Apache Http Server Tomcat

Apache Tomcat (called 'Tomcat' for short) is an open-source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and WebSocket technologies. Tomcat provides a 'pure Java' HTTP web server environment in which Java code can run.

Apache vs Tomcat Server

Apache Server and Tomcat Server are two of the products developed by Apache Software Foundation. Apache is a HTTP web server, while Apache Tomcat is a Servlet container environment. However, Tomcat server comes with its own HTTP server component. Apache and Tomcat are often confused to be the same server due to the similarity in their names. Although they are developed by the same organization, they are not bundled together. Usually, these two products are used together in enterprises for serving web sites.

What is Tomcat Server?

The Apache HTTP Server ('httpd') was launched in 1995 and it has been the most popular web server on the Internet since April 1996. It has celebrated its 25th birthday as a project in February 2020. The Apache HTTP Server is a project of The Apache Software Foundation. Introduction Using Apache httpd as a proxy to an Apache Tomcat application container is a common setup. It comes with many use cases, the most trivial is serving static content from httpd, while providing services implementing heavy business logic from an application written in Java that resides in the Tomcat container. Apache Tomcat server: Apache Tomcat is a web container. It allows the users to run Servlet and JAVA Server Pages that are based on the web-applications. It can be used as the HTTP server. The performance of the Tomcat server is not as good as the designated web server.

Tomcat (also known as Apache Tomcat or Jakarta Tomcat) provides a “pure java” HTTP web server environment that can be used to run Java code. It is a Servlet container developed by Apache Software Foundation, which is offered as an open source product. Sun Microsystems’s Java Servlet and JSP (Java Server Pages) specifications are implemented by Tomcat. Apache Tomcat can be configured using XML configuration files (although tools for configuration and management are included with the server). Tomcat 7.0 is the latest stable version of Tomcat, which introduced many new features over its previous version.

Apache started working on Apache 7.0 as early as January, 2009. But, it was announced stable after 2 years (in January, 2011). Tomcat 7.0.6 is the first Tomcat 7 stable release. Tomcat 7.0 was built upon the improvements introduced in the earlier version and implements Servlet 3.0 API, JSP 2.2 and EL 2.2 specifications. Improvements offered by Tomcat 7.0 are detection/prevention of memory leaks in web applications, improved security for Manager/Host Manager, CSRF (Cross-Site Request Forgery) protection, ability to include external content in applications directly and cleaned up code (including refactoring of connectors and lifecycles).

What is Apache Server?

Apache (or Apache Server) is a HTTP web server developed by Apache Software Foundation. Apache Server is said to have played a major role in the rapid expansion of the World Wide Web. It already has more than 100 million websites implemented using it. It is considered the most popular HTTP server. Currently, it serves 2/3 of all web sites in the world, including 2/3 of the million busiest web sites. Apache is a cross-platform server, which mainly supports Unix-like systems such as UNIX, FreeBSD, Linux and Solaris. It can also be run on Mac OS X and Microsoft Windows as well. Robert McCool is the original author of Apache, and its initial release was in 1995. Its current stable release is 2.2.19, which was released on 22 May, 2011. Apache is open source software written in C language and licensed under Apache license 2.0.

Apache’s core functionality is extended using a variety of features implemented as compiled modules. Apache supports Perl, Python and PHP and a variety of authentication modules including mod_access, mod_auth and mod_auth_digest. Apache web server also supports SSL (Secure Sockets Layer) and TLS (Transport Layer Security). Further, a proxy module, a rewrite engine, a logging system and a filtering system are provided by Apache. AWStats or W3Perl can be used to analyze the Apache logs. Mod_gzip is the compression method provided by Apache server. Open source intrusion detection/prevention engine, ModSecurity is also included in Apache.

What is the difference between Apache and Tomcat Server?

– Apache server is a HTTP web server, while Apache Tomcat server is primarily an application server that is used to run Java code.

– Apache is written in C, while Tomcat is written in Java.

– Apache is used for serving static content, while Tomcat is used mainly for dynamic content such as Java Servlets and JSP files.

– Typically, Apache is found to be faster than Tomcat when it comes to serving static content.

– Apache is also more configurable and robust than Tomcat.

– However, if you are serving dynamic content on your site, Tomcat is the only option out of these two servers, as Apache can only serve static content like HTML pages.

ISAPI redirector for Micrsoft IIS HowTo

Introduction

This document explains how to set up the ISAPI redirector for IIS to cooperate with Tomcat.

