The Apache Tomcat Connectors - Web Server HowTo (1.2.50)

Apache HTTP Server HowTo

Introduction

This document explains how to connect Tomcat to the popular open source web server, Apache HTTP Server. You can use the connection module mod_jk with any supported version of Apache and any supported version of Tomcat.

It is recommended that you also read the Workers HowTo document to learn how to setup the working entities between your web server and Tomcat Engines. For more detailed configuration information consult the Reference Guide for workers.properties, uriworkermap and Apache.

Warning: If Apache and Tomcat are configured to serve content from the same file system location then care must be taken to ensure that Apache is not able to serve inappropriate content such as the contents of the WEB-INF directory or JSP source code. This could occur if the Apache DocumentRoot overlaps with a Tomcat Host's appBase or the docBase of any Context. It could also occur when using the Apache Alias directive with a Tomcat Host's appBase or the docBase of any Context.

This document was originally part of Tomcat: A Minimalistic User's Guide written by Gal Shachor, but has been split off for organisational reasons.

Document Conventions and Assumptions

${tomcat_home} is the root directory of tomcat. Your Tomcat installation should have the following subdirectories:

${tomcat_home}\conf - Where you can place various configuration files
${tomcat_home}\webapps - Containing example applications
${tomcat_home}\bin - Where you place web server plugins

In all the examples in this document ${tomcat_home} will be /var/tomcat3. A worker is defined to be a tomcat process that accepts work from the Apache server.

Supported Configuration

The mod_jk module is supported for:

All currently supported versions of Apache Web Server (httpd)
Any operating system supported by Apache Web Server
All currently supported versions of Tomcat

The mod_jk module may work with older, unsupported versions of Apache Web Server and/or Tomcat but such configurations are not supported.

AJP protocols?

The mod_jk module uses the AJP protocol to send requests to the Tomcat containers. The AJP version used is ajp13. All current versions Tomcat support the ajp13 protocol. Others servlet engines such as Jetty and JBoss also support the ajp13 protocol.

The ajp12 protocol has been deprecated and you should no longer use it. The ajp14 protocol is considered experimental.

How does it work ?

In a nutshell a web server is waiting for client HTTP requests. When these requests arrive the server does whatever is needed to serve the requests by providing the necessary content.

Adding a servlet container may somewhat change this behaviour. Now the web server needs also to perform the following:

Load the servlet container adaptor library and initialise it (prior to serving requests).
When a request arrives, it needs to check and see if a certain request belongs to a servlet, if so it needs to let the adaptor take the request and handle it.

The adaptor on the other hand needs to know what requests it is going to serve, usually based on some pattern in the request URL, and to where to direct these requests.

Things are even more complex when the user wants to set a configuration that uses virtual hosts, or when they want multiple developers to work on the same web server but on different servlet container JVMs. We will cover these two cases in the advanced sections.

Obtaining mod_jk

mod_jk can be obtained in two formats - binary and source. Depending on the platform you are running your web server on, a binary version of mod_jk may be available.

It is recommended to use the binary version if one is available. If the binary is not available, follow the instructions given in the below "Building mod_jk" sections for building mod_jk from source. The mod_jk source can be downloaded from a mirror here

The binaries for mod_jk are now available for several platforms. The binaries are located in subdirectories by platform.

For some platforms, such as Windows, this is the typical way of obtaining mod_jk since most Windows systems do not have C compilers.

For others, the binary distribution of mod_jk offers simpler installation.

For example JK 1.2.x can be downloaded from a mirror here (look for JK 1.2 Binary Releases). The "JK 1.2 Binary Releases" link contains binary version for a variety of operating systems for both Apache 1.3 and Apache 2.x.

Installation

mod_jk requires two entities:

mod_jk.xxx - The Apache HTTP Server module, depending on your operating system, it will be mod_jk.so, mod_jk.nlm or MOD_JK.SRVPGM (see the build section).
workers.properties - A file that describes the host(s) and port(s) used by the workers (Tomcat processes). A sample workers.properties can be found under the conf directory in the source download.

