Downloads:
https://www.apachelounge.com/download/VS16/binaries/httpd-2.4.48-win64-VS16.zip
https://www.apachelounge.com/download/VS16/modules/mod_jk-1.2.48-win64-VS16.zip
https://tomcat.apache.org/download-90.cgi
https://download.java.net/java/GA/jdk11/9/GPL/openjdk-11.0.2_windows-x64_bin.zip
https://slproweb.com/products/Win32OpenSSL.html
Versions:
Windows Server 2019 Datacenter
Apache HTTPD 2.4.48
Apache Tomcat 9.0.50
OpenJDK 11.0.2
mod_jk 1.2.48
OpenSSL v1.1.1k
Resources:
https://www.apachelounge.com/download/
https://jdk.java.net/archive/
https://wrapper.tanukisoftware.com/doc/english/download.jsp
https://www.sslshopper.com/
https://www.mulesoft.com/tcat/apache-tomcat-mod-jk-connector-configuration
https://tomcat.apache.org/connectors-doc/reference/workers.html
https://tomcat.apache.org/connectors-doc/common_howto/workers.html
Server URLs (http):
http://localhost/jkmanager/
http://localhost/test/
http://localhost:9001/
http://localhost:9002/
Server URLs (https):
https://localhost/jkmanager/
https://localhost/test/
https://localhost:9441/
https://localhost:9442/
Troubleshooting:
https://stackoverflow.com/questions/53987491/how-to-install-apache-2-on-windows-10/54006548
https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html
https://stackoverflow.com/questions/16658038/cant-open-config-file-usr-local-ssl-openssl-cnf-on-windows
https://stackoverflow.com/questions/62595897/tomcat-error-ajp-servicejk-ajp-common-c-ajp-send-requestjk-ajp-common-c
https://serverfault.com/questions/1014102/mod-jk-unable-to-connect-with-tomcat9
https://serverfault.com/questions/390840/how-does-one-get-tomcat-to-bind-to-ipv4-address#391027
https://serverfault.com/questions/374499/apache-mod-jk-setting-for-tomcat-workers-properties
http://tomcat.10.x6.nabble.com/Can-t-get-jkmanager-working-td2163642.html
http://tomcat.10.x6.nabble.com/mod-jk-missing-uri-map-td2151079.html
Step 1: Install OpenJDK
- Select a location to install OpenJDK. You can place it wherever you like. In my example, I placed everything on my C:\ drive.
- Copy the entire jdk-11.0.2 folder to your selected location.
- C:\Java\jdk-11.0.2
- Open Windows Environment Variables to add JAVA_HOME to the System Variables.
- Variable name: JAVA_HOME
- Variable value: C:\Java\jdk-11.0.2
- Once you have JAVA_HOME as a System Variable, you can add it to the PATH.
- Edit Path
- Add a new variable location
- %JAVA_HOME%\bin
- Now OpenJDK should be installed. You can verify this by running various Java commands through a command prompt in any directory. Use these commands to test it.
- java -version
- where java
Step 2: Install OpenSSL
- When launching Win64OpenSSL_Light-1_1_1k.exe, you may be prompted to install a missing Windows Server redistributable.
- Click the link in the prompt to download VC_redist.x64.exe.
- Install VC_redist.x64.exe
- With the dependencies installed, you can now run Win64OpenSSL_Light-1_1_1k.exe.
- You can choose the location to install OpenSSL-Win64.
- Accept all other defaults in the installation wizard.
- Add the OpenSSL bin directory to the Environment Variables PATH like we did above with OpenJDK/Java.
- In my instance, my path looks like this since I’m using the C:\ drive to install my applications.
- C:\OpenSSL-Win64\bin
- Now that OpenSSL is added to the path, we can use this program in any directory in command prompt.
- To test this, open a command prompt and type the following commands. See the example below.
- openssl
- help
C:\Users\Alex>openssl
OpenSSL> help
Note: We will need OpenSSL later to generate self-signed certificates to use SSL for Apache HTTPD and Tomcat.
