Win a copy of TensorFlow 2.0 in Action this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Paul Clapham
  • Bear Bibeault
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • salvin francis
  • Scott Selikoff
  • fred rosenberger

getting the mod_jk modules to work in Tomcat on Fedora 32

 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I just installed a new faster machine (SSD) and cannot get mod_jk to work.
I can use my webapp with port 8080 but not with port 80 no matter what I try
 (locally and from another machine too).
I can address the machine by IP, name, and on the same box "localhost" as expected.

I had a similar problem a several years back and it turned out to be httpd fighting selinux.
So I had the setroubleshooter up when I tried this again. No violations appeared.

I am baffled. I have compared all the httpd and mod_jk files carefully with a working box.
The only difference I see is the IP address in ServerName in httpd.conf
 and YES they should be different as the machines have different fixed IPs.
I also installed mod_ssl on the new machine as I saw the error in the log,
 bhen noticed that the old machine was fine with that error.
I can remove this, but doubt it matters.

I played with opening ports in the firewall until I noticed that all the ports needed
are by default open in FedoraWorkstation (not FedoraServer where I was opening them)
  AND on the other machine none of these ports were explicitly opened in FedoraServer.
Yes http and https services are enabled, of course.

I hate to go to mod_proxy as the net speaks that mod_jk is actually a better option,
but unless I can fix this, it is that or nginx (or hard set 8080 to 80 for tomcat).

Any clues PLEASE
   - both machines are running fully patched fedora 5.8.12-200.fc32.x86_64

I even ran the below commands as I did years ago to fix selinux
    --- (then I was getting setroubleshooter complaints which I DO NOT GET NOW!)
    --->  but they did not seem to change anything this time:
 cd /tmp  # so files go away when done
 /sbin/restorecon -v /etc/httpd/conf.d/workers.properties
 setsebool -P httpd_can_network_connect 1
 setsebool -P httpd_graceful_shutdown 1
 setsebool -P httpd_can_network_relay 1
 setsebool -P nis_enabled 1
 ausearch -c 'httpd' --raw | audit2allow -M my-httpd
 semodule -i my-httpd.pp

Below are the excerpts from the files controlling mod_jk and httpd, and the error log

# egrep -v "^$|^#" /etc/httpd/conf.modules.d/02-tomcat.conf
LoadModule jk_module modules/mod_jk.so
JkWorkersFile /etc/httpd/conf.d/workers.properties
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel error
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
JkMount /ledger wrkr
JkMount /ledger/* wrkr

--- these are the ONLY 2 lines I change from the default script
# egrep "^ServerName|^Listen" /etc/httpd/conf/httpd.conf
Listen 80
ServerName 192.168.101.103

# egrep -v "^$|^#"  /etc/httpd/conf.d/workers.properties
ps=/
worker.list=wrkr
worker.wrkr.port=8009
worker.wrkr.host=localhost
worker.wrkr.type=ajp13
worker.wrkr.socket_timeout=300

# ls -l /usr/lib64/httpd/modules/*jk*
lrwxrwxrwx. 1 root root 20 Oct  4 13:57 /usr/lib64/httpd/modules/mod_jk.so -> /local/lib/mod_jk.so
# ls -lL !$
ls -lL /usr/lib64/httpd/modules/*jk*
-rwxr-xr-x. 1 root root 1364871 Feb  6  2013 /usr/lib64/httpd/modules/mod_jk.so

  ---- here is what I see for the logs (nothing unusual - same on other box)
    EXCEPT I installed mod_ssl here and am NOT getting that error
      (did not need that, error on old machine is fine - does not cause a problem)

#  ls -l /var/log/httpd; echo; cat /var/log/httpd/error_log # I removed the dates to shorten
total 12
-rw-r--r--. 1 root root    0 Oct  7 11:40 access_log
-rw-r--r--. 1 root root 2261 Oct  7 12:00 error_log
-rw-r--r--. 1 root root 1024 Oct  7 12:00 jk-runtime-status.1030
-rw-r--r--. 1 root root    1 Oct  7 12:00 jk-runtime-status.1030.lock
-rw-r--r--. 1 root root    0 Oct  7 11:40 jk-runtime-status.1174
-rw-r--r--. 1 root root    0 Oct  7 11:40 jk-runtime-status.1190
-rw-r--r--. 1 root root    0 Oct  7 11:40 mod_jk.log
-rw-r--r--. 1 root root    0 Oct  7 11:40 ssl_access_log
-rw-r--r--. 1 root root  672 Oct  7 12:00 ssl_error_log
-rw-r--r--. 1 root root    0 Oct  7 11:40 ssl_request_log

[12:00:59.555272 2020] [core:notice] [pid 1030:tid 1030] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[12:00:59.559165 2020] [suexec:notice] [pid 1030:tid 1030] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[12:00:59.565515 2020] [jk:warn] [pid 1030:tid 1030] No JkShmFile defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
[12:00:59.578383 2020] [lbmethod_heartbeat:notice] [pid 1030:tid 1030] AH02282: No slotmem from mod_heartmonitor
[12:00:59.578914 2020] [jk:warn] [pid 1030:tid 1030] No JkShmFile defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
[12:00:59.581767 2020] [mpm_event:notice] [pid 1030:tid 1030] AH00489: Apache/2.4.46 (Fedora) OpenSSL/1.1.1g mod_jk/1.2.37 configured -- resuming normal operations
[12:00:59.581787 2020] [core:notice] [pid 1030:tid 1030] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

for completeness the ssl_error.log from httpd logs
12:00:59.561974] [ssl:warn] [pid 1030:tid 1030] AH01909: 192.168.101.103:443:0 server certificate does NOT include an ID which matches the server name
[12:00:59.5782420] [ssl:warn] [pid 1030:tid 1030] AH01909: 192.168.101.103:443:0 server certificate does NOT include an ID which matches the server name
 
Saloon Keeper
Posts: 22678
153
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a few "ghost" conditions where selinux seems to block things but doesn't log, so you might try "setenforce 0" to temporarily turn off selinux. Also, of course, check the mundane file access rights just to be sure.

I have been led to believe that mod_jk may be better for high performance and balancing to multiple backend Tomcats, but mod_proxy has been easier for me to deal with. These days I use nginx, which I find easier still and supposedly it's faster than Apache.

So you have some options there. I'll see if I can find anything in your posting that looks worth checking though.
 
Tim Holloway
Saloon Keeper
Posts: 22678
153
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yeah. About this:

log wrote:
server certificate does NOT include an ID which matches the server name



Also, details on "does not work". Actual error messages from the client, please. And don't forget to check Tomcat's catalina.out and localhost logs!
 
Ray Holme
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1) removed "mod_ssl" (not needed) and the ssl log files - no changes

2) I did try changing the selinux to "permissive" and re-booted
  did not get any error messages (as I did the first time I saw this error)

---
So I guess I will go to nginx tomorrow when I give up - 2 days to keep this simple mod_jk config going is just too much.

I would have liked to make it work as I have been using it for a LONG time and managed to beat it before (was definitely selinux then).

I now get NO error messages in mod_jk.log but the jk-runtime-status files are there.
 
Ray Holme
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
going to nginx - bailing on mod_jk
 
sunglasses are a type of coolness prosthetic. Check out the sunglasses on this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic