You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by David Sperling <ds...@hakodateit.com> on 2011/01/11 10:40:42 UTC
realm authentication no longer works through apache - mod_jk after
upgrade still works via straight tomcat 8080
Hi-
I recently upgraded tomcat, apache, apr and mod_jk.
Now when I access via apache --> mod_jk on port 80 ie.
www.mydomain.com/myappname/
the Velocity login page displays fine but after hitting the login button
/admin/j_security_check displays in the URL
and a blank page is displayed.
.do and .vm pages on port 80 that do not require authentication display
fine.
When I bypass mod_jk by accessing via port 8080 users can authenticate,
with no problems and the applications function properly.
I've pasted log and configuration information below. Any tips on debugging,
greatly appreciated.
Cheers,
David Sperling
The /var/log/apache/error.log displays the following:
[Tue Jan 11 17:49:12 2011] [notice] child pid 30665 exit signal
Segmentation fault (11)
[Tue Jan 11 17:49:12 2011] [notice] child pid 30666 exit signal
Segmentation fault (11)
[Tue Jan 11 17:49:12 2011] [notice] child pid 30667 exit signal
Segmentation fault (11)
/var/log/tomcat-6/catalina.out displays:
Jan 11, 2011 6:00:28 PM org.apache.jk.common.ChannelSocket processConnection
WARNING: processCallbacks status 2
I tried mod_jk-1.2.28-r1 and 1.2.30 and they both give the same result.
I thought maybe it was an apache module conflict or problem caused
because of a lack
of a module so I removed all apache modules and re-compiled apache.
Same symptoms
after restart. Then I re-compiled apache with the default modules and
restarted apache with the same symptoms.
My apache build contains the following modules(minus means not included
in build):
www-servers/apache-2.2.16 USE="ssl -debug -doc -ldap (-selinux) -static
-suexec -threads" APACHE2_MODULES="actions alias auth_basic authn_alias
authn_anon authn_dbm authn_default authn_file authz_dbm authz_default
authz_groupfile authz_host authz_owner authz_user autoindex cache cgi
cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter
file_cache filter headers include info log_config logio mem_cache mime
mime_magic negotiation rewrite setenvif speling status unique_id userdir
usertrack vhost_alias -asis -auth_digest -authn_dbd -cern_meta
-charset_lite -dbd -dumpio -ident -imagemap -log_forensic -proxy
-proxy_ajp -proxy_balancer -proxy_connect -proxy_ftp -proxy_http
-substitute -version" APACHE2_MPMS="-event -itk -peruser -prefork -worker"
My current versions are listed below.
www-servers/tomcat
Latest version available: 6.0.26
Latest version installed: 6.0.26
* www-servers/apache
Latest version available: 2.2.16
Latest version installed: 2.2.16
* dev-libs/apr
Latest version available: 1.4.2
Latest version installed: 1.4.2
* www-apache/mod_jk
Latest version available: 1.2.30
Latest version installed: 1.2.30
cat /etc/apache2/jk-workers.properties | grep -v '#'
worker.list=ajp13w
worker.ajp13w.type=ajp13
worker.ajp13w.host=localhost
worker.ajp13w.port=8009
cat /etc/apache2/modules.d/88_mod_jk.conf | grep -v '#' | grep -v ^$
<IfDefine JK>
LoadModule jk_module modules/mod_jk.so
JkWorkersFile /etc/apache2/jk-workers.properties
JkLogFile /var/log/apache2/mod_jk.log
JkShmFile /var/log/apache2/mod_jk.shm
JkLogLevel info
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
</IfDefine>
cat /etc/apache2/vhosts.d/05_mybox.conf
Listen 80
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mybox.mydomain.com
DocumentRoot /var/www/localhost/htdocs/
<directory "/var/www/localhost/htdocs">
AllowOverride all
Order allow,deny
Allow from all
</directory>
JkMount /manager/* ajp13w
...
JkMount /jfree/* ajp13w
JkMount /solana/* ajp13w
JkMount /topix/* ajp13w
JkMount /jsite/* ajp13w
JkMount /eswift/* ajp13w
JkMount /property/* ajp13w
</VirtualHost>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: realm authentication no longer works through apache - mod_jk
after upgrade still works via straight tomcat 8080
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rainer,
On 1/11/2011 6:56 AM, Rainer Jung wrote:
> At the moment there are no open issues about mod_jk and crashes.