Step 3: Install Apache Tomcat
Since this is a load balancing configuration, we will want to install two independent instances of Apache Tomcat. To do this, simply select a different folder for each instance to be installed in.
For example, I created two folders called 001 and 002 for each instance. This is what my folder structure looks like.
C:\Tomcat\001
C:\Tomcat\002
- Once you create your locations, run the apache-tomcat-9.0.50.exe installer to launch the wizard.
- Use port 9001 for your HTTP/1.1 Connector Port.
- Use Tomcat9_001 as the Windows Service Name.
- The next screen should ask for the Java path. If OpenJDK was installed properly, it should automatically find it for you.
- Then select the destination folder for your Apache Tomcat installs.
- You will install each instance in its own destination folder.
- Use port 9002 for your HTTP/1.1 Connector Port on the second instance.
- Use Tomcat9_002 as the Windows Service Name for the second instance.
- If they both installed properly, you can start the services in Windows Services.
- Confirm they are running by visiting the following URLs in your browser.
- If both show the Host Manager default web page, then you were successful.
- Now you may stop both Tomcat instances as we will be making changes to the configuration later.
Step 4: Install Apache HTTPD
- Extract the contents of httpd-2.4.48-win64-VS16.zip
- You should see a folder called Apache24.
- Copy/Paste this Apache24 folder in your chosen location.
- In my example, I placed it in C:\Apache24
- You can also add Apache to the Environment Variables PATH.
- My example looks like the following:
- C:\Apache24\bin
- Once it is added to the PATH, you can access it from the command line in any directory.
- In the Apache24 folder, we will need to edit the httpd.conf file. Keep this file open in your text editor as we will modify it frequently.
- C:\Apache24\conf\httpd.conf
- On line 37, there is a line you will have to modify if your Apache is in a different location.
- Define SRVROOT “A:/Apache24”
- Note the forward slash. Although we are in Windows, we will use forward slashes for the Apache configuration files /
- Once the httpd.conf file is updated with the path to your Apache24 folder, then open a command prompt and type the following command.
- httpd -k install
- You may see the following output if it installs correctly.
C:\Users\Alex>httpd -k install
Installing the ‘Apache2.4’ service
The ‘Apache2.4’ service is successfully installed.
Testing httpd.conf….
Errors reported here must be corrected before the service can be started.
- Go to Windows Services and start the Apache2.4 service.
- If it remains running, then open a browser and visit this URL
- http://localhost/
- You should see a web page that says “It works!” if Apache2.4 is running.
Step 5: Configure mod_jk for Apache HTTPD
- In the mod_jk-1.2.48-win64-VS16 folder, copy and paste the mod_jk.so file into the C:\Apache24\modules directory.
- Once the mod_jk.so file is placed, we will need to configure the httpd.conf file in the C:\Apache24\conf directory
- In the httpd.conf file, make the following changes:
- Uncomment on line 178
- LoadModule ssl_module modules/mod_ssl.so
- Uncomment on line 529
- Include conf/extra/httpd-ssl.conf
- Add the following block to the bottom of the file:
- Uncomment on line 178
AcceptFilter http none
AcceptFilter https none
# AJP13 Proxy
Include “conf/extra/httpd-ajp.conf”
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkLogLevel info
JkLogFile logs/mod_jk.log
JkMount /test/* lb
JkMountCopy All
#JkMount /jkmanager/* jkstatus
JkMount jkstatus
#Order deny,allow
#Deny from all
#Allow from 127.0.0.1
Step 6: Configure httpd-ssl.conf
- Open the C:\Apache24\conf\extra\httpd-ssl.conf
- Make the following changes to this file:
- Comment lines 92 and 93
- SSLSessionCache “shmcb:${SRVROOT}/logs/ssl_scache(512000)”
- SSLSessionCacheTimeout 300
- Update line 125
- ServerName localhost:443
- Comment lines 92 and 93
Step 7: Configure httpd-vhosts.conf
- Add the following block to the C:\Apache24\conf\extra\httpd-vhosts.conf
ServerName 127.0.0.1
