Re: error configuring tomcat + apache with mod_jk2
Try an 'apachectl configtest'. With mod_jk2, I don't believe any directives are allowed/permitted in httpd.conf. I was in a similar boat last week, only I'm using Apache 1.3.27. My *understanding* is that you should only Load/Add the module in httpd.conf. The workers2.properties file needs to be in /conf. There is also a jk2.properties file in /home that needs similar entries. I've pasted the relevant portions of my config files below for your reference (this is a working config for me at this time): httpd.conf: ServerName qa-wap1 ServerAlias qa-wap1.sd.mydomain.com ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/httpd/qa-wap1_error_log TransferLog /var/log/httpd/qa-wap1_access_log CustomLog /var/log/httpd/qa-wap1_referer_log referer CustomLog /var/log/httpd/qa-wap1_agent_log agent # RewriteEngine on RewriteLogLevel 0 RewriteRule ^(.*) https://qa-wap1$1 [R=301] ServerName qa-wap1 ServerAlias qa-wap1.sd.mydomain.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /usr/tomcat/webapps/MyCompany ErrorLog /var/log/httpd/qa-wap1_ssl_error_log TransferLog /var/log/httpd/qa-wap1_ssl_access_log CustomLog /var/log/httpd/qa-wap1_ssl_referer_log referer CustomLog /var/log/httpd/qa-wap1_ssl_agent_log agent DirectoryIndex index.htm # SSL Options SSLEngine on SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/certs/qa-wap1.crt SSLCertificateKeyFile /etc/httpd/certs/qa-wap1.key # End SSL Options # Load mod_jk2 LoadModule jk2_module modules/mod_jk2.so AddModule mod_jk2.c workers2.properties: #[logger.apache13] #level=DEBUG [shm] file=/var/log/httpd/shm.file size=1048576 [workerEnv:] info=Global server options timing=1 debug=0 [channel.socket:localhost:8009] port=8009 host=127.0.0.1 # define the worker [ajp13:localhost:8009] channel=channel.socket.localhost:8009 # Uri mapping [uri:/*.jsp] worker=ajp13:localhost:8009 [uri:/*.do] worker=ajp13:localhost:8009 [uri:/servlet/*] worker=ajp13:localhost:8009 [uri:/services/*] worker=ajp13:localhost:8009 server.xml (snip - this is what correlates to the workers2.properties file for mapping to tomcat): jk2.properties: ## THIS FILE MAY BE OVERRIDEN AT RUNTIME. MAKE SURE TOMCAT IS STOPED ## WHEN YOU EDIT THE FILE. ## COMMENTS WILL BE _LOST_ ## DOCUMENTATION OF THE FORMAT IN JkMain javadoc. # Set the desired handler list # handler.list=apr,request,channelJni # # Override the default port for the socketChannel # channelSocket.port=8019 # Default: # channelUnix.file=${jkHome}/work/jk2.socket # Just to check if the the config is working # shm.file=${jkHome}/work/jk2.shm # In order to enable jni use any channelJni directive # channelJni.disabled = 0 # And one of the following directives: # apr.jniModeSo=/opt/apache2/modules/mod_jk2.so # If set to inprocess the mod_jk2 will Register natives itself # This will enable the starting of the Tomcat from mod_jk2 # apr.jniModeSo=inprocess handler.list=request,container,channelSocket channelSocket.port=8009 channelSocket.address=127.0.0.1 channelSocket.maxPort=port+10 Dionisio Ruiz de Zarate wrote: Hello. i am tryinf to cofigure the tomcat 4.1.29 + apache 2.0.47 into one linux machine. for this pourpose i have configure in the apche conf file this: LoadModule jk2_module /usr/lib/apache2/mod_jk2.so JkUriSet worker ajp13:localhost:8009 and into the workers2.properties fiel i have this: [logger.apache2] level=DEBUG [shm] file=/opt/jakarta/tomcat/logs/shm_log.txt size=1048576 [channel.socket:localhost:8009] port=8009 host=127.0.0.1 #definir un worker [ajp13:localhost:8009] channel=channel.socket:localhost:8009 [uri:192.168.1.254/*.jsp] worker=ajp13:localhost:8009 [status:status] [uri:/jkstatus/*] worker=status:status i have compile the mod_jk2.so file but when i try to load one jsp page always it produces the 500 error: Server error! El servidor encontro un error interno y fue imposible completar su solicitud. Existe tambien la posibilidad de que el servidor este sobrecargado o de algĂșn error en un programa de CGI. Favor de contactar al webmaster en caso de que usted crea que existe un error en el servidor. Error 500 192.168.1.1 Mon Nov 10 22:43:08 2003 Apache/2.0.47 (Linux/SuSE) must i to configure the apache conf file (httpd.conf) in other form? must i add some thing? must i cahnge the workers2.properties file? can anybody helpos me? thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Andrew Davis, Fo
Re: apache + tomcat + ssl + mod_rewrite
Thank you. Ironically, I realized I had forgotten a test. After going to a URL the normal way (https://qa-wap1/submitProfile.jsp), then changing the URL in the web browser to http://qa-wap1:80/submitProfile.jsp and reloading, the URL worked. I've mentioned this already. What I hadn't tried was clicking a link within the page. Doing so either took me back to the login screen or generated a 404 error. Interestingly, the actual solution was found from the apache modules mailing list at: [EMAIL PROTECTED] A few replies reminded me that the loading order of modules *is* important. Since modules are loaded from bottom-to-top, I put the mod_jk2 entry above mod_rewrite (so mod_rewrite would load first), then restarted httpd. It now works perfectly. If I change https://qa-wap1/submitProfile.jsp to http://qa-wap1:80/submitProfile.jsp and refresh the browser, it goes back to the https site. AD Erik Wright wrote: If you really believe your mod_rewrite rule is properly configured to "send *ALL* traffic to the same URL but via https" then: I would double/triple check the access.log files to see if the request is actually getting served from the port 80 server. If I visit www.foo.com and then change the address to www.bar.com and then click 'reload' in IE, it reloads www.foo.com. So I suspect that what you are seeing is that the browser is not doing what you expect it to do. Next, I would run a packet sniffer (install ethereal, it's pretty easy) and actually check out the request being sent by your browser to port 80. That should give you a better idea what the problem is. I mean, if you haven't configured your port 80 apache to talk to Tomcat, then the page you are seeing in your browser can't be arriving from port 80... simple as that, no? - Erik Andrew Davis wrote: I have a test server setup with Apache 1.3.27, Tomcat 4.1.27, and mod_jk2. Its all running on RH Linux ES 2.1. Apache is setup on ports 80 & 443. The port 80 config has only the basics defined, then has a mod_rewrite rule to send *ALL* traffic to the same URL but via https. It also has mod_jk2 setup to forward all .jsp & .do requests to tomcat. Tomcat is listening on ports 8080 and 8009. All seems to work fine, but there's a hole. If I go to http://qa-wap1, I am properly redirected to https://qa-wap1. As I login, follow links, etc., I stay on the secure URL. However, if get into a secure URL... say https://qa-wap1/submitProfile.jsp and change the URL in my browser to http://qa-wap1:80/submitProfile.jsp and refresh the browser, the entire page (content and images, both) reloads and looks perfect. The obvious problem is that I just circumvented the secure URL concept. There's a hole somewhere that I haven't been able to plug. This occurs with multiple browsers. Interestingly, I have an almost identical setup using Apache 1.3.26 and Resin via mod_caucho. The mod_rewrite rule is the same, but if I try to substitute the URL as mentioned above, it immediately puts me back on the secure URL as it should. The relevant portions of the config files are below. I'm hoping someone can help me get byond this. Relevant portion of httpd.conf: ServerName qa-wap1 ServerAlias qa-wap1.my.domain.com ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/httpd/qa-wap1_error_log TransferLog /var/log/httpd/qa-wap1_access_log CustomLog /var/log/httpd/qa-wap1_referer_log referer CustomLog /var/log/httpd/qa-wap1_agent_log agent # RewriteEngine on RewriteLogLevel 0 RewriteRule ^(.*) https://qa-wap1$1 [R=301] ServerName qa-wap1 ServerAlias qa-wap1.my.domain.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /usr/tomcat/webapps/Genvault ErrorLog /var/log/httpd/qa-wap1_ssl_error_log TransferLog /var/log/httpd/qa-wap1_ssl_access_log CustomLog /var/log/httpd/qa-wap1_ssl_referer_log referer CustomLog /var/log/httpd/qa-wap1_ssl_agent_log agent DirectoryIndex index.htm # SSL Options SSLEngine on SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/certs/qa-wap1.crt SSLCertificateKeyFile /etc/httpd/certs/qa-wap1.key # End SSL Options # Load mod_jk2 LoadModule jk2_module modules/mod_jk2.so AddModule mod_jk2.c Relevant portion of workers2.properties #[logger.apache13] #level=DEBUG [shm] file=/var/log/httpd/shm.file size=1048576 [workerEnv:] info=Global server options timing=1 debug=0 [channel.socket:localhost:8009] port=8009 host=127.0.0.1 # define the worker [ajp13:localhost:8009] channel=channel.socket.localhost:8009 # Uri mapping [uri:/*.jsp] worker=ajp13:localhost:8009 [uri:/*.do] worker=ajp13:localhost:8009 [uri:/servlet/*] worker=ajp13:localhost:8009 [uri:/services/*] worker=ajp13:localhost:8009 I'm not including my server.xml as I don't think its necessary, but I can if it will help. Most interestingly, I decided to circumvent the problem by setting a different DocumentRoot for the port 80 vhost, and having
Problem with mod_jk2 and ssl
ge the URL (https://qa-wap1/submitProfile.jsp) to http://qa-wap1:80/submitProfile.jsp and refresh the browser, yes, the lock icon goes away. So its not a client caching issue. -- Andrew Davis, Founder SoCalLinuxSolutions [EMAIL PROTECTED] 760-525-4689 SoCalLinuxSolutions.com Linux Consultation & Integration Services - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
apache + tomcat + ssl + mod_rewrite
I have a test server setup with Apache 1.3.27, Tomcat 4.1.27, and mod_jk2. Its all running on RH Linux ES 2.1. Apache is setup on ports 80 & 443. The port 80 config has only the basics defined, then has a mod_rewrite rule to send *ALL* traffic to the same URL but via https. It also has mod_jk2 setup to forward all .jsp & .do requests to tomcat. Tomcat is listening on ports 8080 and 8009. All seems to work fine, but there's a hole. If I go to http://qa-wap1, I am properly redirected to https://qa-wap1. As I login, follow links, etc., I stay on the secure URL. However, if get into a secure URL... say https://qa-wap1/submitProfile.jsp and change the URL in my browser to http://qa-wap1:80/submitProfile.jsp and refresh the browser, the entire page (content and images, both) reloads and looks perfect. The obvious problem is that I just circumvented the secure URL concept. There's a hole somewhere that I haven't been able to plug. This occurs with multiple browsers. Interestingly, I have an almost identical setup using Apache 1.3.26 and Resin via mod_caucho. The mod_rewrite rule is the same, but if I try to substitute the URL as mentioned above, it immediately puts me back on the secure URL as it should. The relevant portions of the config files are below. I'm hoping someone can help me get byond this. Relevant portion of httpd.conf: ServerName qa-wap1 ServerAlias qa-wap1.my.domain.com ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/httpd/qa-wap1_error_log TransferLog /var/log/httpd/qa-wap1_access_log CustomLog /var/log/httpd/qa-wap1_referer_log referer CustomLog /var/log/httpd/qa-wap1_agent_log agent # RewriteEngine on RewriteLogLevel 0 RewriteRule ^(.*) https://qa-wap1$1 [R=301] ServerName qa-wap1 ServerAlias qa-wap1.my.domain.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /usr/tomcat/webapps/Genvault ErrorLog /var/log/httpd/qa-wap1_ssl_error_log TransferLog /var/log/httpd/qa-wap1_ssl_access_log CustomLog /var/log/httpd/qa-wap1_ssl_referer_log referer CustomLog /var/log/httpd/qa-wap1_ssl_agent_log agent DirectoryIndex index.htm # SSL Options SSLEngine on SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/certs/qa-wap1.crt SSLCertificateKeyFile /etc/httpd/certs/qa-wap1.key # End SSL Options # Load mod_jk2 LoadModule jk2_module modules/mod_jk2.so AddModule mod_jk2.c Relevant portion of workers2.properties #[logger.apache13] #level=DEBUG [shm] file=/var/log/httpd/shm.file size=1048576 [workerEnv:] info=Global server options timing=1 debug=0 [channel.socket:localhost:8009] port=8009 host=127.0.0.1 # define the worker [ajp13:localhost:8009] channel=channel.socket.localhost:8009 # Uri mapping [uri:/*.jsp] worker=ajp13:localhost:8009 [uri:/*.do] worker=ajp13:localhost:8009 [uri:/servlet/*] worker=ajp13:localhost:8009 [uri:/services/*] worker=ajp13:localhost:8009 I'm not including my server.xml as I don't think its necessary, but I can if it will help. Most interestingly, I decided to circumvent the problem by setting a different DocumentRoot for the port 80 vhost, and having only a single index.html in the folder and have it do an immediate refresh to the secure URL (https://qa-wap1), plus I removed the rewrite rules. I would think that in doing this, if I change the URL to http://qa-wap1:80/submitProfile.jsp that I should get a 404 error. Unfortunately, I got the same results as above... the page loaded perfectly on the non-secure URL, except for the images. And since I know someone will ask, when I change the URL (https://qa-wap1/submitProfile.jsp) to http://qa-wap1:80/submitProfile.jsp and refresh the browser, yes, the lock icon goes away. So its not a client caching issue. -- Andrew Davis, Founder SoCalLinuxSolutions [EMAIL PROTECTED] 760-525-4689 SoCalLinuxSolutions.com Linux Consultation & Integration Services - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: configuring tomcat 4.1.29 with apache 2 using mod_jk2. HELP me please
All you need for apache and mod_jk2 is the LoadModule line. Then you need a "workers2.properties" file in your /conf directory. You'll need to search on google or the apache.org site for workers2.properties file parameters. AD Dionisio Ruiz de Zarate wrote: Hello. i want to configura my tomcat with apache for using mod_jk2 in my linux suse 9. i know how to configure to use mok_jk, but i must to change to mod_jk2 and i don'tknow .how to make this. for configuring to use the mod jk i configure JkWorkersFile /opt/jakarta/tomcat/conf/workers.properties JkLogFile /opt/jakarta/tomcat/logs/mod_jk.log JkLogLevel error JKMount /*.jsp ajp13 ad i have one w workers.properties file but this configuration with mod_jk2 doesn't run. Can anybody helps me for using the mod_jk2 with tomcat 4.1.29 and apache 2 in one linux SO? can anybody helps me or send one samle configuration? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Andrew Davis, Founder SoCalLinuxSolutions [EMAIL PROTECTED] 760-525-4689 SoCalLinuxSolutions.com Linux Consultation & Integration Services - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with mod_jk2
Thanks... I was able to get everything working. Your help was much appreciated. :) [EMAIL PROTECTED] wrote: On Wed, 5 Nov 2003, Andrew Davis wrote: Thanks. That helps. I'm playing with the options now. I notice, however, that in the examples at: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/configwebex.html there are no options for specifying the path to java or tomcat anymore as there were in the mod_jk workers.properties file. Is this oversight, assumption, or is it simply no longer needed? I believe you will only need the location of java and tomcat if you are trying to do a JNI integration between them. There is a more detailed workers2.properties example in the jakarta-tomcat-connectors-jk2-2.0.2-src/jk/conf directory of the source bundle. It has examples for setting up JNI startup, etc. I haven't used that feature, so I won't be able to offer that much help on it. Jonathan -- Andrew Davis, Founder SoCalLinuxSolutions [EMAIL PROTECTED] 760-525-4689 SoCalLinuxSolutions.com Linux Consultation & Integration Services - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with mod_jk2
Thanks. That helps. I'm playing with the options now. I notice, however, that in the examples at: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/configwebex.html there are no options for specifying the path to java or tomcat anymore as there were in the mod_jk workers.properties file. Is this oversight, assumption, or is it simply no longer needed? AD [EMAIL PROTECTED] wrote: On Wed, 5 Nov 2003, Andrew Davis wrote: I've created a workers.properties file in /usr/jakarta-tomcat-4.1.27/conf/jk. It looks like this: # Setting variables workers.tomcat_home=/usr/tomcat workers.java_home=/usr/java/j2sdk1.4.1_04 ps=/ worker.list=TomcatWorker1 # Settings for TomcatWorker1 worker worker.TomcatWorker1.port=8009 worker.TomcatWorker1.host=localhost worker.TomcatWorker1.type=ajp13 The syntax of the workers file is different for jk2. It should be called workers2.properties and be put in your apache "conf" directory. The documentation is a little light, but you can see the tomcat website for some examples of what it should look like at http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/configwebex.html Lastly, I've added the following to the end of my httpd.conf: # Load mod_jk2 LoadModule jk2_module modules/mod_jk2.so # Configure mod_jk2 JkWorkersFile /etc/httpd/conf/workers2.properties JkLogFile /var/log/httpd/mod_jk.log JkLogLevel info JkMount /usr/tomcat/webapps/Genvault/*.jsp TomcatWorker1 You don't need anything but the "LoadModule" line for jk2. The other stuff is configured in the workers2.properties file. The documentation for this is extremely light, but might be somewhat helpful. Check http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/installhowto.html Jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Andrew Davis, Founder SoCalLinuxSolutions [EMAIL PROTECTED] 760-525-4689 SoCalLinuxSolutions.com Linux Consultation & Integration Services - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem with mod_jk2
Two prefaces... 1) I hope this is the right list. I didn't see one specifically for mod_jk/mod_jk2. 2) I've read all the doc's I can find. I've been reading and trying for the last two days. Please don't send me replies telling me to RTM. The whole reason for my post is that I'm stuck and think I'm dealing with mod_jk docs not being updated for mod_jk2. I have a RH Linux ES 2.1 server. It has apache 1.3.27 installed via RH's up2date. I also have mod_ssl, and a few other mod's. The apache part is up and running correctly on non-standard ports, but I've tested it with local telnets and remotely through a web-browser. Our original configuration on the server was just pure Tomcat (4.1.27) listening on port 80. We wanted to add SSL support (port 443) and split our services at the same time, allowing us to later have Tomcat and Apache on different servers, hence why I installed Apache. I've spent the last two days reading the relevant portions of WROX's "Professional Apache Tomcat" and loads of information on the jakarta.apache.org site. Unfortunately, it seems that a lot of the docs (and my book) are still referencing mod_jk syntax & options and causing me confusion trying to use mod_jk2. My apache and mod_ssl are from RPM, not source. My Tomcat (ver. 4.1.27... need to get this working before going to 4.1.29) is from a binary (jakarta-tomcat-4.1.27.tar.gz). My mod_jk2 is from jakarta-tomcat-connectors-jk2-src-current.tar.gz and was built by cd'ing into ~/jk/native2, then running 'buildconf.sh' and then 'configure --with-apxs=/usr/sbin/apxs'. The file mod_jk2.so was created and I copied it to my modules directory (/usr/lib/apache - stock on RH ES 2.1). I have the following in my server.xml: I've created a workers.properties file in /usr/jakarta-tomcat-4.1.27/conf/jk. It looks like this: # Setting variables workers.tomcat_home=/usr/tomcat workers.java_home=/usr/java/j2sdk1.4.1_04 ps=/ worker.list=TomcatWorker1 # Settings for TomcatWorker1 worker worker.TomcatWorker1.port=8009 worker.TomcatWorker1.host=localhost worker.TomcatWorker1.type=ajp13 Lastly, I've added the following to the end of my httpd.conf: # Load mod_jk2 LoadModule jk2_module modules/mod_jk2.so # Configure mod_jk2 JkWorkersFile /etc/httpd/conf/workers2.properties JkLogFile /var/log/httpd/mod_jk.log JkLogLevel info JkMount /usr/tomcat/webapps/Genvault/*.jsp TomcatWorker1 Here's my problem. When I run "apachectl configtest", I get: [Wed Nov 05 23:27:15 2003] ( info) [mod_jk2.c (208)]: Set serverRoot /etc/httpd Create config for main host Syntax error on line 1499 of /etc/httpd/conf/httpd.conf: Invalid command 'JkWorkersFile', perhaps mis-spelled or defined by a module not included in the server configuration Obviously the module is loading. I even tried the AddModule directive, but it just tells me the module is already loaded. I tried commenting out the 'JkWorkersFile' parameter, but it just errors on the next line: [Wed Nov 05 23:28:56 2003] ( info) [mod_jk2.c (208)]: Set serverRoot /etc/httpd Create config for main host Syntax error on line 1500 of /etc/httpd/conf/httpd.conf: Invalid command 'JkLogFile', perhaps mis-spelled or defined by a module not included in the server configuration Any thoughts on how to get this working? I feel like I'm real close, but missing something obvious. I've searched around google and found a post saying to use jk2.properties instead of workers.properties for mod_jk2. I've tried this and the appropriate path change, but it didn't work. The post also said to put in in apache's conf dir and it will look for it there (/etc/httpd/conf). I tried that and it didn't work either. Reference: http://zarb.org/pipermail/jpackage-discuss/2003-July/002573.html -- Andrew Davis, Founder SoCalLinuxSolutions [EMAIL PROTECTED] 760-525-4689 SoCalLinuxSolutions.com Linux Consultation & Integration Services - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]