Apache reverse proxy to tomcat application server
Hi List, I'm running mod_jk on a apache 2.2.14 connecting to a second host, running tomcat 5 server with a third party application. This application is configured to display some company internal information when accessing the page directly without any subdirectory: like: http:/// A second application part is located under address http:///application -> please note, this is not a directory, this is a servlet-mapping made by tomcat (and we can't change the tomcat setup as we would loose support for it) My problem is now, that I only what to grant access to http:///application for external customers through the apache mod_jk setup. But of some reason do I have trouble implementing this. The stuff only works if I configure mod_jk to JkMount /* - but with that, also the page ttp:/// is access-able. I've also tried it with Rewrite rules (to make sure everything else than http:///workers.properties # Where to put the log JkLogFile //mod_jk.log # Log level JkLogLevel debug # Select the timestamp log format JkLogStampFormat"[%a %b %d %H:%M:%S %Y] " JkMount /* worker1 mod_jk worker configuration: # Define 1 real worker using ajp13 worker.list=worker1 # Set properties for worker1 (ajp13) worker.worker1.type=ajp13 worker.worker1.host=chnovmn3.lcsys.ch worker.worker1.port=8009 worker.worker1.connection_pool_timeout=60 worker.worker1.socket_keepalive=1 mod_jk log output (if required, I can provide some more log information): [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ws_write::mod_jk.c (507): written 8 out of 8 [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): received from ajp13 pos=0 len=769 max=8192 [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 03 02 FD 6C 69 67 6E 3D 22 72 69 67 68 74 22 20 - ...lign="right". [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 001077 69 64 74 68 3D 22 33 36 30 22 20 63 6F 6C 73 - width="360".cols [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 002070 61 6E 3D 22 31 22 3E 3C 62 3E 50 61 73 73 77 - pan="1">Passw [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 00306F 72 64 3A 20 3C 2F 62 3E 3C 2F 74 64 3E 3C 74 - ord:Login. [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 02803C 62 72 3E 0A 3C 62 72 3E 0A 3C 62 72 3E 0A 3C - ...< [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 029062 72 3E 0A 3C 62 72 3E 0A 3C 62 72 3E 0A 3C 62 - br>.. [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 02f03C 2F 62 6F 64 79 3E 0A 3C 2F 68 74 6D 6C 3E 0A - .. [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 030000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ws_write::mod_jk.c (507): written 765 out of 765 [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): received from ajp13 pos=0 len=2 max=8192 [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_process_callback::jk_ajp_common.c (1940): AJP13 protocol: Reuse is OK [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_reset_endpoint::jk_ajp_common.c (757): (worker1) resetting endpoint with sd = 15 [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] ajp_done::jk_ajp_common.c (3010): recycling connection pool slot=0 for worker worker1 [Thu Aug 19 16:59:19 2010] [27595:1142135104] [debug] jk_handler::mod_jk.c (2602): Service finished with status=200 for worker=worker1 [Thu Aug 19 16:59:19 2010] [27596:1148610880] [debug] map_uri_to_worker_ext::jk_uri_worker_map.c (1036): Attempting to map URI '/src/style.frame.css' from 2 maps [Thu Aug 19 16:59:20 2010] [27595:1152624960] [debug] find_match::jk_uri_worker_map.c (850): Attempting to map context URI '/xangui=worker1' source 'worker definition' [Thu Aug 19 16:59:20 2010] [27595:1152624960] [debug] jk_map_to_storage::mod_jk.c (3609): no match for /src/script.visibility.js found [Thu Aug 19 16:59:20 2010] [27596:1159100736] [debug] map_uri_to_worker_ext::jk_uri_worker_map.c (1036): Attempting to map URI '/src/script.component.js' from 2 maps [Thu Aug 19 16:59:20 2010] [27596:1159100736] [debug] find_match::jk_uri_worker_map.c (850): Attempting to map context URI '/xangui/*=worker1' source 'worker definition' [Thu Aug 19 16:59:20 2010] [27596:11591007
Re: Apache reverse proxy to tomcat application server
On Thu, 19 Aug 2010 20:57:57 +0200, Rainer Jung
wrote:
> On 19.08.2010 20:27, li...@cgi-net.ch wrote:
>> Hi List,
>>
>> I'm running mod_jk on a apache 2.2.14 connecting to a second host,
>> running
>> tomcat 5 server with a third party application.
>> This application is configured to display some company internal
>> information when accessing the page directly without any subdirectory:
>> like: http:///
>> A second application part is located under address
>> http:///application -> please note, this is not a
directory,
>> this is a servlet-mapping made by tomcat (and we can't change the
tomcat
>> setup as we would loose support for it)
>>
>> My problem is now, that I only what to grant access to
>> http:///application for external customers through the
apache
>> mod_jk setup.
