Apache Errors preventing us from our Tomcat Webapp receiving requests

Keywords: Tomcat - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 380d7f19-cfc9-a0de-b781-9a0a5609d02e
Description:
Hello, we’ve been running our servers with a Bitnami Tomcat image we’ve maintained for the last 5 years. I’ve been trying to use the latest Bitnami Tomcat and have been fighting with the SSL configuration for a while. I now have it to the point that I’m at least able to access the login page of our application. However, as soon as I do anything that triggers it to make a web service request to the server it I get errors in Apache that I believe are preventing it from reaching Tomcat.

Here are some of the errors:

[Wed Mar 24 12:34:43.378072 2021] [ssl:warn] [pid 754] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name

[Wed Mar 24 19:27:05.456607 2021] [proxy_ajp:error] [pid 2525] (70007)The timeout specified has expired: AH01030: ajp_ilink_receive() can’t receive header
[Wed Mar 24 19:27:05.456690 2021] [proxy_ajp:error] [pid 2525] [client 10.25.4.132:35242] AH00992: ajp_read_header: ajp_ilink_receive failed, referer: https://dev.mydomain.com/manage/login/
[Wed Mar 24 19:27:05.456703 2021] [proxy_ajp:error] [pid 2525] (70007)The timeout specified has expired: [client 10.25.4.132:35242] AH00878: read response failed from 127.0.0.1:8009 (localhost), referer: https://dev.mydomain.com/manage/login/

Sorry clicked send a little prematurely. I went ran the support tool on the wrong instance. The support id for the instance actually having the issue is f20c9ef1-6748-a720-7147-ec581c217b22. If you have any idea on what to try or you need to see specific files also let me know.

Hi @nmb1106,

The httpd.conf file seems to have been moved from /opt/bitnami/apache/conf/httpd.conf to opt/bitnami/opt/bitnami/apache/conf/httpd.conf. Can you check that if that is the case and move it back to its original place?

Regards,
Michiel

It’s still at /opt/bitnami/apache/conf/httpd.conf. I’ll attach what I think are the important files. I’m confused on what belongs in bitnami-ssl.conf vs. tomcat-https-vhost.conf. In the old Bitnami image the proxy pass stuff came from a tomcat.conf file in <catalina_home>/conf. This is quite a bit different then that old image. In the end I just want all 443 traffic to go to Tomcat protected by our wildcard cert. I’ve attached the conf files that I think you’ll find the problem. All of the files attached are still in their original location. I’ve only added 3 things to the apache conf directories at all, the 3 files associated with our cert.

bitnamit9-apahce-conf-files.zip (8.4 KB)

Hi @nmb1106,

Did you follow the steps from this guide to configure SSL?

https://docs.bitnami.com/aws/infrastructure/tomcat/administration/enable-ssl-tomcat/

Regards,
Michiel

I’ve been under the impression I didn’t need that if I want to use AJP through Apache. Our bitnami tomcat 7 image doesn’t work that way. I want to control the SSL configuration via Apache not Tomcat. I originally followed this: https://docs.bitnami.com/aws/infrastructure/tomcat/administration/enable-https-ssl-apache/. When that wasn’t working I posted in another thread it was mentioned that the tomcat ssl config for apache is in /opt/bitnami/apache2/conf/vhosts/tomcat-https-vhost.conf. Do I need the connector too?

Which directions are best to follow for this situation? My goal is to receive SSL traffic from an aws load balancer that contains our application EC2s derived from the latest Bitnami Tomcat 9 AMI. Traffic within an instance should go through Apache over AJP:8009 to Tomcat. Our cert is a wildcard cert if that matters.

Hi @nmb1106,

Apache and Tomcat use the AJP protocol to exchange data through localhost so for that part SSL configuration is not needed.

As you are using the load-balancer’s SSL you need to configure Apache to correctly handle SSL requests from the load balancer. The following guide explains how to do that:

https://docs.bitnami.com/aws/how-to/configure-elb-ssl-aws/#step-4-modify-the-web-server-configuration-on-the-bitnami-application-instance

Regards,
Michiel

Sorry for the delay but we did work this out eventually. I ended up not using the starting points that are in the new bitnami images and instead introducing my own ssl config which I basically took from the old Bitnami Tomcat 7 images. Thank you for your help

1 Like

Hi @nmb1106.

I’m glad to hear the issue has been solved. :smile:

Regards,
Michiel