Also as with other Apache modules, mod_jk should be first installed on the modules directory of your Apache HTTP Server, ie: /usr/lib/apache and you should update your httpd.conf file.

Disabling old mod_jserv

If you've previously configured Apache to use mod_jserv, remove any ApJServMount directives from your httpd.conf.

If you're including tomcat-apache.conf or tomcat.conf, you'll want to remove them as well - they are specific to mod_jserv.

The mod_jserv configuration directives are not compatible with mod_jk !

Using Tomcat auto-configure

Tomcat auto-configure is deprecated and has been removed in Tomcat 7 and later.

The auto-configure works only for a single Tomcat running on the same machine where the Apache HTTP Server is running. The simplest way to configure Apache HTTP Server to use mod_jk is to turn on the Apache HTTP Server auto-configure setting in Tomcat and put the following include directive at the end of your Apache httpd.conf file (make sure you replace $TOMCAT_HOME with the correct path for your Tomcat installation:

# To be added at the end of your httpd.conf
Include $TOMCAT_HOME/conf/jk/mod_jk.conf-auto

Note: this file may also be generated as $TOMCAT_HOME/conf/auto/mod_jk.conf

This will tell the Apache HTTP Server to use directives in the mod_jk.conf-auto file in the Apache configuration. This file is created by enabling the Apache auto-configuration by creating your workers.properties file at $TOMCAT_HOME/conf/jk/workers.properties and adding the listener to the Engine element in the server.xml file as per the following example. Please note that this example is specific to Tomcat 5.x, unlike other sections of this document which also apply to previous Tomcat branches.

...
<Engine ...>
  ...
    <Listener className="org.apache.jk.config.ApacheConfig" modJk="/path/to/mod_jk.so" />
  ...
</Engine>
...

Then restart Tomcat and mod_jk.conf should be generated. For more information on this topic, please refer to the API documentation at the Tomcat docs website.

Custom mod_jk configuration

You should use custom configuration when:

You couldn't use mod_jk.conf-auto since Tomcat engine isn't on the same machine that your Apache web server, ie when you have an Apache in front of a Tomcat Farm.
Another case for custom configuration is when your Apache is in front of many different Tomcat engines, each one having it's own configuration, a general case in ISP hosting
Also most Apache web masters will retain custom configuration to be able to tune the settings to their real needs.

Simple configuration example

Here is a simple configuration:

# Load mod_jk module
LoadModule    jk_module  modules/mod_jk.so
# Add the module (activate this lne for Apache 1.3)
# AddModule     mod_jk.c
# Where to find workers.properties
JkWorkersFile /etc/httpd/conf/workers.properties
# Where to put jk shared memory
JkShmFile     /var/log/httpd/mod_jk.shm
# Where to put jk logs
JkLogFile     /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel    info
# Send requests for context /examples to worker named worker1
JkMount  /examples/* worker1

mod_jk Directives

We'll discuss here the mod_jk directives and details behind them

Define workers

JkWorkersFile specify the location where mod_jk will find the workers definitions.

JkWorkersFile     /etc/httpd/conf/workers.properties

Logging

JkLogFile specify the location where mod_jk is going to place its log file.

JkLogFile     /var/log/httpd/mod_jk.log

Since JK 1.2.3 for Apache 2.x and JK 1.2.16 for Apache 1.3 this can also be used for piped logging:

JkLogFile     "|/usr/bin/rotatelogs /var/log/httpd/mod_jk.log 86400"

JkLogLevel set the log level between:

info log will contains standard mod_jk activity (default).
error log will contains also error reports.
debug log will contains all information on mod_jk activity

JkLogLevel    info

info should be your default selection for normal operations.

JkLogStampFormat will configure the date/time format found on mod_jk logfile. See the mod_jk Apache HTTP Server reference for details.

JkLogStampFormat "[%y-%m-%d %H:%M:%S.%Q] "

You can log mod_jk information using the Apache standard module mod_log_config. The module sets several notes in the Apache notes table. Most of them are are only useful in combination with a load balancer worker. See the mod_jk Apache HTTP Server reference for details.

