Re: Debugging tomcat-apache(mod_jk) bridge
I got busy at work and could not get back with information. Chris, The inconsistencies you have pointed out are my mistake in the email trying to clean up the URLs to shorten the strings and to remove machine specific identifying information. The config files are consistent and I still get the error. André, Thanks for the detailed information. I did not try the SetHandler way of configration and gave up on using mod_jk. I recompiled apache to include the mod_proxy_ajp and got tomcat to respond to the URL request right away in the first try. Then again I have different kinds of problems with this. I could not find any detailed information and so I do not know if I am doing any mistakes. I am worried that I might be serving up files I am not supposed. Do you have any pointers/URLs that gives more information on mod_proxy_ajp? Also as I promised here is the mod_jk.log after running it in debug mode ( please note that I am not looking for an answer but would still be looking to figure out what's happening with mod_jk) -- [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] uri_worker_map_dump::jk_uri_worker_map.c (176): generation 1: size=1 nosize=0 capacity=4 [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] uri_worker_map_dump::jk_uri_worker_map.c (186): NEXT (1) map #0: uri=/test/* worker=A context=/test/* source=JkMount type=Wildchar len=11 [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_set_time_fmt::jk_util.c (458): Pre-processed log time stamp format is '[%a %b %d %H:%M:%S %Y] ' [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] init_jk::mod_jk.c (3123): Setting default connection pool max size to 1 [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_read_property::jk_map.c (491): Adding property 'workers.tomcat_home' with value '/usr/share/tomcat6' to map. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_read_property::jk_map.c (491): Adding property 'workers.java.home' with value '/usr/lib/jvm/java' to map. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.list' with value 'status, A' to map. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.A.type' with value 'ajp13' to map. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.A.host' with value 'localhost' to map. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.A.port' with value '8009' to map. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.A.lbfactor' with value '50' to map. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [warn] jk_map_validate_property::jk_map.c (411): The attribute 'worker.A.cachesize' is deprecated - please check the documentation for the correct replacement. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.A.cachesize' with value '10' to map. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [warn] jk_map_validate_property::jk_map.c (411): The attribute 'worker.A.cache_timeout' is deprecated - please check the documentation for the correct replacement. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.A.cache_timeout' with value '600' to map. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.A.socket_keepalive' with value '1' to map. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.A.socket_timeout' with value '300' to map. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.status.type' with value 'status' to map. [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_resolve_references::jk_map.c (774): Checking for references with prefix worker. with wildcard (recursion 1) [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_shm_calculate_size::jk_shm.c (132): shared memory will contain 1 ajp workers of size 256 and 0 lb workers of size 320 with 0 members of size 320+256 [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] do_shm_open::jk_shm.c (493): Truncated shared memory to 384 [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] do_shm_open::jk_shm.c (538): Initialized shared memory /usr/local/apache2/logs/mod_jk.shm.1680 size=384 free=256 addr=0xb806 [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] do_shm_open_lock::jk_shm.c (412): Opened shared memory lock /usr/local/apache2/logs/mod_jk.shm.1680.lock [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'ServerRoot' - '/usr/local/apache2' [Tue Dec 01 14:13:01 2009] [1680:3083376384] [debug] jk_map_dump::jk_map.c (589): Dump of map:
Re: Debugging tomcat-apache(mod_jk) bridge
