Apache2 configuration

From OpenNMS

Contents

Using AJP

AJP configuration is simpler, and gives nice easy control over what is served up, and how. This is the recommended configuration.

Enabling AJP in Tomcat

Tomcat comes pre-configured with AJP enabled, so if you are using OpenNMS with Tomcat, you don't need to do anything special to enable AJP.

Your tomcat server.xml should contain an entry like this: 

     <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

Enabling AJP in OpenNMS Jetty

As of OpenNMS 1.3.10, the Jetty included in OpenNMS has AJP support. To enable AJP in the OpenNMS Jetty, uncomment the relevant line in $OPENNMS_HOME/etc/opennms.properties: 

 # If you want Jetty with AJP support, this is the port to listen on
 org.opennms.netmgt.jetty.ajp-port = 8981

Configure mod_jk for AJP

Configure and install mod_jk according to it's documentation, including setting up your workers.properties to point to your AJP instance.

Configure workers.properties 

 # workers.properties must be configured to have ajp13 pointing at the correct host and port
 
 # Tomcat AJP
 worker.ajp13.port=8009
 worker.ajp13.host=localhost
 worker.ajp13.type=ajp13
 
 # or, OpenNMS AJP
 worker.ajp13.port=8981
 worker.ajp13.host=localhost
 worker.ajp13.type=ajp13

Configure httpd.conf

Next, add Jk* directives to your httpd.conf or a relevant VirtualHosts entry. You can JkUnmount the images directory and alias it to avoid passing through image requests to the servlet engine and let Apache serve them directly.

For demo.opennms.org, we use the following configuration: 

 LoadModule jk_module /usr/lib/httpd/modules/mod_jk.so
 JkWorkersFile /etc/http/conf/workers.properties
 
 <VirtualHost 66.45.100.27:80>
         ServerName demo.opennms.org
         DocumentRoot /var/www/somelocation
         ServerAdmin webmaster@opennms.org
         JkMount /opennms* ajp13
         JkUnmount /opennms/images* ajp13
         RedirectMatch ^/?$ http://demo.opennms.org/opennms
         Alias /favicon.ico /var/www/favicon.ico
         Alias /opennms/images /opt/opennms/webapps/opennms/images
 </VirtualHost>

Using mod_proxy

OpenNMS configuration

In /opt/opennms/etc/opennms.properties, uncomment the following settings: 

 org.opennms.netmgt.jetty.host = 127.0.0.1
 opennms.web.base-url = https://%x%c/

Restart OpenNMS.

Apache configuration

In your SSL virtual host block, add a Location block for the URL you want to map to OpenNMS. 

ProxyRequests Off      # We are not a forward proxy

<VirtualHost *:443>
        DocumentRoot /home/empty
        <Directory "/home/empty">
                Order allow,deny
                Allow from all
        </Directory>

        <IfDefine SSL>
                SSLEngine On
                SSLProtocol all -SSLv2
                SSLCipherSuite HIGH:!ADH
                SSLCertificateFile /etc/apache2/ssl.crt/server.crt
                SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
                SSLCACertificateFile /etc/apache2/ssl.crt/ca.crt
                CustomLog /var/log/apache2/ssl_request_log ssl_combined

                <Location /opennms>
                    Order deny,allow
                    Allow from 127.0.0.0/8 your.management.network/24

                    ProxyPass http://127.0.0.1:8980/opennms
                    ProxyPassReverse http://127.0.0.1:8980/opennms
                </Location>
        </IfDefine>
</VirtualHost>

Tell Apache to load the mod_proxy and mod_proxy_http modules, if it's not already. In SuSE this is accomplished by adding "proxy proxy_http" to APACHE_MODULES in /etc/sysconfig/apache2 and restarting Apache.

Testing

Point your web browser at the SSL location and try to log in. Check that the main page works. Go to a page in a subdirectory (e.g. Admin or /rtc/) and make sure that works, too. You may find clearing your browser cache useful if you have been using a different method previously. I'm not 100% sure this cured my problem whereby many of the initial links at login would keep on using http instead of https. Once logged in it was fine. Clearing the browser cache sorted this out.

Notes

When putting OpenNMS behind a proxy, there are two places where it needs to know what its real URL is.

First, OpenNMS puts an HTML <base> tag on each page. The URL in this tag needs to be correct: the scheme needs to be https, not http, even though Jetty sees all its requests come in over http. That's what the opennms.web.base-url property is for.

Second, Jetty needs to know what URL to redirect to when it generates redirections for authentication and logout. The way to handle this is to let Jetty put its internal HTTP URL in the redirect, and have Apache rewrite it to be HTTPS. That's what the ProxyPassReverse directive is for.

Version History/Availability

Retrieved from "http://www.opennms.org/wiki/Apache2_configuration"
Personal tools
DevJam 2008 Sponsors
DevJam 2008 Sponsor: Google
DevJam 2008 Sponsor: Netregistry
DevJam 2008 Sponsor: Papa John's
NewEdge Networks
OpenNMS takes home the gold award!
Join the Free Software Foundation
Support This Project Commercial OpenNMS Support OpenNMS Italia Get OpenNMS at SourceForge.net. Fast, secure and Free Open Source software downloads Our Network Simulator Our Java Profiler