1. 1 Controlling Access to Your Web Content IS/CS 698 Min Song

2. 2 Web Server Components  Web server :application that responds to HTTP requests by returning ‘web’ resources such as HTML files, images, applets, and CGI output over the Internet (e.g., Apache server)  Servlet container (or servlet engine): runtime shell that invokes servlets on behalf of clients; software that runs servlets and manages them through their lifecycle (e.g., Tomcat servlet container )

3. 3  Number one server in the world - a HTTP webserver :65% of the web sites in the world powered by Apache - the name ‘ Apache ’ was chosen from...  Why so polular? - FREE ! - highly configurable - implements many features (e.g., security/access control, virtual hosting, CGI script execution) - extensible with third-party modules (e.g., servlet engine, security, …) - flatform independent (support all kinds of machines) Windows, Unix, Linux, Solaris, Mac, etc.

4. 4 Apache -Web Server  Apache Software Foundation - non profit organization - maintains and develops open source programs - protects ‘ apache ’ brand  For more information go to: - www.apache.org

5. 5 Multi-Processing Modules  What are they?  How do you configure them?  Which one is best?

6. 6 MPMs defined  A module that is specialized for managing the process/thread model used by Apache on a particular platform  Each has its own target OS and scalability goals

7. 7 MPM configuration # worker MPM # StartServers: initial number of server processes to start # MaxClients: maximum number of simultaneous client connections # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestsPerChild: maximum number of requests a server process serves StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0

8. 8 MPMs: How to choose  Benchmark!! (but don’t trust ab)  Consider RAM usage vs. performance, etc.  Other tunability factors too, but this is the big one

9. 9 Tomcat  Java-based Servlet container with JSP environment  Sublet is in JAVA  Apache Foundation's reference implementation of the JavaServer Pages and Servlet technologies  Two modes - standalone: default mode for Tomcat - add-on: works as delegator  Official Website - http://jakarta.apache.org/tomcat/

10. 10 What are Java Servlets?  Java Technology to address issues in CGI (Common Gateway Interface)  Useful when creating the web page on the fly - for web page based on clients ’ requests (search engine) - when the data changes frequently (weather report) - when cooperating with database  Runs on web server  Written in Java and follow a well-standardized API.  Fast, efficient, easy  Dynamic web contents

11. 11 Processes vs Threads

12. 12 What is JSP?  Stands for JavaServlet Page  Extension to the Java servlet technology that allows regular, static HTML (XML) with dynamically-generated HTML(or XML)  JSP pages are text documents that have a jsp extension and contain a combination of static HTML and XML like tags and scriptlets.  The tags and scriptlets encapsulate the logic that generates the content for the page.  JSP pages are pre-processed and compiled into a Java servlet which runs in a webcontainer (e. g. Tomcat).

13. 13 Cons and Pros  Tomcat has a lot of pros  However, there are still are cons as a standalone server. - not as fast as Apache for static pages - not as configurable as Apache - not as robust as Apache - may not support functionality found only in Apache modules (e.g., Perl, PHP, security) - mainly for development and debugging

14. 14 Integrating Apache and Tomcat  Apache for a server + Tomcat for Servlet and JSP -> fast and reliable web server  Main idea: -let Tomcat listen to Apache - let Apache to talk to Tomcat -apache delegates processing of JSPs, and servlets to the Tomcat instance  Problem -how do they communicate? Apache was written in C but Tomcat is written 100% Java -> we need something between them

15. 15 JK Connector Communication mechanism between Tomcat and Apache: - termed “web server adapter” or “connector” - implemented as library (e.g., mod_jk.dll, mod_jk.so) - uses/manages TCP connections - uses the ajp13 communication protocol (defined in server.xml file in tomcat subdirectory)

16. 16 Client http://port 80 Tomcat ajp13 TCP/8009 2 resource 5 3 4 Apache adapter 1.Request 2.Apache delegates Tomcat servicing of JSPs, and servlets 3.Tomcat performs JSPs, and Servlets services 4.Tomcat sends results to Apache 5. Apache sends respond to client 1 AND

17. 17 Configuation 1.Let the Tomcat listen to Apache - open server.xml in Tomcat's TOMCAT_HOME/conf directory - all the configuration is done to Tomcat by this file - look for a line that says "Server" and has a port of 8005 - add the following <Listener className="org.apache.ajp.tomcat4.config.ApacheConfig" modJk= "C:\Program Files\ApacheGroup\Apache2\modules/mod_jk.dll" \> - add the following in the Host container <Listener className="org.apache.ajp.tomcat4.config.ApacheConfig" append="true" forwardAll="false" modJk=" C:\Program Files\Apache Group\ Apache2\modules\mod_jk.dll" \>

18. 18 Configuration 2. Tell Apache to work with Tomcat - run Tomcat and see if a file, “ mod_jk.conf ” is created in TOMCAT_HOME\conf\auto\mod_jk.conf - mod_jk.conf is an Apache configuration directives for mod_jk - automatically generated by Tomcat each time Tomcat runs due to two lines we added to server.xml - edit httpd.conf in APACHE_HOME/conf by adding Include " C:\Program Files\Apache Group\ Tomcat\ Tomcat-4.1\conf\auto\mod_jk.conf ”

19. 19 Configuration 3. Create a file called workers.properties - add following in C:\Program Files\Apache Group\Tomcat\Tomcat-4.1\conf\jk worker.list=ajp13 worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 - Tomcat instance (running process )waiting to execute servlets for Apache - multiple Tomcat workers are possible - provides necessary information to mod_jk such as where to find Tomcat and what port to use when connecting.

20. 20 Test  Start Tomcat - verify time stamp on mod_jk.conf Start  Start Apache  In the web browser - type http://localhost/examples  Apache is working correctly, and JSP and servlet requests are being passed to Tomcat -note that without “ :8080 ” we accessed to Tomcat subdirectory

21. 21 Tomcat File Structure anotherapp TOMCAT webapps index.htmlWEB-INF web.xmlclasseslib examples jsp

22. 22 Load Balancing Device Client Internet

23. 23 Load Balancing  One Load Balancer  Many Web Servers  Choice of Balancing Schemes  Round-robin, Least Used, …

24. 24 Example: mod_proxy_balancer  New in Apache HTTP Server 2.2  Part of mod_proxy  Two Load Balancing Methods  By number of requests  By number of bytes  Detects failed backends

25. 25 Apache Configuration Listen 80 LogLevel debug TransferLog logs/access_log LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so ProxyPass / balancer://mycluster/ ProxyPassReverse / http://1.2.3.4:80 ProxyPassReverse / http://1.2.3.5:80 BalancerMember http://1.2.3.4:80 BalancerMember http://1.2.3.5:80

26. 26 Example: Tomcat, mod_jk  Apache + mod_jk  Multiple Tomcat servers  Balancer Worker

27. 27 Apache Configuration LoadModule jk_module /Volumes/Files/asf/httpd-r415210w/modules/mod_jk.so JKMount /servlets-examples/* loadbalancer JKMount /*.jsp loadbalancer JkMount /jkmanager/* jkstatus JKLogFile logs/jk_log JKLogLevel debug JKWorkerProperty worker.list=loadbalancer,jkstatus JKWorkerProperty worker.tc1.port=15109 JKWorkerProperty worker.tc1.host=localhost JKWorkerProperty worker.tc1.type=ajp13 JKWorkerProperty worker.tc1.lbfactor=1 JKWorkerProperty worker.tc2.port=15209 JKWorkerProperty worker.tc2.host=localhost JKWorkerProperty worker.tc2.type=ajp13 JKWorkerProperty worker.tc2.lbfactor=1 JKWorkerProperty worker.tc3.port=15309 JKWorkerProperty worker.tc3.host=localhost JKWorkerProperty worker.tc3.type=ajp13 JKWorkerProperty worker.tc3.lbfactor=1 JKWorkerProperty worker.loadbalancer.type=lb JKWorkerProperty worker.loadbalancer.balance_workers=tc1, tc2, tc3 JKWorkerProperty worker.jkstatus.type=status

28. 28 Tomcat Configuration  Put same content on all Tomcats  Edit conf/server.xml:  jvmRoute must match jk worker name!

