Configure Lucee 5.3 and mod_jk Web Connector

Hello,

We are attempting to upgrade from Lucee 5.2.9.31 to 5.3.4.80 and would prefer to use the mod_jk web connector to allow for load balancing and better performance. After the upgrade, we receive an http 403 error upon loading the application. I noticed that Oracle Java was swapped for OpenJDK and Tomcat was updated to version 9. Also, further research has revealed that mod_jk has not been officially tested on Tomcat 9. Does anyone have experience configuring mod_jk in a similar environment?

OS: 3.10.0-957.10.1.el7.x86_64
Java Version: 11.0.6+10
Tomcat Version: Tomcat/9.0.31
Lucee Version: 5.3.4.80
Apache Version: Apache/2.4.34
mod_jk Version: 1.2.46

Thank you,
Kellen Reason

We resolved the issues, which were caused by Tomcat updates. This might be of interest to other Lucee users:

  • A secret has to be provided in the mod_jk workers file and the Tomcat AJP 8009 connector, or secretRequired=“false” should be used in the Tomcat connector.

  • When environment variables are passed with JkEnvVar, the attribute allowedRequestAttributesPattern=".*" should be added to the Tomcat 8009 connector.

2 Likes

Thank you for reporting back on this. That was very cool of you. I have experience with mod_jk but I admit I haven’t used it in many years. The required secret is brand new due to the Ghostcat security issue.

Maybe this is a helpful information for someone else.

After installing Lucee V5.3.4.80 using the Linux (64b) installer on a fresh Debian Buster system, I received a service unavailable (503) Error when trying to use the Apache mod_jk connector.

I found out, that I had to change the local address 127.0.0.1 to ::1 in the AJP 1.3 connector in server.xml.

This configuration is working for me:

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector protocol="AJP/1.3"
	address="::1"
	port="8009"
	secretRequired="false"
	redirectPort="8443" />

OS: Debian (10.3) Buster
Kernel: 4.19.0-6-amd64
Java Version: AdoptOpenJDK Version: 11.0.6
Tomcat Version: Tomcat/9.0.31.0
Lucee Version: 5.3.4.80
Apache Version: Apache/2.4.38 (Debian)
mod_jk Version: 1.2.46

1 Like