Hi André, Here is some info on the setup, let me know what it tells you.
tomcat etc/tomcat drwxrwxr-x. 3 root tomcat 23 Nov 18 17:48 Catalina -rw-r--r--. 1 root tomcat 13443 Oct 16 09:16 catalina.policy -rw-r--r--. 1 root tomcat 6496 Oct 16 09:16 catalina.properties drwxr-xr-x. 2 root tomcat 20 Nov 18 17:48 conf.d -rw-r--r--. 1 root tomcat 1394 Oct 16 09:16 context.xml -rw-r--r--. 1 root tomcat 547 Oct 16 09:16 log4j.properties -rw-r--r--. 1 root tomcat 3288 Oct 16 09:16 logging.properties -rw-r--r--. 1 root tomcat 6613 Oct 16 09:16 server.xml -rw-r--r--. 1 root tomcat 1651 Oct 16 09:16 tomcat.conf -rw-r-----. 1 root tomcat 2418 Oct 16 09:16 tomcat-users.xml -rw-r--r--. 1 root tomcat 167655 Oct 16 09:16 web.xml DocumentRoot (from httpd.conf) var/www/html ServerRoot (from httpd.conf) /etc/httpd webapps directory is at /var/lib/tomcat tomcat.conf # System-wide configuration file for tomcat services # This will be loaded by systemd as an environment file, # so please keep the syntax. For shell expansion support # place your custom files as /etc/tomcat/conf.d/*.conf # # There are 2 "classes" of startup behavior in this package. # The old one, the default service named tomcat.service. # The new named instances are called tomcat@instance.service. # # Use this file to change default values for all services. # Change the service specific ones to affect only one service. # For tomcat.service it's /etc/sysconfig/tomcat, for # tomcat@instance it's /etc/sysconfig/tomcat@instance. # This variable is used to figure out if config is loaded or not. TOMCAT_CFG_LOADED="1" # In new-style instances, if CATALINA_BASE isn't specified, it will # be constructed by joining TOMCATS_BASE and NAME. TOMCATS_BASE="/var/lib/tomcats/" # Where your java installation lives JAVA_HOME="/usr/lib/jvm/jre" # Where your tomcat installation lives CATALINA_HOME="/usr/share/tomcat" # System-wide tmp CATALINA_TMPDIR="/var/cache/tomcat/temp" # You can pass some parameters to java here if you wish to #JAVA_OPTS="-Xminf0.1 -Xmaxf0.3" # Use JAVA_OPTS to set java.library.path for libtcnative.so #JAVA_OPTS="-Djava.library.path=/usr/lib" # You can change your tomcat locale here #LANG="en_US" # Run tomcat under the Java Security Manager SECURITY_MANAGER="false" # Time to wait in seconds, before killing process # TODO(stingray): does nothing, fix. # SHUTDOWN_WAIT="30" # If you wish to further customize your tomcat environment, # put your own definitions here # (i.e. LD_LIBRARY_PATH for some jdbc drivers) <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> On Sun, Nov 25, 2018 at 4:19 PM André Warnier (tomcat) <a...@ice-sa.com> wrote: > On 25.11.2018 21:43, Lou Wallace wrote: > > Whew. Just read that link > > > > Warning: If Apache and Tomcat are configured to serve content from the > same > > file system location then care must be taken to ensure that Apache is not > > able to serve inappropriate content such as the contents of the WEB-INF > > directory or JSP source code. > > > > This could occur if the Apache DocumentRoot overlaps with a Tomcat Host's > > appBase or the docBase of any Context. It could also occur when using the > > Apache Alias directive with a Tomcat Host's appBase or the docBase of any > > Context. > > > > And I just checked and