====== apache-tomcat-7.0.100 이상 server.xml ajp 설정 ======
* description : apache-tomcat-7.0.100이상 설정 방법 및 오류 대응에 대한 내용
* author : 김토피아
* email : kimmk@repia.com
* lastupdate : 2020-04-03
○ apache(WEB)과 tomcat(WAS)가 물리적인 서버 한대로 있는 경우
# apache/conf/workers.properties
workers.tomcat_home=/usr/local/tomcat
workers.java_home=/usr/java/
ps=/
worker.list=ajp13
worker.ajp13.port=8009
worker.ajp13.host=127.0.0.1
worker.ajp13.type=ajp13
# tomcat/conf/server.xml
port="8009"
redirectPort="8443"
secretRequired="false" />
> 2020년 3월 2일 보안 이슈 이후로 AJP포트를 변경 하여 사용 할 것을 권장
○ apache(WEB)과 tomcat(WAS)가 각각 물리적인 서버로 있을 경우
# apache/conf/workers.properties
workers.tomcat_home=/usr/local/tomcat
workers.java_home=/usr/java/
ps=/
worker.list=ajp13
worker.ajp13.port=8009
worker.ajp13.host=192.168.10.109
worker.ajp13.type=ajp13
# tomcat/conf/server.xml
port="8009"
redirectPort="8443"
secretRequired="false" />
\\
secretRequired="true"를 사용할 경우
# 웹서버
# apache/conf/workers.properties
workers.tomcat_home=/usr/local/tomcat
workers.java_home=/usr/java/
ps=/
worker.list=ajp13
worker.ajp13.port=8009
worker.ajp13.host=192.168.10.109
worker.ajp13.type=ajp13
worker.ajp13.secret=패스워드입력
# tomcat/conf/server.xml
port="8009"
redirectPort="8443"
secretRequired = "true"
secret="패스워드입력"
secretRequired="true" />
===== TOMCAT 오류사항 및 대응 =====
> 심각: Failed to initialize end point associated with ProtocolHandler ["ajp-bio-0:0:0:0:0:0:0:1-8018"]
> java.net.SocketException: Protocol family unavailable
> 해결: address="::1" 인 경우 발생
> 심각: Failed to start connector [Connector[AJP/1.3-8018]]
> org.apache.catalina.LifecycleException: service.getName(): "Catalina"; 프로토콜 핸들러 시작 실패
> 해결: secretRequired="false" 옵션이나 AJP 설정에 이상이 있는 경우
> 심각: StandardServer.await: create[localhost:8006]:
> java.net.BindException: Address already in use
> 해결: port 충돌 시 발생
> 정보: org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [159,729] milliseconds.
> 해결: 톰캣이 늦게 뜨는 현상 catalina.sh의 상단에 JAVA_OPTS="$JAVA_OPTS -Djava.security.egd=file:/dev/./urandom" 입력
> 오류: apache와 tomcat이 연동 되어 있을 때 Tomcat 설정이상이 없고 아무런 오류가 뜨지 않을때 mod-jk.log 확인
>[20 04 07 15:23:45] [17946:140164380887168] [info] jk_handler::mod_jk.c (2991): Service error=-3 for worker=tomcat
>[20 04 07 15:24:02] [17946:140164380887168] [info] jk_open_socket::jk_connect.c (816): connect to ::1:8009 failed (errno=111)
>[20 04 07 15:24:02] [17946:140164380887168] [info] ajp_connect_to_endpoint::jk_ajp_common.c (1065): (tomcat) Failed opening socket to (::1:8009) (errno=111)
>[20 04 07 15:24:02] [17946:140164380887168] [error] ajp_send_request::jk_ajp_common.c (1725): (tomcat) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111)
>[20 04 07 15:24:02] [17946:140164380887168] [info] ajp_service::jk_ajp_common.c (2775): (tomcat) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1)
>[20 04 07 15:24:02] [17946:140164380887168] [info] jk_open_socket::jk_connect.c (816): connect to ::1:8009 failed (errno=111)
>[20 04 07 15:24:02] [17946:140164380887168] [info] ajp_connect_to_endpoint::jk_ajp_common.c (1065): (tomcat) Failed opening socket to (::1:8009) (errno=111)
>.[20 04 07 15:24:02] [17946:140164380887168] [error] ajp_send_request::jk_ajp_common.c (1725): (tomcat) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111)
>[20 04 07 15:24:02] [17946:140164380887168] [info] ajp_service::jk_ajp_common.c (2775): (tomcat) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
>[20 04 07 15:24:02] [17946:140164380887168] [error] ajp_service::jk_ajp_common.c (2796): (tomcat) connecting to tomcat failed (rc=-3, errors=54, client_errors=30).
> 해결: workers.properties 파일의 worker.worker1.host가 localhost로 되어 있을 경우 오류 발생 IP 형식으로 변경하여 apache 재시작
> 해결2: workers.properties 파일의 ajp 포트가 동일하게 2개 셋팅되어 있는 경우 발생
===== Ref =====
* [[https://www.krcert.or.kr/data/secNoticeList.do?page=1&sort_code=&sort_code_name=&search_sort=title_name&search_word=apache|보안관련 최신 이슈 공지게시판(인터넷진흥원 - 인터넷보호나라)]]
* [[https://nirsa.tistory.com/131|tomcat7.0.100이상 설정 방법]]
* [[https://nirsa.tistory.com/132?category=876464|물리적인 망분리 연동설정]]
{{tag>김토피아 tomcat, AJP, ajp, 주레피}}