Before we begin

This article is provided as-is. Due to the varying nature of client environments, Hannon Hill Product Support does not provide assistance for configuring Apache. Consequently, Hannon Hill Product Support can not guarantee providing any support in configuring Apache.

This page documents a configuration of Apache, rather than of Cascade CMS itself. Hannon Hill will support Cascade CMS with this configuration, but we cannot guarantee to help you debug problems with Apache. Please be aware that this material is provided for your information only, and that you use it at your own risk.

Apache 2.4 modules used

  • mod_authz_core
  • mod_deflate
  • mod_filter
  • mod_rewrite
  • mod_proxy
  • mpd_proxy_ajp
  • mod_proxy_wstunnel
  • mod_ssl

Base Configuration

Apache 2.4

Apache 2.4 can be used to proxy requests to the Cascade CMS Tomcat container. The benefit being additional control over request handling and simplified SSL handling. 

Here is a sample configuration that forces connections over SSL using mod_proxy, handles SSL using mod_ssl, proxies requests to the Tomcat container using mod_proxy and mod_proxy_ajp and adds compression using mod_deflate:

Listen 0.0.0.0:443
SSLStrictSNIVHostCheck off

<VirtualHost *:80>
    ServerName cascade.example.edu
    RewriteEngine on
    RewriteRule ^(.*)$ https:/cascade.example.edu$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
  ServerName cascade.example.edu
  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite HIGH:!aNULL:!MD5
  SSLCertificateFile /path/to/cert.crt
  SSLCertificateKeyFile /path/to/key.key
  SSLCertificateChainFile /path/to/intermediate.xrt>

  ProxyIOBufferSize 65536

  # Websocket configuration
  ProxyPass /websocket ws://localhost:8080/websocket
  ProxyPassReverse /websocket ws://localhost:8080/websocket

  ProxyPass / ajp://localhost:8009/
  ProxyPassReverse / ajp://localhost:8009/

  AddOutputFilterByType DEFLATE "application/javascript" \
                                "application/json" \
                                "application/rss+xml" \
                                "application/vnd.ms-fontobject" \
                                "application/font-sfnt" \
                                "application/font-woff" \
                                "font/opentype" \
                                "font/woff2" \
                                "application/x-javascript" \
                                "application/xhtml+xml" \
                                "application/xml" \
                                "font/eot" \
                                "font/opentype" \
                                "image/svg+xml" \
                                "image/vnd.microsoft.icon" \
                                "image/x-icon" \
                                "text/css" \
                                "text/html" \
                                "text/javascript" \
                                "text/plain" \
                                "text/xml"
</VirtualHost>

Tomcat

Given the apove Apache 2.4 configuration, the following Connectors are assumed within the Tomcat container's server.xml configuration:

<Connector port="8080"
           maxThreads="256"
           maxPostSize="6000000"
           protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443"
           maxSwallowSize="-1"
           compression="on"
           compressionMinSize="1024"
           noCompressionUserAgents="gozilla, traviata"
           compressableMimeType="application/javascript,application/json,application/rss+xml,application/vnd.ms-fontobject,application/font-sfnt,application/font-woff,font/opentype,font/woff2,application/x-javascript,application/xhtml+xml,application/xml,font/eot,font/opentype,image/svg+xml,image/vnd.microsoft.icon,image/x-icon,text/css,text/html,text/javascript,text/plain,text/xml" />
               
<Connector port="8009"
           protocol="AJP/1.3"
           redirectPort="8443"
           tomcatAuthentication="true"
           packetSize="65536"
           maxPostSize="6000000" />

Note: the server.xml configuration file is located within the installation directory at tomcat/conf.

Websocket Support

Cascade CMS utilizes Websockets for almost-real-time notifications and partial UI refreshing, as opposed to repeatedly polling with AJAX requests. As such, the mod_proxy_wstunnel module and additional configuration are required in order to allow Apache to handle these websocket requests. Note the following section within the above configuration:

# Websocket configuration
ProxyPass /websocket ws://localhost:8080/websocket
ProxyPassReverse /websocket ws://localhost:8080/websocket

The key is the port within this directive needs to match the non-SSL port defined within the Tomcat container. Don't worry about this not being SSL here, normal web requests are forced over SSL and Cascade CMS will automatically change the websocket request over to wss://, which is the secure protocol for websockets.

Did this answer your question?