Apache2 and Tomcat9 Configuration
I'm trying to configure Apache2 (WHM managed) and Tomcat9 (not managed) on CentOS 7, to work together.
When you browse my website: example.com you are NOT taken to the DocumentRoot /home/example/example_web that I specify in post_virtualhost_global.conf, instead you are taken to public_html.
If you browse to my website using the SSL port - example.com:8443 - you are taken to /home/example/example_web, but the SSL certificate doesn't work.
I include the files involved below.
I appreciate any help I can get on this.
tomcat9 server.xml:
httpd.conf:
post_virtualhost_global.conf:
workers.properties (I don't think this is working because the stdout and stderr aren't created):
www.example.com
httpd.conf:
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# DO NOT EDIT. AUTOMATICALLY GENERATED. USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# Direct modifications to the Apache configuration file WILL be lost upon subsequent
# regeneration of this configuration file, or an Apache update.
#
# To have your modifications retained, you should create/edit administrator-specific
# include files:
#
# /etc/apache2/conf.d/includes/pre_main_global.conf
# /etc/apache2/conf.d/includes/pre_virtualhost_global.conf
# /etc/apache2/conf.d/includes/post_virtualhost_global.conf
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
##################################################
##################################################
#
# cPanel & WHM controlled Apache configuration
#
##################################################
##################################################
Include "/etc/apache2/conf.modules.d/*.conf"
# Administrator locations for safely altering httpd.conf
Include "/etc/apache2/conf.d/includes/pre_main_global.conf"
# These are hard-coded values that are required by cPanel & WHM
PidFile /run/apache2/httpd.pid
User nobody
Group nobody
ExtendedStatus On
LogLevel warn
# You can change this by using WHM, and navigating to the 'Basic WebHost Manager"" Setup' -> 'Contact Information' interface.
ServerAdmin bobc@example.com
# You can change this by using WHM, and navigating to the 'Networking Setup' => 'Change Hostname' interface.
ServerName dev.example.com
# You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'Global Configuration' interface.
TraceEnable Off
ServerSignature Off
ServerTokens ProductOnly
FileETag None
AllowOverride All
Options ExecCGI FollowSymLinks IncludesNOEXEC Indexes
StartServers 5
MinSpareServers 5
MaxSpareServers 10
ServerLimit 256
MaxRequestWorkers 150
MaxConnectionsPerChild 10000
KeepAlive On
KeepAliveTimeout 5
MaxKeepAliveRequests 100
Timeout 300
# Global DCV Exclude - Rewrites
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/\.well-known/pki-validation/(?:\ Ballot169)? [OR]
RewriteCond %{REQUEST_URI} ^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$ [OR]
RewriteCond %{REQUEST_URI} ^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Sectigo\ DCV)?$
# Exclude proxy subdomains as we need rewrites to capture the DCV requests
RewriteCond %{HTTP_HOST} !^(?:autoconfig|autodiscover|cpanel|cpcalendars|cpcontacts|webdisk|webmail|whm)\.
RewriteRule ^ - [END]
# Global DCV Exclude - Location
Satisfy Any
Order Allow,Deny
Allow from all
# You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'DirectoryIndex Priority' interface.
DirectoryIndex index.php index.php5 index.php4 index.php3 index.perl index.pl index.plx index.ppl index.cgi index.jsp index.jp index.phtml index.shtml index.xhtml index.html index.htm index.wml Default.html Default.htm default.html default.htm home.html home.htm index.js
# You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'Memory Usage Restrictions' interface.
# This setting is required by cPanel & WHM in order to provide access to a default webpage when none exists
Options All
AllowOverride None
Require all granted
# Required cPanel security policy: Disallow remote access to .htaccess, .htpasswd, .user.ini, and php.ini files
Require all denied
# PHP error_log protection
Require all denied
ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?kpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?securecontrolpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
ScriptAliasMatch ^/?securecpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
