You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Lessie Z. Mitch" <le...@hawaii.rr.com> on 2008/02/25 21:07:07 UTC
Apache/Tomcat - mod_jk issues
Greetings list.
For some reason web browser queries are not passing through apache to tomcat
via mod_jk. I understand I may have a misconfiguration somewhere, I just
cannot find it. L
I am trying to host 4 separate domains, all with different java apps. Each
domain has its own IP and own configurations, but they all run within one
instance of Tomcat. When I disable Apache, my webapps run fine and are
called forth by the web browser fine.
When I reconfigure for Apache, I do not hit my site(s).
When I attempt to view the my domain, I see the standard Apache welcome page
and no error in catalina.out.
When I force it to go to port 8009, I get a standard browser error (64 -
Host not available) and the following in catalina.out:
Feb 23, 2008 7:13:19 PM org.apache.jk.common.MsgAjp processHeader
SEVERE: BAD packet signature 18245
Feb 23, 2008 7:13:19 PM org.apache.jk.common.ChannelSocket processConnection
SEVERE: Error, processing connection
java.lang.IndexOutOfBoundsException
at java.io.BufferedInputStream.read(BufferedInputStream.java:306)
at org.apache.jk.common.ChannelSocket.read(ChannelSocket.java:626)
at
org.apache.jk.common.ChannelSocket.receive(ChannelSocket.java:583)
at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:691)
at
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java
:895)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:685)
at java.lang.Thread.run(Thread.java:595)
Below are my configurations. Please note all specific information has been
xx’d out. If more is needed let me know.
Server:
RHE 4
Apache 2.0.52
Tomcat 5.5.23
mod_jk 1.2.21
/etc/httpd/conf/httpd.conf
~~ other configurations
Include conf.d/*.conf
~~ other configurations
<VirtualHost xxx.xxx.xxx.xxx>
ServerName mydomain.com
ServerAlias HYPERLINK "http://www.mydomain.com"www.mydomain.com
DocumentRoot /home/sites/mydomain.com/webapps/mydomain
ErrorLog /home/sites/mydomain.com/logs/mydomain_error_log
CustomLog /home/sites/mydomain.com/logs/mydomain_access_log common
JkMount /*.jsp ajp13
JkMount /servlet/* ajp13
</VirtualHost>
~~ other virtual hosts follow, mimic same format
/etc/httpd/conf.d/mod_jk.conf
LoadModule jk_module /usr/lib/httpd/modules/mod_jk.so
JkWorkersFile /etc/httpd/conf/workers.properties
JkShmFile /var/log/httpd/mod_jk.shm
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
/etc/httpd/conf/workers.properties
worker.list=tomcat
worker.tomcat.host=localhost
worker.tomcat.port=8009
worker.tomcat.type=ajp13
<tomcat_home>/conf/server.xml
~~ other configurations,
~~ http & ssl are both removed
<Connector port="8009"
enableLookups="false"
redirectPort="8443"
protocol="AJP/1.3" />
~~ other configurations
<Host
name="mydomain.com"
appBase="someotherdirectory/mydomain.com/webapps"
unpackWARs="true"
autoDeploy="true">
</Host>
~~ other hosts to follow, mimic same format
I have read so much and now I am more confused than ever. Can someone please
shed some light?
~LZM~
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.21.1/1297 - Release Date: 2/25/2008
9:22 AM
Re: Apache/Tomcat - mod_jk issues
Posted by Adam Gordon <ad...@readytalk.com>.
No worries, happens to the best of us.
I don't "think" tomcat is a reserved worker name - that said, I've seen
stranger things...
Anyway, regarding your host question, it depends. "localhost" should
work fine out of the box if your apache/tomcat are running on the same
server (assuming your hosts file is setup correctly, which it should be
for localhost). We're running it all on apache load balancers and they
hand off the JK mounts to the Tomcat server computers as appropriate.
For the host parameter to work correctly I think all you'll need to
ensure is that either the host value is mapped correctly in the hosts
file or in DNS - we use DNS.
Next up, what exactly happens when you try to go to a Tomcat URL? Do
you get a 404? Regardless of whether you do or not, do you get any type
of error? Is the error an Apache error or Tomcat error? If you haven't
change the defaults of Apache or Tomcat, an Apache error will generally
tell you the apache version in black text whereas the Tomcat error page
usually has green or grey colored bars across it and will not display
anything about Apache.
