You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by groupalias v <gr...@gmail.com> on 2009/12/01 15:39:03 UTC
Debugging tomcat<->apache(mod_jk) bridge
Hi,
I am trying to set up mod_jk to forward requests to the webapp in
tomcat. The webapp itself works when accessed directly. But I get a
400 error in mod_jk when I try to access it (even the index.jsp)
through apache.
I see the error 400 in mod_jk.log but see nothing in tomcat logs. Its
as if the request from mod_jk is not even sent to tomcat. I am sure I
can confirm this with tcpdump. The port 8009 is open when I do an nmap
scan.
Are there tools to debug this? More specifically is there a sanity
checking tool to check errors in my apache configuration and
workers.properties?
Also do I have to do anything special in Tomcat6 to enable JK? It
looks I don't have to. AJP is enabled in server.xml.
Any help is greatly appreciated. Its driving me nuts :)
Here are my configuration files just in case --
I am on suse 11 running apache 2.2 and tomcat6.
httpd.conf
-------------
LoadModule jk_module modules/mod_jk.so
<IfModule jk_module>
Alias /test/ "/srv/tomcat6/webapps/A"
JkWorkersFile /usr/local/apache2/conf/workers.properties
JkShmFile /usr/local/apache2/logs/mod_jk.shm
JkLogFile /usr/local/apache2/logs/mod_jk.log
JkLogLevel debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JKMount /test/ A
JkMount /test/* A
JkOptions +ForwardSSLCertChain
</IfModule>
workers.properties file
-----------------------------
#Define 1 real worker using ajp13
worker.list=A
#Set properties for worker1 (ajp13)
worker.A.type=ajp13
worker.A.host=localhost
worker.A.port=8009
worker.A.lbfactor=50
worker.A.cachesize=10
worker.A.cache_timeout=600
worker.A.socket_keepalive=1
worker.A.socket_timeout=300
Thanks,
- Vas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by groupalias v <gr...@gmail.com>.
I too saw that mod_jk thinks it is talking to tomcat. But I do not see
any logs in tomcat to indicate that.
Also with the same parameters mod_proxy_ajp is able to fetch my page.
Could be some nasty machine specific thing.
On Fri, Dec 4, 2009 at 12:45 AM, Rainer Jung <ra...@kippdata.de> wrote:
> On 04.12.2009 09:31, groupalias v wrote:
>>
>> Also as I promised here is the mod_jk.log after running it in debug
>> mode ( please note that I am not looking for an answer but would still
>> be looking to figure out what's happening with mod_jk) --
>
> Skipping init messages ...
>
>> [Tue Dec 01 14:13:01 2009] [7270:3083376384] [debug]
>> jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> map_uri_to_worker_ext::jk_uri_worker_map.c (1036): Attempting to map
>> URI '/test/index.jsp' from 1 maps
>
> That's the request ...
>
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> find_match::jk_uri_worker_map.c (850): Attempting to map context URI
>> '/test/*=A' source 'JkMount'
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> find_match::jk_uri_worker_map.c (863): Found a wildchar match
>> '/test/*=A'
>
> We know we have to send it via "A" ...
>
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> jk_handler::mod_jk.c (2459): Into handler jakarta-servlet worker=A
>> r->proxyreq=0
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> wc_get_worker_for_name::jk_worker.c (116): found a worker A
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>
> OK, there is a worker named "A" ...
>
>> wc_maintain::jk_worker.c (339): Maintaining worker A
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_maintain::jk_ajp_common.c (3081): reached pool min size 5 from 10
>> cache slots
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> wc_get_name_for_type::jk_worker.c (293): Found worker type 'ajp13'
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> init_ws_service::mod_jk.c (977): Service protocol=HTTP/1.1 method=GET
>> ssl=false host=(null) addr=X.X.X.X name=www.example.com port=80
>> auth=(null) user=(null) laddr=192.168.2.2 raddr=X.X.X.X
>> uri=/test/index.jsp
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_get_endpoint::jk_ajp_common.c (2977): acquired connection pool
>> slot=0 after 0 retries
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_marshal_into_msgb::jk_ajp_common.c (605): ajp marshaling done
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_service::jk_ajp_common.c (2283): processing A with 2 retries
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_send_request::jk_ajp_common.c (1501): (A) all endpoints are
>> disconnected.
>
> We need to connect to "A" ..
>
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> jk_open_socket::jk_connect.c (452): socket TCP_NODELAY set to On
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> jk_open_socket::jk_connect.c (489): socket SO_KEEPALIVE set to On
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> jk_open_socket::jk_connect.c (541): timeout 300 set for socket=17
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> jk_open_socket::jk_connect.c (576): trying to connect socket 17 to
>> 127.0.0.1:8009
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> jk_open_socket::jk_connect.c (602): socket 17 connected to
>> 127.0.0.1:8009
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_connect_to_endpoint::jk_ajp_common.c (931): Connected socket 17 to
>> (127.0.0.1:8009)
>
> Connected to "A" as 127.0.0.1 on port 8009 ...
>
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_connection_tcp_send_message::jk_ajp_common.c (1070): sending to
>> ajp13 pos=4 len=450 max=8192
>
> I'm missing the request data here? Did you remove it?
>
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_send_request::jk_ajp_common.c (1560): (A) request body to send 0 -
>> request body to resend 0
>
> OK, we send the request.
>
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_connection_tcp_get_message::jk_ajp_common.c (1259): received from
>> ajp13 pos=0 len=19 max=8192
>
> We got 19 Bytes of response ...