>> But of some reason do I have trouble implementing this.
>
> How did you try to achive that?
>
> JkMount /application|/* worker1
I tried it with JkMount /application worker1 and with JkMount
/application* worker1
Quick question, you've written JkMOunt /application|/, what does the |
stand for?
>
> Is the application deployed on Tomcat using the same context name
> "/application"?
Yes
>
> What was the exact result, when you tried that?
Well it displays the login page, but the formatting of the does not work,
and when I hit the submit button, nothing is happening.
Do you think that it is possible that /application does require / to be
access able as well (both application coming from the same vendor and are
related to each other)
>
>> The stuff only works if I configure mod_jk to JkMount /* - but with
that,
>> also the page ttp:/// is access-able.
>> I've also tried it with Rewrite rules (to make sure everything else
than
>> http://> nothing was/is working.
>
> Rewriting will not be necessary as long as the context name on Tomcat is
> "/application".
>
>> Please find below some information about my setup:
>>
>> ###
>> ### setup information
>> ###
>> mod_jk version: 1.2.30
>> mod_jk httpd configuration (that's how it is working but it will allow
>> access to any application, served by the tomcat server):
>> # Some URL Redirecting is required
>> RewriteEngine On
>> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d [OR]
>> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f
>> RewriteCond %{REQUEST_URI} !=/application
>> RewriteRule .* /application
>
> Let's remove the rewriting as long as we are debugging your original
> problem.
OK, I've anyway disabled them already since they were not working
>
>> # Load Module
>> LoadModule jk_module modules/mod_jk.so
>> # Worker File
>> JkWorkersFile //workers.properties
>> # Where to put the log
>> JkLogFile //mod_jk.log
>> # Log level
>> JkLogLevel debug
>> # Select the timestamp log format
>> JkLogStampFormat"[%a %b %d %H:%M:%S %Y] "
>> JkMount /* worker1
>>
>> mod_jk worker configuration:
>> # Define 1 real worker using ajp13
>> worker.list=worker1
>> # Set properties for worker1 (ajp13)
>> worker.worker1.type=ajp13
>> worker.worker1.host=chnovmn3.lcsys.ch
>> worker.worker1.port=8009
>> worker.worker1.connection_pool_timeout=60
>> worker.worker1.socket_keepalive=1
>
> The log snippert you provided was parts of the log produced by
> successful requests, i.e. requests that were forwarded to tomcat and
> replied stuff. Please do provide the log contents for a request that
> does not work, i.e. which does show the problem.
I can send you more log files, but I think the problem is more related
with the application it self.
The error I receive from apache is 404 which means he can not find the
document (which indicates that I've made some configuration mistake)
General question, is it possible to allow access to /* to make the stuff
working but restrict access for customers to /application
(like you can do it with stanza in apache)
Thanks and all the best,
Simon
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache reverse proxy to tomcat application server
On Thu, 19 Aug 2010 21:28:25 +0200, Rainer Jung
wrote:
> On 19.08.2010 21:17, li...@cgi-net.ch wrote:
>> On Thu, 19 Aug 2010 20:57:57 +0200, Rainer
Jung
>> wrote:
>>> On 19.08.2010 20:27, li...@cgi-net.ch wrote:
Hi List,
I'm running mod_jk on a apache 2.2.14 connecting to a second host,
running
tomcat 5 server with a third party application.
This application is configured to display some company internal
information when accessing the page directly without any
subdirectory:
like: http:///
A second application part is located under address
http:///application -> please note, this is not a
>> directory,
this is a servlet-mapping made by tomcat (and we can't change the
>> tomcat
setup as we would loose support for it)
My problem is now, that I only what to grant access to
http:///application for external customers through the
>> apache
mod_jk setup.
But of some reason do I have trouble implementing this.
>>>
>>> How did you try to achive that?
>>>
>>> JkMount /application|/* worker1
>> I tried it with JkMount /application worker1 and with JkMount
>> /application* worker1
>>
>> Quick question, you've written JkMOunt /application|/, what does the |
>> stand for?
>
> JkMount /application|/* worker1
>
> is a short syntax for the two rules
>
> JkMount /application worker1
> JkMount /application/* worker1
Thanks for that hint, might be useful for further work
>
>>> Is the application deployed on Tomcat using the same context name
>>> "/application"?
>> Yes
>
> Good.
>
>>> What was the exact result, when you tried that?
>> Well it displays the login page, but the formatting of the does not
work,
>> and when I hit the submit button, nothing is happening.