LogFormat     "%h %l %u %t \"%r\" %>s %b %{JK_WORKER_NAME}n %{JK_LB_FIRST_NAME}n \
              %{JK_LB_FIRST_BUSY}n %{JK_LB_LAST_NAME}n %{JK_LB_LAST_BUSY}n" mod_jk_log
CustomLog     logs/access_log     mod_jk_log

You can also log a request protocol in the mod_jk log file instead of the access log. This is not recommended and mostly a backward compatibility feature. The directive JkRequestLogFormat will configure the format of this protocol. It gets configured and enabled on a per virtual host basis. See the mod_jk Apache HTTP Server reference for details.

JkRequestLogFormat     "%w %V %T"

Forwarding

The directive JkOptions allow you to set many forwarding options which will enable (+) or disable (-) following option. Without any leading signs, options will be enabled.

The four following options +ForwardURIxxx are mutually exclusive. Exactly one of them is required, a negative sign prefix is not allowed with them. The default value is "ForwardURIProxy" since version 1.2.24. It was "ForwardURICompatUnparsed" in version 1.2.23 and "ForwardURICompat" until version 1.2.22. You can turn the default off by switching on one of the other two options. You should leave this at it's default value, unless you have a very good reason to change it.

All options are inherited from the global server to virtual hosts. Options that support enabling (plus options) and disabling (minus options), are inherited in the following way:
options(vhost) = plus_options(global) - minus_options(global) + plus_options(vhost) - minus_options(vhost)

Using JkOptions ForwardURIProxy, the forwarded URI will be partially reencoded after processing inside Apache and before forwarding to Tomcat. This will be compatible with local URL manipulation by mod_rewrite and with URL encoded session ids.

JkOptions     +ForwardURIProxy

Using JkOptions ForwardURICompatUnparsed, the forwarded URI will be unparsed. It's spec compliant and secure. It will always forward the original request URI, so rewriting URIs with mod_rewrite and then forwarding the rewritten URI will not work.

JkOptions     +ForwardURICompatUnparsed

Using JkOptions ForwardURICompat, the forwarded URI will be decoded by Apache. Encoded characters will be decoded and explicit path components like ".." will already be resolved. This is less spec compliant and is not safe if you are using prefix JkMount. This option will allow to rewrite URIs with mod_rewrite before forwarding.

JkOptions     +ForwardURICompat

Using JkOptions ForwardURIEscaped, the forwarded URI will be the encoded form of the URI used by ForwardURICompat. Explicit path components like ".." will already be resolved. This will not work in combination with URL encoded session IDs, but it will allow to rewrite URIs with mod_rewrite before forwarding.

JkOptions     +ForwardURIEscaped

JkOptions RejectUnsafeURI will block all URLs, which contain percent signs '%' or backslashes '\' after decoding.

Most web apps do not use such URLs. Using the option RejectUnsafeURI, you can block several well known URL encoding attacks. By default, this option is not set.

You can also realise such a check with mod_rewrite, which is more powerful but also slightly more complicated.

JkOptions     +RejectUnsafeURI

JkOptions CollapseSlashesAll is deprecated as of 1.2.44 and will be ignored if used.

JkOptions CollapseSlashesUnmount is deprecated as of 1.2.44 and will be ignored if used.

JkOptions CollapseSlashesNone is deprecated as of 1.2.44 and will be ignored if used.

JkOptions ForwardDirectories is used in conjunction with DirectoryIndex directive of Apache. As such mod_dir should be available to Apache, statically or dynamically (DSO)

When DirectoryIndex is configured, Apache will create sub-requests for each of the local-url's specified in the directive, to determine if there is a local file that matches (this is done by stat-ing the file).

If ForwardDirectories is set to false (default) and Apache doesn't find any files that match, Apache will serve the content of the directory (if directive Options specifies Indexes for that directory) or a 403 Forbidden response (if directive Options doesn't specify Indexes for that directory).

If ForwardDirectories is set to true and Apache doesn't find any files that match, the request will be forwarded to Tomcat for resolution. This is used in cases when Apache cannot see the index files on the file system for various reasons: Tomcat is running on a different machine, the JSP file has been precompiled etc.

