How To Build Apache and Tomcat

(written by Marcia Perry, 3/28/01)

This is a log of how to get an Apache/Tomcat system that works. To also build WebDAV and SSL capabilities into apache, this log also describes the procedure for incorporating mod_dav and mod_ssl into apache.

This "how-to" is based on what I did that was successful, so it is meant as a guide for the newbie or the person who wants to get a web server up quickly. I do not claim to be an apache/web server authority. So of course skip any steps that are irrelevant for you, change anything according to what would work better for you, and feel free to send me edits of this document if you wish to. If you upgrade any package(s) used in this how_to, please feel free to let me know what was/was not compatible.

Platform: Solaris 2.7
Packages:

Good sources of information:
Books:
"Professional Apache" by Peter Wainright, Wrox Press Ltd.
Websites:

NOTE: There is a script to automate building and configuring Apache and Tomcat under Solaris and Linux. The script allows you to choose different versions of Tomcat.

Steps to install Tomcat and Apache

  1. Select or create a top level directory and do everything as root. In the procedure below, assume /usr/local.shaggy is this top-level directory. (NOTE: On the '2' LBL subnet, /usr/local is actually NFS-mounted so I use the following scheme in creating/accessing local directories:
    /usr/local.[hostname]
    So /usr/local.shaggy was used for the installation on shaggy. /opt may also be a good candidate for the top-level directory. Make a directory for all the source packages-- I did:
    # cd /usr/local.shaggy
    # mkdir src
    Then I downloaded all the needed packages to /usr/local.shaggy/src and unzipped/untarred each package with:
    # gunzip xvf [package-name].tar.gz
    # tar xvf [package-name].tar
  2. Build OpenSSL This was probably unnecessary since /usr/local/ on portnoy has an openssl-0.9.6 directory with all the needed libraries (in /usr/local/openssl-0.9.6/lib/).
    # cd /usr/local.shaggy/src/openssl-0.9.6
    # ./config -fPIC shared \
    --prefix=/usr/local.shaggy/openssl \
    --openssldir=/usr/local.shaggy/openssl-0.9.6
    # make
    # make test
    # make install
  3. Build the optional MM shared memory library
    # cd /usr/local.shaggy/src/mm-1.1.3
    # ./configure --disable-shared
    # make
  4. Configure mod_ssl
    # cd /usr/local.shaggy/src/mod_ssl-2.8.0-1.3.17
    # setenv LD_LIBRARY_PATH /usr/local.shaggy/openssl/lib:$LD_LIBRARY_PATH
    # setenv EAPI_MM ../mm-1.1.3
    # ./configure --with-apache=/usr/local.shaggy/src/apache_1.3.17
    When this step completes, you will be told "Now proceed with the following commands (Bourne-Shell syntax):", followed by a list of commands. Step VI gives the commands I used to build Apache with mod_dav (in a C shell). If you're not building Apache with mod_dav, skip step V and go directly to VI.

  5. Build mod_dav

    You can build mod_dav as either a dynamically-loadable module (i.e., built with apxs as a .so) or as a module that is statically linked into the Apache executable. I chose to go with a static module and did the following:

    # cd /usr/local.shaggy/src/mod_dav-1.0.2-1.3.6
    # ./configure --with-apache=/usr/local.shaggy/src/apache_1.3.17
    # make
    # make install
    If you look in the apache source directory's src/modules subdirectory, you should see a new subdirectory, dav/. In the dav/ subdirectory you should see libdav.a, mod_dav.c, and some other files.

  6. Build and install Apache with DSO support, mod_ssl, and mod_dav

    (Most modules are built as .so's, which you may or may not want, but you will also be building the 'apxs' tool which is needed to build dynamic modules, like mod_jserv.so for Tomcat, described later. If you don't build apache with complete DSO support as follows, the 'apxs' won't work later on.

