Apache + virtual host + JkMount + multiple websites

Guys, good afternoon everyone! I need some very simple help to create several websites on the same Rocky Linux 9 server, but I’m not sure how to configure it correctly. I haven’t seen any tutorial that is the way I used it before in CENTOS 7, due to this change I’m faced with this difficulty.
Previously, my application ran with the following tools:
Apache, java 7 or 8, lets encrypt.

I need to know when I will add the line that I used to use in Centos7, such as the “workers.properties” configuration
in relation to the VirtualHost file that had JkMount + ProxyPass + ProxyPassReverse, which had a localhost port to access, example:
127.0.0.10 or 12.0.0.50 or 127.0.0.35 and etc.
Because I was able to create several websites on the same server. can anybody help me?

workers.properties:
worker.list=x123x
worker.x123x.type=ajp13
worker.x123x.host=127.0.0.10
worker.x123x.port=8009

<VirtualHost *:80>
ServerName x123x com
ServerAlias x123x com
KeepAlive Off
Redirect / x123x com/

<VirtualHost :443>
ServerName x123x com
ServerAlias x123x com
JkMount /
x123x
.
.
.
ProxyPass “/gs-guide-websocket” “ws://127.0.0.10:8000/gs-guide-websocket” retry=60
ProxyPassReverse “/gs-guide-websocket” “ws://127.0.0.10:8000/gs-guide-websocket” retry=60

Can you post the relevant parts of your Centos 7 VirtualHost file as plain text.

follow data above settings…

workers.properties:
worker.list=x123x
worker.x123x.type=ajp13
worker.x123x.host=127.0.0.10
worker.x123x.port=8009

<VirtualHost *:80>
ServerName x123x com
ServerAlias x123x com
KeepAlive Off
Redirect / x123x com/

<VirtualHost :443>
ServerName x123x com
ServerAlias x123x com
JkMount /
x123x
.
.
.
ProxyPass “/gs-guide-websocket” “ws://127.0.0.10:8000/gs-guide-websocket” retry=60
ProxyPassReverse “/gs-guide-websocket” “ws://127.0.0.10:8000/gs-guide-websocket” retry=60

in my java settings in the /opt/x123x/ (*.jar) folder and in the java log:

2024-07-29 14:35:33.451 28171 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer.initialize 90 - Tomcat initialized with port(s): 8000 (http) 8009 (https)
2024-07-29 14:35:33.488 28208 [main] INFO o.a.coyote.http11.Http11NioProtocol.log 173 - Initializing ProtocolHandler [“http-nio-127.0.0.10-8000”]
2024-07-29 14:35:33.504 28224 [main] INFO o.apache.coyote.ajp.AjpNioProtocol.log 173 - Initializing ProtocolHandler [“ajp-nio-127.0.0.10-8009”]
2024-07-29 14:35:33.516 28236 [main] INFO o.a.catalina.core.StandardService.log 173 - Starting service [Tomcat]

OK, so I think you’re saying you want to run java servlet container (tomcat) with apache web server in front, and connected via mod_jk?

See

https://tomcat.apache.org/tomcat-3.3-doc/mod_jk-howto.html

obviously that article is old, but it covers everything

The important part you have not really explained is how did you get mod_jk loaded into apache as an apache module?

yes, that’s right, via Tomcat. Just like I used in Centos 7, there was a mod_jk module inside Apache. But it is already configured the same as the other centos7 server.

Could it be the configuration of ipv6 with ipv4, I ran the command “lsof -i” and there were several parts with ipv6, even the configuration of workers.properties are appearing which is the ip 127.0.0.10:8009 in ipv6.

my server “Rocky Linux release 9.4 (Blue Onyx)”, could it be IPv6 that is influencing it? How do I disable IPv6 and leave only IPv4? or I don’t need to touch anything. I thought I wouldn’t need to touch this part of the network configuration.

I made changes to the files that contained workers.properties and VirtualHost and it still doesn’t work. Is there any way to test it to see if it’s really working?
Could it be httpd.conf or something like that? Does anyone have any other tips or help? I just need the apache settings (sites-enabled) + workers to communicate and the site is up and running.

I had a look at RHEL7, RHEL8, and RHEL9 today.

None of them includes mod_jk, so is it possible someone built mod_jk and installed it to your CentOS 7? If you think it really was part of CentOS 7, tell me the exact package name that provides it.

An alternative is mod_proxy_ajp, included in all of the above.

An other alternative is to just forget about apache and present tomcat endpoints direct (cutting out a lot of proxy communications).

RHEL9 does include mod_jk:

[root@rhel9 ~]# dnf provides */mod_jk
Updating Subscription Management repositories.
Last metadata expiration check: 1:55:29 ago on Wed 31 Jul 2024 08:15:07 PM CEST.
mod_jk-1.2.48-22.el9.x86_64 : Tomcat mod_jk connector for Apache
Repo        : rhel-9-for-x86_64-appstream-rpms
Matched from:
Filename    : /usr/share/doc/mod_jk
Filename    : /var/cache/httpd/mod_jk
Filename    : /var/run/mod_jk

which means this package is also available in Rocky 9 Appstream repository. It doesn’t exist for EL8, so not for RHEL8 nor Rocky 8.

Could I try something to try to resolve this? Or check a specific log to try to locate this error. I don’t know what it could be. Would you have any tips?

[image]

The mod_jk log I believe is ok.