Note that locally visible files will take precedence over the ones visible only to Tomcat (i.e. if Apache can see the file, that's the one that's going to get served). This is important if there is more then one type of file that Tomcat normally serves - for instance Velocity pages and JSP pages.

JkOptions     +ForwardDirectories

Setting JkOptions ForwardLocalAddress, you ask mod_jk to send the local address of the Apache HTTP Server instead of remote client address. This can be used by Tomcat remote address valve for allowing connections only from configured Apache servers.

JkOptions     +ForwardLocalAddress

Setting JkOptions ForwardPhysicalAddress, you ask mod_jk to send the physical peer TCP IP address as the client address. By default mod_jk uses the logical address as provided by the web server. For example the module mod_remoteip sets the logical IP address to the client IP forwarded by proxies in the X-Forwarded-For header.

JkOptions     +ForwardPhysicalAddress

JkOptions FlushPackets, you ask mod_jk to flush Apache's connection buffer after each AJP packet chunk received from Tomcat. This option can have a strong performance penalty for Apache and Tomcat as writes are performed more often than would normally be required (ie: at the end of each response).

JkOptions     +FlushPackets

JkOptions FlushHeader, you ask mod_jk to flush Apache's connection buffer after the response headers have been received from Tomcat.

JkOptions     +FlushHeader

JkOptions DisableReuse, you ask mod_jk to close connections immediately after their use. Normally mod_jk uses persistent connections and pools idle connections to reuse them, when new requests have to be sent to Tomcat.

Using this option will have a strong performance penalty for Apache and Tomcat. Use this only as a last resort in case of unfixable network problems. If a firewall between Apache and Tomcat silently kills idle connections, try to use the worker attribute socket_keepalive in combination with an appropriate TCP keepalive value in your OS.

JkOptions     +DisableReuse

JkOptions ForwardKeySize, you ask mod_jk, when using ajp13, to forward also the SSL Key Size as required by Servlet API 2.3. This flag shouldn't be set when servlet engine is Tomcat 3.2.x (off by default).

JkOptions     +ForwardKeySize

JkOptions ForwardSSLCertChain, you ask mod_jk, when using ajp13, to forward SSL certificate chain (off by default). Mod_jk only passes the SSL_CLIENT_CERT to the AJP connector. This is not a problem with self-signed certificates or certificates directly signed by the root CA certificate. However, there's a large number of certificates signed by an intermediate CA certificate, where this is a significant problem: A servlet will not have the possibility to validate the client certificate on its own. The bug would be fixed by passing on the SSL_CLIENT_CERT_CHAIN to Tomcat via the AJP connector.
This directive exists only since version 1.2.22.

JkOptions     +ForwardSSLCertChain

The directive JkEnvVar allows you to forward environment variables from Apache server to Tomcat engine. You can add a default value as a second parameter to the directive. If the default value is not given explicitly, the variable will only be send, if it is set during runtime.
The variables can be retrieved on the Tomcat side as request attributes via request.getAttribute(attributeName). Note that the variables send via JkEnvVar will not be listed in request.getAttributeNames().
The variables are inherited from the global server to virtual hosts.

JkEnvVar     SSL_CLIENT_V_START     undefined

Assigning URLs to Tomcat

If you have created a custom or local version of mod_jk.conf-local as noted above, you can change settings such as the workers or URL prefix.

JkMount directive assign specific URLs to Tomcat. In general the structure of a JkMount directive is:

JkMount [URL prefix] [Worker name]

# send all requests ending in .jsp to worker1
JkMount /*.jsp worker1
# send all requests ending /servlet to worker1
JkMount /*/servlet/ worker1
# send all requests jsp requests to files located in /otherworker will go worker2
JkMount /otherworker/*.jsp worker2

You can use the JkMount directive at the top level or inside <VirtualHost> sections of your httpd.conf file.

Configuring Apache to serve static web application files

If the Tomcat Host appBase (webapps) directory is accessible by the Apache HTTP Server, Apache can be configured to serve web application context directory static files instead of passing the request to Tomcat.

