tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat)>
Subject Re: Connectivity Issue with Tomcat7 and WebServer (AJP Connector)
Date Mon, 08 Aug 2016 21:02:04 GMT
On 08.08.2016 11:18, Jayaram Ponnusamy wrote:
> Thanks André,
> 1. ANS-Question 1 = Both Tomcat & WebServer installed on different
> Machines, Attached Architecture diagram of our environment. Our Tomcat are
> configured as Application Clustering, and WebServer1 is pointing to Tomcat1
> and WebServer2 is pointing to Tomcat2
> Tomcat's IP (Node1):
> WebServer's IP (Node1):
> Tomcat's IP (Node2):
> WebServer's IP (Node2):
> 2. ANS-Question 2 = Thanks, Thats fine :)
> 3. ANS-Question 3 = Attached Architecture diagram for your reference.

There are a lot of separate pieces in your configuration, and the problem could be at any

level. So we must do this step-by-step, systematically, and try to find out exactly where

things are not working properly. The keywords here are "step-by-step" and "sytematically",

because with so many pieces, if we start making changes left and right without first 
understanding what the problem is, we will never find out.

First, I'll make some comments based on the configuration schema that you provided, and 
you will tell me if this is right or wrong, ok ? And I have some questions in between..
Please answer the questions below directly under each question, to make it easier to follow.

1) Note : I do not know what you mean exactly by "Application Clustering", and I don't 
know exactly how an F5 load-balancer works.  But I will assume that in this case, we can 
consider only the chain from the user workstation to Tomcat #1, and that any results can 
be extrapolated to other cases.
I also assume that Tomcat #1 and Tomcat #2 run the same applications, but that they are 
totally independent from eachother, and that Tomcat #1 and Tomcat #2 never talk to one 
another directly (true/false ?)

2) I assume that the problems that you are mentioning are happening when a user 
workstation client accesses the Tomcat application as follows :
(You may need to reformat this as 2 text lines, to see it correctly)

user wks <-- HTTP(S) --> F5 <-- HTTP --> Apache #1 + mod_jk <-- AJP -->
Tomcat <-- webapp
               (1)                (2)                             (3)
where :
- HTTP(S) is the protocol used on the connection (1) between the client workstation and 
the F5 load-balancer
- HTTP(S) is the protocol used on the connection (2) between the F5 load-balancer and 
Apache webserver #1 (IP
- AJP is the protocol used on the connection (3) between Apache webserver #1 ((IP and Tomcat #1 (IP  (*)
- "Tomcat" actually means "Tomcat and its AJP <Connector>, listening on port 9009

All correct ?

2) To access the application, the user enters a URL in his browser.
Can you give us an example of such a URL ? You can change the real name of the server for

privacy, but then be consistent about this in the future, because it is important to 
follow what is going on.
So let's say for example that the F5 is known to the outside world as 
"", and let's always keep using that same hostname for it in the future.
So the client enters the URL : ?
(Add the port if any, and a sample URL)

3) the F5 decides, on the base of some criteria, to forward this HTTP request to Apache 
webserver #1 or Apache webserver #2.
But for the sake of this example, let's assume that it chooses Apache #1 this time.

Question 3.1 : how does the F5 forward this request to Apache webserver #1 ? does it just

copy the original request transparently, and send it to the IP address ?
Or does it change the hostname to which the request is addressed ?
(Originally, the client addressed the request to hostname "" (which 
resolves to the IP address of the F5); so normally, if the F5 does not modify the hostname

and sends it "as is" to Apache #1, then the Apache #1 configuration should have a 
<VirtualHost> with a ServerName matching "" also. And if it does not,

then Apache #1 can only have 1 VirtualHost, the "default VirtualHost", otherwise this 
would not work at all.)

If the F5 changes the hostname of the request, then to what does it change it ?

Question 3.2 : does Apache #1 have only 1 <VirtualHost> ?
If yes, what are the ServerName and ServerAlias lines in the configuration of that 
<VirtualHost> ?

If there are more than one <VirtualHost>, can you provide their ServerName/ServerAlias,
the same order in which the multiple <VirtualHost> are listed in the Apache #1 configuration

Question 4.1 : is there anything (other than a network cable or other passive equipment) 
between Apache #1 and Tomcat #1 ? (firewall for example)

5) Tomcat #1 configuration :

Question 5.1 : The server.xml of Tomcat #1 has only 1 <Host> tag. True/false ?

Question 5.2 : the server.xml of Tomcat #1 contains a tag similar to this one :
   <Engine name="Catalina" defaultHost="localhost">
What is the value of the "defaultHost" attribute in your server.xml ?

Question 5.3 : the server.xml of Tomcat #1 has only one <Host> tag. True/false ?
Please paste the content of that <Host> tag here :

6) Apache httpd :
Apache httpd 2.2.x has several possible configurations, in terms of how many 
processes/threads it is using. See this page :

Question 6.1 : Do you know which "model" your Apache #1 is using ? (this is also called 
the "MPM"). Is it :
- prefork
- worker
- event
- is your Apache host a Windows machine ? (then the MPM can only be "mpm_winnt").

7) previously, you indicated that "when you access Tomcat directly", you do not see these

problems.  With reference to your schema (and/or the simple schema that I showed in (2) 
above), can you explain how the client accesses Tomcat directly ?

That's it for now.. :-)

(*) you don't have a choice about this, if you are using the mod_jk connector.
For reference, the AJP protocol is not HTTP, but it carries the same information as HTTP.

For info also, but important : the mod_jk module of Apache httpd can write a logfile, 
which can show in detail what is going on between Apache and Tomcat. But we do not know 
yet if the problem is at that level, so don't do that yet, and first answer the questions

But for the future, possibly : the Apache configuration directives for setting the mod_jk

logging are described here :
--> Logging

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message