3

After unzip the tomcat9 package available on tomcat.apache.org, and have the mod_jk configured to this:

workers.tomcat_home=/opt/apache-tomcat-9.0.34
workers.java_home=/opt/jdk-13
ps=/

worker.list=ajp13_worker

worker.ajp13_worker.port=8009
worker.ajp13_worker.host=localhost
worker.ajp13_worker.type=ajp13

When I deploy a WAR to the webapps directory, and try access it, the browser shows this error:

enter image description here

in the mod_jk log, I got this:

[Sat Apr 25 08:45:49.187 2020] [16060:139700132441152] [info] jk_open_socket::jk_connect.c (816): connect to 127.0.0.1:8009 failed (errno=111)
[Sat Apr 25 08:45:49.187 2020] [16060:139700132441152] [info] ajp_connect_to_endpoint::jk_ajp_common.c (1065): (ajp13_worker) Failed opening socket to (127.0.0.1:8009) (errno=111)
[Sat Apr 25 08:45:49.187 2020] [16060:139700132441152] [error] ajp_send_request::jk_ajp_common.c (1725): (ajp13_worker) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111)
[Sat Apr 25 08:45:49.187 2020] [16060:139700132441152] [info] ajp_service::jk_ajp_common.c (2775): (ajp13_worker) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
[Sat Apr 25 08:45:49.187 2020] [16060:139700132441152] [error] ajp_service::jk_ajp_common.c (2796): (ajp13_worker) connecting to tomcat failed (rc=-3, errors=2, client_errors=0).
[Sat Apr 25 08:45:49.187 2020] [16060:139700132441152] [info] jk_handler::mod_jk.c (2991): Service error=-3 for worker=ajp13_worker

my server.xml file has this section uncommented already:

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector protocol="AJP/1.3"
           address="::1"
           port="8009"
           redirectPort="8443" />

if I try access with somethid like http://mydomain:8080/app for a webapp named app, works fine. without the :8080, which should make the access go through the mod_jk, I got the error.

anyone can tell me what is wrong here?

Kleber Mota
  • 93
  • 1
  • 7

3 Answers3

2

Adding secretRequired="false" to the <Connector> in server.xml fixed it for me.

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector protocol="AJP/1.3"
           port="8009"
           redirectPort="8443"
           secretRequired="false" />
Matthias Ronge
  • 437
  • 1
  • 6
  • 17
0

You're trying to connect via IPv4 (127.0.0.1 is the giveaway), but you tell Tomcat to listen on the IPv6 localhost (::1).

Perhaps tell Tomcat to use IPv4 too (tomcat-to-bind-to-ipv4).

Gerard H. Pille
  • 2,469
  • 1
  • 12
  • 10
  • adding the JAVA_OPTS like the answer suggested did nothing, but I try change the address option in the `server.xml` file (to 127.0.0.1 or removing completely), and now the url stays loading for a long while (several minutes) until some feedback. – Kleber Mota Apr 25 '20 at 13:58
  • "some feedback" ??? – Gerard H. Pille Apr 25 '20 at 14:05
  • yeah, like some response from the server. I just get the page almost forever loading – Kleber Mota Apr 25 '20 at 14:09
  • for instance, right now I try access one of webapps deployed, and I think it's almost 10 minutes loading already. – Kleber Mota Apr 25 '20 at 14:10
  • I would call that: no feedback. Check the Tomcat's logs: did it receive your request? Also, we're missing part of the story. Who's listening on port 80? Apache? I believe you've shown us the workers.properties file, but that is not enough. – Gerard H. Pille Apr 25 '20 at 14:17
  • apache2 is listening on port 80. mod-jk is enable on apache. and configured to look out for tomcat on `/opt/apache-tomcat-9.0.34`. which has `ajp13` configured to listen on port 8009. – Kleber Mota Apr 25 '20 at 14:18
  • ok, I made work now. I checked the logs again, and I see some issue with this `secretRequired` attribute, come back to the `server.xml` and change. Now everything is working fine. – Kleber Mota Apr 25 '20 at 14:21
  • You're welcome. – Gerard H. Pille Apr 25 '20 at 19:27
0

I used the following:

setsebool -P httpd_can_network_connect=1

You can use this command to check if it was set correctly:

getsebool -a | grep httpd

You should see:

httpd_can_network_connect --> on
Mike Croteau
  • 101
  • 4