Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Apache2 and Tomcat9 Configuration

Discussion in 'EasyApache' started by bobc02, Jun 4, 2019.

Tags:
  1. bobc02

    bobc02 Registered

    Joined:
    May 29, 2019
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    Sammamish, WA
    cPanel Access Level:
    Root Administrator
    I'm trying to configure Apache2 (WHM managed) and Tomcat9 (not managed) on CentOS 7, to work together.

    When you browse my website: example.com you are NOT taken to the DocumentRoot /home/example/example_web that I specify in post_virtualhost_global.conf, instead you are taken to public_html.
    If you browse to my website using the SSL port - example.com:8443 - you are taken to /home/example/example_web, but the SSL certificate doesn't work.

    I include the files involved below.

    I appreciate any help I can get on this.

    tomcat9 server.xml:
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!--
      Licensed to the Apache Software Foundation (ASF) under one or more
      contributor license agreements.  See the NOTICE file distributed with
      this work for additional information regarding copyright ownership.
      The ASF licenses this file to You under the Apache License, Version 2.0
      (the "License"); you may not use this file except in compliance with
      the License.  You may obtain a copy of the License at
    
          http://www.apache.org/licenses/LICENSE-2.0
    
      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      See the License for the specific language governing permissions and
      limitations under the License.
    -->
    
    <Server port="8005" shutdown="SHUTDOWN">
      <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
      <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
      <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
      <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
      <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
    
      <GlobalNamingResources>
        <Resource name="UserDatabase" auth="Container"
                  type="org.apache.catalina.UserDatabase"
                  description="User database that can be updated and saved"
                  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
                  pathname="conf/tomcat-users.xml" />
      </GlobalNamingResources>
    
      <Service name="Catalina">
        <Connector port="8080"
                   protocol="HTTP/1.1"
                   connectionTimeout="20000"
                   redirectPort="8443" />
                  
        <Connector port="8443"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   scheme="https"
                   secure="true"
                   SSLEnabled="true"
                   keystoreFile="/home/.keystore"
                   keystorePass="********"
                   sslProtocol="TLS"
                   clientAuth="false"
                   maxThreads="200" />
                  
        <Connector port="8009"
                   protocol="AJP/1.3"
                   redirectPort="8443"
                   enableLookups="false" />
    
        <Engine name="Catalina" defaultHost="example.com">
          <Realm className="org.apache.catalina.realm.LockOutRealm">
            <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                   resourceName="UserDatabase"/>
          </Realm>
    
          <Host name="example.com" appBase="/home/example/example_web" unpackWARs="true" autoDeploy="true"
                xmlValidation="false" xmlNamespaceAware="false">
             <Alias>www.example.com</Alias>
             <Context path="" reloadable="true" docBase="/home/example/example_web" />
             <Context path="/manager" docBase="/usr/local/tomcat/users/example/tomcat/webapps/manager"
                      privileged="true" antiResourceLocking="false" antiJARLocking="false" reloadable="true" />
                        
             <Valve className="org.apache.catalina.valves.AccessLogValve"
                    directory="logs"
                    prefix="localhost_access_log" suffix=".txt"
                    pattern="%h %l %u %t &quot;%r&quot; %s %b" />
          </Host>
        </Engine>
      </Service>
    </Server>
    
    httpd.conf:
    Code:
    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
    #
    #   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    #   DO NOT EDIT. AUTOMATICALLY GENERATED.  USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE
    #   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    #
    #   Direct modifications to the Apache configuration file WILL be lost upon subsequent
    #   regeneration of this configuration file, or an Apache update.
    #
    #   To have your modifications retained, you should create/edit administrator-specific
    #   include files:
    #
    #       /etc/apache2/conf.d/includes/pre_main_global.conf
    #       /etc/apache2/conf.d/includes/pre_virtualhost_global.conf
    #       /etc/apache2/conf.d/includes/post_virtualhost_global.conf
    #
    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
    
    ##################################################
    ##################################################
    #
    # cPanel & WHM controlled Apache configuration
    #
    ##################################################
    ##################################################
    
    Include "/etc/apache2/conf.modules.d/*.conf"
    
    # Administrator locations for safely altering httpd.conf
    Include "/etc/apache2/conf.d/includes/pre_main_global.conf"
    
    # These are hard-coded values that are required by cPanel & WHM
    PidFile /run/apache2/httpd.pid
    User nobody
    Group nobody
    ExtendedStatus On
    LogLevel warn
    # You can change this by using WHM, and navigating to the 'Basic WebHost Manager® Setup' -> 'Contact Information' interface.
    ServerAdmin [email protected]
    
    # You can change this by using WHM, and navigating to the 'Networking Setup' => 'Change Hostname' interface.
    ServerName dev.example.com
    
