Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

mod_jk Tomcat-Apache connector, 1st webapp works, 2nd webapp inaccessible

I have a configuration problem that has me stumped. I have a couple webapps that run in Tomcat and are connected and accessed through Apache httpd. I previously used Tomcat 7 and Apache 2.2, and I installed Tomcat 9 and Apache 2.4 and loaded my webapps. I read up on the configuration changes, and I thought I adjusted as needed, but for some reason only one of my two apps is accessible. That should rule a lot of things out, since the one works just fine.

I will add below my abbreviated Apache httpd config. I did adjust the Order deny,allow stuff to Require all granted in the conf file. I wonder if it's related to the JkMount directives, but this is how it worked in Apache 2.2. Could it be related to one of the webapps running as ROOT /? I do see some errors in my mod_jk.log such as:

[info] jk_open_socket::jk_connect.c (817): connect to 127.0.0.1:8010 failed (errno=61)
[info] ajp_connect_to_endpoint::jk_ajp_common.c (1068): (worker1) Failed opening socket to (127.0.0.1:8010) (errno=61)
[error] ajp_send_request::jk_ajp_common.c (1728): (worker1) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=61)
[info] ajp_service::jk_ajp_common.c (2778): (worker1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1)
..
[info] ajp_service::jk_ajp_common.c (2778): (worker1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
[error] ajp_service::jk_ajp_common.c (2799): (worker1) connecting to tomcat failed (rc=-3, errors=1, client_errors=0).
[info] jk_handler::mod_jk.c (2995): Service error=-3 for worker=worker1

Any help is greatly appreciated!

Apache 2.4 httpd.conf

Listen 80

LoadModule ssl_module modules/mod_ssl.so
LoadModule jk_module modules/mod_jk.so

JkWorkersFile conf/workers.properties
JkShmFile "logs/mod_jk.shm"
JkLogFile "logs/mod_jk.log"
JkLogLevel    info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

JkMount / worker1
JkMount /* worker1

JkMount /webapp2 worker1
JkMount /webapp2/* worker1

ServerName sub.mydomain.com:80

Include conf/extra/httpd-ssl.conf

Apache 2.4 httpd-ssl.conf

Listen 443

Protocols h2 http/1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on 
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:C:/Program Files/Apache Software Foundation/Apache24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost *:80>
   ServerName sub.mydomain.com
   Redirect permanent / https://sub.mydomain.com/
</VirtualHost>

<VirtualHost _default_:443>
    ServerName sub.mydomain.com:443

    <Location />
        Require all granted
    </Location>

    <Location /webapp2>
        Require all granted
    </Location>

    SSLEngine on
    SSLCertificateFile "C:/ssl/mycert.crt"
    SSLCertificateKeyFile "C:/ssl/mykey.key"
    SSLCertificateChainFile "C:/ssl/mycabundle.crt"
</VirtualHost>

Apache 2.4 workers.properties

worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8010

Tomcat 9 server.xml

<Connector port="8010" URIEncoding="utf-8" protocol="AJP/1.3" redirectPort="8443" />

By the way, this is in Windows.

like image 519
Michael K Avatar asked Jun 05 '18 22:06

Michael K


1 Answers

Ok I finally figured this out. I was looking in the wrong place. I tested a different way and it seemed like the Apache to Tomcat connection was actually working for the second webapp as well. The problem actually occurred in PHP code on another server trying to access a resource in this second webapp (and that is this second webapp's sole purpose). Apparently when I switched from Apache httpd 2.2 to 2.4, the method used in that remote PHP code was no longer able to successfully POST to the webapp resource and retrieve a result. The code hadn't changed at all. That made it look at first like the webapp was inaccessible. When I changed the PHP method used for POST from fsockopen()/fwrite()/fgets()/etc. to file_get_contents(), then it worked. More granular error reporting a more thorough test early on would have helped, but wow what a bugger of a problem. I never would have guessed that would be a problem and I wonder why that didn't work after the change... something else to research or perhaps another question. I don't know how to explain the errors in the mod_jk.log. Perhaps I had something wrong temporarily. But there aren't more errors currently.

like image 105
Michael K Avatar answered Nov 18 '22 04:11

Michael K