All,
I am attempting to set up a proxy using mod_jk to a backend Tomcat
application. I have switched to using mod_jk from mod_proxy_http as the
application recommends using AJP and I've read that mod_jk provides more
funtionality than mod_proxy_ajp. Here is the layout:
+---------------------+
| Firewall Public |
+---------------------+
+-------------------------------------------+
| +------+ +-------+ +-------+ |
| | httpd| | httpd | | httpd | |
| | 1 | | 2 | | 3 | |
| +------+ +-------+ +-------+ |
+-------------------------------------------+
+----------------------+
| Firewall Private |
+----------------------+
+------------------------------+
| +--------+ +---------+ |
| | tomcat | |tomcat | |
| | 1 | | 2 | |
| +--------+ +---------+ |
+------------------------------+
The SSL termination will be handled at the public firewall level and pass
requests to app.example.com back to one of the 3 proxy servers on port 80.
Here is what I have for my httpd.conf file (on all 3 nodes):
<BEGIN httpd.conf>
Listen 80
LoadModule systemd_module modules/mod_systemd.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule jk_module modules/mod_jk.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule mpm_event_module modules/mod_mpm_event.so
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
ErrorLog "logs/error_log"
TransferLog "logs/access_log"
LogLevel debug
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" \"%{JSESSIONID}C\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" \"%{JSESSIONID}C\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
JkWorkersFile "/etc/httpd/conf/workers.properties"
JkShmFile "logs/mod_jk.shm"
JkLogFile "logs/mod_jk.log"
<VirtualHost *:80>
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName app.example.com
JkLogFile "logs/app.log"
JkLogLevel debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkMount /application lb
</VirtualHost>
<END httpd.conf>
And workers.properties:
<BEGIN workers.properties>
worker.list=node1, node2, lb
worker.node1.port=8009
worker.node1.host=app1.example.com
worker.node1.type=ajp13
worker.node1.lbfactor=1
worker.node2.port=8009
worker.node2.host=app2.example.com
worker.node2.type=ajp13
worker.node2.lbfactor=1
worker.lb.type=lb
worker.lb.balance_workers=node1,node2
<END workers.properties>
On the Tomcat side I have defined:
app1.example.com:
<Engine name="Catalina" defaultHost="localhost" jvmRoute="node1">
app2.example.com:
<Engine name="Catalina" defaultHost="localhost" jvmRoute="node2">
I do see the session ID and node{1,2} in the access logs even though the
configuration does not work. Here is what I see in the error log:
[Tue Mar 06 15:39:47 2018] [109410:140304114849536] [debug]
map_uri_to_worker_ext::jk_uri_worker_map.c (1185): Attempting to map URI
'/' from 1 maps
[Tue Mar 06 15:39:47 2018] [109410:140304114849536] [debug]
find_match::jk_uri_worker_map.c (980): Attempting to map context URI
'/application=lb' source 'JkMount'
[Tue Mar 06 15:39:47 2018] [109410:140304114849536] [debug]
jk_translate::mod_jk.c (3977): no match for / found
What I would like to configure is for the URL https://app.example.com to
work without adding the https://app.example.com/application path as the
actual application needs. Going directly to either node1 or node2 directly
with full URL works fine.
I appreciate any guidance, I hope I have not confused my needs too much.
Thanks in advance..
HB