    # You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'Global Configuration' interface.
    TraceEnable Off
    ServerSignature Off
    ServerTokens ProductOnly
    FileETag None
    
    <Directory "/">
      
          AllowOverride All
      
        Options ExecCGI FollowSymLinks IncludesNOEXEC Indexes
    </Directory>
    
    StartServers 5
    <IfModule prefork.c>
        MinSpareServers 5
        MaxSpareServers 10
    </IfModule>
    
    ServerLimit 256
    MaxRequestWorkers 150
    MaxConnectionsPerChild 10000
    KeepAlive On
    KeepAliveTimeout 5
    MaxKeepAliveRequests 100
    Timeout 300
    
    
    <IfModule rewrite_module>
    # Global DCV Exclude - Rewrites
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/\.well-known/pki-validation/(?:\ Ballot169)? [OR]
    RewriteCond %{REQUEST_URI} ^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$ [OR]
    RewriteCond %{REQUEST_URI} ^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Sectigo\ DCV)?$
    
    # Exclude proxy subdomains as we need rewrites to capture the DCV requests
    RewriteCond %{HTTP_HOST} !^(?:autoconfig|autodiscover|cpanel|cpcalendars|cpcontacts|webdisk|webmail|whm)\.
    RewriteRule ^ - [END]
    </IfModule>
    
    <LocationMatch "(^/\.well-known/pki-validation/(?: Ballot169)?|^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$|^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?: Sectigo DCV)?$)">
    # Global DCV Exclude - Location
    Satisfy Any
    Order Allow,Deny
    Allow from all
    </LocationMatch>
    
    
    
    # You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'DirectoryIndex Priority' interface.
    <IfModule dir_module>
        DirectoryIndex index.php index.php5 index.php4 index.php3 index.perl index.pl index.plx index.ppl index.cgi index.jsp index.jp index.phtml index.shtml index.xhtml index.html index.htm index.wml Default.html Default.htm default.html default.htm home.html home.htm index.js
    </IfModule>
    
    # You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'Memory Usage Restrictions' interface.
    
    # This setting is required by cPanel & WHM in order to provide access to a default webpage when none exists
    <Directory "/var/www/html">
        Options All
        AllowOverride None
        Require all granted
    </Directory>
    
    # Required cPanel security policy: Disallow remote access to .htaccess, .htpasswd, .user.ini, and php.ini files
    <FilesMatch "^(\.ht(access|passwds?)|\.user\.ini|php\.ini)$">
        Require all denied
    </FilesMatch>
    
    # PHP error_log protection
    <Files ~ "^error_log$">
       <RequireAll>
           Require all denied
       </RequireAll>
    </Files>
    
    <IfModule alias_module>
        ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
        ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
        ScriptAliasMatch ^/?kpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
        ScriptAliasMatch ^/?securecontrolpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
        ScriptAliasMatch ^/?securecpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
        ScriptAliasMatch ^/?securewhm/?$ /usr/local/cpanel/cgi-sys/swhmredirect.cgi
        ScriptAliasMatch ^/?webmail$ /usr/local/cpanel/cgi-sys/wredirect.cgi
        ScriptAliasMatch ^/?webmail/ /usr/local/cpanel/cgi-sys/wredirect.cgi
        ScriptAliasMatch ^/?whm/?$ /usr/local/cpanel/cgi-sys/whmredirect.cgi
    
        Alias /bandwidth /usr/local/bandmin/htdocs/
        Alias /img-sys /usr/local/cpanel/img-sys/
        Alias /java-sys /usr/local/cpanel/java-sys/
        Alias /mailman/archives /usr/local/cpanel/3rdparty/mailman/archives/public/
        Alias /pipermail /usr/local/cpanel/3rdparty/mailman/archives/public/
        Alias /sys_cpanel /usr/local/cpanel/sys_cpanel/
    
        ScriptAlias /cgi-sys /usr/local/cpanel/cgi-sys/
        ScriptAlias /mailman /usr/local/cpanel/3rdparty/mailman/cgi-bin/
      
    </IfModule>
    
    # This can be configured in the cPanel 'Leech Protection' interface.
    <IfModule rewrite_module>
        RewriteEngine on
        RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect
        Mutex file:/run/apache2 rewrite-map
    </IfModule>
    
    <IfModule mime_module>
        TypesConfig conf/mime.types
    
        AddType application/x-compress .Z
        AddType application/x-gzip .gz .tgz
        AddType text/html .shtml
        AddType application/x-tar .tgz
        AddType text/vnd.wap.wml .wml
        AddType image/vnd.wap.wbmp .wbmp
        AddType text/vnd.wap.wmlscript .wmls
        AddType application/vnd.wap.wmlc .wmlc
        AddType application/vnd.wap.wmlscriptc .wmlsc
    
