QueueMetrics > QueueMetrics installation

Apache<->Tomcat Instead of firewalling Tomcat:8080 bind it to 127.0.0.1

(1/1)

Wessel:
Hi,
In the steps of putting Apache in front of Tomcat we use mod_jk.
However if we use the default settings on tomcat, it binds to 0.0.0.0 exposing the 8080 port for the world to exploid.

Now we can put a firewall in front of it but that;s way to brutal.
Binding Tomcat to 127.0.0.1 instead of 0.0.0.0 solves this problem elegantly.
Now apache mod_jk can reach the tomcat server and pull its pages out there as requests come in on the apache webserver.
But nobody from outside can reach the 8080 port any more.
( i know this works with unix/linux, i have no clue if Windows understands a lo interface )

Go to the follow lines in your tomcat setup:

--- Code: ---    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009"
               enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

--- End code ---

And change it into:

--- Code: ---    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" address="127.0.0.1"
               enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

--- End code ---

And the HTTP port:

--- Code: ---<Connector port="8080"  protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8443" />

--- End code ---

into

--- Code: ---<Connector port="8080" address="127.0.0.1" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8443" />

--- End code ---
PLEASE NOTE!!! Once you bind it to 127.0.0.1 you cant reach it any more from outside with your InternetExplorer! as this is the whole purpose of this excersise :-D
Use a ssh tunnel like:
ssh -L 8080:127.0.0.1:8080 <your remote host with Queuemetrics & tomcat >
now you can look at it again with http://127.0.0.1/

Now do the same with the cmd port:

--- Code: ---<Server port="8005" address="127.0.0.1" shutdown="SHUTDOWN">

--- End code ---

Then follow all the steps of the mod_jk
MAKE SURE YOUR Acces the worker also on localhost:

--- Code: ---worker.ajp13_worker.port=8009
worker.ajp13_worker.host=localhost
worker.ajp13_worker.type=ajp13

--- End code ---

Enjoy!
        Wessel

QueueMetrics:
Nice tutorial!
I'd go for a firewall anyway, just in case  :D

Navigation

[0] Message Index

Go to full version