Page 1 of 1
Error When Communicating With Server
PostPosted:Wed Dec 23, 2020 5:13 pm
by ChrisW
I have been successfully using the OpenKM Community edition for years. It's time to migrate to a new server instance. I installed the latest CE bundle on the new Linux instance: openkm-6.3.2-community-tomcat-bundle.zip using the instructions included in
https://docs.openkm.com/kcenter/view/ok ... entos.html. It starts up and the database tables build as expected. Java version is 1.8.0_265. However, when logging in, I immediately get a series of "Error when communicating with server" messages. Screen shot attached.
ErrorScreen.JPG (83.91 KiB) Viewed 3277 times
Been watching server resources while it's running and it doesn't come close to consuming much CPU or RAM.
Any ideas of where I should be looking for the issue?
Thanks
Re: Error When Communicating With Server
PostPosted:Wed Dec 23, 2020 5:30 pm
by ChrisW
****UPDATE****
Another twist. If I launch OpenKM using http://YOUR_IP:8080/OpenKM, I can login without any errors. However, if I use my assigned domain
https://dms.mydomain.com, it presents the errors. The Apache config is straightforward and is taken from the documentation. Here is the config:
Code: Select all<VirtualHost *:80>
ServerName dms.mydomain.com
Redirect permanent / https://dms.mydomain.com/
</VirtualHost>
Code: Select all<VirtualHost *:443>
ServerName dms.mydomain.com
RedirectMatch ^/$ /OpenKM
<Location /OpenKM>
ProxyPass ajp://127.0.0.1:8009/OpenKM keepalive=On
ProxyPassReverse http://dms.mydomain.com/OpenKM
</Location>
ErrorLog logs/openkm-error_log
CustomLog logs/openkm-access_log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/dms.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dms.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Is this an AJP problem?
Re: Error When Communicating With Server
PostPosted:Fri Dec 25, 2020 7:29 am
by jllort
First I suggest get running with http -> then play with https ( usually this is the path ). I ignore if AJP is the issue, check if the AJP port is binding, maybe is not enabled in the server.xml ( About SSL if you do not have a SSL certificate from vendor I suggest installing cerbot ( easy, works and quick to get running to convert http to https configuration
https://certbot.eff.org/instructions
Re: Error When Communicating With Server
PostPosted:Fri Dec 25, 2020 3:54 pm
by ChrisW
To troubleshoot, I did start peeling back the Apache config to just http. The Tomcat ajp config is there. I left the default as it was installed in server.xml:
<Connector port="8009" address="127.0.0.1" protocol="AJP/1.3" redirectPort="8443" />
It appears ajp is responding. It will load the login page and allow me to log in. The error occurs while it is trying to do the post-login load. I do use certbot with Let's Encrypt since I really only need a DV cert. At this point, I'm starting to look at the server hardening we performon all of our servers to make sure there is not something blocking. I am definitely not a Tomcat expert so I'm learning as I go. Right now my focus is on the reverse proxy communication from Apache to Tomcat.
Re: Error When Communicating With Server
PostPosted:Fri Dec 25, 2020 8:27 pm
by ChrisW
FOUND IT!
As suspected, it was on the Apache side. When OpenKM launches after login, it makes the system think there is a DoS attack due to the large number of POSTS (55+) sent at one time. I had to change the mod_evasive.conf settings so it was not as aggressive.
On another note, we also use fail2ban for IPS. The apache_postflood filter was completely freaked out by the number of POSTS sent. Had to increase that threshold by a lot.
Everything seems to be working. Now it's time to migrate the old data.
ErrorScreen.JPG (83.91 KiB) Viewed 3277 times