Normally IIS can not execute Servlets and Java Server Pages (JSPs), configuring IIS to use the ISAPI redirector plugin will let IIS send servlet and JSP requests to Tomcat (and this way, serve them to clients).

It is recommended that you also read theWorkers HowTo documentto learn how to setup the working entities between your web server and Tomcat Engines.For more detailed configuration information consult the Reference Guide forworkers.properties,uriworkermapand IIS.

Document Conventions and Assumptions

${tomcat_home} is the root directory of tomcat. Your Tomcat installation should have the following subdirectories:

${tomcat_home}conf - Where you can place various configuration files
${tomcat_home}webapps - Containing example applications
${tomcat_home}bin - Where you place web server plugins

In all the examples in this document ${tomcat_home} will be c:tomcat.A worker is defined to be a tomcat process that accepts work from the IIS server.

Supported Configuration

The IIS to Tomcat redirector is supported for:

IIS running on Windows 8.1 or later
IIS running on Windows Server 2012 or later
Tomcat 7 or later

The redirector may work with IIS running on older versions of Windows but suchconfigurations are not supported.

The mod_jk module uses the AJP protocol to send requests to the Tomcatcontainers. The AJP version used is ajp13. All current versions Tomcatsupport the ajp13 protocol. Others servlet engines such as Jetty andJBoss also support the ajp13 protocol.

How does it work ?

The ISAPI redirector is a Microsoft IIS plugin (filter + extension). IIS loadsthe redirector plugin and calls its filter function for each in-coming request.
The filter then tests the request URL against a list of URI-paths held insideuriworkermap.properties. If the current request matches one of the entries inthe list of URI-paths, the filter transfers the request to the extension.
The extension collects the request parameters and forwards them to theappropriate worker using the defined protocol like ajp13.
The extension collects the response from the worker and returns it to thebrowser.

Installation

Pre-built versions of the ISAPI redirector plugin, isapi_redirect.dll, for32-bit and 64-bit environments are available from theApache TomcatConnectors Downloads page.You can also build a copy locally from the Tomcat Connectors sourcedistribution.The ISAPI redirector requires three entities:

isapi_redirect.dll - The ISAPI redirector for Microsoft IIS plugin,either obtain a pre-built DLL or build it yourself (see the build section).
workers.properties - A file thatdescribes the host(s) and port(s) used by the workers (Tomcat processes). A sample workers.properties can be found under the conf directory.
uriworkermap.properties - Afile that maps URL-Path patterns to workers. A sample uriworkermap.properties can be found under the conf directory as well.

Apache Server Vs Tomcat Server

The installation includes the following parts:

Configuring the ISAPI redirector with a default /examples context and checkingthat you can serve servlets with IIS.
Adding more contexts to the configuration.

Configuring the ISAPI Redirector

These instructions have been written based on Windows Server 2012 R2 andtested with all supported Windows operating systems up to Windows 10 / WindowsServer 2019.

These installation instructions have been tested with a default installation ofIIS plus ISAPI Extensions and Filters on a clean, fully patched OS installationwith Tomcat 9 installed in C:Program FilesApache Software FoundationTomcat9.0. This is referred to as ${tomcat_home} for the remainder of thisdocument.

