I have a big problem with websockets and my reverse proxy configuration on Apache. When I access Tomcat directly, the application with websockets works perfectly. But as soon is I try it with Apache, the websockets are not working.
I use:
Tomcat 7.0.42 on Windows
Apache 2.4.6 on Windows
<VirtualHost _default_:80>
ServerName myserver
RewriteEngine on
RedirectMatch ^/$ /myserver/
RewriteRule ^/myserver$ /myserver/ [R]
RewriteRule ^/myserver/active$ /myserver/active/ [R]
ProxyRequests Off
ProxyPreserveHost On
ProxyVia On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
LogLevel debug
ProxyHTMLEnable On
ProxyHTMLBufSize 102400
ProxyHTMLExtended On
ProxyHTMLStripComments Off
ProxyHTMLDocType "<!DOCTYPE html>" XML
ProxyHTMLMeta On
DocumentRoot "${SRVROOT}/htdocs/"
<Location /myserver/active/ws/atmsphr/>
ProxyPass ws://localhost:8080/myapp/ws/atmsphr/
ProxyPassReverse ws://localhost:8080/myapp/ws/atmsphr/
</Location>
ProxyPass /myserver/active/ ajp://localhost:8009/myapp/
ProxyHTMLURLMap ajp://localhost:8009/myapp /myserver/active/
<Location /myserver/active/>
ProxyPassReverse ajp://localhost:8009/myapp/
SetOutputFilter proxy-html
ProxyHTMLURLMap /myapp/ /myserver/active/
ProxyPassReverseCookiePath /myapp/ /myserver/active/
</Location>
ProxyPass /myserver/ ajp://localhost:8009/mylogin/
ProxyHTMLURLMap ajp://localhost:8009/mylogin /myserver/
<Location /myserver/>
ProxyPassReverse ajp://localhost:8009/mylogin/
SetOutputFilter proxy-html
ProxyHTMLURLMap /mylogin/ /myserver/
ProxyPassReverseCookiePath /mylogin/ /myserver/
</Location>
</VirtualHost>
In the Apache logs I can see that the workers were initialized:
[Tue Oct 22 17:25:21.625342 2013] [proxy:debug] [pid 4116:tid 164] proxy_util.c(1693): AH00925: initializing worker ws://localhost:8080/myapp/ws/atmsphr/ shared
[Tue Oct 22 17:25:21.625342 2013] [proxy:debug] [pid 4116:tid 164] proxy_util.c(1733): AH00927: initializing worker ws://localhost:8080/myapp/ws/atmsphr/ local
I followed the Ordering ProxyPass Directives, but the first request is processed by mod_proxy_ajp and not by mod_proxy_wstunnel:
[Tue Oct 22 17:26:19.283043 2013] [proxy_http:debug] [pid 4116:tid 840] mod_proxy_http.c(1891): [client 192.168.5.68:49451] AH01113: HTTP: declining URL ajp://localhost:8009/myapp/websock/atmsphr?X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.0.2-jquery&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&X-Cache-Date=0&Content-Type=application/json&X-atmo-protocol=true
[Tue Oct 22 17:26:19.283043 2013] [proxy_ajp:debug] [pid 4116:tid 840] mod_proxy_ajp.c(713): [client 192.168.5.68:49451] AH00895: serving URL ajp://localhost:8009/myapp/ws/atmsphr?X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.0.2-jquery&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&X-Cache-Date=0&Content-Type=application/json&X-atmo-protocol=true
What is wrong in my configuration?
After a long research I found a workaround which fullfills my requirements. I've to run this webapplication via HTTPS and with port 443 it works perfectly. I can not explain why there is a problem with the default HTTP port 80, but if I access the webapp through port 443 there is no problem. In addition i tried port 8000 via HTTP und it also works.
Summary:
Port 80 / HTTP --> not working
Port 8000 / HTTP --> working
Port 443 / HTTPS --> working
In conclusion I have an virtual host config for port 80 with a permanent redirct to 443.
It has to do with the effective order of your ProxyPass directives. Have a look at the server-status page to see what it really is. When you embed them in Location blocks the effective order is changed from the order you wrote them in. See the mod_proxy_wstunnel documentation.
Related
I've been stuck on this issue for 3 days now. I can access the www folder, but when i try to access a subfolder , i get the 403 Forbidden. Checking the Apache error log , i got this :
[Wed Oct 23 13:04:42.597752 2019] [access_compat:error] [pid 60180]
[client 127.0.0.1:56676] AH01797: client denied by server
configuration: /users/admin/Library/Mobile
Documents/com~apple~CloudDocs/www/soft/public_html/, referer:
http://127.0.0.1/
Here is how it's configured on httpd.conf :
DocumentRoot "/users/admin/Library/Mobile Documents/com~apple~CloudDocs/www"
<Directory "/users/admin/Library/Mobile Documents/com~apple~CloudDocs/www">
Options +FollowSymLinks +Multiviews +SymLinksIfOwnerMatch +Indexes
MultiviewsMatch Any
AllowOverride All
Allow from All
Require all granted
</Directory>
I have several other subfolders inside www that i can access, only the 'soft' folder get me the error.
Please help !
I am trying to configure mod_jk for apache2 in front of tomcat7 but I'm getting a following error:
mod_jk.log[Error]:jk_uri_worker_map.c (580): Could not find worker
with name '/var/lib/tomcat7/conf/workers.properties' in uri map post
processing
workers.properties is in tomcat7/conf/
jk.conf is in apache2/mods-enabled/
000-default.conf is in apache2/sites-enabled/
workers.properties
`workers.tomcat_home=/var/lib/tomcat7
workers.java_home=/usr/lib/jvm/java-8-openjdk-amd64
ps=/
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=xxxx.com
worker.worker1.port=8009
worker.ajp13_worker.lbfactor=1
worker.worker1.mount=/*
# configure jk-status
worker.list=jk-status
worker.jk-status.type=status
worker.jk-status.read_only=true
#configure jk-manager
worker.list=jk-manager
worker.jk-manager.type=status`
jk.conf
`<IfModule jk_module>
JkWorkersFile /var/lib/tomcat7/conf/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel debug
JkShmFile /var/log/apache2/jk-runtime-status
JkOptions +RejectUnsafeURI +ForwardKeySize +ForwardURICompat
JkWatchdogInterval 60
JkMount /* worker1
<Location /jk-status>
# Inside Location we can omit the URL in JkMount
JkMount jk-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
<Location /jk-manager>
# Inside Location we can omit the URL in JkMount
JkMount jk-manager
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>`
000-default.conf
<VirtualHost *:80>
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R=301]
JkMount /* worker1
JkMountCopy On
</VirtualHost>
mod_jk.log
[Tue Mar 06 12:27:55.370 2018] [14733:140153319872384] [debug] wc_get_worker_for_name::jk_worker.c (120): did not find a worker /var/lib/tomcat7/conf/workers.properties
[Tue Mar 06 12:27:55.370 2018] [14733:140153319872384] [error] extension_fix::jk_uri_worker_map.c (580): Could not find worker with name '/var/lib/tomcat7/conf/workers.properties' in uri map post processing.
[Tue Mar 06 12:27:55.370 2018] [14733:140153319872384] [debug] wc_get_worker_for_name::jk_worker.c (120): did not find a worker /var/lib/tomcat7/conf/workers.properties
[Tue Mar 06 12:27:55.370 2018] [14733:140153319872384] [error] extension_fix::jk_uri_worker_map.c (580): Could not find worker with name '/var/lib/tomcat7/conf/workers.properties' in uri map post processing.
Our server has been upgraded from Apache 2.2.32->2.4.20, and with that change, my mod_rewrites don't pass-through to Tomcat endpoints any longer.
Here is the Tomcat Load Balancer config:
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
<Proxy balancer://tomcatHttpCluster>
BalancerMember http://localhost:9946 loadfactor=100
</Proxy>
And the rewrite rule of interest:
RewriteCond %{REQUEST_METHOD} POST [NC]
RewriteRule ^/catalog/preferences$ /ac/rest/preferences [B,PT,L,QSA]
And also the Location config which applies to all /ac requests:
<Location /ac/>
ProxyPass balancer://tomcatHttpCluster/ac/ stickysession=JSESSIONID
...
</Location>
If I go directly to the /ac Tomcat endpoint, it works. The Apache log:
mod_rewrite.c(477): [client 10.20.3.63:50485] 10.20.3.63 - - [tesla/sid#caa5f8] [rid#f75c230/initial] pass through /ac/rest/preferences
mod_proxy_balancer.c(73): [client 10.20.3.63:50485] canonicalising URL //tomcatHttpCluster/ac/rest/preferences
mod_lbmethod_byrequests.c(95): AH01207: proxy: Entering byrequests for BALANCER (balancer://tomcathttpcluster)
mod_lbmethod_byrequests.c(142): AH01208: proxy: byrequests selected worker "http://localhost:9946" : busy 0 : lbstatus 0
mod_proxy_balancer.c(614): [client 10.20.3.63:50485] AH01172: balancer://tomcathttpcluster: worker (http://localhost:9946) rewritten to http://localhost:9946/ac/rest/preferences
proxy_util.c(1783): AH00924: worker http://localhost:9946 shared already initialized
proxy_util.c(1825): AH00926: worker http://localhost:9946 local already initialized
mod_proxy.c(1159): [client 10.20.3.63:50485] AH01143: Running scheme balancer handler (attempt 0)
mod_proxy_ajp.c(738): [client 10.20.3.63:50485] AH00894: declining URL http://localhost:9946/ac/rest/preferences
mod_proxy_http.c(1903): [client 10.20.3.63:50485] HTTP: serving URL http://localhost:9946/ac/rest/preferences
proxy_util.c(2158): AH00942: HTTP: has acquired connection for (localhost)
proxy_util.c(2212): [client 10.20.3.63:50485] AH00944: connecting http://localhost:9946/ac/rest/preferences to localhost:9946
proxy_util.c(2421): [client 10.20.3.63:50485] AH00947: connected /ac/rest/preferences to localhost:9946
mod_proxy_http.c(1374): [client 10.20.3.63:50485] Status from backend: 200
mod_proxy_http.c(1048): [client 10.20.3.63:50485] Headers received from backend:
mod_proxy_http.c(1051): [client 10.20.3.63:50485] Server: Apache-Coyote/1.1
mod_proxy_http.c(1051): [client 10.20.3.63:50485] Content-Type: application/json
mod_proxy_http.c(1051): [client 10.20.3.63:50485] Content-Length: 218
mod_proxy_http.c(1051): [client 10.20.3.63:50485] Date: Fri, 28 Oct 2016 00:32:26 GMT
mod_proxy_http.c(1646): [client 10.20.3.63:50485] start body send
proxy_util.c(2173): AH00943: http: has released connection for (localhost)
mod_proxy_http.c(1791): [client 10.20.3.63:50485] end body send
mod_proxy_balancer.c(669): [client 10.20.3.63:50485] AH01176: proxy_balancer_post_request for (balancer://tomcathttpcluster)
BUT. If I try to use the rewrite URL - the rewrite happens...then nothing:
mod_rewrite.c(477): [client 10.20.3.63:50457] 10.20.3.63 - - tesla/sid#c6a5f8rid#dc2a110/initial RewriteCond: input='GET' pattern='GET' [NC] => matched
mod_rewrite.c(477): [client 10.20.3.63:50457] 10.20.3.63 - - tesla/sid#c6a5f8rid#dc2a110/initial rewrite '/catalog/preferences' -> '/ac/rest/preferences'
mod_rewrite.c(477): [client 10.20.3.63:50457] 10.20.3.63 - - tesla/sid#c6a5f8rid#dc2a110/initial forcing '/ac/rest/preferences' to get passed through to next API URI-to-filename handler
I'm no expert at Apache (until now!), but I did try changing the mod_rewrite flags to just [R] and that worked fine. I am not able to make that change on the server because that code is not under my control. I assumed the [PT] rewrite flag would send the rewritten url back through the mod_proxy_balancer and voila, but that doesn't appear to be happening.
Is there something obvious that changed from 2.2 to 2.4 that would cause this? Help! I've been stuck on this for days.
try to use P instead of PT in rewriterule. It works for me.
RewriteRule ^/catalog/preferences$ /ac/rest/preferences [B,P,L,QSA]
I have two apache 2.4 web servers and 2 hybris 5.7.3 appservers. I decided to configure mod_jk 1.2.41 in both web servers with app server loadbalancing. Appservers will run on https only, Can you anyone help me to configure mod_jk for hybris.
Thanks you #Benoit for quick respone. Here is the configuration:
httpd.conf file
LoadModule jk_module /usr/lib64/httpd/modules/mod_jk.so
JkWorkersFile /etc/httpd/conf/workers.properties
# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel debug
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
<VirtualHost *>
ServerAlias www.thaitrade.dev
DocumentRoot /var/www
ServerName webserverurl
JkMount /* loadbalancer
JkMount /status/* status
</VirtualHost>
updated workers.properties config
# workers to contact, that's what you have in your httpd.conf
worker.list=loadbalancer,status
#setup node1
worker.worker1.port=8009
worker.worker1.host=hybrisserver1.ip
worker.worker1.type=ajp13
worker.worker1.lbfactor=50
#setup node2
worker.worker2.port=8009
worker.worker2.host=hybrisserver2.ip
worker.worker2.type=ajp13
worker.worker2.lbfactor=100
#setup the load-balancer
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=worker1,worker2
worker.loadbalancer.sticky_session=True
#worker.loadbalancer.sticky_session_force=True
# Status worker for managing load balancer
worker.status.type=status
and added jvmRoute to server.xml in hybrisserver1
<Engine name="Catalina" defaultHost="localhost" jvmRoute="worker1">
added jvmRoute to server.xml in hybrisserver2
<Engine name="Catalina" defaultHost="localhost" jvmRoute="worker2">
I additionally added below config to server.xml
<Connector protocol="AJP/1.3" port="8010" proxyPort="443" scheme="https" secure="true" />
created a new ssl virtualhost config
Listen 443 https
<VirtualHost *:443>
SSLEngine on
JkMountCopy On
SSLCertificateFile /etc/httpd/conf.d/certificate.crt
SSLCertificateKeyFile /etc/httpd/conf.d/certificate.key
</VirtualHost>
Below are mod_jk errors
[Wed Apr 13 19:29:24 2016] [17689:140131769874496] [debug] jk_translate::mod_jk.c (3855): missing uri map for webservername:/hmc
[Wed Apr 13 19:29:24 2016] [17689:140131769874496] [debug] jk_map_to_storage::mod_jk.c (4023): missing uri map for webservername:/hmc
[Wed Apr 13 19:29:25 2016] [17826:140131769874496] [debug] jk_child_init::mod_jk.c (3474): Initialized mod_jk/1.2.41
[Wed Apr 13 19:29:27 2016] [17689:140131769874496] [debug] jk_translate::mod_jk.c (3855): missing uri map for webservername:/hac
[Wed Apr 13 19:29:27 2016] [17689:140131769874496] [debug] jk_map_to_storage::mod_jk.c (4023): missing uri map for webservername:/hac
that's my configuration.
I didnt received ssl certificates. for time being i will generate self signed certificates and can you please guide me how to add ssl certificates to mod_jk configuration and also do i need to add new worker and worker port in workers.properties file?
Hi #BenoitVanalderweireldt, removed proxyport and added jvmRoute in server.xml and also added x-forwarded-proto in ssl configuration. that's it, the configuration is working now. Thanks for your wonderful support
GitLab can be started and shows as running. When running curl git.myserver.com, this fails with HTTP 503. No interesting entries in the unicorn.stderr.log or unicorn.stdout.log.
Versions:
GitLab 6.5.1
Apache 2.4.6
Ubuntu 13.10
sites-available/git.myserver.com:
<VirtualHost *:80>
ServerName git.myserver.com
DocumentRoot /home/git/gitlab/public
<Directory /home/git/gitlab/public>
AllowOverride All
Options -MultiViews
</Directory>
ProxyPass /uploads !
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost on
</VirtualHost>
config/unicorn.rb:
worker_processes 2
listen "/home/git/gitlab/tmp/sockets/gitlab.socket", :backlog => 64
listen "127.0.0.1:8080", :tcp_nopush => true
timeout 900
config/gitlab.yml:
gitlab:
## Web server settings
host: git.myserver.com
port: 80
https: false
Apache access log file:
SOMEIPADDRESS - - [17/Feb/2014:20:25:20 +0000] "GET / HTTP/1.1" 503 566 "-" "curl/7.32.0"
Apache error log file:
[Mon Feb 17 20:25:08.919614 2014] [proxy_http:error] [pid 1321:tid 139972136904448] [client SOMEIPADDRESS:48578] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon Feb 17 20:25:20.114281 2014] [proxy:error] [pid 2092:tid 140263968208640] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Mon Feb 17 20:25:20.114353 2014] [proxy:error] [pid 2092:tid 140263968208640] AH00959: ap_proxy_connect_backend disabling worker for (127.0.0.1) for 60s
[Mon Feb 17 20:25:20.114364 2014] [proxy_http:error] [pid 2092:tid 140263968208640] [client SOMEIPADDRESS:48580] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
Solved. I had used Ruby 2.1.0 while the install guide tells to use Ruby 2.0.0. Closely re-installed and restored the backup, which now works perfectly.