Caution: For security reasons it is strongly recommended that JkMount is used to pass all requests to Tomcat by default and JkUnMount is used to explicitly exclude static content to be served by Apache. It should also be noted that content served by Apache will bypass any security constraints defined in the application's web.xml.

Use Apache's Alias directive to map a single web application context directory into Apache's document space for a VirtualHost:

# Static files in the examples webapp are served by Apache
Alias /examples /vat/tomcat3/webapps/examples
# All requests go to worker1 by default
JkMount /* worker1
# Serve html, jpg and gif using Apache
JkUnMount /*.html worker1
JkUnMount /*.jpg  worker1
JkUnMount /*.gif  worker1

Starting with mod_jk 1.2.6 for Apache 2.x and 1.2.19 for Apache 1.3, it's possible to exclude some URL/URI from jk processing by setting the env var no-jk, for example with the SetEnvIf Directive.

You could use no-jk env var to fix problem with mod_alias or mod_userdir directive when jk and alias/userdir URLs matches.

# All URL goes to tomcat except the one containing /home
<VirtualHost *:80>
    ServerName testxxx.mysys
    DocumentRoot /www/testxxx/htdocs

# Use SetEnvIf to set no-jk when /home/ is encountered
    SetEnvIf Request_URI "/home/*" no-jk

# Now /home will goes to /home/dataxxx/
    Alias /home /home/dataxxx/

    <Directory "/home/dataxxx">
        Options Indexes MultiViews
        AllowOverride None
        Require all granted
    </Directory>

    JkMount /* myssys-xxx

</VirtualHost>

Use the mod_jk JkAutoAlias directive to map all web application context directories into Apache's document space.

Attempts to access the WEB-INF or META-INF directories within a web application context or a Web Archive *.war within the Tomcat Host appBase (webapps) directory will fail with an HTTP 403, Access Forbidden

# Static files in all Tomcat webapp context directories are served by Apache
JkAutoAlias /var/tomcat3/webapps

# All requests go to worker1 by default
JkMount /* ajp13
# Serve html, jpg and gif using Apache
JkUnMount /*.html ajp13
JkUnMount /*.jpg  ajp13
JkUnMount /*.gif  ajp13

If you encoded all your URLs to contain the session id (;jsessionid=...), and you later decide, you want to move part of the content to Apache, you can tell mod_jk to strip off all session ids from URLs for those requests, that do not get forwarded via mod_jk.

You enable this feature by setting JkStripSession to On. It can be enabled individually for virtual servers. The default value is Off.

Building mod_jk on Unix

The mod_jk build use the widely used configure system.

Prepare your mod_jk configure from subversion

In case you get source from subversion, ie without an existing configure script, you should have autoconf for configuration and installation.

To create the mod_jk autoconf script, you will need libtool 1.5.2, automake 1.10 and autoconf 2.59 or newer. The use of more recent versions is encouraged, e.g. for reliable detection of the features of recent version of operating systems.

Those tools will not be required if you are just using a package downloaded from apache.org, they are only required for developers.

To create the configure script just type: ./buildconf.sh

Using configure to build mod_jk

Here's how to use configure to prepare mod_jk for building, just type:

./configure [autoconf arguments] [mod_jk arguments]

You could set CFLAGS and LDFLAGS to add some platform specifics:

LDFLAGS=-lc ./configure -with-apxs=/home2/local/apache/bin/apxs

If you want to build mod_jk for different versions of the Apache HTTP Server, like 1.3 or 2.x, you need to go through the full build process for each of them. Please note, that Apache 2.0, 2.2 or 2.4 modules are not binary compatible. You have to compile the module using the Apache version you plan to run it in. The mod_jk build directory used is "apache-2.0" for all 2.x builds. The source code is compatible with Apache HTTP Server 2.0, 2.2 and 2.4.

use configure and indicate the correct Apache HTTP Server apxs location (--with-apxs)
use make
copy the resulting mod_jk.so binary from the apache-1.3 or apache-2.0 subdirectory to the Apache HTTP Server modules location.
make clean (to remove all previously compiled object files)
Start over with the apxs location for your next Apache HTTP Server version.

