On 06/03/2020 06:46, Thomas Glanzmann wrote: <snip/>
> the issue seems to be that mod_jk no longer works without a password > with tomcat7. So you need to set a password on both sites, and than > everything works again. This is not the case. Tomcat can be configured so a secret is not required. > server.xml: > > <Connector port="8109" protocol="AJP/1.3" redirectPort="8443" > secret="verysecure" secretRequired="true"/> > > workers.properties of mod_jk > > worker.tomcat-06.secret=verysecure That won't work when httpd/mod_jk is on a separate host to Tomcat (as per the subject of this thread). > If I do _not_ set a password I'm getting a 403 no matter what I do. That is a configuration issue. The equivalent Tomcat configuration to that quoted above that will not require a password is: <Connector port="8109" protocol="AJP/1.3" redirectPort="8443" secretRequired="false"/> Note: With 7.0.100 if you specify a secret, even an empty string, the client must provide a matching secret irrespective of the setting of secretRequired. secretRequired determines if the secret attribute must be set in the configuration, not whether the client has to provide a secret. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org