Category Archives: ajp

Apache Module mod_proxy_ajp load unbalanced

The following is my ajp configuration:

<Proxy balancer://ajpCluster>
  BalancerMember ajp://x.x.x.1:8009 route=a2 timeout=20
  BalancerMember ajp://x.x.x.2:8009 route=a3 timeout=20
  BalancerMember ajp://x.x.x.3:8009 route=a4 timeout=20
  ProxySet lbmethod=bybusyness

CPU usages of a2 and a3 are sometimes more then a4.

After tomcat JVMs monitoring I have found a2 has 391 ajp Threads, a3 has 341 and a4 has 259 ajp Threads.

Nevertheless load balance method is "bybusyness" and ajp maxThreads configuration in all three tomcats are 500, Why do have a2 and a3 more load then a4? Why is there an unbalanced load?

Can I set up a optimally secure connection between Apache and Wildfly?

Setting up a public Wildfly (9.0.2.Final) server, I'm figuring out the alternatives for doing this with or without Apache as a front towards Internet. I'd prefer to use Apache as this solves other problems for me.

I should say: I need to use SSL for securing the data traffic.

I've set up SSL for both Wildfly and Apache.

Looking through blogs and tutorials, I haven't found an alternative that performs SSL between Apache and Wildfly. That would seem to be a preferred choice for me, where there one.

I've tried and configured

  1. Configuring Apache using mod_proxy_ajp. This prohibits me from using SSL between Apache and Wildfly but allow me to close the firewall for 8080 and 8443.

  2. Configuring Apache using mod_proxy_http. This gets me the Exception of no secure port to forward to on the Wildfly side which seems not to have any solutions currently.

  3. Open up the Wildfly ports 8080 and 8443 and letting requsts go directly to a publicly exposed Wildfly, ehich I hear is not recomended.

How are people usually doing this?

Apache in front of Tomcat not working

I am using the following example file: https://tomcat.apache.org/tomcat-7.0-doc/appdev/sample/ and have deployed it on Tomcat.

I want to put Apache in front of Tomcat. I have the following config on my Tomcat's server.xml:

    <Connector port="8081" protocol="HTTP/1.1"
                   connectionTimeout="20000"
                   redirectPort="8443" />

<Connector port="8010" protocol="AJP/1.3" redirectPort="8443" />

My Apache is running on port 80, and my workers.properties looks as follows:

worker.list=jboss,tomcat

worker.jboss.port=8009
worker.jboss.host=127.0.0.1
worker.jboss.type=ajp13

worker.tomcat.port=8010
worker.tomcat.host=127.0.0.1
worker.tomcat.type=ajp13

Note that I also have JBoss running. Then my uriworkermap.properties looks as follows:

/App/*=jboss
/sample/*=tomcat
/sample=tomcat
/sample/=tomcat

The JBoss config works fine. If I go to http://localhost:8081/sample/ my webpage is displayed. But if I go to http://localhost:80/sample/ I get a The Webpage cannot be found error. What am I doing wrong?

This is what http://localhost:8081/sample/ looks like: enter image description here

Shibboleth SP – Reading assertion attributes from Java

I understand that configured attributes will be stored as environment variables by default and will be accessible like

request.getAttribute("Shib-Identity-Provider")

I tried that and after some googling I understood that to access them in Java through AJP.

I need to prefix this

<ApplicationDefaults id="default" policyId="default"
    entityID="https://idp.example.org"
    REMOTE_USER="eppn persistent-id targeted-id"
    signing="false" encryption="false" attributePrefix="AJP_">

I did that but I still keep getting null in my Java application

  • Shib-Identity-Provider - null
  • Shib-Session-ID - null
  • Shib-Application-ID - null

Could someone help me figure out what I am missing to make it work?

How to connect apache http server with apache tomcat

The scenario is as follows. I've tested separately a REST web project in java, with tomcat v6 integrated inside eclipse, and independent from this, I have a web application that I've tested in apache http server 2.2. Everything is being done on local, so, on the same machine, as it was requested, and the idea is when I've tested that everything works, to upload both projects to the business server.

I am having a hard time figuring out the official documentation about this http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html due to my absolute lack of experience, there are more concepts I don't understand or know about than the other way arround.

But what I got from this is that I need a JK module that uses ajp13 protocol. But I found this neat guide https://www.ntu.edu.sg/home/ehchua/programming/howto/ApachePlusTomcat_HowTo.html

that am currently studying and I was wondering if this steps could be done for a tomcat that is INSIDE eclipse. I run the code there so it would save me time if I could test whether the connection works after all this steps are done if I can keep doing this. But conceptually, I am not sure at all.

