I have two apache 2.4 web servers and 2 hybris 5.7.3 appservers. I decided to configure mod_jk 1.2.41 in both web servers with app server loadbalancing. Appservers will run on https only, Can you anyone help me to configure mod_jk for hybris.
Thanks you #Benoit for quick respone. Here is the configuration:
httpd.conf file
LoadModule jk_module /usr/lib64/httpd/modules/mod_jk.so
JkWorkersFile /etc/httpd/conf/workers.properties
# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel debug
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
<VirtualHost *>
ServerAlias www.thaitrade.dev
DocumentRoot /var/www
ServerName webserverurl
JkMount /* loadbalancer
JkMount /status/* status
</VirtualHost>
updated workers.properties config
# workers to contact, that's what you have in your httpd.conf
worker.list=loadbalancer,status
#setup node1
worker.worker1.port=8009
worker.worker1.host=hybrisserver1.ip
worker.worker1.type=ajp13
worker.worker1.lbfactor=50
#setup node2
worker.worker2.port=8009
worker.worker2.host=hybrisserver2.ip
worker.worker2.type=ajp13
worker.worker2.lbfactor=100
#setup the load-balancer
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=worker1,worker2
worker.loadbalancer.sticky_session=True
#worker.loadbalancer.sticky_session_force=True
# Status worker for managing load balancer
worker.status.type=status
and added jvmRoute to server.xml in hybrisserver1
<Engine name="Catalina" defaultHost="localhost" jvmRoute="worker1">
added jvmRoute to server.xml in hybrisserver2
<Engine name="Catalina" defaultHost="localhost" jvmRoute="worker2">
I additionally added below config to server.xml
<Connector protocol="AJP/1.3" port="8010" proxyPort="443" scheme="https" secure="true" />
created a new ssl virtualhost config
Listen 443 https
<VirtualHost *:443>
SSLEngine on
JkMountCopy On
SSLCertificateFile /etc/httpd/conf.d/certificate.crt
SSLCertificateKeyFile /etc/httpd/conf.d/certificate.key
</VirtualHost>
Below are mod_jk errors
[Wed Apr 13 19:29:24 2016] [17689:140131769874496] [debug] jk_translate::mod_jk.c (3855): missing uri map for webservername:/hmc
[Wed Apr 13 19:29:24 2016] [17689:140131769874496] [debug] jk_map_to_storage::mod_jk.c (4023): missing uri map for webservername:/hmc
[Wed Apr 13 19:29:25 2016] [17826:140131769874496] [debug] jk_child_init::mod_jk.c (3474): Initialized mod_jk/1.2.41
[Wed Apr 13 19:29:27 2016] [17689:140131769874496] [debug] jk_translate::mod_jk.c (3855): missing uri map for webservername:/hac
[Wed Apr 13 19:29:27 2016] [17689:140131769874496] [debug] jk_map_to_storage::mod_jk.c (4023): missing uri map for webservername:/hac
that's my configuration.
I didnt received ssl certificates. for time being i will generate self signed certificates and can you please guide me how to add ssl certificates to mod_jk configuration and also do i need to add new worker and worker port in workers.properties file?
Hi #BenoitVanalderweireldt, removed proxyport and added jvmRoute in server.xml and also added x-forwarded-proto in ssl configuration. that's it, the configuration is working now. Thanks for your wonderful support
Related
I've been stuck on this issue for 3 days now. I can access the www folder, but when i try to access a subfolder , i get the 403 Forbidden. Checking the Apache error log , i got this :
[Wed Oct 23 13:04:42.597752 2019] [access_compat:error] [pid 60180]
[client 127.0.0.1:56676] AH01797: client denied by server
configuration: /users/admin/Library/Mobile
Documents/com~apple~CloudDocs/www/soft/public_html/, referer:
http://127.0.0.1/
Here is how it's configured on httpd.conf :
DocumentRoot "/users/admin/Library/Mobile Documents/com~apple~CloudDocs/www"
<Directory "/users/admin/Library/Mobile Documents/com~apple~CloudDocs/www">
Options +FollowSymLinks +Multiviews +SymLinksIfOwnerMatch +Indexes
MultiviewsMatch Any
AllowOverride All
Allow from All
Require all granted
</Directory>
I have several other subfolders inside www that i can access, only the 'soft' folder get me the error.
Please help !
I am trying to configure mod_jk for apache2 in front of tomcat7 but I'm getting a following error:
mod_jk.log[Error]:jk_uri_worker_map.c (580): Could not find worker
with name '/var/lib/tomcat7/conf/workers.properties' in uri map post
processing
workers.properties is in tomcat7/conf/
jk.conf is in apache2/mods-enabled/
000-default.conf is in apache2/sites-enabled/
workers.properties
`workers.tomcat_home=/var/lib/tomcat7
workers.java_home=/usr/lib/jvm/java-8-openjdk-amd64
ps=/
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=xxxx.com
worker.worker1.port=8009
worker.ajp13_worker.lbfactor=1
worker.worker1.mount=/*
# configure jk-status
worker.list=jk-status
worker.jk-status.type=status
worker.jk-status.read_only=true
#configure jk-manager
worker.list=jk-manager
worker.jk-manager.type=status`
jk.conf
`<IfModule jk_module>
JkWorkersFile /var/lib/tomcat7/conf/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel debug
JkShmFile /var/log/apache2/jk-runtime-status
JkOptions +RejectUnsafeURI +ForwardKeySize +ForwardURICompat
JkWatchdogInterval 60
JkMount /* worker1
<Location /jk-status>
# Inside Location we can omit the URL in JkMount
JkMount jk-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
<Location /jk-manager>
# Inside Location we can omit the URL in JkMount
JkMount jk-manager
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>`
000-default.conf
<VirtualHost *:80>
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R=301]
JkMount /* worker1
JkMountCopy On
</VirtualHost>
mod_jk.log
[Tue Mar 06 12:27:55.370 2018] [14733:140153319872384] [debug] wc_get_worker_for_name::jk_worker.c (120): did not find a worker /var/lib/tomcat7/conf/workers.properties
[Tue Mar 06 12:27:55.370 2018] [14733:140153319872384] [error] extension_fix::jk_uri_worker_map.c (580): Could not find worker with name '/var/lib/tomcat7/conf/workers.properties' in uri map post processing.
[Tue Mar 06 12:27:55.370 2018] [14733:140153319872384] [debug] wc_get_worker_for_name::jk_worker.c (120): did not find a worker /var/lib/tomcat7/conf/workers.properties
[Tue Mar 06 12:27:55.370 2018] [14733:140153319872384] [error] extension_fix::jk_uri_worker_map.c (580): Could not find worker with name '/var/lib/tomcat7/conf/workers.properties' in uri map post processing.
I followed installation guide and deployment guide and I can access CKAN site but on port 5000, not on 8080.
What have I done wrong?
--edit1--
Error log.
/var/log/apache2/ckan_default.error.log is empty.
/var/log/apache2/error.log below:
[Wed Dec 16 03:56:05.341055 2015] [core:notice] [pid 31625] AH00094: Command line: '/usr/sbin/apache2'
[Wed Dec 16 05:25:00.457734 2015] [:error] [pid 32024] [client 188.68.224.62:59132] script '/var/www/html/wp/httptest.php' not found or unable to stat
[Wed Dec 16 06:46:59.218607 2015] [mpm_prefork:notice] [pid 31625] AH00171: Graceful restart requested, doing restart
[Wed Dec 16 06:46:59.367788 2015] [mpm_prefork:notice] [pid 31625] AH00163: Apache/2.4.7 (Ubuntu) mod_wsgi/3.4 Python/2.7.6 configured -- resuming normal operations
[Wed Dec 16 06:46:59.367809 2015] [core:notice] [pid 31625] AH00094: Command line: '/usr/sbin/apache2'
[Wed Dec 16 06:54:00.009154 2015] [:error] [pid 966] [client 188.68.224.62:40707] script '/var/www/html/wp/httptest.php' not found or unable to stat
[Wed Dec 16 13:07:30.925196 2015] [mpm_prefork:notice] [pid 31625] AH00171: Graceful restart requested, doing restart
--edit2--
Changed everything back to how the deployment guide says.
/etc/apache2/sites-available/ckan_default.conf below
<VirtualHost 127.0.0.1:8080>
ServerName ec2-xx-xx-xx-xx.ap-southeast-2.compute.amazonaws.com
ServerAlias www.ec2-xx-xx-xx-xx.ap-southeast-2.compute.amazonaws.com
WSGIScriptAlias / /etc/ckan/default/apache.wsgi
# Pass authorization info on (needed for rest api).
WSGIPassAuthorization On
# Deploy as a daemon (avoids conflicts between CKAN instances).
WSGIDaemonProcess ckan_default display-name=ckan_default processes=2 threads=15
WSGIProcessGroup ckan_default
ErrorLog /var/log/apache2/ckan_default.error.log
CustomLog /var/log/apache2/ckan_default.custom.log combined
LogLevel info
<IfModule mod_rpaf.c>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
</IfModule>
<Directory />
Require all granted
</Directory>
</VirtualHost>
Also tried changing the 127.0.0.1:8080 to *:8080 and tried public IP address (Amazon Elastic IP) and DNS address. None of them work.
ports.conf has listen 8080 (taken out listen 80)
wsgi script and nginx config as described in guide also.
I see the "Problem loading page" on Firefox visiting the root url on port 80 but visiting 8080 just hangs and both don't have HTTP response. I can still access CKAN on port 5000.
Amazon EC2 doesn't allow connections to port 8080 by default, so could open the port if you really wanted to access it externally.
However accessing CKAN via 8080 is only for testing that the apache deployment is working, so it makes no sense to make it available externally - you can test apache is working by ssh-ing to the box and using curl.
The CKAN deployment instructions continue by telling you to install nginx as a reverse proxy, exposing CKAN on the normal port 80.
GitLab can be started and shows as running. When running curl git.myserver.com, this fails with HTTP 503. No interesting entries in the unicorn.stderr.log or unicorn.stdout.log.
Versions:
GitLab 6.5.1
Apache 2.4.6
Ubuntu 13.10
sites-available/git.myserver.com:
<VirtualHost *:80>
ServerName git.myserver.com
DocumentRoot /home/git/gitlab/public
<Directory /home/git/gitlab/public>
AllowOverride All
Options -MultiViews
</Directory>
ProxyPass /uploads !
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost on
</VirtualHost>
config/unicorn.rb:
worker_processes 2
listen "/home/git/gitlab/tmp/sockets/gitlab.socket", :backlog => 64
listen "127.0.0.1:8080", :tcp_nopush => true
timeout 900
config/gitlab.yml:
gitlab:
## Web server settings
host: git.myserver.com
port: 80
https: false
Apache access log file:
SOMEIPADDRESS - - [17/Feb/2014:20:25:20 +0000] "GET / HTTP/1.1" 503 566 "-" "curl/7.32.0"
Apache error log file:
[Mon Feb 17 20:25:08.919614 2014] [proxy_http:error] [pid 1321:tid 139972136904448] [client SOMEIPADDRESS:48578] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon Feb 17 20:25:20.114281 2014] [proxy:error] [pid 2092:tid 140263968208640] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Mon Feb 17 20:25:20.114353 2014] [proxy:error] [pid 2092:tid 140263968208640] AH00959: ap_proxy_connect_backend disabling worker for (127.0.0.1) for 60s
[Mon Feb 17 20:25:20.114364 2014] [proxy_http:error] [pid 2092:tid 140263968208640] [client SOMEIPADDRESS:48580] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
Solved. I had used Ruby 2.1.0 while the install guide tells to use Ruby 2.0.0. Closely re-installed and restored the backup, which now works perfectly.
I have a big problem with websockets and my reverse proxy configuration on Apache. When I access Tomcat directly, the application with websockets works perfectly. But as soon is I try it with Apache, the websockets are not working.
I use:
Tomcat 7.0.42 on Windows
Apache 2.4.6 on Windows
<VirtualHost _default_:80>
ServerName myserver
RewriteEngine on
RedirectMatch ^/$ /myserver/
RewriteRule ^/myserver$ /myserver/ [R]
RewriteRule ^/myserver/active$ /myserver/active/ [R]
ProxyRequests Off
ProxyPreserveHost On
ProxyVia On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
LogLevel debug
ProxyHTMLEnable On
ProxyHTMLBufSize 102400
ProxyHTMLExtended On
ProxyHTMLStripComments Off
ProxyHTMLDocType "<!DOCTYPE html>" XML
ProxyHTMLMeta On
DocumentRoot "${SRVROOT}/htdocs/"
<Location /myserver/active/ws/atmsphr/>
ProxyPass ws://localhost:8080/myapp/ws/atmsphr/
ProxyPassReverse ws://localhost:8080/myapp/ws/atmsphr/
</Location>
ProxyPass /myserver/active/ ajp://localhost:8009/myapp/
ProxyHTMLURLMap ajp://localhost:8009/myapp /myserver/active/
<Location /myserver/active/>
ProxyPassReverse ajp://localhost:8009/myapp/
SetOutputFilter proxy-html
ProxyHTMLURLMap /myapp/ /myserver/active/
ProxyPassReverseCookiePath /myapp/ /myserver/active/
</Location>
ProxyPass /myserver/ ajp://localhost:8009/mylogin/
ProxyHTMLURLMap ajp://localhost:8009/mylogin /myserver/
<Location /myserver/>
ProxyPassReverse ajp://localhost:8009/mylogin/
SetOutputFilter proxy-html
ProxyHTMLURLMap /mylogin/ /myserver/
ProxyPassReverseCookiePath /mylogin/ /myserver/
</Location>
</VirtualHost>
In the Apache logs I can see that the workers were initialized:
[Tue Oct 22 17:25:21.625342 2013] [proxy:debug] [pid 4116:tid 164] proxy_util.c(1693): AH00925: initializing worker ws://localhost:8080/myapp/ws/atmsphr/ shared
[Tue Oct 22 17:25:21.625342 2013] [proxy:debug] [pid 4116:tid 164] proxy_util.c(1733): AH00927: initializing worker ws://localhost:8080/myapp/ws/atmsphr/ local
I followed the Ordering ProxyPass Directives, but the first request is processed by mod_proxy_ajp and not by mod_proxy_wstunnel:
[Tue Oct 22 17:26:19.283043 2013] [proxy_http:debug] [pid 4116:tid 840] mod_proxy_http.c(1891): [client 192.168.5.68:49451] AH01113: HTTP: declining URL ajp://localhost:8009/myapp/websock/atmsphr?X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.0.2-jquery&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&X-Cache-Date=0&Content-Type=application/json&X-atmo-protocol=true
[Tue Oct 22 17:26:19.283043 2013] [proxy_ajp:debug] [pid 4116:tid 840] mod_proxy_ajp.c(713): [client 192.168.5.68:49451] AH00895: serving URL ajp://localhost:8009/myapp/ws/atmsphr?X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.0.2-jquery&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&X-Cache-Date=0&Content-Type=application/json&X-atmo-protocol=true
What is wrong in my configuration?
After a long research I found a workaround which fullfills my requirements. I've to run this webapplication via HTTPS and with port 443 it works perfectly. I can not explain why there is a problem with the default HTTP port 80, but if I access the webapp through port 443 there is no problem. In addition i tried port 8000 via HTTP und it also works.
Summary:
Port 80 / HTTP --> not working
Port 8000 / HTTP --> working
Port 443 / HTTPS --> working
In conclusion I have an virtual host config for port 80 with a permanent redirct to 443.
It has to do with the effective order of your ProxyPass directives. Have a look at the server-status page to see what it really is. When you embed them in Location blocks the effective order is changed from the order you wrote them in. See the mod_proxy_wstunnel documentation.