Thoughts Electrique

OpenCms Apache integration: The simplest solution

My OpenCms Apache Integration Howto for OpenCms 6 still get’s a lot of visitors. Many things have changed since I first wrote this howto and certainly things are a lot easier now. I always wanted to rewrite the howto but till then I will just publish a short update on how to integrate OpenCms 7 with Apache and to remove the /opencms prefix with the most recent software.

Prerequisites

OpenCms 7 (already installed)
Apache HTTPD 2.2 with mod_proxy_ajp
Apache Tomcat 5.5+

Goal of the setup

Dynamic content served from http://www.yourdomain.com/
Static content served from http://www.yourdomain.com/opencms/export/

Steps to perform

Configure Tomcat

As described in the Howto you have to add the emptySessionPath=”true” attribute to the Tomcat AJP Connector in the server.xml:

<Connector emptySessionPath="true" port="8009" protocol="AJP/1.3" />

Configure OpenCms

You have to modify the opencms-importexport.xml configuration file. But beware the <rfs-prefix> doesn’t need changing anymore. In fact: Things won’t work if you change it the old way. These are the settings you want.

       <rfs-prefix>${CONTEXT_NAME}/export</rfs-prefix>
       <vfs-prefix></vfs-prefix>

Don’t forget to restart OpenCms.

Configure Apache HTTPD

Since the AJP Connector is now integrated in mod_proxy you don’t need the (stupid) rewrite rules anymore. I also got rid of the fact that static content is served from Apache. This has several reasons:

The new Tomcat is fast enough to serve static content itself. Espcecially with the NIO / APR Connector.
If you ever want to move the Tomcat to a different machine and use Apache HTTPD as a simple load balancer things get a lot easier if Apache doesn’t need access to the web application files.

Here’s an example virtual host:

<VirtualHost *:80>

  ServerName yourdomain.com
  DocumentRoot /some/directory

  <Proxy ajp://localhost:8009*>
     Allow from all
  </Proxy>

  ProxyPass        /opencms/   ajp://localhost:8009/opencms/
  ProxyPassReverse /opencms/   ajp://localhost:8009/opencms/

  ProxyPass /          ajp://localhost:8009/opencms/opencms/
  ProxyPassReverse /   ajp://localhost:8009/opencms/opencms/

</VirtualHost>

This is it. Don’t hesitate to ask questions.

Tags: Administration, Apache, OpenCms, Tutorial

This entry was posted on Wednesday, March 11th, 2009 at 6:28 pm and is filed under Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

37 Responses to “OpenCms Apache integration: The simplest solution”

Deiverson Says:
March 28th, 2009 at 3:20 pm
I try configure virtualhost in apache 2.2 but dont start after =/, I use jboss 4.2.1, and pointer, I try:
DocumentRoot C:\jboss-421-15\server\default\deploy\
DocumentRoot C:\jboss-421-15\server\default\deploy\project.war

but failed start apache 2.2 =/
Deiverson Says:
March 28th, 2009 at 3:23 pm
Solution!!!

Line:
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf

is comment… ^_^
Deiverson Says:
March 28th, 2009 at 3:48 pm
Atention:

Is need remove comment in:
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
Sebastian Says:
March 29th, 2009 at 12:16 pm
Hi,

yes I forgot to point out you need to activate the modules in your Apache HTTPD. Great that you pointed it out and thanks for the comment.

Best regards,
Sebastian
Iodok Says:
April 7th, 2009 at 9:45 am
Hi Sebastian,
Thanks for that really easy tutorial. It works for me, only having always the same error after doing a apache configtest (on Suse 11.1)
[warn] worker ajp://localhost:8009/opencms/ already used by another worker
[warn] worker ajp://localhost:8009/opencms/ already used by another worker
no matter which port I use for ajp13

Any idea?
Sebastian Says:
April 7th, 2009 at 8:29 pm
Hi Iodok,

AFAIK this happens when you have two virtual hosts connected to the same tomcat instance. I think this is because mod_proxy_ajp creates a dedicated worker for each virtual host on the fly. If you configure the worker yourself (using plain old mod_jk) you can reuse a worker amongst multiple virtual hosts.

I don’t think this is critical and had no problems so far. Nevertheless I will eventually look into it since I get this warning too. But to be honest: Currently this isn’t so important for me.

Maybe check out the apache community for help.

I hope this helped a bit.

Thanks for posting!
Sebastian
Iodok Says:
April 15th, 2009 at 8:39 am
Hi Sebastian,
I have just this one virtual Host connected via mod_proxy_ajp, all others are connected through mod_jk2. But it works and thus I can live with the error-message.

