Tim Holloway wrote:Tomcat does not work with "directories", unlike Apache. The appBase directory contains WARs in either standard (xxx.war file) or exploded form (TOMCAT_HOME/webapps/xxx directory). By default, Tomcat will automatically explode WAR files.
Assuming that you didn't set up a custom context, the Tomcat server then deploys each WAR using its warfile/directory name. So TOMCAT_HOME/webapps/payroll will have the context path /payroll, TOMCAT_HOME/webapps/personnel will have the context path /personnel, and so forth, so that the basic URL for the payroll /index.jsp page would be http://localhost:8080/payroll/index.jsp.
When you set up mod_jk as a connection, you map an Apache VirtualHost to a Tomcat webapp context via jkmount. Disclaimer: It has been a LOOOONG time since I've used mod_jk and I don't remember all the details of setting it up, but basically I believe that you have to set up the destination webapp server address, port, and context in the worker definition file.
Actually, most of the mod_jk documentation I can find is quite old. For the most part, mod_proxy or mod_proxy_ajp are preferred these days. The main advantage of mod_jk seems to have been for load-balancing and that's not been an issue for me. The mod_proxy setup is much more straightforward.
Tim Holloway wrote:If you are already running Apache, I'd suggest avoiding SSL on Tomcat. Use Apache as a reverse proxy to Tomcat, instead, using mod_proxy or mod_jk with the Coyote Apache-to-Tomcat connector (port 8009).
There are several reasons why this is better:
1. You don't have to run Tomcat as an admin user to allow it to use ports 80 and 443 - Apache does the listening for you. Much more secure that way,
2. It's easier to set up SSL for Apache than for Tomcat, Plus, Tomcat doesn't take Apache-format certs, so if your certfiles and keyfiles were issued for Apache, you'd have to convert them for Tomcat.
3. You can run all your webapps through the Apache server, both JEE and non-JEE (for example, PHP apps).
Basically, the world-to-Apache link is SSL, then the Apache proxy feeds to Tomcat via a private internal channel. The tomcat server can be on the same machine as Apache or on a different machine or you can run multiple Tomcats with Apache doing load-balancing.
So I recommend this approach instead. I use Nginx myself these days, fronting Tomcat, backend Apache servers in containers, NodeJS and whatever else needs a web interface.