Introduction
In this article, we will show how to install and configure the Apache HTTPD server to connect with JasperReports Server using the mod_jk module, and then configure it as a secure server using the mod_ssl module. In this article we describe how to do this on Linux Fedora – see this page for the procedure to install the web server on Ubuntu.
Install Apache Web Server
You must be logged in as root. From the command line type:
[root@fed1764-csauto mod_jk]# yum -y install httpd
Install and Configure mod_jk
Go to http://tomcat.apache.org/download-connectors.cgi and download the "JK 1.2.xx Source Release tar.gz" archive. Create the directory /root/mod_jk and move the archive to it. Unpack the archive:
[root@fed1764-csauto mod_jk]# tar -xvf tomcat-connectors-1.2.xx.tar.gz
To build the package you may need to download the httpd-devel package. To find out if it is already installed type “which apxs” at the command line, if it is not available install it using the following command.
[root@fed1764-csauto mod_jk]# yum -y install httpd-devel
Navigate to the tomcat-connectors-1.2.xx-src/native directory in your expanded archive and compile the package.
[root@fed1764-csauto mod_jk]# ./configure --with-apxs=/usr/sbin/apxs [root@fed1764-csauto mod_jk]# make [root@fed1764-csauto mod_jk]# make install
This will compile and install the mod_jk.so module into /etc/httpd/modules directory.
Configure the mod_jk module
Navigate to /etc/httpd/conf and open httpd.conf in a text editor. Add the following configuration:
# # Tomcat Jakarta connector configuration # see http://tomcat.apache.org/connectors-doc for more info # # Load mod_jk module LoadModule jk_module modules/mod_jk.so # Where to find workers.properties JkWorkersFile /etc/httpd/conf/workers.properties # Where to put jk logs JkLogFile /var/log/httpd/mod_jk.log # Set the jk log level [debug/error/info] JkLogLevel debug # Select the log format JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories # JkRequestLogFormat set the request format JkRequestLogFormat "%w %V %T" # jasperserver-pro mount points JkMount /jasperserver-pro worker1 JkMount /jasperserver-pro/* worker1
Be sure the server names for JkMount match your server name.
Create /etc/httpd/conf/workers.properties and add the following configuration:
# # begin workers.properties # Define 1 real worker using ajp13 worker.list=worker1 # Set properties for worker1 (ajp13) worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8009 worker.worker1.lbfactor=50 worker.worker1.cachesize=10 worker.worker1.cache_timeout=600 worker.worker1.socket_keepalive=1 worker.worker1.recycle_timeout=300 # end workers.properties
Enable the httpd worker service, start the web server and test it's status. At the command line type:
[root@fed1764-csauto mod_jk]# systemctl enable httpd-worker.service [root@fed1764-csauto mod_jk]# service httpd-worker start [root@fed1764-csauto mod_jk]# service httpd-worker status
Make sure that the Jasperserver application is started, then go to http://<hostname>/jasperser-pro in your browser to validate that you can reach the application via the web server on port 80.
Install and Configure the Secure Server
First create a self-signed SSL certificate.
[root@fed1764-csauto mod_jk]# cd /etc/pki/tls/certs [root@fed1764-csauto mod_jk]# make server.key
umask 77 ;
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 1024 bit long modulus
.........................................................++++++
........++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
Enter anything for the pass phrase – many people use “secret,” remember it, you will need it in the next step.
Remove passphrase from private key.
[root@fed1764-csauto mod_jk]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
Generate the certificate signing request (CSR).
[root@fed1764-csauto mod_jk]# make server.csr
umask 77 ;
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [berkshire]:California
Locality Name (eg, city) [Newbury]:San Francisco
Organization Name (eg, company) [My Company Ltd]:Jaspersoft
Organizational Unit Name (eg, section) []:Engineering
Common Name (eg, your name or your server's hostname) []:fed1764-csauto.jaspersoft.com
Email Address []:engineering@jaspersoft.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Generate a temporary certificate which is good for 365 days.
[root@fed1764-csauto mod_jk]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
Signature ok
subject=/C=CH/ST=Bern/L=Oberdiessbach/O=Akadia AG/OU=Information
Technology/CN=public.akadia.com/Email=martin dot zahn at akadia dot ch
Getting Private key
Finally, make all the the files read-only.
[root@fed1764-csauto mod_jk]# chmod 400 server.*
This completes the certificate creation.
Install and Configure mod_ssl
[root@fed1764-csauto mod_jk]# yum -y install mod_ssl [root@fed1764-csauto mod_jk]# vi /etc/httpd/conf.d/ssl.conf
Open ssl.conf in a text editor.
# line 78: uncomment
DocumentRoot "/var/www/html"
# line 79: uncomment and specify server name and port
ServerName fed1764-csauto.jaspersoft.com:443
# Make a new line after line 79 and specify the JkMount
JkMount /jasperserver-pro worker 1
JkMount /jasperserver-pro/* worker 1
# line 115: specify certificate
SSLCertificateFile /etc/pki/tls/certs/server.crt
# line 122: specify certificate key
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
Finally, restart the web server and validate the SSL connection.
[root@fed1764-csauto mod_jk]# systemctl restart httpd.service
Go to https://<hostname>/jasperser-pro in a browser to validate the SSL connection.
This completes the secure server configuration.
Recommended Comments
There are no comments to display.