I am trying to Implement clustering in liferay 6.2 on my local system using sticky sessions.
I followed below steps to configure this.
1 install Apache Webserver and made following changes in httpd.conf
Added below code snippet at the end of file.
<Proxy balancer://clusterdemo>
BalancerMember ajp://localhost:8009/ route=INT1 smax=15 max=50 loadfactor=20
BalancerMember ajp://localhost:8010/ route=INT2 smax=15 max=50 loadfactor=20
</Proxy>
<Location / >
ProxyPass balancer://clusterdemo/ stickysession=JSESSIONID
</Location>
and uncommented below lines
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule status_module modules/mod_status.so
2 Extracted two copies of Liferay 6.2 bundle and changed the port nos accordingly
3 Changed jvmRoute in server.xml file of both Liferay tomcat bundle.
First Instance
<Engine name="Catalina" defaultHost="localhost" jvmRoute="INT1">
Second Instance
<Engine name="Catalina" defaultHost="localhost" jvmRoute="INT2 ">
4 Added below properties in portal-ext.properties file of both Liferay instance and configured same database for both instances.
cluster.link.enabled=true
cluster.link.autodetect.address=localhost:3306
5 Restarted Apache Webserver and both Liferay instance
If i hit http://127.0.0.1/web/guest/welcome url in browser i can see login page and by entering username and password i am able to login.
Problem
Now my problem is css files are not getting loaded properly as shown in below image.But with classic theme its working fine.
I think its able to load css file from Liferayhome\tomcat-7.0.42\webapps\ROOT\html\themes\classic but not from Liferayhome\tomcat-7.0.42\webapps\welcome-theme any reason??/.
Firbug Screenshot
Could you please help me help me in this?
**Update:**I further checked few things in browser and looking at cookie i can verify its transferring control to both instances.
Cookie:COOKIE_SUPPORT=true; JSESSIONID=48705C436A9BE3D054577705EA41FA77.INT1; GUEST_LANGUAGE_ID=en_US
Cookie:COOKIE_SUPPORT=true; JSESSIONID=C04FBBD76B10422D292827B301320DC4.INT2; GUEST_LANGUAGE_ID=en_US
Thanks in Advance
You're missing several other steps in correct Liferay clustering as well. From the top of my head,
Document Library
Search Index
are obvious missing steps. Please go through the Liferay clustering documentation and note that this is only part of the story: In Liferay's System Administration Training we'll take almost a full day to discuss all of the different clustering options. That doesn't mean that clustering takes that long - it's just that there is no single correct cluster configuration, but it all depends on the available infrastructure and expected load and use cases for your portal.
As of the missing CSS files - please monitor what replies exactly you get back from Apache/Liferay - e.g. use Firebug or similar tools to check if you get 404, 500 or others back, and what the error message is.
As of configuring sticky sessions, I'm typically configuring tomcat to indicate the server name (look up jvmRoute for server.xml) so that it automatically adds its name to the sessionid and Apache has a chance to know which tomcat created the session.
After your comments, more things to check:
Identify which server you're balanced to. Then access the missing resources through http - e.g. port 8080 or 8081 (or whatever that server has configured)
Check if this only happens when INT1 goes down but not when INT2 does (or vice versa)
Check if this happens when you're balanced to another server than initially (e.g. you're on INT1, take down INT1, get balanced to INT2 -> Problem? You're on INT1, take down INT2, stay on INT1 -> Problem?)
Make sure the AJP forwards are correct - you use localhost in your question. It's quite untypical to have two machines on the same server. If you changed this for the question, make extra extra extra sure that the hostnames are valid and do not contain typos. - and they're routable. Try nmap from the Apache host to the appservers to make sure the ports are reachable and no firewall steps in between Apache and your appserver
While you do all of this, keep your eyes open and don't blindly follow this advice: There's so much to pay attention to that it's impossible to list everything in this answer.
Also, this gets closer to system administration rather than programming and might be better suited for serverfault.com.
I don't know much about Liferay, but I have dabbled with Tomcat.