        # These extensions are used to redirect incoming requests to WHM
        AddHandler cgi-script .cgi .pl .plx .ppl .perl
    
        # This is used for custom error documents
        AddHandler server-parsed .shtml
    </IfModule>
    
    # You can change this by using WHM, and updating the 'Tweak Settings' -> 'System' -> 'Allow server-info' option.
    <IfModule status_module>
        # This is used by the WHM 'Apache Status' application
        <Location /whm-server-status>
            SetHandler server-status
            Order deny,allow
            Deny from all
            Allow from 127.0.0.1 ::1
            <IfModule security2_module>
                SecRuleEngine Off
            </IfModule>
        </Location>
    
    </IfModule>
    
    # Required cPanel security policy: disable userdir when mod_ruid2 or mpm_itk or mod_passenger are loaded
    <IfModule userdir_module>
        UserDir public_html
    
        <IfModule ruid2_module>
            UserDir disabled
        </IfModule>
        <IfModule mpm_itk.c>
            UserDir disabled
        </IfModule>
        <IfModule mod_passenger.c>
            UserDir disabled
        </IfModule>
    </IfModule>
    
    <IfModule mod_log_config.c>
        LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
        <IfModule logio_module>
            LogFormat "%v %{%s}t %I .\n%v %{%s}t %O ." bytesvhost
        </IfModule>
        LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b" common
        LogFormat "%{Referer}i -> %U" referer
        LogFormat "%{User-agent}i" agent
        <IfModule logio_module>
            CustomLog "|/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=dev.example.com --suffix=-bytes_log" bytesvhost
        </IfModule>
        CustomLog "|/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=dev.example.com --mainout=/etc/apache2/logs/access_log" combinedvhost
    </IfModule>
    
    
    # The Listen port can be updated using 'Tweak Settings' -> 'System',
    # However, if you have any Apache Reserved IPs, then this Tweak setting will
    # be ignored. Instead, each IP on your system (excluding Apache Reserved IPs)
    # will be listed here.
    Listen 0.0.0.0:80
    
    <IfModule ssl_module>
        # cipher and protocol directives can be set in WHM under 'Apache Configuration' -> 'Global Configuration'
        SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
        SSLProtocol TLSv1.2
        SSLPassPhraseDialog  builtin
    
        <IfModule socache_shmcb_module>
            SSLUseStapling on
            SSLStaplingCache shmcb:/run/apache2/stapling_cache_shmcb(256000)
    
            # Prevent browsers from failing if an OCSP server is temporarily broken.
            SSLStaplingReturnResponderErrors off
            SSLStaplingErrorCacheTimeout 60
            SSLStaplingFakeTryLater off
            SSLStaplingResponderTimeout 3
            SSLSessionCache shmcb:/run/apache2/ssl_gcache_data_shmcb(1024000)
        </IfModule>
        <IfModule !socache_shmcb_module>
            SSLSessionCache dbm:/run/apache2/ssl_gcache_data_dbm
        </IfModule>
    
        SSLSessionCacheTimeout  300
        Mutex                   file:/run/apache2 ssl-cache
        SSLRandomSeed startup builtin
        SSLRandomSeed connect builtin
    
        # The Listen port can be updated using 'Tweak Settings' -> 'System',
        # However, if you have any Apache Reserved IPs, then this Tweak setting will
        # be ignored. Instead, each IP on your system (excluding Apache Reserved IPs)
        # will be listed here.
        Listen 0.0.0.0:443
    
        AddType application/x-x509-ca-cert .crt
        AddType application/x-pkcs7-crl .crl
    </IfModule>
    
    Include "/etc/apache2/conf.d/*.conf"
    
    Include "/etc/apache2/conf.d/includes/account_suspensions.conf"
    Include "/etc/apache2/conf.d/includes/errordocument.conf"
    
    # Administrator locations for safely globally altering all virtualhost configurations
    Include "/etc/apache2/conf.d/includes/pre_virtualhost_global.conf"
    
    ProxyPass /___proxy_subdomain_ws_cpanel  ws://127.0.0.1:2082 max=1 retry=0
    ProxyPass /___proxy_subdomain_ws_whm     ws://127.0.0.1:2086 max=1 retry=0
    ProxyPass /___proxy_subdomain_ws_webmail ws://127.0.0.1:2095 max=1 retry=0
    
    
    ##################################################
    ##################################################
    #
    # Define default vhosts for shared IPs
    #
    ##################################################
    ##################################################
    
    <VirtualHost 127.0.0.1:80>
        ServerName dev.example.com
        DocumentRoot /var/www/html
        ServerAdmin [email protected]
        # Global DCV Rewrite Exclude
        <IfModule rewrite_module>
        RewriteOptions Inherit
        </IfModule>
    
    
        <Directory "/var/www/html">
          AllowOverride All
        </Directory>
    
    
        <IfModule suphp_module>
            suPHP_UserGroup nobody nobody
        </IfModule>
    
