mod_jk not able to connect Apache and tomcat - linux

I am not able to connect my Apache to tomcat servers. Below are the version details.
mod_jk/1.2.39
Apache-2.4.41
tomcat-9.0.31
I have created Workers.properties file and mentioned my hostname and AJP port i.e. 8009 and also enabled Ajp connectors from tomcat side. Issue I am facing is mod_jk is not connecting to host that I have provided in workers.properties file. Instead of that it is connecting to 0.0.0.0. Below is the error from mod_jk.log
[Wed May 27 12:52:00 2020] [6902:140379841652544] [info] init_jk::mod_jk.c (3383): mod_jk/1.2.39 initialized
[Wed May 27 12:52:00 2020] [6903:140379841652544] [info] init_jk::mod_jk.c (3383): mod_jk/1.2.39 initialized
[Wed May 27 12:53:20 2020] [6906:140379663890176] [info] jk_open_socket::jk_connect.c (735): connect to 0.0.0.0:8009 failed (errno=111)
[Wed May 27 12:53:20 2020] [6906:140379663890176] [info] ajp_connect_to_endpoint::jk_ajp_common.c (1019): Failed opening socket to (0.0.0.0:8009) (errno=111)
[Wed May 27 12:53:20 2020] [6906:140379663890176] [error] ajp_send_request::jk_ajp_common.c (1659): (tomcat1) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111)
I have checked I can access my tomcat servers and it's running fine. Below is the Ajp connectors from tomcat server
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="8443" />
Is there anything I am missing or is it some kind of fat bug involve with this version of mod_jk?
Any kind of Suggestion and Help will be appreciated.
Thanks,
Anshu

Start tomcat server on IP address instead of 0.0.0.0.
<Connector protocol="AJP/1.3"
address="IP-address"
port="8009"
redirectPort="8443" />
Use tomcat-adress and Port in worker.properties. Restart tomcat and Apache service. Also make sure that port 8009 is open between Apache and tomcat server.

Related

Intermittent Service not available Error in Elasticbeanstalk application

We are using a webserver with ElasticBeanstalk from 2019.,
the platform is
tomcat 8.5 with java8 running on 64 bit Amazon Linux. httpd as proxy
recently (from Jan 30th) we started getting Service Unavailable issues if go to the endpoint from time to time. and if we refresh 2-3 times it will get resolved on its own.
then I download full logs. under elasticbeanstalk-error_log I can see
[Mon Feb 28 10:00:58.338035 2022] [proxy:error] [pid 14882:tid 139757313533696] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /var/run/httpd/ (localhost) failed
[Mon Feb 28 10:00:58.338078 2022] [proxy_http:error] [pid 14882:tid 139757313533696] [client <private-ip-here>:12566] AH01114: HTTP: failed to make connection to backend: httpd-UDS, referer: http://<custom-end-point>/1/<name.jsp>?s=sec$$4P!&refresh=300
[Mon Feb 28 10:43:40.663468 2022] [proxy:error] [pid 14882:tid 139757120071424] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /var/run/httpd/ (localhost) failed
[Mon Feb 28 10:43:40.663518 2022] [proxy_http:error] [pid 14882:tid 139757120071424] [client <private-ip-here>:21136] AH01114: HTTP: failed to make connection to backend: httpd-UDS
repeated multiple times from Jan30th.
and when I look at access.log
I can see 503 error log exactly at the same time when permission denied error logs in elasticbeanstalk-error_log
And I looked at the running process using ps -aux | grep HTTPd and ps -aux | grep tomcat
both are running from 2019 and have no restarts.
what more I can do to troubleshoot these issuesWe are running a web application written in Java(tomcat8) hosted in AWS ElastcBeanStalk
Some weeks back we started getting 503 error randomly
When we checked the elasticbeanstalk-erorr_logs
[Thu Mar 03 13:22:12.906144 2022] [proxy:error] [pid 14882:tid 139757338711808] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /var/run/httpd/ (localhost) failed
[Thu Mar 03 13:22:12.906202 2022] [proxy_http:error] [pid 14882:tid 139757338711808] [client 172.31.17.0:61382] AH01114: HTTP: failed to make connection to backend: httpd-UDS, referer: http://our-domain.com/1/callBackLog.jsp
The error logs are suggesting connection error with backend unix socket
When we checked in /var/run/httpd/ folder, there were no unix sockets(.sock files)
But in apache httpd config
<VirtualHost *:80>
<Proxy *>
Require all granted
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
the proxy backend is ip address not unix socket
As per the config httpd should connect to backend ip address(localhost:8080) but why is it complaining about unix socket
Have anyone faced similar issues?
============= UPDATE
The error logs are suggesting connection error with backend unix socket
When we checked in /var/run/httpd/ folder, there were no unix sockets(.sock files)
But in apache httpd config
<VirtualHost *:80>
<Proxy *>
Require all granted
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
the proxy backend is ip address not unix socket
As per the config httpd should connect to backend ip address(localhost:8080) but why is it complaining about unix socket
Have anyone faced similar issues?

Jboss 7.0 Fails to start in Red Hat

Hi, i'm trying to run Jboss EAP 7.0.0 in Red Hat Enterprise Linux 7, the installation goes well until i need to start the service.
sudo service jboss-eap-rhel start
Redirecting to /bin/systemctl start jboss-eap-rhel.service
Job for jboss-eap-rhel.service failed. See 'systemctl status jboss-eap-rhel.service' and 'journalctl -xn' for details.
After reach for the service log, it shows that the JBoss EAP startup script has failed to start.
localhost.localdomain systemd1: Failed to start SYSV: JBoss EAP startup script.
systemctl status jboss-eap-rhel.service
jboss-eap-rhel.service - SYSV: JBoss EAP startup script
Loaded: loaded (/etc/rc.d/init.d/jboss-eap-rhel.sh)
Active: failed (Result: resources) since Wed 2017-05-17 05:35:37 EDT; 6min ago
Process: 16673 ExecStart=/etc/rc.d/init.d/jboss-eap-rhel.sh start (code=exited, status=0/SUCCESS)
Main PID: 6979
May 17 05:35:06 localhost.localdomain systemd[1]: Starting SYSV: JBoss EAP startup script...
May 17 05:35:06 localhost.localdomain jboss-eap-rhel.sh[16673]: Starting jboss-eap: chown: missing operand after ‘/var/run/jboss-eap’
May 17 05:35:06 localhost.localdomain jboss-eap-rhel.sh[16673]: Try 'chown --help' for more information.
May 17 05:35:37 localhost.localdomain jboss-eap-rhel.sh[16673]: jboss-eap started with errors, please see server log for details
May 17 05:35:37 localhost.localdomain jboss-eap-rhel.sh[16673]: [ OK ]
May 17 05:35:37 localhost.localdomain systemd[1]: PID file /var/run/jboss-eap/jboss-eap.pid not readable (yet?) after start.
May 17 05:35:37 localhost.localdomain systemd[1]: Failed to start SYSV: JBoss EAP startup script.
May 17 05:35:37 localhost.localdomain systemd[1]: Unit jboss-eap-rhel.service entered failed state.
i checked the jboss conf and the eap-rhel.sh looking for something wrong, including the standalone.xml and the standalone-full.xml, but everything looks to be ok.
the files of the jboss are in /usr/share right now (i have installed and unstalled several times in different folders trying to solve it, yes i have deleted remaining files before each installation).
just to be sure, i mention the steps i done after every installation:
the jboss-eap.conf was succefully edited. the user and the path of the jboss were changed to the right ones.
jboss-eap.conf copied to /etc/default
jboss-eap-rhel copied to /etc/init.d
I also opened it using
./standalone.sh -c standalone-full.xml
it throws this warning:
03:56:23,735 WARN [org.jboss.as.txn] (ServerService Thread Pool -- 60) WFLYTX00 13: Node identifier property is set to the default value. Please make sure it is unique.
and doesn't work (because the service is still not active).
¿how can I start the service?
03:56:23,735 WARN [org.jboss.as.txn] (ServerService Thread Pool -- 60) WFLYTX0013: Node identifier property is set to the default value. Please make sure it unique.
You dont have to worry about it unless you have enabled JTA. You can set unique value of node identifier in standalone-full.xml file like :
<subsystem xmlns="urn:jboss:domain:transactions:1.4">
<core-environment node-identifier="${jboss.tx.node.id}">
...
Regarding service, please verify steps you have followed http://www.dmartin.es/2014/07/jboss-eap-6-as-rhel-7-service/
If you're using JBoss 7.x, you can use the following CLI commands:
/host=master/server-config=server-one/system-property=jboss.tx.node.id:add(boot-time=true,value=master)
/host={slave-host}/server-config=server-one/system-property=jboss.tx.node.id:add(boot-time=true,value=slave2)
/profile={some-profile}/subsystem=transactions:write-attribute(name=node-identifier,value="${jboss.tx.node.id}")
:reload-servers(blocking=true)
This will add the following lines:
<subsystem xmlns="urn:jboss:domain:transactions:4.0">
<core-environment node-identifier="${jboss.tx.node.id}">
<process-id>
<uuid/>
</process-id>
</core-environment>
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
</subsystem>
In each profile section of the domain.xml configuration file (in domain controller), and:
<servers>
<server name="server-one" group="x-server-group" auto-start="true">
<system-properties>
<property name="jboss.tx.node.id" value="slave1" boot-time="true"/>
</system-properties>
</server>
</servers>
under each server definition in the host-slave.xml configuration file (in host controller).
External references:
https://access.redhat.com/solutions/748323
https://access.redhat.com/solutions/260023
https://issues.jboss.org/browse/JBEAP-11208

HTTP: failed to make connection to backend: 0.0.0.0 - socket-js

I am running into an interesting problem in regards to running nodejs on port 8080. I have a new EC2 instance running ubuntu 16.04, I've configured apache2 to run on port 80 and have a reserve proxy setup to switch the port to the nodejs server running inside the /public directory to port 8080. This works great but, my bundle.js package calls the server in order to be updated: http://myamazonelasticipaddress/sockjs-node/info?t=1486698514348 This continually fails and I am left with the following error messages:
Fri Feb 10 02:28:51.358580 2017] [proxy:error] [pid 19100:tid 140639517771520] AH00940: HTTP: disabled connection for (0.0.0.0)
[Fri Feb 10 02:43:57.689148 2017] [proxy:error] [pid 19101:tid 140639568127744] (111)Connection refused: AH00957: HTTP: attempt to connect to 0.0.0.0:8080 (0.0.0.0) failed
[Fri Feb 10 02:43:57.689205 2017] [proxy:error] [pid 19101:tid 140639568127744] AH00959: ap_proxy_connect_backend disabling worker for (0.0.0.0) for 60s
[Fri Feb 10 02:43:57.689211 2017] [proxy_http:error] [pid 19101:tid 140639568127744] [client 192.55.192.52:56715] AH01114: HTTP: failed to make connection to backend: 0.0.0.0
I thought my firewall might be blocking this but I've allowed all connections to this port through. I've double checked my iptables configs and can't find anything. I have a vagrant machine that does this exact same routing and I have no problem.
I have to be missing something simple, any thoughts or ideas?
So my AWS security group configurations were indeed correct. The culprit, was that I needed to add a custom TCP type in the security group to allow port 8080 for the socketjs-node to connect.

Atlassian Bamboo behind IIS7 with Isapi redirect

I'm attempting to use Bamboo behind IIS 7. I have exhausted all of my resources so Im hoping someone here can help. After starting bamboo and trying to connect my browser eventually times out with a 503. Please note that only bamboo currently has a problem. JIRA,Confluence and Crowd all work without issue
The logs from bamboo state
jvm 1| 2010-02-13 00:02:16.256::WARN: EXCEPTION
jvm 1| java.lang.IllegalAccessError
jvm 1| at org.mortbay.jetty.ajp.Ajp13Connection.<init>(Ajp13Connection.java:51)
jvm 1| at org.mortbay.jetty.ajp.Ajp13SocketConnector.newHttpConnection(Ajp13SocketConnector.java:79)
jvm 1| at org.mortbay.jetty.bio.SocketConnector$Connection.<init>(SocketConnector.java:182)
jvm 1| at org.mortbay.jetty.bio.SocketConnector.accept(SocketConnector.java:102)
jvm 1| at org.mortbay.jetty.AbstractConnector$Acceptor.run(AbstractConnector.java:707)
jvm 1| at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:520) `
and the Isapi_redirect.log states:
[Sat Feb 13 00:07:40.360 2010] [2248:5256] [info] jk_ajp_common.c (1143): (worker4) can't receive the response header message from tomcat, tomcat (127.0.0.1:8035) has forced a connection close for socket 620
[Sat Feb 13 00:07:40.360 2010] [2248:5256] [error] jk_ajp_common.c (1962): (worker4) Tomcat is down or refused connection. No response has been sent to the client (yet)
[Sat Feb 13 00:07:40.361 2010] [2248:5256] [info] jk_ajp_common.c (2447): (worker4) sending request to tomcat failed (recoverable), (attempt=1)
[Sat Feb 13 00:07:40.361 2010] [2248:3860] [info] jk_ajp_common.c (1143): (worker4) can't receive the response header message from tomcat, tomcat (127.0.0.1:8035) has forced a connection close for socket 636
[Sat Feb 13 00:07:40.361 2010] [2248:3860] [error] jk_ajp_common.c (1962): (worker4) Tomcat is down or refused connection. No response has been sent to the client (yet)
[Sat Feb 13 00:07:40.361 2010] [2248:3860] [info] jk_ajp_common.c (2447): (worker4) sending request to tomcat failed (recoverable), (attempt=1) `
I have configured Bamboo to use the jetty Configuration file per the instructions here:
http://confluence.atlassian.com/display/BAMBOO/Getting+Bamboo+Standalone+to+use+the+jetty.xml+file
I have configured my jetty.xml and added
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.ajp.Ajp13SocketConnector">
<Set name="port">8035</Set>
</New>
</Arg>
</Call>
The Isapi config info:
workers.properties.minimal looks like this:
#jira
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
#confluence
worker.worker2.type=ajp13
worker.worker2.host=localhost
worker.worker2.port=8014
#crowd
worker.worker3.type=ajp13
worker.worker3.host=localhost
worker.worker3.port=8016
#bamboo
worker.worker4.type=ajp13
worker.worker4.host=localhost
worker.worker4.port=8035
uriworkermap.properties file:
/jira/*=worker1
/confluence/*=worker2
/crowd/*=worker3
/bamboo/*=worker4
Any Ideas?
With AJP, i don't think you're supposed to use isapi_rewrite - that's like connecting an HTTP plug to an AJP socket, its not a match.
You want an AJP connector on your IIS side:
http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
check that the version of the jetty ajp jar file matches your version of jetty

Apache + SSL Error 336027900 [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I was reviewing the logs for my companies servers today and I discovered that there appears to be an error 336027900 logged every 5 minutes. This is what the log shows:
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] Connection to child 3 established (server localhost:443)
[Wed Mar 25 15:10:19 2009] [info] Seeding PRNG with 656 bytes of entropy
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server localhost:443)
[Wed Mar 25 15:10:19 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] Connection closed to child 3 with abortive shutdown (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] Connection to child 12 established (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] Seeding PRNG with 656 bytes of entropy
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] Connection closed to child 12 with abortive shutdown (server localhost:443)
Our hosts are all behind a single proxy that is properly setup to handle SSL requests. I verified all of our vhost files have the ports setup appropriately. I have searched Google for this error message and found nothing of use. Any help would be greatly appreciated.
Thanks,
James Armes
Do you have a monitoring application that connects to the server at 5 minute intervals?
That error looks familiar; I believe it occurs when a client connects but attempts to speak HTTP rather than HTTPS.
By the way, if you are doing a reverse proxy, you should look into letting the reverse proxy do the SSL instead of Apache. Clients hit the reverse proxy using SSL on 443, and the reverse proxy decrypts the whole thing and forwards it off to your apache server, who doesn't know a thing about SSL.
Both squid and nginx support it. That way you dont have to mess around with getting SSL working on apache.
this looks like an "Internal Dummy Connection"
here is some more info on it:
http://wiki.apache.org/httpd/InternalDummyConnection
I think Jeff is right...
Some software is connecting to your servers without using ssl, maybe the proxy is sending some packages or some control messages, or you have any monitoring software, that connects each 5 minutes but doesnt take in account the SSL thing.
I've seen this error when attempting to connect with a browser that only has SSLv2 enabled.
The every five minutes thing sounds like Pingability.com (or the like) is hitting you.

Resources