>
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 0000 04 01
>> 90 00 0B 42 61 64 20 52 65 71 75 65 73 74 - .....Bad.Request
>
> And the response says status = 0x0190 = 400 with status message "Bad
> Request". So whoever or whatever produced this result claims that what it
> received was a bad request. So maybe the request has inconsistent headers
> like using content-length together with chunked encoding or similar.
>
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 0010 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_unmarshal_response::jk_ajp_common.c (660): status = 400
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_unmarshal_response::jk_ajp_common.c (667): Number of headers is =
>> 0
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_connection_tcp_get_message::jk_ajp_common.c (1259): received from
>> ajp13 pos=0 len=2 max=8192
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 0000 05 01
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_process_callback::jk_ajp_common.c (1846): AJP13 protocol: Reuse is
>> OK
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_reset_endpoint::jk_ajp_common.c (743): (A) resetting endpoint with
>> sd = 17
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> ajp_done::jk_ajp_common.c (2905): recycling connection pool slot=0 for
>> worker A
>> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
>> jk_handler::mod_jk.c (2599): Service finished with status=400 for
>> worker=A
>
> That's correct from the point of view of mod_jk. That's what the backend
> responded.
>
> Regards,
>
> Rainer
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by Rainer Jung <ra...@kippdata.de>.
On 04.12.2009 09:31, groupalias v wrote:
> Also as I promised here is the mod_jk.log after running it in debug
> mode ( please note that I am not looking for an answer but would still
> be looking to figure out what's happening with mod_jk) --
Skipping init messages ...
> [Tue Dec 01 14:13:01 2009] [7270:3083376384] [debug]
> jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> map_uri_to_worker_ext::jk_uri_worker_map.c (1036): Attempting to map
> URI '/test/index.jsp' from 1 maps
That's the request ...
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> find_match::jk_uri_worker_map.c (850): Attempting to map context URI
> '/test/*=A' source 'JkMount'
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> find_match::jk_uri_worker_map.c (863): Found a wildchar match
> '/test/*=A'
We know we have to send it via "A" ...
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> jk_handler::mod_jk.c (2459): Into handler jakarta-servlet worker=A
> r->proxyreq=0
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> wc_get_worker_for_name::jk_worker.c (116): found a worker A
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
OK, there is a worker named "A" ...
> wc_maintain::jk_worker.c (339): Maintaining worker A
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_maintain::jk_ajp_common.c (3081): reached pool min size 5 from 10
> cache slots
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> wc_get_name_for_type::jk_worker.c (293): Found worker type 'ajp13'
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> init_ws_service::mod_jk.c (977): Service protocol=HTTP/1.1 method=GET
> ssl=false host=(null) addr=X.X.X.X name=www.example.com port=80
> auth=(null) user=(null) laddr=192.168.2.2 raddr=X.X.X.X
> uri=/test/index.jsp
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_get_endpoint::jk_ajp_common.c (2977): acquired connection pool
> slot=0 after 0 retries
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_marshal_into_msgb::jk_ajp_common.c (605): ajp marshaling done
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_service::jk_ajp_common.c (2283): processing A with 2 retries
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_send_request::jk_ajp_common.c (1501): (A) all endpoints are
> disconnected.
We need to connect to "A" ..
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> jk_open_socket::jk_connect.c (452): socket TCP_NODELAY set to On
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> jk_open_socket::jk_connect.c (489): socket SO_KEEPALIVE set to On
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> jk_open_socket::jk_connect.c (541): timeout 300 set for socket=17
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> jk_open_socket::jk_connect.c (576): trying to connect socket 17 to
> 127.0.0.1:8009
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> jk_open_socket::jk_connect.c (602): socket 17 connected to
> 127.0.0.1:8009
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_connect_to_endpoint::jk_ajp_common.c (931): Connected socket 17 to
> (127.0.0.1:8009)
Connected to "A" as 127.0.0.1 on port 8009 ...
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_connection_tcp_send_message::jk_ajp_common.c (1070): sending to
> ajp13 pos=4 len=450 max=8192
I'm missing the request data here? Did you remove it?
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_send_request::jk_ajp_common.c (1560): (A) request body to send 0 -
> request body to resend 0
OK, we send the request.
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_connection_tcp_get_message::jk_ajp_common.c (1259): received from
> ajp13 pos=0 len=19 max=8192
We got 19 Bytes of response ...
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 0000 04 01
> 90 00 0B 42 61 64 20 52 65 71 75 65 73 74 - .....Bad.Request
And the response says status = 0x0190 = 400 with status message "Bad
Request". So whoever or whatever produced this result claims that what
it received was a bad request. So maybe the request has inconsistent
headers like using content-length together with chunked encoding or similar.
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 0010 00 00
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_unmarshal_response::jk_ajp_common.c (660): status = 400
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_unmarshal_response::jk_ajp_common.c (667): Number of headers is =
> 0
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_connection_tcp_get_message::jk_ajp_common.c (1259): received from
> ajp13 pos=0 len=2 max=8192
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 0000 05 01
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_process_callback::jk_ajp_common.c (1846): AJP13 protocol: Reuse is
> OK
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_reset_endpoint::jk_ajp_common.c (743): (A) resetting endpoint with
> sd = 17
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> ajp_done::jk_ajp_common.c (2905): recycling connection pool slot=0 for
> worker A
> [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
> jk_handler::mod_jk.c (2599): Service finished with status=400 for
> worker=A
That's correct from the point of view of mod_jk. That's what the backend
responded.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by groupalias v <gr...@gmail.com>.
I got busy at work and could not get back with information.
Chris, The inconsistencies you have pointed out are my mistake in the
email trying to clean up the URLs to shorten the strings and to remove
machine specific identifying information. The config files are
consistent and I still get the error.
