Configuring Apache Tomcat

If you expose your Allegra installation to the Internet, it is usually best to use an Apache HTTP server or IIS server as the front-end for Allegra. If you support other applications that do not run on the same Tomcat server as Allegra, but run over the same Apache HTTP server, you can use Single Sign In without having to install a large SSO solution.

Allegra requires more memory than the default installations of Apache Tomcat provide. On Linux systems, these settings can be changed as follows in the /etc/default/tomcat9 file:

   JAVA_OPTS="-Djava.awt.headless=true -DJENKINS_HOME=/home/jenkins \\
           -DTRACKPLUS_HOME="/home/trackplus" -DLATEX_HOME="/usr/bin" \\
           -XX:PermSize=384M -XX:MaxPermSize=550M -Xms512M -Xmx1624M \\
           -XX:+UseConcMarkSweepGC"

On Windows systems, you can add these parameters in the Tomcat Manager application.

To run Allegra on a Tomcat server behind an Apache web server, you must observe the following configuration points:

  1. Locate your Apache web server configuration file (httpd.conf is the default name). Assume the directory where it is located is APACHE_DIR/conf.

  2. Add the following line to the end of the file:

Include <APACHE_DIR> /conf/track.conf

  1. Make sure that the following modules are loaded somewhere in your Apache web server configuration.

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

  1. Create or modify the file <APACHE_DIR>/conf/track.conf. For basic authentication, it should look like the following:

<Location ~ "/(track|websvn|crm|otherApps)">
    AuthName "Steinbeis GmbH & Co. KG Login"
    AuthType Basic
    AuthUserFile <APACHE_DIR>/conf/.htpasswd
    AuthGroupFile /dev/null
    require valid-user
</location>

ProxyPreserveHost On
ProxyPass /track ajp://localhost:9008/track
ProxyPassReverse /track ajp://localhost:9008/track

In a real environment, you would use something like LDAP authentication or SSPI here,
which would allow you to authenticate via your Windows PC login without any further password prompts.
We're just using basic authentication here because it's easy to set up and allows you to
quickly test your installation.

  1. To create the password file for basic authentication, open a command shell and type:

 htpasswd -c <APACHE_DIR>/conf/.htpasswd firstUserLoginName
 htpasswd <APACHE_DIR>/conf/.htpasswd secondUserLoginName

and so on.

  1. Make sure that you have enabled container-based authentication in Allegra (see LDAP and SSO).

  2. Locate the Tomcat server configuration file server.xml, usually located at <TOMCAT_DIR>/conf. Make sure you have an entry like this:

<!-- Define an AJP 1.3 Connector on port 9008 -->
<Connector port="9008" protocol="AJP/1.3" tomcatAuthentication="false"
                            redirectPort="8443"/>

This should allow Allegra to run with SSO behind an Apache web server.

Attention

This is not a complete description of how to set up a secure production environment. In particular, you should disable the default access port (80 or 8080) in server.xml and use SSL-encrypted connections from your Apache web server to the browsers for the /track location.