Hi.
I have problem with configuration of mod_proxy_ajp, or, rather, I'm
pretty sure my config is good but there is a problem with kernel
persmissions or even mod_proxy_jk?
Here are the details:
OS: Fedora Core 5
Apache: httpd-2.2.0-5.1.2 (Fedora 5 package)
Config:
<Proxy *> # I don't know if it does mather, leave it just in case
Order Deny,Allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /manager/ ajp://localhost:8109/manager/
Problem: httpd cannot connect to 8109 port. Tomcat is listening on that
port (checked with 'telnet localhost 8109' running as 'apache' user).
error_log:
[debug] mod_proxy_ajp.c(44): proxy: AJP: canonicalising URL
//localhost:8109/manager/html
[debug] proxy_util.c(1373): [client 192.168.1.14] proxy: ajp: found worker
ajp://localhost:8109/manager/ for ajp:/ /localhost:8109/manager/html
[debug] mod_proxy.c(736): Running scheme ajp handler (attempt 0)
[debug] mod_proxy_ajp.c(474): proxy: AJP: serving URL
ajp://localhost:8109/manager/html
[debug] proxy_util.c(1754): proxy: AJP: has acquired connection for (localhost)
[debug] proxy_util.c(1811): proxy: connecting ajp://localhost:8109/manager/html
to localhost:8109
[debug] proxy_util.c(1911): proxy: connected /manager/html to localhost:8109
[debug] proxy_util.c(2005): proxy: AJP: fam 2 socket created to connect to
localhost
[error] (13)Permission denied: proxy: AJP: attempt to connect to 127.0.0.1:8109
(localhost) failed
[error] ap_proxy_connect_backend disabling worker for (localhost)
[error] proxy: AJP: failed to make connection to backend: localhost
[debug] proxy_util.c(1769): proxy: AJP: has released connection for (localhost)
And strace of httpd's process:
32429 socket(PF_NETLINK, SOCK_RAW, 0) = 17
32429 bind(17, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
32429 getsockname(17, {sa_family=AF_NETLINK, pid=32429, groups=00000000}, [12])
= 0
32429 time(NULL) = 1155920517
32429 sendto(17, "\24\0\0\0\26\0\1\3\205\362\345D\0\0\0\0\0\0\0\0", 20, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 32429 recvmsg(17,
{msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
msg_iov(1)=[{"<\0\0\0\24\0\2\0\205\362\345D\255~\0\0\2\10\200 \376\1\0"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 128
32429 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
msg_iov(1)=[{"@\0\0\0\24\0\2\0\205\362\345D\255~\0\0\n\200\20 0\376\1"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 128
32429 recvmsg(17, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},
msg_iov(1)=[{"\24\0\0\0\3\0\2\0\205\362\345D\255~\0\0\0\0\0\0 \1\0\0\0"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 20
32429 close(17) = 0
32429 gettimeofday({1155920517, 693251}, NULL) = 0
32429 write(10, "[Fri Aug 18 19:01:57 2006] [debu"..., 147) = 147
32429 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 17
32429 fcntl64(17, F_GETFL) = 0x2 (flags O_RDWR)
32429 fcntl64(17, F_SETFL, O_RDWR|O_NONBLOCK) = 0
32429 gettimeofday({1155920517, 693522}, NULL) = 0
32429 write(10, "[Fri Aug 18 19:01:57 2006] [debu"..., 112) = 112
32429 connect(17, {sa_family=AF_INET, sin_port=htons(8109),
sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EACCES (Permission denied)
32429 close(17) = 0
As far as I can see it is not a problem of apache configuration - if it
would be so, httpd process would not try to connect to 127.0.0.1:8109. I
suppose it is a problem with SOCK_RAW option during creation of socket
which could be prohibited for non-root user by the kernel, but since
apache is by default configured to NOT to run as root - it would mean
there is a serious bug in mod_proxy (honestly - I doubt it).
What's going on, then?
T.I.A.
Richard.
--
"First they ignore you. Then they laugh at you. Then they
fight you. Then you win." - Mohandas Gandhi.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