On 04.12.2009 09:31, groupalias v wrote: Also as I promised here is the mod_jk.log after running it in debug mode ( please note that I am not looking for an answer but would still be looking to figure out what's happening with mod_jk) -- Skipping init messages ... [Tue Dec 01 14:13:01 2009] [7270:3083376384] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] map_uri_to_worker_ext::jk_uri_worker_map.c (1036): Attempting to map URI '/test/index.jsp' from 1 maps That's the request ... [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] find_match::jk_uri_worker_map.c (850): Attempting to map context URI '/test/*=A' source 'JkMount' [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] find_match::jk_uri_worker_map.c (863): Found a wildchar match '/test/*=A' We know we have to send it via A ... [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] jk_handler::mod_jk.c (2459): Into handler jakarta-servlet worker=A r-proxyreq=0 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] wc_get_worker_for_name::jk_worker.c (116): found a worker A [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] OK, there is a worker named A ... wc_maintain::jk_worker.c (339): Maintaining worker A [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_maintain::jk_ajp_common.c (3081): reached pool min size 5 from 10 cache slots [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] wc_get_name_for_type::jk_worker.c (293): Found worker type 'ajp13' [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] init_ws_service::mod_jk.c (977): Service protocol=HTTP/1.1 method=GET ssl=false host=(null) addr=X.X.X.X name=www.example.com port=80 auth=(null) user=(null) laddr=192.168.2.2 raddr=X.X.X.X uri=/test/index.jsp [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_get_endpoint::jk_ajp_common.c (2977): acquired connection pool slot=0 after 0 retries [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_marshal_into_msgb::jk_ajp_common.c (605): ajp marshaling done [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_service::jk_ajp_common.c (2283): processing A with 2 retries [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_send_request::jk_ajp_common.c (1501): (A) all endpoints are disconnected. We need to connect to A .. [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] jk_open_socket::jk_connect.c (452): socket TCP_NODELAY set to On [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] jk_open_socket::jk_connect.c (489): socket SO_KEEPALIVE set to On [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] jk_open_socket::jk_connect.c (541): timeout 300 set for socket=17 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] jk_open_socket::jk_connect.c (576): trying to connect socket 17 to 127.0.0.1:8009 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] jk_open_socket::jk_connect.c (602): socket 17 connected to 127.0.0.1:8009 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_connect_to_endpoint::jk_ajp_common.c (931): Connected socket 17 to (127.0.0.1:8009) Connected to A as 127.0.0.1 on port 8009 ... [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1070): sending to ajp13 pos=4 len=450 max=8192 I'm missing the request data here? Did you remove it? [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_send_request::jk_ajp_common.c (1560): (A) request body to send 0 - request body to resend 0 OK, we send the request. [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1259): received from ajp13 pos=0 len=19 max=8192 We got 19 Bytes of response ... [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 04 01 90 00 0B 42 61 64 20 52 65 71 75 65 73 74 - .Bad.Request And the response says status = 0x0190 = 400 with status message Bad Request. So whoever or whatever produced this result claims that what it received was a bad request. So maybe the request has inconsistent headers like using content-length together with chunked encoding or similar. [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 001000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_unmarshal_response::jk_ajp_common.c (660): status = 400 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_unmarshal_response::jk_ajp_common.c (667): Number of headers is = 0 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1259): received from ajp13 pos=0 len=2 max=8192 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - [Tue Dec 01 14:13:02 2009] [7267:3083376384]
Re: Debugging tomcat-apache(mod_jk) bridge
I too saw that mod_jk thinks it is talking to tomcat. But I do not see any logs in tomcat to indicate that. Also with the same parameters mod_proxy_ajp is able to fetch my page. Could be some nasty machine specific thing. On Fri, Dec 4, 2009 at 12:45 AM, Rainer Jung rainer.j...