AJP 连接器和 Tomcat 8.5.54 之间的网关超时问题

Question

I have a tomcat 8 server fronted by Apache 2 (2.4.25) on debian 9.12 (stretch) system and I'm using ajp connector between apache2 an tomcat. JDK version is Oracle JDK 1.8.0_252-8u252-b09-1~deb9u1-b09. Everything was working fine until tomcat8 automatically updated to 8.5.54. But now when accesing application through ajp there is a 504 time-out Gateway error.

The tomcat8 server was automatically updated this morning

Start-Date: 2020-05-05  06:01:41
Commandline: /usr/bin/unattended-upgrade
Upgrade: libservlet3.1-java:amd64 (8.5.50-0+deb9u1, 8.5.54-0+deb9u1),
libtomcat8-java:amd64 (8.5.50-0+deb9u1, 8.5.54-0+deb9u1),
tomcat8-examples:amd64 (8.5.50-0+deb9u1, 8.5.54-0+deb9u1),
tomcat8-admin:amd64 (8.5.50-0+deb9u1, 8.5.54-0+deb9u1),
tomcat8-common:amd64 (8.5.50-0+deb9u1, 8.5.54-0+deb9u1), tomcat8:amd64
(8.5.50-0+deb9u1, 8.5.54-0+deb9u1), tomcat8-docs:amd64 (8.5.50-0+deb9u1,
8.5.54-0+deb9u1)
End-Date: 2020-05-05  06:01:52

Nothing changed in the apache2 and tomcat8 configuration file. I can still acces the tomcat manager interface and I can see my applications running. I can acces the tomcat applications with localhost, but not through the apache2 server.

For example, I have the application QCM1 deployed on the tomcat8 server. If I perform the following wget command

wget http://localhost:8080/QCM1

the response is correct, but when I perform

wget http://myserve.mydomain.fr/QCM1

there is 504 Gateway Time-out error

To enable redirection of HTTP request to the tomcat server, there is the following directive in the apache2 configuration file (that directive was working fie before the update of tomcat8)

ProxyPass /QCM1 ajp://localhost:8009/QCM1

What am I missing? Thanks for your help.

Answer 1

Finally I've found a solution, the stack trace of the error was:

05-May-2020 16:29:01.292 GRAVE [main]
org.apache.catalina.core.StandardService.startInternal Failed to start connector [Connector[AJP/1.3-8009]]
org.apache.catalina.LifecycleException: Le démarrage du gestionnaire de protocole a échoué 
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1086)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:440)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:766)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.startup.Catalina.start(Catalina.java:688)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)

a solution to fix this problem was to change the configuration of the AJP connector in the server.xml file and to add a secretRequired attribute as Jainender Chauhan suggested in his response to Springboot -The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "" after upgrade to 2.2.5

<Connector protocol="AJP/1.3" port="8009" redirectPort="8443" secretRequired="false" />

It works fine. But I'm not sure it's the best and the most secure way of proceeding