Create a directory ${tomcat_home}isapi
Allow the IIS process to create the ISAPI redirector log file. Modify the pathas necessary if the log file is to be written to a different directory. Enterthe following at a command prompt:On client operating systems with User Account Control (UAC) enabled, the commandprompt must be opened using Run as administrator for the above command tocomplete successfully.
Download the appropriate (32-bit or 64-bit) isapi_redirect.dll for youroperating system and place it in ${tomcat_home}isapi
Set the premissions for isapi_redirect.dll. On Windows Server 2019 it appears to benecessary to explicitly set the permissions for this dll. Enterthe following at a command prompt:
Create ${tomcat_home}isapiisapi_redirect.properties file to configure the ISAPIredirctor. Configuration can also be performed via registry settings - seebelow. The contents of this file should be:Be careful so that Windows does not add a .txt extension to the file.
Create ${tomcat_home}isapiworkers.properties file to configure the Tomcatinstances that requests will be passed to. For a single Tomcat instance on thelocal machine the contents of this file should be:
Create ${tomcat_home}isapiuriworkermap.properties file to configure whichrequests will be passed to Tomcat. To expose the examples web application thecontents of this file should be:
Using the IIS management console, add a new virtual directory to your IIS website. In a clean install, this will be the Default Web Site. The name ofthe virtual directory must be jakarta. Its physical path should be thedirectory where you placed isapi_redirect.dll.
Select the newly created virtual directory in the management console and thendouble-click Handler Mappings. Select the (currently disabled)ISAPI-dll entry and then click Edit Feature Permissions in theaction pane. In the dialog box that opens, select Execute so all threepermissions are selected. Click OK and ISAPI-dll should now be inthe enabled state.
Again using the IIS management console, add the ISAPI redirector as a filter toyour web site. Select your web site and then double-click ISAPI Filters.From the action pane, click Add.... For the filter name use tomcatand the executable should be the full path to isapi_redirect.dll. Onceconfigured, click OK.
Still using the IIS management console, configure the ISAPI redirector asallowed. Select your server (not the web site) and then double-click on ISAPIand CGI Restrictions. From the action pane, click Add.... Select theisapi_redirect.dll, add a descripion (e.g. tomcat) and select the Allowextension path to execute and then click OK.
Restart IIS (stop + start the IIS service).

That's all, you should now start Tomcat and ask IIS to serve you the /examplescontext. Try http://localhost/examples/for example and execute some of the Servlet or JSP examples.

If this does not work successfully, refer to the Troubleshooting section below for help on correcting the problem.

IIS logging

If the IIS access logs show entries such as /jakarta/isapi_redirect.dllrather than /examples/servlets then this can be corrected via the IISmanagement console. Select your server (not the web site) and then double-clickon Modules. In the Actions pane, clickView Ordered List..., select the IsapiFilterModule and move it upuntil it is above the HttpLoggingModule.

Registry configuration

As an alternative to using the isapi_redirector.properties file, theISAPI redirector may be configured via the registry. To do this, follow thesesteps:

Apache Http Server Vs Tomcat

In the registry, create a new registry key named'HKEY_LOCAL_MACHINESOFTWAREApache Software FoundationJakarta Isapi Redirector1.0'
Add a string value with the name extension_uri and a value of /jakarta/isapi_redirect.dll
Add a string value with the name log_file and a value pointing to where you want your log file to be (for example c:tomcatlogsisapi.log).
Add a string value with the name log_level and a value for your log level (can be debug, info, error or emerg).
Add a string value with the name worker_file and a value which is the full path to your workers.properties file (for example c:tomcatconfworkers.properties)
Add a string value with the name worker_mount_file and a value which is the full path to your uriworkermap.properties file (for example c:tomcatconfuriworkermap.properties)

64 Bit notes

In a 64 Bit environment the used IIS Application Pool should have 'Enable 32-bitApplications' set to 'False'. To check this, select Application Pools inthe IIS management console, then right-click on the pool you are using andselect Set Application Pool Defaults.... Enable 32-BitApplications may be found in the General section. If this is notconfigured correctly, the redirector will not be called and IIS will return anHTTP code 404.

You must use the 64-bit version of the ISAPI redirector on 64-bit operatingsystems. If you attempt to use the 32bit version, you will get an HTTP code 500for every request because the library is not loadable into a 64-bit IIS.

Adding additional Contexts

The examples context is useful for verifying your installation, but you will also need to add your own contexts. Adding a new context requires two operations:

Adding the context to Tomcat (I am not going to talk about this).
Adding the context to the ISAPI redirector.

Adding a context to the ISAPI redirector is simple, all you need to do is to edit your uriworkermap.properties and to add a line that looks like:

Workers and their name are defined in workers.properties, by default workers.properties comes with a single pre-configured worker named 'defworker' so you can use it. As an example, if you want to add a context named 'shop', the line that you should add to uriworkermap.properties will be:

After saving uriworkermap.properties restart IIS and it will serve the new context.

The above should be all you need for IIS to pass through to Tomcat any request for any URI which correspondsto a Tomcat context (webapp).

Advanced Context Configuration

If your webiste is very busy (more than 100 requests/second, or more than 100 simultaneous client connections),it might sometimes be desirable to have IIS serve static content (html, gif, jpeg etc.) directly, even if these files are part of a context served by Tomcat. Allowing IIS to serve such files directly may avoid the small overhead consisting of passing the request to Tomcat via the redirector, and may free up Tomcat somewhat, by using it only to process requests that only Tomcat can handle (e.g. requests to JSP pages and java servlets).