@kippdata.de wrote: On 04.12.2009 09:31, groupalias v wrote: Also as I promised here is the mod_jk.log after running it in debug mode ( please note that I am not looking for an answer but would still be looking to figure out what's happening with mod_jk) -- Skipping init messages ... [Tue Dec 01 14:13:01 2009] [7270:3083376384] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] map_uri_to_worker_ext::jk_uri_worker_map.c (1036): Attempting to map URI '/test/index.jsp' from 1 maps That's the request ... [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] find_match::jk_uri_worker_map.c (850): Attempting to map context URI '/test/*=A' source 'JkMount' [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] find_match::jk_uri_worker_map.c (863): Found a wildchar match '/test/*=A' We know we have to send it via A ... [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] jk_handler::mod_jk.c (2459): Into handler jakarta-servlet worker=A r-proxyreq=0 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] wc_get_worker_for_name::jk_worker.c (116): found a worker A [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] OK, there is a worker named A ... wc_maintain::jk_worker.c (339): Maintaining worker A [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_maintain::jk_ajp_common.c (3081): reached pool min size 5 from 10 cache slots [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] wc_get_name_for_type::jk_worker.c (293): Found worker type 'ajp13' [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] init_ws_service::mod_jk.c (977): Service protocol=HTTP/1.1 method=GET ssl=false host=(null) addr=X.X.X.X name=www.example.com port=80 auth=(null) user=(null) laddr=192.168.2.2 raddr=X.X.X.X uri=/test/index.jsp [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_get_endpoint::jk_ajp_common.c (2977): acquired connection pool slot=0 after 0 retries [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_marshal_into_msgb::jk_ajp_common.c (605): ajp marshaling done [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_service::jk_ajp_common.c (2283): processing A with 2 retries [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_send_request::jk_ajp_common.c (1501): (A) all endpoints are disconnected. We need to connect to A .. [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] jk_open_socket::jk_connect.c (452): socket TCP_NODELAY set to On [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] jk_open_socket::jk_connect.c (489): socket SO_KEEPALIVE set to On [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] jk_open_socket::jk_connect.c (541): timeout 300 set for socket=17 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] jk_open_socket::jk_connect.c (576): trying to connect socket 17 to 127.0.0.1:8009 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] jk_open_socket::jk_connect.c (602): socket 17 connected to 127.0.0.1:8009 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_connect_to_endpoint::jk_ajp_common.c (931): Connected socket 17 to (127.0.0.1:8009) Connected to A as 127.0.0.1 on port 8009 ... [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (1070): sending to ajp13 pos=4 len=450 max=8192 I'm missing the request data here? Did you remove it? [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_send_request::jk_ajp_common.c (1560): (A) request body to send 0 - request body to resend 0 OK, we send the request. [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1259): received from ajp13 pos=0 len=19 max=8192 We got 19 Bytes of response ... [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 04 01 90 00 0B 42 61 64 20 52 65 71 75 65 73 74 - .Bad.Request And the response says status = 0x0190 = 400 with status message Bad Request. So whoever or whatever produced this result claims that what it received was a bad request. So maybe the request has inconsistent headers like using content-length together with chunked encoding or similar. [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1259): 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_unmarshal_response::jk_ajp_common.c (660): status = 400 [Tue Dec 01 14:13:02 2009] [7267:3083376384] [debug] ajp_unmarshal_response::jk_ajp_common.c (667): Number of headers is = 0 [Tue Dec 01
Re: Debugging tomcat-apache(mod_jk) bridge
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, On 12/1/2009 10:26 AM, André Warnier wrote: groupalias v wrote: httpd.conf - LoadModule jk_module modules/mod_jk.so IfModule jk_module What the h.. is this line for : ? It's for conditional inclusion of Apache httpd directives when modules may or may not be loaded. No. I was talking about the Alias which follows. Hence the trailing : in my question. Ok, following the colon by a question mark wasn't the clearest thing either... The test I have in my httpd.conf is: IfModule mod_jk.c I can't find any references online to the use of jk_module in IfModule, so the OP might want to change it. Alias /test/ /srv/tomcat6/webapps/A It kind of contradicts these next lines : JKMount/test/ A JkMount /test/* A Because of the Alias line, I don't think that mod_jk even gets to see your /test/ URLs. No, mod_jk gets higher priority than mod_alias. I'm not entirely sure how the pecking order is decided, but I do know that mod_jk gets first shot. Yes, +1 about the not sure. That is why I prefer, rather than JkMount, the form with Location /test SetHandler jakarta-servlet ... /Location At least in that case the precedences are clear, and I find that this syntax fits better with the Apache way of things, and is much more flexible than JkMount/JkUnMount. My general gripe about that Alias line, is that it generally gives access for Apache, to the entire tomcat webapps directory, thus from the start bypassing anything configured at Tomcat level in terms of security. Then later, one has to patch this hole by a series of conditional Deny rules, hoping not to forget one. And in 99% of the cases, one does forget something, such as also forbidding META-INF e.g. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Debugging tomcat-apache(mod_jk) bridge
