Unable to connect from apache to tomcat server - apache

Application is not working and failing with below reason. Could someone please help on this.
connectivity apache -> tomcat
Error logs
[Mon Sep 10 03:00:07.123556 2018] [proxy_ajp:error] [pid 12345]
(104)Connection reset by peer: AH01030: ajp_ilink_receive() can't
receive header
ssl_error_log
[Mon Sep 10 03:00:07.123456 2018] [proxy_ajp:error] [pid 12345]
[client 10.10.34.901:56789] AH00992: ajp_read_header:
ajp_ilink_receive failed,
Tomcat configuration
<Connector port="8009"
protocol="AJP/1.3"
maxConnections="256"
keepAliveTimeout="30000"
redirectPort="8443">
Apache configuration
ProxyPass / ajp://localhost:8009/ timeout=600
ProxyPassReverse / ajp://localhost:8009/ timeout=600

ProxyPass needs an additional argument, e.g.
ProxyPass / ajp://localhost:8009/ ...

Related

Apache2.4.6 Webdav not working on Centos7

I have installed Apache 2.4.6 on Centos7 official.
httpd.conf was not changed from default.
Configured webdav.conf with the following:
DavLockDB /var/www/html/DavLock
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/webdav/
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
Alias /webdav /var/www/html/webdav
<Directory /var/www/html/webdav>
DAV On
</Directory>
</VirtualHost>
webdav directory has 755 rights. DavLock not created.
I keep getting this error and not sure what the cause might be. Have tried many things without success:
[Fri Jan 29 11:41:17.027110 2021] [dav:error] [pid 15068] [client xxx.xxx.xxx.xxx:53946] The locks could not be queried for verification against a possible "If:" header. [500, #0]
[Fri Jan 29 11:41:17.027134 2021] [dav:error] [pid 15068] [client xxx.xxx.xxx.xxx:53946] Could not open the lock database. [500, #400]
[Fri Jan 29 11:41:17.027137 2021] [dav:error] [pid 15068] (13)Permission denied: [client xxx.xxx.xxx.xxx:53946] Could not open property database. [500, #1]
any ideas are welcome
Got it working now.
all files/folders under /var/www/ are chown to apache
moved DavLock to here: /var/lib/dav/
and added this line under httpd.conf:
<IfModule mod_dav_fs.c>
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/DavLock
</IfModule>
At this point, I am getting 403 error. Solved by executing the following:
chcon -R -t httpd_sys_content_rw_t /var/www/html/webdav/

Apache server reverse-proxying another apache server, getting "AH01102: error reading status line from remote server"

I have two apache servers setup on two separate physical machines. My current setup is:
Apache 1 (Reverse Proxy) <===> Apache 2
Both apache server versions are Apache/2.4.29 (Ubuntu) running on Ubuntu 18.04.4 LTS and their /etc/apache2/apache.conf files are identical.
Apache 1 sites-enabled config:
<VirtualHost *:80>
ServerName subdomain.domain.tld
ServerAlias www.subdomain.domain.tld
ServerAdmin webmaster#domain.tld
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests off
ProxyPreserveHost On
ProxyPass /maintenance_page !
ProxyPass / http://[apache2-ip-address]:27300/
ProxyPassReverse / http://[apache2-ip-address]:27300/
</VirtualHost>
Apache 2 sites-enabled config:
<VirtualHost *:27300>
ServerName subdomain.domain.tld
ServerAlias www.subdomain.domain.tld
ServerAdmin webmaster#domain.tld
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ErrorDocument 400 /notfound.html
ProxyRequests off
ProxyPreserveHost on
</VirtualHost>
If I directly hit http://[apache2-ip-address]:27300/ from the web browser the apache server landing page comes up fine. If I enter http://subdomain.domain.tld into the browser I get a proxy error:
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request
I logged a trace on both apache servers. Apache server 2 is receiving the proxied request from apache server 1 and is returning a 200 status response perfectly fine to apache server 1. The flow breaks at apache server 1 where I am seeing the following logs:
[Sat Jul 11 20:34:08.671267 2020] [proxy:debug] [pid 32275:tid 140388069250816] proxy_util.c(3075): AH00962: HTTP: connection complete to [apache2-ip-address]:27300 ([apache2-ip-address])
[Sat Jul 11 20:34:08.671333 2020] [core:trace6] [pid 32275:tid 140388069250816] core_filters.c(525): [remote [apache2-ip-address]:27300] core_output_filter: flushing because of FLUSH bucket
[Sat Jul 11 20:34:08.677508 2020] [proxy_http:error] [pid 32275:tid 140388069250816] (104)Connection reset by peer: [client xx.xxx.xxx.xx:39014] AH01102: error reading status line from remote server [apache2-ip-address]:27300
[Sat Jul 11 20:34:08.677575 2020] [proxy_http:debug] [pid 32275:tid 140388069250816] mod_proxy_http.c(1324): [client xx.xxx.xxx.xx:39014] AH01105: NOT Closing connection to client although reading from backend server [apache2-ip-address]:27300 failed.
[Sat Jul 11 20:34:08.677624 2020] [proxy:error] [pid 32275:tid 140388069250816] [client xx.xxx.xxx.xx:39014] AH00898: Error reading from remote server returned by /
[Sat Jul 11 20:34:08.677681 2020] [proxy:debug] [pid 32275:tid 140388069250816] proxy_util.c(2192): AH00943: HTTP: has released connection for ([apache2-ip-address])
[Sat Jul 11 20:34:08.677724 2020] [http:trace3] [pid 32275:tid 140388069250816] http_filters.c(1128): [client xx.xxx.xxx.xx:39014] Response sent with status 502, headers:
Things I've tried, from few other discussions I could find online, are the following changes to apache server 1 sites-enabled config :
SetEnv proxy-initial-not-pooled 1
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
ProxyTimeout 600
ProxyPass / http://[apache2-ip-address]:27300/ timeout=600
ProxyPass / http://[apache2-ip-address]:27300/ nocanon
I've pretty much bruteforced the situation with several combinations of the above settings, but nothing seems to work. Any help is appreciated.
An additional check I ran is, if I run a nodejs application or python flask service on the same machine as either apache servers and proxy the service using ProxyPass / http://localhost:[port]/, the setup works properly. So both apache servers are running fine and are able to proxy services on their respective localhosts. Whatever is breaking has to do with the communication between the two apache servers.
UPDATE : Upon further triaging using curl with a networking person, the issue seems to be that the org firewall is only allowing inbound traffic to apache server 2 and blocking outbound traffic which may be causing 502 errors on apache server 1. This didn't seem like the issue up until I realized that my laptop was VPN'ed into the org network all along while testing and apache server 1 is sitting outside the org network. If this turns out to be the issue it's going to be a real bummer.
Adding following parameter in the http.conf file solves my issue of "proxy: error reading status line from remote server":
SetEnv proxy-initial-not-pooled 1
I go the reference from Apache URL https://httpd.apache.org/docs/2.4/mod/mod_proxy_http.html
Note: restart http server and try again.
In my case, an error with the database's connection was triggering this Apache's Reverse Proxyng error.

