• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • Configure Tomcat with Apache using Proxy Module and Sticky Session

    Configuring Tomcat Load Balancer with Apache web server using Mod Proxy is quite easy.

    It’s easy when you follow the sequence, and all goes well. I have listed following step-by-step on how to configure Apache with Tomcat to configure Load Balancer using Mod Proxy.

    Having load-balanced is always recommended in a production environment for better availability.

    Apache Web Server Configuration

    • Enable proxy_module, proxy_balancer_module and proxy_http_module in httpd.conf of Apache web server
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
    LoadModule proxy_http_module modules/mod_proxy_http.so

    Add proxy pass along with balancer name for application context root.

    In this example, I have a proxy path as examples and balancer name as mycluster.

    Very important to include stickysession as not having this option will distribute the same request to multiple Tomcat server, and you will have session expiry issues in an application.

    <IfModule proxy_module>
    ProxyRequests Off
    ProxyPass /examples balancer://mycluster stickysession=JSESSIONID
    ProxyPassReverse /examples balancer://mycluster stickysession=JSESSIONID
    <Proxy balancer://mycluster>
    BalancerMember http://localhost:8080/examples route=server1
    BalancerMember http://localhost:8090/examples route=server2
    </Proxy>
    </IfModule>

    As you can see in above configuration, I have added a route in BalancerMember so route value can be appended to session ID.

    Now, let’s configure Apache to print JSESSIONID in access logs.

    • Add following in LogFormat directive
    %{JSESSIONID}C

    Ex:

    LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""%{JSESSIONID}C"" combined
    • Restart Apache Web Server

    Tomcat Configuration

    You must configure tomcat instances with same route id as you did in BalancerMember above.

    • Add jvmRoute parameter in server.xml of Tomcat. This must be added in Engine name tag.

    Tomcat instance configured with 8080 port

    <Engine name="Catalina" defaultHost="localhost" jvmRoute="server1">

    Tomcat instance configured with 8090 port

     <Engine name="Catalina" defaultHost="localhost" jvmRoute="server2">
    • Restart Tomcat server

    Verification

    Generate some load on application and check access log of apache server to ensure your request is getting routed to only one tomcat instance.

    You will also notice your session ID is appended to the route as shown in below example.

    Ex:

    127.0.0.1 - - [18/Sep/2013:10:02:02 +0800] "POST /examples/servlets/servlet/RequestParamExample HTTP/1.1" 200 662 "http://localhost/examples/servlets/servlet/RequestParamExample" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
    127.0.0.1 - - [18/Sep/2013:10:02:06 +0800] "GET /examples/servlets/servlet/RequestInfoExample HTTP/1.1" 200 693 "http://localhost/examples/servlets/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
    127.0.0.1 - - [18/Sep/2013:10:02:17 +0800] "GET /examples/servlets/reqinfo.html HTTP/1.1" 200 3607 "http://localhost/examples/servlets/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
    127.0.0.1 - - [18/Sep/2013:10:02:20 +0800] "GET /examples/servlets/servlet/SessionExample HTTP/1.1" 200 1124 "http://localhost/examples/servlets/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
    127.0.0.1 - - [18/Sep/2013:10:02:26 +0800] "POST /examples/servlets/servlet/SessionExample HTTP/1.1" 200 1142 "http://localhost/examples/servlets/servlet/SessionExample" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
    127.0.0.1 - - [18/Sep/2013:10:02:28 +0800] "GET /examples/servlets/servlet/SessionExample?dataname=fda&datavalue=fadaf HTTP/1.1" 200 1159 "http://localhost/examples/servlets/servlet/SessionExample" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B4EC1D73CF8C7482B7D46.server2" 
    127.0.0.1 - - [18/Sep/2013:10:02:32 +0800] "GET /examples/servlets/servlet/SessionExample?dataname=foo&datavalue=bar HTTP/1.1" 200 1174 "http://localhost/examples/servlets/servlet/SessionExample?dataname=fda&datavalue=fadaf" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
    127.0.0.1 - - [18/Sep/2013:10:02:36 +0800] "GET /examples/servlets/servlet/RequestHeaderExample HTTP/1.1" 200 1423 "http://localhost/examples/servlets/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
    

    I hope this helps you in configuring Tomcat Load Balancer with Apache Mod Proxy and Session Sticky.

    If interested to learn about Tomcat administration then check this online course.