In response to Chris' question - I have only one tomcat instance running and it picks up the webapps in /srv/tomcat6/webapps/ and the URL www.example.com:8080/test/index.jsp works fine. I tried with the mod_jk.c and jk_module with the same result. In response to André's question this is the first time I am hearing about the SetHandler construct. Is there documentation somewhere I can read? The issue about security is something I am concerned too and thought its too error prone. What is the workers.tomcat_home directive in workers.properties used for? If the communication is over the 8009 port why does apache care about one of tomcat's directories? I will re-create the with mo_jk.c and post them. Thanks, - Vas On Wed, Dec 2, 2009 at 2:30 AM, André Warnier a...@ice-sa.com wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, On 12/1/2009 10:26 AM, André Warnier wrote: groupalias v wrote: httpd.conf - LoadModule jk_module modules/mod_jk.so IfModule jk_module What the h.. is this line for : ? It's for conditional inclusion of Apache httpd directives when modules may or may not be loaded. No. I was talking about the Alias which follows. Hence the trailing : in my question. Ok, following the colon by a question mark wasn't the clearest thing either... The test I have in my httpd.conf is: IfModule mod_jk.c I can't find any references online to the use of jk_module in IfModule, so the OP might want to change it. Alias /test/ /srv/tomcat6/webapps/A It kind of contradicts these next lines : JKMount /test/ A JkMount /test/* A Because of the Alias line, I don't think that mod_jk even gets to see your /test/ URLs. No, mod_jk gets higher priority than mod_alias. I'm not entirely sure how the pecking order is decided, but I do know that mod_jk gets first shot. Yes, +1 about the not sure. That is why I prefer, rather than JkMount, the form with Location /test SetHandler jakarta-servlet ... /Location At least in that case the precedences are clear, and I find that this syntax fits better with the Apache way of things, and is much more flexible than JkMount/JkUnMount. My general gripe about that Alias line, is that it generally gives access for Apache, to the entire tomcat webapps directory, thus from the start bypassing anything configured at Tomcat level in terms of security. Then later, one has to patch this hole by a series of conditional Deny rules, hoping not to forget one. And in 99% of the cases, one does forget something, such as also forbidding META-INF e.g. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Debugging tomcat-apache(mod_jk) bridge
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vas, On 12/2/2009 11:06 AM, groupalias v wrote: In response to Chris' question - I have only one tomcat instance running and it picks up the webapps in /srv/tomcat6/webapps/ and the URL www.example.com:8080/test/index.jsp works fine. - From what you posted earlier, you have a webapp in /srv/tomcat6/webapps/A, which should be accessed via a URL such as: http://www.example.com:8080/A/index.jsp If you have a webapp deployed into /srv/tomcat6/webapps/test, you didn't mention it (and it's important information). If you have no webapp deployed into /srv/tomcat6/webapps/test, then it will use the default webapp which will be in /srv/tomcat6/webapps/ROOT unless otherwise configured. If you have neither of these, I would fully expect to get a 400 error because http://www.example.com:8080/test does not map to any configured webapp. I tried with the mod_jk.c and jk_module with the same result. I don't think mod_jk is the problem, here. Tomcat does not produce a log message when a webapp cannot be found, and you can see mod_jk returning a 400 from Tomcat. I believe this is a webapp deployment problem. What is the workers.tomcat_home directive in workers.properties used for? Nothing. It is an old configuration option that is no longer used. If the communication is over the 8009 port why does apache care about one of tomcat's directories? It doesn't. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksWlvEACgkQ9CaO5/Lv0PAKZwCfXF9s/CPm/PQaugiJrifo8sR8 zikAoK8Hm0th6+x162SE7AxajlsBXkNL =95Ua -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Debugging tomcat-apache(mod_jk) bridge