If you get an Apache error, it's definitely not going to Tomcat-land and
if it gets to Tomcat-land, then your Apache configuration is probably
correct. I would next suggest turning up your JK logging and monitor
your request logging to make sure 1) your requests are coming through
and look as you expect them (in your apache access log), and then 2)
look at your mod_jk log to see what's going on.
Another thing to make sure is that Tomcat is listening on port 8009.
Not sure what platform you're on, but a "netstat -a" will tell you which
ports are active - you should see 8009. And on that note, make sure
your ports.conf file has you listening on both port 80 and 443.
--adam
Lessie Z. Mitch wrote:
> Thank you Adam!
>
> 1- eepers! Okay, that was overlooked! Changed that. ^.^
>
> 2- Not everything is secure (https). SSL is configured outside of the httpd.conf file for security reasons and defined in conf.d/someotherfile.conf, with conf.d being included (see previous post)
>
> 3- context files are located in their respective directories within catalin home (/tomcat_home/conf/Catalina/mydomain1.com et al)
> I followed option #2 of http://tomcat.apache.org/tomcat-5.5-doc/virtual-hosting-howto.html
>
>
>
>
> Okay, fixed the virtual Host:
> JkMount /*.jsp tomcat
> JkMount /servlet/* tomcat
>
> Restarted, yet Apache is still not handing off to TC. The TC serves up my webapps fine when standalone (either as 80 or 8080).
>
> Should the localhost property in workers.properties be changed to the IP (or domain name) of the designated webapp?
>
> IE:
> /somedirectory/worker.properties
> worker.list=tomcat
> worker.tomcat.host=localhost change "localhost" to "123.234.345.1" or "mydomain.com"???
> worker.tomcat.port=8009
> worker.tomcat.type=ajp13
>
>
>
>
> ~LZM~
>
>
>
>
>
>
> -----Original Message-----
> From: Adam Gordon [mailto:adam.gordon@readytalk.com]
> Sent: Tuesday, February 26, 2008 12:39 PM
> To: Tomcat Users List
> Subject: Re: Apache/Tomcat - mod_jk issues
>
> Lessie-
>
> Sorry to hear you're having trouble. We use Apache/Tomcat in the same
> way and assuming your snippets are reasonably complete I've noticed some
> issues that may or may not be helping to cause problems:
>
> 1. First and foremost, your worker list defines the worker name as
> "tomcat" yet in your J/K mount in your VirtualHost you say "ajp13" as
> the worker name. I.e., "JkMount /*.jsp ajp13" should be "JkMount /*.jsp
> tomcat".
>
> 2. While I've not used the redirectPort attribute on the Connector
> element, I'm assuming you are redirecting everything to HTTPS. If this
> is the case, I'm curious as to why you don't define either
> SSLCertificateFile or SSLCertificateKeyFile in your VirtualHost. We
> have to to ensure the right certificate is served up with the right IP
> since we don't have a site domain certificate.
>
> 3. I don't see them but I'm also assuming that each of your webapps
> have their own Context defined in the META-INF directory.
>
> That's all I noticed after a quick glance, but the biggie is #1. Let us
> know how it goes.
>
> --adam
>
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.21.1/1299 - Release Date: 2/26/2008 9:08 AM
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Apache/Tomcat - mod_jk issues
Posted by "Lessie Z. Mitch" <le...@hawaii.rr.com>.
Thank you Adam!
1- eepers! Okay, that was overlooked! Changed that. ^.^
2- Not everything is secure (https). SSL is configured outside of the httpd.conf file for security reasons and defined in conf.d/someotherfile.conf, with conf.d being included (see previous post)
3- context files are located in their respective directories within catalin home (/tomcat_home/conf/Catalina/mydomain1.com et al)
I followed option #2 of http://tomcat.apache.org/tomcat-5.5-doc/virtual-hosting-howto.html
Okay, fixed the virtual Host:
JkMount /*.jsp tomcat
JkMount /servlet/* tomcat
Restarted, yet Apache is still not handing off to TC. The TC serves up my webapps fine when standalone (either as 80 or 8080).
Should the localhost property in workers.properties be changed to the IP (or domain name) of the designated webapp?