I'd suggest you check how ROOT and welcome-theme are configured in server.xml (and/or any context XML files).
Related
I was not able any suitable solution on the web and all my trials result in failure.
My goal is to set up Tomcat9(TC9) while Tomcat7 (TC7) is still running, so I can configure and test the applications without any interference for the users. After I finished the configuration I want to switch to TC9 so the URLs of the webapps do not change and the Users won't notice the change.
I set up successfully TC9 with an AJP Connector Port on 8010 and I used the existing config file of the httpd and copied the /etc/httpd/conf.modules.d/00-tomcat7.conf to /etc/httpd/conf.modules.d/00-tomcat9.conf and edited accordingly
ProxyPass / ajp://localhost:8010/
However the old pass does not work anymore
ProxyPass / ajp://localhost:8009/
There might be a problem with the URL as I implemented it like so:
https:////
I had several attempts with configuration of the ProxPass like
ProxyPass /<webappgroup1> ajp://localhost:8009/<webappgroup1>
ProxyPass /<webappgroup2> ajp://localhost:8010/<webappgroup2>
But how does the actual endpoint URL look like and do I need to deploy my webapps still as #.war?
however like this I always get the Browser Error This site could not be found.
I don't know in which logs i could find more Information what is going wrong.
An example for the ProxyPass config or input of any kind is very much appreciated.
Thanks in advance!
Currently, the server at work is underperforming and the way it's set up is not ideal either. For this reason I'm trying to find a new way to do things that will hopefully help with both, performance and deployment.
The approach I decided for is to have tomcat instances for our webapps (currently there are two, so it'd be an instance per webapp) and use Apache as a "front". I'm not experienced in this, so It's normal I'm having issues here and there, but so far I've manage to get this going.
What I expect is to redirect from mysite.com index page to either mysite.com/service1 or mysite.com/service2. Service1 was setup in out test server at port 8080 and service2 at 8081. I installed Apache2 and mod_jk yesterday and set up apache with the contents of mysite.com. Today I started the configurations, that ended up as follow:
workers.properties
worker.list=s1
worker.s1.type=ajp13
worker.s1.port=8009
#host is localhost by default according to the documentation
jk.load
LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so
JkWorkersFile /etc/apache2/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel debug
JkMount /service1/* s1
Service1's server.xml connector (The rest is all default)
<Connector protocol="AJP/1.3" port="8009" redirectPort="8443" />
I had more, but because of the errors, I took a step back and tried with only one tomcat for now. I will add the second tomcat and a loadbalancer.
Ok, so what's going on?
I can access the server and the index page of our system with no problem. The problem is when I try to redirect to service1. It just loads without response, but if I try to access service1 directly by port 8080, it works properly (I tired commenting out this connector. No luck).
Looking at server-status, I see the request stuck at w/sending reply, and in mod_jk.log I see that the worker properly matches the request. So while my configurations seem to be right, there is something in between happening. I don't really know if it's something with Apache, Tomcat or Mod_jk. I also tried to follow several guides of how to do this, but all of them got me to 404s. Looking around here and ServerFault didn't shed much light unfortunately so I'm the one asking now.
Am I missing something? Should I just use another approach? I'm very new at this and I'm at loss right now. The configuration and the logs show that nothing is really wrong (at first glance, at least...) so I'm entirely sure if my case scneario is even posible with mod_jk... HOnestly to run it back and try with proxy is very tempting at this point, but if I am, I'd rather know where Im wrong.
Additional info: Running on Ubuntu Server 18.04, lastest apache2 and mod_jk avaliable from apt (as of Apr 14), java 1.8 and Tomcat 8.5.64.
There was a change in Tomcat last year (from version 8.5.51 and version 9.0.31), which introduced a secretRequired attribute to the AJP connector with a default of true (cf. documentation). Hence you can either:
add a shared secret between the AJP connector and mod_jk
or add secretRequired="false" to the AJP connector:
<Connector protocol="AJP/1.3" port="8009" secretRequired="false" redirectPort="8443" />
Remark: AJP is a very old protocol and rarely used. Since your installation is pretty new, you might consider using directly HTTP (cf. this talk).