André, Thanks for the detailed information.
I did not try the SetHandler way of configration and gave up on using
mod_jk. I recompiled apache to include the mod_proxy_ajp and got
tomcat to respond to the URL request right away in the first try.
Then again I have different kinds of problems with this. I could not
find any detailed information and so I do not know if I am doing any
mistakes. I am worried that I might be serving up files I am not
supposed.
Do you have any pointers/URLs that gives more information on mod_proxy_ajp?
Also as I promised here is the mod_jk.log after running it in debug
mode ( please note that I am not looking for an answer but would still
be looking to figure out what's happening with mod_jk) --
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
uri_worker_map_dump::jk_uri_worker_map.c (176): generation 1: size=1
nosize=0 capacity=4
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
uri_worker_map_dump::jk_uri_worker_map.c (186): NEXT (1) map #0:
uri=/test/* worker=A context=/test/* source=JkMount type=Wildchar
len=11
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_set_time_fmt::jk_util.c (458): Pre-processed log time stamp format
is '[%a %b %d %H:%M:%S %Y] '
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] init_jk::mod_jk.c
(3123): Setting default connection pool max size to 1
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_read_property::jk_map.c (491): Adding property
'workers.tomcat_home' with value '/usr/share/tomcat6' to map.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_read_property::jk_map.c (491): Adding property
'workers.java.home' with value '/usr/lib/jvm/java' to map.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_read_property::jk_map.c (491): Adding property 'worker.list'
with value 'status, A' to map.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_read_property::jk_map.c (491): Adding property 'worker.A.type'
with value 'ajp13' to map.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_read_property::jk_map.c (491): Adding property 'worker.A.host'
with value 'localhost' to map.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_read_property::jk_map.c (491): Adding property 'worker.A.port'
with value '8009' to map.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_read_property::jk_map.c (491): Adding property
'worker.A.lbfactor' with value '50' to map.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [warn]
jk_map_validate_property::jk_map.c (411): The attribute
'worker.A.cachesize' is deprecated - please check the documentation
for the correct replacement.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_read_property::jk_map.c (491): Adding property
'worker.A.cachesize' with value '10' to map.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [warn]
jk_map_validate_property::jk_map.c (411): The attribute
'worker.A.cache_timeout' is deprecated - please check the
documentation for the correct replacement.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_read_property::jk_map.c (491): Adding property
'worker.A.cache_timeout' with value '600' to map.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_read_property::jk_map.c (491): Adding property
'worker.A.socket_keepalive' with value '1' to map.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_read_property::jk_map.c (491): Adding property
'worker.A.socket_timeout' with value '300' to map.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_read_property::jk_map.c (491): Adding property
'worker.status.type' with value 'status' to map.
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_resolve_references::jk_map.c (774): Checking for references
with prefix worker. with wildcard (recursion 1)
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_shm_calculate_size::jk_shm.c (132): shared memory will contain 1
ajp workers of size 256 and 0 lb workers of size 320 with 0 members of
size 320+256
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
do_shm_open::jk_shm.c (493): Truncated shared memory to 384
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
do_shm_open::jk_shm.c (538): Initialized shared memory
/usr/local/apache2/logs/mod_jk.shm.1680 size=384 free=256
addr=0xb8060000
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
do_shm_open_lock::jk_shm.c (412): Opened shared memory lock
/usr/local/apache2/logs/mod_jk.shm.1680.lock
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'ServerRoot' ->
'/usr/local/apache2'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'workers.tomcat_home' ->
'/usr/share/tomcat6'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'workers.java.home' ->
'/usr/lib/jvm/java'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'worker.list' -> 'status, A'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'worker.A.type' -> 'ajp13'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'worker.A.host' ->
'localhost'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'worker.A.port' -> '8009'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'worker.A.lbfactor' -> '50'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'worker.A.cachesize' -> '10'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'worker.A.cache_timeout' ->
'600'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'worker.A.socket_keepalive'
-> '1'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'worker.A.socket_timeout' ->
'300'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
jk_map_dump::jk_map.c (589): Dump of map: 'worker.status.type' ->
'status'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
build_worker_map::jk_worker.c (242): creating worker status
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
wc_create_worker::jk_worker.c (146): about to create instance status
of status
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
wc_create_worker::jk_worker.c (159): about to validate and init status
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] init::jk_status.c
(5021): Status worker 'status' is read/write and has css '(null)',
prefix 'worker', name space 'jk:', xml name space
'xmlns:jk="http://tomcat.apache.org"', document type '(null)'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] init::jk_status.c
(5072): Status worker 'status' has good rating for '0000000f' and bad
rating for '00ff1010'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
build_worker_map::jk_worker.c (242): creating worker A
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
wc_create_worker::jk_worker.c (146): about to create instance A of
ajp13
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
wc_create_worker::jk_worker.c (159): about to validate and init A
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_validate::jk_ajp_common.c (2512): worker A contact is
'localhost:8009'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2699): setting endpoint options:
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2702): keepalive: 1
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2706): socket timeout: 300
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2710): socket connect timeout: 300000
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2714): buffer size: 0
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2718): pool timeout: 600
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2722): ping timeout: 10000
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2726): connect timeout: 0