configure arguments

Apache related parameters
--with-apxs[=FILE]	FILE is the location of the apxs tool. Default is finding apxs in PATH. It builds a shared Apache module. It detects automatically the Apache version. (2.x and 1.3)
--with-apache=DIR	DIR is the path where Apache sources are located. The Apache sources should have been configured before configuring mod_jk. DIR is something like: /home/apache/apache_1.3.19 It builds a static Apache module.
--enable-EAPI	This parameter is needed when using Apache-1.3 and mod_ssl, otherwise you will get the error message: "this module might crash under EAPI!" when loading mod_jk.so in Apache. Not needed when --with-apxs has been used
--enable-prefork	In case you build mod_jk for a multi-threaded Apache HTTP Server 2.x MPM (Multi-Processing Module), some areas of mod_jk code need to be synchronised to make it thread-safe. Because configure can not easily detect, whether your are using a multi-threaded MPM, mod_jk by default is always build thread-safe for Apache HTTP Server 2.x. If you are sure, that your MPM is not multi-threaded, you can use "--enable-prefork" to force the removal of the synchronisation code (thus increasing performance a bit). For instance, the prefork MPM is not multi-threaded. For Apache HTTP Server 1.3 this flag will be set automatically.
--disable-trace	When using log level "trace", mod_jk traces a lot of function calls with "enter" and "exit" log messages. Even if the log level is not "trace", comparing the log levels to decide about logging has some performance impact. If you use "--disable-trace", then the trace log code doesn't get compiled into the module binary and you might save some cycles during execution. Even with "--disable-trace" logging debug messages with debug log level will still be possible.
--enable-api-compatibility	Only use Apache API functions available in all Apache production releases of the chosen major Apache release branch. This improves binary compatibility of module builds with Apache releases older than the release against mod_jk is build (only between minor Apache versions).
--enable-flock	In case the operating system supports flock system call use this flag to enable this faster locks that are implemented as system call instead emulated by GNU C library. However those locks does not work on NFS mounted volumes, so you can use "--enable-flock" during compile time to force the flocks() calls.

Examples of configure use

Apache 1.3 and 2.x build ./configure --with-apxs=/usr/sbin/apxs
make
cp ./apache-1.3/mod_jk.so /usr/lib/apache
make clean
./configure --with-apxs=/usr/sbin/apxs2
make
cp ./apache-2.0/mod_jk.so /usr/lib/apache2

Building mod_jk for Apache on Windows

The module was developed using Microsoft Visual C++, so having Visual Studio installed is a prerequisite if you want to perform your own build.

You can build the source using the IDE GUI, or using a pure commandline build based on nmake. The IDE build currently only supports building 32 Bit binaries. The nmake builds are available for 32 Bit and 64 Bit binaries.

The common steps for all build procedures are:

Set up your build environment for 32 Bits or 64 Bits. The IDE build only supports 32 Bits.
Download the sources as a zip file and unpack it.
Change directory to the ISAPI redirector source directory.
Set your path to the Apache web server directory in your environment.

Set up 32 or 64 Bit build environment setenv /Release /X86 or (not available for IDE build) setenv /Release /X64 Download tomcat-connectors-xxx-src.zip from https://tomcat.apache.org/download-connectors.cgi and unpack it unzip tomcat-connectors-xxx-src.zip Change directory to the mod_jk source directory. To build mod_jk for the Apache HTTP server 2.0, 2.2 or 2.4, use the "apache-2.0" directory, for the old Apache HTTP server 1.3, the "apache-1.3" directory. cd tomcat-connectors-xxx-src\native\apache-2.0 Set the environment variable "APACHE1_HOME" resp. "APACHE2_HOME" resp. "APACHE22_HOME" resp. "APACHE24_HOME" to the installation path of your Apache web server. set APACHE24_HOME=D:\software\Apache\httpd-2.4.16

The steps for an IDE build are then:

Start Visual Studio using "start mod_jk.dsp"
During IDE startup choose "Yes" in all conversion popups.
Next choose a Configuration form the dropdown. There are pre-defined configurations for debug and release builds and in the "apache-2.0" directory each of them is available as a configuration to build against the web server versions 2.0, 2.2 and 2.4.
Finally choose "Build Solution" in the "Build" menu.