For example, consider the html and gif files in the examples context: you could serve these files directlywith IIS; there is no need to serve them from the Tomcat process.

However, you should be very careful when you implement the following configuration style, because by doing so you arein fact providing a 'back-door' to IIS, and allowing it to serve files out of a Tomcat context without Tomcat's knowledge,thus bypassing any securityrestrictions which Tomcat itself and the Tomcat context (webapp) may place on those files.

Making IIS serve static files that are part of the Tomcat contexts requires the following:

Configuring IIS to know about the Tomcat contexts
Configuring the redirector to leave the static files for IIS

Adding a Tomcat context to IIS requires the addition of a new IIS virtual directory that covers the Tomcat context. For example adding a /example IIS virtual directory that covers the c:tomcatwebappsexamples directory.

Configuring the redirector is somewhat harder, you will need to specify the exact URL-Path pattern(s) which you want Tomcat to handle (usually only JSP files and servlets). This requires a change to the uriworkermap.properties:

As you can see the second configuration is more explicit, it actually instruct the redirector to redirect only requests to resources under /examples/servlet/ and resources under /examples/ whose name ends with .jsp.

You can even be more explicit and provide lines such as:

that instructs the redirector to redirect all requests whose URL-path matches the leading string '/example/servlets/chat' to the worker named defworker.

Protecting the content of your Tomcat contexts

Once again, be aware that by allowing IIS to access the content of your Tomcat context directly, you arepotentially bypassing Tomcat's protection of that content. You should thus make sure to protect this contentat the IIS level if needed, by using the corresponding IIS management console functions.

In particular, each servlet application (context) has a special directory named WEB-INF, which contains sensitive configuration data and Java classes, and which should always be kept hidden from web users. Using the IIS management console it is possible to protect the WEB-INF directory from user access, but considering thatthis is a general requirement, and considering that it is easy to forget to implement this protectionat the IIS level, the ISAPI redirector plugin does it automatically for you, and it will reject any requestwhich contains WEB-INF in its URL path. It will also reject any request which contains META-INF in its URL path.

Advanced Worker Configuration

Sometimes you may want to serve different contexts with different Tomcat processes (for example to spread the load among different machines). To achieve such a goal you will need to define several workers and assign each context to its own worker.

Defining additional workers is done in the workers.properties file. This file includes two types of entries:

The above example defined two workers, now we can use these workers to serve two different contexts each with its own worker:

As you can see the examples context is served by worker1 while the webpages context is served by worker2.

More information on using and configuring workers in the Workers HowToand in the worker.properties configuration reference.

Building the ISAPI redirector

The redirector was developed using Microsoft Visual C++, so having Visual Studio installedis a prerequisite if you want to perform your own build.

You can build the source using the IDE GUI, or using a purecommandline build based on nmake. The IDE build currently onlysupports building 32 Bit binaries. The nmake builds are availablefor 32 Bit, 64 Bit and Itanium binaries.

The common steps for all build procedures are:

Set up your build environment for 32 Bits or 64 Bits.The IDE build only supports 32 Bits.
Download the sources as a zip file and unpack it.
Change directory to the ISAPI redirector source directory.

Set up 32 or 64 Bit build environmentsetenv /Release /X86or (not available for IDE build)setenv /Release /X64Download tomcat-connectors-xxx-src.zip fromhttps://tomcat.apache.org/download-connectors.cgiand unpack itunzip tomcat-connectors-xxx-src.zipChange directory to the ISAPI redirector source directorycd tomcat-connectors-xxx-srcnativeiis

The steps for an IDE build are then:

Start Visual Studio using 'start isapi.dsw'
During IDE startup choose 'Yes' in all conversion popups.
Next choose 'Debug' or 'Release' in the Configuration dropdown.
Finally choose 'Build Solution' in the 'Build' menu.

The resulting file isapi_redirect.dll (and the debug symbol fileisapi_redirect.pdb) is located in the 'Debug' resp. 'Release' subdirectory depending on the build Configuration chosen. As anintermediate step the build first creates a static PCRE librarynamed pcre.lib in the sub directory 'pcre/LibD' resp. 'pcre/LibR'.

Alternatively the steps for an nmake commandline build are:

Issue 'nmake -f Makefile.x86' for a 32 Bit build, or
Issue 'nmake -f Makefile.amd64' for a 64 Bit build

The resulting file isapi_redirect.dll (and the debug symbol fileisapi_redirect.pdb) is located in the 'Release_x86' or 'Release_amd64'sub directory. As an intermediate step the build first creates a staticPCRE library named pcre.lib in the sub directory 'pcre/Release_x86' or'pcre/Release_amd64'.

Troubleshooting

It is easy to have the ISAPI redirector not work the first time you try to install it.

If this happens to you, here are some steps to follow to try to correct the problem.

These steps aren't guaranteed to cover all possible problems, but they should help find the typical mistakes.

If you make any corrections during these steps, restart the IIS service as described above in the last step of the installation, then retry the step.

To enable error tracking, make sure web site activity is being logged. For PWS 4.0 make sure 'Save Web Site Activity Log' is checked in the Advanced Options of the Personal Web Manager.

Note: These steps assume your worker_mount_file setting points to an unmodified copy of the uriworkermap.properties file.
Results may be misleading if worker_mount_file points to a modified uriworkermap.propertiesor the uriworkermap.properties-auto file.
It is also assumed that the '/examples' context works correctly if you access Tomcat directly.

Win98

Start the IIS service and Tomcat.

Check for the presence of the ISAPI redirector log file you specified in the log_file setting. If not found, verify the following:

Check the 'Filter DLLs' setting in the 'HKEY_LOCAL_MACHINESystemCurrentControlSetServicesW3SVCParameters' key and make sure the path is correct.
Check the spelling of the 'HKEY_LOCAL_MACHINESOFTWAREApache Software FoundationJakarta Isapi Redirector1.0' key. Case isn't important, but an incorrect letter will prevent the isapi_redirect.dll from finding its registry settings.
Check the log_file setting for typos, name and data. Also insure the directory in which the log file will appear already exists.

Invoke the URL http://localhost/examples/in your browser. Case is important in Tomcat. The characters following 'localhost' in the URL must be lower case. If the page fails to appear, stop the IIS service (required to view the IIS log file). Then examine the last line in the IIS log file in found in SYSTEM/LogFiles/W3SVC1:

If the last line contains:

then the ISAPI redirector is not recognising that it should be handling requests for the '/examples' context. Check the following:

Check the extension_uri name for typos.
Check the worker_file setting for typos, name and data.
Check the worker_mount_file setting typos, name and data.

If the last line contains something like:

then the ISAPI redirector is recognising that it should handle the request, but is not successful at getting Tomcat to service the request.

You should check the HTTP error code following GET '/...':

Make sure you entered the URL correctly.
Make sure the virtual directory created was called 'jakarta'. It should display in Personal Web Manager as '/jakarta' (without the quotes).
Make sure the extension_uri data begins with '/jakarta/' (without the quotes).

Make sure that 'isapi_redirect.dll' follows '/jakarta/' in the extension_uri setting.
Check the workers.properties file and make sure the port setting for worker.ajp13.port is the same as the port specified in the server.xml for the 'AJP' connector.

Make sure you have checked Execute Access for the jakarta virtual directory in the Advanced Options of the Personal Web Manager.

If the above settings are correct, the index.html page should appear in your browser. You should also be able to click the links to execute some Servlet or JSP examples.

WinNT/Win2K/WinXP

Start the World Wide Web Publishing Service and Tomcat.

Check for the presence of the ISAPI redirector log file you specified in the log_file setting. If not found, check the following:

Check the 'executable' you set for the filter in the IIS Management Console and make sure the path is correct.
Check the spelling of the 'HKEY_LOCAL_MACHINESOFTWAREApache Software FoundationJakarta Isapi Redirector1.0' key.Case isn't important, but an incorrect letter will prevent the isapi_redirect.dll from finding its registry settings.
Check the log_file setting for typos, name and data. Also insure the directory in which the log file will appear already exists.

Check the tomcat filter you added and make sure its status shows a green upward-pointing arrow. If not, check the following:

Check the worker_file setting for typos, name and data.
Check the worker_mount_file setting typos, name and data.

Invoke the URL http://localhost/examples/ in your browser. Case is important in Tomcat. The characters following 'localhost' in the URL must be lower case. If the page fails to appear, examine the last line in the IIS server log file in found in SYSTEM32/LogFiles/W3SVC1.

The last line should contain something like: GET '/jakarta/isapi_redirect.dll HTTP1.1', which indicates the ISAPI redirector is recognising that it should handle the request.