ScriptAliasMatch ^/?securewhm/?$ /usr/local/cpanel/cgi-sys/swhmredirect.cgi
ScriptAliasMatch ^/?webmail$ /usr/local/cpanel/cgi-sys/wredirect.cgi
ScriptAliasMatch ^/?webmail/ /usr/local/cpanel/cgi-sys/wredirect.cgi
ScriptAliasMatch ^/?whm/?$ /usr/local/cpanel/cgi-sys/whmredirect.cgi
Alias /bandwidth /usr/local/bandmin/htdocs/
Alias /img-sys /usr/local/cpanel/img-sys/
Alias /java-sys /usr/local/cpanel/java-sys/
Alias /mailman/archives /usr/local/cpanel/3rdparty/mailman/archives/public/
Alias /pipermail /usr/local/cpanel/3rdparty/mailman/archives/public/
Alias /sys_cpanel /usr/local/cpanel/sys_cpanel/
ScriptAlias /cgi-sys /usr/local/cpanel/cgi-sys/
ScriptAlias /mailman /usr/local/cpanel/3rdparty/mailman/cgi-bin/
# This can be configured in the cPanel 'Leech Protection' interface.
RewriteEngine on
RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect
Mutex file:/run/apache2 rewrite-map
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddType application/x-tar .tgz
AddType text/vnd.wap.wml .wml
AddType image/vnd.wap.wbmp .wbmp
AddType text/vnd.wap.wmlscript .wmls
AddType application/vnd.wap.wmlc .wmlc
AddType application/vnd.wap.wmlscriptc .wmlsc
# These extensions are used to redirect incoming requests to WHM
AddHandler cgi-script .cgi .pl .plx .ppl .perl
# This is used for custom error documents
AddHandler server-parsed .shtml
# You can change this by using WHM, and updating the 'Tweak Settings' -> 'System' -> 'Allow server-info' option.
# This is used by the WHM 'Apache Status' application
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1 ::1
SecRuleEngine Off
# Required cPanel security policy: disable userdir when mod_ruid2 or mpm_itk or mod_passenger are loaded
UserDir public_html
UserDir disabled
UserDir disabled
UserDir disabled
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
LogFormat "%v %{%s}t %I .\n%v %{%s}t %O ." bytesvhost
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog "|/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=dev.example.com --suffix=-bytes_log" bytesvhost
CustomLog "|/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=dev.example.com --mainout=/etc/apache2/logs/access_log" combinedvhost
# The Listen port can be updated using 'Tweak Settings' -> 'System',
# However, if you have any Apache Reserved IPs, then this Tweak setting will
# be ignored. Instead, each IP on your system (excluding Apache Reserved IPs)
# will be listed here.
Listen 0.0.0.0:80
# cipher and protocol directives can be set in WHM under 'Apache Configuration' -> 'Global Configuration'
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLProtocol TLSv1.2
SSLPassPhraseDialog builtin
SSLUseStapling on
SSLStaplingCache shmcb:/run/apache2/stapling_cache_shmcb(256000)
# Prevent browsers from failing if an OCSP server is temporarily broken.
SSLStaplingReturnResponderErrors off
SSLStaplingErrorCacheTimeout 60
SSLStaplingFakeTryLater off
SSLStaplingResponderTimeout 3
SSLSessionCache shmcb:/run/apache2/ssl_gcache_data_shmcb(1024000)
SSLSessionCache dbm:/run/apache2/ssl_gcache_data_dbm
SSLSessionCacheTimeout 300
Mutex file:/run/apache2 ssl-cache
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
# The Listen port can be updated using 'Tweak Settings' -> 'System',
# However, if you have any Apache Reserved IPs, then this Tweak setting will
# be ignored. Instead, each IP on your system (excluding Apache Reserved IPs)
# will be listed here.
Listen 0.0.0.0:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
Include "/etc/apache2/conf.d/*.conf"
Include "/etc/apache2/conf.d/includes/account_suspensions.conf"
Include "/etc/apache2/conf.d/includes/errordocument.conf"
# Administrator locations for safely globally altering all virtualhost configurations
Include "/etc/apache2/conf.d/includes/pre_virtualhost_global.conf"
ProxyPass /___proxy_subdomain_ws_cpanel ws://127.0.0.1:2082 max=1 retry=0
ProxyPass /___proxy_subdomain_ws_whm ws://127.0.0.1:2086 max=1 retry=0
ProxyPass /___proxy_subdomain_ws_webmail ws://127.0.0.1:2095 max=1 retry=0
##################################################
##################################################
#
# Define default vhosts for shared IPs
#
##################################################
##################################################
ServerName dev.example.com
DocumentRoot /var/www/html
ServerAdmin bobc@example.com
# Global DCV Rewrite Exclude
RewriteOptions Inherit
AllowOverride All
suPHP_UserGroup nobody nobody
ServerName dev.example.com
DocumentRoot /var/www/html
ServerAdmin bobc@example.com
# Global DCV Rewrite Exclude
RewriteOptions Inherit
AllowOverride All
suPHP_UserGroup nobody nobody
##################################################
##################################################
#
# Define default vhosts for unbound IPs
#
##################################################
##################################################
ServerName dev.example.com
DocumentRoot /var/www/html
ServerAdmin bobc@example.com
