Tomcat 9.0.33 shipped with Confluence 7.4 binds to localhost by default when using AJP connector
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
要約
Tomcat 9.0.33 shipped with Confluence 7.4 binds to 127.0.0.1 by default when using the AJP connector. This can cause issues in connecting Apache Webserver to the Tomcat
環境
- Confluence 7.x series
- AJP connector on Tomcat
- Apache Webserver hosted on another server that forwards the request to Confluence on AJP connector
診断
The following error is seen in Apache Webserver
Thu May 07 12:41:30.652 2020] [2215:140283867359040] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Thu May 07 12:41:34.646 2020] [2226:140283758212864] [info] jk_open_socket::jk_connect.c (627): connect to 100.83.19.15:8009 failed (errno=111)
[Thu May 07 12:41:34.646 2020] [2226:140283758212864] [info] ajp_connect_to_endpoint::jk_ajp_common.c (995): Failed opening socket to (100.83.19.15:8009) (errno=111)
[Thu May 07 12:41:34.646 2020] [2226:140283758212864] [error] ajp_send_request::jk_ajp_common.c (1630): (srvr_drp_confluence_sldcfrdrp470_dev_S1) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111)
原因
AJP connector on new Tomcat 9.0.33 shipped with Confluence 7.4 binds to only 127.0.0.1 by default
07-May-2020 12:35:43.061 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-127.0.0.1-8009"]
ソリューション
Modify AJP connector configuration in server.xml to include the following directive to allow it to bind to all addresses. We can also specify a specific IP address of the interface as well
address="0.0.0.0"
The configuration should look like below
<Connector port="8009" connectionTimeout="20000" redirectPort="8443"
maxThreads="150" minSpareThreads="25" secretRequired="false" address="0.0.0.0"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.ajp.AjpNioProtocol" proxyname="proxy.com" proxyPort="443" scheme="https"