Monday, March 21, 2011

Fronting an Eclipse dev server with Apache and mod_jk

Last year I began to integrate Google Checkout into a project, and I needed my development server to respond to a “real” https request. I was developing with tomcat in eclipse, and I already had a production machine (co-located elsewhere) already running apache with SSL fully configured with a proper certificate for its domain, etc. I also had a VPN connection to that production machine from my internal network.

My solution was to setup a mod_jk connection from apache directly to my development machine. I configured it so all incoming traffic with url “/b/*” would be directed to my development machine, and served back out through the public server, via https, etc.

how_to_vpn_dev_mod_jk

Here’s what I did:

1) I added the mod_jk module in my httpd.conf. (Note that you may need to compile a mod_jk.so file, which is beyond the scope of this post.)

LoadModule jk_module libexec/apache22/mod_jk.so

 

2) I added configs for mod_jk in httpd.conf:

<IfModule jk_module>

# Where to find workers.properties
# Update this path to match your conf directory location (put
# workers.properties next to httpd.conf)
JkWorkersFile /websites/yourpath/etc/apache22/workers.properties

# Where to put jk shared memory
# Update this path to match your local state directory or logs directory
JkShmFile     /websites/yourpath/log/mod_jk.shm

# Where to put jk logs
# Update this path to match your logs directory location (put mod_jk.log
# next to access_log)
JkLogFile     /websites/yourpath/log/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel    info

# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

</IfModule>

## my mod_jk mounts, same for SSL section too
Include etc/apache22/mod_jk_mounts.conf

 

3) I created the worker.properties file:

# Define workers using ajp13
worker.list=worker1,worker2

# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009

# Set properties for worker2 (ajp13)
worker.worker2.type=ajp13
worker.worker2.host=10.1.0.67
worker.worker2.port=8009

 

4) I created the mod_jk_mounts.conf file:

<IfModule jk_module>

# the /a path is for the local prod tomcat
JkMount  /a/* worker1

# the /b path is dev, points to 10.1.0.67
JkMount  /b/* worker2

</IfModule>

 

5) I restarted my apache server. I loaded My website with a URL like “http://mysite.domain/b/quux” instead of “http://mysite.domain/a/quux”. Or I’ve used the dev url for testing with Google Checkout, or Twilio.

A minor caveat: If you are using cookies, and you are setting a specific domain, be mindful that the http client is connecting to your public server, and you will only receive cookies that match the domain of your public server.

I have also used this technique to aggregate backend servers during development to solve “same origin policy” problems with javascript elements. Very useful.

This has worked like a champ…  …until I began using the Google Eclipse Plugin, which uses Jetty as a server rather than Tomcat. But how I solved that is the next story…