    # cd /usr/local.shaggy/src/apache_1.3.17
    # setenv SSL_BASE /usr/local.shaggy/src/openssl-0.9.6
    # setenv EAPI_MM /usr/local.shaggy/src/mm-1.1.3
    (You probably already set the EAPI_MM variable in step IV).
    # ./configure --prefix=/usr/local.shaggy/apache_1.3.17 \
    --enable-module=so --enable-rule=SHARED_CORE \
    --enable-module=ssl --enable-shared=ssl \
    --activate-module=src/modules/dav/libdav.a

    (prefix= --activate-module is for linking in web_dav, so leave this out if you're not building with mod_dav)

    # make
    # make certificate TYPE=custom

    In this step you will be prompted for some information (to make a temporary certificate to test mod_ssl). I gave the following values:

    Step 0: Return
    Step 2:

    Country Name: US
    State or Province Name: California
    Locality Name: Berkeley
    Organization Name: LBNL
    Organizational Unit Name: DSD
    Common Name: shaggy.lbl.gov (the installation host)
    Email Address: mperry@lbl.gov (your email addr)
    Certificate Validity: 1000
    Step 3: 3
    Step 5:
    Country Name: US
    State or Province Name: California
    Locality Name: Berkeley
    Organization Name: LBNL
    Organizational Unit Name: DSD
    Email Address: mperry@lbl.gov (your email addr)
    Certificate Validity: 1001
    Step 6: 3
    Step 7: n
    Step 8: n

    (Later you'll need to get a real certificate.)

    # make install

    NOTES: If you go to the apache installation directory's lib subdirectory, you should see: autochange.so, mod_jserv.so, httpd.exp, libhttpd.ep, libhttpd.so, libhttpd.so.1, and libssl.so, and other file. In the openSSL installation there is also a libssl.so, but although these two libraries have the same name, they are not the same. If you are curious, doing 'ldd libssl.so' on the mod_ssl library produced this:
    # cd /usr/local.shaggy/apache_1.3.17/lib
    # ldd libssl.so
    libssl.so.0 => /usr/local.shaggy/src/openssl-0.9.6/libssl.so.0
    libcrypto.so.0 => /usr/local.shaggy/src/openssl-0.9.6/libcrypto.so.0
    libucb.so.1 => /usr/ucblib/libucb.so.1
    libresolv.so.2 => /lib/libresolv.so.2
    libsocket.so.1 => /lib/libsocket.so.1
    libnsl.so.1 => /lib/libnsl.so.1
    libelf.so.1 => /lib/libelf.so.1
    libdl.so.1 => /lib/libdl.so.1
    libc.so.1 => /lib/libc.so.1
    libmp.so.2 => /lib/libmp.so.2
    /usr/platform/SUNW,Ultra-2/lib/libc_psr.so.1
  7. Build Tomcat's Module for Apache (mod_jserv.so)

    While Tomcat can be used in standalone mode as a web server, this is usually not done. The recommended installation is to run Apache as the web server for static HTML files, images, applets, etc. and run Tomcat for JSPs and servlets. Since they run as two separate processes, they can actually run on different hosts. But I'm running them both on the same host. Tomcat and Apache talk to each other via TCP/IP sockets using the AJPV12 protocol.

    So, while I downloaded and installed the binary version of Tomcat, I needed to build a module for Apache that does this AJPV12 communication. The module is mod_jserv.so and I built and installed it according to the following steps.

    1. Unpack and install the Tomcat binary:
      # cd /usr/local.shaggy
      # gunzip jakarta-tomcat-3.1.1.tar.gz
      # tar xvf jakarta-tomcat-3.1.1.tar
      You should now have a jakarta-tomcat directory with the binary distribution.

    2. Unpack the Tomcat source package and build mod_jserv.so:
      # cd /usr/local.shaggy/src
      # gunzip jakarta-tomcat-3.1.1-src.tar.gz
      # tar xvf jakarta-tomcat-3.1.1-src.tar
      # cd /usr/local.shaggy/src/jakarta-tomcat-3.1.1-src/src/native/ apache/jserv
      # /usr/local.shaggy/apache_1.3.17/bin/apxs -c *.c -o mod_jserv.so
      # ld -G autochange.so mod_jserv.o jserv_wrapper_win.o \
      jserv_wrapper_unix.o jserv_wrapper.o jserv_watchdog.o \
      jserv_utils.o jserv_status.o jserv_protocols.o \
      jserv_mmap.o jserv_image.o jserv_balance.o \
      jserv_ajpv12.o jserv_ajpv11.o autochange.o \
      -o mod_jserv.so

      (I didn't get output from this step which meant things went fine. Doing an 'ls' in this directory revealed that all the specified .o and .so files were there.)

