We are attempting to upgrade from Lucee 5.2.9.31 to 5.3.4.80 and would prefer to use the mod_jk web connector to allow for load balancing and better performance. After the upgrade, we receive an http 403 error upon loading the application. I noticed that Oracle Java was swapped for OpenJDK and Tomcat was updated to version 9. Also, further research has revealed that mod_jk has not been officially tested on Tomcat 9. Does anyone have experience configuring mod_jk in a similar environment?
We resolved the issues, which were caused by Tomcat updates. This might be of interest to other Lucee users:
A secret has to be provided in the mod_jk workers file and the Tomcat AJP 8009 connector, or secretRequired=“false” should be used in the Tomcat connector.
When environment variables are passed with JkEnvVar, the attribute allowedRequestAttributesPattern=“.*” should be added to the Tomcat 8009 connector.
Thank you for reporting back on this. That was very cool of you. I have experience with mod_jk but I admit I haven’t used it in many years. The required secret is brand new due to the Ghostcat security issue.
Maybe this is a helpful information for someone else.
After installing Lucee V5.3.4.80 using the Linux (64b) installer on a fresh Debian Buster system, I received a service unavailable (503) Error when trying to use the Apache mod_jk connector.
I found out, that I had to change the local address 127.0.0.1 to ::1 in the AJP 1.3 connector in server.xml.
This configuration is working for me:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
secretRequired="false"
redirectPort="8443" />