Merge ~ahasenack/ubuntu/+source/apache2:focal-apache2-ajp-secret into ubuntu/+source/apache2:ubuntu/devel
Status: | Merged |
---|---|
Approved by: | Andreas Hasenack |
Approved revision: | cd2d8271579104b7dc9e8254c7bee4d4c1021e17 |
Merge reported by: | Andreas Hasenack |
Merged at revision: | cd2d8271579104b7dc9e8254c7bee4d4c1021e17 |
Proposed branch: | ~ahasenack/ubuntu/+source/apache2:focal-apache2-ajp-secret |
Merge into: | ubuntu/+source/apache2:ubuntu/devel |
Diff against target: |
259 lines (+231/-0) 4 files modified
debian/changelog (+7/-0) debian/patches/mod_proxy_ajp-secret-parameter-doc.patch (+32/-0) debian/patches/mod_proxy_ajp-secret-parameter.patch (+190/-0) debian/patches/series (+2/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Christian Ehrhardt (community) | Approve | ||
Thomas (community) | test | Approve | |
Canonical Server | Pending | ||
Review via email: mp+380324@code.launchpad.net |
Description of the change
Bring into apache 2.4.41 a 2.4.42 feature required to have apache proxy connections to a tomcat9 9.0.31 server via AJP. The bug contains the details.
This is almost a straight pull from upstream's commit. I noted my changes in the DEP3 headers of the patches.
Here are testing instructions:
sudo apt install tomcat9 apache2 tomcat9-examples
sudo a2enmod proxy_ajp
# edit /etc/apache2/
ProxyPass "/examples" "ajp://
sudo systemctl restart apache2
# edit /etc/tomcat9/
<Connector protocol="AJP/1.3"
# if we didn't add a secret to the connector configuration, tomcat9 would fail to start it, because a secret is mandatory by default since 9.0.13.
# restart tomcat9
sudo systemctl restart tomcat9
# Let's confirm tomcat9 is working
curl http://
# And the examples page which is what we will proxy through apache later:
curl http://
# we want to access that via apache, but it won't work now because we didn't configure the same secret on apache's side. You will get back a nasty 403:
curl http://
<!doctype html><html lang="en"
# now let's add the secret keyword to apache's /etc/apache2/
ProxyPass "/examples" "ajp://
# apache2 will fail to restart, as it doesn't understand the "secret" parameter
sudo systemctl restart apache2
# update to the apache packages from the ppa
sudo add-apt-repository ppa:ahasenack/
sudo apt install apache2 -y
# Try the examples page via apache again, and this time we get the examples through apache
curl http://
Don't know if this is relevant, but Andreas' mod_proxy_ajp now works for my use case. The only problem I had is that (unlike the URLs and paths) the secret on the Apache side *must not* be quoted, but this is probably by design.