    3. Copy the jserv .so files to apache: # cp mod_jserv.so /usr/local.shaggy/apache_1.3.17/libexec # cp autochange.so /usr/local.shaggy/apache_1.3.17/libexec
  8. File System Structure for Apache and Tomcat

    I advise reading all the Tomcat and Apache docs that you have time for. To get going with an installation immediately, the following directory structure works (with the configuration described in IX). Of course, after reading the docs and working with this installation for a while, you will probably want to change things. Some assumptions:

    -- Apache will serve up static HTML files, applets, images, text files, etc.
    -- Tomcat will serve up only servlets and JSPs.
    -- Apache will accept both http and https requests; i.e., Apache will serve http requests from one directory tree and it will serve https requests from a separate directory tree.
    -- Apache will be started as 'root' but the processes that it spawns will run as a non-privileged user.
    -- Tomcat will only be run as a non-privileged user.
    So here is some of the directory structure on shaggy to give you the idea. Of course, you'll need to do 'mkdir', 'chown', 'chgrp', and 'chmod' commands as necessary.

    _________________________________________________________
    Apache directory:

    shaggy# pwd
    /usr/local.shaggy/apache_1.3.17

    shaggy# ls -Ral
    .:
    drwxr-xr-x 13 root other 512 Mar 28 14:39 .
    drwxrwxr-x 13 root cpc 512 Mar 28 10:52 ..
    drwxr-xr-x 2 nobody cpc 512 Mar 28 13:07 bin
    drwxr-xr-x 2 nobody cpc 512 Mar 27 13:18 cgi-bin
    drwxr-xr-x 7 nobody cpc 512 Mar 28 13:08 conf
    drwxrwxr-x 3 nobody cpc 1024 Mar 28 11:22 htdocs
    drwxr-xr-x 3 nobody cpc 2048 Mar 28 13:08 icons
    drwxr-xr-x 3 nobody cpc 1024 Mar 27 13:18 include
    drwxr-xr-x 2 nobody cpc 512 Mar 28 13:07 libexec
    -rw-r--r-- 1 root other 0 Mar 28 14:39 listing
    drwxr-xr-x 2 nobody cpc 512 Mar 28 13:10 logs
    drwxr-xr-x 4 nobody cpc 512 Mar 27 13:18 man
    drwxr-xr-x 2 nobody cpc 512 Mar 27 13:18 proxy
    -rwxr-xr-x 1 nobody cpc 383 Mar 28 11:29 start
    -rwxr-xr-x 1 nobody cpc 224 Mar 28 11:30 stop
    drwxr-xr-x 2 nobody cpc 512 Mar 28 13:10 var

    ./bin:
    drwxr-xr-x 2 nobody cpc 512 Mar 28 13:07 .
    drwxr-xr-x 13 root other 512 Mar 28 14:39 ..
    -rwxr-xr-x 1 root other 34316 Mar 28 13:07 ab
    -rwxr-xr-x 1 root other 7435 Mar 28 13:07 apachectl
    -rwxr-xr-x 1 root other 20859 Mar 28 13:07 apxs
    -rwxr-xr-x 1 root other 10939 Mar 28 13:07 dbmmanage
    -rwxr-xr-x 1 root other 19488 Mar 28 13:07 htdigest
    -rwxr-xr-x 1 root other 53736 Mar 28 13:07 htpasswd
    -rwxr-xr-x 1 root other 38324 Mar 28 13:07 httpd
    -rwxr-xr-x 1 root other 10432 Mar 28 13:07 logresolve
    -rwxr-xr-x 1 root other 7936 Mar 28 13:07 rotatelogs

    ./cgi-bin:
    drwxr-xr-x 2 nobody cpc 512 Mar 27 13:18 .
    drwxr-xr-x 13 root other 512 Mar 28 14:39 ..
    -rw-r--r-- 1 nobody cpc 274 Mar 27 13:18 printenv
    -rw-r--r-- 1 nobody cpc 757 Mar 27 13:18 test-cgi