# Global DCV Rewrite Exclude
RewriteOptions Inherit
AllowOverride All
suPHP_UserGroup nobody nobody
##################################################
##################################################
#
# Define the virtual host configurtion for user domains
#
##################################################
##################################################
# BEGIN: HTTP vhosts list
ServerName example.com
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/\.well-known/(pki-validation|cpanel-dcv)/
RewriteRule ^ - [END]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
ServerAlias mail.example.com mail.tanglemydata.com mail.tanglemydata.dev tanglemydata.com tanglemydata.dev www.example.com www.tanglemydata.com www.tanglemydata.dev
DocumentRoot /home/example/public_html
ServerAdmin webmaster@example.com
UseCanonicalName Off
## User example # Needed for Cpanel::ApacheConf
UserDir disabled
UserDir enabled example
# Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
# To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
# the user's .htaccess file. For more information, please read:
# http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
SSILegacyExprParser On
suPHP_UserGroup example example
SuexecUserGroup example example
RMode config
RUidGid example example
# For more information on MPM ITK, please read:
# http://mpm-itk.sesse.net/
AssignUserID example example
PassengerUser example
PassengerGroup example
ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
# Global DCV Rewrite Exclude
RewriteOptions Inherit
# To customize this VirtualHost use an include file at the following location
# Include "/etc/apache2/conf.d/userdata/std/2_4/example/example.com/*.conf"
# END: HTTP vhosts list
# BEGIN: HTTPS vhosts list
ServerName example.com
ServerAlias mail.example.com mail.tanglemydata.com mail.tanglemydata.dev tanglemydata.com tanglemydata.dev www.example.com www.tanglemydata.com www.tanglemydata.dev webdisk.example.com webmail.example.com cpanel.example.com
DocumentRoot /home/example/public_html
ServerAdmin webmaster@example.com
UseCanonicalName Off
## User example # Needed for Cpanel::ApacheConf
UserDir disabled
UserDir enabled example
# Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
# To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
# the user's .htaccess file. For more information, please read:
# http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
SSILegacyExprParser On
SecRuleEngine Off
suPHP_UserGroup example example
SuexecUserGroup example example
RMode config
RUidGid example example
# For more information on MPM ITK, please read:
# http://mpm-itk.sesse.net/
AssignUserID example example
PassengerUser example
PassengerGroup example
ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
SSLEngine on
SSLCertificateFile /var/cpanel/ssl/apache_tls/example.com/combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLOptions +StdEnvVars
# To customize this VirtualHost use an include file at the following location
# Include "/etc/apache2/conf.d/userdata/ssl/2_4/example/example.com/*.conf"
RequestHeader set X-HTTPS 1
RewriteEngine On
RewriteCond %{HTTP_HOST} =cpanel.example.com [OR]
RewriteCond %{HTTP_HOST} =cpanel.example.com:443
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
RewriteCond %{HTTP_HOST} =webdisk.example.com [OR]
RewriteCond %{HTTP_HOST} =webdisk.example.com:443
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
RewriteCond %{HTTP_HOST} =webmail.example.com [OR]
RewriteCond %{HTTP_HOST} =webmail.example.com:443
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteCond %{HTTP_HOST} =cpanel.example.com [OR]
RewriteCond %{HTTP_HOST} =cpanel.example.com:443
RewriteRule ^/(.*) /___proxy_subdomain_ws_cpanel/$1 [PT]
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteCond %{HTTP_HOST} =webmail.example.com [OR]
RewriteCond %{HTTP_HOST} =webmail.example.com:443
RewriteRule ^/(.*) /___proxy_subdomain_ws_webmail/$1 [PT]
# END: HTTPS vhosts list
##################################################
##################################################
#
# Define the main cPanel & WHM proxy subdomains
#
##################################################
##################################################
# CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS
ServerName proxy-subdomains-vhost.localhost
ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.*
DocumentRoot /var/www/html
ServerAdmin bobc@example.com
suPHP_UserGroup nobody nobody
SecRuleEngine Off
AllowOverride All
ScriptAlias /.cpanel/dcv /usr/local/cpanel/cgi-priv/get_local.cgi
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/\.well-known/pki-validation/(?:\ Ballot169)? [OR]
RewriteCond %{REQUEST_URI} ^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$ [OR]
RewriteCond %{REQUEST_URI} ^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Sectigo\ DCV)?$
RewriteRule ^ /.cpanel/dcv [passthrough]
RewriteCond %{HTTP_HOST} !^dev.example.com$
RewriteCond %{HTTP_HOST} ^cpanel\.