>> Do you think that it is possible that /application does require / to be
>> access able as well (both application coming from the same vendor and
are
>> related to each other)
>
> Aaaah!
>
> Yes it is quote possible that the page contains links to other content
> that does not reside under /application. Those could be CSS (style
> sheets) responsible for correct rendering and JS (JavaScript files)
> responsible for actions when pressing buttons. You can look at the
> source code of the login page or use some browser plugin that shows you
> all links referenced in the page. Some browsers might show you the info
> out of the box.
OK, I'll need to check that - please note that this will require some
time.
>
The stuff only works if I configure mod_jk to JkMount /* - but with
>> that,
also the page ttp:/// is access-able.
I've also tried it with Rewrite rules (to make sure everything else
>> than
http://>>> nothing was/is working.
>>>
>>> Rewriting will not be necessary as long as the context name on Tomcat
is
>>
>>> "/application".
>>>
Please find below some information about my setup:
###
### setup information
###
mod_jk version: 1.2.30
mod_jk httpd configuration (that's how it is working but it will
allow
access to any application, served by the tomcat server):
# Some URL Redirecting is required
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f
RewriteCond %{REQUEST_URI} !=/application
RewriteRule .* /application
>>>
>>> Let's remove the rewriting as long as we are debugging your original
>>> problem.
>> OK, I've anyway disabled them already since they were not working
>>
>>>
# Load Module
LoadModule jk_module modules/mod_jk.so
# Worker File
JkWorkersFile //workers.properties
# Where to put the log
JkLogFile //mod_jk.log
# Log level
JkLogLevel debug
# Select the timestamp log format
JkLogStampFormat"[%a %b %d %H:%M:%S %Y] "
JkMount /* worker1
mod_jk worker configuration:
# Define 1 real worker using ajp13
worker.list=worker1
# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=chnovmn3.lcsys.ch
worker.worker1.port=8009
worker.worker1.connection_pool_timeout=60
worker.worker1.socket_keepalive=1
>>>
>>> The log snippert you provided was parts of the log produced by
>>> successful requests, i.e. requests that were forwarded to tomcat and
>>> replied stuff. Please do provide the log contents for a request that
>>> does not work, i.e. which does show the problem.
>> I can send you more log files, but I think the problem is more related
>> with the application it self.
>
> Right.
>
>> The error I receive from apache is 404 which means he can not find the
>> document (which indicates that I've made some configuration mistake)
>
> You can look at the Apache access log to check, what other resources the
> browser tries to access. Maybe they are contained in a few other folders
> or have a few file content suffixes you can add with a couple of
>
Re: Apache reverse proxy to tomcat application server
On Thu, 19 Aug 2010 21:35:40 +0200, wrote:
> On Thu, 19 Aug 2010 21:28:25 +0200, Rainer Jung
> wrote:
>> On 19.08.2010 21:17, li...@cgi-net.ch wrote:
>>> On Thu, 19 Aug 2010 20:57:57 +0200, Rainer
> Jung
>>> wrote:
On 19.08.2010 20:27, li...@cgi-net.ch wrote:
> Hi List,
>
> I'm running mod_jk on a apache 2.2.14 connecting to a second host,
> running
> tomcat 5 server with a third party application.
> This application is configured to display some company internal
> information when accessing the page directly without any
> subdirectory:
> like: http:///
> A second application part is located under address
> http:///application -> please note, this is not a
>>> directory,
> this is a servlet-mapping made by tomcat (and we can't change the
>>> tomcat
> setup as we would loose support for it)
>
> My problem is now, that I only what to grant access to
> http:///application for external customers through the
>>> apache
> mod_jk setup.
> But of some reason do I have trouble implementing this.
How did you try to achive that?
JkMount /application|/* worker1
>>> I tried it with JkMount /application worker1 and with JkMount
>>> /application* worker1
>>>
>>> Quick question, you've written JkMOunt /application|/, what does the |
>>> stand for?
>>
>> JkMount /application|/* worker1
>>
>> is a short syntax for the two rules
>>
>> JkMount /application worker1
>> JkMount /application/* worker1
> Thanks for that hint, might be useful for further work
>
>>
Is the application deployed on Tomcat using the same context name
"/application"?
>>> Yes
>>
>> Good.
>>
What was the exact result, when you tried that?
>>> Well it displays the login page, but the formatting of the does not
> work,
>>> and when I hit the submit button, nothing is happening.
>>> Do you think that it is possible that /application does require / to
be
>>> access able as well (both application coming from the same vendor and
> are
>>> related to each other)
>>
>> Aaaah!
