tomcat10无法与httpd2.4通过ajp协议连接

这几天尝试通过httpd2.4反向代理、负载均衡至后端服务器(tomcat10.0.27),发现http协议可以通联,但是ajp协议却不行,提示服务器正在维护,代码503。但是换成tomcat8就可以实现。两个版本tomcat关于ajp的设置都一样,只不过我看见tomcat8种关于ajp的连接是默认打开的,而tomcat10中默认是关闭的,修改为打开还是出现上述问题。

那报错呢?有没看过报错说的是啥?
因为以前AJP有漏洞(新版本解决),所以听说后面默认都关闭,包括我们在用的旧版本,没用到的,我们都关闭。

十分感谢能抽出宝贵时间帮我解疑释惑。我的运行环境是CentOS7.9,安装了apche-tomcat-10.0.27和jdk-8u351,在配置通过apache2.4(地址为192.168.137.128)的ajp连接负载均衡至2个后端tomcat主机(地址分别为192.168.137.127,192.168.137.129)时,发现无法访问。具体配置如下:
1.httpd的配置:

# Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<proxy balancer://lbcluster1>
    BalancerMember ajp://192.168.137.127:8009 loadfactor=10 route=Tomcat1
    BalancerMember ajp://192.168.137.129:8009 loadfactor=10 route=Tomcat3
#   ProxySet stickysession=ROUTEID
</proxy>

<VirtualHost *:80>
    ServerName node2.baiyang.com
    ProxyVia On
    ProxyRequests Off 
    ProxyPreserveHost On
    <Proxy *>
        Require all granted
    </Proxy>
    ProxyPass /server-status !
    ProxyPass / balancer://lbcluster1/
    ProxyPassReverse / balancer://lbcluster1/
#   ProxyPass / ajp://192.168.137.127:8009/
#   ProxyPassReverse / ajp://192.168.137.127:8009/
    <Location />
        Require all granted
    </Location>
    <Location /balancer-manager>
        SetHandler balancer-manager
        Proxypass !
        Require ip 192.168.137.0/24
    </Location>
</VirtualHost>

2.tomcat(server.xml)配置如下:

      <!--在tomcat10.0.27中关于AJP的配置默认是注释掉的,而在tomcat8.0.23中此项默认是打开的,且没有address配置项-->  
      <Connector protocol="AJP/1.3"
               address="0.0.0.0"    #此处删除的话,则监听在ipv4127.0.0.1端口
               port="8009"
               redirectPort="8443" />
      <Engine name="Catalina" defaultHost="node1.baiyang.com" jvmRoute="Tomcat1">
        <Realm className="org.apache.catalina.realm.LockOutRealm">
          <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
        </Realm>
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>  
      <Host name="node1.baiyang.com" appBase="/data/webapps" autoDeploy="true">
        <Context path="" docBase="/data/webapps/ROOT"/>
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/data/logs"
               prefix="node1_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>
    </Engine>

另一台tomcat主机配置除名称不同外,其余内容均相同。
3.无法通过AJP协议访问apache负载至后端tomcat主机:

img


查看tomcat日志文件
(1)自定义的日志文件:

192.168.137.1 - - [13/Nov/2022:09:42:15 +0800] "GET /favicon.ico HTTP/1.1" 404 728
192.168.137.1 - - [13/Nov/2022:09:42:26 +0800] "GET / HTTP/1.1" 200 345
192.168.137.1 - - [13/Nov/2022:09:42:26 +0800] "GET /favicon.ico HTTP/1.1" 404 728
192.168.137.1 - - [13/Nov/2022:09:42:46 +0800] "GET / HTTP/1.1" 200 345
192.168.137.1 - - [13/Nov/2022:09:42:50 +0800] "GET / HTTP/1.1" 200 345

(2)catalina.log

13-Nov-2022 09:44:28.652 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-10.0.27/webapps/examples] has finished in [410] ms
13-Nov-2022 09:44:28.653 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-10.0.27/webapps/host-manager]
13-Nov-2022 09:44:28.695 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-10.0.27/webapps/host-manager] has finished in [41] ms 
13-Nov-2022 09:44:28.695 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/apache-tomcat-10.0.27/webapps/manager]
13-Nov-2022 09:44:28.729 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/apache-tomcat-10.0.27/webapps/manager] has finished in [34] ms 
13-Nov-2022 09:44:28.843 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
13-Nov-2022 09:44:28.871 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to start component [Connector[AJP/1.3-8009]]
    org.apache.catalina.LifecycleException: Protocol handler start failed
        at org.apache.catalina.connector.Connector.startInternal(Connector.java:1081)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.core.StandardService.startInternal(StandardService.java:449)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:795)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:476)
    Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid.
        at org.apache.coyote.ajp.AbstractAjpProtocol.start(AbstractAjpProtocol.java:267)
        at org.apache.catalina.connector.Connector.startInternal(Connector.java:1078)
        ... 12 more
13-Nov-2022 09:44:28.874 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [1081] milliseconds

查看apache日志文件(error_log):

[Sun Nov 13 10:21:18.859023 2022] [proxy_ajp:error] [pid 27232] (70007)The timeout specified has expired: AH01030: ajp_ilink_receive() can't receive header
[Sun Nov 13 10:21:18.859201 2022] [proxy_ajp:error] [pid 27232] [client 192.168.137.1:20116] AH00992: ajp_read_header: ajp_ilink_receive failed
[Sun Nov 13 10:21:18.859226 2022] [proxy_ajp:error] [pid 27232] (70007)The timeout specified has expired: [client 192.168.137.1:20116] AH00878: read response failed from 192.168.137.127:8009 (192.168.137.127)
[Sun Nov 13 10:22:18.904191 2022] [proxy_ajp:error] [pid 27232] (70007)The timeout specified has expired: AH01030: ajp_ilink_receive() can't receive header
[Sun Nov 13 10:22:18.904320 2022] [proxy_ajp:error] [pid 27232] [client 192.168.137.1:20116] AH00992: ajp_read_header: ajp_ilink_receive failed
[Sun Nov 13 10:22:18.904347 2022] [proxy_ajp:error] [pid 27232] (70007)The timeout specified has expired: [client 192.168.137.1:20116] AH00878: read response failed from 192.168.137.129:8009 (192.168.137.129)

查看apache的访问日志文件access_log:

192.168.137.1 - - [13/Nov/2022:10:21:10 +0800] "-" 408 - "-" "-"
192.168.137.1 - - [13/Nov/2022:10:20:18 +0800] "GET / HTTP/1.1" 503 299 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36"

4.但是将tomcat10.0.27更换为tomcat8.0.23就没有这些问题了,apache2.4通过ajp、http协议均能实现负载均衡功能。