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2730): reply timeout: 0
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2734): prepost timeout: 0
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2738): recovery options: 0
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2742): retries: 2
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2746): max packet size: 8192
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_init::jk_ajp_common.c (2750): retry interval: 100
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
ajp_create_endpoint_cache::jk_ajp_common.c (2562): setting connection
pool size to 10 with min 5 and acquire timeout 200
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [info] init_jk::mod_jk.c
(3183): mod_jk/1.2.28 initialized
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
wc_get_worker_for_name::jk_worker.c (116): found a worker A
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
wc_get_name_for_type::jk_worker.c (293): Found worker type 'ajp13'
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
uri_worker_map_ext::jk_uri_worker_map.c (512): Checking extension for
worker 0: A of type ajp13 (2)
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
uri_worker_map_dump::jk_uri_worker_map.c (171): uri map dump after
extension stripping: index=0 file='(null)' reject_unsafe=0 reload=60
modified=0 checked=0
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
uri_worker_map_dump::jk_uri_worker_map.c (176): generation 0: size=0
nosize=0 capacity=0
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
uri_worker_map_dump::jk_uri_worker_map.c (176): generation 1: size=1
nosize=0 capacity=4
[Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug]
uri_worker_map_dump::jk_uri_worker_map.c (186): NEXT (1) map #0:
uri=/test/* worker=A context=/test/* source=JkMount type=Wildchar
len=11
[Tue Dec 01 14:13:01 2009] [7270:3083376384] [debug]
jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
map_uri_to_worker_ext::jk_uri_worker_map.c (1036): Attempting to map
URI '/test/index.jsp' from 1 maps
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
find_match::jk_uri_worker_map.c (850): Attempting to map context URI
'/test/*=A' source 'JkMount'
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
find_match::jk_uri_worker_map.c (863): Found a wildchar match
'/test/*=A'
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
jk_handler::mod_jk.c (2459): Into handler jakarta-servlet worker=A
r->proxyreq=0
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
wc_get_worker_for_name::jk_worker.c (116): found a worker A
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
wc_maintain::jk_worker.c (339): Maintaining worker A
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_maintain::jk_ajp_common.c (3081): reached pool min size 5 from 10
cache slots
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
wc_get_name_for_type::jk_worker.c (293): Found worker type 'ajp13'
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
init_ws_service::mod_jk.c (977): Service protocol=HTTP/1.1 method=GET
ssl=false host=(null) addr=X.X.X.X name=www.example.com port=80
auth=(null) user=(null) laddr=192.168.2.2 raddr=X.X.X.X
uri=/test/index.jsp
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_get_endpoint::jk_ajp_common.c (2977): acquired connection pool
slot=0 after 0 retries
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_marshal_into_msgb::jk_ajp_common.c (605): ajp marshaling done
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_service::jk_ajp_common.c (2283): processing A with 2 retries
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_send_request::jk_ajp_common.c (1501): (A) all endpoints are
disconnected.
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
jk_open_socket::jk_connect.c (452): socket TCP_NODELAY set to On
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
jk_open_socket::jk_connect.c (489): socket SO_KEEPALIVE set to On
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
jk_open_socket::jk_connect.c (541): timeout 300 set for socket=17
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
jk_open_socket::jk_connect.c (576): trying to connect socket 17 to
127.0.0.1:8009
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
jk_open_socket::jk_connect.c (602): socket 17 connected to
127.0.0.1:8009
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_connect_to_endpoint::jk_ajp_common.c (931): Connected socket 17 to
(127.0.0.1:8009)
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_connection_tcp_send_message::jk_ajp_common.c (1070): sending to
ajp13 pos=4 len=450 max=8192
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_send_request::jk_ajp_common.c (1560): (A) request body to send 0 -
request body to resend 0
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_connection_tcp_get_message::jk_ajp_common.c (1259): received from
ajp13 pos=0 len=19 max=8192
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 0000 04 01
90 00 0B 42 61 64 20 52 65 71 75 65 73 74 - .....Bad.Request
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 0010 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_unmarshal_response::jk_ajp_common.c (660): status = 400
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_unmarshal_response::jk_ajp_common.c (667): Number of headers is =
0
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_connection_tcp_get_message::jk_ajp_common.c (1259): received from
ajp13 pos=0 len=2 max=8192
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 0000 05 01
00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_process_callback::jk_ajp_common.c (1846): AJP13 protocol: Reuse is
OK
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_reset_endpoint::jk_ajp_common.c (743): (A) resetting endpoint with
sd = 17
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
ajp_done::jk_ajp_common.c (2905): recycling connection pool slot=0 for
worker A
[Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug]
jk_handler::mod_jk.c (2599): Service finished with status=400 for
worker=A
On Wed, Dec 2, 2009 at 2:13 PM, André Warnier <aw...@ice-sa.com> wrote:
> groupalias v wrote:
>>
>> In response to Chris' question - I have only one tomcat instance
>> running and it picks up the webapps in /srv/tomcat6/webapps/
>> and the URL www.example.com:8080/test/index.jsp works fine. I tried
>> with the mod_jk.c and jk_module with the same result.
>>
>> In response to André's question this is the first time I am hearing
>> about the SetHandler construct. Is there documentation somewhere I
>> can read?
>
> Look at the bottom of this page.
> http://tomcat.apache.org/connectors-doc/reference/apache.html
>
> (Off-topic note : this page seems quite hard to find, starting from the top
> documentation page for Tomcat 6.0 at
> http://tomcat.apache.org/tomcat-6.0-doc/index.html
> Is this a mistake or intentional ?)
>
>
>> The issue about security is something I am concerned too and thought
>> its too error prone.
>>
>> What is the workers.tomcat_home directive in workers.properties used for?
>>
> Chris answered that. Remove it. There are a couple more like that, if you
> copied an older workers.properties into a newer Tomcat config.
>
>> If the communication is over the 8009 port why does apache care about
>> one of tomcat's directories?
>>
> I will be a bit more nuanced (and considerably longer) than Chris here.