    ./conf:
    drwxr-xr-x 7 nobody cpc 512 Mar 28 13:08 .
    drwxr-xr-x 13 root other 512 Mar 28 14:39 ..
    -rw-r--r-- 1 root other 348 Mar 27 13:19 access.conf
    -rw-r--r-- 1 root other 348 Mar 28 13:08 access.conf.default
    -rw-r--r-- 1 root other 47806 Mar 28 13:10 httpd.conf
    -rw-r--r-- 1 root other 44595 Mar 28 13:08 httpd.conf.default
    -rw-r--r-- 1 root other 12441 Mar 27 13:19 magic
    -rw-r--r-- 1 root other 12441 Mar 28 13:08 magic.default
    -rw-r--r-- 1 root other 11317 Mar 27 13:19 mime.types
    -rw-r--r-- 1 root other 11317 Mar 28 13:08 mime.types.default
    -rw-r--r-- 1 root other 357 Mar 27 13:19 srm.conf
    -rw-r--r-- 1 root other 357 Mar 28 13:08 srm.conf.default
    drwxr-xr-x 2 root other 512 Mar 27 13:19 ssl.crl
    drwxr-xr-x 2 root other 512 Mar 28 13:08 ssl.crt
    drwxr-xr-x 2 root other 512 Mar 27 13:19 ssl.csr
    drwx------ 2 root other 512 Mar 27 13:19 ssl.key
    drwxr-xr-x 2 root other 512 Mar 27 13:19 ssl.prm

    (Listing of ssl.* directories omitted.)

    ./htdocs:
    drwxrwxr-x 3 nobody cpc 1024 Mar 28 11:22 .
    drwxr-xr-x 13 root other 512 Mar 28 14:39 ..
    -rwxr-xr-x 1 nobody cpc 2326 Jul 2 1996 apache_pb.gif
    -rw-r--r-- 1 mperry cpc 49 Mar 28 11:22 index.html
    drwxr-xr-x 9 nobody cpc 1536 Jan 26 14:15 manual

    Listing of manual directory ommitted.)

    ./libexec:
    drwxr-xr-x 2 nobody cpc 512 Mar 28 13:07 .
    drwxr-xr-x 13 root other 512 Mar 28 14:39 ..
    -rwxr-xr-x 1 root other 156284 Mar 28 11:10 autochange.so
    -rw-r--r-- 1 root other 8285 Mar 28 13:07 httpd.exp
    -rwxr-xr-x 1 root other 32556 Mar 28 13:07 libhttpd.ep
    -rwxr-xr-x 2 root other 1695424 Mar 28 13:07 libhttpd.so
    -rwxr-xr-x 2 root other 1695424 Mar 28 13:07 libhttpd.so.1
    -rwxr-xr-x 1 root other 262808 Mar 28 13:07 libssl.so
    -rwxr-xr-x 1 root other 156304 Mar 28 11:10 mod_jserv.so

    ./logs:
    drwxr-xr-x 2 nobody cpc 512 Mar 28 13:10 .
    drwxr-xr-x 13 root other 512 Mar 28 14:39 ..
    -rw-r--r-- 1 nobody other 0 Mar 28 11:17 access_log
    -rw-r--r-- 1 nobody other 1070 Mar 28 13:10 error_log
    -rw------- 1 nobody other 0 Mar 28 13:10 httpd.mm.13782.sem
    -rw------- 1 nobody other 0 Mar 28 11:17 httpd.mm.9749.sem
    -rw-r--r-- 1 root other 6 Mar 28 13:10 httpd.pid
    -rw-r--r-- 1 root other 0 Mar 28 11:17 mod_jserv.log
    -rw-r--r-- 1 nobody other 6963 Mar 28 13:10 ssl_engine_log
    -rw------- 1 nobody other 0 Mar 28 13:10 ssl_mutex.13782
    -rw-r--r-- 1 nobody other 0 Mar 28 11:17 ssl_request_log
    -rw------- 1 nobody other 0 Mar 28 13:10 ssl_scache.dir
    -rw------- 1 nobody other 0 Mar 28 13:10 ssl_scache.pag

    (Remainder of listing omitted.)

