I have a configuration problem that has me stumped. I have a couple webapps that run in Tomcat and are connected and accessed through Apache httpd. I previously used Tomcat 7 and Apache 2.2, and I installed Tomcat 9 and Apache 2.4 and loaded my webapps. I read up on the configuration changes, and I thought I adjusted as needed, but for some reason only one of my two apps is accessible. That should rule a lot of things out, since the one works just fine.
我有个配置问题让我很困惑。我有几个在Tomcat中运行的webapps,它们通过Apache httpd连接和访问。我之前使用了Tomcat 7和Apache 2.2,我安装了Tomcat 9和Apache 2.4,并加载了我的webapps。我读了关于配置更改的内容,我认为我根据需要进行了调整,但出于某种原因,我的两个应用中只有一个是可访问的。这就排除了很多因素,因为这个很有效。
I will add below my abbreviated Apache httpd config. I did adjust the Order deny,allow stuff to Require all granted in the conf file. I wonder if it's related to the JkMount directives, but this is how it worked in Apache 2.2. Could it be related to one of the webapps running as ROOT /? I do see some errors in my mod_jk.log such as:
我将在我的缩写Apache httpd配置下面添加。我调整了Order deny,允许东西在conf文件中被授予。我想知道它是否与JkMount指令相关,但这就是它在Apache 2.2中的工作方式。它是否与一个以ROOT /运行的web应用程序有关?我确实在mod_jk中看到了一些错误。日志,如:
[info] jk_open_socket::jk_connect.c (817): connect to 127.0.0.1:8010 failed (errno=61)
[info] ajp_connect_to_endpoint::jk_ajp_common.c (1068): (worker1) Failed opening socket to (127.0.0.1:8010) (errno=61)
[error] ajp_send_request::jk_ajp_common.c (1728): (worker1) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=61)
[info] ajp_service::jk_ajp_common.c (2778): (worker1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1)
..
[info] ajp_service::jk_ajp_common.c (2778): (worker1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
[error] ajp_service::jk_ajp_common.c (2799): (worker1) connecting to tomcat failed (rc=-3, errors=1, client_errors=0).
[info] jk_handler::mod_jk.c (2995): Service error=-3 for worker=worker1
Any help is greatly appreciated!
非常感谢您的帮助!
Apache 2.4 httpd.conf
Apache 2.4 httpd . conf
Listen 80
LoadModule ssl_module modules/mod_ssl.so
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkShmFile "logs/mod_jk.shm"
JkLogFile "logs/mod_jk.log"
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkMount / worker1
JkMount /* worker1
JkMount /webapp2 worker1
JkMount /webapp2/* worker1
ServerName sub.mydomain.com:80
Include conf/extra/httpd-ssl.conf
Apache 2.4 httpd-ssl.conf
Apache 2.4 httpd-ssl.conf
Listen 443
Protocols h2 http/1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:80>
ServerName sub.mydomain.com
Redirect permanent / https://sub.mydomain.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName sub.mydomain.com:443
<Location />
Require all granted
</Location>
<Location /webapp2>
Require all granted
</Location>
SSLEngine on
SSLCertificateFile "C:/ssl/mycert.crt"
SSLCertificateKeyFile "C:/ssl/mykey.key"
SSLCertificateChainFile "C:/ssl/mycabundle.crt"
</VirtualHost>
Apache 2.4 workers.properties
Apache 2.4 workers.properties
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8010
Tomcat 9 server.xml
Tomcat 9 server.xml
<Connector port="8010" URIEncoding="utf-8" protocol="AJP/1.3" redirectPort="8443" />
By the way, this is in Windows.
顺便说一下,这是在Windows中。
2 个解决方案
#1
3
Ok I finally figured this out. I was looking in the wrong place. I tested a different way and it seemed like the Apache to Tomcat connection was actually working for the second webapp as well. The problem actually occurred in PHP code on another server trying to access a resource in this second webapp (and that is this second webapp's sole purpose). Apparently when I switched from Apache httpd 2.2 to 2.4, the method used in that remote PHP code was no longer able to successfully POST to the webapp resource and retrieve a result. The code hadn't changed at all. That made it look at first like the webapp was inaccessible. When I changed the PHP method used for POST from fsockopen()/fwrite()/fgets()/etc. to file_get_contents(), then it worked. More granular error reporting a more thorough test early on would have helped, but wow what a bugger of a problem. I never would have guessed that would be a problem and I wonder why that didn't work after the change... something else to research or perhaps another question. I don't know how to explain the errors in the mod_jk.log. Perhaps I had something wrong temporarily. But there aren't more errors currently.
