Tomcat IIS HowTo

By Gal Shachor <shachor@il.ibm.com>

This document explains how to set up IIS to cooperate with Tomcat. Normally IIS can not execute Servlets and Java Server Pages (JSPs), configuring IIS to use the Tomcat redirector plugin will let IIS send servlet and JSP requests to Tomcat (and this way, serve them to clients).

Document Conventions and Assumptions

<tomcat_home> is the root directory of tomcat. Your Tomcat installation should have the following subdirectories:

  1. <tomcat_home>\conf - Where you can place various configuration files
  2. <tomcat_home>\webapps - Containing example applications
  3. <tomcat_home>\bin - Where you place web server plugins

In all the examples in this document <tomcat_home> will be d:\tomcat.

A worker is defined to be a tomcat process that accepts work from the IIS server.

Supported Configuration

The IIS-Tomcat redirector was developed and tested on:

  1. WinNT4.0-i386 SP4/SP5/SP6a (it should be able to work on other versions of the NT service pack.)
  2. IIS4.0 and PWS4.0
  3. Tomcat3.0 - Tomcat3.1beta

The redirector uses ajp12 to send requests to the Tomcat containers. There is also an option to use Tomcat in process, more about the in-process mode can be found in the in process howto.

Installation

The IIS redirector is not part of the "official" build of Jakarta, You can obtain the code and binaries needed for it by accessing http://jakarta.apache.org/builds/tomcat/release/v3.1_beta_1/bin/win32/i386/. The redirector related file is isapi_redirect.dll.

The Tomcat redirector requires three entities:

  1. isapi_redirect.dll - The IIS server plugin, either obtain a pre-built DLL or build it yourself (see the build section).
  2. workers.properties - A file that describes the host(s) and port(s) used by the workers (Tomcat processes). A sample workers.properties can be found under tomcat/conf.
  3. uriworkermap.properties - A file that maps URL-Path patterns to workers. A sample uriworkermap.properties can be found in the CVS under tomcat/conf.

The installation includes the following parts:

  1. Configuring the ISAPI redirector with a default /examples context and checking that you can serve servlets with IIS.
  2. Adding more contexts to the configuration.

Configuring the ISAPI Redirector

In this document I will assume that isapi_redirect.dll is placed in d:\tomcat\bin\iis\i386\isapi_redirect.dll and that you created the properties files are in d:\tomcat\conf.

  1. In the registry, create a new registry key named
    "HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Jakarta Isapi Redirector\1.0"
  2. Add a string value with the name extension_uri and a value of /jakarta/isapi_redirect.dll
  3. Add a string value with the name log_file and a value pointing to where you want your log file to be (for example d:\tomcat\isapi.log)
  4. Add a string value with the name log_level and a value for your log level (can be debug, inform, error or emerg).
  5. Add a string value with the name worker_file and a value of D:\tomcat\conf\workers.properties (you can copy this file from the CVS)
  6. Add a string value with the name worker_mount_fileand a value of D:\tomcat\conf\uriworkermap.properties (you can copy this file from the CVS)
  7. Using the IIS management console, add a new virtual directory to your IIS/PWS web site. The name of the virtual directory must be jakarta, its physical path should be the directory where you placed isapi_redirect.dll (in our example it is d:\tomcat\bin\iis\i386). While creating this new virtual directory assign it with execute access.
  8. Using the IIS management console, add isapi_redirect.dll as a filter in your IIS/PWS web site. The name of the filter should reflect its task (I use the name jakarta), its executable must be our d:\tomcat\bin\iis\i386\isapi_redirect.dll. For PWS, you'll need to use regedit and add/edit the "Filter DLLs" key under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W3SVC\Parameters. This key contains a "," separated list of dlls ( full paths ) - you need to insert the full path to isapi_redirect.dll.
  9. Restart IIS (stop + start the IIS admin server), make sure that the jakarta filter is marked with a green up-pointing arrow.
    (costin)Under Win98 you may need to cd WINDOWS\SYSTEM\inetsrv and type PWS /stop ( the DLL and log files are locked - even if you click the stop button, PWS will still keep the DLLs in memory. ). Type pws to start it again.

That's all, you should now start tomcat and ask IIS to serve you the /examples context.