>
> The Connector port has nothing to do with it.
> Basically, Apache does not know anything about Tomcat at all, ever.
> The only thing Apache knows, is that for each request URL, there is a
> "response generator" (also called a handler).
>
> Apache itself normally generates a response using its own default handler.
> That handler resolves the URL location, generally, to a file on disk, and
> returns the content of that file as the response to the request. (I am
> simplifying a bit, but it is the general idea).
>
> Except, if something in the configuration tells it that for some specific
> URL, there is another handler to use for generating the response.
> JkMount is such a configuration directive.
> It tells Apache that for some URLs, it should use another response generator
> called mod_jk.
> (The same is achieved by the "SetHandler jakarta-servlet" directive.)
>
> So for such URLs, Apache does not generate the response itself, but passes
> the request to mod_jk, and expects mod_jk to produce the response. When the
> response comes from mod_jk, Apache merely copies it back to the browser.
> Apache has no idea that mod_jk, to produce the response, is using one or
> more Tomcats in the background. Apache also does not know that mod_jk
> communicates with Tomcat via port 8009 (or any other port).
> If instead of talking to a Tomcat via port 8009, mod_jk was talking to you
> by telephone, and you were writing the response, Apache would not see the
> difference.
>
> But what Apache knows about, is any filesystem location you tell it to look
> into, to find files to return as response for some URLs.
> By using the directive
> Alias /test/ /srv/tomcat6/webapps/A
> you are telling Apache "hey, if the request URL is /test/abc.html, then go
> look for a file /srv/tomcat6/webapps/A/abc.html".
> Apache has no idea that this directory is also part of the "Tomcat space",
> and it could not care less. If it looks there, and finds a file "abc.html",
> it will just copy its content to the browser, without ever asking mod_jk or
> Tomcat anything. In other words, it completely ignores mod_jk and Tomcat,
> and serves the file directly from the filesystem.
>
> That is why this Alias is dangerous.
> That is also why it is extremely dangerous to do as quite a few people seem
> to do, to set the Apache DocumentRoot to the "webapps" directory of Tomcat,
> thinking "hey, I'll serve the static content directly with Apache". (That
> may be an appropriate thing to do sometimes, but not in this way).
>
> According to Chris, the later JkMount's in your config will take precedence
> over that Alias, and thus "override" (or "cancel") it. But it is not quite
> clear yet that they always do, and there is no documentation that I know of,
> that confirms this.
> Let me give you a partial counter-example :
>
> If you had
> Alias /test/ /srv/tomcat6/webapps/A
>
> and then you also had
> JkMount /test/*.jsp A
>
> then indeed, for any request URL starting with "/test/" and ending in
> ".jsp", the JkMount would take precedence over the Alias, and that request
> will be served by mod_jk (and thus really by Tomcat).
> But for a request URL like "/test/secret-data.conf" the above JkMount would
> not take precedence over the Alias, and Apache would serve that file
> directly from disk.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by André Warnier <aw...@ice-sa.com>.
groupalias v wrote:
> In response to Chris' question - I have only one tomcat instance
> running and it picks up the webapps in /srv/tomcat6/webapps/
> and the URL www.example.com:8080/test/index.jsp works fine. I tried
> with the mod_jk.c and jk_module with the same result.
>
> In response to André's question this is the first time I am hearing
> about the SetHandler construct. Is there documentation somewhere I
> can read?
Look at the bottom of this page.
http://tomcat.apache.org/connectors-doc/reference/apache.html
(Off-topic note : this page seems quite hard to find, starting from the
top documentation page for Tomcat 6.0 at
http://tomcat.apache.org/tomcat-6.0-doc/index.html
Is this a mistake or intentional ?)
> The issue about security is something I am concerned too and thought
> its too error prone.
>
> What is the workers.tomcat_home directive in workers.properties used for?
>
Chris answered that. Remove it. There are a couple more like that, if
you copied an older workers.properties into a newer Tomcat config.
> If the communication is over the 8009 port why does apache care about
> one of tomcat's directories?
>
I will be a bit more nuanced (and considerably longer) than Chris here.
The Connector port has nothing to do with it.
Basically, Apache does not know anything about Tomcat at all, ever.
The only thing Apache knows, is that for each request URL, there is a
"response generator" (also called a handler).
Apache itself normally generates a response using its own default
handler. That handler resolves the URL location, generally, to a file
on disk, and returns the content of that file as the response to the
request. (I am simplifying a bit, but it is the general idea).
Except, if something in the configuration tells it that for some
specific URL, there is another handler to use for generating the response.
JkMount is such a configuration directive.
It tells Apache that for some URLs, it should use another response
generator called mod_jk.
(The same is achieved by the "SetHandler jakarta-servlet" directive.)
So for such URLs, Apache does not generate the response itself, but
passes the request to mod_jk, and expects mod_jk to produce the
response. When the response comes from mod_jk, Apache merely copies it
back to the browser.
Apache has no idea that mod_jk, to produce the response, is using one or
more Tomcats in the background. Apache also does not know that mod_jk
communicates with Tomcat via port 8009 (or any other port).
If instead of talking to a Tomcat via port 8009, mod_jk was talking to
you by telephone, and you were writing the response, Apache would not
see the difference.
But what Apache knows about, is any filesystem location you tell it to
look into, to find files to return as response for some URLs.
By using the directive
Alias /test/ /srv/tomcat6/webapps/A
you are telling Apache "hey, if the request URL is /test/abc.html, then
go look for a file /srv/tomcat6/webapps/A/abc.html".
