IIS 6.0 & Apache Tomcat with the Jk 1.2 Connector

7 08 2009

Our company website will be undergoing a facelift, and the new site design is being done by a 3rd party in which we’ll be integrating the site with.   The new developers are mainly .NET developers, so we’ll have to convert some of our front-end web servers to IIS.  However, most of our existing back-end infrastructure is java based, which leads me to the topic of this post.  This is mainly to document the steps that I took to get our pre-production IIS servers talking to our back-end app servers that are running some tomcat and jboss instances to serve up the dynamic content of our site.

Setup:

  • IIS 6.0 (Windows Server 2003)
  • Java JRE 6 update 14
  • Tomcat 6.0.18
  • JK 1.2.28 Connector

Step 1 – Install Java

Step 2 – Configure $JAVA_HOME environment variable

  • Right-click My Computer ->Properties ->Advanced ->Environment Variables
  • New System Variable -> set JAVA_HOME to “C:\Program Files\Java\jre6″ (or path to your java install)

Step 3 – Install Tomcat

Step 4 – Set permissions on C:\tomcat directory

  • Add the following users to the NTFS security tab for this directory and ensure permissions propagate down to child directories
  • Network Service
  • IIS_WPG
  • Internet Guest Account(<machine_name>\IUSR<machine_name>)
  • Current admin user (if not already added)
  • Give them all privileges

Step 5 – Download the Jk Connector (isapi_redirect.dll) plugin

  • Download plugin here.
  • Look for the file named “isapi_redirect-1.2.28.dll” and download it to C:\tomcat\ISAPI
  • Rename “isapi_redirect-1.2.28.dll” to “isapi_redirect.dll”

Step 6 – Create the C:\tomcat\ISAPI\isapi_redirect.properties file

  • Contents of this file should contain the following:
# Configuration file for the Jakarta ISAPI Redirector
#
# The path to the ISAPI Redirector Extension, relative to the website
# This must be in a virtual directory with execute privileges
extension_uri=/jakarta/isapi_redirect.dll
#
# Full path to the log file for the ISAPI Redirector
log_file=C:\tomcat\logs\isapi_redirect.log
#
# Log level (debug, info, warn, error or trace)
log_level=info
#
# Full path to the workers.properties file
worker_file=C:\tomcat\conf\workers.properties
#
# Full path to the uriworkermap.properties file
worker_mount_file=C:\tomcat\conf\uriworkermap.properties

Step 7 – Create the C:\tomcat\conf\workers.properties file

  • Contents of this file should contain the following (for now):
# workers.properties.minimal -
#
# This file provides minimal jk configuration properties needed to
# connect to Tomcat.
#
# The workers that jk should create and work with
#
#
worker.list=wlb,jkstatus
#
#
# Defining a worker named ajp13w and of type ajp13
# Note that the name and the type do not have to match.
#
worker.ajp13w.type=ajp13
worker.ajp13w.host=localhost
worker.ajp13w.port=8009
#
#
# Defining a load balancer
#
#
worker.wlb.type=lb
worker.wlb.balance_worker=ajp13w
#
#
# Defining status worker
#
#
worker.jkstatus.type=status

Step 8 – Create the C:\tomcat\conf\uriworkermap.properties file

  • Contents of this file should contain the following (for now):
# uriworkermap.properties - IIS
#
# This file provides sample mappings for example wlb
# worker defined in workermap.properties.minimal
# The general syntax for this file is:
# [URL]=[worker name]
#
#/admin/*=wlb
#/manager/*=wlb
/examples/*=wlb
#
#/servlets-examples/*=wlb
# Optionally filger out all .jpeg files inside that context
# For no mapping the url has to start with (!)
#
#!/servlets-examples/*.jpeg=wlb
#
#
# Mount jkstatus to /jkmanager
# For production servers you will need to
# secure the access to the /jkmanager url
#
/jkmanager=jkstatus

Step 9 – Configure IIS – jakarta Virtual Directory

  • Open IIS Manager
  • Right-click on the website and create new Virtual Directory
  • Name the virtual directory “jakarta”
  • Point the path to C:\tomcat\ISAPI
  • Set the Virtual Directory permissions to Read, Run scripts, and Execute (first 3 options)

Step 10 – Configure IIS – Add ISAPI filter to the website

  • Right-click on website
  • Go to ISAPI Filters tab
  • Click Add
  • Name it “tomcat ISAPI”
  • Point the executable path to C:\tomcat\ISAPI\isapi_redirect.dll
  • Apply / OK

Step 11 – Configure IIS – Add a Web Service Extension for the tomcat connector

  • Right-click on Web Service Extensions
  • Add new Web Service extension, name it “tomcat ISAPI”
  • Point Web Service extension path to C:\tomcat\ISAPI\isapi_redirect.dll
  • Set extension status to Allowed
  • Apply / OK

Step 12 – Restart IIS

  • Start ->Run ->iisreset

Step 13 – Test tomcat connector against localhost

  • Point your browser to

http://localhost:8080/examples/servlets/servlet/HelloWorldExample

  • If you see “Hello World!” then your local tomcat instance is serving up .jsp’s via IIS

Step 14 – Replace .properties files with company specific .properties files

Troubleshooting

  • If you don’t see a green arrow after adding the isapi_redirect.dll to the wesite properties-> ISAPI filters tab, the that means IIS is not loading the module. Double check all your .properties files for syntax errors, and also check that the isapi_redirect.dll files and corresponding .properties file have the correct permission (IIS user added to security)
  • Check eventvwr
  • Check IIS logs in C:\WINDOWS\system32\LogFiles
  • Check in C:\tomcat\logs\isapi_redirect.log

Caveats

  • Check who IIS is running as (ApplicationPool->Properties->Identity)
    Add that user to security tab of isapi_redirect.dll and siapi_redirect.properties files with all permissions (and to parent folders) (for donbest this is Network Service user and IIS_WPG)… Had to do this to get IIS 6 to load the isapi_redirect.dll correctly (get the green arrow)
  • If you’re getting HTTP 500 errors, try running www service in IIS 5.0 isolation mode (Web Sites->Properties->Service->isolation mode)
  • Avoid spaces in pathnames of tomcat directories
  • Add <machine_name>/IUSR_<machine_name> to NTFS security tab for all ISAPI/* related files (this prevents authentication dialogue window when clients try to access jsp or other files via the tomcat connector)

References


Comments : Leave a Comment »
Tags: , ,
Categories : Uncategorized

Another move!

21 07 2009

After weeks of careful planning, we’ve finally completed the move of our sister company from their old location to their new location, which is the neighboring office space adjacent to our building.  The move entailed:

  • setting up a new network infrastructure for them
  • rolling out a new ESXi based Virtual Machine host
  • rebuilding a new Active Directory infrastructure
  • moving all their servers and workstations from their old domain to their new one
  • deploying new production servers (VMs) onto their new VM host
  • migrating and decommissioning some of their legacy servers
  • implementing a disaster recovery plan
  • deploying a Symantec backup exec server and Symantec anti-virus server
  • replacing their 20-year old PBX with an Avaya IP Office 412 system
  • porting all of their DIDs and toll free numbers to another carrier
  • and setting up an IVR system

All in all the move was a success and the end users were able to get right back to the swing of things by the target date.  There were some minor hiccups, but nothing we didn’t anticipate, and we were prepared with a back-up plan so as to avoid any unnecessary downtime.  Now we’re just doing some clean up work such as adjusting group policies, updating DNS records, modifying firewall rules, fixing minor user profile issues, and documenting the new setup along the way.

With this company alone I’ve gone through three big network moves (office moves, data center moves), all within a 2 year timeframe, and with each move I’ve found that there is always something new to be learned- like how to do things more efficiently.  Now it’s time to celebrate to the move’s success with good food and drinks- all on the company’s dime!


Comments : Leave a Comment »
Tags: , ,
Categories : Uncategorized


Follow

Get every new post delivered to your Inbox.