tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: realm authentication no longer works through apache - mod_jk after upgrade still works via straight tomcat 8080
Date Tue, 11 Jan 2011 11:56:25 GMT
On 11.01.2011 10:40, David Sperling wrote:
> Hi-
>
> I recently upgraded tomcat, apache, apr and mod_jk.
> Now when I access via apache -->  mod_jk on port 80 ie.
> www.mydomain.com/myappname/
> the Velocity login page displays fine but after hitting the login button
> /admin/j_security_check displays in the URL
> and a blank page is displayed.

Add a browser plugin, e.g. FireBug for Firefox to check, what requests 
are actually being sent and which one is the last, that isn't being 
answered. Check whether it is sent to the correct host.

But see also below.

> .do and .vm pages on port 80 that do not require authentication display
> fine.
> When I bypass mod_jk by accessing via port 8080 users can authenticate,
> with no problems and the applications function properly.
>
> I've pasted log and configuration information below.  Any tips on debugging,
> greatly appreciated.
>
> The /var/log/apache/error.log displays the following:
> [Tue Jan 11 17:49:12 2011] [notice] child pid 30665 exit signal
> Segmentation fault (11)
> [Tue Jan 11 17:49:12 2011] [notice] child pid 30666 exit signal
> Segmentation fault (11)
> [Tue Jan 11 17:49:12 2011] [notice] child pid 30667 exit signal
> Segmentation fault (11)

Very bad. I assume the timestamps fit the moments when the problem 
actually happens, so those crashes should be related? Or is it 
timestamps e.g. from doing Apache restarts?

If the dumps are related:

- get core dumps for the crashes Apache instances. You might need to 
allow core dumps in you operating system, details depend on your 
operating system. Sometimes it helps to configure CoreDumpDirectory in 
Apache in addition to the OS settings.

- try to get stack dumps from the cores using gdb or whatever tool is 
appropriate on your platform (which is which platform?) and post them

At the moment there are no open issues about mod_jk and crashes.

> /var/log/tomcat-6/catalina.out displays:
> Jan 11, 2011 6:00:28 PM org.apache.jk.common.ChannelSocket processConnection
> WARNING: processCallbacks status 2
>
> I tried mod_jk-1.2.28-r1 and 1.2.30 and they both give the same result.

Wonder why you tried 1.2.30 but not the most recent version 1.2.31?

> I thought maybe it was an apache module conflict or problem caused
> because of a lack
> of a module so I removed all apache modules and re-compiled apache.
> Same symptoms
> after restart.  Then I re-compiled apache with the default modules and
> restarted apache with the same symptoms.
>
> My apache build contains the following modules(minus means not included
> in build):

What do you mean by "build contains" and "minus means not included in 
build"? Example: "-substitute" means what? You don't build it and you 
don't use it, or you build it and don't use/load it or you didn't build 
it and use a 3rd-party build?

> www-servers/apache-2.2.16  USE="ssl -debug -doc -ldap (-selinux) -static
> -suexec -threads" APACHE2_MODULES="actions alias auth_basic authn_alias
> authn_anon authn_dbm authn_default authn_file authz_dbm authz_default
> authz_groupfile authz_host authz_owner authz_user autoindex cache cgi
> cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter
> file_cache filter headers include info log_config logio mem_cache mime
> mime_magic negotiation rewrite setenvif speling status unique_id userdir
> usertrack vhost_alias -asis -auth_digest -authn_dbd -cern_meta
> -charset_lite -dbd -dumpio -ident -imagemap -log_forensic -proxy
> -proxy_ajp -proxy_balancer -proxy_connect -proxy_ftp -proxy_http
> -substitute -version" APACHE2_MPMS="-event -itk -peruser -prefork -worker"

Which MPM are you actually using?

> My current versions are listed below.
>
> www-servers/tomcat
>        Latest version available: 6.0.26
>        Latest version installed: 6.0.26
>
> *  www-servers/apache
>        Latest version available: 2.2.16
>        Latest version installed: 2.2.16
>
> *  dev-libs/apr
>        Latest version available: 1.4.2
>        Latest version installed: 1.4.2
>
> *  www-apache/mod_jk
>        Latest version available: 1.2.30
>        Latest version installed: 1.2.30
>
> cat /etc/apache2/jk-workers.properties | grep -v '#'
>
> worker.list=ajp13w
>
> worker.ajp13w.type=ajp13
> worker.ajp13w.host=localhost
> worker.ajp13w.port=8009

Minimal but that makes it extremely unlikely to be responsible for the 
crash.

> cat /etc/apache2/modules.d/88_mod_jk.conf | grep -v '#' | grep -v ^$
> <IfDefine JK>
> LoadModule jk_module    modules/mod_jk.so
> JkWorkersFile    /etc/apache2/jk-workers.properties
> JkLogFile    /var/log/apache2/mod_jk.log
> JkShmFile       /var/log/apache2/mod_jk.shm
> JkLogLevel    info

> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories

Remove "+ForwardURICompat" which often does more harm than good. But not 
related to crashes.

> JkRequestLogFormat "%w %V %T"

Mmmm, I don't like it see ways of including the info into the normal 
access log. Look for "mod_log_config" on

http://tomcat.apache.org/connectors-doc/reference/apache.html

Again: not responsible for crash.

> </IfDefine>
>
> cat /etc/apache2/vhosts.d/05_mybox.conf
>
> Listen 80
>
> NameVirtualHost *:80
>
> <VirtualHost *:80>
> ServerName mybox.mydomain.com
>
> DocumentRoot /var/www/localhost/htdocs/
>
> <directory "/var/www/localhost/htdocs">
>          AllowOverride all
>          Order allow,deny
>          Allow from all
> </directory>
> JkMount /manager/* ajp13w
> ...
> JkMount /jfree/* ajp13w
> JkMount /solana/* ajp13w
> JkMount /topix/* ajp13w
> JkMount /jsite/* ajp13w
> JkMount /eswift/* ajp13w
> JkMount /property/* ajp13w
> </VirtualHost>

Looks OK.

Regards,

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message