IE:
/somedirectory/worker.properties
worker.list=tomcat
worker.tomcat.host=localhost change "localhost" to "123.234.345.1" or "mydomain.com"???
worker.tomcat.port=8009
worker.tomcat.type=ajp13
~LZM~
-----Original Message-----
From: Adam Gordon [mailto:adam.gordon@readytalk.com]
Sent: Tuesday, February 26, 2008 12:39 PM
To: Tomcat Users List
Subject: Re: Apache/Tomcat - mod_jk issues
Lessie-
Sorry to hear you're having trouble. We use Apache/Tomcat in the same
way and assuming your snippets are reasonably complete I've noticed some
issues that may or may not be helping to cause problems:
1. First and foremost, your worker list defines the worker name as
"tomcat" yet in your J/K mount in your VirtualHost you say "ajp13" as
the worker name. I.e., "JkMount /*.jsp ajp13" should be "JkMount /*.jsp
tomcat".
2. While I've not used the redirectPort attribute on the Connector
element, I'm assuming you are redirecting everything to HTTPS. If this
is the case, I'm curious as to why you don't define either
SSLCertificateFile or SSLCertificateKeyFile in your VirtualHost. We
have to to ensure the right certificate is served up with the right IP
since we don't have a site domain certificate.
3. I don't see them but I'm also assuming that each of your webapps
have their own Context defined in the META-INF directory.
That's all I noticed after a quick glance, but the biggie is #1. Let us
know how it goes.
--adam
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.21.1/1299 - Release Date: 2/26/2008 9:08 AM
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache/Tomcat - mod_jk issues
Posted by Adam Gordon <ad...@readytalk.com>.
Chris-
That makes sense, because the SSL is between the web server and the
browser, and not a connector between two web servers - I've just never
used it so at first glance it looks like it redirects incoming traffic
to port 8443, which is Tomcat's default SSL port...
Thanks for the clarification.
--adam
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Adam,
>
> Adam Gordon wrote:
> | 2. While I've not used the redirectPort attribute on the Connector
> | element, I'm assuming you are redirecting everything to HTTPS. If this
> | is the case, I'm curious as to why you don't define either
> | SSLCertificateFile or SSLCertificateKeyFile in your VirtualHost. We
> | have to to ensure the right certificate is served up with the right IP
> | since we don't have a site domain certificate.
>
> AJP doesn't do encryption, so any redirectPort would be expected to
> point to an HTTPS connection, which would be handled by something other
> than the AJP connector. Therefore, no SSL configuration on the AJP
> connector is necessary.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkfFcM0ACgkQ9CaO5/Lv0PAkDgCgnJ1x4OC5hAnd5PVuyAyiUT1d
> oMkAoKU5DTG2jd/busAKlssQ5MWAIj68
> =B4kk
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache/Tomcat - mod_jk issues
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adam,
Adam Gordon wrote:
| 2. While I've not used the redirectPort attribute on the Connector
| element, I'm assuming you are redirecting everything to HTTPS. If this
| is the case, I'm curious as to why you don't define either
| SSLCertificateFile or SSLCertificateKeyFile in your VirtualHost. We
| have to to ensure the right certificate is served up with the right IP
| since we don't have a site domain certificate.
AJP doesn't do encryption, so any redirectPort would be expected to
point to an HTTPS connection, which would be handled by something other
than the AJP connector. Therefore, no SSL configuration on the AJP
connector is necessary.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkfFcM0ACgkQ9CaO5/Lv0PAkDgCgnJ1x4OC5hAnd5PVuyAyiUT1d
oMkAoKU5DTG2jd/busAKlssQ5MWAIj68
=B4kk
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache/Tomcat - mod_jk issues
Posted by Adam Gordon <ad...@readytalk.com>.
Lessie-
Sorry to hear you're having trouble. We use Apache/Tomcat in the same
way and assuming your snippets are reasonably complete I've noticed some
issues that may or may not be helping to cause problems:
1. First and foremost, your worker list defines the worker name as
"tomcat" yet in your J/K mount in your VirtualHost you say "ajp13" as
the worker name. I.e., "JkMount /*.jsp ajp13" should be "JkMount /*.jsp
tomcat".
2. While I've not used the redirectPort attribute on the Connector
element, I'm assuming you are redirecting everything to HTTPS. If this
is the case, I'm curious as to why you don't define either
SSLCertificateFile or SSLCertificateKeyFile in your VirtualHost. We
have to to ensure the right certificate is served up with the right IP
since we don't have a site domain certificate.
