?path=/nick&war=jar:file:D:/Programme/Server/jakarta-tomcat-4.0.3/webapps/nick.war!/
You then should get the message
  • OK - Installed application at context path /gateway-webapp
You possibly got an error message (these messages and their explanation were slightly modified and respectfully taken from
  • Application already exists at path /gateway-webapp

    The context paths for all currently running web applications must be unique. Therefore, you must either undeploy the existing web application using this context path, or choose a different context path for the new one.

  • Document base does not exist or is not a readable directory

    The URL specified by the war parameter must identify a directory on this server that contains the "unpacked" version of a web application, or the absolute URL of a web application archive (WAR) file that contains this application. Correct the value specified by the war parameter.

  • Encountered exception

    An exception was encountered trying to start the new web application. Check the Tomcat 4 logs for the details, but likely explanations include problems parsing your /WEB-INF/web.xml file, or missing classes encountered when initializing application event listeners and filters.

  • Invalid application URL was specified

    The URL for the directory or web application that you specified was not valid. Such URLs must start with file:, and URLs for a WAR file must end in ".war".

  • Invalid context path was specified

    The context path must start with a slash character, unless you are referencing the ROOT web application -- in which case the context path must be a zero-length string.

  • No context path was specified
    The path parameter is required.
To remove an existing web application you need to type
  • http://[your-domain]:8080/manager/remove?path=/[your-project]
It is possible that you need to reload an existing web application.
If you want to do so type
  • http://[your-domain]:8080/manager/reload?path=/[your-project]
It is not necessary to stop the web application when it is running.
Starting a web application is done by typing
  • http://[your-domain]:8080/manager/start?path=/[your-project]
Stopping a web application is done by typing
  • http://[your-domain]:8080/manager/remove?path=/[your-project]
Note that you could perform any of these commands without restarting your server!

|--3--|The next possibility to publish a project on your tomcat server is to copy the generated .war-file to your /webapps directory. This requires the server to be restarted. During the restart process Tomcat will expand the .war-file and create a folder hierarchy similar to the hierarchy before transforming it into web archive file. Note that in case of an update of the web application both the .war-file and the unpacked folders have to be removed. Then Tomcat has to be restarted. But now you could copy the new and updated .war-file to the /webapps directory. Now you have to restart Tomcat again or use the manager application.

|--4--|The fourth possibility to publish web applications with Tomcat ist quite similar to No.3: copy the unpacked folders of your web application to the /webapps directory and restart Tomcat or use the manager application.

That's it. Now you are ready to use Tomcat for production and publishing issues.

In this section you will read
  • some bla bla about OpenSA Web Server

The OpenSA Web Server is an Apache 1.3.26-based server distribution with builtin SSL-encryption. In addition to that the installation packages contains OpenSSL that is useful for generating keys and certificates. But OpenSA Web Server is available for Windoze systems only. Using this distribution prevents you from searching for the right Apache module (like mod_ssl) or compiling it from the source. Compiling any source code under Windoze is complicated as you must have a compiler installed (for example that one that is integrated into Visual C++). I decided to use this server+ssl distribution because it is easy to install, easy to configure and easy to run.

Obtaining OpenSA Web Server
In this section you will learn
  • how to obtain OpenSA Web Server via CD-ROM 
  • how to obtain OpenSA Web Server via Internet

You could get the newest binaries of OpenSA Web Server from this site: But there is also a version of OpenSA Web Server with this CD-ROM.
So download the file to your hard drive or copy the provided file somewhere on your harddisk, unpack it an proceed to the next chapter.

Installing OpenSA Web Server
In this section you will learn
  • how to install your copy of OpenSA Web Server

The installation procedure is quite simpple. All you have to do is doubliclick the installer.exe and follow the on-screen instructions.

Configuring OpenSA Web Server
In this section you will learn
  • how to configure OpenSA Web Server by editing httpd.conf

All you had to configure to get OpenSA Web Server going was done by you during the installation process. You have been asked to provide information about where the installer should place the different applications that come along with the installer package. So, right now there is nothing to configure except some lines within httpd.conf.
To do this,
  • browse to {path/to/you/opensa_web_server/installation-directory}/Apache/conf
  • change ServerAdmin to your settings (around line 255)
  • uncomment ServerName and give your server a name (around line 273)
  • change DocumentRoot to your document root - if you do not want to use the default /htdocs (around line 281)
Nothing of this is mandatory. But before you start to modify httpd.conf to your needs (by adding additional modules, virtual hosts, secured realms etc.) first give the server a name, add an email address of an administrator who is responsible for the server and change the document roots to your needs. That's what I wanted to say. You could add "bells & whistles" afterwards. But nevertheless, the server should start up without doing any changes.

Running OpenSA Web Server
In this section you will learn
  • how to start OpenSA Web Server
  • how to start OpenSA Web Server with SSL 
  • how to restart OpenSA Web Server
  • how to stop OpenSA Web Server

Running OpenSA Web Server is simple. During the installation process a group in the start menu/program files will be created. There you find any of the control commands. Note that the installed service doesn't seem to be SSL-enabled. So I think it is better to run and stop the server by using this menu. That's it. Now you have a web server running with builtin SSL-encryption. You are now able to establish secure connections.

