Delivering Content with Apache HTTP Server

In a standard installation of CMS Fiona, the Website provided can be reached on port 8080. On this port, the Trifork server listens for requests. For security reasons it is recommended to make the Trifork server inaccessible from outside. This short guide describes how this can be done using the Apache HTTP server and the Apache webserver module mod-jk. Further details can also be found on the following web pages:

http://tomcat.apache.org/connectors-doc/
http://tomcat.apache.org/connectors-doc-archive/jk2/jk/quickhowto.html

This guide assumes that you have already installed and configured the Apache HTTP server. Please adapt the symbolic names and port numbers used here according to your environment.

  1. Download mod_jk and proceed as described in the file readme.txt to install and compile the module:

    $> cd tomcat-connectors-1.2.26-src/native
    $> ./configure --with-apxs=/usr/sbin/apxs
    # apxs lets you compile and configure modules available as 
    # source code by means of a single command
    $> make
    $> su -c 'make install'

    This creates the module mod_jk.so.

  2. Integrate this module into your Apache HTTP server installation so that it is loaded when the server starts.

  3. Integrate the configuration of the module, jk.conf, into the configuration of the Apache server. The following is a sample mod_jk configuration (please adapt the paths):

    <IfModule mod_jk.c>
    
    # Path to mod_jk log file (please adapt!)
    JkLogFile "/var/log/apache2/mod_jk.log"
    JkLogLevel info
    
    # Path to the configuration of the AJP worker
    JkWorkersFile "/usr/local/apache2/conf/workers.properties"
    
    # Forwarding to the web applications
    # Editorial system and preview
    JkMount /default/* Name
    # Content
    JkMount /PM/* Name
    
    </IfModule>

    In the jk.conf example above, Name is the name of a worker which is defined in the workers.properties file (see below).

    The paths specified above (such as /default/* and /PM/*) are passed to the Trifork server, meaning that they must have been defined there too.

    Please note that in the Trifork configuration file instance\default\webapps\PM\META-INF\trifork-app-conf.xml the URL prefix path (context) must have been set. Furthermore, for delivering content to the live side, the documentRoot needs to be defined in instance\default\webapps\PM\WEB-INF\pm.xml.

  4. In the file worker.properties, please define the worker specified above for communicating with the Trifork server:

    # Define worker for communication
    
    # List of workers used. Specify as Name 
    # the name of the web application, for example.
    worker.list=Name
    
    # The worker is defined here. Its type is ajp13
    
    worker.Name.port=8009
    worker.Name.host=localhost
    worker.Name.type=ajp13
  5. In the Trifork server, set AJPv13 to enable. You can reach the administration console via http://server:8090/console -> default -> HTTP -> DEFAULT_ENDPOINT.

  6. Finally, for security reasons, bind Trifork Server to localhost to deny access from outside. For this, add the following lines to the file domain-dir/config/server-name/server.properties:

    trifork.local.host=127.0.0.1
    trifork.acceptOnAnyInterface=false