OpenBD, Apache2 Virtual Hosts on Ubuntu 10.04

Ubuntu Linux Specific Guides
Post Reply
User avatar
dedwards
Site Admin
Posts: 70
Joined: Wed Mar 15, 2006 8:28 pm
Contact:

OpenBD, Apache2 Virtual Hosts on Ubuntu 10.04

Post by dedwards » Fri Oct 15, 2010 9:36 pm

This guide will help you with installing and configuring OpenBD version 1.3 on Ubuntu Server 10.04. This guide assumes you have an installation of Ubuntu up and running.

1. Install apache

Code: Select all

sudo apt-get install apache2


Accept all the dependencies

2. Install OpenBD

Goto http://openbd.viviotech.net/ and download the latest OpenBD Linux installer. Ensure you download the correct installer for your platform i.e. if you are running a 64-bit version of Ubuntu, ensure you download the 64-bit installer. In my case, I downloaded the "openbd-1.3-pl0-linux-x64-installer.bin". The easiest way to do this is from the console. Use wget and paste the url of the file and download the file:

Code: Select all

wget http://openbd.viviotech.net/downloader.cfm/id/103/file/openbd-1.3-pl0-linux-x64-installer.bin


Once the file is downloaded, make it executable:

Code: Select all

sudo chmod 744 openbd-1.3-pl0-linux-x64-installer.bin


Execute it:

Code: Select all

sudo ./openbd-1.3-pl0-linux-x64-installer.bin


Follow the prompts paying close attention to the configuration file paths. Do NOT accept the default values on the paths, ensure you enter the correct paths for Ubuntu. Addtionally, ensure you record and remember the passwords you set for Tomcat and the OpenBD administrator.

3. Configure OpenBD

Once you have finished installing OpenBD without any problems, ensure that it's started:

Code: Select all

sudo service openbd_ctl restart


Access the OpenBD Administrator console with your web browser:

Code: Select all

http://yourserver_ip:8888/bluedragon/administrator/login.cfm


Obviously substitute the "yourserver_ip" with the ip or host name of your server. In the "Password" field enter the password you set for the OpenBD administrator when you were installing OpenBD. Once you are are successfully logged in the OpenBD administrator, you can setup your datasources and many other settings.


4. Configure Apache

So a this point OpenBD is up and running on tomcat. However, tomcat is very limited in terms of features as a webserver so we are going to get Apache involved in order to take advantage of Apache features like virtual hosts. The best way to accomplish this is to use the Apache JServ Protocol (AJP for short). "AJP enables binary, packet-based TCP connectivity between Apache and Tomcat so it's fast. This is in contrast to the plain-text format of HTTP. Using AJP, Apache can also maintain an open connection with Tomcat which avoids the expensive process of a new socket being opened for every request. This can mean you'll have more connections open, but it also means better performance."

The Apache installation on your Ubuntu server should have AJP installed by default. You can check by going to "/etc/apache2/mods-available" and ensuring that the "proxy_ajp.load" and "proxy_http.load" modules are present. If that's the case, enable them:

Code: Select all

sudo a2enmod proxy_ajp
sudo a2enmod proxy_http


Now, if you go under "/etc/apache2/mods-enabled" you should see both "proxy_ajp.load" and "proxy_http.load".

Restart your Apache server for the changes to take effect:

Code: Select all

sudo /etc/init.d/apache2 restart


or

Code: Select all

sudo service apache2 restart


5. Configure Apache Virtual Hosts

Using the OpenBD installer, OpenBD gets installed in a way that it requires virtual hosts in order to operate correctly. By default Ubuntu 10.04 is already configured to be virtual host friendly. Ubuntu 10.04 uses "/etc/apache2/sites-available/" and "/etc/apache2/sites-enabled/" directories for your virtual hosts configurations. The "/etc/apache2/sites-enabled" contains the configuration(s) of the virtual hosts that are active and will be actively served by Apache and the "/etc/apache2/sites-enabled" simply contains the configuration(s) of the virtual hosts that are available but not actively served by Apache. This methodology is great for enabling/disabling sites very quickly for any reason. A great way to manage your sites is to create a separate configuration file for each site under the "/etc/apache2/sites-available" directory and then simply enabling that site so that it can be parsed from the "/etc/apache2/sites-enabled" directory. This way, if you want to disable a specific site, you simply remove the symbolic link and that site is no longer active.

For the purposes of this tutorial, we are going to assume we are creating a virtual host entry for a site called "mysite.com". So, create a file called "mysite.com" under the "/etc/apache2/sites-available" directory:

Code: Select all

sudo vi /etc/apache2/sites-available/mysite.com


Insert the following in the file:

Code: Select all

<VirtualHost *:80>
    ServerName www.mysite.com
    ServerAlias mysite.com
    ServerAdmin webmaster@mysite.com
    ProxyRequests Off
    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
    ProxyPass / ajp://localhost:8009/
    ProxyPassReverse / ajp://localhost:8009/
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
    CustomLog /var/log/apache2/mysite.com.log combined
</VirtualHost>


Where "ServerName" is the domain name which in this case is "mysite.com", "ServerAdmin" is the email address of the person responsible for that site, "ServerAlias" is an additional domain name you can assign to the host, "ProxyRequests" should always be set "Off", leave the entire <Proxy *></Proxy> as is. The "ProxyPass / ajp://localhost:8009/" and the "ProxyPassReverse / ajp://localhost:8009/" instruct apache to use the AJP proxy mod that we ensured was enabled on step 5. The "LogFormat" entry sets our apache logs in "combined" format which is extremely useful if you plan to use website traffic tracking software such as AWstats. The "CustomLog" entry sets logs specific to the virtual host we are creating.

Now, we need to enable that site so apache can serve it:

Code: Select all

sudo a2ensite mysite.com


Similarly, you can always disable that site or any other site for that matter by issuing this command:

Code: Select all

sudo a2dissite mysite.com


Restart apache for the changes to take effect:

Code: Select all

sudo service apache2 restart


6. Configure Virtual Hosts in OpenBD and enable AJP Proxy

Virtual hosts must be mirrored in both Apache and OpenBD. So, we must add our virtual host(s) entries in the "/opt/openbd/tomcat/conf/server.xml" file:

Code: Select all

sudo vi /opt/openbd/tomcat/conf/server.xml


Scroll all the way down to the bottom of the file and add your entries right between the "</Host>" and the "</Engine>" entries in the "server.xml" as follows:

Code: Select all

<Host name="www.mysite.com">
<Context path="" docBase="/var/www/mysite.com" />
<Alias>mysite.com</Alias>
</Host>


Where "Host name" is the of course the domain name of your virtual host, the "docBase" is the path to the actual website files and the "Alias" is an additional domain name you can assign to this virtual host.

Next, you must ensure that AJP proxy is enabled under Tomcat. Under the "/opt/openbd/tomcat/conf/server.xml" file locate the entry below:

Code: Select all

<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->


Now remove the "<!--" and "-->" from the front and the back of the "<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />" entry so that it looks like below:

Code: Select all

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />


Restart apache and restart OpenBD:

Code: Select all

sudo service apache2 restart
sudo service openbd_ctl restart


If everything goes well, you should be able to put the virtual host address into your web browser and it should take you right into the correct site.

7. Configuring SSL with Apache2

Apache2 does not have the capability to use multiple SSL enabled virtual hosts. So, if you have the need for multiple SSL enabled hosts, you MUST use a separate IP for each separate host. In most cases, it's sufficient to use one SSL virtual host for your entire web server and pass all SSL traffic to that virtual host.

a. Install all necessary Apache2 prerequisites

Code: Select all

sudo apt-get install apache2.2-common 


Accept all dependencies

b. Enable mod_ssl

In order to use Apache's SSL capabilities, you must first enable the Apache SSL module:

Code: Select all

sudo a2enmod ssl


Restart Apache2:

Code: Select all

sudo service apache2 restart


c. Create a SSL virtual host configuration file for your server

In this step we are going to create a SSL virtual host configuration file for our entire web server. By default Ubuntu 10.04 has a default SSL virtual host file located in "/etc/apache2/sites-available/default-ssl" which we will disable. We can always use that file as a template in order to create our own host configuration file, but I personally like to keep things clean and simple. So, we are going to create a new clean SSL virtual host configuration file. Using the same example site as we used above type the following:

Code: Select all

sudo vi /etc/apache2/sites-available/ssl-mysite.com


Enter the following information:

Code: Select all

<VirtualHost _default_:443>

    ServerName mysite.com
    ProxyRequests Off

    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>

ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog /var/log/apache2/ssl-mysite.com.log combined

SSLEngine On
SSLCertificateFile    /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
</VirtualHost>


All the fields with the exception of the "SSL Engine", the "SSLCertificateFile" and the "SSLCertificateKeyFile" are pretty much the same as in the virtual hosts example above. One notable difference is the "CustomLog" parameter which create a separate log file for all ssl traffic. The "SSLEngine" parameter tells Apache to turn on the SSL engine and the "SSLCertificateFile" and the "SSLCertificateKeyFile" simply point to the certificate and key files.

d. Create a self-signed SSL certificate and key files

First you must install the "ssl-cert" package:

Code: Select all

sudo apt-get install ssl-cert


a. create an SSL key (I created a 2048 bit key for best encryption):

Code: Select all

openssl genrsa -out server.key 2048


b. Create a new certificate request using the key you just created on previous step

Code: Select all

openssl req -new -key server.key -out server.csr


c. Create your self signed certificate using the server key and the certificate request created on the previous steps:

Code: Select all

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt


Answer all the questions as best as you can you can, the MOST important being the "common name" which will be the FQDN of your site.

Now, copy the newly created ssl certificate and key files into "/etc/ssl/certs" and "/etc/ssl/private" respectively:

Code: Select all

sudo cp server.crt /etc/ssl/certs

Code: Select all

sudo cp server.key /etc/ssl/private


You may have noticed that the paths we copied the certificate and key files are the same paths that are referenced in the "SSLCertificateFile" and "SSLCertificateKeyFile" directives contained in the "ssl-mysite.com" configuration file we created above.

Next, disable the "/etc/apache2/sites-available/default-ssl" configuration file:

Code: Select all

sudo a2dissite default-ssl


Enable the "ssl-mysite.com" you created originally:

Code: Select all

cd /etc/apache2/sites-available/

Code: Select all

a2ensite ssl-mysite.com


Restart Apache2 and OpenBD:

Code: Select all

sudo service apache2 restart
sudo service openbd_ctl restart


You should be able to access all your virtual hosts via SSL.
Post Reply