====== apache-tomcat-7.0.100 이상 server.xml ajp 설정 ====== * description : apache-tomcat-7.0.100이상 설정 방법 및 오류 대응에 대한 내용 * author : 김토피아 * email : kimmk@repia.com * lastupdate : 2020-04-03 ○ apache(WEB)과 tomcat(WAS)가 물리적인 서버 한대로 있는 경우 # apache/conf/workers.properties workers.tomcat_home=/usr/local/tomcat workers.java_home=/usr/java/ ps=/ worker.list=ajp13 worker.ajp13.port=8009 worker.ajp13.host=127.0.0.1 worker.ajp13.type=ajp13 # tomcat/conf/server.xml port="8009" redirectPort="8443" secretRequired="false" /> > 2020년 3월 2일 보안 이슈 이후로 AJP포트를 변경 하여 사용 할 것을 권장 ○ apache(WEB)과 tomcat(WAS)가 각각 물리적인 서버로 있을 경우 # apache/conf/workers.properties workers.tomcat_home=/usr/local/tomcat workers.java_home=/usr/java/ ps=/ worker.list=ajp13 worker.ajp13.port=8009 worker.ajp13.host=192.168.10.109 worker.ajp13.type=ajp13 # tomcat/conf/server.xml port="8009" redirectPort="8443" secretRequired="false" /> \\ secretRequired="true"를 사용할 경우 # 웹서버 # apache/conf/workers.properties workers.tomcat_home=/usr/local/tomcat workers.java_home=/usr/java/ ps=/ worker.list=ajp13 worker.ajp13.port=8009 worker.ajp13.host=192.168.10.109 worker.ajp13.type=ajp13 worker.ajp13.secret=패스워드입력 # tomcat/conf/server.xml port="8009" redirectPort="8443" secretRequired = "true" secret="패스워드입력" secretRequired="true" /> ===== TOMCAT 오류사항 및 대응 ===== > 심각: Failed to initialize end point associated with ProtocolHandler ["ajp-bio-0:0:0:0:0:0:0:1-8018"] > java.net.SocketException: Protocol family unavailable > 해결: address="::1" 인 경우 발생 > 심각: Failed to start connector [Connector[AJP/1.3-8018]] > org.apache.catalina.LifecycleException: service.getName(): "Catalina"; 프로토콜 핸들러 시작 실패 > 해결: secretRequired="false" 옵션이나 AJP 설정에 이상이 있는 경우 > 심각: StandardServer.await: create[localhost:8006]: > java.net.BindException: Address already in use > 해결: port 충돌 시 발생 > 정보: org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [159,729] milliseconds. > 해결: 톰캣이 늦게 뜨는 현상 catalina.sh의 상단에 JAVA_OPTS="$JAVA_OPTS -Djava.security.egd=file:/dev/./urandom" 입력 > 오류: apache와 tomcat이 연동 되어 있을 때 Tomcat 설정이상이 없고 아무런 오류가 뜨지 않을때 mod-jk.log 확인 >[20 04 07 15:23:45] [17946:140164380887168] [info] jk_handler::mod_jk.c (2991): Service error=-3 for worker=tomcat >[20 04 07 15:24:02] [17946:140164380887168] [info] jk_open_socket::jk_connect.c (816): connect to ::1:8009 failed (errno=111) >[20 04 07 15:24:02] [17946:140164380887168] [info] ajp_connect_to_endpoint::jk_ajp_common.c (1065): (tomcat) Failed opening socket to (::1:8009) (errno=111) >[20 04 07 15:24:02] [17946:140164380887168] [error] ajp_send_request::jk_ajp_common.c (1725): (tomcat) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111) >[20 04 07 15:24:02] [17946:140164380887168] [info] ajp_service::jk_ajp_common.c (2775): (tomcat) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1) >[20 04 07 15:24:02] [17946:140164380887168] [info] jk_open_socket::jk_connect.c (816): connect to ::1:8009 failed (errno=111) >[20 04 07 15:24:02] [17946:140164380887168] [info] ajp_connect_to_endpoint::jk_ajp_common.c (1065): (tomcat) Failed opening socket to (::1:8009) (errno=111) >.[20 04 07 15:24:02] [17946:140164380887168] [error] ajp_send_request::jk_ajp_common.c (1725): (tomcat) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111) >[20 04 07 15:24:02] [17946:140164380887168] [info] ajp_service::jk_ajp_common.c (2775): (tomcat) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2) >[20 04 07 15:24:02] [17946:140164380887168] [error] ajp_service::jk_ajp_common.c (2796): (tomcat) connecting to tomcat failed (rc=-3, errors=54, client_errors=30). > 해결: workers.properties 파일의 worker.worker1.host가 localhost로 되어 있을 경우 오류 발생 IP 형식으로 변경하여 apache 재시작 > 해결2: workers.properties 파일의 ajp 포트가 동일하게 2개 셋팅되어 있는 경우 발생 ===== Ref ===== * [[https://www.krcert.or.kr/data/secNoticeList.do?page=1&sort_code=&sort_code_name=&search_sort=title_name&search_word=apache|보안관련 최신 이슈 공지게시판(인터넷진흥원 - 인터넷보호나라)]] * [[https://nirsa.tistory.com/131|tomcat7.0.100이상 설정 방법]] * [[https://nirsa.tistory.com/132?category=876464|물리적인 망분리 연동설정]] {{tag>김토피아 tomcat, AJP, ajp, 주레피}}