Apache has no idea that this directory is also part of the "Tomcat
space", and it could not care less. If it looks there, and finds a file
"abc.html", it will just copy its content to the browser, without ever
asking mod_jk or Tomcat anything. In other words, it completely ignores
mod_jk and Tomcat, and serves the file directly from the filesystem.
That is why this Alias is dangerous.
That is also why it is extremely dangerous to do as quite a few people
seem to do, to set the Apache DocumentRoot to the "webapps" directory of
Tomcat, thinking "hey, I'll serve the static content directly with
Apache". (That may be an appropriate thing to do sometimes, but not in
this way).
According to Chris, the later JkMount's in your config will take
precedence over that Alias, and thus "override" (or "cancel") it. But
it is not quite clear yet that they always do, and there is no
documentation that I know of, that confirms this.
Let me give you a partial counter-example :
If you had
Alias /test/ /srv/tomcat6/webapps/A
and then you also had
JkMount /test/*.jsp A
then indeed, for any request URL starting with "/test/" and ending in
".jsp", the JkMount would take precedence over the Alias, and that
request will be served by mod_jk (and thus really by Tomcat).
But for a request URL like "/test/secret-data.conf" the above JkMount
would not take precedence over the Alias, and Apache would serve that
file directly from disk.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by Rainer Jung <ra...@kippdata.de>.
Check again (I think André's) hint about JkMountCopy.
Regards,
Rainer
On 02.12.2009 17:33, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Vas,
>
> On 12/2/2009 11:06 AM, groupalias v wrote:
>> In response to Chris' question - I have only one tomcat instance
>> running and it picks up the webapps in /srv/tomcat6/webapps/
>> and the URL www.example.com:8080/test/index.jsp works fine.
>
> - From what you posted earlier, you have a webapp in
> /srv/tomcat6/webapps/A, which should be accessed via a URL such as:
>
> http://www.example.com:8080/A/index.jsp
>
> If you have a webapp deployed into /srv/tomcat6/webapps/test, you didn't
> mention it (and it's important information). If you have no webapp
> deployed into /srv/tomcat6/webapps/test, then it will use the default
> webapp which will be in /srv/tomcat6/webapps/ROOT unless otherwise
> configured. If you have neither of these, I would fully expect to get a
> 400 error because http://www.example.com:8080/test does not map to any
> configured webapp.
>
>> I tried with the mod_jk.c and jk_module with the same result.
>
> I don't think mod_jk is the problem, here.
>
> Tomcat does not produce a log message when a webapp cannot be found, and
> you can see mod_jk returning a 400 from Tomcat. I believe this is a
> webapp deployment problem.
>
>> What is the workers.tomcat_home directive in workers.properties used for?
>
> Nothing. It is an old configuration option that is no longer used.
>
>> If the communication is over the 8009 port why does apache care about
>> one of tomcat's directories?
>
> It doesn't.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAksWlvEACgkQ9CaO5/Lv0PAKZwCfXF9s/CPm/PQaugiJrifo8sR8
> zikAoK8Hm0th6+x162SE7AxajlsBXkNL
> =95Ua
> -----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Vas,
On 12/2/2009 11:06 AM, groupalias v wrote:
> In response to Chris' question - I have only one tomcat instance
> running and it picks up the webapps in /srv/tomcat6/webapps/
> and the URL www.example.com:8080/test/index.jsp works fine.
- From what you posted earlier, you have a webapp in
/srv/tomcat6/webapps/A, which should be accessed via a URL such as:
http://www.example.com:8080/A/index.jsp
If you have a webapp deployed into /srv/tomcat6/webapps/test, you didn't
mention it (and it's important information). If you have no webapp
deployed into /srv/tomcat6/webapps/test, then it will use the default
webapp which will be in /srv/tomcat6/webapps/ROOT unless otherwise
configured. If you have neither of these, I would fully expect to get a
400 error because http://www.example.com:8080/test does not map to any
configured webapp.
> I tried with the mod_jk.c and jk_module with the same result.
I don't think mod_jk is the problem, here.
Tomcat does not produce a log message when a webapp cannot be found, and
you can see mod_jk returning a 400 from Tomcat. I believe this is a
webapp deployment problem.
> What is the workers.tomcat_home directive in workers.properties used for?
Nothing. It is an old configuration option that is no longer used.
> If the communication is over the 8009 port why does apache care about
> one of tomcat's directories?
It doesn't.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksWlvEACgkQ9CaO5/Lv0PAKZwCfXF9s/CPm/PQaugiJrifo8sR8
zikAoK8Hm0th6+x162SE7AxajlsBXkNL
=95Ua
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by groupalias v <gr...@gmail.com>.
In response to Chris' question - I have only one tomcat instance
running and it picks up the webapps in /srv/tomcat6/webapps/
and the URL www.example.com:8080/test/index.jsp works fine. I tried
with the mod_jk.c and jk_module with the same result.
In response to André's question this is the first time I am hearing
about the SetHandler construct. Is there documentation somewhere I
can read?
The issue about security is something I am concerned too and thought
its too error prone.
What is the workers.tomcat_home directive in workers.properties used for?
If the communication is over the 8009 port why does apache care about
one of tomcat's directories?
I will re-create the with mo_jk.c and post them.
Thanks,
- Vas
On Wed, Dec 2, 2009 at 2:30 AM, André Warnier <aw...@ice-sa.com> wrote:
> Christopher Schultz wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> All,
>>
>> On 12/1/2009 10:26 AM, André Warnier wrote:
>>>
>>> groupalias v wrote:
>>>>
>>>> httpd.conf
>>>> -------------
>>>>
>>>> LoadModule jk_module modules/mod_jk.so
>>>>
>>>> <IfModule jk_module>
>>>
>>> What the h.. is this line for : ?
