I just installed a new faster machine (SSD) and cannot get mod_jk to work.
I can use my webapp with port 8080 but not with port 80 no matter what I try
(locally and from another machine too).
I can address the machine by IP, name, and on the same box "localhost" as expected.
I had a similar problem a several years back and it turned out to be httpd fighting selinux.
So I had the setroubleshooter up when I tried this again. No violations appeared.
I am baffled. I have compared all the httpd and mod_jk files carefully with a working box.
The only difference I see is the IP address in ServerName in httpd.conf
and YES they should be different as the machines have different fixed IPs.
I also installed mod_ssl on the new machine as I saw the error in the log,
bhen noticed that the old machine was fine with that error.
I can remove this, but doubt it matters.
I played with opening ports in the firewall until I noticed that all the ports needed
are by default open in FedoraWorkstation (not FedoraServer where I was opening them)
AND on the other machine none of these ports were explicitly opened in FedoraServer.
Yes http and https services are enabled, of course.
I hate to go to mod_proxy as the net speaks that mod_jk is actually a better option,
but unless I can fix this, it is that or nginx (or hard set 8080 to 80 for tomcat).
Any clues PLEASE
- both machines are running fully patched fedora 5.8.12-200.fc32.x86_64
I even ran the below commands as I did years ago to fix selinux
--- (then I was getting setroubleshooter complaints which I DO NOT GET NOW!)
---> but they did not seem to change anything this time:
cd /tmp # so files go away when done
/sbin/restorecon -v /etc/httpd/conf.d/workers.properties
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_graceful_shutdown 1
setsebool -P httpd_can_network_relay 1
setsebool -P nis_enabled 1
ausearch -c 'httpd' --raw | audit2allow -M my-httpd
semodule -i my-httpd.pp
Below are the excerpts from the files controlling mod_jk and httpd, and the error log
# ls -l /usr/lib64/httpd/modules/*jk*
lrwxrwxrwx. 1 root root 20 Oct 4 13:57 /usr/lib64/httpd/modules/mod_jk.so -> /local/lib/mod_jk.so
# ls -lL !$
ls -lL /usr/lib64/httpd/modules/*jk*
-rwxr-xr-x. 1 root root 1364871 Feb 6 2013 /usr/lib64/httpd/modules/mod_jk.so
---- here is what I see for the logs (nothing unusual - same on other box)
EXCEPT I installed mod_ssl here and am NOT getting that error
(did not need that, error on old machine is fine - does not cause a problem)
# ls -l /var/log/httpd; echo; cat /var/log/httpd/error_log # I removed the dates to shorten
-rw-r--r--. 1 root root 0 Oct 7 11:40 access_log
-rw-r--r--. 1 root root 2261 Oct 7 12:00 error_log
-rw-r--r--. 1 root root 1024 Oct 7 12:00 jk-runtime-status.1030
-rw-r--r--. 1 root root 1 Oct 7 12:00 jk-runtime-status.1030.lock
-rw-r--r--. 1 root root 0 Oct 7 11:40 jk-runtime-status.1174
-rw-r--r--. 1 root root 0 Oct 7 11:40 jk-runtime-status.1190
-rw-r--r--. 1 root root 0 Oct 7 11:40 mod_jk.log
-rw-r--r--. 1 root root 0 Oct 7 11:40 ssl_access_log
-rw-r--r--. 1 root root 672 Oct 7 12:00 ssl_error_log
-rw-r--r--. 1 root root 0 Oct 7 11:40 ssl_request_log
[12:00:59.555272 2020] [core:notice] [pid 1030:tid 1030] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[12:00:59.559165 2020] [suexec:notice] [pid 1030:tid 1030] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[12:00:59.565515 2020] [jk:warn] [pid 1030:tid 1030] No JkShmFile defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
[12:00:59.578383 2020] [lbmethod_heartbeat:notice] [pid 1030:tid 1030] AH02282: No slotmem from mod_heartmonitor
[12:00:59.578914 2020] [jk:warn] [pid 1030:tid 1030] No JkShmFile defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
[12:00:59.581767 2020] [mpm_event:notice] [pid 1030:tid 1030] AH00489: Apache/2.4.46 (Fedora) OpenSSL/1.1.1g mod_jk/1.2.37 configured -- resuming normal operations
[12:00:59.581787 2020] [core:notice] [pid 1030:tid 1030] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
for completeness the ssl_error.log from httpd logs
12:00:59.561974] [ssl:warn] [pid 1030:tid 1030] AH01909: 192.168.101.103:443:0 server certificate does NOT include an ID which matches the server name
[12:00:59.5782420] [ssl:warn] [pid 1030:tid 1030] AH01909: 192.168.101.103:443:0 server certificate does NOT include an ID which matches the server name
I have a few "ghost" conditions where selinux seems to block things but doesn't log, so you might try "setenforce 0" to temporarily turn off selinux. Also, of course, check the mundane file access rights just to be sure.
I have been led to believe that mod_jk may be better for high performance and balancing to multiple backend Tomcats, but mod_proxy has been easier for me to deal with. These days I use nginx, which I find easier still and supposedly it's faster than Apache.
So you have some options there. I'll see if I can find anything in your posting that looks worth checking though.
"privilege" comes from the Latin words for "private" and "law" (legal) and dates to feudal times. To "claim privilege" meant that you were above the laws that applied to the common people.