Installed self-signed SSL certificates, Apache won't start

I'm trying to build a website which requires the Stripe payment gateway, and therefore requires SSL. I'm using XAMPP on Windows 10. After generating SSL certificate and key pair and installing in Apache, Apache no longer starts.
I'm attaching a few error messages and configs. Please help.
This is message in Apache error log. It no longer reproduces these error messages. So something must've changed. I think I tried generating the certificate and key via a different method. But Apache still won't start.
[Sun Feb 19 15:45:25.312250 2017] [ssl:emerg] [pid 6508:tid 556] AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/xampp/apache/conf/ssl.key/server.key)
[Sun Feb 19 15:45:25.312250 2017] [ssl:emerg] [pid 6508:tid 556] AH02311: Fatal error initialising mod_ssl, exiting. See C:/xampp/apache/logs/error.log for more information
[Sun Feb 19 15:45:25.312250 2017] [ssl:emerg] [pid 6508:tid 556] AH02564: Failed to configure encrypted (?) private key www.loc1.dev:443:0, check C:/xampp/apache/conf/ssl.key/server.key
[Sun Feb 19 15:45:25.312250 2017] [ssl:emerg] [pid 6508:tid 556] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Feb 19 15:45:25.312250 2017] [ssl:emerg] [pid 6508:tid 556] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Sun Feb 19 15:45:25.312250 2017] [ssl:emerg] [pid 6508:tid 556] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Feb 19 15:45:25.312250 2017] [ssl:emerg] [pid 6508:tid 556] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Sun Feb 19 15:45:25.312250 2017] [ssl:emerg] [pid 6508:tid 556] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Sun Feb 19 15:45:25.312250 2017] [ssl:emerg] [pid 6508:tid 556] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Feb 19 15:45:25.312250 2017] [ssl:emerg] [pid 6508:tid 556] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
AH00016: Configuration Failed
This is the error I get when trying to start Apache from command line.
Apache 2 is starting ...
AH00548: NameVirtualHost has no effect and will be removed in the next release C:/xampp/apache/conf/extra/httpd-vhosts.conf:26
(OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : AH00072: make_sock: could not bind to address [::]:443
(OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : AH00072: make_sock: could not bind to address 0.0.0.0:443
AH00451: no listening sockets available, shutting down
AH00015: Unable to open logs
Here is the error that was posted in XAMPP Control Dialog.
1:16:13 PM [Apache] Error: Apache shutdown unexpectedly.
1:16:13 PM [Apache] This may be due to a blocked port, missing dependencies,
1:16:13 PM [Apache] improper privileges, a crash, or a shutdown by another method.
1:16:13 PM [Apache] Press the Logs button to view error logs and check
1:16:13 PM [Apache] the Windows Event Viewer for more clues
1:16:13 PM [Apache] If you need more help, copy and post this
1:16:13 PM [Apache] entire log window on the forums
This is what is in httpd-vhosts.conf. I'm trying to setup SSL for loc1.dev.
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs"
ServerName localhost
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs/loc.com/public_html"
ServerName loc.dev
ServerAlias www.loc.dev
<Directory "C:/xampp/htdocs/loc.com/public_html">
AllowOverride All
Require all Granted
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs/loc1.com/public_html"
ServerName loc1.dev
ServerAlias www.loc1.dev
<Directory "C:/xampp/htdocs/loc1.com/public_html">
AllowOverride All
Require all Granted
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs/foodharbor.org/public_html"
ServerName foodharbor.dev
ServerAlias www.foodharbor.dev
<Directory "C:/xampp/htdocs/foodharbor.org/public_html">
AllowOverride All
Require all Granted
</Directory>
</VirtualHost>
This is what I have in httpd-ssl.conf
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "C:/xampp/htdocs/loc1.com/public_html"
ServerName www.loc1.dev
ServerAdmin jonathan.najman#gmail.com
ErrorLog "C:/xampp/apache/logs/error.log"
TransferLog "C:/xampp/apache/logs/access.log"
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
</VirtualHost>
This is what is in my hosts file (C:\Windows\System32\drivers\etc\hosts).
127.0.0.1 localhost
127.0.0.1 loc.dev
127.0.0.1 loc1.dev
127.0.0.1 foodharbor.dev
Am I missing anything?
I commented out Listen 443 in httpd-ssl.conf (C:\xampp\apache\conf\extra) and now Apache starts and the site is available on https and http. There must already be a directive elsewhere directing Apache to listen on 443 ...
#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
#Listen 443

