• Error When Communicating With Server

  • Problems with installing OpenKM? No problemo, the solution is closer than you think.
Problems with installing OpenKM? No problemo, the solution is closer than you think.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #51956  by ChrisW
 
I have been successfully using the OpenKM Community edition for years. It's time to migrate to a new server instance. I installed the latest CE bundle on the new Linux instance: openkm-6.3.2-community-tomcat-bundle.zip using the instructions included in https://docs.openkm.com/kcenter/view/ok ... entos.html. It starts up and the database tables build as expected. Java version is 1.8.0_265. However, when logging in, I immediately get a series of "Error when communicating with server" messages. Screen shot attached.

ErrorScreen.JPG
ErrorScreen.JPG (83.91 KiB) Viewed 3208 times

Been watching server resources while it's running and it doesn't come close to consuming much CPU or RAM.

Any ideas of where I should be looking for the issue?
Thanks
 #51957  by ChrisW
 
****UPDATE****

Another twist. If I launch OpenKM using http://YOUR_IP:8080/OpenKM, I can login without any errors. However, if I use my assigned domain https://dms.mydomain.com, it presents the errors. The Apache config is straightforward and is taken from the documentation. Here is the config:
Code: Select all
<VirtualHost *:80>
  ServerName dms.mydomain.com
  Redirect permanent / https://dms.mydomain.com/
</VirtualHost>
Code: Select all
<VirtualHost *:443>
    ServerName dms.mydomain.com
    RedirectMatch ^/$ /OpenKM
    <Location /OpenKM>
        ProxyPass ajp://127.0.0.1:8009/OpenKM keepalive=On
        ProxyPassReverse http://dms.mydomain.com/OpenKM
	</Location>

    ErrorLog logs/openkm-error_log
    CustomLog logs/openkm-access_log combined

	SSLEngine on
	SSLCertificateFile /etc/letsencrypt/live/dms.mydomain.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/dms.mydomain.com/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Is this an AJP problem?
 #51965  by jllort
 
First I suggest get running with http -> then play with https ( usually this is the path ). I ignore if AJP is the issue, check if the AJP port is binding, maybe is not enabled in the server.xml ( About SSL if you do not have a SSL certificate from vendor I suggest installing cerbot ( easy, works and quick to get running to convert http to https configuration https://certbot.eff.org/instructions
 #51967  by ChrisW
 
To troubleshoot, I did start peeling back the Apache config to just http. The Tomcat ajp config is there. I left the default as it was installed in server.xml:

<Connector port="8009" address="127.0.0.1" protocol="AJP/1.3" redirectPort="8443" />

It appears ajp is responding. It will load the login page and allow me to log in. The error occurs while it is trying to do the post-login load. I do use certbot with Let's Encrypt since I really only need a DV cert. At this point, I'm starting to look at the server hardening we performon all of our servers to make sure there is not something blocking. I am definitely not a Tomcat expert so I'm learning as I go. Right now my focus is on the reverse proxy communication from Apache to Tomcat.
 #51969  by ChrisW
 
FOUND IT!

As suspected, it was on the Apache side. When OpenKM launches after login, it makes the system think there is a DoS attack due to the large number of POSTS (55+) sent at one time. I had to change the mod_evasive.conf settings so it was not as aggressive.

On another note, we also use fail2ban for IPS. The apache_postflood filter was completely freaked out by the number of POSTS sent. Had to increase that threshold by a lot.

Everything seems to be working. Now it's time to migrate the old data.

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.