Tomcat 9.0.33 shipped with Confluence 7.4 binds to localhost by default when using AJP connector

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Tomcat 9.0.33 shipped with Confluence 7.4 binds to 127.0.0.1 by default when using the AJP connector. This can cause issues in connecting Apache Webserver to the Tomcat

Environment

Confluence 7.x series
AJP connector on Tomcat
Apache Webserver hosted on another server that forwards the request to Confluence on AJP connector

Diagnosis

The following error is seen in Apache Webserver

Thu May 07 12:41:30.652 2020] [2215:140283867359040] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Thu May 07 12:41:34.646 2020] [2226:140283758212864] [info] jk_open_socket::jk_connect.c (627): connect to 100.83.19.15:8009 failed (errno=111)
[Thu May 07 12:41:34.646 2020] [2226:140283758212864] [info] ajp_connect_to_endpoint::jk_ajp_common.c (995): Failed opening socket to (100.83.19.15:8009) (errno=111)
[Thu May 07 12:41:34.646 2020] [2226:140283758212864] [error] ajp_send_request::jk_ajp_common.c (1630): (srvr_drp_confluence_sldcfrdrp470_dev_S1) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111)

Cause

AJP connector on new Tomcat 9.0.33 shipped with Confluence 7.4 binds to only 127.0.0.1 by default

07-May-2020 12:35:43.061 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-127.0.0.1-8009"]

Solution

Modify AJP connector configuration in server.xml to include the following directive to allow it to bind to all addresses. We can also specify a specific IP address of the interface as well

address="0.0.0.0"

The configuration should look like below

<Connector port="8009" connectionTimeout="20000" redirectPort="8443"
                maxThreads="150" minSpareThreads="25" secretRequired="false" address="0.0.0.0"
                enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                protocol="org.apache.coyote.ajp.AjpNioProtocol" proxyname="proxy.com" proxyPort="443" scheme="https"

Updated on March 21, 2025

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Atlassian Support