sure enough I can access from the browser the > > contents of the site directory. Now I haven't yet configured httpd-vhosts > > to define site yet - could that be why I can access the directory itself > > from a browser? > > > > And where do I look to see if Apache DocumentRoot overlaps with a Tomcat > > Host's appBase or the docBase? > > > > Make a picture. I'm not kidding. > Presumably, you know what a filesystem directory structure looks like. > So make a little schema of the Apache httpd document directories, starting > at what is > indicated in the DocumentRoot of the httpd.conf (or apache2.conf or > whatever it is on your > system); and make a similar schema of the directories of Tomcat, starting > at the positions > mentioned in the appBase/docBase attributes. > If any of these overlap, you have a problem. It is not a fatal problem, > and one can avoid > the problem with a careful httpd configuration. But if there is an > overlap, you are always > at risk of forgetting to configure this properly, so better to avoid it > altogether. > (Of course, all of this can happen only if Apache httpd and Tomcat are > running on the same > host; if not, there is no such risk. Unless of course they share some > common network > directories.. > > browser <- A+B -> httpd + mod_jk <-- B --> tomcat > | | > A B > | | > httpd DocumentRoot webapps > sub-directories | > and files -- webbap-1 > - files (1) > |- WEB-INF > |- files (2) > Legend : > - A+B are all requests sent by the browser, to the front-end httpd. > Some of these requests are for documents/applications on the front-end > (A). > Some of these requests are for the back-end tomcat's webapps (B). > httpd + mod_jk "know" which requests to proxy to tomcat (B), by the > "JkMount" > directives. What is not proxied to tomcat (aka "not B") is served > locally by > httpd (A). > As long as "httpd DocumentRoot" and "webapps" are totally separate on > disk, there is no > problem. > The problem is when some part of "httpd DocumentRoot" overlaps some part > of "webapps". > Then for example a browser can send something which appears to be directed > at httpd > (iow a URL addressing A), but which in reality accesses something under > "webapps". > Because then, httpd will serve this "raw", and none of the security (or > JSP compilation > and execution of (1)) of tomcat will ever even know that httpd is serving > things from > under its nose, even forbidden things (2). > > Clear ? > > > > > > > > > > On Sun, Nov 25, 2018 at 3:36 PM André Warnier (tomcat) <a...@ice-sa.com> > > wrote: > > > >> Hi. > >> I have not been following this in detail, but some of the things I've > seen > >> written made me > >> think of the warning (in red type) on the page : > >> http://tomcat.apache.org/connectors-doc/reference/apache.html > >> > >> In other words, if your front-end Apache httpd is configured in such a > way > >> that, to serve > >> a request URL from a browser, it /can/ access a directory and files > which > >> really belong to > >> Tomcat, then all kinds of weird and dangerous things will happen. > >> Such as JSP pages being served 'as is', and browsers being able to > access > >> directories and > >> files which Tomcat would normally forbid (such as the content of a > >> webapps/yourapp/WEB-INF > >> directory). > >> > >> > >> > >> On 25.11.2018 21:26, Lou Wallace wrote: > >>> How will selinux help? Not sure what you mean... > >>> > >>> On Sun, Nov 25, 2018 at 3:16 PM Loai Abdallatif < > >> loai.abdalla...