    </VirtualHost>
    
    <VirtualHost 162.253.xxx.xxx:80>
        ServerName dev.example.com
        DocumentRoot /var/www/html
        ServerAdmin [email protected]
        # Global DCV Rewrite Exclude
        <IfModule rewrite_module>
        RewriteOptions Inherit
        </IfModule>
    
    
        <Directory "/var/www/html">
          AllowOverride All
        </Directory>
    
    
        <IfModule suphp_module>
            suPHP_UserGroup nobody nobody
        </IfModule>
    
    </VirtualHost>
    
    
    ##################################################
    ##################################################
    #
    # Define default vhosts for unbound IPs
    #
    ##################################################
    ##################################################
    
    <VirtualHost *>
        ServerName dev.example.com
        DocumentRoot /var/www/html
        ServerAdmin [email protected]
        # Global DCV Rewrite Exclude
        <IfModule rewrite_module>
        RewriteOptions Inherit
        </IfModule>
    
    
        <Directory "/var/www/html">
          AllowOverride All
        </Directory>
    
    
        <IfModule suphp_module>
            suPHP_UserGroup nobody nobody
        </IfModule>
    
    </VirtualHost>
    
    ##################################################
    ##################################################
    #
    # Define the virtual host configurtion for user domains
    #
    ##################################################
    ##################################################
    
    # BEGIN: HTTP vhosts list
    
    <VirtualHost 162.253.xxx.xxx:80>
      ServerName example.com
        <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond %{REQUEST_URI} ^/\.well-known/(pki-validation|cpanel-dcv)/
        RewriteRule ^ - [END]
    
        RewriteCond %{HTTPS} !=on
        RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
      </IfModule>
        ServerAlias mail.example.com mail.tanglemydata.com mail.tanglemydata.dev tanglemydata.com tanglemydata.dev www.example.com www.tanglemydata.com www.tanglemydata.dev
      DocumentRoot /home/example/public_html
      ServerAdmin [email protected]
      UseCanonicalName Off
    
      ## User example # Needed for Cpanel::ApacheConf
      <IfModule userdir_module>
        <IfModule !mpm_itk.c>
          <IfModule !ruid2_module>
            <IfModule !mod_passenger.c>
              UserDir disabled
              UserDir enabled example
            </IfModule>
          </IfModule>
        </IfModule>
      </IfModule>
    
      # Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
      # To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
      # the user's .htaccess file.  For more information, please read:
      #    http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
      <IfModule include_module>
        <Directory "/home/example/public_html">
          SSILegacyExprParser On
        </Directory>
      </IfModule>
    
     
    
      <IfModule suphp_module>
        suPHP_UserGroup example example
      </IfModule>
      <IfModule suexec_module>
        <IfModule !mod_ruid2.c>
          SuexecUserGroup example example
        </IfModule>
      </IfModule>
      <IfModule ruid2_module>
        RMode config
        RUidGid example example
      </IfModule>
      <IfModule mpm_itk.c>
        # For more information on MPM ITK, please read:
        #   http://mpm-itk.sesse.net/
        AssignUserID example example
      </IfModule>
      <IfModule mod_passenger.c>
        PassengerUser example
        PassengerGroup example
      </IfModule>
    
      <IfModule alias_module>
        ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
      </IfModule>
    
    
        # Global DCV Rewrite Exclude
        <IfModule rewrite_module>
            RewriteOptions Inherit
        </IfModule>
    
    
    
      # To customize this VirtualHost use an include file at the following location
      # Include "/etc/apache2/conf.d/userdata/std/2_4/example/example.com/*.conf"
    </VirtualHost>
    # END: HTTP vhosts list
    
    # BEGIN: HTTPS vhosts list
    
    <VirtualHost 162.253.xxx.xxx:443>
      ServerName example.com
      ServerAlias mail.example.com mail.tanglemydata.com mail.tanglemydata.dev tanglemydata.com tanglemydata.dev www.example.com www.tanglemydata.com www.tanglemydata.dev webdisk.example.com webmail.example.com cpanel.example.com
      DocumentRoot /home/example/public_html
      ServerAdmin [email protected]
      UseCanonicalName Off
    
      ## User example # Needed for Cpanel::ApacheConf
      <IfModule userdir_module>
        <IfModule !mpm_itk.c>
          <IfModule !ruid2_module>
            <IfModule !mod_passenger.c>
              UserDir disabled
              UserDir enabled example
            </IfModule>
          </IfModule>
        </IfModule>
      </IfModule>
    