I installed Apache 2.4 in order to publish a java (Struts2) application using Tomcat 8 as AS.
For a while it worked out well then something happened "strange" (to put it mildly).
By typing "http://localhost/appName" all continues to work out wonderfully.
Typing "http://publicIP/AppName " it opens pop up asking for a password to access the network printer!
The PC address on which they reside, Servers and Application, is 192.168.0.104, the one of the printer is just 193.168.0.103, exactly the previous by the point of view of the router (working in DHCP mode).
But (I may be *** but not to this extent) to the PC I manually set 104 as the fixed IP (which is still set - and anyway, when I check the Client List on the monitor of the router, I find right 104 as IP assigned to the PC).
No one has changed the settings to httpd.conf (ServerName is always 104), let alone the various mod_jk.conf or workers.properties or server.xml of Tomcat (so much so that, as I said, typing in the browser the local address all still works)!
...what could possibly have happened?
It sounds like your firewall is port forwarding port 80 to the private IP of the printer, rather than the apache server. The fact that you're getting the printer means the problem is not related to the apache or tomcat configuration.
Something new happened so I think Apache or Tomcat conf is related.
I restarted the router: at first, typing in the browser "http:// publicIP/appName", all was working, after several minutes, typing the app address, it asks me if i wanna download a (unspecified) file and accessing directly to Apache (typing "http:// publicIP") it answers "It works"!
Accessing to "http:// localhost/appName" anytime all works fine!
I restarted the router for a second time: accessing to "http:// publicIP/appName", error message "File not found" and typing "http:// publicIP", it asks me the pw to access to an IPcam! I thinked: "It's trivial! if it aims for the IPcam... it can't find my app!" ("http:// localhost/appName" ever all fine, of course!)
But no: i restarted for a third! Maybe all ok for several minutes and after: "http://publicIP/appName" returns still a "File not found" message but "http://publicIP" tells me "It works!"...!!!
Maybe the connector (or the connector configuration) bears some responsibility for this whole mess?
If my suspicious can have some substance I add the code.
I've a basic manual configuration:
at the end of httpd.conf
include "C:/Program Files/apache-tomcat-8.0.23/conf/jk/mod_jk.conf"
in mod_jk.conf:
LoadModule jk_module modules/mod_jk.so
JkWorkersFile "C:/Program Files/apache-tomcat-8.0.23/conf/jk/workers.properties"
(JkLogFile, JkLogLevel, JkLogStampFormat, JkOptions, JkRequestLogFormat are also set)
JkMount /appName ajp13
JkMount /appName/* ajp13
in workers.properties:
worker.list=ajp13
worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=10009
worker.ajp13.lbfactor=50
worker.ajp13.cachesize=10
worker.ajp13.cache_timeout=600
worker.ajp13.socket_keepalive=1
worker.ajp13.socket_timeout=300
and finally, in server.xml:
Connector port="10009" protocol="AJP/1.3" redirectPort="8443" enableLookups="false" /
thank you!
PS - I have another suspicious too: the IPcam remote monitor works on port 80... there may be some relationship? (but that don't explain the download request...)
Okay let me explain my problem really fast. I have a JEE Programm running on my tomcat server. The server has some user defined in the tomcat-users.xml When i test my programm on my local machine everything works fine.
However if i deploy the .war on my server and i want to access a Rest Endpoint i get a 401 unauthorized error. If i remove the users security check i can work fine with the program. So the URLs and server setup is correct.
I think that the problem is somehow related to the forwarding of tomcat through my apache.
So lets assume i have an apache running on http://myIp.de
then i forwarded tomcat with following apache config:
ProxyRequests off
ProxyPass /tomcat http://localhost:8181/ nocanon
ProxyPassReverse /tomcat http://localhost:8181/
so now i can reach tomcat through: http://myIp.de/tomcat
also i can "speak" to my app via: tomcat/myApp
But somehow the Authentizication now fails. And i think the problem is
somehow related to wrong context path. Because tomcat/manager
also fails to login.
