wtorek, 29 maja 2012

How to deploy Play 1.2.x application on Tomcat 6 on Debian Stable using AJP13 connector with Apache2 and Varnish as turbo cache


How to deploy Play 1.2.x application on Tomcat on Debian

I wrote this because any tutorial on web about that had 3+ years, there were some errors on them, and I had error 403 or 404 after doing them.

1. Install apache 2.2 httpd server and tomcat6

login as root using su command:
su
then install some stuff
apt-get install apache2 libapache-mod-jk-doc libapache2-mod-jk tomcat6 tomcat6-admin
2. Go to /var/lib/tomcat6/webapps and do
cd /var/lib/tomcat6/webapps
mv ROOT oldroot
3. Go to you play folder
and do
play war --deps -o /var/lib/tomcat6/webapps/ROOT
problems? AttributeError: 'module' object has no attribute 'relpath' maybe?

you have to install python2.6 then by
apt-get install python2.6
then edit play python executable by Vim for example and put

#!/usr/bin/python2.6

at the top of the file, the go to step 3 again

OK, so you have now server ready and tomcat, but nope, site isn't working yet

4. Edit server.xml

go to
cd /var/lib/tomcat6/conf
vim server.xml
and comment HTTP connector and uncomment AJP13 connector (which rocks)

example


<!-- COMMENTED BY ME -->
<!--
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8443" />
-->


    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the JSSE configuration, when using APR, the
         connector should be using the OpenSSL style configuration
         described in the APR documentation -->
    <!--
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->


    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    -->
<!-- UNCOMMENTED BY ME -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

OK, so Tomcat part is over, now let's get back to Apache

5. Back to Apache

first, let assure we have mod_jk enabled
a2enmod jk
then restart apache
/etc/init.d/apache2 restart
then lets edit workers file
vim /etc/libapache2-mod-jk/workers.properties
and replace

workers.tomcat_home=/usr/share/tomcat6

WITH

workers.tomcat_home=/var/lib/tomcat6

ok, two more steps and application will start
vim /etc/apache2/mods-enabled/jk.load
and put


    <IfModule mod_jk.c>
      JkWorkersFile /etc/libapache2-mod-jk/workers.properties
      JkLogFile /var/log/apache2/mod_jk.log
      JkLogLevel info
      JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
      JkRequestLogFormat "%w %V %T"
      # Mount your applications
      JkMount /var/lib/tomcat6/webapps/ROOT/WEB-INF ajp13_worker
      JkShmFile /var/log/apache2/jk.shm
    </IfModule>

there, and then
 vim /etc/apache2/sites-enabled/000-default
and there replace contents with

<VirtualHost *:80>

        ServerAdmin webmaster@localhost


        DocumentRoot /var/www
        JkMount /* ajp13_worker
        JkUnMount /*.jpg ajp13_worker
        JkUnMount /*.gif ajp13_worker
 
 
        UseCanonicalName On
        DocumentRoot /var/lib/tomcat6/webapps/ROOT/WEB-INF/application/public
        JkMount /* ajp13_worker
        JkUnMount /*.jpg ajp13_worker
        JkUnMount /*.gif ajp13_worker
        JkUnMount /*.png ajp13_worker
        JkUnMount /*.css ajp13_worker
        JkUnMount /*.js ajp13_worker

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>


        ErrorLog ${APACHE_LOG_DIR}/error.log


        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn


        CustomLog ${APACHE_LOG_DIR}/access.log combined


</VirtualHost>

6. All done, restart apache and tomcat and all should work like charm
/etc/init.d/apache2 restart ; /etc/init.d/tomcat6 restart
7. Now let's add varnish cache [optional]

apt-get install varnish
 then, you need to
1) edit apache ports config, and change it to for example 8000
2) enable varnish autostart and set ports correctly


so:

vim /etc/default/varnish

and change

START=no
to
START=yes

then you need to configure Varnish correcly, to do so go to

vim /etc/varnish/default.vcl
basically you need to change source port number to 8000, but you can do more

backend default {
.host = "127.0.0.1";
.port = "8000";
}

## Fetch
sub vcl_fetch {

## Remove the X-Forwarded-For header if it exists.
# remove req.http.X-Forwarded-For;

## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
# set req.http.X-Forwarded-For = req.http.rlnclientipaddr;
## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
# if (req.url ~ "^/w00tw00t") {
error 403 "Not permitted";
# }
## Deliver the content

return(deliver);
}

## Deliver
sub vcl_deliver {
## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
## Since we're not caching (yet), why bother telling people we use it?
remove resp.http.X-Varnish;
remove resp.http.Via;
remove resp.http.Age;

## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
remove resp.http.X-Powered-By;


## Remove the http.Server header
unset resp.http.Server;
## Change the http.Server header to something else
  set resp.http.Server = "CERN";
}



then you need to change port number to 80


 DAEMON_OPTS="-a :80 \
 -T localhost:6082 \
  -f /etc/varnish/default.vcl \
  -S /etc/varnish/secret \
  -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"



then go to /etc/apache2/ports.conf

vim /etc/apache2/ports.conf

and change all 80's to 8000, so it'll look like:

NameVirtualHost *:8000
Listen 8000
almost done,
now edit vhost

vim /etc/apache2/sites-enabled/000-default

and change *.80 to *.8000


ALL DONE!
now restart apache2 & varnish and you have working supercharged play application

/etc/init.d/apache2 stop ;  /etc/init.d/varnish start;  /etc/init.d/apache2 start 


Sample benchmark on this box, using Apache Benchmark with 64 connections:

play run --%production :
38 request / second

play @ tomcat
60 request / second

play @ tomcat + apache2 httpd
60-65 request / second

play @ tomcat + apache2 htttp + Varnish
3000 request / second