Is this the correct approach? Is there any easier way to do this? Can this be done with eclipse added to the mix?

JIRA and Confluence both running with AJP protocol – How to?

I have a server running the following apps:

  • JIRA
  • Confluence

Each application has its own subdomain.

  • jira.thelavender.net
  • wiki.thelavender.net

I have managed to get JIRA working with its subdomain by configuring my VirtualHost as follows:

<VirtualHost *:80>
    ServerName jira.thelavender.net

    ProxyRequests Off
    ProxyVia Block
    ProxyPreserveHost On

    <Proxy *>
            Require all granted
    </Proxy>

    ProxyPass /jira http://thelavender.net:8080/jira
    ProxyPassReverse /jira http://thelavender.net:8080/jira

    # JIRA AJP Proxy Configuration:
    <Proxy *>
            Order deny,allow
            Allow from all
    </Proxy>

    ProxyRequests           Off
    ProxyPass               /       ajp://thelavender.net:8009/
    ProxyPassReverse        /       ajp://thelavender.net:8009/
</VirtualHost>

I then copied this configuration, renamed it to confluence.conf, edited the information so it matches that of Confluence. Made sure there was a correct symlink to the sites-enabled directory.

Restarted Apache Restarted Confluence

I can still get to Confluence by going to thelavender.net/wiki but whenever I goto wiki.thelavender.net JIRA ends up loading.

The only thing special I had to do to my JIRA / Tomcat server.xml was uncomment one line:

<Connector port="8009" redirectPort="8443" enableLookups="false" protocol="AJP/1.3" URIEncoding="UTF-8"/>

This line does not exist in the JIRA / Tomcat server.xml Looking at Atlassian documentation, there is no documentation that I have found that specifically talks about configuring Confluence for use with AJP. Documentation for JIRA and AJP exists however.

I thought perhaps adding" <Connector port="8009" redirectPort="8443" enableLookups="false" protocol="AJP/1.3" URIEncoding="UTF-8"/> to my JIRA server.xml would help. Confluence still starts up with no issue but I am still getting the JIRA login page.

What am I missing here?

EDIT

Looking at some other sites, it looked like when people have multiple apps running, they run them on different ports for their AJP config?

JIRA is configured as 8009. Based on that I configured Confluence for 8109. Now when I attempt to load wiki.thelavender.net I get a blank page.

Tailing the other_vhosts_access.log I seem to be getting an HTTP 404 error now: GET / HTTP/1.1" 404. The entire line is:

wiki.thelavender.net:80 xxx.xxx.xxx.xxx - - [23/Jul/2016:15:23:01 -0500] "GET / HTTP/1.1" 404 170 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13F69 Safari/601.1"

FINAL UPDATE

Ok so I went in and edited my virtual host file.

I changed:

ProxyPass               /       ajp://thelavender.net:8109/
ProxyPassReverse        /       ajp://thelavender.net:8109/

to

ProxyPass               /       ajp://thelavender.net:8109/wiki
ProxyPassReverse        /       ajp://thelavender.net:8109/wiki  

Restarted Confluence and now I can get to it by going to wiki.thelavender.net

Of course, everything is served behind /wiki but it works. Is there a specific reason I get a 404 error when its not using /wiki?

apache mod_jk.so start up Permission denied

I am trying to configure mod_jk in Apache 2.2.3 to connect with Tomcat 7. OS is CentOS 5

After all the configuration, while starting the Tomcat 7 I am getting -

Starting httpd: httpd: Syntax error on line 200 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_jk.so into server: /etc/httpd/modules/mod_jk.so: cannot open shared object file: Permission denied

I see the permission is set alright

-rwxr-xr-x 1 root root  266752 Jun  3 19:37 mod_jk.so

I don't know what to do. Can any one please help?

apache mod_jk.so start up Permission denied

I am trying to configure mod_jk in Apache 2.2.3 to connect with Tomcat 7. OS is CentOS 5

After all the configuration, while starting the Apache httpd I am getting -

Starting httpd: httpd: Syntax error on line 200 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_jk.so into server: /etc/httpd/modules/mod_jk.so: cannot open shared object file: Permission denied

I see the permission is set alright

-rwxr-xr-x 1 root root  266752 Jun  3 19:37 mod_jk.so

I don't know what to do. Can any one please help?