Tomcat is missing mod_security and a few other useful features. That is not a problem because httpd eg apache2 has all the missing features and these 2 are designed to work together. What creates problems is getting JK connector to work to display Java pages via apache.
For testing was set up default apache2 and tomcat6 on ubuntu server. Goal was to see tomcat example pages from port 80 when tomcat itself was running on 8080 port.
mod_jk needs configuration of workers.properties, apache conf and tomcat conf. Logs related to errors to why requests are not reaching tomcat are hard to find. One clear error from mod_jk logs was.
[Fri Dec 24 13:51:34.147 2010] [1707:2633885456] [debug] jk_translate::mod_jk.c (3419): missing uri map for localhost:/examples/
Actually biggest problem was that mod_jk is obsolete. It can be made to work but these days mpd_proxy_ajp is used instead. Setting it up just works and can be done in a few minutes.
Confgure tomcat, edit edit /var/lib/tomcat6/conf/server.xml and uncomment this line
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Configure apache enable mod_proxy_ajp
sudo a2enmod proxy_ajp
edit /etc/apache2/sites-available/default and add following to virtual host definition
ProxyPass /examples/ ajp://127.0.0.1:8009/examples/ ProxyPassReverse /examples/ ajp://127.0.0.1:8009/examples/
Restart both servers
sudo service apache2 restart sudo service tomcat6 restart
Now both links should display same content
If you happen to see Forbidden errorpage then proxy-ing is denied. Edit
and change Deny to Allow
<Proxy *> AddDefaultCharset off Order deny,allow Allow from all </Proxy>
After getting proxy between apache and tomcat running its possible to start configuring security of tomcat in more finegrained level and performance regarding static pages etc is also improved.