Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
stylenone

Overview

Note
titleNotes:
  • This document only applies to systems that run cPanel & WHM version 76 or above.
  • You must possess root user access to create an Apache Tomcat® proxy.

This document explains how to configure a proxy for Tomcat in EasyApache 4.

Configure a proxy

Note
titleNotes:
  • When you assign Tomcat access to a cPanel user, the script assigns three ports to the user. You can find these port assignments in the  /etc/cpanel/cpuser_port_authority.json  file and the user's ~/ea-tomcat85/conf/server.xml file.
  • The following examples are not comprehensive. Many methods exist to proxy from Apache® to Tomcat. For more information about AJP, read Apache's AJP documentation.

To configure a proxy for EasyApache 4, create a virtual host include file for any domain for which you wish to proxy an application to Tomcat. Add your include file to the appropriate location in the  /etc/apache2/ directory.  For more information about Apache include files and their locations, read our  Modify Apache Virtual Hosts with Include Files  documentation.

After you create or edit an Apache include userdata file, you must rebuild the httpd.conf file and restart Apache for the changes to take effect. 

To rebuild the httpd.conf file, run the following script:

Code Block
languagebash
/usr/local/cpanel/scripts/rebuildhttpdconf


To restart Apache, run the following script:

Code Block
languagebash
/usr/local/cpanel/scripts/restartsrv_httpd

LiteSpeed Web Server

If you wish to use LiteSpeed with Tomcat, your server must use the Tomcat instance's assigned port. LiteSpeed is not compatible with the ProxyPassMatch directive and will not proxy from the assigned port to port 80

Configure an app for AJP

To configure an app to use AJP, your entry might resemble the following example, where /docs represents the app that you wish to use and 11111 represents the user's AJP port number:

Code Block
languagebash
linenumberstrue
<IfModule proxy_ajp_module>
	ProxyPass "/docs" "ajp://127.0.0.1:11111/docs"
</IfModule>

In the above example, if you navigated to  http://example.com/docs , the server would proxy the response to the docs Tomcat application.  

Set up a subdomain proxy

To set up a subdomain proxy, your entry might resemble the following example, where 11111 represents the user's AJP port and store represents the name of the Tomcat application:

Code Block
languagebash
linenumberstrue
<IfModule proxy_ajp_module>
	ProxyPass "/" "ajp://127.0.0.1:11111/store"
</IfModule>

In the above example, if you navigated to http://store.example.com, the server would proxy the response to the store Tomcat application.

Mimic EasyApache 3 Tomcat proxy behavior in EasyApache 4

You can mimic EasyApache 3's proxy behavior in a private instance and run applications from the user's document root.

Warning
titleWarning:

We strongly recommend that you do not mimic EasyApache 3's behavior. If you create a proxy for Tomcat to a user's document root, a malicious user could bypass the Apache access permissions for the files located in that directory. If you choose to perform this action, you must limit your Tomcat ports to only the users that require access.

We also strongly recommend that you disable listening on any ports that you do not intend to use. For example, if you will only use HTTP, we recommend that you disable the AJP port. Or, if you will only proxy to AJP, we recommend that you disable the HTTP port.

To configure this behavior, perform the following steps:

  • Add a  Host  entry to the ~/ea-tomcat85/conf/server.xml file.
  • Create an include file to act as a proxy for the appropriate domain with the mod_proxy_ajp Apache module. 

Your include file would resemble the following example, where 11111 represents the user's AJP port:

Code Block
languagebash
linenumberstrue
<IfModule proxy_ajp_module>
	ProxyPassMatch "^/(.\.jsp|.\.do|(?:./)?servlets?/.)$" "ajp://127.0.0.1:11111/$1"
</IfModule>

This method ensures that the application functions similarly to EasyApache 3, except it now runs as the user.

Additional documentation

Localtab Group


Localtab
activetrue
titleSuggested documentation


Localtab
titleFor cPanel users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("ea4","tomcat") and label = "cpanel" and space = currentSpace()


Localtab
titleFor WHM users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("ea4","tomcat") and label = "whm" and space in (currentSpace(),"CKB")


Localtab
titleFor developers

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("ea4","tomcat") and space = "DD"