mod_jk Tomcat-Apache连接器,第一个webapp工作,第二个webapp无法访问
[英]mod_jk Tomcat-Apache connector, 1st webapp works, 2nd webapp inaccessible
问题描述
I have a configuration problem that has me stumped. 
我有一个配置问题,让我难过。 I have a couple webapps that run in Tomcat and are connected and accessed through Apache httpd. 我有两个在Tomcat中运行的Web应用程序,它们通过Apache httpd连接和访问。 I previously used Tomcat 7 and Apache 2.2, and I installed Tomcat 9 and Apache 2.4 and loaded my webapps. 我之前使用过Tomcat 7和Apache 2.2,我安装了Tomcat 9和Apache 2.4并加载了我的webapps。 I read up on the configuration changes, and I thought I adjusted as needed, but for some reason only one of my two apps is accessible. 我读了配置更改,我认为我根据需要进行了调整,但出于某种原因,我的两个应用程序中只有一个可以访问。 That should rule a lot of things out, since the one works just fine. 这应该排除很多事情,因为那个工作得很好。
I will add below my abbreviated Apache httpd config. 我将在下面添加我的缩写Apache httpd配置。 I did adjust the Order deny,allow stuff to Require all granted in the conf file. 我确实调整了顺序拒绝,允许东西要求在conf文件中授予所有权限。 I wonder if it's related to the JkMount directives, but this is how it worked in Apache 2.2. 我想知道它是否与JkMount指令有关,但这是它在Apache 2.2中的工作方式。 Could it be related to one of the webapps running as ROOT /? 它可能与以ROOT /运行的其中一个webapp相关吗? I do see some errors in my mod_jk.log such as: 我确实在mod_jk.log中看到了一些错误,例如:
[info] jk_open_socket::jk_connect.c (817): connect to 127.0.0.1:8010 failed (errno=61)
[info] ajp_connect_to_endpoint::jk_ajp_common.c (1068): (worker1) Failed opening socket to (127.0.0.1:8010) (errno=61)
[error] ajp_send_request::jk_ajp_common.c (1728): (worker1) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=61)
[info] ajp_service::jk_ajp_common.c (2778): (worker1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1)
..
[info] ajp_service::jk_ajp_common.c (2778): (worker1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
[error] ajp_service::jk_ajp_common.c (2799): (worker1) connecting to tomcat failed (rc=-3, errors=1, client_errors=0).
[info] jk_handler::mod_jk.c (2995): Service error=-3 for worker=worker1
Any help is greatly appreciated! 任何帮助是极大的赞赏!
Apache 2.4 httpd.conf Apache 2.4 httpd.conf
Listen 80
LoadModule ssl_module modules/mod_ssl.so
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkShmFile "logs/mod_jk.shm"
JkLogFile "logs/mod_jk.log"
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkMount / worker1
JkMount /* worker1
JkMount /webapp2 worker1
JkMount /webapp2/* worker1
ServerName sub.mydomain.com:80
Include conf/extra/httpd-ssl.conf
Apache 2.4 httpd-ssl.conf Apache 2.4 httpd-ssl.conf
Listen 443
Protocols h2 http/1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:80>
ServerName sub.mydomain.com
Redirect permanent / https://sub.mydomain.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName sub.mydomain.com:443
<Location />
Require all granted
</Location>
<Location /webapp2>
Require all granted
</Location>
SSLEngine on
SSLCertificateFile "C:/ssl/mycert.crt"
SSLCertificateKeyFile "C:/ssl/mykey.key"
SSLCertificateChainFile "C:/ssl/mycabundle.crt"
</VirtualHost>
Apache 2.4 workers.properties Apache 2.4 workers.properties
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8010
Tomcat 9 server.xml Tomcat 9 server.xml
<Connector port="8010" URIEncoding="utf-8" protocol="AJP/1.3" redirectPort="8443" />
By the way, this is in Windows. 顺便说一句,这是在Windows中。
2 个解决方案
解决方案1
3 已采纳 2018-06-14 16:33:06
Ok I finally figured this out. 好吧,我终于想通了。 I was looking in the wrong place. 我在找错了地方。 I tested a different way and it seemed like the Apache to Tomcat connection was actually working for the second webapp as well. 我测试了一种不同的方式,似乎Apache到Tomcat连接实际上也在为第二个webapp工作。 The problem actually occurred in PHP code on another server trying to access a resource in this second webapp (and that is this second webapp's sole purpose). 问题实际上发生在试图访问第二个webapp中的资源的另一台服务器上的PHP代码中(这是第二个webapp的唯一目的)。 Apparently when I switched from Apache httpd 2.2 to 2.4, the method used in that remote PHP code was no longer able to successfully POST to the webapp resource and retrieve a result. 显然,当我从Apache httpd 2.2切换到2.4时,该远程PHP代码中使用的方法不再能够成功POST到webapp资源并检索结果。 The code hadn't changed at all. 代码根本没有改变。 That made it look at first like the webapp was inaccessible. 这使得它首先看起来像webapp无法访问。 When I changed the PHP method used for POST from fsockopen()/fwrite()/fgets()/etc. 当我从fsockopen()/ fwrite()/ fgets()/ etc更改用于POST的PHP方法时。 to file_get_contents(), then it worked. 到file_get_contents(),然后它工作。 More granular error reporting a more thorough test early on would have helped, but wow what a bugger of a problem. 早期更详细的错误报告更彻底的测试会有所帮助,但是哇哇哇哇哇哇哇哇哇哇哇哇哇哇 I never would have guessed that would be a problem and I wonder why that didn't work after the change... something else to research or perhaps another question. 我从来没有想到这会是一个问题,我想知道为什么在改变之后这不起作用...还有其他研究或者其他问题。 I don't know how to explain the errors in the mod_jk.log. 我不知道如何解释mod_jk.log中的错误。 Perhaps I had something wrong temporarily. 也许我暂时有些不对劲。 But there aren't more errors currently. 但目前没有更多的错误。
解决方案2
0 2018-06-09 05:36:06
If you are in Linux. 如果你在Linux。 You should try issuing "setenforce 0". 你应该尝试发出“setenforce 0”。 Then to check if it was successfull if you issue "getenforce" you should get "Permissive". 然后检查它是否成功如果你发出“getenforce”你应该得到“Permissive”。
I mean All of this in the linux shell. 我的意思是linux shell中的所有这些。 I went this way 2 months ago. 我2个月前就这样走了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.