      # Enable backwards compatible Server Side Include expression parser for Apache versions >= 2.4.
      # To selectively use the newer Apache 2.4 expression parser, disable SSILegacyExprParser in
      # the user's .htaccess file.  For more information, please read:
      #    http://httpd.apache.org/docs/2.4/mod/mod_include.html#ssilegacyexprparser
      <IfModule mod_include.c>
        <Directory "/home/example/public_html">
          SSILegacyExprParser On
        </Directory>
      </IfModule>
    
     
      <Proxymatch ^https?://127\.0\.0\.1:(2082|2083|2077|2078|2079|2080|2086|2087|2095|2096)/>
           <IfModule security2_module>
              SecRuleEngine Off
           </IfModule>
      </Proxymatch>
    
      <IfModule mod_suphp.c>
        suPHP_UserGroup example example
      </IfModule>
      <IfModule suexec_module>
        <IfModule !mod_ruid2.c>
          SuexecUserGroup example example
        </IfModule>
      </IfModule>
      <IfModule ruid2_module>
        RMode config
        RUidGid example example
      </IfModule>
      <IfModule mpm_itk.c>
        # For more information on MPM ITK, please read:
        #   http://mpm-itk.sesse.net/
        AssignUserID example example
      </IfModule>
      <IfModule mod_passenger.c>
        PassengerUser example
        PassengerGroup example
      </IfModule>
    
      <IfModule alias_module>
        ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
      </IfModule>
      <IfModule ssl_module>
        SSLEngine on
      
        SSLCertificateFile /var/cpanel/ssl/apache_tls/example.com/combined
    
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
        <Directory "/home/example/public_html/cgi-bin">
          SSLOptions +StdEnvVars
        </Directory>
      </IfModule>
    
    
    
    
      # To customize this VirtualHost use an include file at the following location
      # Include "/etc/apache2/conf.d/userdata/ssl/2_4/example/example.com/*.conf"
    
        <IfModule headers_module>
        RequestHeader set X-HTTPS 1
        </IfModule>
    
        RewriteEngine On
                RewriteCond %{HTTP_HOST} =cpanel.example.com [OR]
                RewriteCond %{HTTP_HOST} =cpanel.example.com:443
            RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
    
            RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
            ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
                RewriteCond %{HTTP_HOST} =webdisk.example.com [OR]
                RewriteCond %{HTTP_HOST} =webdisk.example.com:443
            RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
    
            RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
            ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
                RewriteCond %{HTTP_HOST} =webmail.example.com [OR]
                RewriteCond %{HTTP_HOST} =webmail.example.com:443
            RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
    
            RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
            ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
    
                RewriteCond %{HTTP:Upgrade} websocket   [nocase]
                    RewriteCond %{HTTP_HOST} =cpanel.example.com [OR]
                    RewriteCond %{HTTP_HOST} =cpanel.example.com:443
    
                RewriteRule ^/(.*) /___proxy_subdomain_ws_cpanel/$1 [PT]
                RewriteCond %{HTTP:Upgrade} websocket   [nocase]
                    RewriteCond %{HTTP_HOST} =webmail.example.com [OR]
                    RewriteCond %{HTTP_HOST} =webmail.example.com:443
    
                RewriteRule ^/(.*) /___proxy_subdomain_ws_webmail/$1 [PT]
    </VirtualHost>
    # END: HTTPS vhosts list
    
    ##################################################
    ##################################################
    #
    # Define the main cPanel & WHM proxy subdomains
    #
    ##################################################
    ##################################################
    
    # CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS
    <VirtualHost 162.253.xxx.xxx:80 127.0.0.1:80>
        ServerName proxy-subdomains-vhost.localhost
        ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.*
    
        DocumentRoot /var/www/html
        ServerAdmin [email protected]
    
        <IfModule suphp_module>
            suPHP_UserGroup nobody nobody
        </IfModule>
        <Proxy "*">
            <IfModule security2_module>
                SecRuleEngine Off
            </IfModule>
        </Proxy>
    
        <Directory "/var/www/html">
          AllowOverride All
        </Directory>
    
    
    
    
        ScriptAlias /.cpanel/dcv /usr/local/cpanel/cgi-priv/get_local.cgi
    
        RewriteEngine On
    
                        RewriteCond %{REQUEST_URI} ^/\.well-known/pki-validation/(?:\ Ballot169)? [OR]
                        RewriteCond %{REQUEST_URI} ^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$ [OR]
                        RewriteCond %{REQUEST_URI} ^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Sectigo\ DCV)?$
                    RewriteRule ^ /.cpanel/dcv [passthrough]
    
        RewriteCond %{HTTP_HOST} !^dev.example.com$
        RewriteCond %{HTTP_HOST} ^cpanel\.
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
    
        RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
        ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
    
    
        RewriteCond %{HTTP_HOST} !^dev.example.com$
        RewriteCond %{HTTP_HOST} ^webmail\.
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
    
        RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
        ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
    
    
        RewriteCond %{HTTP_HOST} !^dev.example.com$
        RewriteCond %{HTTP_HOST} ^whm\.
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
    
        RewriteRule ^/(.*) /___proxy_subdomain_whm/$1 [PT]
        ProxyPass "/___proxy_subdomain_whm" "http://127.0.0.1:2086" max=1 retry=0
    
    
        RewriteCond %{HTTP_HOST} !^dev.example.com$
        RewriteCond %{HTTP_HOST} ^webdisk\.
    
        RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
        ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
    
    
        RewriteCond %{HTTP_HOST} !^dev.example.com$
        RewriteCond %{HTTP_HOST} ^cpcalendars\.
    
        RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
        ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
    
    
        RewriteCond %{HTTP_HOST} !^dev.example.com$
        RewriteCond %{HTTP_HOST} ^cpcontacts\.
    
        RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
        ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
    
    
    
    
                        RewriteCond %{HTTP_HOST} ^cpanel\.
        RewriteCond %{HTTP:Upgrade} websocket   [nocase]
        RewriteRule ^/(.*) /___proxy_subdomain_ws_cpanel/$1 [PT]
    
            RewriteCond %{HTTP_HOST} ^webmail\.
        RewriteCond %{HTTP:Upgrade} websocket   [nocase]
        RewriteRule ^/(.*) /___proxy_subdomain_ws_webmail/$1 [PT]
    
            RewriteCond %{HTTP_HOST} ^whm\.
        RewriteCond %{HTTP:Upgrade} websocket   [nocase]
        RewriteRule ^/(.*) /___proxy_subdomain_ws_whm/$1 [PT]
      
    
        UseCanonicalName Off
    
        <IfModule security2_module>
            SecRuleEngine On
        </IfModule>
    </VirtualHost>
    
    
    # CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS
    <VirtualHost 162.253.xxx.xxx:443 127.0.0.1:443>
        ServerName dev.example.com
    
        ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.*
    
        DocumentRoot /var/www/html
        ServerAdmin [email protected]
    
        <IfModule suphp_module>
            suPHP_UserGroup nobody nobody
        </IfModule>
        <Proxy "*">
            <IfModule security2_module>
                SecRuleEngine Off
            </IfModule>
        </Proxy>
    
        <Directory "/var/www/html">
          AllowOverride All
        </Directory>
    
    
    
    
        RewriteEngine On
    
        <IfModule ssl_module>
            SSLEngine on
    
    
    
            SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem
            SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem
            SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem
    
        </IfModule>
    
      
      
    
        <IfModule headers_module>
        RequestHeader set X-HTTPS 1
        </IfModule>
    
        RewriteCond %{HTTP_HOST} !^dev.example.com$
        RewriteCond %{HTTP_HOST} ^cpanel\.
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
    
        RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
        ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
    
    
        RewriteCond %{HTTP_HOST} !^dev.example.com$
        RewriteCond %{HTTP_HOST} ^webmail\.
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
    
        RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
        ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
    
    
        RewriteCond %{HTTP_HOST} !^dev.example.com$
        RewriteCond %{HTTP_HOST} ^whm\.
        RewriteCond %{HTTP:Upgrade} !websocket   [nocase]
    
        RewriteRule ^/(.*) /___proxy_subdomain_whm/$1 [PT]
        ProxyPass "/___proxy_subdomain_whm" "http://127.0.0.1:2086" max=1 retry=0
    
    
        RewriteCond %{HTTP_HOST} !^dev.example.com$
        RewriteCond %{HTTP_HOST} ^webdisk\.
    
        RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
        ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
    
    
        RewriteCond %{HTTP_HOST} !^dev.example.com$
        RewriteCond %{HTTP_HOST} ^cpcontacts\.
    
        RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
        ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
    
    
        RewriteCond %{HTTP_HOST} !^dev.example.com$
        RewriteCond %{HTTP_HOST} ^cpcalendars\.
    
        RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
        ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
    
    
    
    
                        RewriteCond %{HTTP_HOST} ^cpanel\.
        RewriteCond %{HTTP:Upgrade} websocket   [nocase]
        RewriteRule ^/(.*) /___proxy_subdomain_ws_cpanel/$1 [PT]
    
            RewriteCond %{HTTP_HOST} ^webmail\.
        RewriteCond %{HTTP:Upgrade} websocket   [nocase]
        RewriteRule ^/(.*) /___proxy_subdomain_ws_webmail/$1 [PT]
    
            RewriteCond %{HTTP_HOST} ^whm\.
        RewriteCond %{HTTP:Upgrade} websocket   [nocase]
        RewriteRule ^/(.*) /___proxy_subdomain_ws_whm/$1 [PT]
      
    
        UseCanonicalName Off
    
        <IfModule security2_module>
            SecRuleEngine On
        </IfModule>
    </VirtualHost>
    
    # Administrator locations for safely altering virtualhost configuration
    Include "/etc/apache2/conf.d/includes/post_virtualhost_global.conf"
    
    ##################################################
    ##################################################
    #
    # Define the Domain Forwarding virtual hosts
    #
    ##################################################
    ##################################################
    
    # Domain forwarding is currently disabled.
    # You can set this by logging into WHM, and navigating to the 'DNS Functions' => 'Setup/Edit Domain Forwarding' interface.
    
