Tomcat IIS6 Reverse Proxy
Introduction
This article describes how to set up a reverse proxy between Tomcat and IIS 6.
A reverse proxy enables one web server to provide content from another web server transparently in addition to the following benefits:
- Greater performance through caching
- High-availability through load balancing
- Controlled access to servers behind a firewall
It is assumed that your web application has been deployed to Tomcat and can be accessed using a browser. In this example the application deployed to Tomcat is called “orbiks” and for the sake of simplicity both the Tomcat and IIS servers are hosted on the server lynx.comdynamics.net therefore accessible at http://lynx.comdynamics.net:8080/orbiks
Configure Apache Tomcat Connector for IIS
Download the Apache Tomcat Connector for IIS from http://tomcat.apache.org/connectors-doc/
Create a directory on the filesystem that will be used to store the files required by the connector. For example: C:\Data\JKConnector
Save the isapi_redirect.dll file to the above directory.
Create a subdirectory for log files. For example: C:\Data\JKConnector\logs
Create three text files in the C:\Data\JKConnector directory:
isapi_redirect.properties
uriworkermap.properties
worker.properties
In the isapi_redirect.properties file add the following:
# Configuration file for the Jakarta ISAPI Redirector # The path to the ISAPI Redirector Extension, relative to the website # This must be in a virtual directory with execute privileges extension_uri=/jakarta/isapi_redirect.dll # Full path to the log file for the ISAPI Redirector log_file=C:\Data\JKConnector\logs\isapi_redirect.log # Log level (debug, info, warn, error or trace) log_level=info # Full path to the workers.properties file worker_file=C:\Data\JKConnector\worker.properties # Full path to the uriworkermap.properties file worker_mount_file=C:\Data\JKConnector\uriworkermap.properties
In the uriworkermap.properties file add the following mapping so that all requests for a URL matching the orbiks web application will be forwarded to the worker:
/orbiks/*=orbiksWorker
In the worker.properties file add the worker which handles all incoming requests and forwards to Apache Tomcat:
worker.list=orbiksWorker worker.orbiksWorker.port=8009 worker.orbiksWorker.host=lynx.comdynamics.net worker.orbiksWorker.type=ajp13
Create IIS Virtual Directory for redirector
Start Internet Information Services Manager and expand the Web Sites folder
Create a new virtual directory called “jakarta” then press Next
When specifying the path that the virtual directory should use, browse to the location of C:\Data\JKConnector then press Next
Specify permissions of read, run, and execute then press Next then Finish
Add the ISAPI Redirector by performing a right-click on the website then selecting Properties from the menu item
Select the ISAPI Filters tab and press the Add button
Enter a filter name and browse to the location of the isapi_redirector.dll file. In this case the filter name should be “jakarta” and the file specified by browsing to isapi_redirect.dll
Press the OK button until you are back at the Internet Information Services dialog
Configure IIS to run Tomcat Connector extension
Within IIS, expand the Web Service Extensions folder
Right-click the folder and select “Add a new Web service extension”
Enter an extension name of Apache Tomcat Connector and click Add to include the required file. To do this, browse to the location of isapi_redirect.dll in C:\Data\JKConnector
Ensure the checkbox “Set extension status to Allowed” is selected
Click OK to dismiss the dialog
Once loaded you will see the newly added extension in the list with a green tick near the icon to indicate it is running
Restart IIS and confirm from the ISAPI Filters tab in the website properties that the isapi_redirect dll has a green arrow shown next to it
Validate that you can access your application deployed to Tomcat by browsing to the IIS virtual directory
In this example the application is accessible port 80 on at http://lynx.comdynamics.net/orbiks
Active Directory bulk load
Introduction
Part of the configuration for an application I recently developed required creating a set of test users in Active Directory. For the sake of expediency, rather than manually create each user I scripted the creation by parsing a file with the csvde command line tool.
CSV User File
Create a CSV file with the following row header columns:
DN,objectClass,distinguishedName,givenName,sn,sAMAccountName
In subsequent rows insert values similar to the following for your LDAP server and increment the integers accordingly. For example:
"CN=Test User 01,CN=Users,DC=lynx,DC=comdynamics,DC=net",user,"CN=Test User 01,CN=Users,DC=lynx,DC=comdynamics,DC=net",Test User 01,testuser01 "CN=Test User 02,CN=Users,DC=lynx,DC=comdynamics,DC=net",user,"CN=Test User 02,CN=Users,DC=lynx,DC=comdynamics,DC=net",Test User 02,testuser02 etc... etc...
The above attributes specify a user object in an organizational unit of the LDAP tree using a first name, a surname with a unique account name (login) for the user.
Process User File
Load the users into the Active Directory server from the CSV using the following command:
csvde -i -k -f testusers.csv -s lynx.comdynamics.net
Set password for newly created users
As the csvde command does not set the password on import it is necessary to run dsmod looping through the user set as a post-import operation. Create a script with contents similar to the following:
FOR /L %%I in (1,1,9) DO dsmod user "CN= Test User 0%%I,CN=Users,DC=lynx,DC=comdynamics,DC=net" -pwd Password1 -pwdneverexpires yes FOR /L %%I in (10,1,20) DO dsmod user "CN= Test User %%I,CN=Users,DC=lynx,DC=comdynamics,DC=net" -pwd Password1 -pwdneverexpires yes FOR /L %%I in (20,1,30) DO dsmod user "CN= Test User %%I,CN=Users,DC=lynx,DC=comdynamics,DC=net" -pwd Password1 -pwdneverexpires yes
The above script processes a total of 30 users in the CSV file in batches of 10 and sets each user with a specific password that never expires.