29. 29 Tomcat Session Replication  Share HttpSession objects across instances  One instance dies, session lives on  Apache will route requests to other instance  Uses IP Multicast

30. 30 Session Replication Config  Uncomment element in server.xml  Put empty element in element in web.xml

31. 31 Putting it All Together Client Internet Read-only Write-only

32. 32 How do I get an AFS account  Here is where you can get help when dealing with those exceptions. Fill this form and get your account. https://mailsys.njit.edu/%7Eaccts/cgi-bin/new You can get additional information about AFS here. http://ist.njit.edu/accounts/afs.php

33. 33 Prepare your account for Web Hosting You need to setup your home page so the files in your account can be accessed through a browser.  Run an SSH client.  The "host" or "domain" should be "afsx.njit.edu" where x is any number between 1-36.  Enter your username.  Enter your password.  Type "home.page.setup" at the prompt.  Type "y" and press ENTER.  Type "exit" and close your telnet client.

34. 34 How do I share files in AFS Let’s assume you want to grant to user ro5 access to the directory project in your account, you type $fs sa ~/project ro5 rwl For detailed instructions and more information on AFS permissions please visit. http://web.njit.edu/all_topics/AFS/ShareFiles/

35. 35 How do I setup Tomcat Tomcat 5.5 is already installed in AFS, all you have to do is configure your account to be able to use it.  Servlets and Java Server Pages can be served on web.njit.edu from a user's public_html directory.  First make sure that your login directory is correctly set up for Web pages.  Once your login directory is correctly set up, your login directory and public_html directory can be set up for Tomcat.

36. 36 How do I setup Tomcat cont.  /usr/ucs/bin/tomcat.setup configures your login directory and public_html directory to enable web.njit.edu to serve servlets and Java server pages.  Explicit instructions regarding the Tomcat server are given when tomcat.setup is run.  To run tomcat.setup, log in to your account on any AFS Unix client (e.g., afs1.njit.edu to afs36.njit.edu), and enter: tomcat.setup

37. 37 How do I setup Tomcat cont. Note: The tomcat server restarts daily at approximately 6:00 AM, 2:00 PM and 8:00 PM. Your servlets will not become available until after the server completes the restart, which takes about 20 minutes. Additionally, certain changes to your WEB-INF directory will not become available until after the Tomcat server restarts. More information can be found at: http://web.njit.edu/all_topics/Servers/Tomcat/

38. 38 Security Requirement  As of the Fall 2007 Semester, off-campus access to AFS must use Secure Shell (ssh) over a Virtual Private Network (VPN).  To download software (including regular VPN) you must use VPN. This is possible with webvpn. Go to http://webvpn.njit.edu or follow the instructions at http://telecom.njit.edu/vpn/WebVPNInstall.html http://webvpn.njit.edu http://telecom.njit.edu/vpn/WebVPNInstall.html  Once you have a VPN connection, you can download the Secure Shell software at http://ist.njit.edu/software/index.php http://ist.njit.edu/software/index.php

39. 39 Connect to AFS and Log In  Use the Secure Shell Client and your UCID username and password to log on the one of the AFS machines, such as afs23.njit.edu:

40. 40 Use Secure FTP  You can use the Secure File Transfer Protocol program to upload your materials. The SSH Secure File Transfer Client is provided when you get SSH.

41. 41 Use Secure FTP  The SSH FTP Client is a simple drag and drop interface. Most students should have little trouble figuring it out.  If you do have trouble, try the Help selection on the menu. If that does not work, post your problems on Web Board and I will add enough detail to this presentation to guide you through it.

42. 42 AFS Timeouts  There are times when you can access AFS without VPN, but you may get a lot of timeouts, such as when you are using client/server programs on AFS.  Several students in the Fall of 2007 found that they could avoid timeouts by using VPN.

