Apache2 configuration
Subscribe

From OpenNMS

Jump to: navigation, search

Contents

Using AJP

AJP configuration is simpler, and gives nice easy control over what is served up, and how. Unfortunately, it is not compatible with GWT applications, so it will cause issues if you use the dashboard or the Remote Monitor UI. For those reasons, it's recommended you use the mod_proxy configuration below.

Enabling AJP in Tomcat

Tomcat comes pre-configured with AJP enabled, so if you are using OpenNMS with Tomcat, you don't need to do anything special to enable AJP.

Your tomcat server.xml should contain an entry like this: 

     <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

Enabling AJP in OpenNMS Jetty

As of OpenNMS 1.3.10, the Jetty included in OpenNMS has AJP support. To enable AJP in the OpenNMS Jetty, uncomment the relevant line in $OPENNMS_HOME/etc/opennms.properties: 

 # If you want Jetty with AJP support, this is the port to listen on
 org.opennms.netmgt.jetty.ajp-port = 8981

Configure mod_jk for AJP

Configure and install mod_jk according to it's documentation, including setting up your workers.properties to point to your AJP instance.

Configure workers.properties 

 # workers.properties must be configured to have ajp13 pointing at the correct host and port
 
 # Tomcat AJP
 worker.ajp13.port=8009
 worker.ajp13.host=localhost
 worker.ajp13.type=ajp13
 
 # or, OpenNMS AJP
 worker.ajp13.port=8981
 worker.ajp13.host=localhost
 worker.ajp13.type=ajp13

Configure httpd.conf

Next, add Jk* directives to your httpd.conf or a relevant VirtualHosts entry. You can JkUnmount the images directory and alias it to avoid passing through image requests to the servlet engine and let Apache serve them directly.

For demo.opennms.org, we use the following configuration: 

 LoadModule jk_module /usr/lib/httpd/modules/mod_jk.so
 JkWorkersFile /etc/http/conf/workers.properties
 
 <VirtualHost 66.45.100.27:80>
         ServerName demo.opennms.org
         DocumentRoot /var/www/somelocation
         ServerAdmin webmaster@opennms.org
         JkMount /opennms* ajp13
         JkUnmount /opennms/images* ajp13
         RedirectMatch ^/?$ http://demo.opennms.org/opennms
         Alias /favicon.ico /var/www/favicon.ico
         Alias /opennms/images /opt/opennms/webapps/opennms/images
 </VirtualHost>

Using mod_proxy

OpenNMS configuration

In /opt/opennms/etc/opennms.properties, uncomment the following settings: 

 org.opennms.netmgt.jetty.host = 127.0.0.1
 opennms.web.base-url = https://%x%c/

Restart OpenNMS.

Apache configuration

In your SSL virtual host block, add a Location block for the URL you want to map to OpenNMS. 

ProxyRequests Off      # We are not a forward proxy

<VirtualHost *:443>
        DocumentRoot /home/empty
        <Directory "/home/empty">
                Order allow,deny
                Allow from all
        </Directory>

        <IfDefine SSL>
                SSLEngine On
                SSLProtocol all -SSLv2
                SSLCipherSuite HIGH:!ADH
                SSLCertificateFile /etc/apache2/ssl.crt/server.crt
                SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
                SSLCACertificateFile /etc/apache2/ssl.crt/ca.crt
                CustomLog /var/log/apache2/ssl_request_log ssl_combined

                <Location /opennms>
                    Order deny,allow
                    Allow from 127.0.0.0/8 your.management.network/24

                    ProxyPass http://127.0.0.1:8980/opennms
                    ProxyPassReverse http://127.0.0.1:8980/opennms
                </Location>
        </IfDefine>
</VirtualHost>

Tell Apache to load the mod_proxy and mod_proxy_http modules, if it's not already. In SuSE this is accomplished by adding "proxy proxy_http" to APACHE_MODULES in /etc/sysconfig/apache2 and restarting Apache.

Testing

Point your web browser at the SSL location and try to log in. Check that the main page works. Go to a page in a subdirectory (e.g. Admin or /rtc/) and make sure that works, too. You may find clearing your browser cache useful if you have been using a different method previously. I'm not 100% sure this cured my problem whereby many of the initial links at login would keep on using http instead of https. Once logged in it was fine. Clearing the browser cache sorted this out.

Notes

When putting OpenNMS behind a proxy, there are two places where it needs to know what its real URL is.

First, OpenNMS puts an HTML <base> tag on each page. The URL in this tag needs to be correct: the scheme needs to be https, not http, even though Jetty sees all its requests come in over http. That's what the opennms.web.base-url property is for.

Second, Jetty needs to know what URL to redirect to when it generates redirections for authentication and logout. The way to handle this is to let Jetty put its internal HTTP URL in the redirect, and have Apache rewrite it to be HTTPS. That's what the ProxyPassReverse directive is for.

Using mod_proxy_ajp

The following configuration helps you to configure OpenNMS in a hot standby (failover) configuration. This enables failover of the web application for users in that they will no be required to know 2 different URLs to browse to for the OpenNMS UI and they will automatically be directed to the Primary when it is available. You will need mod_proxy_ajp installed. 

<Proxy balancer://opennms>
  BalancerMember ajp://server1:8981/opennms loadfactor=1
  BalancerMember ajp://server2:8981/opennms loadfactor=1 status=+H
  ProxySet lbmethod=bytraffic
  ProxySet stickysession=JSESSIONID
</Proxy>
ProxyPass /opennms balancer://opennms

In this configuration, when the OpenNMS web application is available on server1, all proxy traffic will be directed to server1. When the OpenNMS web application is not available on server1, all traffic will be directed to server2. The status attribute on the server2 ajp connection definition initializes the connection to a "Hot stand-by" mode.

Version History/Availability

Retrieved from "http://www.opennms.org/wiki/Apache2_configuration"