I am using Tomcat 7.0.29 fronted with Apache 2.2.22 modproxy.
Configured Ajp as the protocol in httpd.conf and AjpNioProtocol in server.xml.
After the server starts, the logs are filled with the following message:
Severe: Invalid message received with signature 20599
com.apache.coyote.ajp.AjpMessage processHeader
There are no requests sent to the web or tomcat server and it still throws that error. Access logs in tomcat and apache show that no request is coming in.
What is causing the invalid message error?
Here is the configuration :
httpd.conf
ProxyPass /wl ajp:// ip : port /wl
ProxyPassReverse /wl ajp:// ip : port /wl
server.xml
<Connector port="port"
protocol="org.apache.coyote.ajp.AjpNioProtocol"
connectionTimeout="20000"
acceptorThreadCount="2"
maxThreads="1600"
redirectPort="8443" />
For me, the problem was simple. I was sending HTTP requests but the connector was configured with AJP protocol. My connector in server.xml was configured like this:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
But when I changed it to this:
<Connector port="8009" protocol="HTTP/1.1" redirectPort="8443"/>
The error went away.
Hopefully that will help someone with this error.
This may also happen when buffer sizes are not same at both ends: logs mention invalid AJP message and browser receive 400 error code.
I have fixed the situation with both packetSize on AJP connector and ProxyIOBufferSize in Apache2 configuration.
In Tomcat server.xml:
<Connector protocol="AJP/1.3" port="8009"
connectionTimeout="20000"
packetSize="65536"
proxyName="yourproxy.domain.ltd" proxyPort="80"
/>
In Apache2 mod_proxy_ajp configuration, add the statement ProxyIOBufferSize 65536.
It was found that one of the internal processes was calling that port and sending http requests causing the "Invalid message.." error. So I ended up adding an additional http Connector for those internal processes
There are no requests sent to the web or tomcat server and it still throws that error. Access logs in tomcat and apache show that no request is coming in. What is causing the invalid message error?
Just some hint for other people because I forgot the same in one of my configs by accident: The mentioned Connector in server.xml is listening globally, because only port is specified, without any address. The latter is defined to listen globally by default:
By default, this port will be used on all IP addresses associated with the server.
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
So without any additional firewall or such it might be that bad clients are simply testing for open ports using various protocols, which might or might not be HTTP and therefore resulting in error messages with different signatures. Without very good reasons, there shouldn't be any need to make AJP globally available, especially not in case of a proxy-setup like used by the thread starter.
<Connector address="localhost" port="port"
protocol="org.apache.coyote.ajp.AjpNioProtocol"
connectionTimeout="20000"
acceptorThreadCount="2"
maxThreads="1600"
redirectPort="8443" />
I got a similar message today:
Nov 18, 2016 4:25:00 PM org.apache.coyote.ajp.AjpMessage processHeader
SEVERE: Invalid message received with signature 65524
The root cause of my problem was that selinux wasn't letting apache connect to tomcat. I'm a little confused as to how this error was a result - I'd expect that there would be no connection, period. Best guess, i probably attempted to manually connect to that port with telnet. Doing that certainly gives a similar message.
Regardless, perhaps this selinux reminder will be helpful to someone else who ends up here.
Related
I wanted to deploy Keycloak (v 15.0.2) on the domain mode using MariaDB as an external DB.
Imagine my DB is on 10.0.0.1. I deploy my master on 10.0.0.1 as well by modifying the "KeycloakDS" datasource and the drivers in domain.xml.
I also wanted to deploy a slave on 10.0.0.2 by modifying the domain.xml and the host-slave.xml as the documentation of the Keycloak mentioned (link). I made the below changes on "KeycloakDS" in domain.xml:
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS">
<connection-url>jdbc:mariadb://10.0.0.1:3306/keycloak</connection-url>
<driver>mariadb</driver>
<security>
<user-name>myuser</user-name>
<password>mypassword</password>
</security>
</datasource>
Note telnet on 3306 from 10.0.0.2 to 10.0.0.1 is Ok.
After the above changes, I wanted to deploy the slave on 10.0.0.2 but keep facing the error below:
Caused by: java.sql.SQLNonTransientConnectionException:
Socket fail to connect to host:address=(host=localhost)(port=3306)(type=primary). Connection refused: connect
Also note that the sceneio works properly for the standalone-ha mode by making the same changes in standalone-ha.xml.
I followed this link: Installing and Configuring Keycloak - Domain Clustered Deployment
Does anyone have any suggestion that how can I solve this problem?
