我正在对两台具有不同域名的服务器进行负载平衡。目前,它对于 Server1 运行良好,其中存在负载平衡配置和 1 个 Tomcat 实例,但对于 server2 则不然。我遇到 AJP 失败。我什至尝试过使用 HTTPS,但没有成功。我究竟做错了什么?
错误日志:
(110)Connection timed out: AH00957: HTTPS: attempt to connect to SERVER_2_IP:8445 (SERVER_2_IP) failed
[Tue Feb 26 09:53:40.020390 2019] [proxy:error] [pid 16991:tid 140154131154688] AH00959: ap_proxy_connect_backend disabling worker for (SERVER_2_IP) for 60s
[Tue Feb 26 09:53:40.020400 2019] [proxy_http:error] [pid 16991:tid 140154131154688] [client CLIENT_IP:40082] AH01114: HTTP: failed to make connection to backend: SERVER_2_IP
Server1:sites-enabled/000-default.conf:
<VirtualHost *:443>
ServerName DOmain.de
ServerAlias www.domain.de
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/letsencrypt/live/domain.de/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.de/private.key
SSLCertificateChainFile /etc/letsencrypt/live/domain.de/chain.pem
<Proxy balancer://mycluster>
BalancerMember ajp://IP:8009 route=server1
BalancerMember https://IP2:8445 route=server2
</Proxy>
ProxyPass /balancer-manager !
ProxyPass / balancer://mycluster/
</VirtualHost>
服务器2 tomcat:
<Connector port="8445" enableLookups="true" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="200" disableUploadTimeout="true" connectionTimeout="36000"
compression="off" sslProtocols="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TL$
ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
compressionMinSize="1024" scheme="https" secure="true" clientAuth="false"
keystoreFile="/etc/letsencrypt/live/Domain2.de/keystore.jks" keyPass="PASSWORD" keyAlias="tomcat" keystorePass="PASSWORD" URIEncoding="utf-8"/>
<Connector port="8012" protocol="AJP/1.3" redirectPort="8445" connectionTimeout="10000" keepAliveTimeout="10000" />
我还给出了:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8445 -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8012 -j ACCEPT
service iptables save.
还是不行,服务器 2 没有响应。