Contents

Introduction

Imagine you have two web servers on one Ubuntu machine. One of the application uses Apache Tomcat and another – NginX with PHP-FPM. You are going to have both of them secured with SSL certificate. For this purpose you need to bind them to single SSL port – 443. There are several options:

– Allocate each SSL port on dedicated IP
– Put your app behind NginX and use SSL in front of your application

The easiest way to manage such setup is to terminate SSL connection on NginX level.

Prerequisites

Let’s check installation and configuration process on fresh DigitalOcean Ubuntu 16.04 machine. Also I will not cover installation of the WordPress in this article. You should have at least two domains pointed to <your-server-ip>. In my case I will use ‘tomcat-lab.itsyndicate.org‘ and ‘wp-lab.itsyndicate.org‘.

Step 1: Install NginX web server

First you need to log in your server via SSH with the command ssh [email protected]<your-server-ip> and execute the following:

– Upgrade your server and package lists

– Install NginX web server

Step 2: PHP-FPM installation

Step 3: MySQL server installation

Setup root password for MySQL:

Step 4: Install Apache Tomcat

The easiest way to download Tomcat is using apt-get:

When installation process is completed you can check that everything works by accessing http://<your-server-ip>:8080/ . You should see “It Works!” greeting.

Step 5: Configure Apache Tomcat to listen only localhost

For now for security reasons and in order not to duplicate content we should bind Tomcat to 127.0.0.1. Open “/etc/tomcat8/server.xml” with your favorite editor and change:

to:

For more information you could check: http://tomcat.apache.org/tomcat-8.0-doc/config/http.html

When changes are made, restart your Tomcat:

Now we can check that it’s listening on 127.0.0.1 with the following command:

Step 6: Configuring NginX to serve Tomcat and WordPress

I’m using LetsEncrypt for both of my domains as it’s a good solution to secure your app fast and easily.

WordPress site nginx vhost config

I configured vhost ‘/etc/nginx/sites-enabled/wp-lab.itsyndicate.org‘ for WordPress site which is hosted on the same server with Tomcat in the following way:

Java Tomcat application nginx vhost config

I configured vhost ‘/etc/nginx/sites-enabled/tomcat-lab.itsyndicate.org‘ for Tomcat application which is hosted on the same server with WordPress in the following way:

Step 7: Test Tomcat and WordPress are secured and running simultaneously

After our modifications we should check NginX config and restart web server:

Checking WordPress installation:

Checking Tomcat installation:

Conclusion

Setting up Tomcat and WordPress on the same server is a pretty easy job. After reading my post you’ll be able to secure you Java and PHP applications that are hosted on the same server. It takes around 30 minutes to get everything done from scratch. You should also consider that not all topics are cleared here, like Java application deployment and WP secure setup. I hope I have time to create a new post with this info for you.

Comments and critics are more than welcome!

Any comments?