Check again (I think André's) hint about JkMountCopy. Regards, Rainer On 02.12.2009 17:33, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vas, On 12/2/2009 11:06 AM, groupalias v wrote: In response to Chris' question - I have only one tomcat instance running and it picks up the webapps in /srv/tomcat6/webapps/ and the URL www.example.com:8080/test/index.jsp works fine. - From what you posted earlier, you have a webapp in /srv/tomcat6/webapps/A, which should be accessed via a URL such as: http://www.example.com:8080/A/index.jsp If you have a webapp deployed into /srv/tomcat6/webapps/test, you didn't mention it (and it's important information). If you have no webapp deployed into /srv/tomcat6/webapps/test, then it will use the default webapp which will be in /srv/tomcat6/webapps/ROOT unless otherwise configured. If you have neither of these, I would fully expect to get a 400 error because http://www.example.com:8080/test does not map to any configured webapp. I tried with the mod_jk.c and jk_module with the same result. I don't think mod_jk is the problem, here. Tomcat does not produce a log message when a webapp cannot be found, and you can see mod_jk returning a 400 from Tomcat. I believe this is a webapp deployment problem. What is the workers.tomcat_home directive in workers.properties used for? Nothing. It is an old configuration option that is no longer used. If the communication is over the 8009 port why does apache care about one of tomcat's directories? It doesn't. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksWlvEACgkQ9CaO5/Lv0PAKZwCfXF9s/CPm/PQaugiJrifo8sR8 zikAoK8Hm0th6+x162SE7AxajlsBXkNL =95Ua -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Debugging tomcat-apache(mod_jk) bridge
groupalias v wrote: In response to Chris' question - I have only one tomcat instance running and it picks up the webapps in /srv/tomcat6/webapps/ and the URL www.example.com:8080/test/index.jsp works fine. I tried with the mod_jk.c and jk_module with the same result. In response to André's question this is the first time I am hearing about the SetHandler construct. Is there documentation somewhere I can read? Look at the bottom of this page. http://tomcat.apache.org/connectors-doc/reference/apache.html (Off-topic note : this page seems quite hard to find, starting from the top documentation page for Tomcat 6.0 at http://tomcat.apache.org/tomcat-6.0-doc/index.html Is this a mistake or intentional ?) The issue about security is something I am concerned too and thought its too error prone. What is the workers.tomcat_home directive in workers.properties used for? Chris answered that. Remove it. There are a couple more like that, if you copied an older workers.properties into a newer Tomcat config. If the communication is over the 8009 port why does apache care about one of tomcat's directories? I will be a bit more nuanced (and considerably longer) than Chris here. The Connector port has nothing to do with it. Basically, Apache does not know anything about Tomcat at all, ever. The only thing Apache knows, is that for each request URL, there is a response generator (also called a handler). Apache itself normally generates a response using its own default handler. That handler resolves the URL location, generally, to a file on disk, and returns the content of that file as the response to the request. (I am simplifying a bit, but it is the general idea). Except, if something in the configuration tells it that for some specific URL, there is another handler to use for generating the response. JkMount is such a configuration directive. It tells Apache that for some URLs, it should use another response generator called mod_jk. (The same is achieved by the SetHandler jakarta-servlet directive.) So for such URLs, Apache does not generate the response itself, but passes the request to mod_jk, and expects mod_jk to produce the response. When the response comes from mod_jk, Apache merely copies it back to the browser. Apache has no idea that mod_jk, to produce the response, is using one or more Tomcats in the background. Apache also does not know that mod_jk communicates with Tomcat via port 8009 (or any other port). If instead of talking to a Tomcat via port 8009, mod_jk was talking to you by telephone, and you were writing the response, Apache would not see the difference. But what Apache knows about, is any filesystem location you tell it to look into, to find files to return as response for some URLs. By using the directive Alias /test/ /srv/tomcat6/webapps/A you are telling Apache hey, if the request URL is /test/abc.html, then go look for a file /srv/tomcat6/webapps/A/abc.html. Apache has no idea that this directory is also part of the Tomcat space, and it could not care less. If it looks there, and finds a file abc.html, it will just copy its content to the browser, without ever asking mod_jk or Tomcat anything. In other words, it completely ignores mod_jk and Tomcat, and serves the file directly from the filesystem. That is why this Alias is dangerous. That is also why it is extremely dangerous to do as quite a few people seem to do, to set the Apache DocumentRoot to the webapps directory of Tomcat, thinking hey, I'll serve the static content directly with Apache. (That may be an appropriate thing to do sometimes, but not in this way). According to Chris, the later JkMount's in your config will take precedence over that Alias, and thus override (or cancel) it. But it is not quite clear yet that they always do, and there is no documentation that I know of, that confirms this. Let me give you a partial counter-example : If you had Alias /test/ /srv/tomcat6/webapps/A and then you also had JkMount /test/*.jsp A then indeed, for any request URL starting with /test/ and ending in .jsp, the JkMount would take precedence over the Alias, and that request will be served by mod_jk (and thus really by Tomcat). But for a request URL like /test/secret-data.conf the above JkMount would not take precedence over the Alias, and Apache would serve that file directly from disk. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Debugging tomcat-apache(mod_jk) bridge
Hi, I am trying to set up mod_jk to forward requests to the webapp in tomcat. The webapp itself works when accessed directly. But I get a 400 error in mod_jk when I try to access it (even the index.jsp) through apache. I see the error 400 in mod_jk.log but see nothing in tomcat logs. Its as if the request from mod_jk is not even sent to tomcat. I am sure I can confirm this with tcpdump. The port 8009 is open when I do an nmap scan. Are there tools to debug this? More specifically is there a sanity checking tool to check errors in my apache configuration and workers.properties? Also do I have to do anything special in Tomcat6 to enable JK? It looks I don't have to. AJP is enabled in server.xml. Any help is greatly appreciated. Its driving me nuts :) Here are my configuration files just in case -- I am on suse 11 running apache 2.2 and tomcat6. httpd.conf - LoadModule jk_module modules/mod_jk.so IfModule jk_module Alias /test/ /srv/tomcat6/webapps/A JkWorkersFile /usr/local/apache2/conf/workers.properties JkShmFile /usr/local/apache2/logs/mod_jk.shm JkLogFile /usr/local/apache2/logs/mod_jk.log JkLogLevel debug JkLogStampFormat [%a %b %d %H:%M:%S %Y] JKMount /test/ A JkMount /test/* A JkOptions +ForwardSSLCertChain /IfModule workers.properties file - #Define 1 real worker using ajp13 worker.list=A #Set properties for worker1 (ajp13) worker.A.type=ajp13 worker.A.host=localhost worker.A.port=8009 worker.A.lbfactor=50 worker.A.cachesize=10 worker.A.cache_timeout=600 worker.A.socket_keepalive=1 worker.A.socket_timeout=300 Thanks, - Vas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Debugging tomcat-apache(mod_jk) bridge
groupalias v wrote: httpd.conf - LoadModule jk_module modules/mod_jk.so IfModule jk_module What the h.. is this line for : ? Alias /test/ /srv/tomcat6/webapps/A It kind of contradicts these next lines : JKMount/test/ A JkMount /test/* A Because of the Alias line, I don't think that mod_jk even gets to see your /test/ URLs. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Debugging tomcat-apache(mod_jk) bridge
See answers inline - On Tue, Dec 1, 2009 at 7:26 AM, André Warnier a...@ice-sa.com wrote: groupalias v wrote: httpd.conf - LoadModule jk_module modules/mod_jk.so IfModule jk_module What the h.. is this line for : ? I don't understand. Am I using the wrong module identifier? Or are you saying the module specific tag itself is not needed? Alias /test/ /srv/tomcat6/webapps/A It kind of contradicts these next lines : JKMount /test/ A JkMount /test/* A Because of the Alias line, I don't think that mod_jk even gets to see your /test/ URLs. I do know that mod_jk is being sent the URL request. It is parsing the JKMount line and trying to do something with it. I can see how the alias and the JKMount contradicting each other could be causing the problem. I removed the Alias and tried with the same result. Here is one of the links I referred to during setup. http://forums.opensuse.org/network-internet/416840-apache2-2-tomcat6-mod_jk-suse-11-1-a.html - Vas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Debugging tomcat-apache(mod_jk) bridge
groupalias v wrote: See answers inline - On Tue, Dec 1, 2009 at 7:26 AM, André Warnier a...@ice-sa.com wrote: groupalias v wrote: httpd.conf - LoadModule jk_module modules/mod_jk.so IfModule jk_module What the h.. is this line for : ? I don't understand. Am I using the wrong module identifier? Or are you saying the module specific tag itself is not needed? Alias /test/ /srv/tomcat6/webapps/A It kind of contradicts these next lines : JKMount/test/ A JkMount /test/* A Because of the Alias line, I don't think that mod_jk even gets to see your /test/ URLs. I do know that mod_jk is being sent the URL request. It is parsing the JKMount line and trying to do something with it. I can see how the alias and the JKMount contradicting each other could be causing the problem. I removed the Alias and tried with the same result. Here is one of the links I referred to during setup. http://forums.opensuse.org/network-internet/416840-apache2-2-tomcat6-mod_jk-suse-11-1-a.html These examples are rather bad, for several reasons. One thing hinted at however could be your problem. I have little time now, but : If you are using Virtual Hosts in Apache, look up the JkMountCopy directive. The gist : a JkMount done in the main Apache config, is not necessarily inherited by the VirtualHost sections, even the default one. Also, next time, really show us the section of the mod_jk log where you think you see the error 400. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Debugging tomcat-apache(mod_jk) bridge
Thanks for your reply. I am using the standalone tomcat app server, no web server. We are using tomcat 6.0.20. We installed the self signed certificate on it, its working fine. Now we installed the CA (goDaddy) certificate in order to use CA certificate and updated the server.xml and restarted the tomcat server. But tomcat ssl port is still picking the old self-signed certs. Do you have any idea why it is not picking the godaddy certificates? I mean can you point me what other places of tomcat server, I need to look so that it can pick the goDaddy certificates. Thanks On Tue, Dec 1, 2009 at 3:59 PM, André Warnier a...@ice-sa.com wrote: groupalias v wrote: See answers inline - On Tue, Dec 1, 2009 at 7:26 AM, André Warnier a...@ice-sa.com wrote: groupalias v wrote: httpd.conf - LoadModule jk_module modules/mod_jk.so IfModule jk_module What the h.. is this line for : ? I don't understand. Am I using the wrong module identifier? Or are you saying the module specific tag itself is not needed? Alias /test/ /srv/tomcat6/webapps/A It kind of contradicts these next lines : JKMount/test/ A JkMount /test/* A Because of the Alias line, I don't think that mod_jk even gets to see your /test/ URLs. I do know that mod_jk is being sent the URL request. It is parsing the JKMount line and trying to do something with it. I can see how the alias and the JKMount contradicting each other could be causing the problem. I removed the Alias and tried with the same result. Here is one of the links I referred to during setup. http://forums.opensuse.org/network-internet/416840-apache2-2-tomcat6-mod_jk-suse-11-1-a.html These examples are rather bad, for several reasons. One thing hinted at however could be your problem. I have little time now, but : If you are using Virtual Hosts in Apache, look up the JkMountCopy directive. The gist : a JkMount done in the main Apache config, is not necessarily inherited by the VirtualHost sections, even the default one. Also, next time, really show us the section of the mod_jk log where you think you see the error 400. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Debugging tomcat-apache(mod_jk) bridge
From: Ashok Kumar [mailto:asho...@gmail.com] Subject: Re: Debugging tomcat-apache(mod_jk) bridge Thanks for your reply. I am using the standalone tomcat app server, no web server. You replied to the wrong thread - the subject line should have given you a clue. No one has attempted to respond to your original inquiry. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Debugging tomcat-apache(mod_jk) bridge
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, On 12/1/2009 10:26 AM, André Warnier wrote: groupalias v wrote: httpd.conf - LoadModule jk_module modules/mod_jk.so IfModule jk_module What the h.. is this line for : ? It's for conditional inclusion of Apache httpd directives when modules may or may not be loaded. The test I have in my httpd.conf is: IfModule mod_jk.c I can't find any references online to the use of jk_module in IfModule, so the OP might want to change it. Alias /test/ /srv/tomcat6/webapps/A It kind of contradicts these next lines : JKMount/test/ A JkMount /test/* A Because of the Alias line, I don't think that mod_jk even gets to see your /test/ URLs. No, mod_jk gets higher priority than mod_alias. I'm not entirely sure how the pecking order is decided, but I do know that mod_jk gets first shot. Here's a question for the OP: what URL are you trying to access? A 400 error (Bad Request) usually means that you made a request that didn't map to a deployed webapp. Presumably, there is a webapp deployed into the /srv/tomcat6/webapps/A directory. Are there any other webapps deployed? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksVzRsACgkQ9CaO5/Lv0PDOyQCeP4l4nZXLLSBuU9uSgO8EScIy a0sAoJWb02JuFuMINLYFzy3PoDll/rPD =+VPI -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org