[Wed Jul 31 14:50:22.263 2024] [2006014:140464559412544] [info] init_jk::mod_jk.c (3595): mod_jk/1.2.42 initialized
[Wed Jul 31 15:07:18.208 2024] [2017457:140360928044352] [info] init_jk::mod_jk.c (3595): mod_jk/1.2.42 initialized
[Wed Jul 31 15:07:18.239 2024] [2017457:140360928044352] [info] init_jk::mod_jk.c (3595): mod_jk/1.2.42 initialized
[Wed Jul 31 15:11:28.245 2024] [2021063:140238947747136] [info] init_jk::mod_jk.c (3595): mod_jk/1.2.42 initialized
[Wed Jul 31 15:11:28.276 2024] [2021063:140238947747136] [info] init_jk::mod_jk.c (3595): mod_jk/1.2.42 initialized

Thanks @iwalker for finding it in RHEL9 and I’ve just found it in Rocky 9.4

dnf list mod_jk

For some reason I could not find it yesterday

1 Like

I expect the problem here is that you don’t have anything listening on port 8000 and so the ProxyPass stuff isn’t working.

The thing you should actually be doing first is getting Tomcat working, and then using port 8080 or 8443 or whatever port Tomcat is using to verify that this part is working first - which means making sure it’s listening on either all addresses or the IP of your server and not just localhost/127.0.0.x addressing. Only at this point once Tomcat is working, should you be looking at Apache and the reverse proxy configuration to redirect Apache from 80/443 to ports 8080/8443 or whatever Tomcat is using.

@iwalker
I will be checking Tomcat, but first, I think I have a configuration problem with the firewall (ipv4 or ipv6), could it be because it is blocking some process and preventing normal flow? Because I’m saying this, running some commands I see that the ip 127.0.0.10:8000 and 127.0.0.10;8009 appear, but in ipv6.

I will be checking Tomcat, but first, I think I have a configuration problem with the firewall (ipv4 or ipv6), could it be because it is blocking some process and preventing normal flow? Because I’m saying this, running some commands I see that the ip 127.0.0.10:8000 and 127.0.0.10;8009 appear, but in ipv6.

I found something different in relation to Centos7 x Rocky Linux 9, I ran the command:
“sudo lsof -i”

in centos7 it shows with ip 127.0.0.x:8009 and ipv4.

in Rocky Linux 9 it shows with the name x123.com:8009 and ipv6.

I was wondering if there is a way to change my network settings to IPv4 instead of IPv6, I don’t know if it would be IPv6 that is messing up my settings.

I did another test and saw that my firewall (iptables - ipv4 and ipv6) is blocking commands/processes, such as “sudo lsof -i”. If it is active it does not run, if you try to do some installation it also does not install, it only installs if you stop iptables.

How can I solve this other problem?

I doubt very much ipv4 or ipv6 is the problem here. You can pretty much check that using telnet, so:

telnet 127.0.0.1 8009

for example. You can also do the same to see if the ports are listening, either using netstat from net-tools package, or what is available by default, using ss:

ss -tunlp

using netstat:

netstat -tunlp

to see if the ports are actually listening and can then be connected to. FirewallD if enabled will block access to the ports publicly, but not locally on the server. If netstat doesn’t show ports 8000 or 8009 that means Tomcat is listening on it’s default ports of 8080 or 8443, or they are not configured properly in the first place.

information follows.

telnet 127.0.0.1 8009
Trying 127.0.0.1…
telnet: connect to address 127.0.0.1: Connection refused

image


ss -tunlp

tcp LISTEN 0 100 [::ffff:127.0.0.10]:8000 : users:((“java”,pid=2651136,fd=53))
tcp LISTEN 0 100 [::ffff:127.0.0.10]:8009 : users:((“java”,pid=2651136,fd=41))


netstat -tunlp

tcp6 0 0 127.0.0.10:8000 :::* LISTEN 2651136/java
tcp6 0 0 127.0.0.10:8009 :::* LISTEN 2651136/java

So your Tomcat needs to be configured properly to listen on 127.0.0.10 and ipv4 and not ipv6.

This link from google gives a parameter that you can pass to prefer IPv4: tomcat6 - How does one get tomcat to bind to ipv4 address? - Server Fault

Explained more on Tomcat docs: Connectors - Apache Tomcat - Apache Software Foundation

You also have this: Apache Tomcat 9 Configuration Reference (9.0.91) - The HTTP Connector

I’m back guys! lol And with good news!

I managed to solve the problem of Creating Multiple Hosts in Apache.
It took a bit of work to understand but it worked.

It looked like this ( /etc/httpd/sites-available/site.com.conf ):

<VirtualHost *:80>
ServerName site1.com
ServerAlias ​​site1.com

JkMount /* site1

    CustomLog "/var/log/httpd/site1.com-access_log" combined
    ErrorLog "/var/log/httpd/site1.com-error_log"

RewriteCond %{SERVER_NAME} =site1.com [OR]
RewriteCond %{SERVER_NAME} =site1.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

< /VirtualHost>

<VirtualHost *:443>
ServerName site1.com
ServerAlias ​​site1.com

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/site1.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site1.com/privkey.pem

RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule /(.*) “wss://[site1.com]:[127.0.0.10]/$1” [P,L]
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443
ProxyPass / “ws://127.0.0.10:8000/” retry=5
ProxyPassReverse / “ws://127.0.0.10:8000/” retry=5

< /VirtualHost>

< /IfModule >


Together with the /etc/httpd/conf/workers.properties file, which looked like this:

worker.ajp13.loadbalancer.workers=site1
worker.site1.type=ajp13
worker.site1.host=127.0.0.10
worker.site1.port=8009

After restarting the java service (site1) that I created in the /opt/site1/ directory
With *.arj file and *.conf config
and link to /etc/init.d/ with site1.

That was the summary, to be able to create multiple virtual hosts.

I created site1.com (127.0.0.10) and site2.com 127.0.0.9) everything ok!

I appreciate everyone’s help for trying to help me and for helping me.
Thank you very much!

RESOLVED!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.