SSLEngine on
SSLCertificateFile “${SRVROOT}/conf/server.crt”
SSLCertificateKeyFile “${SRVROOT}/conf/server.key”
Step 8: Create and Configure the workers.properties file
- Create a file called workers.properties in the C:\Apache24\conf directory
- Add the following to the workers.properties file
# Define the settings for the Apache Tomcat workers
# Tomcat9_001 (Worker 1)
worker.worker1.type=ajp13
worker.worker1.host=127.0.0.1
#specify the ajp port used in $CATALINA_HOME/conf/server.xml
worker.worker1.port=8001
# Tomcat9_002 (Worker 2)
worker.worker2.type=ajp13
worker.worker2.host=127.0.0.1
#specify the ajp port used in $CATALINA_HOME/conf/server.xml
worker.worker2.port=8002
# Define general worker settings
# https://tomcat.apache.org/connectors-doc/reference/workers.html
worker.list=lb,jkstatus
worker.lb.type=lb
worker.lb.balance_workers=worker1,worker2
worker.jkstatus.type=status
worker.lb.sticky_session=true
worker.lb.method=B
Step 9: Create a Java Keystore for Apache Tomcat SSL
- Open a command prompt and create a keystore using OpenSSL. Navigate to a directory of your choosing where you will store the certificates.
- Run the following command. In this example, the alias is “apache” and the password is “secret”. You can change these values to whatever you like.
- keytool -genkey -keyalg RSA -alias apache -keystore keystore.jks -storepass secret -validity 360 -keysize 2048
- Complete the form prompts to create the keystore.
- Once complete, you should have a keystore.jks file.
Step 10: Create a self-signed certificate for Apache HTTPD
- Open a command prompt and create a self-signed certificate using OpenSSL. Navigate to a directory of your choosing where you will store the certificates.
- Run the following command.
- openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
- Complete the form prompts to create the certificate files.
- Once complete, you should have a server.key and server.crt file.
- Move these two files to the C:\Apache24\conf directory.
Step 11a: Configure Apache Tomcat instance 001
- Open the server.xml file located in the C:\Tomcat\001\conf\ directory.
- Make the following changes to the server.xml file.
- Comment the <Connector> on lines 69-71
- Add the following block below the <Connector> tag you just commented
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9441" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="E:\Certificates\keystore.jks"
keystorePass="secret"
clientAuth="false" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" />
- Find the commented out <Connector> tag for AJP 1.3
- Uncomment this tag and make the following changes to it looks like this:
- <Connector protocol=”AJP/1.3″ address=”127.0.0.1″ port=”8001″ redirectPort=”9441″ secretRequired=”false” />
- Below this line, find the <Engine> tag.
- Make the following changes so it looks like this:
- <Engine name=”Catalina” defaultHost=”127.0.0.1″ jvmRoute=”worker1″>
Step 11b: Configure Apache Tomcat instance 002
- Open the server.xml file located in the C:\Tomcat\002\conf\ directory.
- Make the following changes to the server.xml file.
- Comment the <Connector> on lines 69-71
- Add the following block below the <Connector> tag you just commented
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9442" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="E:\Certificates\keystore.jks"
keystorePass="secret"
clientAuth="false" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" />
- Find the commented out <Connector> tag for AJP 1.3
- Uncomment this tag and make the following changes to it looks like this:
- <Connector protocol=”AJP/1.3″ address=”127.0.0.1″ port=”8002″ redirectPort=”9442″ secretRequired=”false” />
- Below this line, find the <Engine> tag.
- Make the following changes so it looks like this:
- <Engine name=”Catalina” defaultHost=”127.0.0.1″ jvmRoute=”worker2″>
Step 12: Monitoring the load balancer with jkmanager
Once you have completed the configuration, you can visit the following URL to go to your JKManager web page. This will show real time information about your currently load balanced servers.
https://localhost/jkmanager/