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
RewriteCond %{HTTP_HOST} !^dev.example.com$
RewriteCond %{HTTP_HOST} ^webmail\.
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
RewriteCond %{HTTP_HOST} !^dev.example.com$
RewriteCond %{HTTP_HOST} ^whm\.
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_whm/$1 [PT]
ProxyPass "/___proxy_subdomain_whm" "http://127.0.0.1:2086" max=1 retry=0
RewriteCond %{HTTP_HOST} !^dev.example.com$
RewriteCond %{HTTP_HOST} ^webdisk\.
RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
RewriteCond %{HTTP_HOST} !^dev.example.com$
RewriteCond %{HTTP_HOST} ^cpcalendars\.
RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
RewriteCond %{HTTP_HOST} !^dev.example.com$
RewriteCond %{HTTP_HOST} ^cpcontacts\.
RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
RewriteCond %{HTTP_HOST} ^cpanel\.
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_ws_cpanel/$1 [PT]
RewriteCond %{HTTP_HOST} ^webmail\.
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_ws_webmail/$1 [PT]
RewriteCond %{HTTP_HOST} ^whm\.
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_ws_whm/$1 [PT]
UseCanonicalName Off
SecRuleEngine On
# CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS
ServerName dev.example.com
ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.*
DocumentRoot /var/www/html
ServerAdmin bobc@example.com
suPHP_UserGroup nobody nobody
SecRuleEngine Off
AllowOverride All
RewriteEngine On
SSLEngine on
SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem
SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem
SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem
RequestHeader set X-HTTPS 1
RewriteCond %{HTTP_HOST} !^dev.example.com$
RewriteCond %{HTTP_HOST} ^cpanel\.
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
RewriteCond %{HTTP_HOST} !^dev.example.com$
RewriteCond %{HTTP_HOST} ^webmail\.
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
RewriteCond %{HTTP_HOST} !^dev.example.com$
RewriteCond %{HTTP_HOST} ^whm\.
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_whm/$1 [PT]
ProxyPass "/___proxy_subdomain_whm" "http://127.0.0.1:2086" max=1 retry=0
RewriteCond %{HTTP_HOST} !^dev.example.com$
RewriteCond %{HTTP_HOST} ^webdisk\.
RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
RewriteCond %{HTTP_HOST} !^dev.example.com$
RewriteCond %{HTTP_HOST} ^cpcontacts\.
RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
RewriteCond %{HTTP_HOST} !^dev.example.com$
RewriteCond %{HTTP_HOST} ^cpcalendars\.
RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
RewriteCond %{HTTP_HOST} ^cpanel\.
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_ws_cpanel/$1 [PT]
RewriteCond %{HTTP_HOST} ^webmail\.
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_ws_webmail/$1 [PT]
RewriteCond %{HTTP_HOST} ^whm\.
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_ws_whm/$1 [PT]
UseCanonicalName Off
SecRuleEngine On
# Administrator locations for safely altering virtualhost configuration
Include "/etc/apache2/conf.d/includes/post_virtualhost_global.conf"
##################################################
##################################################
#
# Define the Domain Forwarding virtual hosts
#
##################################################
##################################################
# Domain forwarding is currently disabled.
# You can set this by logging into WHM, and navigating to the 'DNS Functions' => 'Setup/Edit Domain Forwarding' interface.