Adding additional Contexts

The examples context is useful for verifying your installation, but you will also need to add your own contexts. Adding a new context requires two operations:

  1. Adding the context to Tomcat (I am not going to talk about this).
  2. Adding the context to the ISAPI redirector.

Adding a context to the ISAPI redirector is simple, all you need to do is to edit your uriworkermap.properties and to add a line that looks like:

/context/*=worker_name

Workers and their name are defined in workers.properties, by default workers.properties comes with a single pre-configured worker named "ajp12" so you can use it. As an example, if you want to add a context named "shop", the line that you should add to uriworkermap.properties will be:

/shop/*=ajp12

After saving uriworkermap.properties restart IIS and it will serve the new context.

Building the redirector

The redirector was developed using Visual C++ Ver.6.0, so having this environment is a prereq if you want to perform a custom build.

The steps that you need to take are:

  1. Change directory to the isapi plugins source directory.
  2. Execute the following command:
    MSDEV isapi.dsp /MAKE ALL
    If msdev is not in your path, enter the full path to msdev.exe

This will build both release and debug versions of the redirector plugin.

An alternative will be to open the isapi workspace file (isapi.dsw) in msdev and build it using the build menu.

How does it work?

  1. The IIS-Tomcat redirector is an IIS plugin (filter + extension), IIS load the redirector plugin and calls its filter function for each in-coming request.
  2. The filter then tests the request URL against a list of URI-paths held inside uriworkermap.properties, If the current request matches one of the entries in the list of URI-paths, the filter transfer the request to the extension.
  3. The extension collects the request parameters and forwards them to the appropriate worker using the ajp12 protocol.
  4. The extension collects the response from the worker and returns it to the browser.

Advanced Context Configuration

Sometimes it is better to have IIS serve the static pages (html, gif, jpeg etc.) even if these files are part of a context served by Tomcat. For example, consider the html and gif files in the examples context, there is no need to serve them from the Tomcat process, IIS will suffice.

Making IIS serve static files that are part of the Tomcat contexts requires the following:

  1. Configuring IIS to know about the Tomcat contexts
  2. Configuring the redirector to leave the static files for IIS

Adding a Tomcat context to IIS requires the addition of a new IIS virtual directory that covers the Tomcat context. For example adding a /example IIS virtual directory that covers the d:\tomkat\webapps\examples directory.

Configuring the redirector is somewhat harder, you will need to specify the exact URL-Path pattern(s) that you want Tomcat to handle (usually only JSP files and servlets). This requires a change to the uriworkermap.properties. For the examples context it requires to replace the following line:

/examples/*=ajp12

with the following two lines:

/examples/*.jsp=ajp12
/examples/servlet/*=ajp12

As you can see the second configuration is more explicit, it actually instruct the redirector to redirect only requests to resources under /examples/servlet/ and resources under /examples/ whose name ends with .jsp. You can even be more explicit and provide lines such as:

/example/servletname=ajp12

that instructs the redirector to redirect request whose URL-Path equals /example/servletname to the worker named ajp12.

Protecting the WEB-INF Directory

Each servlet application (context) has a special directory named WEB-INF, this directory contains sensitive configurations data and Java classes and must be kept hidden from web users. Using the IIS management console it is possible to protect the WEB-INF directory from user access, this however requires the administrator to remember that. To avoid this need the redirector plugin automatically protects your WEB-INF directories by rejecting any request that contains WEB-INF in its URL-Path.

Advanced Worker Configuration

Sometimes you want to serve different contexts with different Tomcat processes (for example to spread the load among different machines). To achieve such goal you will need to define several workers and assign each context with its own worker.

Defining workers is done in workers.properties, this file includes two types of entries:

  1. An entry that lists all the workers defined. For example:
    worker.list=ajp12, ajp12second
  2. Entries that define the host and port associated with these workers. For example:
    worker.ajp12.host=localhost
    worker.ajp12.port=8007
    worker.ajp12second.host=otherhost
    worker.ajp12second.port=8007

The above examples defined two workers, now we can use these workers to serve two different contexts each with its own worker. For example look at the following uriworkermap.properties fragment:

/examples/*=ajp12
/webpages/*=ajp12second

As you can see the examples context is served by ajp12 while the webpages context is served by ajp12second.

Feedback

Please send feedback, bug report or any additional information to tomcat-user@jakarta.apache.org