@gmail.com> > >>> wrote: > >>> > >>>> try selinux to permissive mode using #setenforce 0 to exclude it from > >>>> analyses > >>>> > >>>> On Sun, Nov 25, 2018 at 8:05 PM Lou Wallace <mrlouwall...@gmail.com> > >>>> wrote: > >>>> > >>>>> hey Greg, > >>>>> > >>>>> No obvious errors in mod_jk log. Only has five lines > >>>>> > >>>>> [Sun Nov 25 15:22:11.637 2018] [14159:139840145266816] [info] > >>>>> init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized > >>>>> [Sun Nov 25 15:22:11.657 2018] [14159:139840145266816] [info] > >>>>> init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized > >>>>> [Sun Nov 25 15:37:01.930 2018] [15407:140260327409792] [info] > >>>>> init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized > >>>>> [Sun Nov 25 15:37:01.951 2018] [15407:140260327409792] [info] > >>>>> init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized > >>>>> [Sun Nov 25 18:00:36.252 2018] [26421:139699565041792] [info] > >>>>> init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized > >>>>> [Sun Nov 25 18:00:36.276 2018] [26421:139699565041792] [info] > >>>>> init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized > >>>>> > >>>>> error_log > >>>>> > >>>>> [Sun Nov 25 18:00:36.250346 2018] [core:notice] [pid 26421] SELinux > >>>> policy > >>>>> enabled; httpd running as context system_u:system_r:httpd_t:s0 > >>>>> [Sun Nov 25 18:00:36.251392 2018] [suexec:notice] [pid 26421] > AH01232: > >>>>> suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) > >>>>> [Sun Nov 25 18:00:36.252380 2018] [jk:warn] [pid 26421] No JkLogFile > >>>>> defined in httpd.conf. Using default /etc/httpd/logs/mod_jk.log > >>>>> [Sun Nov 25 18:00:36.252466 2018] [jk:warn] [pid 26421] No JkShmFile > >>>>> defined in httpd.conf. Using default > /etc/httpd/logs/jk-runtime-status > >>>>> [Sun Nov 25 18:00:36.273798 2018] [auth_digest:notice] [pid 26421] > >>>> AH01757: > >>>>> generating secret for digest authentication ... > >>>>> [Sun Nov 25 18:00:36.275236 2018] [lbmethod_heartbeat:notice] [pid > >> 26421] > >>>>> AH02282: No slotmem from mod_heartmonitor > >>>>> [Sun Nov 25 18:00:36.276120 2018] [jk:warn] [pid 26421] No JkLogFile > >>>>> defined in httpd.conf. Using default /etc/httpd/logs/mod_jk.log > >>>>> [Sun Nov 25 18:00:36.276179 2018] [jk:warn] [pid 26421] No JkShmFile > >>>>> defined in httpd.conf. Using default > /etc/httpd/logs/jk-runtime-status > >>>>> [Sun Nov 25 18:00:36.280163 2018] [mpm_prefork:notice] [pid 26421] > >>>> AH00163: > >>>>> Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 configured -- > >>>>> resuming normal operations > >>>>> [Sun Nov 25 18:00:36.280201 2018] [core:notice] [pid 26421] AH00094: > >>>>> Command line: '/usr/sbin/httpd -D FOREGROUND' > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> On Sun, Nov 25, 2018 at 12:42 PM Greg Huber <gregh3...@gmail.com> > >> wrote: > >>>>> > >>>>>> OK, sorry, if you are remote then 8080 port may not be open. > >>>>>> > >>>>>> You need to check tomcat app actually shows the page correctly. > >>>>>> > >>>>>> If the page http://IP/index.jsp <http://IP:8080/index.jsp> > >>>>>> just shows the jsp, have a look at the /var/log/httpd logs to see > what > >>>>> its > >>>>>> doing, > >>>>>> > >>>>>> eg access.log > >>>>>> xxx.xxx.xxx.xxx.xxx - - [25/Nov/2018:07:28:08 +0000] "GET /index.jsp > >>>>>> HTTP/1.1" 200 27080 " > >>>>>> > >>>>>> also look in the error.log for errors > >>>>>> > >>>>>> mod_jk.log > >>>>>> [Sun Nov 25 07:27:10 2018][1452:140132954712192] [info] > >>>> init_jk::mod_jk.c > >>>>>> (3591): mod_jk/1.2.46 initialized > >>>>>> > >>>>>> You could try yum package links which is a command line browser. > >>>>>> > >>>>>> Name : links > >>>>>> Arch : x86_64 > >>>>>> Epoch : 1 > >>>>>> Version : 2.13 > >>>>>> Release : 1.el7 > >>>>>> Size : 2.8 M > >>>>>> Repo : epel/x86_64 > >>>>>> Summary : Web browser running in both graphics and text mode > >>>>>> URL : http://links.twibright.com/ > >>>>>> Licence : GPLv2+ > >>>>>> Description : Links is a web browser capable of running in either > >>>>> graphics > >>>>>> or text mode. > >>>>>> : It provides a pull-down menu system, renders complex > >>>> pages, > >>>>>> has partial HTML > >>>>>> : 4.0 support (including tables, frames and support > for > >>>>>> multiple character sets > >>>>>> : and UTF-8), supports color and monochrome terminals > and > >>>>>> allows horizontal > >>>>>> : scrolling. > >>>>>> > >>>>>> On Sun, 25 Nov 2018 at 17:07, Lou Wallace <mrlouwall...@gmail.com> > >>>>> wrote: > >>>>>> > >>>>>>> How can I do that from the command line shell? I tried it from > >>>> browser > >>>>>> and > >>>>>>> it timed out using http://IP:8080/index.jsp > >>>>>>> > >>>>>>> > >>>>>>> On Sun, Nov 25, 2018 at 11:54 AM Greg Huber <gregh3...@gmail.com> > >>>>> wrote: > >>>>>>> > >>>>>>>>>> But my .jsp web page is still showing as plain text > >>>>>>>> > >>>>>>>> With tomcat running does it show correctly ie > >>>>>>>> http://127.0.0.1:8080/../mypage.jsp > >>>>>>>> > >>>>>>>> then try http://127.0.0.1/../mypage.jsp > >>>>>>>> > >>>>>>>> ###### > >>>>>>>> > >>>>>>>> tomcat server.xml using default port > >>>>>>>> <Connector port="8080" protocol="HTTP/1.1" > >>>>>>>> connectionTimeout="20000" > >>>>>>>> redirectPort="8443" /> > >>>>>>>> > >>>>>>>> > >>>>>>>> On Sun, 25 Nov 2018 at 15:28, Lou Wallace <mrlouwall...@gmail.com > > > >>>>>>> wrote: > >>>>>>>> > >>>>>>>>> hmm this is weird > >>>>>>>>> > >>>>>>>>> After adding > >>>>>>>>> > >>>>>>>>> #Options Indexes FollowSymLinks > >>>>>>>>> #No folders/files listed > >>>>>>>>> Options -Indexes -FollowSymLinks > >>>>>>>>> > >>>>>>>>> I decided to allow httpd.conf to try and load mod_jk.so again so > >>>> I > >>>>>>> added > >>>>>>>>> back LoadModule jk_module /etc/httpd/modules/mod_jk.so and > >>>>> restarted > >>>>>>>> httpd > >>>>>>>>> > >>>>>>>>> then when I do apachectl -M I see as last entry in the list > >>>>>>>>> > >>>>>>>>> Loaded Modules: > >>>>>>>>> core_module (static) > >>>>>>>>> so_module (static) > >>>>>>>>> http_module (static) > >>>>>>>>> access_compat_module (shared) > >>>>>>>>> actions_module (shared) > >>>>>>>>> alias_module (shared) > >>>>>>>>> allowmethods_module (shared) > >>>>>>>>> auth_basic_module (shared) > >>>>>>>>> auth_digest_module (shared) > >>>>>>>>> authn_anon_module (shared) > >>>>>>>>> authn_core_module (shared) > >>>>>>>>> authn_dbd_module (shared) > >>>>>>>>> authn_dbm_module (shared) > >>>>>>>>> authn_file_module (shared) > >>>>>>>>> authn_socache_module (shared) > >>>>>>>>> authz_core_module (shared) > >>>>>>>>> authz_dbd_module (shared) > >>>>>>>>> authz_dbm_module (shared) > >>>>>>>>> authz_groupfile_module (shared) > >>>>>>>>> authz_host_module (shared) > >>>>>>>>> authz_owner_module (shared) > >>>>>>>>> authz_user_module (shared) > >>>>>>>>> autoindex_module (shared) > >>>>>>>>> cache_module (shared) > >>>>>>>>> cache_disk_module (shared) > >>>>>>>>> data_module (shared) > >>>>>>>>> dbd_module (shared) > >>>>>>>>> deflate_module (shared) > >>>>>>>>> dir_module (shared) > >>>>>>>>> dumpio_module (shared) > >>>>>>>>> echo_module (shared) > >>>>>>>>> env_module (shared) > >>>>>>>>> expires_module (shared) > >>>>>>>>> ext_filter_module (shared) > >>>>>>>>> filter_module (shared) > >>>>>>>>> headers_module (shared) > >>>>>>>>> include_module (shared) > >>>>>>>>> info_module (shared) > >>>>>>>>> log_config_module (shared) > >>>>>>>>> logio_module (shared) > >>>>>>>>> mime_magic_module (shared) > >>>>>>>>> mime_module (shared) > >>>>>>>>> negotiation_module (shared) > >>>>>>>>> remoteip_module (shared) > >>>>>>>>> reqtimeout_module (shared) > >>>>>>>>> rewrite_module (shared) > >>>>>>>>> setenvif_module (shared) > >>>>>>>>> slotmem_plain_module (shared) > >>>>>>>>> slotmem_shm_module (shared) > >>>>>>>>> socache_dbm_module (shared) > >>>>>>>>> socache_memcache_module (shared) > >>>>>>>>> socache_shmcb_module (shared) > >>>>>>>>> status_module (shared) > >>>>>>>>> substitute_module (shared) > >>>>>>>>> suexec_module (shared) > >>>>>>>>> unique_id_module (shared) > >>>>>>>>> unixd_module (shared) > >>>>>>>>> userdir_module (shared) > >>>>>>>>> version_module (shared) > >>>>>>>>> vhost_alias_module (shared) > >>>>>>>>> dav_module (shared) > >>>>>>>>> dav_fs_module (shared) > >>>>>>>>> dav_lock_module (shared) > >>>>>>>>> lua_module (shared) > >>>>>>>>> mpm_prefork_module (shared) > >>>>>>>>> proxy_module (shared) > >>>>>>>>> lbmethod_bybusyness_module (shared) > >>>>>>>>> lbmethod_byrequests_module (shared) > >>>>>>>>> lbmethod_bytraffic_module (shared) > >>>>>>>>> lbmethod_heartbeat_module (shared) > >>>>>>>>> proxy_ajp_module (shared) > >>>>>>>>> proxy_balancer_module (shared) > >>>>>>>>> proxy_connect_module (shared) > >>>>>>>>> proxy_express_module (shared) > >>>>>>>>> proxy_fcgi_module (shared) > >>>>>>>>> proxy_fdpass_module (shared) > >>>>>>>>> proxy_ftp_module (shared) > >>>>>>>>> proxy_http_module (shared) > >>>>>>>>> proxy_scgi_module (shared) > >>>>>>>>> proxy_wstunnel_module (shared) > >>>>>>>>> ssl_module (shared) > >>>>>>>>> systemd_module (shared) > >>>>>>>>> cgi_module (shared) > >>>>>>>>> jk_module (shared) > >>>>>>>>> > >>>>>>>>> So it says mod_jk is loaded > >>>>>>>>> > >>>>>>>>> But my .jsp web page is still showing as plain text > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> On Sun, Nov 25, 2018 at 5:28 AM Greg Huber <gregh3...@gmail.com> > >>>>>>> wrote: > >>>>>>>>> > >>>>>>>>>> There's the problem, make sure you have copied mod_jk.so to > >>>>>>>>>> /etc/httpd/modules/mod_jk.so > >>>>>>>>>> > >>>>>>>>>> My file size 1,556,816 bytes permission owner root and execute > >>>>>>>>>> > >>>>>>>>>> ls -l /etc/httpd/modules/mod_jk.so > >>>>>>>>>> -rwxrwxr-x 1 root root > >>>>>>>>>> > >>>>>>>>>> also check the x executable > >>>>>>>>>> > >>>>>>>>>> And apachectl -M (sorry not -S) > >>>>>>>>>> ... > >>>>>>>>>> jk_module (shared) > >>>>>>>>>> ... > >>>>>>>>>> > >>>>>>>>>> 10-my.conf and my.conf are preferred as when yum updates httpd > >>>> it > >>>>>>> also > >>>>>>>>>> updates /etc/httpd/conf/httpd.conf. If you change httpd.conf > >>>> you > >>>>>>> then > >>>>>>>>> have > >>>>>>>>>> to merge the httpd.conf.rpmnew as it won't overwrite config. > >>>>>>>>>> > >>>>>>>>>> The only change I make in httpd.conf is to make sure there is > >>>> no > >>>>>>>> browsing > >>>>>>>>>> > >>>>>>>>>> #Options Indexes FollowSymLinks > >>>>>>>>>> #No folders/files listed > >>>>>>>>>> Options -Indexes -FollowSymLinks > >>>>>>>>>> > >>>>>>>>>> Cheers Greg > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> On Sat, 24 Nov 2018 at 22:02, Lou Wallace < > >>>>> mrlouwall...@gmail.com> > >>>>>>>>> wrote: > >>>>>>>>>> > >>>>>>>>>>> Here is what I see > >>>>>>>>>>> > >>>>>>>>>>> Loaded Modules: > >>>>>>>>>>> core_module (static) > >>>>>>>>>>> so_module (static) > >>>>>>>>>>> http_module (static) > >>>>>>>>>>> access_compat_module (shared) > >>>>>>>>>>> actions_module (shared) > >>>>>>>>>>> alias_module (shared) > >>>>>>>>>>> allowmethods_module (shared) > >>>>>>>>>>> auth_basic_module (shared) > >>>>>>>>>>> auth_digest_module (shared) > >>>>>>>>>>> authn_anon_module (shared) > >>>>>>>>>>> authn_core_module (shared) > >>>>>>>>>>> authn_dbd_module (shared) > >>>>>>>>>>> authn_dbm_module (shared) > >>>>>>>>>>> authn_file_module (shared) > >>>>>>>>>>> authn_socache_module (shared) > >>>>>>>>>>> authz_core_module (shared) > >>>>>>>>>>> authz_dbd_module (shared) > >>>>>>>>>>> authz_dbm_module (shared) > >>>>>>>>>>> authz_groupfile_module (shared) > >>>>>>>>>>> authz_host_module (shared) > >>>>>>>>>>> authz_owner_module (shared) > >>>>>>>>>>> authz_user_module (shared) > >>>>>>>>>>> autoindex_module (shared) > >>>>>>>>>>> cache_module (shared) > >>>>>>>>>>> cache_disk_module (shared) > >>>>>>>>>>> data_module (shared) > >>>>>>>>>>> dbd_module (shared) > >>>>>>>>>>> deflate_module (shared) > >>>>>>>>>>> dir_module (shared) > >>>>>>>>>>> dumpio_module (shared) > >>>>>>>>>>> echo_module (shared) > >>>>>>>>>>> env_module (shared) > >>>>>>>>>>> expires_module (shared) > >>>>>>>>>>> ext_filter_module (shared) > >>>>>>>>>>> filter_module (shared) > >>>>>>>>>>> headers_module (shared) > >>>>>>>>>>> include_module (shared) > >>>>>>>>>>> info_module (shared) > >>>>>>>>>>> log_config_module (shared) > >>>>>>>>>>> logio_module (shared) > >>>>>>>>>>> mime_magic_module (shared) > >>>>>>>>>>> mime_module (shared) > >>>>>>>>>>> negotiation_module (shared) > >>>>>>>>>>> remoteip_module (shared) > >>>>>>>>>>> reqtimeout_module (shared) > >>>>>>>>>>> rewrite_module (shared) > >>>>>>>>>>> setenvif_module (shared) > >>>>>>>>>>> slotmem_plain_module (shared) > >>>>>>>>>>> slotmem_shm_module (shared) > >>>>>>>>>>> socache_dbm_module (shared) > >>>>>>>>>>> socache_memcache_module (shared) > >>>>>>>>>>> socache_shmcb_module (shared) > >>>>>>>>>>> status_module (shared) > >>>>>>>>>>> substitute_module (shared) > >>>>>>>>>>> suexec_module (shared) > >>>>>>>>>>> unique_id_module (shared) > >>>>>>>>>>> unixd_module (shared) > >>>>>>>>>>> userdir_module (shared) > >>>>>>>>>>> version_module (shared) > >>>>>>>>>>> vhost_alias_module (shared) > >>>>>>>>>>> dav_module (shared) > >>>>>>>>>>> dav_fs_module (shared) > >>>>>>>>>>> dav_lock_module (shared) > >>>>>>>>>>> lua_module (shared) > >>>>>>>>>>> mpm_prefork_module (shared) > >>>>>>>>>>> proxy_module (shared) > >>>>>>>>>>> lbmethod_bybusyness_module (shared) > >>>>>>>>>>> lbmethod_byrequests_module (shared) > >>>>>>>>>>> lbmethod_bytraffic_module (shared) > >>>>>>>>>>> lbmethod_heartbeat_module (shared) > >>>>>>>>>>> proxy_ajp_module (shared) > >>>>>>>>>>> proxy_balancer_module (shared) > >>>>>>>>>>> proxy_connect_module (shared) > >>>>>>>>>>> proxy_express_module (shared) > >>>>>>>>>>> proxy_fcgi_module (shared) > >>>>>>>>>>> proxy_fdpass_module (shared) > >>>>>>>>>>> proxy_ftp_module (shared) > >>>>>>>>>>> proxy_http_module (shared) > >>>>>>>>>>> proxy_scgi_module (shared) > >>>>>>>>>>> proxy_wstunnel_module (shared) > >>>>>>>>>>> ssl_module (shared) > >>>>>>>>>>> systemd_module (shared) > >>>>>>>>>>> cgi_module (shared) > >>>>>>>>>>> > >>>>>>>>>>> No mod_jk > >>>>>>>>>>> > >>>>>>>>>>> On Sat, Nov 24, 2018 at 4:23 PM Christopher Schultz < > >>>>>>>>>>> ch...@christopherschultz.net> wrote: > >>>>>>>>>>> > >>>>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- > >>>>>>>>>>>> Hash: SHA256 > >>>>>>>>>>>> > >>>>>>>>>>>> Lou, > >>>>>>>>>>>> > >>>>>>>>>>>> On 11/24/18 12:19, Lou Wallace wrote: > >>>>>>>>>>>>> Hi Greg, > >>>>>>>>>>>>> > >>>>>>>>>>>>> I did this and restarted HTTPD. No error but no change. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Not sure how 10-my.conf and my.conf are called, but I did > >>>>>>> create > >>>>>>>>>>>>> them as described. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Also when I checked configtest > >>>>>>>>>>>>> > >>>>>>>>>>>>> [root@server2 conf]# apachectl configtest Syntax OK > >>>>>>>>>>>>> > >>>>>>>>>>>>> and apachectl -S > >>>>>>>>>>>>> > >>>>>>>>>>>>> [root@server2 conf]# apachectl -S VirtualHost > >>>>> configuration: > >>>>>>>> *:443 > >>>>>>>>>>>>> server2.us-west2-a.c.helpful-kingdom-220815.internal > >>>>>>>>>>>>> (/etc/httpd/conf.d/ssl.conf:56) ServerRoot: "/etc/httpd" > >>>>> Main > >>>>>>>>>>>>> DocumentRoot: "/var/www/html" Main ErrorLog: > >>>>>>>>>>>>> "/etc/httpd/logs/error_log" Mutex mpm-accept: > >>>>> using_defaults > >>>>>>>> Mutex > >>>>>>>>>>>>> authdigest-opaque: using_defaults Mutex > >>>> proxy-balancer-shm: > >>>>>>>>>>>>> using_defaults Mutex rewrite-map: using_defaults Mutex > >>>>>>>>>>>>> authdigest-client: using_defaults Mutex ssl-stapling: > >>>>>>>>>>>>> using_defaults Mutex proxy: using_defaults Mutex > >>>>>> authn-socache: > >>>>>>>>>>>>> using_defaults Mutex ssl-cache: using_defaults Mutex > >>>>> default: > >>>>>>>>>>>>> dir="/run/httpd/" mechanism=default PidFile: > >>>>>>>>>>>>> "/run/httpd/httpd.pid" Define: > >>>> _RH_HAS_HTTPPROTOCOLOPTIONS > >>>>>>>> Define: > >>>>>>>>>>>>> DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="apache" > >>>> id=48 > >>>>>>> Group: > >>>>>>>>>>>>> name="apache" id=48 > >>>>>>>>>>>>> > >>>>>>>>>>>>> Looking forward to your thoughts. > >>>>>>>>>>>> > >>>>>>>>>>>> Try: > >>>>>>>>>>>> > >>>>>>>>>>>> $ apachectl -M > >>>>>>>>>>>> > >>>>>>>>>>>> I get something like this: > >>>>>>>>>>>> > >>>>>>>>>>>> Loaded Modules: > >>>>>>>>>>>> core_module (static) > >>>>>>>>>>>> log_config_module (static) > >>>>>>>>>>>> logio_module (static) > >>>>>>>>>>>> version_module (static) > >>>>>>>>>>>> mpm_prefork_module (static) > >>>>>>>>>>>> http_module (static) > >>>>>>>>>>>> so_module (static) > >>>>>>>>>>>> alias_module (shared) > >>>>>>>>>>>> auth_basic_module (shared) > >>>>>>>>>>>> authn_file_module (shared) > >>>>>>>>>>>> authz_default_module (shared) > >>>>>>>>>>>> authz_groupfile_module (shared) > >>>>>>>>>>>> authz_host_module (shared) > >>>>>>>>>>>> authz_user_module (shared) > >>>>>>>>>>>> autoindex_module (shared) > >>>>>>>>>>>> cgi_module (shared) > >>>>>>>>>>>> deflate_module (shared) > >>>>>>>>>>>> dir_module (shared) > >>>>>>>>>>>> env_module (shared) > >>>>>>>>>>>> headers_module (shared) > >>>>>>>>>>>> include_module (shared) > >>>>>>>>>>>> jk_module (shared) <-- here is mod_jk > >>>>>>>>>>>> mime_module (shared) > >>>>>>>>>>>> negotiation_module (shared) > >>>>>>>>>>>> php5_module (shared) > >>>>>>>>>>>> reqtimeout_module (shared) > >>>>>>>>>>>> rewrite_module (shared) > >>>>>>>>>>>> setenvif_module (shared) > >>>>>>>>>>>> ssl_module (shared) > >>>>>>>>>>>> status_module (shared) > >>>>>>>>>>>> Syntax OK > >>>>>>>>>>>> > >>>>>>>>>>>> If mod_jk isn't loading, obviously none of the > >>>> module-defined > >>>>>>>>>>>> directives will work. > >>>>>>>>>>>> > >>>>>>>>>>>> - -chris > >>>>>>>>>>>> -----BEGIN PGP SIGNATURE----- > >>>>>>>>>>>> Comment: Using GnuPG with Thunderbird - > >>>>>>> https://www.enigmail.net/ > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlv5wT8ACgkQHPApP6U8 > >>>>>>>>>>>> > >>>>>> pFgJMA//ex7/qu/RFlla2FiSxRDJeYfwxaGywm1IrtNXL2y0/nkjIyJKLuNkwfec > >>>>>>>>>>>> > >>>>>> jWQm0ihAXKjBaLks9boK8dVmmEfEibsEDBSRK7LVtLwOd97PQgo6Wv8/itehOAQW > >>>>>>>>>>>> > >>>>>> 4Q8Vyc3Ov2PmXPTCzxehAyzdO8ltSZ5wFZ7TA6tXQYDzgY3yDxl3PMDl3Th0Byi1 > >>>>>>>>>>>> > >>>>>> tts6340/Ih4jhPdYoA0W9LXVqIYjEn/tzMgXUazjXE9jRUxP8bslOeMzQjiuLjvt > >>>>>>>>>>>> > >>>>>> BkwNDqYoTN3INxwljJ9BXVumbk4DehIIx4lw1zuxdzuiLPHYxYsJY+pYLWtAY3i4 > >>>>>>>>>>>> > >>>>>> Op6ATyoKrBiOjjN6DIFWM0ilsRS0ktM7bdwRlRFCXGTUzfwv2v2qzv6PkRsaUbma > >>>>>>>>>>>> > >>>>>> bQ9a7+FFMoHGgWQ62VUtByCyyzHsPI1RoRlXwHRNYufMI+1UpV4IxfqA8tbCcwc+ > >>>>>>>>>>>> > >>>>>> ONzzVti5y16K6mZAH4FDsU/WiFW35hkJLkDrkrvw/z3uCvQjn72etkQFoICUmlEY > >>>>>>>>>>>> > >>>>>> uxirMQHdM8CKrJ7whqiH/1ihdJXwcOPU20QCAfwEbyE58oN+sJxFWDCbGjfVbOfe > >>>>>>>>>>>> > >>>>>> l9yQrKzzp1rnNepPyeseCeOQqSKXBeBDahkSEO/WGDu2PYuOYf2vT/BV6cthLMlm > >>>>>>>>>>>> WhyNoGDl3P3Hr68i4Zwe3a++cXWfzosHpLQOP5RxggV9QUsvKn8= > >>>>>>>>>>>> =gAVW > >>>>>>>>>>>> -----END PGP SIGNATURE----- > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>> > >>>> --------------------------------------------------------------------- > >>>>>>>>>>>> To unsubscribe, e-mail: > >>>> users-unsubscr...@tomcat.apache.org > >>>>>>>>>>>> For additional commands, e-mail: > >>>>> users-h...@tomcat.apache.org > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>>> > >>>>>>>> > >>>>>>> > >>>>>> > >>>>> > >>>> > >>> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>