Error When Communicating With Server

Problems with installing OpenKM? No problemo, the solution is closer than you think.
Forum rules
Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
Post Reply
ChrisW
Fresh Boarder
Fresh Boarder
Posts: 12
Joined: Thu Jan 03, 2013 2:01 am

Error When Communicating With Server

Post by ChrisW »

I have been successfully using the OpenKM Community edition for years. It's time to migrate to a new server instance. I installed the latest CE bundle on the new Linux instance: openkm-6.3.2-community-tomcat-bundle.zip using the instructions included in https://docs.openkm.com/kcenter/view/ok ... entos.html. It starts up and the database tables build as expected. Java version is 1.8.0_265. However, when logging in, I immediately get a series of "Error when communicating with server" messages. Screen shot attached.

ErrorScreen.JPG

Been watching server resources while it's running and it doesn't come close to consuming much CPU or RAM.

Any ideas of where I should be looking for the issue?
Thanks
ChrisW
Fresh Boarder
Fresh Boarder
Posts: 12
Joined: Thu Jan 03, 2013 2:01 am

Re: Error When Communicating With Server

Post by ChrisW »

****UPDATE****

Another twist. If I launch OpenKM using http://YOUR_IP:8080/OpenKM, I can login without any errors. However, if I use my assigned domain https://dms.mydomain.com, it presents the errors. The Apache config is straightforward and is taken from the documentation. Here is the config:

Code: Select all

<VirtualHost *:80>
  ServerName dms.mydomain.com
  Redirect permanent / https://dms.mydomain.com/
</VirtualHost>

Code: Select all

<VirtualHost *:443>
    ServerName dms.mydomain.com
    RedirectMatch ^/$ /OpenKM
    <Location /OpenKM>
        ProxyPass ajp://127.0.0.1:8009/OpenKM keepalive=On
        ProxyPassReverse http://dms.mydomain.com/OpenKM
	</Location>

    ErrorLog logs/openkm-error_log
    CustomLog logs/openkm-access_log combined

	SSLEngine on
	SSLCertificateFile /etc/letsencrypt/live/dms.mydomain.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/dms.mydomain.com/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Is this an AJP problem?
jllort
Moderator
Moderator
Posts: 11479
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Error When Communicating With Server

Post by jllort »

First I suggest get running with http -> then play with https ( usually this is the path ). I ignore if AJP is the issue, check if the AJP port is binding, maybe is not enabled in the server.xml ( About SSL if you do not have a SSL certificate from vendor I suggest installing cerbot ( easy, works and quick to get running to convert http to https configuration https://certbot.eff.org/instructions
ChrisW
Fresh Boarder
Fresh Boarder
Posts: 12
Joined: Thu Jan 03, 2013 2:01 am

Re: Error When Communicating With Server

Post by ChrisW »

To troubleshoot, I did start peeling back the Apache config to just http. The Tomcat ajp config is there. I left the default as it was installed in server.xml:

<Connector port="8009" address="127.0.0.1" protocol="AJP/1.3" redirectPort="8443" />

It appears ajp is responding. It will load the login page and allow me to log in. The error occurs while it is trying to do the post-login load. I do use certbot with Let's Encrypt since I really only need a DV cert. At this point, I'm starting to look at the server hardening we performon all of our servers to make sure there is not something blocking. I am definitely not a Tomcat expert so I'm learning as I go. Right now my focus is on the reverse proxy communication from Apache to Tomcat.
ChrisW
Fresh Boarder
Fresh Boarder
Posts: 12
Joined: Thu Jan 03, 2013 2:01 am

Re: Error When Communicating With Server

Post by ChrisW »

FOUND IT!

As suspected, it was on the Apache side. When OpenKM launches after login, it makes the system think there is a DoS attack due to the large number of POSTS (55+) sent at one time. I had to change the mod_evasive.conf settings so it was not as aggressive.

On another note, we also use fail2ban for IPS. The apache_postflood filter was completely freaked out by the number of POSTS sent. Had to increase that threshold by a lot.

Everything seems to be working. Now it's time to migrate the old data.
Post Reply