Hi,
I woke up to a few customers complaining that their Tomcat wasn't responding, resulting in 503 errors.
Symptoms
The error thrown by Tomcat (in catalina.out) is :
Problem
This is linked to an upgrade that happened overnight:
# grep tomcat /var/log/yum.log
Mar 07 02:57:21 Updated: 1:ea-tomcat85-8.5.51-2.el7.cloudlinux.x86_64
The breaking change is documented here :
Solution
To solve this, one needs to add the secretRequired="false" to the AJP connector definition in server.xml.
Here is a script that does it for all users on the server, and then restart Tomcat for each user :
Hope this helps someone else!
I woke up to a few customers complaining that their Tomcat wasn't responding, resulting in 503 errors.
Symptoms
The error thrown by Tomcat (in catalina.out) is :
Code:
...
SEVERE [main] org.apache.catalina.core.StandardService.startInternal Failed to start connector [Connector[AJP/1.3-10019]]
...
Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid.
...
This is linked to an upgrade that happened overnight:
# grep tomcat /var/log/yum.log
Mar 07 02:57:21 Updated: 1:ea-tomcat85-8.5.51-2.el7.cloudlinux.x86_64
The breaking change is documented here :
Solution
To solve this, one needs to add the secretRequired="false" to the AJP connector definition in server.xml.
Here is a script that does it for all users on the server, and then restart Tomcat for each user :
Bash:
for USER in `ls /home/*/ea-tomcat85/conf/server.xml | cut -d/ -f3`
do
echo "Fixing $USER's Tomcat"
sed -i 's/protocol="AJP\/1.3" xpoweredBy="false"/protocol="AJP\/1.3" secretRequired="false" xpoweredBy="false"/g' /home/$USER/ea-tomcat85/conf/server.xml
su - $USER -c "export PATH=$(dirname $(readlink /usr/local/cpanel/3rdparty/bin/perl)):$PATH && ubic restart ea-tomcat85"
sleep 5
done;