好吧,我终于算出来了。我看错地方了。我用另一种方式进行了测试,看起来Apache到Tomcat的连接实际上也适用于第二个webapp。问题实际上发生在另一个服务器上试图访问第二个webapp中的资源的PHP代码中(这是第二个webapp的唯一目的)。显然,当我从Apache httpd 2.2切换到2.4时,远程PHP代码中使用的方法不再能够成功地发布到webapp资源并检索结果。代码根本没有改变。这让它看起来像是webapp无法访问。当我改变PHP方法用于POST from fsockopen()/fwrite()/fgets()/等时。到file_get_contents(),它就可以工作了。更细粒度的错误报告更早地进行更彻底的测试将会有所帮助,但是,哇,这是一个多么大的问题。我从来没有想过这会是一个问题,我想知道为什么在改变之后这一切都不奏效……还有其他研究,或者可能是另一个问题。我不知道如何解释mod_jk.log中的错误。也许我一时出了什么事。但是目前还没有更多的错误。
#2
0
If you are in Linux. You should try issuing "setenforce 0". Then to check if it was successfull if you issue "getenforce" you should get "Permissive".
如果你在Linux中。您应该尝试发出“setenforce 0”。然后检查它是否成功,如果你发出“getenforce”,你应该得到“许可”。
I mean All of this in the linux shell. I went this way 2 months ago.
我指的是linux shell中的所有这些。我两个月前就这样走了。
#1
3
Ok I finally figured this out. I was looking in the wrong place. I tested a different way and it seemed like the Apache to Tomcat connection was actually working for the second webapp as well. The problem actually occurred in PHP code on another server trying to access a resource in this second webapp (and that is this second webapp's sole purpose). Apparently when I switched from Apache httpd 2.2 to 2.4, the method used in that remote PHP code was no longer able to successfully POST to the webapp resource and retrieve a result. The code hadn't changed at all. That made it look at first like the webapp was inaccessible. When I changed the PHP method used for POST from fsockopen()/fwrite()/fgets()/etc. to file_get_contents(), then it worked. More granular error reporting a more thorough test early on would have helped, but wow what a bugger of a problem. I never would have guessed that would be a problem and I wonder why that didn't work after the change... something else to research or perhaps another question. I don't know how to explain the errors in the mod_jk.log. Perhaps I had something wrong temporarily. But there aren't more errors currently.
好吧,我终于算出来了。我看错地方了。我用另一种方式进行了测试,看起来Apache到Tomcat的连接实际上也适用于第二个webapp。问题实际上发生在另一个服务器上试图访问第二个webapp中的资源的PHP代码中(这是第二个webapp的唯一目的)。显然,当我从Apache httpd 2.2切换到2.4时,远程PHP代码中使用的方法不再能够成功地发布到webapp资源并检索结果。代码根本没有改变。这让它看起来像是webapp无法访问。当我改变PHP方法用于POST from fsockopen()/fwrite()/fgets()/等时。到file_get_contents(),它就可以工作了。更细粒度的错误报告更早地进行更彻底的测试将会有所帮助,但是,哇,这是一个多么大的问题。我从来没有想过这会是一个问题,我想知道为什么在改变之后这一切都不奏效……还有其他研究,或者可能是另一个问题。我不知道如何解释mod_jk.log中的错误。也许我一时出了什么事。但是目前还没有更多的错误。
#2
0
If you are in Linux. You should try issuing "setenforce 0". Then to check if it was successfull if you issue "getenforce" you should get "Permissive".
如果你在Linux中。您应该尝试发出“setenforce 0”。然后检查它是否成功,如果你发出“getenforce”,你应该得到“许可”。
I mean All of this in the linux shell. I went this way 2 months ago.
我指的是linux shell中的所有这些。我两个月前就这样走了。