Re: tomcat 7.0.100 AJP connector with mod_jk on another host
Hello, > If you don't set secretRequired="false" properly then at start time Tomcat > will complain if there is no specified "secret" attribute. > If it doesn't complain then most probably you are testing again with the > wrong server.xml or old version of Tomcat. the issue seems to be that mod_jk no longer works without a password with tomcat7. So you need to set a password on both sites, and than everything works again. server.xml: workers.properties of mod_jk worker.tomcat-06.secret=verysecure If I do _not_ set a password I'm getting a 403 no matter what I do. Cheers, Thomas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 7.0.100 AJP connector with mod_jk on another host
Hello Martin, > > This should be: secretRequired="false". > > This attribute has been renamed recently. I just looked at my notes, and I tried that already yesterday night. Still facing the same problem with 403. Might it be possible that I need to use a secret in order to access ajp from mod_jk? Cheers, Thomas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 7.0.100 AJP connector with mod_jk on another host
Hello Martin, > This should be: secretRequired="false". > This attribute has been renamed recently. thanks. I'll test later and let you know how it went. Cheers, Thomas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 7.0.100 AJP connector with mod_jk on another host
Hello, the problem was that I edited the wrong server.xml. The one that was not used. So now that I figured that out, settings these two settings help. However when I try to access this using mod_jk, I get a 403. I used a sniffer and it is coming from the AJP connector. So I tried to set allowedRequestAttributesPattern=".*" but that did not solve my problems, any ideas? Setup is: apache with mod_jk 1.2.46 load balances over 4 tomcats on seperate hosts. Cheers, Thomas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat 7.0.100 AJP connector with mod_jk on another host
Hello, I've just upgraded to tomcat7 (7.0.100) afterwards I'm unable to reconfigure it to the pre 7.0.100 behaviour where AJP connector listens on the public ip address in order to use it with mod_jk. Can someone help me out to make it works again? My server.xml is: The issue seems to be, that even when I add the address property to the above AJP connector, it does not listen on its internal ip address so it can not be reached from mod_jk which is running on another host: (tomcat-06) [/etc/tomcat7] lsof -P -i -n | grep -i tomcat java 29094 tomcat7 16u IPv6 4315605 0t0 TCP *:46937 (LISTEN) java 29094 tomcat7 17u IPv6 4315606 0t0 TCP *:3000 (LISTEN) java 29094 tomcat7 19u IPv6 4316198 0t0 TCP *:42795 (LISTEN) java 29094 tomcat7 56u IPv6 4278035 0t0 TCP *:8080 (LISTEN) java 29094 tomcat7 57u IPv6 4278036 0t0 TCP 127.0.0.1:8009 (LISTEN) java 29094 tomcat7 238u IPv6 4316200 0t0 TCP 127.0.0.1:8005 (LISTEN) Cheers, Thomas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk taking a single tomcat-worker offline for software maintenance
Hello, I have mod_jk version 1:1.2.18-3etch1 (which comes with Debian Etch) as loadbalancer in front of four tomcats version 5.5.20-2etch2 that do not duplicate sessions because of their size (100Mbyte per session; 120 - 500 users). My workers.property looks the following: worker.list=router, jkstatus worker.router.type=lb worker.router.balance_workers=tomcat-01, tomcat-02, tomcat-03, tomcat-04 worker.tomcat-01.type=ajp13 worker.tomcat-01.host=tomcat-01 worker.tomcat-01.port=8009 worker.tomcat-01.lbfactor=1 worker.tomcat-02.type=ajp13 worker.tomcat-02.host=tomcat-02 worker.tomcat-02.port=8009 worker.tomcat-02.lbfactor=1 worker.tomcat-03.type=ajp13 worker.tomcat-03.host=tomcat-03 worker.tomcat-03.port=8009 worker.tomcat-03.lbfactor=1 worker.tomcat-04.type=ajp13 worker.tomcat-04.host=tomcat-04 worker.tomcat-04.port=8009 worker.tomcat-04.lbfactor=2 worker.jkstatus.type=status I have to schedule once a week a software update, so I have to take a tomcat server offline to upgrade the software. The problem is that I don't want to kick any users. So I switch in jk_status the mode to disabled. This works for most of the users. After their session times out, they're gone. But I have a few sticky users, who leave their browser open (and come back after 4 hours or a day) or bookmark a site that contains a session id. Mod jk sees the session id and directs it to the disabled tomcat. On the tomcat itself the session id is invalid, it generates a new one and I have the user back on my disabled tomcat. Duplicating the session to another tomcat is currently not possible because a single session has around 100 Mbyte and even in off-hours like right now, there are 100 active sessions. How do other people handle this problem? Is there a way to make mod_jk to check if the session is still active on the tomcat (maybe with a newer version) and only puts a session to a disabled tomcat if indeed the session is still active on that tomcat? Thomas - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk taking a single tomcat-worker offline for softwaremaintenance
Rainer, No, the design of mod_jk is stateless w.r.t. sessions. There are only the obvious solutions, i.e. assuming that after some time of disabling (time depending on typical session use cases like 10 minutes or an hour) you stop the worker and thereby redirect users that still try to use the node to another node. They'll get an error of course and would need to relogin. Usually with some time of disable status you can reduce the number of sessions, that will need to relogin and thus be disturbed by your maintenance to about 5% (your mileage may vary). If you want to improve user experience more, you could include a maintenance information in your app, like Please logout and relogin during the next hour because we have a maintenance scheduled starting at thank you a lot for the fast follow-up and the clarification of the stateless architecture of mod_jk in case of session ids. I will continue to do the obvious as you described it. Thomas - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