3. I don't see them but I'm also assuming that each of your webapps
have their own Context defined in the META-INF directory.
That's all I noticed after a quick glance, but the biggie is #1. Let us
know how it goes.
--adam
Lessie Z. Mitch wrote:
> Greetings list.
>
>
>
> For some reason web browser queries are not passing through apache to tomcat
> via mod_jk. I understand I may have a misconfiguration somewhere, I just
> cannot find it. L
>
>
>
> I am trying to host 4 separate domains, all with different java apps. Each
> domain has its own IP and own configurations, but they all run within one
> instance of Tomcat. When I disable Apache, my webapps run fine and are
> called forth by the web browser fine.
>
>
>
> When I reconfigure for Apache, I do not hit my site(s).
>
>
>
> When I attempt to view the my domain, I see the standard Apache welcome page
> and no error in catalina.out.
>
>
>
>
> When I force it to go to port 8009, I get a standard browser error (64 -
> Host not available) and the following in catalina.out:
>
>
> Feb 23, 2008 7:13:19 PM org.apache.jk.common.MsgAjp processHeader
>
> SEVERE: BAD packet signature 18245
>
> Feb 23, 2008 7:13:19 PM org.apache.jk.common.ChannelSocket processConnection
>
> SEVERE: Error, processing connection
>
> java.lang.IndexOutOfBoundsException
>
> at java.io.BufferedInputStream.read(BufferedInputStream.java:306)
>
> at org.apache.jk.common.ChannelSocket.read(ChannelSocket.java:626)
>
> at
> org.apache.jk.common.ChannelSocket.receive(ChannelSocket.java:583)
>
> at
> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:691)
>
> at
> org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java
> :895)
>
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
> a:685)
>
> at java.lang.Thread.run(Thread.java:595)
>
>
>
>
>
>
>
>
>
> Below are my configurations. Please note all specific information has been
> xx’d out. If more is needed let me know.
>
>
>
> Server:
>
> RHE 4
>
> Apache 2.0.52
>
> Tomcat 5.5.23
>
> mod_jk 1.2.21
>
>
>
> /etc/httpd/conf/httpd.conf
>
> ~~ other configurations
>
> Include conf.d/*.conf
>
> ~~ other configurations
>
> <VirtualHost xxx.xxx.xxx.xxx>
>
> ServerName mydomain.com
>
> ServerAlias HYPERLINK "http://www.mydomain.com"www.mydomain.com
>
> DocumentRoot /home/sites/mydomain.com/webapps/mydomain
>
> ErrorLog /home/sites/mydomain.com/logs/mydomain_error_log
>
> CustomLog /home/sites/mydomain.com/logs/mydomain_access_log common
>
> JkMount /*.jsp ajp13
>
> JkMount /servlet/* ajp13
>
> </VirtualHost>
>
> ~~ other virtual hosts follow, mimic same format
>
>
>
> /etc/httpd/conf.d/mod_jk.conf
>
> LoadModule jk_module /usr/lib/httpd/modules/mod_jk.so
>
> JkWorkersFile /etc/httpd/conf/workers.properties
>
> JkShmFile /var/log/httpd/mod_jk.shm
>
> JkLogFile /var/log/httpd/mod_jk.log
>
> JkLogLevel info
>
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>
>
>
> /etc/httpd/conf/workers.properties
>
> worker.list=tomcat
>
> worker.tomcat.host=localhost
>
> worker.tomcat.port=8009
>
> worker.tomcat.type=ajp13
>
>
>
> <tomcat_home>/conf/server.xml
>
> ~~ other configurations,
>
> ~~ http & ssl are both removed
>
> <Connector port="8009"
>
> enableLookups="false"
>
> redirectPort="8443"
>
> protocol="AJP/1.3" />
>
> ~~ other configurations
>
> <Host
>
> name="mydomain.com"
>
> appBase="someotherdirectory/mydomain.com/webapps"
>
> unpackWARs="true"
>
> autoDeploy="true">
>
> </Host>
>
> ~~ other hosts to follow, mimic same format
>
>
>
>
>
> I have read so much and now I am more confused than ever. Can someone please
> shed some light?
>
>
>
>
>
> ~LZM~
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.21.1/1297 - Release Date: 2/25/2008
> 9:22 AM
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org