Thanks for your answer

Iodok
Deiverson Says:
May 7th, 2009 at 2:02 am
Its dont work with jboss 4.2.1 =/ I try but dont work, 1 weekend i try… =(
Deiverson Says:
May 7th, 2009 at 4:18 pm
I discovery my project is equals one folder into opencms, my project context name is equals, but work if rename, example:
jboss\default\deploy\portal.war in my project too folder with name portal, ind /sites/default/portal/. It is mistake in proxypass, the solution is rename portal.war for projectportal.war. The name of context is problem. Solved!
Deiverson Says:
May 25th, 2009 at 10:02 pm
I try implement with SSL but dont work… =/
Roman Says:
May 28th, 2009 at 2:28 pm
Is there anything to say against this more lightweight version of the virtual host config:

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/opencms/opencms/?.*
RewriteCond %{REQUEST_URI} !^/opencms/export/?.*
RewriteCond %{REQUEST_URI} !^/opencms/resources/?.*
RewriteCond %{REQUEST_URI} !^/opencms/webdav/?.*
RewriteRule (.*)$ /opencms/opencms%{REQUEST_URI} [PT]

Up to now we had no problems with it.
Sebastian Says:
May 28th, 2009 at 2:38 pm
Roman:

if it works I think it is totally fine. I think it’s just a matter of taste if you want to use mod_proxy and/or mod_rewrite. I really like the expressiveness of the mod_proxy solution though. But it’s great you’re sharing your rules here. Thanks a lot.

Deiverson: What exactly doesn’t work? I so far never had problems with SSL.
Alibek Says:
June 9th, 2009 at 9:55 am
I cannot login into workplace, it redirects me to login page everytime. What is the problem?
Sebastian Says:
June 9th, 2009 at 1:34 pm
Hi,

maybe you forgot to alter the Tomcat-Connector so the Cookie has a wrong path. Did you do this:

Important is the ‘emptySessionPath=”true”‘.

I hope this helps,
Sebastian
Alibek Says:
June 12th, 2009 at 5:46 am
I had external directory docs, which become unavailable when I removed opencms/opencms:
The apache looks for file
tengizchevroil.com/docs/filename.pdf – in opencms/opencms directory.

How can I do not proxy docs directory ?
Sebastian Says:
June 12th, 2009 at 9:15 am
Simply put

ProxyPass /docs !

before all other ProxyPass directives.
Yves Says:
June 19th, 2009 at 9:55 am
With your example Sebastian, did you install opencms as root (ROOT.war), or did you leave it with the default prefix of /opencms/opencms?
Sebastian Says:
June 19th, 2009 at 11:11 am
Hi,

I left it with the default prefix. Basically you can choose every webapp name that you want.

Best regards,
Sebastian
don Says:
August 11th, 2009 at 8:33 am
Hi Sebastian,

thanks for this tutorial!!! worked (like a charm) for me!!! by the way, we’ve met in the 1st opencms days event. take care and thanks again

Don
Sebastian Says:
August 11th, 2009 at 5:40 pm
Hey Don,

yes I remember you from the OpenCms Days (I still have your card). Great to hear that the tutorial worked for you. I hope your OpenCms work goes well.

Sebastian
Don Says:
August 12th, 2009 at 6:03 am
Hi Sebastian,

great! you remembered anyways i’ll ask another question, if you dont mind…

i followed your tutorial and applied it to my local machine .. localhost. and it worked fine. Now, i would like to apply it to the hosted environment, but my hosting plan in only Private Tomcat, therefore i dont have access to httpd.conf. Is there a way to make it work by server.xml alone? or only within tomcat configuration for that matter?

Thanks in advance.

Don
Sebastian Says:
August 12th, 2009 at 5:43 pm
Hi Don,

you can eventually install OpenCms as the ROOT-Webapp (getting rid of the first /opencms) and then try to use the UrlRewriteFilter (http://tuckey.org/urlrewrite/) to somehow get rid of the second. I have never done this so I would have to play around with it by myself. Just contact me if you need further help.

All the best,
Sebastian
Don Says:
August 12th, 2009 at 6:17 pm
Hi Sebastian,

Thanks for the information, i will try it then and let you know.

Cheers,
Don
redjohn Says:
August 21st, 2009 at 12:13 pm
Thanks for this. I was just wondering whether anybody sorted the ajp worker already in use issue out using mod_proxy as I had a contractor in that worked with us who said that this will cause errors down the line so best to sort it before deploying opencms
Ben Says:
August 21st, 2009 at 5:12 pm
Thanks man!
Sebastian Says:
August 21st, 2009 at 5:56 pm
redjohn: I haven’t investigated it further but I have several sites in production and never had any problems with it.
Flipstar Says:
August 25th, 2009 at 12:55 pm
I have the same problem, that I can not login into the workplace explorer. It also redirects me to the login page when I`m trying to open it. I`m using xampp as test enviroment? Could this be the problem?
Sebastian Says:
August 25th, 2009 at 5:50 pm
Flipstar: Have you altered your Tomcat configuration?