43. 43 Getting Started with ANT public class Main { public static void main(String args[]) { for(int i=0;i<args.length;i++) { System.out.println(args[i]); } TRY 1.to build with Ant the following Java program Main.java, and then 2.package it, and 3.execute

44. 44 Writing Ant build file compilation complete! It compiles all Java source code in and below the current directory "." according to Ant task Create a file build.xml containing only one target:

45. 45 Running you first build Put both Java source file Main.java and build file build.xml in the same, base directory C:\Antbook\ch02\firstbuild (We will use and extend this directory structure in the future considerations. You will use the drive H: instead.)

46. 46 Running you first build Run Ant at the command prompt from this directory: C:\Antbook\ch02\firstbuild>ant Buildfile: build.xml compile: [javac] Compiling 1 source file [echo] compilation complete! BUILD SUCCESSFUL Total time: 2 seconds Repeat this again. Do you see any difference? Can you explain it?

47. 47 Running you first build Ant compiled all Java source in the current directory (and all its subdirectories, if any) and printed a success message afterwards. Now you can see the resulting Main.class in C:\Antbook\ch02\firstbuild This looks trivial, but Ant can do much more!

48. 48 XML and ANT The contents of the above file build.xml is an XML document. We will need only most elementary concepts of XML. Read more, for example, in Annotated XML Specification (Bray 1998) http://www.xml.com/axml/axml.html or a simple tutorial in http://www.w3schools.com/default.asp

49. 49 XML and ANT Any XML document is a kind of well-formed and nested bracket expression (with some data in between) like ((()())()) where brackets are balanced. Each left "(" has corresponding ")" to the right of it, etc. No overlapping between any two bracket expressions (something) and (something else) is allowed. Either one such expression is part of another, or they do not intersect.

50. 50 XML and ANT In XML so called start, or opening tags like,, play the role of "(" and corresponding end, or closing tags,, play the role of ")".

51. 51 XML and ANT XML expression of the form anything here are called elements Elements can nest – can have subelements (children), etc. For example, in ANT build file the main element can have subelements (children) which can have sub-sub-elements (grandchildren).

52. 52 XML and ANT Element with no text or subelements between the tags is called an empty element, and is abbreviated as Note, that “/” is used at the end of the tag to denote the empty element. (If “/” appears at the beginning of a tag then this tag is considered as closing tag.)

53. 53 XML and ANT Any text can be written between tags, like here: compilation complete! which is not considered as subelement. (Sub)elements should always start and end with matching tags.

54. 54 XML and ANT Any XML document should have exactly one root element (ignore ). The root of any ANT build file is always element. The root element contains all other elements as sub-...-sub- elements. This leads to tree representation of any XML document.

55. 55 Ttee representation of the above build.xml file <project name=“firstbuild” default=”compile”> Compilation complete! Caution!! Do not mix such a tree representation of a build file with the graph of dependencies between targets considered earlier for another build file. The goals and the meanings of these two representations are quite different. Caution!! Do not mix such a tree representation of a build file with the graph of dependencies between targets considered earlier for another build file. The goals and the meanings of these two representations are quite different.

56. 56 The ANT conceptual model A project contains targets, targets contain tasks; there can be further nesting The XML representation of a build file is a tree It happened that the above project contains at the root only one target ”compile”, which contains two tasks and

57. 57 XML attributes in And build files Start tags can optionally contain attributes like name, default, srcdir in the above file build.xml. Attributes should have some text values like name="firstbuild" default="compile" name="compile" srcdir=".“ Example: This is the start tag of a target with the name “compile”

58. 58 Ant vs. HTML In general, XML tags, attributes and their values may be arbitrary. In HTML and Ant: tags, attribute names and values of some attributes have predefined meaning. Of course, in HTML and Ant this meaning is completely different: - visualizing in HTML vs. executing tasks in Ant. Say, srcdir="." means that the current directory is considered as the source directory, i.e., containing source code files ( *.java ).

59. 59 XML elements in Ant build files The compile target element compilation complete! consists of two task subelements and which: compile all source files from the current directory downward print "compilation complete!" when the build process reaches that far. If the compilation task fail then the build will fail before the echo message gets printed.