we have apache in front of tomcat. it happens that the tomcat crashes and the apache still serve the webpage with a 503 page.
there's a way, via HAProxy to check both ports: 80 and 8080 and then bring the node up?
I added the http-check expect rstatus (2|3)[0-9][0-9] and the http-check expect ! rstatus ^5 but none of the 2 detected that tomcat was unreachable while the apache was providing the service.
thank you a lot
Nick
If your health check is configured correctly, you don't have to test both ports -- just configure the health check to send a request to apache that will be served by tomcat, using option httpchk. A 503 response will cause cause that server to be declared unhealthy.
the problem was the / at the end that did a redirect. once modified, works correctly with the expect 200.
Related
We have Nginx running and multiple (around 80) server blocks/websites configured with both HTTPS and HTTP. Now adding another server blocks with website name e.g. xyz.com, then only HTTPS websites stop working. On checking the access.log, I found below logs
[23/Apr/2019:15:06:02 +0530] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x039\xAD$\xB4\xBB\x94\x98\xB8Q9\x84\xE4C\xB7\x98Z8\x9E#\x8E\xF8\xD79Jl\xA3\xAEY\xB9\xDA\x1A> \x04\xD7\x1B\xE7\x1Ch\xC3`\x81?g}\xE1y\x8D\x8E\x07\xDA;\x0F\x9D\x0B\xFF\xA2p\x0F\xB5&\xDFa\xF0\xF9\x00\x22ZZ\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x00" 400 182 "-" "-"
This strange http request is getting printed for HTTPS websites hit.
What can be the possible reason for this? Is there any limit on number of server blocks files in /sites-available or /sites-enabled?
Thanks!
... "\x16\x03\x01...\x03\x03...
...This strange http request...
This is an attempt to do HTTPS on a port where you have configured HTTP. What you see is the byte sequence of a TLS 1.2 ClientHello, i.e. the start of a TLS handshake.
Now adding another server blocks with website name e.g. xyz.com, then only HTTPS websites stop working.
Likely there happened a misconfiguration while adding the new domain which caused port 443 to be plain HTTP and no longer HTTPS. Any attempt to speak HTTPS to this port (i.e. anything https://example.com since this uses 443 by default) will cause the strange entries in the access log file. Please look at the error log for hints what might have gone wrong with your configuration.
I'm trying to monitor a VHost on the local Apache instance via Monit. The same domain accepts both http and https traffic, so I wanted to monitor both.
Also, the IP that the domain resolves to goes to a server that load balances the traffic between the current Apache instance and another server running Apache. I need Monit to monitor the local instance, and I was hoping to avoid adding any records in the /etc/hosts file, so I was thinking that Monits config setting with http headers [] would suffice, and I think it is (Just monitoring localhost, but setting the headers Host to the vhost domain).
Anyways, the main problem I seem to be running into, is even though I configure Monit to monitor the host via both http and https protocols, it monitors both hosts via just http, however the port is set to 443 for the one I need using https protocol.
The Monit config file for Apache is:
check process httpd with pidfile /var/run/httpd/httpd.pid
start program = "/bin/systemctl restart httpd.service" with timeout 60 seconds
stop program = "/bin/systemctl stop httpd.service"
check host localhost with address localhost
if failed
port 80
protocol http
with http headers [Host: www.domain.com, Cache-Control: no-cache]
and request / with content = "www.domain.com"
then restart
if failed
port 443
protocol https
with http headers [Host: www.domain.com, Cache-Control: no-cache]
and request / with content = "www.domain.com"
then restart
if 5 restarts within 5 cycles
then timeout
And here's the Monit status for that check:
[root#server enabled-monitors]# monit status localhost
The Monit daemon 5.14 uptime: 14m
Remote Host 'localhost'
status Connection failed
monitoring status Monitored
port response time FAILED to [localhost]:443/ type TCPSSL/IP protocol HTTP
port response time 0.001s to [localhost]:80/ type TCP/IP protocol HTTP
data collected Tue, 26 Apr 2016 10:44:32
So it's fairly obvious to me that the https is failing because its still trying to use port HTTP, even though I have protocol https in the configuration.
Any input would be much appreciated. I have a feeling this may be a bug, and ill create an issue in the Monit Github repo, but I wan't to make sure it's not something silly that I overlooked.
Thank you!
Late reply here, but I thought I would still post for readers who stumbled upon the same issue.
The problem seems to be not with Monit using port HTTP despite check configured for HTTPS. It always reports HTTP protocol in status (a display bug).
The real issue is likely with Monit not supporting SNI for SSL, so it ignores the with http headers [Host: www.domain.com ... in your https check. Thus the check fails because Monit is actually testing https://localhost.
I've filed bug with Monit developers here.
I recently set up an ELB for my apps instance. However i keep getting OutOfService error message.
After a quick check, i realized that my apps always redirects any HTTP request from:
xx-xxx-xx-xxx.ap-southeast-1.compute.amazonaws.com to mydomain.com
My EC2 Public IP to mydomain.com
It's just how the app behaves. Hence everytime ELB tries to ping at port :80 it always fails, since the app response with HTTP 301 redirection.
I wonder if there is a work around to mitigate this problem. Can anyone point me to the right direction.
By the way the web app i am talking about is Prestashop.
Set up a "health check" route, dummying like /test that returns 200 if everything is ok on the instance. Tell the ELB Health Check to test that instead of /
I am using apache and mod_proxy (via ajp) to send traffic to my tomcat instance. Everything works fine and then it randomly breaks. I see a 408 in the tomcat logs and apache is returning a 503.
Has anyone seen this before? Any reason this would occur?
Do you have a firewall between Apache and Tomcat? I've had problems in the past while setting up AJP when a firewall was present. If it is your problem, take a look:
http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html
This ended up being due to the way amazon's load balancer does health checks. I ended up switching to mod_jk and using a random port for the health check to occur where normal traffic does not occur.
Background:
OS: ubuntu
Web Server: apache2
What works:
I can ping the server's elastic IP (and receive a response)
I can ssh into the server
What doesn't work:
I cannot get any sort of http response from the server
Expected Behavior:
When I go to http://ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com/, it will serve my page, or at least give me a 404 that I can debug
Actual Behavior:
When I go to http://ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com/, it says "Oops! Google Chrome could not connect to ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com". It doesn't even give me a 404.
Rant:
Clearly the server is there because I can ssh in to that exact address and I can ping that exact IP and get a response. But when I go that exact address in my web browser it's as if it never makes it to the server. Or it's as if Amazon isn't letting http requests through, but in my security group I am clearly specifying that http requests from all sources are allowed through. Apache is definitely running, my document root is definitely set up properly, and my error and access logs don't give me anything.
Is there any sort of log in between Amazon and the server, or in between requests making it to the server and being received by Apache that would specify why it's returning "not found" rather than a 404. Can I make my Apache logs more verbose?
Thanks in advance! I've spent hours on this....
Turns out apache was set to listen on port 8080 rather than port 80, so if you encounter this problem, try taking a look at what apache's listening to.