>>
>> It's for conditional inclusion of Apache httpd directives when modules
>> may or may not be loaded.
>
> No. I was talking about the "Alias" which follows. Hence the trailing ":" in
> my question. Ok, following the colon by a question mark wasn't the clearest
> thing either...
>
>
> The test I have in my httpd.conf is:
>>
>> <IfModule mod_jk.c>
>>
>> I can't find any references online to the use of jk_module in
>> <IfModule>, so the OP might want to change it.
>>
>>>> Alias /test/ "/srv/tomcat6/webapps/A"
>>>
>>> It kind of contradicts these next lines :
>>>
>>>> JKMount /test/ A
>>>> JkMount /test/* A
>>>
>>> Because of the Alias line, I don't think that mod_jk even gets to see
>>> your /test/ URLs.
>>
>> No, mod_jk gets higher priority than mod_alias. I'm not entirely sure
>> how the pecking order is decided, but I do know that mod_jk gets first
>> shot.
>
> Yes, +1 about the "not sure". That is why I prefer, rather than JkMount, the
> form with
> <Location /test>
> SetHandler jakarta-servlet
> ...
> </Location>
>
> At least in that case the precedences are clear, and I find that this syntax
> fits better with "the Apache way of things", and is much more flexible than
> JkMount/JkUnMount.
>
> My general gripe about that Alias line, is that it generally gives access
> for Apache, to the entire tomcat webapps directory, thus from the start
> bypassing anything configured at Tomcat level in terms of security. Then
> later, one has to "patch" this hole by a series of conditional Deny rules,
> hoping not to forget one.
> And in 99% of the cases, one does forget something, such as also forbidding
> META-INF e.g.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by André Warnier <aw...@ice-sa.com>.
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> On 12/1/2009 10:26 AM, André Warnier wrote:
>> groupalias v wrote:
>>> httpd.conf
>>> -------------
>>>
>>> LoadModule jk_module modules/mod_jk.so
>>>
>>> <IfModule jk_module>
>> What the h.. is this line for : ?
>
> It's for conditional inclusion of Apache httpd directives when modules
> may or may not be loaded.
No. I was talking about the "Alias" which follows. Hence the trailing
":" in my question. Ok, following the colon by a question mark wasn't
the clearest thing either...
The test I have in my httpd.conf is:
>
> <IfModule mod_jk.c>
>
> I can't find any references online to the use of jk_module in
> <IfModule>, so the OP might want to change it.
>
>>> Alias /test/ "/srv/tomcat6/webapps/A"
>> It kind of contradicts these next lines :
>>
>>> JKMount /test/ A
>>> JkMount /test/* A
>> Because of the Alias line, I don't think that mod_jk even gets to see
>> your /test/ URLs.
>
> No, mod_jk gets higher priority than mod_alias. I'm not entirely sure
> how the pecking order is decided, but I do know that mod_jk gets first shot.
Yes, +1 about the "not sure". That is why I prefer, rather than JkMount,
the form with
<Location /test>
SetHandler jakarta-servlet
...
</Location>
At least in that case the precedences are clear, and I find that this
syntax fits better with "the Apache way of things", and is much more
flexible than JkMount/JkUnMount.
My general gripe about that Alias line, is that it generally gives
access for Apache, to the entire tomcat webapps directory, thus from the
start bypassing anything configured at Tomcat level in terms of
security. Then later, one has to "patch" this hole by a series of
conditional Deny rules, hoping not to forget one.
And in 99% of the cases, one does forget something, such as also
forbidding META-INF e.g.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
On 12/1/2009 10:26 AM, André Warnier wrote:
> groupalias v wrote:
>>
>> httpd.conf
>> -------------
>>
>> LoadModule jk_module modules/mod_jk.so
>>
>> <IfModule jk_module>
>
> What the h.. is this line for : ?
It's for conditional inclusion of Apache httpd directives when modules
may or may not be loaded. The test I have in my httpd.conf is:
<IfModule mod_jk.c>
I can't find any references online to the use of jk_module in
<IfModule>, so the OP might want to change it.
>> Alias /test/ "/srv/tomcat6/webapps/A"
>
> It kind of contradicts these next lines :
>
>>
>> JKMount /test/ A
>> JkMount /test/* A
>
> Because of the Alias line, I don't think that mod_jk even gets to see
> your /test/ URLs.
No, mod_jk gets higher priority than mod_alias. I'm not entirely sure
how the pecking order is decided, but I do know that mod_jk gets first shot.
Here's a question for the OP: what URL are you trying to access?
A 400 error ("Bad Request") usually means that you made a request that
didn't map to a deployed webapp. Presumably, there is a webapp deployed
into the "/srv/tomcat6/webapps/A" directory. Are there any other webapps
deployed?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksVzRsACgkQ9CaO5/Lv0PDOyQCeP4l4nZXLLSBuU9uSgO8EScIy
a0sAoJWb02JuFuMINLYFzy3PoDll/rPD
=+VPI
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Debugging tomcat<->apache(mod_jk) bridge
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Ashok Kumar [mailto:ashok04@gmail.com]
> Subject: Re: Debugging tomcat<->apache(mod_jk) bridge
>
> Thanks for your reply. I am using the standalone tomcat app server, no
> web server.
You replied to the wrong thread - the subject line should have given you a clue. No one has attempted to respond to your original inquiry.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by Ashok Kumar <as...@gmail.com>.
Thanks for your reply. I am using the standalone tomcat app server, no web
server.
We are using tomcat 6.0.20. We installed the self signed certificate on it,
its working fine.
Now we installed the CA (goDaddy) certificate in order to use CA certificate
and updated the server.xml and restarted the tomcat server. But tomcat ssl
port is still picking the old self-signed certs. Do you have any idea why it
is not picking the godaddy certificates? I mean can you point me what other
places of tomcat server, I need to look so that it can pick the goDaddy
certificates.
Thanks
On Tue, Dec 1, 2009 at 3:59 PM, André Warnier <aw...@ice-sa.com> wrote:
> groupalias v wrote:
>
>> See answers inline -
>>
>> On Tue, Dec 1, 2009 at 7:26 AM, André Warnier <aw...@ice-sa.com> wrote:
>>
>>> groupalias v wrote:
>>>
>>>> httpd.conf
>>>> -------------
>>>>
>>>> LoadModule jk_module modules/mod_jk.so
>>>>
>>>> <IfModule jk_module>
>>>>
>>> What the h.. is this line for : ?
>>>
>>
>> I don't understand. Am I using the wrong module identifier? Or are
>> you saying the module specific tag itself is not needed?
>>
>> Alias /test/ "/srv/tomcat6/webapps/A"
>>>>
>>> It kind of contradicts these next lines :
>>>
>>> JKMount /test/ A
>>>> JkMount /test/* A
>>>>
>>> Because of the Alias line, I don't think that mod_jk even gets to see
>>> your
>>> /test/ URLs.
>>>
>>
>> I do know that mod_jk is being sent the URL request. It is parsing the
>> JKMount line and trying to do something with it. I can see how the
>> alias and the JKMount contradicting each other could be causing the
>> problem.
>>
>> I removed the Alias and tried with the same result.
>>
>> Here is one of the links I referred to during setup.
>>
>> http://forums.opensuse.org/network-internet/416840-apache2-2-tomcat6-mod_jk-suse-11-1-a.html
>>
>> These examples are rather bad, for several reasons.
> One thing hinted at however could be your problem.
> I have little time now, but :
> If you are using Virtual Hosts in Apache, look up the JkMountCopy
> directive. The gist : a "JkMount" done in the main Apache config, is not
> necessarily inherited by the VirtualHost sections, even the default one.
>
> Also, next time, really show us the section of the mod_jk log where you
> think you see the error 400.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by André Warnier <aw...@ice-sa.com>.
groupalias v wrote:
> See answers inline -
>
> On Tue, Dec 1, 2009 at 7:26 AM, André Warnier <aw...@ice-sa.com> wrote:
>> groupalias v wrote:
>>> httpd.conf
>>> -------------
>>>
>>> LoadModule jk_module modules/mod_jk.so
>>>
>>> <IfModule jk_module>
>> What the h.. is this line for : ?
>
> I don't understand. Am I using the wrong module identifier? Or are
> you saying the module specific tag itself is not needed?
>
>>> Alias /test/ "/srv/tomcat6/webapps/A"
>> It kind of contradicts these next lines :
>>
>>> JKMount /test/ A
>>> JkMount /test/* A
>> Because of the Alias line, I don't think that mod_jk even gets to see your
>> /test/ URLs.
>
> I do know that mod_jk is being sent the URL request. It is parsing the
> JKMount line and trying to do something with it. I can see how the
> alias and the JKMount contradicting each other could be causing the
> problem.
>
> I removed the Alias and tried with the same result.
>
> Here is one of the links I referred to during setup.
> http://forums.opensuse.org/network-internet/416840-apache2-2-tomcat6-mod_jk-suse-11-1-a.html
>
These examples are rather bad, for several reasons.
One thing hinted at however could be your problem.
I have little time now, but :
If you are using Virtual Hosts in Apache, look up the JkMountCopy
directive. The gist : a "JkMount" done in the main Apache config, is
not necessarily inherited by the VirtualHost sections, even the default one.
Also, next time, really show us the section of the mod_jk log where you
think you see the error 400.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by groupalias v <gr...@gmail.com>.
See answers inline -
On Tue, Dec 1, 2009 at 7:26 AM, André Warnier <aw...@ice-sa.com> wrote:
> groupalias v wrote:
>>
>> httpd.conf
>> -------------
>>
>> LoadModule jk_module modules/mod_jk.so
>>
>> <IfModule jk_module>
>
> What the h.. is this line for : ?
I don't understand. Am I using the wrong module identifier? Or are
you saying the module specific tag itself is not needed?
>
>> Alias /test/ "/srv/tomcat6/webapps/A"
>
> It kind of contradicts these next lines :
>
>>
>> JKMount /test/ A
>> JkMount /test/* A
>
> Because of the Alias line, I don't think that mod_jk even gets to see your
> /test/ URLs.
I do know that mod_jk is being sent the URL request. It is parsing the
JKMount line and trying to do something with it. I can see how the
alias and the JKMount contradicting each other could be causing the
problem.
I removed the Alias and tried with the same result.
Here is one of the links I referred to during setup.
http://forums.opensuse.org/network-internet/416840-apache2-2-tomcat6-mod_jk-suse-11-1-a.html
- Vas
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Debugging tomcat<->apache(mod_jk) bridge
Posted by André Warnier <aw...@ice-sa.com>.
groupalias v wrote:
>
> httpd.conf
> -------------
>
> LoadModule jk_module modules/mod_jk.so
>
> <IfModule jk_module>
What the h.. is this line for : ?
> Alias /test/ "/srv/tomcat6/webapps/A"
It kind of contradicts these next lines :
>
> JKMount /test/ A
> JkMount /test/* A
Because of the Alias line, I don't think that mod_jk even gets to see
your /test/ URLs.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org