I have a configuration problem that has me stumped. I have a couple webapps that run in Tomcat and are connected and accessed through Apache httpd. I previously used Tomcat 7 and Apache 2.2, and I installed Tomcat 9 and Apache 2.4 and loaded my webapps. I read up on the configuration changes, and I thought I adjusted as needed, but for some reason only one of my two apps is accessible. That should rule a lot of things out, since the one works just fine.
I will add below my abbreviated Apache httpd config. I did adjust the Order deny,allow stuff to Require all granted in the conf file. I wonder if it's related to the JkMount directives, but this is how it worked in Apache 2.2. Could it be related to one of the webapps running as ROOT /? I do see some errors in my mod_jk.log such as:
[info] jk_open_socket::jk_connect.c (817): connect to 127.0.0.1:8010 failed (errno=61)
[info] ajp_connect_to_endpoint::jk_ajp_common.c (1068): (worker1) Failed opening socket to (127.0.0.1:8010) (errno=61)
[error] ajp_send_request::jk_ajp_common.c (1728): (worker1) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=61)
[info] ajp_service::jk_ajp_common.c (2778): (worker1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1)
..
[info] ajp_service::jk_ajp_common.c (2778): (worker1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
[error] ajp_service::jk_ajp_common.c (2799): (worker1) connecting to tomcat failed (rc=-3, errors=1, client_errors=0).
[info] jk_handler::mod_jk.c (2995): Service error=-3 for worker=worker1
Any help is greatly appreciated!
Apache 2.4 httpd.conf
Listen 80
LoadModule ssl_module modules/mod_ssl.so
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkShmFile "logs/mod_jk.shm"
JkLogFile "logs/mod_jk.log"
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkMount / worker1
JkMount /* worker1
JkMount /webapp2 worker1
JkMount /webapp2/* worker1
ServerName sub.mydomain.com:80
Include conf/extra/httpd-ssl.conf
Apache 2.4 httpd-ssl.conf
Listen 443
Protocols h2 http/1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:80>
ServerName sub.mydomain.com
Redirect permanent / https://sub.mydomain.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName sub.mydomain.com:443
<Location />
Require all granted
</Location>
<Location /webapp2>
Require all granted
</Location>
SSLEngine on
SSLCertificateFile "C:/ssl/mycert.crt"
SSLCertificateKeyFile "C:/ssl/mykey.key"
SSLCertificateChainFile "C:/ssl/mycabundle.crt"
</VirtualHost>
Apache 2.4 workers.properties
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8010
Tomcat 9 server.xml
<Connector port="8010" URIEncoding="utf-8" protocol="AJP/1.3" redirectPort="8443" />
By the way, this is in Windows.
Ok I finally figured this out. I was looking in the wrong place. I tested a different way and it seemed like the Apache to Tomcat connection was actually working for the second webapp as well. The problem actually occurred in PHP code on another server trying to access a resource in this second webapp (and that is this second webapp's sole purpose). Apparently when I switched from Apache httpd 2.2 to 2.4, the method used in that remote PHP code was no longer able to successfully POST to the webapp resource and retrieve a result. The code hadn't changed at all. That made it look at first like the webapp was inaccessible. When I changed the PHP method used for POST from fsockopen()/fwrite()/fgets()/etc. to file_get_contents(), then it worked. More granular error reporting a more thorough test early on would have helped, but wow what a bugger of a problem. I never would have guessed that would be a problem and I wonder why that didn't work after the change... something else to research or perhaps another question. I don't know how to explain the errors in the mod_jk.log. Perhaps I had something wrong temporarily. But there aren't more errors currently.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With