##################################################
##################################################
#
# Default SSL Hostname Virtual Host
#
##################################################
##################################################
ServerName dev.example.com
DocumentRoot /var/www/html
ServerAdmin bobc@example.com
suPHP_UserGroup nobody nobody
AllowOverride All
SSLEngine on
SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem
SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem
SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem
UseCanonicalName Off
SecRuleEngine On
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# DO NOT EDIT. AUTOMATICALLY GENERATED. USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
post_virtualhost_global.conf:
ServerName example.com
ServerAlias example.com
ServerAdmin bobc@example.com
DocumentRoot "/home/example/example_web"
AllowOverride All
Allow from all
SSLEngine on
SSLCertificateFile /home/example/mycerts/237494542.crt
SSLCertificateKeyFile /home/example/mycerts/237494542_private_key.txt
SSLCertificateChainFile /home/example/mycerts/237494542.ca-bundle
UseCanonicalName Off
SecRuleEngine On
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
workers.properties (I don't think this is working because the stdout and stderr aren't created):
# workers.properties
#
workers.tomcat_home=/usr/local/tomcat/default
workers.java_home=/usr/java/default
ps=/
worker.list=ajp13, example
#worker.list=ajp13
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13
worker.ajp13.lbfactor=1
worker.inprocess.type=jni
worker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)tomcat.jar
worker.inprocess.cmd_line=start
worker.inprocess.stdout=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stdout
worker.inprocess.stderr=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stderr
worker.example.port=8443
-
I'm the OP, with log info that I forgot to post. Apache2 error_log is showing proxy issues (below). It's complaining about missing LoadModules, but I had tried adding four modules to post_virtualhost_global.conf, but Apache2 reported that all of them were already loaded, so I took them out. Apache2 error_log: [Tue Jun 04 02:09:25.428602 2019] [proxy:warn] [pid 28110] [client 24.xx.xx.85:53691] AH01144: No protocol handler was valid for the URL / (scheme 'ajp'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. [Tue Jun 04 02:09:25.428702 2019] [proxy:warn] [pid 28110] [client 24.xx.xx.85:53691] AH01144: No protocol handler was valid for the URL /500.shtml (scheme 'ajp'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. [Tue Jun 04 02:09:25.733311 2019] [proxy:warn] [pid 28112] [client 24.xx.xx.85:53693] AH01144: No protocol handler was valid for the URL /favicon.ico (scheme 'ajp'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. [Tue Jun 04 02:09:25.733418 2019] [proxy:warn] [pid 28112] [client 24.xx.xx.85:53693] AH01144: No protocol handler was valid for the URL /500.shtml (scheme 'ajp'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.0 -
Hello @bobc02, EasyApache 4 only supports Tomcat version 8.5 at this time. We document Tomcat installation steps and usage notes on the link below: Tomcat - EasyApache 4 - cPanel Documentation As I understand, you're attempting to manually install Tomcat version 9. This is an unsupported workaround and is not recommended due to the potential for errors and functionality issues. Can you share some information about the specific features or changes in Tomcat 9 that are leading you to attempt a manual installation? Thank you. 0 -
Hello Bob, Thanks for sharing the additional information! I have been using standard Apache2 and Tomcat9 docs for my info, thinking, for example that ports 8005 and 8009 are used. But the doc references the port_authority json file, which is empty:
[root@dev ~]# ls -al /etc/cpanel/cpuser_port_authority.json -rw-r----- 1 root root 0 May 22 22:50 /etc/cpanel/cpuser_port_authority.json
Is that json file empty by mistake? Or, is there something I must do in WHM EasyApache 4 to populate it. Create a profile?
The Port Authority script included with cPanel & WHM allows you (as root) to assign one or more 5-digit port numbers for a user's exclusive use: The cpuser_port_authority script - Version 80 Documentation - cPanel Documentation This lets cPanel users make use of an specific port number when configuring their application, without concern that another cPanel user is already using the same port number. Thank you.0 -
I'm the OP. I have finished the Apache2 and Tomcat9 configuration, and wanted to share my experience for others. It, basically, came down to studying the generated httpd.conf file, for the Include file hooks, uncommenting the appropriate one(s), adding the include file(s) at the specified path(s), and adding an AJP connector to Tomcat's server.xml. connector. For the Include file hooks, look in the generated httpd.conf. Find the VirtualHost directive that applies to your situation, and locate the "Include /etc/apache2/conf.d/..." line. In SSH, do a mkdir to that Include file path, and set the ownership and permissions appropriately. If the Include lines are commented (# Include /etc/apache2/conf.d/...) you'll need to go into WHM EasyApache 4, and select a profile, to get them uncommented - at least I think you do it this way; I took a different path. Down the Include file path, I added a file named custom_include.conf, this is its contents: LoadModule proxy_ajp_module /usr/lib64/httpd/modules/mod_proxy_ajp.so SecRuleEngine On SecStatusEngine On ProxyPass "/" "ajp://127.0.0.1:8009/"
Updating Tomcat's server.xml, involved adding some connectors. My server.xml, may not be exactly what other's need. I force all website traffic through HTTPS, so I've added an elaborate 8443 connector. The AJP connector is required, though, because, as you see in custom_include.conf, the Apache proxy redirects to Tomcat's AJP connector. Here are all my Tomcat connectors:
The docs that cPanelMichael posted earlier in this topic, are the basis for the changes I made. I hope this helps. Bob0 -
Hello Bob, Thanks for sharing! 0
Please sign in to leave a comment.
Comments
6 comments