The resulting file mod_jk.so (and the debug symbol file mod_jk.pdb) is located in the "Debug" resp. "Release" sub directory depending on the build Configuration chosen. For the "apache-2.0" module the directories are named "Debug_20", "Release_20", "Debug_22", "Release_22", "Debug_24" and "Release_24" depending on the chosen build configuration.

Alternatively the steps for an nmake commandline build are:

Set your target architecture to X86 or X64 by editing the "ARCH=" line in the file Makefile.vc.
Issue "nmake -f Makefile.vc"

Finally you need to copy the file mod_jk.so to the modules directory of your Apache HTTP server (resp. the libexec directory for the old Apache 1.3).

For Apache HTTP Server 1.3, ApacheCore.lib is expected to exist before linking mod_jk will succeed.

Building mod_jk for Apache on System I - i5/OS (OS400)

Since OS400 V4R5, System I (AS/400) has used Apache 2.0 as their primary web server, replacing the old IBM web server. It's now possible to build mod_jk on System I thanks to the help of the IBM Rochester Labs which has provided information and patches to adapt mod_jk to i5/OS.

You should have at least Apache 2.0.58 (product 5722DG1), a C Compiler and IFS. Apache 2.0.58 is provided with the most recent set of PTFs for the iSeries Apache server, which can be found at http://www.ibm.com/servers/eserver/iseries/software/http/

The all latest Apache 2 for i5/OS V5R3 (or V5R4) is now 2.0.58 (as of 2007/04/17). Be sure to have the latest PTFs loaded if you want to make use of jk 1.2.15 and higher. NB: The latest mod_jk known to work on i5/OS V5R3 was 1.2.19.

New in i5/OS V5R4, UTF is required, also for Apache modules, as such Apache modules do not require translations to/from EBCDIC but works should be done to port mod_jk 1.2.23 (and higher) to V5R4. From the V5R4 Infocenter: As of i5/OS(tm) V5R4, modules must be recompiled with a UTF locale. This creates an environment where locale-dependent C runtime functions assume that string data is encoded in UTF-8. Any hardcoded constants can be encoded in UTF-8 by adding a #pragma convert(1208) statement in the module. Additionally, input data from the client will no longer be converted to EBCDIC but will be passed as-is. Output data sent from the module is not converted either so it must be encoded in ASCII or UTF8 as required. APR and HTTP APIs as of V5R4, expect data in UTF-8. Note that several APIs have additional functions that allow a CCSID to be set to indicate the encoding of the parameters being passed. Conversion functions between UTF-8 and EBCDIC have been added. Be sure to review APIs used by your module to be aware of current changes.

To configure mod_jk on System I use the CL source provided with the mod_jk source.

Get the latest mod_jk source and untar it on a Windows or Unix boxes
Create a directory in IFS, ie /home/apache
Send the whole jk source directory to System I directory via FTP.
Then go to the System I command line:

Create mod_jk library CRTLIB MOD_JK TEXT(‘Apache mod'jk tomcat connector module') Create service program source file CRTSRCPF MOD_JK/QSRVSRC TEXT(‘Service program source file’) Create the CL build program source file CRTSRCPF FILE(MOD_JK/QCLSRC) TEXT(‘Build program source file’) Edit the service program source file STRSEU MOD_JK/QSRVSRC MOD_JK

In the edited file, specify that only jk_module should be exported: Columns . . : 1 71 Edit MOD_JK/QSRVSRC SEU==> MOD_JK *************** Beginning of data ************************************* 0001.00 STRPGMEXP PGMLVL(*CURRENT) 0002.00 EXPORT SYMBOL("jk_module") 0003.00 ENDPGMEXP ****************** End of data ****************************************

You could start to build all the modules of mod_jk (cases for V5R4 or previous releases):

Copy the CL build program source for i5/OS before V5R4 from IFS CPYFRMSTMF FROMSTMF('/home/apache/jk/native/apache-2.0/bldjk.qclsrc') + TOMBR('/QSYS.LIB/MOD_JK.LIB/QCLSRC.FILE/BLDJK.MBR') MBROPT(*REPLACE) Build the CL build program CRTCLPGM PGM(MOD_JK/BLDJK) SRCFILE(MOD_JK/QCLSRC) TEXT('Apache mod_jk build program') Launch the build CALL MOD_JK/BLDJK
If the build if successfull, copy the new mod_jk module CRTDUPOBJ OBJ(MOD_JK) FROMLIB(MOD_JK) OBJTYPE(*SRVPGM) TOLIB(QHTTPSVR) NEWOBJ(MOD_JK) Copy the CL build program source for i5/OS V5R4 from IFS CPYFRMSTMF FROMSTMF('/home/apache/jk/native/apache-2.0/bldjk54.qclsrc') + TOMBR('/QSYS.LIB/MOD_JK.LIB/QCLSRC.FILE/BLDJK54.MBR') MBROPT(*REPLACE) Build the CL build program for i5/OS V5R4 CRTCLPGM PGM(MOD_JK/BLDJK54) SRCFILE(MOD_JK/QCLSRC) TEXT('Apache mod_jk build program') TGTRLS(*CURRENT) Launch the build for i5/OS V5R4 CALL MOD_JK/BLDJK54
If the build if successfull, copy the new mod_jk module CRTDUPOBJ OBJ(MOD_JK) FROMLIB(MOD_JK) OBJTYPE(*SRVPGM) TOLIB(QHTTPSVR) NEWOBJ(MOD_JK)

Next, you should restart your Apache 2.0 instance and enjoy this piece of OpenSource on System I.

ENDTCPSVR SERVER(*HTTP) HTTPSVR(MYSERVER) STRTCPSVR SERVER(*HTTP) HTTPSVR(MYSERVER)

Building mod_jk for Apache on MacOS/X

Mac OS X (10.2.x) build notes:

Assuming that you are root:

For Apache 1.3: ./configure --with-apxs=/usr/sbin/apxs cd apache-1.3 make -f Makefile.apxs cp mod_jk.so /etc/libexec/httpd For Apache 2.x: ./configure --with-apxs=/usr/local/apache2/bin/apxs (you should point to the directory where you installed Apache 2.x) cd apache-2.0 make -f Makefile.apxs install

Getting mod_jk linked statically with Apache

mod_jk allows to install mod_jk in the Apache source tree to get a statically linked mod_jk. Having mod_jk in the Apache executable brings some small performance improvements. The configure option --with-apache prepare mod_jk to install it in the Apache source tree. The option --with-apache works both for Apache 1.3 and Apache 2.x. The examples below show how to get mod_jk in the Apache process.

Installation for Apache-2.x

/home/apache24/httpd-2.4.12 is the directory where the Apache HTTP Server sources are located. ./configure --with-apache=/home/apache24/httpd-2.4.12
make
Install the mod_jk library and other files in /home/apache24/httpd-2.4.12/modules: make install
It is not possible to configure Apache directly because the config.m4 of mod_jk must be added to the configure of httpd-2.x. cd /home/apache24/httpd-2.4.12 sh buildconf configure ... --with-mod_jk make make install

The enable-jk=share and enable-jk=static are not supported. --with-mod_jk only allow static linking of mod_jk.

Installation for Apache-1.3

/home/apache/apache_1.3.27 is the directory where the apache-1.3 sources are located. ./configure --with-apache=/home/apache/apache_1.3.27
make
Install the libjk library, mod_jk.c, includes and other files in /home/apache/apache_1.3.27/src/modules/jk: make install
Configure in the Apache sources: cd /home/apache/apache_1.3.27 configure ... --enable-module=dir --disable-shared=dir \ --activate-module=src/modules/jk/libjk.a \ --disable-shared=jk make make install

The --enable-shared=jk is also working and builds a dso file.

Just change the configure in the Apache sources: configure ... --enable-module=dir --enable-shared=dir \ --activate-module=src/modules/jk/libjk.a \ --enable-shared=jk