    
    ##################################################
    ##################################################
    #
    # Default SSL Hostname Virtual Host
    #
    ##################################################
    ##################################################
    <VirtualHost 127.0.0.1:443 162.253.xxx.xxx:443 *:443>
        ServerName dev.example.com
        DocumentRoot /var/www/html
    
        ServerAdmin [email protected]
        <IfModule suphp_module>
            suPHP_UserGroup nobody nobody
        </IfModule>
        <Directory "/var/www/html">
            AllowOverride All
        </Directory>
        <IfModule ssl_module>
            SSLEngine on
          
    
            SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem
            SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem
            SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem
    
        </IfModule>
    
        UseCanonicalName Off
    
        <IfModule security2_module>
            SecRuleEngine On
        </IfModule>
    </VirtualHost>
    
    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
    #
    #   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    #   DO NOT EDIT. AUTOMATICALLY GENERATED.  USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE
    #   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    #
    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
    
    post_virtualhost_global.conf:
    Code:
    <virtualhost 127.0.0.1:8443 162.253.xxx.xxx:8443 *:8443>
        ServerName example.com
        ServerAlias example.com
        ServerAdmin [email protected]
      
        DocumentRoot "/home/example/example_web"
        <Directory /home/example/example_web>
            AllowOverride All
            Allow from all
        </Directory>    
      
        <IfModule ssl_module>
            SSLEngine on
          
            SSLCertificateFile /home/example/mycerts/237494542.crt
            SSLCertificateKeyFile /home/example/mycerts/237494542_private_key.txt
            SSLCertificateChainFile /home/example/mycerts/237494542.ca-bundle
    
        </IfModule>
    
        UseCanonicalName Off
    
        <IfModule security2_module>
            SecRuleEngine On
        </IfModule>
      
        ProxyPass / ajp://localhost:8009/
        ProxyPassReverse / ajp://localhost:8009/
    
    </virtualhost>
    
    workers.properties (I don't think this is working because the stdout and stderr aren't created):
    Code:
    # workers.properties
    #
    workers.tomcat_home=/usr/local/tomcat/default
    workers.java_home=/usr/java/default
    ps=/
    worker.list=ajp13, example
    #worker.list=ajp13
    worker.ajp13.port=8009
    worker.ajp13.host=localhost
    worker.ajp13.type=ajp13
    worker.ajp13.lbfactor=1
    worker.inprocess.type=jni
    worker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)tomcat.jar
    worker.inprocess.cmd_line=start
    worker.inprocess.stdout=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stdout
    worker.inprocess.stderr=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stderr
    worker.example.port=8443
    
     
    #1 bobc02, Jun 4, 2019
    Last edited by a moderator: Jun 4, 2019
  2. bobc02

    bobc02 Registered

    Joined:
    May 29, 2019
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    Sammamish, WA
    cPanel Access Level:
    Root Administrator
    I'm the OP, with log info that I forgot to post.

    Apache2 error_log is showing proxy issues (below). It's complaining about missing LoadModules, but I had tried adding four modules to post_virtualhost_global.conf, but Apache2 reported that all of them were already loaded, so I took them out.

    Apache2 error_log:
    Code:
    [Tue Jun 04 02:09:25.428602 2019] [proxy:warn] [pid 28110] [client 24.xx.xx.85:53691] AH01144: No protocol handler was valid for the URL / (scheme 'ajp'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
    [Tue Jun 04 02:09:25.428702 2019] [proxy:warn] [pid 28110] [client 24.xx.xx.85:53691] AH01144: No protocol handler was valid for the URL /500.shtml (scheme 'ajp'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
    [Tue Jun 04 02:09:25.733311 2019] [proxy:warn] [pid 28112] [client 24.xx.xx.85:53693] AH01144: No protocol handler was valid for the URL /favicon.ico (scheme 'ajp'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
    [Tue Jun 04 02:09:25.733418 2019] [proxy:warn] [pid 28112] [client 24.xx.xx.85:53693] AH01144: No protocol handler was valid for the URL /500.shtml (scheme 'ajp'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
    
     
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @bobc02,

    EasyApache 4 only supports Tomcat version 8.5 at this time. We document Tomcat installation steps and usage notes on the link below:

    Tomcat - EasyApache 4 - cPanel Documentation

    As I understand, you're attempting to manually install Tomcat version 9. This is an unsupported workaround and is not recommended due to the potential for errors and functionality issues. Can you share some information about the specific features or changes in Tomcat 9 that are leading you to attempt a manual installation?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. bobc02

    bobc02 Registered

    Joined:
    May 29, 2019
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    Sammamish, WA
    cPanel Access Level:
    Root Administrator
    Hello cPanelMichael,

    The reason for wanting Tomcat9 is because I am preparing to launch a production Java app on the Jelastic Cloud, using Tomcat9. For development, and test, I have been using a cPanel Plesk server running Tomcat 8.5.20, which I am now wanting to migrate to VPS. I think it's important to keep dev, and test, using the same Tomcat version as prod, once you're in production.

