Skip to Main Content

Secure APEX Listener using Apache HTTP server and mod_jk on Ubuntu 10.04

I have earlier post Installation of APEX 4.0 - Tomcat - APEX Listener in Ubuntu 10.04. This post we assume you have complete above posts steps. Next we like install Apache HTTP server to serve APEX static files and secure APEX Listener.

First install Apache and mod_jk

sudo aptitude install apache2 libapache2-mod-jk libtcnative-1

Backup Tomcat server.xml and revoke write permission from backup file

sudo cp /etc/tomcat6/server.xml /etc/tomcat6/server.xml.backup_$(date +%Y%m%d)
sudo chmod a-w /etc/tomcat6/server.xml.backup_$(date +%Y%m%d)

Delete existing server.xml

sudo rm /etc/tomcat6/server.xml

Create new server.xml

sudo nano /etc/tomcat6/server.xml

Insert to file

<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">

  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
  <Listener className="org.apache.catalina.core.JasperListener" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

        description="User database that can be updated and saved"
  <Service name="Catalina">
    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" />
      <Host name="localhost" appBase="webapps" />

Note! on this configuration we do not set any HTTP connector for Tomcat. We define only AJP connector that listen and accept connections only from localhost.

Create file for mod_jk

sudo nano /etc/apache2/

Insert to file


Create mod_jk.conf file

sudo nano /etc/apache2/conf.d/mod_jk.conf

Insert to file

JkWorkersFile /etc/apache2/
JkShmFile /var/log/apache2/mod_jk.shm
JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

Edit Apache HTTP server default site

sudo nano /etc/apache2/sites-available/default

Add after ServerAdmin

# Mount APEX listener
JkMount /apex    apex_worker
JkMount /apex/*    apex_worker
# Set Alias /i/ for APEX images , js ...
Alias /i/ /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/apex/images/
<Directory "/usr/lib/oracle/xe/app/oracle/product/10.2.0/server/apex/images/">
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all

Note! We assume you have copy APEX files to 10G XE ORACLE_HOME as mentioned in previous post.

Restart Tomcat

sudo /etc/init.d/tomcat6 restart

Restart Apache HTTP server

sudo /etc/init.d/apache2 restart

Now APEX can be access from


You can tweak your site configuration how you like.

See also Ubuntu Documentation HTTPD - Apache2 Web Server.


No comments yet on this post