apache/Tomcat:apache 使用 mod_jk 无法访问后端的 Tomcat
Posted
技术标签:
【中文标题】apache/Tomcat:apache 使用 mod_jk 无法访问后端的 Tomcat【英文标题】:apache/Tomcat: Tomcats on backend cannot be reached by apache using mod_jk 【发布时间】:2021-08-07 20:12:35 【问题描述】:尝试将 Tomcat8.5 配置为后端,Apache2.4 用于接收通过 Linux/CentOS 上的 ajp 端口将其重定向到 tomcat 的请求。可以通过 Port 直接访问 tomcats。 8181、8282、8383 和 apache 也可以正常工作。但是,我无法按照配置使用 localhost/app1 ../app2 ../app3 访问 tomcat。我收到“服务不可用错误 503”。 我不明白 mod_jk.log 中的错误消息(例如连接到 tomcat 失败),因为我认为,都已正确配置。
错在哪里?
Tomcat1的server.xml(Tomcat2/3端口偏移+100)
<Connector port="8181" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxThreads="500"
secret="F45A93BF-3AA7-4CB4-E49A-DB34573E4A25"
allowedRequestAttributesPattern=".*"/>
<Connector protocol="AJP/1.3"
address="localhost"
port="8109"
redirectPort="8443" />
httpd.conf
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkLogFile logs/mod_jk.log
JkLogLevel debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
JkMount /app1* tomcat1
JkMount /app2* tomcat2
JkMount /app3* tomcat3
workers.properties:
worker.list=tomcat1,tomcat2,tomcat3
worker.tomcat1.type=ajp13
worker.tomcat1.host=localhost
worker.tomcat1.port=8109
worker.tomcat1.secret=F45A93BF-3AA7-4CB4-E49A-DB34573E4A25
worker.tomcat2.type=ajp13
worker.tomcat2.host=localhost
worker.tomcat2.port=8209
worker.tomcat2.secret=4F5A93BF-3AA7-4CB4-E49A-DB34573E4A52
worker.tomcat3.type=ajp13
worker.tomcat3.host=localhost
worker.tomcat3.port=8309
worker.tomcat3.secret=45FA93BF-3AA7-4CB4-E49A-DB34573EA452
mod_jk.log
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] jk_servlet_normalize::jk_util.c (2184): URI on entering jk_servlet_normalize: [/app1]
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] jk_servlet_normalize::jk_util.c (2278): URI on exiting jk_servlet_normalize: [/app1]
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] map_uri_to_worker_ext::jk_uri_worker_map.c (1167): Attempting to map URI '/app1' from 3 maps
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] find_match::jk_uri_worker_map.c (977): Attempting to map context URI '/app1*=tomcat1' source 'JkMount'
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] find_match::jk_uri_worker_map.c (990): Found a wildchar match '/app1*=tomcat1'
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] jk_handler::mod_jk.c (2821): Into handler jakarta-servlet worker=tomcat1 r->proxyreq=0
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] wc_get_worker_for_name::jk_worker.c (119): found a worker tomcat1
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] wc_maintain::jk_worker.c (352): Maintaining worker tomcat1
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] wc_maintain::jk_worker.c (352): Maintaining worker tomcat2
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] wc_maintain::jk_worker.c (352): Maintaining worker tomcat3
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] wc_get_name_for_type::jk_worker.c (303): Found worker type 'ajp13'
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] init_ws_service::mod_jk.c (1178): Service protocol=HTTP/1.1 method=GET ssl=false host=(null) addr=127.0.0.1 name=localhost port=80 auth=(null) user=(null) laddr=127.0.0.1 raddr=127.0.0.1 uaddr=127.0.0.1 uri=/app1
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] ajp_get_endpoint::jk_ajp_common.c (3356): (tomcat1) acquired connection pool slot=0 after 0 retries
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] ajp_marshal_into_msgb::jk_ajp_common.c (680): (tomcat1) ajp marshaling done
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] ajp_service::jk_ajp_common.c (2587): processing tomcat1 with 2 retries
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] ajp_send_request::jk_ajp_common.c (1718): (tomcat1) no usable connection found, will create a new one.
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] jk_open_socket::jk_connect.c (673): socket TCP_NODELAY set to On
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] jk_open_socket::jk_connect.c (797): trying to connect socket 18 to ::1:8109
[Tue May 18 08:39:27 2021] [67918:139621179135744] [info] jk_open_socket::jk_connect.c (815): connect to ::1:8109 failed (errno=111)
[Tue May 18 08:39:27 2021] [67918:139621179135744] [info] ajp_connect_to_endpoint::jk_ajp_common.c (1064): (tomcat1) Failed opening socket to (::1:8109) (errno=111)
[Tue May 18 08:39:27 2021] [67918:139621179135744] [error] ajp_send_request::jk_ajp_common.c (1724): (tomcat1) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111)
[Tue May 18 08:39:27 2021] [67918:139621179135744] [info] ajp_service::jk_ajp_common.c (2774): (tomcat1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1)
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] ajp_service::jk_ajp_common.c (2623): (tomcat1) retry 1, sleeping for 100 ms before retrying
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] ajp_send_request::jk_ajp_common.c (1718): (tomcat1) no usable connection found, will create a new one.
