Install & Configure Apache

If you are upgrading, you do not need to upgrade your Apache installation. However, if you have upgraded your version of Tomcat, you will need to verify that the paths in your extraview.conf and httpd.conf files match the current paths to Tomcat - see the section "Configure Apache" below for instructions.

 

If you are upgrading, ExtraView now supports compressed javascript files. There is a configuration change needed to your Apache setup in order to take advantage of this - please see the section entitled Configuring Apache to Use JavaScript Compression at the bottom of this page.

Installation of Apache

The following steps will install Apache into the directory $BASE/httpd-2.2.21.

cd $INSTALL
gunzip httpd-2.2.21.tar.gz
tar xvf httpd-2.2.21.tar
cd httpd-2.2.21
./configure --prefix=$BASE/httpd-2.2.21 --enable-mods-shared=most --enable-ssl=shared
make
make install

The Apache web server is now installed in the directory $BASE/httpd-2.2.21. You can su to root and start/stop the apache server using the following commands:

$BASE/httpd-2.2.21/bin/apachectl start
$BASE/httpd-2.2.21/bin/apachectl stop

If you enter the URL of the server into a browser, for example http://server.domain.com, you should get the Apache test page.

Compile the Tomcat Connector

For Linux

cd $INSTALL
gunzip tomcat-connectors-1.2.32-src.tar.gz
tar xvf tomcat-connectors-1.2.32-src.tar
cd tomcat-connectors-1.2.32-src
cd native
./configure --with-apxs=$BASE/httpd-2.2.21/bin/apxs
make
make install

mod_jk.so will be installed in $BASE/httpd-2.2.21/modules

For Solaris

cd $INSTALL
gunzip tomcat-connectors-1.2.32-src.tar.gz
tar xvf tomcat-connectors-1.2.32-src.tar
cd tomcat-connectors-1.2.32-src
cd native
./configure --enable-netscape
cd netscape
make -f Makefile.solaris

copy the mod_jk.so file to $BASE/httpd-2.2.21/modules

Configure Apache

cd $INSTALL
cp workers.properties $BASE/httpd_2.2.21/conf

Edit the Apache configuration file httpd.conf

vi $BASE/httpd-2.2.21/conf/httpd.conf
old line --> #ServerName new.host.name:80
new line --> ServerName extraview.yourcompany.com

Remember to use the URL of your server

old line --> ServerAdmin you@your.address
new line --> ServerAdmin serveradmin@yourcompany.com

Remember to use the email address of your administrator.

At the end of the file add the following line:

Include conf/extraview.conf

Save and exit httpd.conf

Copy the extraview.conf file:

cp $INSTALL/extraview.conf $BASE/httpd-2.2.21/conf

Edit the extraview.conf file and set the correct paths:

ServerName extraview.yourcompany.com
ServerAdmin serveradmin@yourcompany.com
DocumentRoot /usr/local/extraview/apache-tomcat-7.0.22/webapps/evj/
<Directory /usr/local/extraview/apache-tomcat-7.0.22/webapps/evj>
Options Indexes FollowSymLinks
</Directory>
Alias /evj/ "/usr/local/extraview/apache-tomcat-7.0.22/webapps/evj/"
JkWorkersFile /usr/local/extraview/httpd-2.2.21/conf/workers.properties

Locate the line at the bottom of the extraview.conf file that refers to mod_jk.so and make any needed changes to match your mod_jk file
that you either compiled or downloaded:

LoadModule jk_module modules/mod_jk-apache-2.2.4.so

Configuring Apache with SSL

Note: If you are planning to use apache with SSL, you must complete some additional configuration steps.

You must have openssl installed on your machine, version openssl-0.9.6g or higher. This can be downloaded from http://www.openssl.org/. If you have openssl installed on the machine, you can check the version:

openssl version

To create a test certificate, follow the instructions below (http://www.apache-ssl.org/#FAQ).

  • Create the key and request. To create a test certificate, follow the instructions below (http://www.apache-ssl.org/#FAQ). Create the key and request. This creates a certificate signing request and a private key. When asked for "Common Name (i.e. your websites domain name)", give the exact domain name of your web server (e.g. www.my-server.dom). The certificate belongs to this server name and browsers complain if the name doesn’t match.

    openssl req -new > new.cert.csr

  • Remove the passphrase from the key (optional). This removes the passphrase from the private key. You MUST understand what this means; server.key should be only readable by the apache server and the administrator. You should delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.

    openssl rsa -in privkey.pem -out new.cert.key

  • Convert request into signed certificate. This creates a self-signed certificate that you can use until you get a "real" one from a certificate authority. (Which is optional; if you know your users, you can tell them to install the certificate into their browsers). Note that this certificate expires after one year; you can increase -days 365 if you don't want this.

    openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365

After creating your test certificate, you must place the server.crt and server.key files where Apache can find them. This is configured in the folder /usr/local/extraview/httpd-2.2.21/conf/certs.

mkdir $BASE/httpd-2.2.21/conf/certs
mv new.cert.cert $BASE/httpd-2.2.21/conf/certs
mv new.cert.key $BASE/httpd-2.2.21/conf/certs

Edit the $BASE/httpd-2.2.21/conf/httpd.conf file to enable ssl as follows:

Find the line: # Secure (SSL/TLS) connections and uncomment the line below it:

include conf/extra/httpd-ssl.conf

Edit the $BASE/httpd-2.2.21/conf/extra/httpd-ssl.conf file as follows:

Find the line #SSLCertificateFile

Uncomment it and enter the correct path: /usr/local/extraview/httpd-2.2.21/conf/certs/new.cert.cert

Find the line #SSLCertificateKeyFile

Uncomment it and enter the correct path: /usr/local/extraview/httpd-2.2.21/conf/certs/new.cert.key

You can su to root and start/stop the apache ssl server using the following commands:

$BASE/httpd-2.2.21/bin/apachectl start
$BASE/httpd_2.2.21/bin/apachectl stop

If you enter the URL of server into a browser using the https protocol, for example https://server.domain.com, you should get the Apache test page.

Now edit the conf file to set up SSL.

vi $BASE/httpd-2.2.21/conf/extra/httpd-ssl.conf

Search for the beginning of the , near line 74, and then scroll down a few lines until you see

DocumentRoot "/usr/local/extraview/httpd-2.2.21/htdocs"
ServerName www.example.com:443
ServerAdmin you@example.com

Comment these lines out.

At the bottom of the file, just above the line , paste in the following lines:

ServerName extraview.yourcompany.com
ServerAdmin you@example.com
DocumentRoot /usr/local/extraview/apache-tomcat-7.0.22/webapps/evj/
<Directory /usr/local/extraview/apache-tomcat-7.0.22/webapps/evj>
        Options Indexes FollowSymLinks
        Order allow,deny
        Allow from all
</Directory>
<Location "/evj/WEB-INF/">
Order deny,allow
deny from all
</Location>
 
Alias /evj/ "/usr/local/extraview/apache-tomcat-7.0.22/webapps/evj/"
 
JkMount /evj/ExtraView/*    tomcat1
JkMount /evj/ExtraView    tomcat1
JkMount /evj/IsItEvj    tomcat1
JkMount /evj/ConnectionPoolMon    tomcat1
JkMount /evj/images/CompanyLogo.gif    tomcat1

Edit these lines to reflect the correct ServerName, ServerAdmin and correct directory paths for DocumentRoot, Directory and Alias lines.

If you wish, you can edit the log paths:

ErrorLog "/usr/local/extraview/httpd-2.2.21/logs/error_log"
TransferLog "/usr/local/extraview/httpd-2.2.21/logs/access_log"
CustomLog "/usr/local/extraview/httpd-2.2.21/logs/ssl_request_log"
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Advanced Apache Configuration Options

Internet Explorer Patch

Internet Explorer users of ExtraView will benefit from the following configuration. This greatly improves performance for these users. Find the section:

#BrowserMatch ".*MSIE.*"
# nokeepalive ssl-unclean-shutdown
# downgrade-1.0 force-response-1.0

and replace with the following:

BrowserMatch ".*MSIE [1-5].*"
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
BrowserMatch ".*MSIE [6-9].*"
ssl-unclean-shutdown

Configuring Apache to Use JavaScript Compression

ExtraView ships with its JavaScript files in both a compressed and a non-compressed format. There may be a considerable speed advantage to using the compressed JavaScript files, especially if your users do not have access to a high bandwidth network. To enable the delivery of compressed JavaScript to your user's computers, set these directived in your httpd.conf file:

<FilesMatch ".js.gz$">
  ForceType text/javascript
  Header set Content-Encoding: gzip
</FilesMatch>
<FilesMatch ".js$">
  RewriteEngine On
  RewriteCond %{HTTP_USER_AGENT} !".*Safari.*"
  RewriteCond %{HTTP:Accept-Encoding} gzip
  RewriteCond %{REQUEST_FILENAME}.gz -f
  RewriteRule (.*).js$ $1.js.gz [L]
  ForceType text/javascript
</FilesMatch>

Now, find the following line in your httpd.conf file:

#LoadModule rewrite_module modules/mod_rewrite.so

Remove the comment character (#) at the beginning of the line.

Lastly, look for the line:

#LoadModule headers_module modules/mod_headers.so

and remove the comment character (#) from the beginning of the line.

The Apache server must be restarted after these changes.

Securing Apache

The extraview.conf delivered with ExtraView contains a section that restricts access to the folders on the filesystem of the server that contain the ExtraView application.

<Location "/evj/WEB-INF/">
Order deny,allow
deny from all
</Location>

This default setting is predefined to work when configured to use a URL that looks like http://yourserver.yourdomain.com/evj/ExtraView to access ExtraView. If you have additional or different Apache configurations that perform redirection, URL rewriting or URL forwarding, it is important to test for a secure system to ensure that users do not have the ability to get a directory listing of the evj/WEB-INF folder or folders and the files they contain, as these files may contain sensitive information. Consult Apache documentation for additional details.