网关超时问题发生在AJP连接器和Tomcat 8.5.54之间。

huangapple go评论85阅读模式
英文:

Gateway Time_out issue between AJP connector and Tomcat 8.5.54

问题

我有一个由Apache 2(2.4.25)前端的Tomcat 8服务器,运行在Debian 9.12(stretch)系统上,我在Apache2和Tomcat之间使用ajp连接器。JDK版本是Oracle JDK 1.8.0_252-8u252-b09-1~deb9u1-b09。一切都很正常,直到Tomcat 8自动更新为8.5.54。但是现在通过ajp访问应用程序时出现504网关超时错误。

今天早上,Tomcat 8服务器自动更新了:

开始日期:2020-05-05 06:01:41
命令行:/usr/bin/unattended-upgrade
升级:libservlet3.1-java:amd64(8.5.50-0+deb9u1,8.5.54-0+deb9u1),
libtomcat8-java:amd64(8.5.50-0+deb9u1,8.5.54-0+deb9u1),
tomcat8-examples:amd64(8.5.50-0+deb9u1,8.5.54-0+deb9u1),
tomcat8-admin:amd64(8.5.50-0+deb9u1,8.5.54-0+deb9u1),
tomcat8-common:amd64(8.5.50-0+deb9u1,8.5.54-0+deb9u1),tomcat8:amd64
(8.5.50-0+deb9u1,8.5.54-0+deb9u1),tomcat8-docs:amd64(8.5.50-0+deb9u1,
8.5.54-0+deb9u1)
结束日期:2020-05-05 06:01:52

Apache2和Tomcat8的配置文件没有任何变化。我仍然可以访问Tomcat管理界面,并且可以看到我的应用程序在运行。我可以通过localhost访问Tomcat应用程序,但不能通过Apache2服务器访问。

例如,我在Tomcat 8服务器上部署了应用程序QCM1。如果我执行以下wget命令:

wget http://localhost:8080/QCM1

响应是正确的,但是当我执行:

wget http://myserve.mydomain.fr/QCM1

会出现504网关超时错误。

为了使HTTP请求重定向到Tomcat服务器,Apache2配置文件中有以下指令(在Tomcat 8更新之前,这个指令是正常工作的):

ProxyPass /QCM1 ajp://localhost:8009/QCM1

我错过了什么?感谢您的帮助。

英文:

I have a tomcat 8 server fronted by Apache 2 (2.4.25) on debian 9.12 (stretch) system and I'm using ajp connector between apache2 an tomcat. JDK version is Oracle JDK 1.8.0_252-8u252-b09-1~deb9u1-b09. Everything was working fine until tomcat8 automatically updated to 8.5.54. But now when accesing application through ajp there is a 504 time-out Gateway error.

The tomcat8 server was automatically updated this morning

Start-Date: 2020-05-05  06:01:41
Commandline: /usr/bin/unattended-upgrade
Upgrade: libservlet3.1-java:amd64 (8.5.50-0+deb9u1, 8.5.54-0+deb9u1),
libtomcat8-java:amd64 (8.5.50-0+deb9u1, 8.5.54-0+deb9u1),
tomcat8-examples:amd64 (8.5.50-0+deb9u1, 8.5.54-0+deb9u1),
tomcat8-admin:amd64 (8.5.50-0+deb9u1, 8.5.54-0+deb9u1),
tomcat8-common:amd64 (8.5.50-0+deb9u1, 8.5.54-0+deb9u1), tomcat8:amd64
(8.5.50-0+deb9u1, 8.5.54-0+deb9u1), tomcat8-docs:amd64 (8.5.50-0+deb9u1,
8.5.54-0+deb9u1)
End-Date: 2020-05-05  06:01:52

Nothing changed in the apache2 and tomcat8 configuration file. I can still acces the tomcat manager interface and I can see my applications running. I can acces the tomcat applications with localhost, but not through the apache2 server.

For example, I have the application QCM1 deployed on the tomcat8 server. If I perform the following wget command

wget http://localhost:8080/QCM1

the response is correct, but when I perform

wget http://myserve.mydomain.fr/QCM1

there is 504 Gateway Time-out error

To enable redirection of HTTP request to the tomcat server, there is the following directive in the apache2 configuration file (that directive was working fie before the update of tomcat8)

ProxyPass /QCM1 ajp://localhost:8009/QCM1

What am I missing?
Thanks for your help.

答案1

得分: 1

最终我找到了解决方案,错误的堆栈跟踪如下:

05-May-2020 16:29:01.292 GRAVE [main]
org.apache.catalina.core.StandardService.startInternal 无法启动连接器 [Connector[AJP/1.3-8009]]
org.apache.catalina.LifecycleException: 协议处理程序的启动失败
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1086)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:440)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:766)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.startup.Catalina.start(Catalina.java:688)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)

解决这个问题的方案是在 server.xml 文件中更改 AJP 连接器的配置,并添加一个 secretRequired 属性,正如 Jainender Chauhan 在他的回答中建议的那样:https://stackoverflow.com/questions/60501470/springboot-the-ajp-connector-is-configured-with-secretrequired-true-but-the-s

<Connector protocol="AJP/1.3" port="8009" redirectPort="8443" secretRequired="false" />

它运行良好。但我不确定这是否是最佳和最安全的操作方式。

英文:

Finally I've found a solution, the stack trace of the error was :

05-May-2020 16:29:01.292 GRAVE [main]
org.apache.catalina.core.StandardService.startInternal Failed to start connector [Connector[AJP/1.3-8009]]
org.apache.catalina.LifecycleException: Le d&#233;marrage du gestionnaire de protocole a &#233;chou&#233; 
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1086)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:440)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:766)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.startup.Catalina.start(Catalina.java:688)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)

a solution to fix this problem was to change the configuration of the AJP connector in the server.xml file and to add a secretRequired attribute as Jainender Chauhan suggested in his response to https://stackoverflow.com/questions/60501470/springboot-the-ajp-connector-is-configured-with-secretrequired-true-but-the-s

&lt;Connector protocol=&quot;AJP/1.3&quot; port=&quot;8009&quot; redirectPort=&quot;8443&quot; secretRequired=&quot;false&quot; /&gt;

It works fine. But I'm not sure it's the best and the most secure way of proceeding

huangapple
  • 本文由 发表于 2020年5月5日 21:36:56
  • 转载请务必保留本文链接:https://go.coder-hub.com/61614516.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定