...
>> I tried mod_jk-1.2.28-r1 and 1.2.30 and they both give the same result.
>
> Wonder why you tried 1.2.30 but not the most recent version 1.2.31?
1.2.31 might not be available from their package manager (Gentoo emerge,
looks like).
>> My apache build contains the following modules(minus means not included
>> in build):
>
> What do you mean by "build contains" and "minus means not included in
> build"? Example: "-substitute" means what? You don't build it and you
> don't use it, or you build it and don't use/load it or you didn't build
> it and use a 3rd-party build?
Gentoo "USE" flags mean optional capabilities. In the USE config below,
"-substitute" means that that USE flag is disabled, and therefore some
corresponding capabilities are not compiled into the binary.
(Gentoo is (usually) source-only, and all packages are compiled on the
local machine, so you gave a great deal of control over the caps for
each package).
http://www.gentoo.org/proj/en/apache/doc/upgrading.xml#use-2.2.6-r4
APACHE2_MODULES are like USE flags, except that they don't pollute the
global registry of USE flags that Gentoo uses.
I didn't see "substitute" anywhere, so that may just be a mistake.
>> www-servers/apache-2.2.16 USE="ssl -debug -doc -ldap (-selinux) -static
>> -suexec -threads" APACHE2_MODULES="actions alias auth_basic authn_alias
>> authn_anon authn_dbm authn_default authn_file authz_dbm authz_default
>> authz_groupfile authz_host authz_owner authz_user autoindex cache cgi
>> cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter
>> file_cache filter headers include info log_config logio mem_cache mime
>> mime_magic negotiation rewrite setenvif speling status unique_id userdir
>> usertrack vhost_alias -asis -auth_digest -authn_dbd -cern_meta
>> -charset_lite -dbd -dumpio -ident -imagemap -log_forensic -proxy
>> -proxy_ajp -proxy_balancer -proxy_connect -proxy_ftp -proxy_http
>> -substitute -version" APACHE2_MPMS="-event -itk -peruser -prefork
>> -worker"
Not sure if any of the above could cause a problem: I can't see anything
off the top of my head. Certainly, core dumps will help.
> Which MPM are you actually using?
The APACHE2_MPMS setting indicates that all MPMs listed on the page
above are disabled. Maybe there isn't an MPM at all? That would be
interesting.
David: how about enabling one of the MPMS, re-building, and trying
again? I recommend "prefork" or "worker".
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk0sis0ACgkQ9CaO5/Lv0PCRAgCgqz+vIp4LZGvgS0pUozH729m4
caIAnipJa57cDYnW3BCTbyK9gm7aUf86
=l4vg
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: realm authentication no longer works through apache - mod_jk
after upgrade still works via straight tomcat 8080
Posted by Rainer Jung <ra...@kippdata.de>.
On 11.01.2011 10:40, David Sperling wrote:
> Hi-
>
> I recently upgraded tomcat, apache, apr and mod_jk.
> Now when I access via apache --> mod_jk on port 80 ie.
> www.mydomain.com/myappname/
> the Velocity login page displays fine but after hitting the login button
> /admin/j_security_check displays in the URL
> and a blank page is displayed.
Add a browser plugin, e.g. FireBug for Firefox to check, what requests
are actually being sent and which one is the last, that isn't being
answered. Check whether it is sent to the correct host.
But see also below.
> .do and .vm pages on port 80 that do not require authentication display
> fine.
> When I bypass mod_jk by accessing via port 8080 users can authenticate,
> with no problems and the applications function properly.
>
> I've pasted log and configuration information below. Any tips on debugging,
> greatly appreciated.
>
> The /var/log/apache/error.log displays the following:
> [Tue Jan 11 17:49:12 2011] [notice] child pid 30665 exit signal
> Segmentation fault (11)
> [Tue Jan 11 17:49:12 2011] [notice] child pid 30666 exit signal
> Segmentation fault (11)
> [Tue Jan 11 17:49:12 2011] [notice] child pid 30667 exit signal
> Segmentation fault (11)
Very bad. I assume the timestamps fit the moments when the problem
actually happens, so those crashes should be related? Or is it
timestamps e.g. from doing Apache restarts?
If the dumps are related:
- get core dumps for the crashes Apache instances. You might need to
allow core dumps in you operating system, details depend on your
operating system. Sometimes it helps to configure CoreDumpDirectory in
Apache in addition to the OS settings.
- try to get stack dumps from the cores using gdb or whatever tool is
appropriate on your platform (which is which platform?) and post them
At the moment there are no open issues about mod_jk and crashes.
> /var/log/tomcat-6/catalina.out displays:
> Jan 11, 2011 6:00:28 PM org.apache.jk.common.ChannelSocket processConnection
> WARNING: processCallbacks status 2
>
> I tried mod_jk-1.2.28-r1 and 1.2.30 and they both give the same result.
Wonder why you tried 1.2.30 but not the most recent version 1.2.31?
> I thought maybe it was an apache module conflict or problem caused
> because of a lack
> of a module so I removed all apache modules and re-compiled apache.
> Same symptoms
> after restart. Then I re-compiled apache with the default modules and
> restarted apache with the same symptoms.
>
> My apache build contains the following modules(minus means not included
> in build):
What do you mean by "build contains" and "minus means not included in
build"? Example: "-substitute" means what? You don't build it and you
don't use it, or you build it and don't use/load it or you didn't build
it and use a 3rd-party build?
> www-servers/apache-2.2.16 USE="ssl -debug -doc -ldap (-selinux) -static
> -suexec -threads" APACHE2_MODULES="actions alias auth_basic authn_alias
> authn_anon authn_dbm authn_default authn_file authz_dbm authz_default
> authz_groupfile authz_host authz_owner authz_user autoindex cache cgi
> cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter
> file_cache filter headers include info log_config logio mem_cache mime
> mime_magic negotiation rewrite setenvif speling status unique_id userdir
> usertrack vhost_alias -asis -auth_digest -authn_dbd -cern_meta
> -charset_lite -dbd -dumpio -ident -imagemap -log_forensic -proxy
> -proxy_ajp -proxy_balancer -proxy_connect -proxy_ftp -proxy_http
> -substitute -version" APACHE2_MPMS="-event -itk -peruser -prefork -worker"
Which MPM are you actually using?
> My current versions are listed below.
>
> www-servers/tomcat
> Latest version available: 6.0.26
> Latest version installed: 6.0.26
>
> * www-servers/apache
> Latest version available: 2.2.16
> Latest version installed: 2.2.16
>
> * dev-libs/apr
> Latest version available: 1.4.2
> Latest version installed: 1.4.2
>
> * www-apache/mod_jk
> Latest version available: 1.2.30
> Latest version installed: 1.2.30
>
> cat /etc/apache2/jk-workers.properties | grep -v '#'
>
> worker.list=ajp13w
>
> worker.ajp13w.type=ajp13
> worker.ajp13w.host=localhost
> worker.ajp13w.port=8009
Minimal but that makes it extremely unlikely to be responsible for the
crash.
> cat /etc/apache2/modules.d/88_mod_jk.conf | grep -v '#' | grep -v ^$
> <IfDefine JK>
> LoadModule jk_module modules/mod_jk.so
> JkWorkersFile /etc/apache2/jk-workers.properties
> JkLogFile /var/log/apache2/mod_jk.log
> JkShmFile /var/log/apache2/mod_jk.shm
> JkLogLevel info
> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
Remove "+ForwardURICompat" which often does more harm than good. But not
related to crashes.
> JkRequestLogFormat "%w %V %T"
Mmmm, I don't like it see ways of including the info into the normal
access log. Look for "mod_log_config" on
http://tomcat.apache.org/connectors-doc/reference/apache.html
Again: not responsible for crash.
> </IfDefine>
>
> cat /etc/apache2/vhosts.d/05_mybox.conf
>
> Listen 80
>
> NameVirtualHost *:80
>
> <VirtualHost *:80>
> ServerName mybox.mydomain.com
>
> DocumentRoot /var/www/localhost/htdocs/
>
> <directory "/var/www/localhost/htdocs">
> AllowOverride all
> Order allow,deny
> Allow from all
> </directory>
> JkMount /manager/* ajp13w
> ...
> JkMount /jfree/* ajp13w
> JkMount /solana/* ajp13w
> JkMount /topix/* ajp13w
> JkMount /jsite/* ajp13w
> JkMount /eswift/* ajp13w
> JkMount /property/* ajp13w
> </VirtualHost>
Looks OK.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org