Try changing the datasource on both
<subsystem xmlns="urn:jboss:domain:datasources:6.0"> in /domain.xml file.
when I was reviewing the file i found there two occurrences of that subsystem.
Picking up a test system with apache + tomcat. It was supposed to work but has been not working for a while.
If I start Tomcat first, then when starting apache it will show the following error:
[warn] NameVirtualHost *:8081 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:8081
no listening sockets available, shutting down
If I start Apache first, then start Tomcat, I will see the java exception saying port 8081 has been used already and Tomcat won't start.
What's the correct way to integrate apache2 and tomcat7? Where do I may be missing in the current setup? thanks.
Since port 8081 is not the standard port for Apache to listen to, it must be configured somewhere explicitly. Go through the configuration, find it, and fix it.
Alternatively, you can go though the tomcat configuration, find the port and fix it.
What the fix may be depends on your server setup: Moving it to another port number, disabling it completly, or something different.
A common configuration hides apache tomcat completly behind apache httpd and connects to it via the AJP connector.
You have the apache configure these listening on port 80 and integrate the Tomcat (default ajp port 8009 or default http port 8080) via mod_jk (AJP) or proxypass (AJP or HTTP) to Apache.
Apache (proxypass)
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
or
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
I am having issues setting up a BOSH service for a webchat. As XMPP server I'm using OpenFire and I'm already able to connect to the server using the Pidgin client. What I've done is the following:
First of all I've enabled the proxy using a2enmod proxy proxy_http. Then I went to edit the proxy.conf and added these in the end
ProxyVia On
ProxyErrorOverride On
ProxyPass /http-bind http://localhost:7070/http-bind
ProxyPassReverse /http-bind http://localhost:7070/http-bind
However, when i try to reach http://example.com/http-bind I get the following:
HTTP ERROR: 400
Problem accessing /http-bind/. Reason:
Bad Request
Powered by Jetty://
What am I doing wrong?
No any error in fact.
While you see the result, which measn that all proxy settings of yours are correct, as the http-bind needs to accept the POST(xml format) data as its true request, it is why the openfire server return 404 to you.
When I am running solr with runjetty in eclipse ,I am getting an exception(IlleagalStateException) and port no:8080 already in use?
Can anyone help me on this?
in your solr installation folders, search for "example/etc/jetty.xml"
this is the relevant part you're looking for:
<Set name="port">
<SystemProperty name="jetty.port" default="8080"/>
</Set>
change the "default" value as you like (unused port)
or launch jetty adding
-Djetty.port=11111
from the command line (1111 is just a random number, you choose again the one you need)
This means that there is a java service which is using the port, go to task manager and process and kill any javaw process that is running currently ...
Hope that might fix.
change you apache tomcat port to some other port and try again...
Please set port value in server.xml file
Its path is like,
Tomcat-installation-dir\conf\server.xml
Search tag like this,
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
Change the port number to any other number like 9090 for example, and after changes it should look like this,
<!-- Define a non-SSL HTTP/1.1 Connector on port 9090 -->
<Connector port="9090" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
Dont change anything other than connector port,change only the value of port and save the file and now hit the url,
localhost:9090
Or use the port number which you have updated in the server.xml file.
localhost:port_in_server.xml
So if every thing goes fine it should open the tomcat home page....This will make sure that you have changed the tomcat's default port(i.e.8080)listen to 9090.
Shutdown the tomcat server at this point.
Now you stop and restart the jetty server and it will work for you with no issues..
Hope this helps....
I have Apache2 SSL which is fronting Spring webapp as follows:
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
All works fine... i mean all links ... are correct, and in general webapp works, so the problem is not a matter of an application or SSL..
Except starting/cancelling webflows: they produce http URLs instead of https://
I found one topic here:
forum.springsource.org/showthread.php?70730-Webflow-2-0-and-reverse-proxy
They say it is not a problem of Spring WebFlow...
What is a workaround in this situation?
Providing that all requests to the Tomcat connector are received via SSL terminated at httpd then you can add the following to your connector:
scheme="https" secure="true"
This tells Tomcat to treat the connection as if it was received over an SSL connection direct to Tomcat. This is required when proxying over http since there is no mechanism within http to pass the SSL info to Tomcat. There are ways to pass some of this info via http headers. Look at the SSLValve docs in Tomcat.
Alternatively, using AJP will work since AJP passes SSL information from httpd to Tomcat.