    _______________________________________________
    Tomcat directory:

    shaggy# cd ../jakarta-tomcat
    shaggy# ls -al

    drwxrwxr-x 10 mperry cpc 512 Mar 22 14:29 .
    drwxrwxr-x 13 root cpc 512 Mar 28 10:52 ..
    -rw-rw-r-- 1 mperry cpc 2876 Feb 20 17:48 LICENSE
    drwxrwxr-x 2 mperry cpc 512 Mar 26 11:51 bin
    drwxrwxr-x 2 mperry cpc 512 Feb 20 17:48 conf
    drwxrwxr-x 4 mperry cpc 512 Feb 20 17:48 doc
    drwxrwxr-x 3 mperry cpc 512 Feb 20 17:48 lib
    drwxrwxr-x 2 mperry cpc 512 Mar 26 17:18 logs
    drwxrwxr-x 4 mperry cpc 512 Feb 20 17:48 src
    drwxrwxr-x 8 mperry cpc 512 Mar 27 15:21 webapps
    drwxrwxr-x 9 mperry cpc 512 Mar 28 11:15 work

    shaggy# cd webapps
    shaggy# ls -al

    drwxrwxr-x 8 mperry cpc 512 Mar 27 15:21 .
    drwxrwxr-x 10 mperry cpc 512 Mar 22 14:29 ..
    drwxrwxr-x 7 mperry cpc 512 Mar 22 17:17 ROOT
    -rw-rw-r-- 1 mperry cpc 441195 Feb 20 17:47 ROOT.war
    drwxrwxr-x 5 mperry cpc 512 Feb 20 17:48 admin
    -rw-rw-r-- 1 mperry cpc 6540 Feb 20 17:47 admin.war
    drwxrwxr-x 3 mperry cpc 512 Feb 28 11:44 docservlet
    drwxrwxr-x 6 mperry cpc 512 Mar 26 14:23 examples
    -rw-rw-r-- 1 mperry cpc 115282 Feb 20 17:47 examples.war
    drwxr-x--- 9 mperry cpc 512 Mar 26 17:50 htdocs
    drwxrwxr-x 8 mperry cpc 512 Feb 20 17:47 test
    -rw-rw-r-- 1 mperry cpc 87220 Feb 20 17:47 test.war

    (etc.)

    _______________________________________________________________

  9. Configure Apache and Tomcat

    The main configuration files for Tomcat are in $TOMCAT_HOME/conf: tomcat.conf, server.xml, and web.xml. At present, I'm not entirely sure of how to package and install a Tomcat "webapp", so I'm going with the default Tomcat configuration for now, with ONE EXCEPTION: In server.xml, I commented out the entry that allows Tomcat to run in "standalone mode". In other words, since Apache is the web server for everything except servlets and JSPs and Tomcat only serves servlets and JSPs, I commented out the "Connector" entry that tells Tomcat to listen on port 8080 for http requests. I left tomcat.conf and web.xml the same as in the distribution package. You can get my files from the links below.

    The configuration file for Apache is httpd.conf, in the conf/ directory of the Apache installation directory. I made so many changes to this file that I suggest just getting my copy and editing it for your own installation as needed (e.g., ServerName, Port, User, Group, DocumentRoot, etc.). My httpd.conf shows the entries for mod_dav (search for 'DAV') and it has an 'Include' entry near the bottom that includes the tomcat configuration file. The Wainright Apache book and the Apache websites cited above are excellent sources for understanding this file.

    Here are the links to my configuration files:

    tomcat.conf
    server.xml
    web.xml
    httpd.conf
  10. Running Apache and Tomcat

    Tomcat writes out a 'tomcat-apache.conf' file from its tomcat.conf file when it starts up and it is actually the tomcat-apache.conf file that gets included in Apache's httpd.conf file. So you need to start Tomcat first. Then start apache in such a way that it supports SSL. I use both the start/stop scripts given in the distribution (tweaked to set environment variables like LD_LIBRARY_PATH for Apache and TOMCAT_HOME, PATH, and CLASSPATH for Tomcat) and my own. (Links to them are below.)

    My procedure to start Apache and Tomcat is:

    To see what modules apache has been compiled with without actually running apache, as a non-root user, you can run the apache executable with the '-l' option:
    mperry> $APACHE_HOME/bin/httpd -l
    To stop the processes: My startup/shutdown files: