RE: mod_jk works as localhost only
Ok, well, I am posting this information to this list in this thread because we kind of got started down the path of SELinux. Fedora Core3 comes with a feature called Security Enhanced Linux. This is a security feature that you may or may not want to have on your server. I chose to enable it, so that is why I am posting this information. The main reason for using SELinux is to have finer grain control over what your processes are doing and how they are doing them. Also this information is output to the logs and is great for auditing. I highly recommend taking the time to read about SELinux if your distro supports it. First of all, I have Apache + Mod_jk on one machine and then tomcat on a separate machine. When I upgraded to SELinux Policy 18, I noticed that apache would not communicate with tomcat using the ajp13 connector. So what do you do? Well you can: 1. Disable SELinux for apache by going into the gui security level settings tool. You have to have a gui installed for this to work. 2. Disable SELinux entirely. Google for this, I can not remember how to do it. 3. Configure your SELinux policy to allow Apache+Mod_JK to work. You can do this my using the audit2allow tool. You also need the selinux-policy-targeted-sources package. Just do a: yum install selinux-policy-targeted-sources audit2allow -d allow httpd_t httpd_log_t:file write; allow httpd_t self:tcp_socket connect; allow mysqld_t ld_so_cache_t:file execute; allow unconfined_t httpd_t:file relabelto; The content above needs to be placed in /etc/selinux/targeted/src/domains/program/apache.te I had to comment out the last two lines because I was not interested in enabling them. The manual on SELinux clearly indicates to analyze the output of audit2allow carefully. Next, cd into the /etc/selinux/targeted/src directory and do: make policy make install make reload Then restart apache and it may work, or it may not. Randall -Original Message- From: Randall Svancara [mailto:[EMAIL PROTECTED] Sent: Monday, June 20, 2005 10:29 AM To: Tomcat Users List Subject: RE: mod_jk works as localhost only Just another side note to this thread. I was applying the SELinux Security Policy patch to my fedora core 3 box today and it broke my apache + mod_jk + tomcat installation. The fedora team must of changed the Security Enhanced Linux Policy preventing mod_jk connecting to an external tomcat server. Policy.18 is the culprit I am sure of it. I will research this some more. But for right now, you will have to turn off SELinux for the httpd daemon. This is easy to do with the GUI tools provided in the security level settings under the SELinux tab. -Original Message- From: Randall Svancara [mailto:[EMAIL PROTECTED] Sent: Friday, June 17, 2005 9:43 AM To: Tomcat Users List; naidim Subject: RE: mod_jk works as localhost only Is it possible for you to send us your mod_jk configuration along with your workers.properties(if you have one)? Randall -Original Message- From: naidim [mailto:[EMAIL PROTECTED] Sent: Thursday, June 16, 2005 12:41 PM To: Tomcat Users List Subject: mod_jk works as localhost only I'm running Apache2.0.52 and Tomcat 5.5.9 on FC3. Both work fine locally and remotely. mod_jk is configured but it only works as localhost. Browsing by name or IP fails to find the files in the webapp directory. What do I need to change so it finds them when browseing remotely? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk works as localhost only
Just another side note to this thread. I was applying the SELinux Security Policy patch to my fedora core 3 box today and it broke my apache + mod_jk + tomcat installation. The fedora team must of changed the Security Enhanced Linux Policy preventing mod_jk connecting to an external tomcat server. Policy.18 is the culprit I am sure of it. I will research this some more. But for right now, you will have to turn off SELinux for the httpd daemon. This is easy to do with the GUI tools provided in the security level settings under the SELinux tab. -Original Message- From: Randall Svancara [mailto:[EMAIL PROTECTED] Sent: Friday, June 17, 2005 9:43 AM To: Tomcat Users List; naidim Subject: RE: mod_jk works as localhost only Is it possible for you to send us your mod_jk configuration along with your workers.properties(if you have one)? Randall -Original Message- From: naidim [mailto:[EMAIL PROTECTED] Sent: Thursday, June 16, 2005 12:41 PM To: Tomcat Users List Subject: mod_jk works as localhost only I'm running Apache2.0.52 and Tomcat 5.5.9 on FC3. Both work fine locally and remotely. mod_jk is configured but it only works as localhost. Browsing by name or IP fails to find the files in the webapp directory. What do I need to change so it finds them when browseing remotely? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk works as localhost only
Is it possible for you to send us your mod_jk configuration along with your workers.properties(if you have one)? Randall -Original Message- From: naidim [mailto:[EMAIL PROTECTED] Sent: Thursday, June 16, 2005 12:41 PM To: Tomcat Users List Subject: mod_jk works as localhost only I'm running Apache2.0.52 and Tomcat 5.5.9 on FC3. Both work fine locally and remotely. mod_jk is configured but it only works as localhost. Browsing by name or IP fails to find the files in the webapp directory. What do I need to change so it finds them when browseing remotely? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk works as localhost only
localhost
www
10.0.0.10
First of all please read the documents of how to install things ...
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/vhosthowto.html
- Original Message -
From: "naidim" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Friday, June 17, 2005 4:59 PM
Subject: Re: mod_jk works as localhost only
Guru suggested it was my server.xml. I had
So I changed Host from localhost to flex.homelinux.org and it works as
flex.homelinux.org, but not as localhost now, and still not by IP.
After a default install of FC3 with httpd, here are the changes I made:
Configure Apache
13 Jun 05
Edit /etc/httpd/conf/httpd.conf
Change ServerAdmin to [email]
Uncomment #ServerName and change host to flex.homelinux.org:80
Verify ServerRoot "/etc/httpd"
Verify DocumentRoot "/var/www/html"
Change UseCanonicalName from Off to On
Restart httpd service
Configure Apache for CGI
13 Jun 05
Edit /etc/httpd/conf/httpd.conf
Change "Options Indexes FollowSymLings" to "Options Indexes Includes
FollowSymLinks SymLinksifOwnerMatch ExecCGI Multiviews"
Change "Allow Override None" to "Allow Override Options Fileinfo
AuthConfig Limit"
Restart httpd service
Change "DirectoryIndex index.html index.html.var" to "DirectoryIndex
index.html index.html.var index.shtml index.cgi index.php index.php3
index.phtml index.htm"
Under AddType application/x-gzip .gz .tgz
Add:
AddType application/x-httpd-php .php .php3 .html .htm
.shtml .phps .fds
Uncoment AddHandler cgi-script .cgi
Add .pl to the end of the line
Restart httpd service
Install Tomcat
13 Jun 05
Download jakarta-tomcat-5.5.9.tar.gz and
jakarta-tomcat-5.5.9-admin.tar.gz from
http://jakarta.apache.org/site/downloads/downloads_tomcat-5.cgi
#tar xvzf jakarta-tomcat-5.5.9.tar.gz
#tar xvzf jakarta-tomcat-5.5.9-admin.tar.gz
#mv jakarta-tomcat-5.5.9 /usr/java
Edit /etc/profile
Add:
CATALINA_HOME=/usr/java/jakarta-tomcat-5.5.9
export CATALINA_HOME
#/usr/java/jakarta-tomcat-5.5.9/bin/startup.sh
Browse to localhost:8080
Open Port 8080 for Tomcat
13 Jun 05
Applications->System Settings->Security Level
Add port 8080:tcp
Autostart Tomcat
#cp /usr/java/jakarta-tomcat-5.5.9/bin/catalina.sh
/etc/init.d/catalina
Edit /etc/init.d/catalina
Add as the last comments at the top
# chkconfig: - 90 15
# description: Jakarta Tomcat Java Servlets and JSP server
Add immediately after the top comments
CATALINA_HOME=/usr/java/jakarta-tomcat-5.5.9
JAVA_HOME=/usr/java/jdk1.5.0_03
status() {
ps ax --width=1000 | grep
"[o]rg.apache.catalina.startup.Bootstrap start" | awk '{printf $1 "
"}' | wc | awk '{print $2}' > /tmp/tomcat_process_count.txt
read line < /tmp/tomcat_process_count.txt
if [ $line -gt 0 ]; then
echo -n "Tomcat ( pid "
ps ax --width=1000 | grep
"[o]rg.apache.catalina.startup.Bootstrap start" | awk '{printf $1 "
"}'
echo -n ") is running..."
echo
else
echo "Tomcat is stopped"
fi
}
Comment out [ -z "$CATALINA_HOME" ] && CATALINA_HOME=`cd
"$PROGDIR/.." ; pwd`
Before echo "Using CATALINA_BASE: $CATALINA_BASE" add
if [ "$1" != "status" ] ; then
After the echo block add "fi"
Add immediately before "else" for if [ "$1" = "debug" ] block
elif [ "$1" = "status" ] ; then
status
elif [ "$1" = "restart" ] ; then
$0 stop
$0 start
Add catalina as a service and turn it on
# chkconfig --add catalina
# chkconfig catalina on
Install mod_jk for Apache/Tomcat connection
Download mod_jk-ap20-1.2.10-1jpp.i386.rpm from
http://www.jpackage.org/rpm.php?id=2456
# rpm -ivh mod_jk-ap20-1.2.10-1jpp.i386.rpm
Configure worker.properties for Apache/Tomcat connection
Edit /usr/java/jakarta-tomcat-5.5.9/conf/worker.properties
Change workers.tomcat_home=/var/tomcat3 to
/usr/java/jakarta-tomcat-5.5.9
Change workers.java_home=/opt/IBMJava2-13 to /usr/java/jdk1.5.0_03
Change worker.list=ajp12, ajp13 to worker.list=ajp13
Comment out all worker.ajp12 lines
Uncomment worker.
Re: mod_jk works as localhost only
Guru suggested it was my server.xml. I had
So I changed Host from localhost to flex.homelinux.org and it works as
flex.homelinux.org, but not as localhost now, and still not by IP.
After a default install of FC3 with httpd, here are the changes I made:
Configure Apache
13 Jun 05
Edit /etc/httpd/conf/httpd.conf
Change ServerAdmin to [email]
Uncomment #ServerName and change host to flex.homelinux.org:80
Verify ServerRoot "/etc/httpd"
Verify DocumentRoot "/var/www/html"
Change UseCanonicalName from Off to On
Restart httpd service
Configure Apache for CGI
13 Jun 05
Edit /etc/httpd/conf/httpd.conf
Change "Options Indexes FollowSymLings" to "Options Indexes Includes
FollowSymLinks SymLinksifOwnerMatch ExecCGI Multiviews"
Change "Allow Override None" to "Allow Override Options Fileinfo
AuthConfig Limit"
Restart httpd service
Change "DirectoryIndex index.html index.html.var" to "DirectoryIndex
index.html index.html.var index.shtml index.cgi index.php index.php3
index.phtml index.htm"
Under AddType application/x-gzip .gz .tgz
Add:
AddType application/x-httpd-php .php .php3 .html .htm
.shtml .phps .fds
Uncoment AddHandler cgi-script .cgi
Add .pl to the end of the line
Restart httpd service
Install Tomcat
13 Jun 05
Download jakarta-tomcat-5.5.9.tar.gz and
jakarta-tomcat-5.5.9-admin.tar.gz from
http://jakarta.apache.org/site/downloads/downloads_tomcat-5.cgi
#tar xvzf jakarta-tomcat-5.5.9.tar.gz
#tar xvzf jakarta-tomcat-5.5.9-admin.tar.gz
#mv jakarta-tomcat-5.5.9 /usr/java
Edit /etc/profile
Add:
CATALINA_HOME=/usr/java/jakarta-tomcat-5.5.9
export CATALINA_HOME
#/usr/java/jakarta-tomcat-5.5.9/bin/startup.sh
Browse to localhost:8080
Open Port 8080 for Tomcat
13 Jun 05
Applications->System Settings->Security Level
Add port 8080:tcp
Autostart Tomcat
#cp /usr/java/jakarta-tomcat-5.5.9/bin/catalina.sh /etc/init.d/catalina
Edit /etc/init.d/catalina
Add as the last comments at the top
# chkconfig: - 90 15
# description: Jakarta Tomcat Java Servlets and JSP server
Add immediately after the top comments
CATALINA_HOME=/usr/java/jakarta-tomcat-5.5.9
JAVA_HOME=/usr/java/jdk1.5.0_03
status() {
ps ax --width=1000 | grep
"[o]rg.apache.catalina.startup.Bootstrap start" | awk '{printf $1 "
"}' | wc | awk '{print $2}' > /tmp/tomcat_process_count.txt
read line < /tmp/tomcat_process_count.txt
if [ $line -gt 0 ]; then
echo -n "Tomcat ( pid "
ps ax --width=1000 | grep
"[o]rg.apache.catalina.startup.Bootstrap start" | awk '{printf $1 "
"}'
echo -n ") is running..."
echo
else
echo "Tomcat is stopped"
fi
}
Comment out [ -z "$CATALINA_HOME" ] && CATALINA_HOME=`cd
"$PROGDIR/.." ; pwd`
Before echo "Using CATALINA_BASE: $CATALINA_BASE" add
if [ "$1" != "status" ] ; then
After the echo block add "fi"
Add immediately before "else" for if [ "$1" = "debug" ] block
elif [ "$1" = "status" ] ; then
status
elif [ "$1" = "restart" ] ; then
$0 stop
$0 start
Add catalina as a service and turn it on
# chkconfig --add catalina
# chkconfig catalina on
Install mod_jk for Apache/Tomcat connection
Download mod_jk-ap20-1.2.10-1jpp.i386.rpm from
http://www.jpackage.org/rpm.php?id=2456
# rpm -ivh mod_jk-ap20-1.2.10-1jpp.i386.rpm
Configure worker.properties for Apache/Tomcat connection
Edit /usr/java/jakarta-tomcat-5.5.9/conf/worker.properties
Change workers.tomcat_home=/var/tomcat3 to /usr/java/jakarta-tomcat-5.5.9
Change workers.java_home=/opt/IBMJava2-13 to /usr/java/jdk1.5.0_03
Change worker.list=ajp12, ajp13 to worker.list=ajp13
Comment out all worker.ajp12 lines
Uncomment worker.ajp13.cachesize and add =20
Change worker.loadbalancer.balanced_workers=ajp12, ajp13 to just ajp13
Configure server.xml for Apache/Tomcat connection
Edit /usr/java/jakarta-tomcat-5.5.9/conf/server.xml
Below the line add
Below the line add
Restart Tomcat
Verify /usr/java/jakarta-tomcat-5.5.9/conf/auto/mod_jk.conf is created
Disable SELinux for httpd
Applications->System Settings->Securty Level
Check Disable SELinux protection for httpd daemon
Configure httpd.conf for Apache/Tomcat connection
Edit /etc/httpd/conf/httpd.conf
Below the last LoadModule line add
Include "/usr/java/jakarta-tomcat-5.5.9/conf/auto/mod_jk.con
RE: mod_jk works as localhost only
Have you turned off iptables. /etc/init.d/iptables stop That will kill the firewall rules that is built in to Fedora Core3. Randall -Original Message- From: naidim [mailto:[EMAIL PROTECTED] Sent: Thursday, June 16, 2005 12:41 PM To: Tomcat Users List Subject: mod_jk works as localhost only I'm running Apache2.0.52 and Tomcat 5.5.9 on FC3. Both work fine locally and remotely. mod_jk is configured but it only works as localhost. Browsing by name or IP fails to find the files in the webapp directory. What do I need to change so it finds them when browseing remotely? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk works as localhost only
According to your httpd.conf your servername is flex.homelinux.org:80 Seems that your server.xml is wrong ... Change to and try http://flex.homelinux.org:80/RegardsGuru- Original Message - From: "Gurumoorthy" <[EMAIL PROTECTED]> To: "Tomcat Users List" ; "naidim" <[EMAIL PROTECTED]> Sent: Thursday, June 16, 2005 11:28 PM Subject: Re: mod_jk works as localhost only > send me the httpd.conf and the server.xml and worker.properties ... i will > have a look ... > > Regards > guru > - Original Message - > From: "naidim" <[EMAIL PROTECTED]> > To: "Tomcat Users List" > Sent: Thursday, June 16, 2005 7:40 PM > Subject: mod_jk works as localhost only > > > I'm running Apache2.0.52 and Tomcat 5.5.9 on FC3. Both work fine > locally and remotely. > > mod_jk is configured but it only works as localhost. Browsing by name > or IP fails to find the files in the webapp directory. What do I need > to change so it finds them when browseing remotely? > > Thanks > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk works as localhost only
send me the httpd.conf and the server.xml and worker.properties ... i will have a look ... Regards guru - Original Message - From: "naidim" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Thursday, June 16, 2005 7:40 PM Subject: mod_jk works as localhost only I'm running Apache2.0.52 and Tomcat 5.5.9 on FC3. Both work fine locally and remotely. mod_jk is configured but it only works as localhost. Browsing by name or IP fails to find the files in the webapp directory. What do I need to change so it finds them when browseing remotely? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk works as localhost only
It's not a firewall blocking it as far as I can tell, but I tried your suggestion with no change. Locally, I can browse localhost, localhost:8080, localhost:8080/jsp-examples and localhost/jsp-examples, showing that mod_jk is working okay. However, also locally, I can also browse by ip, ip:8080, ip:8080/jsp-examples, I CANNOT browse ip/jsp-examples. I get The requested URL /jsp-examples/ was not found on this server. Remotely I get the same results. On 6/16/05, Randall Svancara <[EMAIL PROTECTED]> wrote: > Have you turned off iptables. > > /etc/init.d/iptables stop > > That will kill the firewall rules that is built in to Fedora Core3. > > Randall > > -Original Message- > From: naidim [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 16, 2005 12:41 PM > To: Tomcat Users List > Subject: mod_jk works as localhost only > > I'm running Apache2.0.52 and Tomcat 5.5.9 on FC3. Both work fine > locally and remotely. > > mod_jk is configured but it only works as localhost. Browsing by name > or IP fails to find the files in the webapp directory. What do I need > to change so it finds them when browseing remotely? > > Thanks > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mod_jk works as localhost only
I'm running Apache2.0.52 and Tomcat 5.5.9 on FC3. Both work fine locally and remotely. mod_jk is configured but it only works as localhost. Browsing by name or IP fails to find the files in the webapp directory. What do I need to change so it finds them when browseing remotely? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
