Thanks Christopher I will address the security issues if I am actually able to get mod_jk to execute a jsp!
I have now removed everything from mod_jk.conf except for the global directives and I now have my httpd.conf looking like: # # JK for connections to Tomcat # LoadModule jk_module modules/mod_jk.so Include /etc/httpd/conf/mod_jk.conf <IfModule jk_module> JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /var/log/httpd/mod_jk.log JkLogLevel info Alias /sft "/var/webapps/sft" <Directory "/var/webapps/sft"> Options Indexes FollowSymLinks </Directory> <Location "/sft/WEB-INF/"> AllowOverride None deny from all </Location> </IfModule> ## ## SSL Virtual Host Context <VirtualHost sfta.a.b.c:443> JkMount /sft/* loadbalancer JkUnMount /*.html loadbalancer </VirtualHost> I still get the jsp file returned as text so I obviously still have problems and initially I would just like to get apache to invoke mod_jk and return me the dynamic content. I have looked in the mod_jk.conf file and there are no errors so I assume the versions of software I have installed are compatible? This is in my mod_jk.conf file: [Mon Apr 23 15:11:51.006 2012] [9293:3078489792] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.35 initialized > Date: Mon, 23 Apr 2012 10:04:00 -0400 > From: ch...@christopherschultz.net > To: users@tomcat.apache.org > Subject: Re: Mod_jk returning source code of jsp files > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ironclaw, > > On 4/23/12 9:18 AM, ironclaw hand wrote: > > So are you saying I should do away with the mod_jk.conf > > completely? > > That depends upon what is in mod_jk.conf. Your mod_jk.conf looks like > a mix between global mod_jk directives (e.g. JkWorkersFile) and > VirtualHost-specific directives (e.g. <Location> and JkMounts). > > I would recommend putting all your global configuration into > mod_jk.conf and then putting your VirtualHost-specific configuration > into the appropriate VirtualHost (possibly the default one). > > It looks like you have an old example of how to set up mod_jk. The > following properties are no longer useful in workers.properties: > > workers.apache_log=/var/log/httpd/ > workers.tomcat_home=/var/tomcat > workers.java_home=/usr/java/latest > ps=/ > > Finally, if you are going to do this: > > Alias /sft "/var/webapps/sft" > <Directory "/var/webapps/sft"> > Options Indexes FollowSymLinks > </Directory> > > You'll have to protect more than just this: > > <Location "/sft/WEB-INF/"> > AllowOverride None > deny from all > </Location> > > If you have anything sensitive in sft/META-INF (like a context.xml > containing your LDAP or database credentials for instance). > > Also, since the content lives on the filesystem, you might be better > off using a <Directory> directive instead (or in addition to) > <Location>. Be very careful if you decide to use an Alias to your > appBase: it's usually discouraged on a security basis. > > > JkMount /sft/* loadbalancer > > > > JkUnMount /*.html loadbalancer > > JkMounts need to be *inside* a VirtualHost: otherwise, they have no > effect. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk+VYVAACgkQ9CaO5/Lv0PCkVgCgqw11nIU5ZnJ1DZ165WQQ1ZEN > UTAAn2CKlcjIiOO+oFkQFGHeJFpfVHQt > =w8JP > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