If this doesn’t help please post a few more details.

Thanks,
Sebastian
quintana Says:
October 19th, 2009 at 11:46 am
Hi Sebastian
Thank´s for the information

I have one problem, I can´t load the css and the images, the login page and the workplace load well but without images and styles. I have installed the opencms as ROOT, I think my problem is in the opencms.importexport.xml or in my httpd.conf in the ProxyPass path tag, if I see the properties of an image show this path: mydomain.com/resources i think that i need to set the path of the static resources,I´m wrong?

Thank´s Sebastian
Regards Quintana
Sebastian Says:
October 23rd, 2009 at 3:51 am
Hi Quintana,

yes If you install it as root you have to adjust the ProxyPass directive and the importexport.xml. I have to say that I have never done this so you just have to experiment. Probably try to get rid of the first opencms (the context path). Maybe this works.

Best of luck!
Quintana Says:
October 23rd, 2009 at 1:56 pm
Hi Sebastian,

Thank´s for reply!
Finally got it!, after many attemps adjusting the ProxyPass it works fine but the pop up window for search files doesn´t work fine…
I reinstall opencms but as opencms.war and I configure the ProxyPass as you meant here and it works fine! no problem with the pictures, files…

Thank´s Sebastian!

Reggards Quintana
Sebastian Says:
October 31st, 2009 at 5:22 pm
Great to hear! I’m glad you got it working.
arrow3215 Says:
February 3rd, 2010 at 8:47 pm
I have problems to make it work with ssl. I can’t bypass Apache in going via https://site.com:8443/opencms/opemcms/system/login directly to tomcat bcause of the changes in “opencms-importexport.xml” . To the other hand
https://site.de/system/login is not captuered by the virtual host (
ServerName yourdomain.com
….) and an error message “ssl_error_rx_record_too_long” occurs. Can anyone post an ssl config that runs with this ajp solution or do I have to use mod_rwrite?

thanks in advance
Sebastian Says:
February 6th, 2010 at 8:10 pm
Hi, there should be no problems. Make sure your Apache is configured correctly by serving some static pages via SSL. If you want to have an SSL connection all the way through the following directives might for proxying:

SSLProxyEngine On
SSLProxyVerify none

Are you sure you are accessing the right port?
arrow3215 Says:
February 7th, 2010 at 9:33 am
Thanks Sebastian, now it’s running.

I made the proxypass entries twice, one for the http site and one for the https site. So now I have the Site with http and the workplace with https.

In WEB-INF/config/opencms-system.xml :
.
.

https://mysite.de
/sites/default/

The http Virtual host entry for apache is as described above.

The https virtual host entry is as follows:

For integrating awstsats and phpmyadmin in the secure site I tried:

SSLProxyEngine On
SSLProxyVerify none
..
…
..
Alias /phpmyadmin /pathto/phpmyadmin
.
.

ProxyRequests Off
# for proxying to other TomcatAppa for let’s say for example maps
ProxyPass /maps/ ajp://localhost:8009/maps/
ProxyPassReverse /maps/ ajp://localhost:8009/maps/
#
ProxyPass /opencms/ ajp://localhost:8009/opencms/
ProxyPassReverse /opencms/ ajp://localhost:8009/opencms/
# for allowing phpmysql under site.de/phpmyadmin
ProxyPass /phpmydmin !
# for awstatst
ProxyPass /cgi-bin !
ProxyPass /awstats-icon !
ProxyPass / ajp://localhost:8009/opencms/opencms/
ProxyPassReverse / ajp://localhost:8009/opencms/opencms/
arrow3215 Says:
February 7th, 2010 at 9:43 am
@sebastian
your blogsoftware is filtering out half of the post, especially the xml parts in opencms-system.xml description. So this part of my post above makes no sense. I try it verbally:
In WEB-INF/config/opencms-system.xml under the sites entry define your website as secure server. This will cause a login on http://mysite/system/login being redirected to https.
Sebastian Says:
February 7th, 2010 at 5:25 pm
Hi,

thanks for the reply. I think you have put xml between tags. I guess wordpress filters out all the tags that it dosn"t know to prevent XSS.
Yes you need two VirtualHosts for SSL. Sorry I thought you already had it configured this way. I should have been less assuming.
Anyway I'm glad it works for you now. If you have any further questions please stop by.