Make your life easier by deploying your app under /tomcat on tomcat too. This way there's no path-translation required. Keep in mind that you'll get all the session cookies tied to a specific path and this path is not necessarily translated once forwarded to the client.
Also, sooner or later you might need
ProxyPreserveHost On
(look it up) or utilize mod_jk to preserve this header (and more information) automatically.
Edit: Following your comment, Basic Auth headers seem not to be forwarded to tomcat as well. I haven't attempted this myself, but all the places that I've looked up seem to imply that there'd be some duplication (e.g. second credentials file for Apache) - that doesn't look good. In this case I'd suggest to try out mod_jk rather than mod_proxy. You'll use the JkMount directive, rather than ProxyPass and need a workers.properties, but mod_jk is a lot better in keeping the full context of the request when forwarding to tomcat. I've had good experience with it so far and have only heard little complaints about it - largely in situations that were pretty huge and complex/complicated anyway. At least you should try if it solves your problems.
I realize this question has probably been asked numerous times, but I have not been able to find a good, up-to-date answer. The only guide I have been able to find was from 2005 and was on tomcat 5. It seems a lot of the OS paths have changed.
Our situation is this:
We want to run multiple instances of tomcat 7 on a single server. Each tomcat serves up a different address. For instance, www.oursite.com should be served from a separate tomcat than test.oursite.com. So, for example the base tomcat installtion will sit in /opt/tomcat/ and the instance specific directories (this is what I could make out from that old tutorial) will be in /home/user1/some/path/ and /home/user2/some/path so that everything is seperated nicely.
Can anyone point to a good tutorial, or maybe explain here the steps to set this up? I'm a bit new to apache setups.
Are there any advantages / drawbacks to doing it this way? Would a single tomcat instance be better? We need to be able to bring down sites one at a time without influencing each other. Also, our DNS provider prevents us from setting up stealth redirects, so we have to go through apache to have nice URLs rather than redirecting straight to the tomcats.
Thanks
I believe you have 2 questions here:
How to run multiple tomcat instances in the same server and should
you?
How to configure apache httpd to do virtual host and front
tomcat?
For 1. The following is a very good tutorial on how to run multiple tomcat instances in the same server: http://java.dzone.com/articles/running-multiple-tomcat, but should you? the answer is "it depends". If you have a super powerful box and it is under utilized, you should. It also depends on what type of application you runs for each individual sites. It will definitely help you "bring down sites one at a time without influencing each other". With apache httpd configuration which I will explain in the next section, you can also run the each site on separate machines (physical or vm).
For 2. In you case, you just need to configure apache httpd to do virtual host and use ajp to connect to tomcat.
<VirtualHost *:80>
ServerName www.oursite.com
ProxyPass / ajp://tomcat.oursite.com:8009/www retry=5
ProxyPassReverse / ajp://tomcat.oursite.com:8009/www
</VirtualHost>
<VirtualHost *:80>
ServerName test.oursite.com
ProxyPass / ajp://tomcat.oursite.com:8010/test retry=5
ProxyPassReverse / ajp://tomcat.oursite:8010/test
</VirtualHost>
In the above configuration, you need to configure DNS entries of both www.yoursite.com and test.yoursite.com to point to the same host. It also assume you run both your www and test webapps on different tomcat instances on the same host tomcat.oursite.com, one on ajp port 8009 and the other one on ajp port 8010. You can also change it to a different server of its own. It's very flexible. FYI, following is how to configure ajp in tomcat: http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html
I found a problem with the apache mod_proxy_ajp connector in such a configuration, it absolutely won't allow you to use any other port when setting up multiple virtual hosts each with its own tomcat instance.
Having spent some time ruling out port conflicts, tomcat configuration issues, firewall issues I have concluded that ProxyPass and ProxyPassReverse will not work when using any port other than 8009 by default.
The solution is likely to be to switch to mod_jk, which also solves problems seen in mod_proxy_ajp with basic configurations not loading or rewriting urls embedded within tomcat hosted pages without extensive configuration changes if the tomcat instance is rooted to a subdirectory. This doesn't seem to happen with Mod_Jk