Configuring Apache Tomcat#

If you expose your Allegra installation to the internet, it is usually best to work with an Apache HTTP Server or IIS Server as a frontend for Allegra. If you support other applications that do not run on the same Tomcat server as Allegra, but over the same Apache HTTP Server, you can use Single Sign On without having to install a large SSO solution.

Allegra requires more memory than the standard installations of Apache Tomcat provide. On Linux systems, these settings can be changed in the file /etc/default/tomcat9 as follows:

JAVA_OPTS="-Djava.awt.headless=true -DJENKINS_HOME=/home/jenkins \\
        -DALLEGRA_HOME="/home/trackplus" -DLATEX_HOME="/usr/bin" \\
        -XX:PermSize=384M -XX:MaxPermSize=550M -Xms512M -Xmx1624M \\
        -XX:+UseConcMarkSweepGC"

On Windows systems, you can add these parameters in the Tomcat Manager application.

To operate Allegra on a Tomcat server behind an Apache web server, you need to pay attention to the following configuration points.

  1. Locate your Apache web server’s configuration file (httpd.conf is the standard name). Let’s assume the directory it is located in is APACHE_DIR/conf.

  2. Add the following line at the end of the file:

Include <APACHE_DIR> /conf/track.conf

  1. Make sure the following modules are loaded somewhere in your Apache web server configuration:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

  1. Create or modify the file <APACHE_DIR>/conf/track.conf. For basic authentication, it should look like this:

<Location ~ "/(track|websvn|crm|otherApps)">
    AuthName "Steinbeis GmbH & Co. KG Login"
    AuthType Basic
    AuthUserFile <APACHE_DIR>/conf/.htpasswd
    AuthGroupFile /dev/null
    require valid-user
</Location>

ProxyPreserveHost On
ProxyPass       /track ajp://localhost:9008/track
ProxyPassReverse    /track ajp://localhost:9008/track

In a real environment, you would use something like LDAP authentication or SSPI here,
which would allow authentication via your Windows PC login without further password query.
We are only using basic authentication here because it is easy to set up and allows you
to quickly test your installation.

  1. To create the password file for basic authentication, open a command shell and enter:

 htpasswd -c <APACHE_DIR>/conf/.htpasswd firstUserLoginName
 htpasswd <APACHE_DIR>/conf/.htpasswd secondUserLoginName

and so on.

  1. Make sure you have enabled container-based authentication in Allegra (see LDAP and SSO).

  2. Find the Tomcat server configuration file server.xml, usually under <TOMCAT_DIR>/conf. Make sure you have an entry like this:

<!-- Define an AJP 1.3 Connector on port 9008 -->
<Connector port="9008" protocol="AJP/1.3" tomcatAuthentication="false"
                            redirectPort="8443"/>

This should allow Allegra to run with SSO behind an Apache web server.

Warning

This is not a complete description for setting up a secure production environment. In particular, you should disable the standard access port (80 or 8080) in server.xml and enforce SSL-encrypted connections from your Apache web server to the browsers for the /track location.