Connecting Tomcat and Apache
In this section you will learn
  • some bla bla about connecting Tomcat and Apache

Each of those servers will be used according to its specific tasks: Apache will be used as web server  and Tomcat as application server.  The connection between them must be established in order to serve dynamic content via port 80 (the default port for web servers). If you connect both, *.jsp-files as well as servlets will be passed on to Tomcat and handled by it. Apache is therefore only the  arbitrator. Of course all static content will be sent through Apache to the clients.Basically there are two possibilities to connect Apache and Tomcat on a Windoze-based OS:
  • mod_webapp
  • mod_jk
Though it is not recommended to get the mod_webapp as connection handler, I did it - with the expected results: it is buggy and crashes the servers just after startup. So I had to switch to mod_jk and propose that you do this also. If you expect heavy load on your server you should use mod_jk as mod_webapp has no load balancing capabilities.

Obtaining necessary components
In this section you will learn
  • how to obtain mod_jk

You get the binary version of mod_jk by pointing your browser to the following URL:
Editing of necessary files
In this section you will learn
  • to edit some important config files like 
    • Apache 
      • httpd.conf
    • Tomcat
      • server.xml

If you are now going to edit important config files for both servers be sure that your configuration so far is working properly. If you are not able to start and stop both servers and the examples are not displayed properly do not continue here. Try first to fix the problems in case there are any.
If there are no problems with the configuration so far - just go ahead.

First we have to edit server.xml
  • browse to the directory where you installed Tomcat
  • change to folder conf
  • open server.xml in your favourite texteditor
  • scroll to the line where <Server port="8005" ...> is stated and add the following line:
    • <Listener className="org.apache.ajp.tomcat4.config.ApacheConfig"  modJk= "D:/Programme/Server/Apache/modules" />
  • then go on to the line where <Service name="Tomcat-Standalone"> is written and add:
    •  <!-- Define an AJP 1.3 Connector on port 8009 -->
          <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" port="8009" minProcessors="5" maxProcessors="75" acceptCount="10" debug="0"/>
Now save the modified server.xml and
  • browse to your /bin directory of your Tomcat installation directory
  • create a new directory called jk in the your /bin directory
  • create a new text file and save it as, then
  • copy the following code and paste it into your file
    • # Setup for Windows system

      # Linux uses fwd slashes

      # Windows uses back slashes

      worker.list= ajp13

      # Definition for Ajp13 worker
  • modify the path given in there and save the document.
After having done that you should edit httpd.conf. Therefore browse to your Apache installation directory and add the following to your httpd.conf:
after LoadModules Section:
          #--------------------------------------------------------------------# <IfModule !mod_jk.c>
  LoadModule jk_module modules/mod_jk.dll

and additionally at the end of your httpd.conf file:
         #-------------------------------Load mod_jk-----------------------------------------#
         <IfModule !mod_jk.c>
           LoadModule jk_module "D:/Programme/Server/OpenSA/Apache/modules/mod_jk.dll"

         JkWorkersFile "D:/Programme/Server/jakarta-tomcat-4.0.3/conf/jk/"
         JkLogFile "D:/Programme/Server/jakarta-tomcat-4.0.3/logs/jk_log.txt"

         JkLogLevel debug

         JKMount /servlet/* ajp13
         JkMount /*.jsp ajp13
         JkMount /examples/* ajp13
         JkMount /manager/* ajp13
         JkMount /tomcat-docs/* ajp13
         JkMount /webdav/* ajp13
         JkMount /login/* ajp13

Do not forget to copy mod_jk.dll into the module folder of your Apache Web Server. Having done so, configuration is over and you are ready to run Tomcat through Apache.  Apache then is serving the static content, the dynamic content is handled by Tomcat.
Further informtaion and all about mod_jk could be found here.
 Some Tutorials and instructions for the Installation of mod_webapps and mod_jk could be found there.
Hints to merge different versions of Apache and Tomcat could be found there.

In this section you will learn
  • how to create certificates by use of OpenSSL for Windows

In order to secure your data transfer between client and server you are encouraged to use Secure Socket Layer Technology (SSL). What I am going to explain in this section is how you could create your own certificates by use of OpenSSL for Windows. Certificates are useful because you will be able to identify your hosts correctly by adding certificates. So, your customers will see that the computer they are sending a request is really that one they want to reach via internet protocol. You also could create special certificates the client browser must have pre-installed in order to connect to your server. That has more security than other opportunities but of course that way could only be used if you know your customers, i.e. you know those folks that will access your secured server.

Becoming Certificate Authority (CA)
In this section you will learn
  • how to become a certificate authority

It is possible that you ever heard about so-called Certificate Authorities. You will have recognised that VeriSign, Thawte and other names have something to do with certificates, keys and security stuff like that. The truth is that all of those mentioned companies are certificate authorities. That means that they are trusted and offer as a service the certification of your certificates. But that costs money. So if you have to set up a SSL connection that is for prototype or testing purposes and you want to show that you are able to generate your own certificates you have to become your own certificate authority in order to sign your created certificates.

Obtaining the necessary software
In this section you will learn
  • how to obtain OpenSSL 
  • how to obtain Cygwin (as you are working in a Windoze environment you might like to have the comfort of a unix-like shell)



上一篇The Apache + SSL HOWTO
下一篇在Windows上面配置Apache + SSL
想对作者说点什么? 我来说一句