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] jk_open_socket::jk_connect.c (673): socket TCP_NODELAY set to On
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] jk_open_socket::jk_connect.c (797): trying to connect socket 18 to ::1:8109
[Tue May 18 08:39:27 2021] [67918:139621179135744] [info] jk_open_socket::jk_connect.c (815): connect to ::1:8109 failed (errno=111)
[Tue May 18 08:39:27 2021] [67918:139621179135744] [info] ajp_connect_to_endpoint::jk_ajp_common.c (1064): (tomcat1) Failed opening socket to (::1:8109) (errno=111)
[Tue May 18 08:39:27 2021] [67918:139621179135744] [error] ajp_send_request::jk_ajp_common.c (1724): (tomcat1) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111)
[Tue May 18 08:39:27 2021] [67918:139621179135744] [info] ajp_service::jk_ajp_common.c (2774): (tomcat1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
[Tue May 18 08:39:27 2021] [67918:139621179135744] [error] ajp_service::jk_ajp_common.c (2795): (tomcat1) connecting to tomcat failed (rc=-3, errors=1, client_errors=0).
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] ajp_reset_endpoint::jk_ajp_common.c (847): (tomcat1) resetting endpoint with socket -1 (socket shutdown)
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] ajp_abort_endpoint::jk_ajp_common.c (817): (tomcat1) aborting endpoint with socket -1
[Tue May 18 08:39:27 2021] [67918:139621179135744] [debug] ajp_done::jk_ajp_common.c (3287): recycling connection pool for worker tomcat1 and socket -1
[Tue May 18 08:39:27 2021] [67918:139621179135744] [info] jk_handler::mod_jk.c (2991): Service error=-3 for worker=tomcat1
[Tue May 18 08:39:27 2021] tomcat1 localhost 0.102405
[Tue May 18 08:39:27 2021] [68200:139621321500544] [debug] do_shm_open::jk_shm.c (678): Attached shared memory /usr/local/apache/logs/jk-runtime-status.67915 [5] size=1536 workers=2 free=0 addr=0x7efc1f470000
[Tue May 18 08:39:27 2021] [68200:139621321500544] [debug] do_shm_open_lock::jk_shm.c (472): Duplicated shared memory lock /usr/local/apache/logs/jk-runtime-status.67915.lock
[Tue May 18 08:39:27 2021] [68200:139621321500544] [debug] jk_child_init::mod_jk.c (3474): Initialized mod_jk/1.2.48
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] jk_servlet_normalize::jk_util.c (2184): URI on entering jk_servlet_normalize: [/favicon.ico]
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] jk_servlet_normalize::jk_util.c (2278): URI on exiting jk_servlet_normalize: [/favicon.ico]
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] map_uri_to_worker_ext::jk_uri_worker_map.c (1167): Attempting to map URI '/favicon.ico' from 3 maps
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] find_match::jk_uri_worker_map.c (977): Attempting to map context URI '/app1*=tomcat1' source 'JkMount'
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] find_match::jk_uri_worker_map.c (977): Attempting to map context URI '/app2*=tomcat2' source 'JkMount'
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] find_match::jk_uri_worker_map.c (977): Attempting to map context URI '/app3*=tomcat3' source 'JkMount'
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] jk_translate::mod_jk.c (3970): no match for /favicon.ico found
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] jk_servlet_normalize::jk_util.c (2184): URI on entering jk_servlet_normalize: [/favicon.ico]
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] jk_servlet_normalize::jk_util.c (2278): URI on exiting jk_servlet_normalize: [/favicon.ico]
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] map_uri_to_worker_ext::jk_uri_worker_map.c (1167): Attempting to map URI '/favicon.ico' from 3 maps
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] find_match::jk_uri_worker_map.c (977): Attempting to map context URI '/app1*=tomcat1' source 'JkMount'
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] find_match::jk_uri_worker_map.c (977): Attempting to map context URI '/app2*=tomcat2' source 'JkMount'
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] find_match::jk_uri_worker_map.c (977): Attempting to map context URI '/app3*=tomcat3' source 'JkMount'
[Tue May 18 08:39:29 2021] [68200:139621179135744] [debug] jk_map_to_storage::mod_jk.c (4074): no match for /favicon.ico found
【问题讨论】:
这能回答你的问题吗? (111)Connection refused - Apache Reverse Proxy and Tomcat 8.5.51 - Docker Compose @OlafKock:我在另一篇文章中尝试了解决方案,没有成功。 好吧,根据那篇帖子,您的连接器肯定不正确。请使用所需密码的更改配置编辑您的问题 @OlafKock:完成 将address="localhost"
替换为server.xml
中的address="ip6-localhost"
,将localhost
替换为workers.properties
中的ip6-localhost
(或您在/etc/hosts
中为::1
提供的任何唯一别名):Tomcat不能同时绑定两个地址,所以它监听127.0.0.1
,而Apache HTTP Server 尝试以循环方式连接到::1
和127.0.0.1
。
【参考方案1】:
问题是现在localhost
解析为127.0.0.1
和::1
。一个 Tomcat 连接器只能绑定到一个地址。所以你可以:
-
配置两个AJP连接器并使用
localhost
:
<Executor name="localhost-ajp" namePrefix="ajp-nio-localhost-8109-exec-"/>
<Connector protocol="AJP/1.3"
address="127.0.0.1"
port="8109"
executor="localhost-ajp" />
<Connector protocol="AJP/1.3"
address="::1"
port="8109"
executor="localhost-ajp" />
-
使用解析为单个 IP 的名称,如
ip6-localhost
。
【讨论】:
以上是关于apache/Tomcat:apache 使用 mod_jk 无法访问后端的 Tomcat的主要内容,如果未能解决你的问题,请参考以下文章
Apache Tomcat信息泄露漏洞(CVE-2016-8745)