    Although I am new to WHM, I have used and liked cPanel for years. I have had very little need to interact with cPanel control of Tomcat 8.5 directly - instead it's all been at the SSH level. What I like most about cPanel is the Domain Management, DNS Records, MySQL control, and easy config of email accounts. I don't have much need for Analytics, etc, in dev and test, although the cPanel tools are fantastic.

    Thanks for the EasyApache 4 doc link. I had glanced at it before, but did not study it in detail. I now see that there's a good discussion on Tomcat Proxies, and it explains how the port assignments are made. I have been using standard Apache2 and Tomcat9 docs for my info, thinking, for example that ports 8005 and 8009 are used. But the doc references the port_authority json file, which is empty:
    Code:
    [[email protected] ~]# ls -al /etc/cpanel/cpuser_port_authority.json
    -rw-r----- 1 root root 0 May 22 22:50 /etc/cpanel/cpuser_port_authority.json
    
    Is that json file empty by mistake? Or, is there something I must do in WHM EasyApache 4 to populate it. Create a profile?

    I think we're close to getting Apache2 and Tomcat9 configured, probably just some port stuff.

    Thanks,
    Bob
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Bob,

    Thanks for sharing the additional information!

    The Port Authority script included with cPanel & WHM allows you (as root) to assign one or more 5-digit port numbers for a user's exclusive use:

    The cpuser_port_authority script - Version 80 Documentation - cPanel Documentation

    This lets cPanel users make use of an specific port number when configuring their application, without concern that another cPanel user is already using the same port number.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. bobc02

    bobc02 Registered

    Joined:
    May 29, 2019
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    Sammamish, WA
    cPanel Access Level:
    Root Administrator
    I'm the OP. I have finished the Apache2 and Tomcat9 configuration, and wanted to share my experience for others.

    It, basically, came down to studying the generated httpd.conf file, for the Include file hooks, uncommenting the appropriate one(s), adding the include file(s) at the specified path(s), and adding an AJP connector to Tomcat's server.xml. connector.

    For the Include file hooks, look in the generated httpd.conf. Find the VirtualHost directive that applies to your situation, and locate the "Include /etc/apache2/conf.d/..." line. In SSH, do a mkdir to that Include file path, and set the ownership and permissions appropriately. If the Include lines are commented (# Include /etc/apache2/conf.d/...) you'll need to go into WHM EasyApache 4, and select a profile, to get them uncommented - at least I think you do it this way; I took a different path.

    Down the Include file path, I added a file named custom_include.conf, this is its contents:
    Code:
        LoadModule proxy_ajp_module /usr/lib64/httpd/modules/mod_proxy_ajp.so 
       
            <IfModule security2_module>
                SecRuleEngine On
                SecStatusEngine On
            </IfModule>
    
        ProxyPass "/" "ajp://127.0.0.1:8009/"
    
    Updating Tomcat's server.xml, involved adding some connectors. My server.xml, may not be exactly what other's need. I force all website traffic through HTTPS, so I've added an elaborate 8443 connector. The AJP connector is required, though, because, as you see in custom_include.conf, the Apache proxy redirects to Tomcat's AJP connector. Here are all my Tomcat connectors:

    Code:
      <Service name="Catalina">
        <Connector port="8080" 
                   protocol="HTTP/1.1"
                   connectionTimeout="20000"
                   redirectPort="8443" />
                                 
        <Connector port="8009" 
                   protocol="AJP/1.3"
                   redirectPort="8443" 
                   enableLookups="false" />
                   
        <Connector port="8443" 
                   address="127.0.0.1"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   scheme="https" 
                   secure="true" 
                   SSLEnabled="true"
                   keystoreFile="/home/.keystore" 
                   keystorePass="******"
                   keystoreType="PKCS12"
                   sslProtocol="TLS"
                   sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
                   SSLVerifyClient="optional" 
                   SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
                   clientAuth="false" 
                   maxThreads="200" />     
    
    The docs that cPanelMichael posted earlier in this topic, are the basis for the changes I made.

    I hope this helps.

    Bob
     
    cPanelMichael likes this.
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Bob,

    Thanks for sharing!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice