Jump to content
We've recently updated our Privacy Statement, available here ×

  • Installing and Configuring an Apache HTTPD Server with SSL

    rmiller

    By rmiller

      • Features: JasperReports Server Product: JasperReports® Server
     Share

    Introduction

    In this article, we will show how to install and configure the Apache HTTPD server to connect with JasperReports Server using the mod_jk module, and then configure it as a secure server using the mod_ssl module. In this article we describe how to do this on Linux Fedora – see this page for the procedure to install the web server on Ubuntu.

    Install Apache Web Server

    You must be logged in as root. From the command line type:

    [root@fed1764-csauto mod_jk]# yum -y install httpd

    Install and Configure mod_jk

    Go to http://tomcat.apache.org/download-connectors.cgi and download the "JK 1.2.xx Source Release tar.gz" archive. Create the directory /root/mod_jk and move the archive to it. Unpack the archive:

    [root@fed1764-csauto mod_jk]# tar -xvf tomcat-connectors-1.2.xx.tar.gz

    To build the package you may need to download the httpd-devel package. To find out if it is already installed type “which apxs” at the command line, if it is not available install it using the following command.

    [root@fed1764-csauto mod_jk]# yum -y install httpd-devel

    Navigate to the tomcat-connectors-1.2.xx-src/native directory in your expanded archive and compile the package.

    [root@fed1764-csauto mod_jk]# ./configure --with-apxs=/usr/sbin/apxs
[root@fed1764-csauto mod_jk]# make
[root@fed1764-csauto mod_jk]# make install

    This will compile and install the mod_jk.so module into /etc/httpd/modules directory.

    Configure the mod_jk module

    Navigate to /etc/httpd/conf and open httpd.conf in a text editor. Add the following configuration:

    #
# Tomcat Jakarta connector configuration
# see http://tomcat.apache.org/connectors-doc for more info
#
# Load mod_jk module
LoadModule    jk_module  modules/mod_jk.so

# Where to find workers.properties
JkWorkersFile /etc/httpd/conf/workers.properties

# Where to put jk logs
JkLogFile     /var/log/httpd/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel    debug

# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

# JkOptions indicate to send SSL KEY SIZE,
JkOptions     +ForwardKeySize +ForwardURICompat -ForwardDirectories

# JkRequestLogFormat set the request format
JkRequestLogFormat     "%w %V %T"

# jasperserver-pro mount points
JkMount  /jasperserver-pro worker1
JkMount  /jasperserver-pro/* worker1

    Be sure the server names for JkMount match your server name.

    Create /etc/httpd/conf/workers.properties and add the following configuration:

    #
# begin workers.properties
# Define 1 real worker using ajp13
worker.list=worker1
# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.lbfactor=50
worker.worker1.cachesize=10
worker.worker1.cache_timeout=600
worker.worker1.socket_keepalive=1
worker.worker1.recycle_timeout=300
# end workers.properties

    Enable the httpd worker service, start the web server and test it's status. At the command line type:

    [root@fed1764-csauto mod_jk]# systemctl enable httpd-worker.service
[root@fed1764-csauto mod_jk]# service httpd-worker start
[root@fed1764-csauto mod_jk]# service httpd-worker status

    Make sure that the Jasperserver application is started, then go to http://<hostname>/jasperser-pro in your browser to validate that you can reach the application via the web server on port 80.

    Install and Configure the Secure Server

    First create a self-signed SSL certificate.

    [root@fed1764-csauto mod_jk]# cd /etc/pki/tls/certs
[root@fed1764-csauto mod_jk]# make server.key

    umask 77 ;

    /usr/bin/openssl genrsa -aes128 2048 > server.key

    Generating RSA private key, 1024 bit long modulus

    .........................................................++++++

    ........++++++

    e is 65537 (0x10001)

    Enter PEM pass phrase:

    Verifying password - Enter PEM pass phrase:

    Enter anything for the pass phrase – many people use “secret,” remember it, you will need it in the next step.

    Remove passphrase from private key.

    [root@fed1764-csauto mod_jk]# openssl rsa -in server.key -out server.key

    Enter pass phrase for server.key:

    writing RSA key

    Generate the certificate signing request (CSR).

    [root@fed1764-csauto mod_jk]# make server.csr

    umask 77 ;

    /usr/bin/openssl req -utf8 -new -key server.key -out server.csr

    You are about to be asked to enter information that will be incorporated

    into your certificate request.

    What you are about to enter is what is called a Distinguished Name or a DN.

    There are quite a few fields but you can leave some blank

    For some fields there will be a default value,

    If you enter '.', the field will be left blank.

    Country Name (2 letter code) [GB]:US

    State or Province Name (full name) [berkshire]:California

    Locality Name (eg, city) [Newbury]:San Francisco

    Organization Name (eg, company) [My Company Ltd]:Jaspersoft

    Organizational Unit Name (eg, section) []:Engineering

    Common Name (eg, your name or your server's hostname) []:fed1764-csauto.jaspersoft.com

    Email Address []:engineering@jaspersoft.com

    Please enter the following 'extra' attributes

    to be sent with your certificate request

    A challenge password []:

    An optional company name []:

    Generate a temporary certificate which is good for 365 days.

    [root@fed1764-csauto mod_jk]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

    Signature ok

    subject=/C=CH/ST=Bern/L=Oberdiessbach/O=Akadia AG/OU=Information

    Technology/CN=public.akadia.com/Email=martin dot zahn at akadia dot ch

    Getting Private key

    Finally, make all the the files read-only.

    [root@fed1764-csauto mod_jk]# chmod 400 server.*

    This completes the certificate creation. 

    Install and Configure mod_ssl

    [root@fed1764-csauto mod_jk]# yum -y install mod_ssl
[root@fed1764-csauto mod_jk]# vi /etc/httpd/conf.d/ssl.conf

    Open ssl.conf in a text editor.

    # line 78: uncomment

    DocumentRoot "/var/www/html"

    # line 79: uncomment and specify server name and port

        ServerName fed1764-csauto.jaspersoft.com:443

    # Make a new line after line 79 and specify the JkMount

        JkMount /jasperserver-pro worker 1

        JkMount /jasperserver-pro/* worker 1

    # line 115: specify certificate

        SSLCertificateFile /etc/pki/tls/certs/server.crt

    # line 122: specify certificate key

        SSLCertificateKeyFile /etc/pki/tls/certs/server.key

    Finally, restart the web server and validate the SSL connection.

    [root@fed1764-csauto mod_jk]# systemctl restart httpd.service

    Go to https://<hostname>/jasperser-pro in a browser to validate the SSL connection.

    This completes the secure server configuration.

     Share
    Go to entries

    User Feedback

    Recommended Comments

    There are no comments to display.



    Guest
    This is now closed for further comments

×
×
  • Create New...

© 2024 Cloud Software Group,
Inc. All rights reserved.

Products

Explore