Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
Share on:

Tomcat Load Balancer with Apache using Mod Proxy and Session Sticky

Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Configure Tomcat with Apache using Proxy Module and Sticky Session

Configuring Tomcat Load Balancer with Apache web server using Mod Proxy is quite easy.

It’s easy when you follow the sequence, and all goes well. I have listed following step-by-step on how to configure Apache with Tomcat to configure Load Balancer using Mod Proxy.

Having load-balanced is always recommended in a production environment for better availability.

Apache Web Server Configuration

  • Enable proxy_module, proxy_balancer_module and proxy_http_module in httpd.conf of Apache web server
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_http_module modules/mod_proxy_http.so

Add proxy pass along with balancer name for application context root.

In this example, I have a proxy path as examples and balancer name as mycluster.

Very important to include stickysession as not having this option will distribute the same request to multiple Tomcat server, and you will have session expiry issues in an application.

<IfModule proxy_module>
ProxyRequests Off
ProxyPass /examples balancer://mycluster stickysession=JSESSIONID
ProxyPassReverse /examples balancer://mycluster stickysession=JSESSIONID
<Proxy balancer://mycluster>
BalancerMember http://localhost:8080/examples route=server1
BalancerMember http://localhost:8090/examples route=server2
</Proxy>
</IfModule>

As you can see in above configuration, I have added a route in BalancerMember so route value can be appended to session ID.

Now, let’s configure Apache to print JSESSIONID in access logs.

  • Add following in LogFormat directive
%{JSESSIONID}C

Ex:

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""%{JSESSIONID}C"" combined
  • Restart Apache Web Server

Tomcat Configuration

You must configure tomcat instances with same route id as you did in BalancerMember above.

  • Add jvmRoute parameter in server.xml of Tomcat. This must be added in Engine name tag.

Tomcat instance configured with 8080 port

<Engine name="Catalina" defaultHost="localhost" jvmRoute="server1">

Tomcat instance configured with 8090 port

 <Engine name="Catalina" defaultHost="localhost" jvmRoute="server2">
  • Restart Tomcat server

Verification

Generate some load on application and check access log of apache server to ensure your request is getting routed to only one tomcat instance.

You will also notice your session ID is appended to the route as shown in below example.

Ex:

127.0.0.1 - - [18/Sep/2013:10:02:02 +0800] "POST /examples/servlets/servlet/RequestParamExample HTTP/1.1" 200 662 "http://localhost/examples/servlets/servlet/RequestParamExample" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
127.0.0.1 - - [18/Sep/2013:10:02:06 +0800] "GET /examples/servlets/servlet/RequestInfoExample HTTP/1.1" 200 693 "http://localhost/examples/servlets/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
127.0.0.1 - - [18/Sep/2013:10:02:17 +0800] "GET /examples/servlets/reqinfo.html HTTP/1.1" 200 3607 "http://localhost/examples/servlets/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
127.0.0.1 - - [18/Sep/2013:10:02:20 +0800] "GET /examples/servlets/servlet/SessionExample HTTP/1.1" 200 1124 "http://localhost/examples/servlets/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
127.0.0.1 - - [18/Sep/2013:10:02:26 +0800] "POST /examples/servlets/servlet/SessionExample HTTP/1.1" 200 1142 "http://localhost/examples/servlets/servlet/SessionExample" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
127.0.0.1 - - [18/Sep/2013:10:02:28 +0800] "GET /examples/servlets/servlet/SessionExample?dataname=fda&datavalue=fadaf HTTP/1.1" 200 1159 "http://localhost/examples/servlets/servlet/SessionExample" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B4EC1D73CF8C7482B7D46.server2" 
127.0.0.1 - - [18/Sep/2013:10:02:32 +0800] "GET /examples/servlets/servlet/SessionExample?dataname=foo&datavalue=bar HTTP/1.1" 200 1174 "http://localhost/examples/servlets/servlet/SessionExample?dataname=fda&datavalue=fadaf" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"
127.0.0.1 - - [18/Sep/2013:10:02:36 +0800] "GET /examples/servlets/servlet/RequestHeaderExample HTTP/1.1" 200 1423 "http://localhost/examples/servlets/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Firefox/17.0""B80557A1D9B48EC1D73CF8C7482B7D46.server2"

I hope this helps you in configuring Tomcat Load Balancer with Apache Mod Proxy and Session Sticky.

If interested to learn about Tomcat administration then check this online course.

Thanks to our Sponsors
More great readings on Tomcat
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.
    Try Semrush
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder