Since I'm sitting here waiting for the ftp to finish pushing the newly configured server to the production machine.

I reckon I've got about 40 hours down the tube on this deal. I've setup plain Tomcat and used it as a servlet container before and it was OK. However, OSX ships with JBoss 3.2 with embedded Tomcat 4 as its web container configured on port 8080. I need this app to run using ssh (hipaa requires it). So I uncomment the https connector and setup a bottleneck that issues redirects if a request comes in over regular http.

Fine, only this connector fails to properly accept connections quite often. So you click, dismiss the error, click, error, click, then it goes. Really annoying. Stylesheet loads randomly fail as well resulting in sporadically ugly pages.

So I see the commented out mod_jk connector in the tomcat config file - I enable that - download a precompiled binary mod_jk.so, enable that in the apache httpd.conf file and waste about 4 days trying to get that to work even once. I set up a nifty static default page in a war directory, set up a JkMount /myapp* ajp13 line to route requests to myapp over ajp13 to tomcat. This never works - checks in the log files show activity - but the url mapping always fails. In desperation I try mapping /* and the result is that my webserver now only issues errors.

BTW, have I mentioned what I think about web app configuration under J2EE? There's nothing like hunting through a couple dozen xml and properties files for a specific setting. Yep, application management is so much easier now that its spread out all over my hard drive.

Meanwhile, googling all over hell and back for that magic combination "apache mod_jk tomcat jboss unix" I find no detailed instructions for setting this up. Quite a few for plain old tomcat, but the embedded in jboss thing is a little weird. I do start seeing lots of recommendations for Jetty - a free java web server/servlet container. Visiting their [link|http://jetty.mortbay.org/jetty/index.html|site] I see that they have a drop-in replacement for the embedded Tomcat module for JBoss. Cool. I grab it and drop it in (first unjarring the sar so I can poke around and change the jboss-config.xml file).

I fire up the http listener and spend an hour with their mod_jk adaptor before concluding that mod_jk is a big con game. I look for an apache integration solution and find a recommendation on the jetty site to use mod_proxy. This looks really simple. So I go down my web.xml file and add proxy mappings that match each servlet mapping. I try it out and SHAZAM! I'm tallking to apache and getting my pages. A couple tweaks for static resources (that I'm going to move to apache anyhow) and I'm off.

Except for one little problem - the servlets can no longer tell if they're being served over http or https. In reality they are being served over http regardless - but I need to make sure that they're only seen via https from outside the server. On a hunch, I move all the proxy mappings into the ssl virtual host block and bada bing bada bang - you can now only hit the web app over https. I think I've found my solution.

Plus, it feels like a rock.

Since I'm going to firewall off everything but port 80 and 443, I'm not worried about users hitting the app server directly on 8080.

The only other snag is Jetty is quite up to date on the servlet spec and does not support any deprecated methods/classes from older specs. As this app is rather old, I had to spend a bunch of time updating some calls. Jetty also isn't happy if the web.xml file has references to servlets that don't exist. So I had to clean that up too. This I view as a feature.