I'm not an AJP expert, but I suspect:
- You're telling AJP to use a secure connection between httpd and Tomcat;
- The Tomcat connector on port 8443 is a SSL connector, not an AJP connector;
- AJP is getting confused.
I believe you should only need to configure one worker (the one on
8009); AJP is capable of passing through the information as to whether
or not the data arrived securely or not at httpd.
I suspect you'll get a better answer once the States wakes up, but
that's my guess.
- Peter
2010/1/22 Matt Turner <m4tt_tur...@hotmail.com>:
>
> Hi All,
>
>
>
> I have an existing Apache 2.0.52 installation, and a new tomcat 6.0.20
> installation.
>
> They are both sitting on the same Linux box - uname -a returns the following:
>
> Linux [machine name] 2.6.9-55.ELsmp #1 SMP Fri Apr 20 16:36:54 EDT 2007
> x86_64 x86_64 x86_64 GNU/Linux
>
>
>
> I'd like if possible to add mod_jk to enable the two to talk to each other,
> without fiddling with the existing tomcat / apache versions.
>
>
>
> So far I've build mod_jk 1.2.28 from source on the destination machine, and
> set up the following workers:
>
>
>
> (in apache conf)
>
> <IfModule mod_jk.c>
> JkWorkersFile /etc/httpd/conf/workers.properties
>
> JkLogFile /etc/httpd/logs/mod_jk.log
>
> JkLogLevel debug
>
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>
> JkWorkersFile /etc/httpd/conf/workers.properties
>
> JkLogFile /etc/httpd/logs/mod_jk.log
>
> JkLogLevel debug
>
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>
> JkRequestLogFormat "%w %V %T"
>
> JkOptions +ForwardURICompatUnparsed
>
> JkExtractSSL On
> JkHTTPSIndicator HTTPS
> JkSESSIONIndicator SSL_SESSION_ID
> JkCIPHERIndicator SSL_CIPHER
> JkCERTSIndicator SSL_CLIENT_CERT
> </IfModule>
>
>
>
> (in apache conf, inside a virtual host)
>
> SSLEngine on
> SSLCertificateFile /etc/httpd/conf/<filename>
>
> SSLCertificateKeyFile /etc/httpd/conf/<filename>
>
> SSLCACertificateFile /etc/httpd/conf/<filename>
>
> JkMount /* tomcatssl
>
>
>
> (in workers.properties)
>
> # ------------------------
> # First tomcat server
> # ------------------------
> worker.tomcat1.port=8009
> worker.tomcat1.host=10.13.0.218
> worker.tomcat1.type=ajp13
> worker.tomcat1.lbfactor=50
>
> #---------------------
> # SSL tomcat server
> #---------------------
> worker.tomcatssl.port=8443
> worker.tomcatssl.host=10.13.0.218
> worker.tomcatssl.type=ajp13
> worker.tomcatssl.lbfactor=50
>
>
>
>
>
> However when I kick things off and visit a URL matching the above virtual
> host, I get the following error message in mod_jk.log:
>
>
>
> [Thu Jan 21 18:51:07 2010] [303:2537062720] [info] init_jk::mod_jk.c (3183):
> mod_jk/1.2.28 initialized
> [Thu Jan 21 18:51:30 2010] [30428:2537062720] [error]
> ajp_connection_tcp_get_message::jk_ajp_common.c (1172): wrong message format
> 0x1503 from 10.13.0.218:8443
>
>
>
>
>
> Looking at jk_ajp_common.c I can see the following @ line 1172:
>
>
>
>
> if (ae->proto == AJP13_PROTO) {
> if (header != AJP13_SW_HEADER) {
>
> if (header == AJP14_SW_HEADER) {
> jk_log(l, JK_LOG_ERROR,
> "received AJP14 reply on an AJP13 connection from %s",
> jk_dump_hinfo(&ae->worker->worker_inet_addr, buf));
> }
> else {
> jk_log(l, JK_LOG_ERROR,
> "wrong message format 0x%04x from %s",
> header, jk_dump_hinfo(&ae->worker->worker_inet_addr,
> buf));
> }
>
>
>
>
>
> So it seems the error has something do with AJP13 headers not being as
> expected.
>
>
>
> Could anyone confirm that the 3 version numbers (2.0.52, 1.2.28, 6.0.20) are
> compatible together ?
>
>
>
> If so - any ideas what might be going on here ?
>
>
>
>
>
>
>
> thanks,
>
>
>
> matt.
>
> _________________________________________________________________
> Tell us your greatest, weirdest and funniest Hotmail stories
> http://clk.atdmt.com/UKM/go/195013117/direct/01/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