proxy_ajp:error (70007)The timeout specified has expired:

I am getting the error in the error_log. I was able to figure out that I need to increase ProxyTimeout.
However, I was unable to find where may I change it. All I could do was adding this to the server.xml:
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="600000"
redirectPort="8443" />
Any idea how to exactly increase the ProxyTimeout?
I am using Ubuntu from AWS and Apache Tomcat v7
I have tried to add this into proxy-html.conf:
ProxyRequests On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost Off
ProxyTimeout 1200
I have also added this into httpd.conf:
TimeOut 600
I have restarted the Tomcat server but neither of the above configurations helped.
Btw this is the exact error, I don't understand why there is proxy mentioned. I am not connecting through any proxy server... The issue happens when I submit a form, which triggers some tough processing. Then it times out in approx. 60 seconds. However, the program still runs, only the request times out.
Error:
[Thu Aug 13 07:34:21.677693 2015] [proxy_ajp:error] [pid 1515] (70007)The timeout specified has expired: AH01030: ajp_ilink_receive() can't receive header
[Thu Aug 13 07:34:21.677769 2015] [proxy_ajp:error] [pid 1515] [client 212.130.108.58:52206] AH00992: ajp_read_header: ajp_ilink_receive failed, referer: http://52.17.109.177/Visma_UploadInterface/MappingServlet
[Thu Aug 13 07:34:21.677782 2015] [proxy_ajp:error] [pid 1515] (70007)The timeout specified has expired: [client 212.130.108.58:52206] AH00878: read response failed from 127.0.0.1:8009 (localhost), referer: http://52.17.109.177/Visma_UploadInterface/MappingServlet
I have solved it by adding this two simple lines into httpd.conf file:
Timeout 600
ProxyTimeout 600
I also rebooted the whole server, not just Tomcat. No idea if that was necessary, but seems like it.
I have resolved it modified existing virtual host configuration.
<Proxy "unix:/run/php/php7.2-fpm-example.sock|fcgi://localhost">
ProxySet timeout= 600
</Proxy>
<FilesMatch \.php$>
SetHandler "proxy:fcgi://localhost"
</FilesMatch>

websocket connection via apache not established

I configured httpd.conf for websockets, I am not able to establish a connection, I am getting “error reading status line from remote server”
Below are the errors and the configuration.
Configuration
<Location /socket.io/>
ProxyPass http://172.27.38.93:9090/socket.io/
ProxyPassReverse http://172.27.38.93:9090/socket.io/
</Location>
<Location /socket.io/1/websocket>
ProxyPass ws://172.27.38.93:9090/socket.io/1/websocket
ProxyPassReverse ws://172.27.38.93:9090/socket.io/1/websocket
</Location>
Error.log
[Tue Feb 04 22:04:05.675146 2014] [proxy_http:error] [pid 7342:tid 47546562103616] (20014)Internal error: [client 10.20.136.193:52095] AH01102: error reading status line from remote server 172.27.38.93:9090
[Tue Feb 04 22:04:05.675183 2014] [proxy:error] [pid 7342:tid 47546562103616] [client 10.20.136.193:52095] AH00898: Error reading from remote server returned by /socket.io/1/websocket/vTkhURqnBJdwnFRjbOt7
Pls let me know, what needs to be corrected.