Apache Software Foundation 10 th Anniversary Celebrations

1. Apache Software Foundation 10th Anniversary Celebrations

2. Today's programme • Guidelines for GSoC by Suran Jayathilaka • Apache HTTP Server, Jboss, SSL – Setup Overview by Chaminda Delpagodage • Java Servlet Life Cycle by Koshika Surasena

3. Apache HTTP Server, Jboss, SSL Setup overview

4. Name : Chaminda Delpagodage Professional Career : Senior Systems Engineer at Aeturnum FOSS World : Member of LKLUG (http://www.linux.lk) Lecturer at “Linux Network Administration” external course conducted by UCSC (University of Colombo School of Computing) Background : Graduated (MCSc) from UCSC Linux/Unix server and network administrator

5. What to expect ! Apache, Jboss, SSL – Setup overview Apache server installation & configuration SSL/TLS security Jboss AS installation & configuration Connecting Apache-Jboss What is Apache-Jboss load-balancing and fail-over

6. HTTP or HTTPS (over SSL) communication Apache Web Server SSL/TLS security Tomcat connector AJP1.3 communication Using tomcat-connector Jboss App Server Tomcat Servelet container

7. Apache HTTP Server Most widely used web server Supports HTML, PHP, Perl, SSI .. etc Does not support Java servelets or ASP.NET Very stable Supports almost all OS's

8. Stats

9. Installation Using source (ex. httpd-2.2.3.tar.gz) $ tar -xzvf httpd-2.2.3.tar.gz $ cd httpd-2.2.3 $ ./configure –prefix=/usr/local/apache $ make # make install Using .rpm files, .deb files or binaries Using package managers (ex. Using 'yum' in Fedora). Any way they use source or some package files behind the scene # yum install httpd

10. Manage the server # /etc/init.d/httpd start|stop|restart|reload|status # httpd -V (shows server details)

11. Configuration Main configuration file is 'httpd.conf'. Usually located at /etc/httpd/conf/httpd.conf Some parameters ; ServerName ServerRoot DocumentRoot (place where web pages are)

12. More config... VirtualHost Allows multiple web sites to run in single web server Two ways IP based (when web server has multiple IP addresses) Name based (no need of multiple IP addresses) Simply add VirtualHost declarations into /etc/httpd/conf.d/vhosts.conf

13. VirtualHost example NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin chaminda@aeturnum.com DocumentRoot /var/www/html/www.testhost.com/htdocs ServerName www.testhost.com ServerAlias testhost.com ErrorLog logs/www.testhost.com-error_log CustomLog logs/www.testhost.com-access_log common </VirtualHost> In order to test this.. the name www.testhost.com has to be pointed to 127.0.0.1. This can be done by putting an entry in /etc/hosts file 127.0.0.1 localhost www.testhost.com

14. Apache with SSL (HTTPS) Provides authentication and confidentiality of the messages Uses asymmetric cryptography (public key cryptography) for the session key exchange Uses symmetric cryptography for the message encryption/decryption

16. Configuring SSL in Apache(for testing purposes) Install “mod_ssl” This would install a self signed dummy certificate in Apache Edit /etc/httpd/conf.d/ssl.conf if necessary Restart Apache Done Test using https://localhost/

17. Configuring SSL in Apache(for production setups) Install “mod_ssl” Generate a key pair, CSR and send the CSR to a CA (Certificate Authority) such as Verisign, Thawte for signing Install the CA signed certificate in web server

18. Generate a private key for the server # openssl genrsa -out my-server.key 1024 Create a new certificate signing request (CSR) ; # openssl req -new -key my-server.key -out my-server.csr 1. Send the .csr to a CA (Certificate Authority) like Verisign .. OR 2. generate a self sign certificate Generating a self signed certificate # openssl x509 -req -days 365 -in my-server.csr -signkey my-server.key -out my-server.crt Now configure /etc/httpd/conf.d/ssl.conf to point to newly generated key/certificate, and restart the web server Test it by accessing https://my-server/ Generating a SSL certificate

19. Installing Java/JBoss Install JDK or JRE (# ./jdk-6u7-linux-i586.bin) Configure environment variables (JAVA_HOME, PATH) Extract jboss-4.2.1-GA.zip and copy to appropriate place # /JBOSSHOME/bin/run.sh -c default -b 0.0.0.0 Test : http://localhost:8080

20. Configure Tomcat-Connector Copy correct version of mod_jk.so into Apache modules directory (/etc/httpd/modules) Configure the mod_jk using /etc/httpd/conf.d/mod-jk.conf Configure the Tomcat workers using /etc/httpd/conf/workers.properties Restart Apache Test : http://localhost/ (Note ! No 8080. Still it should show the jboss default page)

21. Configure Jboss server Edit JBOSSHOME/server/default/deploy/jboss-web.deployer/server.xml Set jvmRoute=node1 (name of the worker as in workers.properties) Edit JBOSSHOME/server/default/deploy/jboss-web.deployer/META-INF/jboss-service.xml Set UseJK=true Restart Jboss

22. Using tomcat-connector with HTTPS Edit /etc/httpd/conf.d/ssl.conf Add below line in SSL VirtualHost section. This directs all traffic to Jboss behind; JkMount /* node1 Restart Apache Test : https://localhost (this should show default Jboss page)

23. Load-balancing HTTP or HTTPS (over SSL) communication Jboss App Server SSL/TLS security Tomcat connector AJP1.3 communication Using tomcat-connector Jboss App Server Jboss App Server Tomcat Servelet container Tomcat Servelet container

24. Load-balancing Define a load-balancing worker in /etc/httpd/conf/workers.properties Set sticky_session=1 Define load-balancing factors for child workers Configure correct jvmRoute values in server.xml of Jboss nodes Configure UseJK=true in jboss-service.xml of Jboss nodes Restart Apache, Jboss

25. Fail-over Jboss Clustering is the way Need to run Jboss 'all' configurations ('default' doesn't support clustering) Replicates session between Jboss nodes at each transaction By default supports http session level fail-over at a node failure /etc/httpd/conf/workers.properties should be same as load-balancing, except for setting sticky_session=0 for complete random request forwarding

26. Q & A