On 29.12.2016 09:47, Martin Knoblauch wrote:
Hi Christopher,
that is an interesting pointer. We are of course securing the "jkmanager"
app. And guess what we are using: LDAP. The funky thing is that it is
working most of the time. It fails just after some time. Refreshing the URL
cures it again - for some time. What did you do to fix your problem?
As I mentioned elsewhere, setting "JkLogLevel debug" just filled the log
without anything suspicious showing up. I can see "jkmanager" fire/work
every 10 seconds (autorefresh), returning a 200 status. And then it nothing
until I refresh the URL.So it seems the problem is elsewhere, before
"mod_jk" come into play.
So setting JkLogLevel higher was far from useless : at least it tells you where the
problem isn't.
"How often have I said to you that when you have eliminated the impossible, whatever
remains, however improbable, must be the truth?"
Sherlock Holmes - The Sign of the Four
I will now try to investigate towards "mod_ldap" and maybe towards the
OpenSSL stuff (we use LDAP over SSL). Fortunately rolling back versions is
simple.
As for being current, as far as I know we are up2date:
==> Server Version: Apache/2.4.23 (Unix) OpenSSL/1.0.2j mod_jk/1.2.42
Thanks
Martin
On Wed, Dec 28, 2016 at 9:43 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Martin,
On 12/28/16 10:38 AM, Martin Knoblauch wrote:
Hi,
today we updated our Devel/Integration environments from
HTTPD 2.4.18/mod_jk 1.2.41/OpenSSL-1.0.2h
to
HTTPD 2.4.23/mod_jk 1.2.42/OpenSSL-1.0.2j
Since then we observe on both systems spurious "500" messages when
accessing the "jkmanager" page. Unfortunately there isn't much info
besides that. Only "access_log" shows
access_log:xxx.xxx.xxx.xxx - xxxxxxxx [28/Dec/2016:16:29:18 +0100]
"GET /jkmanager HTTP/1.1" 500 536
Any ideas how to get more insight
I had a problem a while back where I would get 500 responses and
*nothing* else back. It took a lot of tinkering-around to figure out
the problem: my LDAP server wasn't acceptable for some reason and
mod_auth_ldap was choking.
I spent all my time trying to figure out what was wrong with mod_jk
and it was the authentication layer way before mod_jk was being consulte
d.
If you require authorization for jkmanager (and you should!) make sure
that's working as expected before banging your head against mod_jk.
Also, make sure you are using the latest mod_jk that you can: the
distribution is separate from httpd.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJYZCPtAAoJEBzwKT+lPKRY82gP/1eG7zYY0dfxBKs8WTl80Wdp
o3qNaUeDROOdwER8VMmyVb7bmiPkmlj9FGGdKJqhjOSGeaHOLC6cEGce5JZSAzgl
q+/dOJ4xPaFqbmWUPfvQD7+pJZdFgcVqDowuSx2XWFUy/4L8CAjGii1jSHq3aEWu
umXiFT37igb0ApfpqYm1BNLtIuNvhoOdtpNxMWKULVF+kOjDPNK4+VE2Zj/2KCdk
Msm6jmSPvEKKbr+FaawdNyJl2D5qRMDrLwtzy+eGOFzatz6wQYQ6bc+i8JUqLjFo
9+id+SLMlCSZxrZo3iTJBna/kUy1TZmqhLu1IpkqqRmapqdlMQpouCDfkpbO6g6B
Ot0/hffM9r8Ggp+OMd1GNBIzLwZAn3jRumZ/HxUmds5O2U/tJw0C4ajggXBwtZ5D
fz1ZEPkdkCcyP+3hB8G76BglfhcOfqti4jPmoVj+jqJ3QAQA7FdFcKVrS5erJB3z
YA3BSasWaOkO6Eg0UhZmwYvjy7YpptaF4NjRlftTiIgSd1gnoZOE1CMpItajjPYx
LajaudBoXy/wdvXHjydZXOZgzFS4a3UCReZvCwD/upegJsU2UbAoFswX8vq8lW3I
hu3WwazKja975ANKNQtLzDmKS0W4Hto4+oO94CmvGpY9s6oOkycu93Dnesgx73kS
TGIwfW3anqIyev1SG5w5
=v9/q
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
