Built with Apache Lenya

Running Lenya Behind Apache with mod_proxy_ajp

Table of Contents

Configuring the AJP Connector in Tomcat
Configuring the Apache Web Server
Advanced Configuration: One Virtual Host per Publications

Configuring the AJP Connector in Tomcat

The file $TOMCAT_HOME/conf/server.xml contains an AJP 1.3 connector on port 8009 by default:

<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3"/>

If the connector is not present, you have to add it.

Configuring the Apache Web Server

Now we'll declare the virtual hosts for the Apache web server. We assume that the Lenya application runs in the root servlet context (/).

In the simple configuration example the complete URI space of the servlet is accessible at https://cms.example.com/, the authoring environment for the default publication at https://cms.example.com/default/authoring/. This scenario is suitable for most applications, especially if the Lenya instance contains multiple publications. In this example, the authoring environment is only accessible via an SSL connection, which is recommended since the login information is encrypted.

In Apache 2 on Debian Linux the website configuration files are typically located in the directory /etc/apache2/sites-available. On Mac OS X 10.5 the configuration file is /etc/apache2/extra/httpd-vhosts.conf. The contents of the file should look like this:

NameVirtualHost *:80
NameVirtualHost *:443

# This is the SSL host for the authoring environment.
<VirtualHost *:443>
    ServerName cms.example.com
    ServerAlias cms

    ProxyRequests Off

    SSLEngine On
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl/server.key

    <Location />
      ProxyPass ajp://localhost:8009/
      ProxyPassReverse https://cms.example.com/
    </Location>

    ErrorLog /var/log/apache2/ssl.cms.example.com-error_log
    CustomLog /var/log/apache2/ssl.cms.example.com-access_log common

</VirtualHost>

# This is the non-SSL host for the live area.
<VirtualHost *:80>
    ServerAdmin webmaster@www.example.com
    ServerName www.example.com
    ServerAlias www

    ProxyRequests Off

    <Location />
      ProxyPass ajp://localhost:8009/default/live/
      ProxyPassReverse http://www.example.com/default/live/
    </Location>

    ErrorLog /var/log/apache2/www.example.com-error_log
    CustomLog /var/log/apache2/www.example.com-access_log common
</VirtualHost>

Advanced Configuration: One Virtual Host per Publications

In the complex configuration example, we provide both SSL and non-SSL access to the authoring environment. Additionally, the publication ID is stripped from the URI, i.e. the authoring environment is accessible at http[s]://cms.example.com/authoring/. This setup is especially useful if you want to provide access to different publications via different virtual hosts.

NameVirtualHost *:80
NameVirtualHost *:443

# This is the non-SSL host for the authoring environment.
<VirtualHost *:80>
    ServerAdmin webmaster@cms.example.com
    ServerName cms.example.com
    ServerAlias cms

    ProxyRequests Off

    RewriteEngine On
    RewriteLog /var/log/apache2/cms.example.com-rewrite_log
    RewriteLogLevel 4
    
    # Redirect the login usecase to https
    RewriteCond %{QUERY_STRING} (.*)lenya\.usecase=ac\.login(.*)
    RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

    <Location /lenya/>
      ProxyPass ajp://localhost:8009/lenya/
      ProxyPassReverse http://cms.example.com/lenya/
    </Location>

    <Location /modules/>
      ProxyPass ajp://localhost:8009/modules/
      ProxyPassReverse http://cms.example.com/modules/
    </Location>

    <Location /default/modules/>
      ProxyPass ajp://localhost:8009/default/modules/
      ProxyPassReverse http://cms.example.com/default/modules/
    </Location>

    <Location />
      ProxyPass ajp://localhost:8009/default/
      ProxyPassReverse http://cms.example.com/default/
    </Location>

    ErrorLog /var/log/apache2/cms.example.com-error_log
    CustomLog /var/log/apache2/cms.example.com-access_log common
</VirtualHost>

# This is the SSL host for the authoring environment.
<VirtualHost *:443>
    ServerName cms.example.com
    ServerAlias cms

    ProxyRequests Off

    SSLEngine On
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl/server.key

    <Location /lenya/>
      ProxyPass ajp://localhost:8009/lenya/
      ProxyPassReverse https://cms.example.com/lenya/
    </Location>

    <Location /modules/>
      ProxyPass ajp://localhost:8009/modules/
      ProxyPassReverse https://cms.example.com/modules/
    </Location>

    <Location /default/modules/>
      ProxyPass ajp://localhost:8009/default/modules/
      ProxyPassReverse https://cms.example.com/default/modules/
    </Location>
    
    <Location />
      ProxyPass ajp://localhost:8009/default/
      ProxyPassReverse https://cms.example.com/default/
    </Location>

    ErrorLog /var/log/apache2/ssl.cms.example.com-error_log
    CustomLog /var/log/apache2/ssl.cms.example.com-access_log common

</VirtualHost>

# This is the non-SSL host for the live area.
<VirtualHost *:80>
    ServerAdmin webmaster@www.example.com
    ServerName www.example.com
    ServerAlias www

    ProxyRequests Off

    <Location />
      ProxyPass ajp://localhost:8009/default/live/
      ProxyPassReverse http://www.example.com/default/live/
    </Location>

    ErrorLog /var/log/apache2/www.example.com-error_log
    CustomLog /var/log/apache2/www.example.com-access_log common
</VirtualHost>