>>
>> Yes it is quote possible that the page contains links to other content
>> that does not reside under /application. Those could be CSS (style
>> sheets) responsible for correct rendering and JS (JavaScript files)
>> responsible for actions when pressing buttons. You can look at the
>> source code of the login page or use some browser plugin that shows you
>> all links referenced in the page. Some browsers might show you the info
>> out of the box.
> OK, I'll need to check that - please note that this will require some
> time.
You were right, there were *.js files, which the application is/was
sharing between / and /application
With JkMount /*.js worker1 everything is working now - except some
pictures, but this is fine (can do the same for them too)
>
>>
> The stuff only works if I configure mod_jk to JkMount /* - but with
>>> that,
> also the page ttp:/// is access-able.
> I've also tried it with Rewrite rules (to make sure everything else
>>> than
> http:// but
> nothing was/is working.
Rewriting will not be necessary as long as the context name on Tomcat
> is
>>>
"/application".
> Please find below some information about my setup:
>
> ###
> ### setup information
> ###
> mod_jk version: 1.2.30
> mod_jk httpd configuration (that's how it is working but it will
> allow
> access to any application, served by the tomcat server):
> # Some URL Redirecting is required
> RewriteEngine On
> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d [OR]
> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f
> RewriteCond %{REQUEST_URI} !=/application
> RewriteRule .* /application
Let's remove the rewriting as long as we are debugging your original
problem.
>>> OK, I've anyway disabled them already since they were not working
>>>
> # Load Module
> LoadModule jk_module modules/mod_jk.so
> # Worker File
> JkWorkersFile //workers.properties
> # Where to put the log
> JkLogFile //mod_jk.log
> # Log level
> JkLogLevel debug
> # Select the timestamp log format
> JkLogStampFormat"[%a %b %d %H:%M:%S %Y] "
> JkMount /* worker1
>
> mod_jk worker configuration:
> # Define 1 real worker using ajp13
> worker.list=worker1
> # Set properties for worker1 (ajp13)
> worker.worker1.type=ajp13
> worker.worker1.host=chnovmn3.lcsys.ch
> worker.worker1.port=8009
> worker.worker1.connection_pool_timeout=60
> worker.worker1.socket_keepalive=1
The log snippert you provided was parts of the log produced by
successful requests, i.e. requests that were forwarded to tomcat and
replied stuff. Please do provide the log contents for a request that
does not work, i.e. which does show the problem.
>>> I can send you more log files, but I think the problem is mor
Re: Apache reverse proxy to tomcat application server
On Thu, 19 Aug 2010 21:33:24 +0200, André Warnier wrote: > li...@cgi-net.ch wrote: >> Hi List, >> >> I'm running mod_jk on a apache 2.2.14 connecting to a second host, >> running >> tomcat 5 server with a third party application. >> This application is configured to display some company internal >> information when accessing the page directly without any subdirectory: >> like: http:/// >> A second application part is located under address >> http:///application -> please note, this is not a directory, >> this is a servlet-mapping made by tomcat (and we can't change the tomcat >> setup as we would loose support for it) >> >> My problem is now, that I only what to grant access to >> http:///application for external customers through the apache >> mod_jk setup. >> But of some reason do I have trouble implementing this. >> >> The stuff only works if I configure mod_jk to JkMount /* - but with that, >> also the page ttp:/// is access-able. >> I've also tried it with Rewrite rules (to make sure everything else than >> http://> nothing was/is working. >> > Apart from the help Rainer is giving you, I have a suggestion about your > setup. > But first a question : you seem to be proxying just about everything from > Apache httpd to > Tomcat. Do you need Apache httpd then ? why not just have Tomcat listen > on port 80 and > handle everything itself ? Sharing / was only done to check if it works with that way. I need the reverse proxy because the tomcat application server is located in the intranet, and customer from outside should not access this server directly. That's why we use a reverse proxy - which of course is located in a secure DMZ. > If you have some reason anyway to have Apachje httpd in front, then here > is the suggestion : > > - remove all JkMount directives. > - instead, configure Apache httpd as follows : > > > # here is the stuff that you want only internal users to see. > # Let's say that all these users have IP addresses in the 192.168.* range > Order Allow,Deny > Allow from 192.168.0.0/16 > Deny from all > # the following is the same as a "JkMount *" for everything in this > location > SetHandler jakarta-servlet > ... any other Apache directives .. > > > > # This is the stuff that everyone can see, so we override the above for > this location > Order Allow,Deny > Allow from all > # the following is the same as a "JkMount *" for everything in this > location > SetHandler jakarta-servlet > .. any other Apache directives .. > > > That's it. > > Instead of the allow/deny stuff above, you can use any Apache-level > authentication/authorization/access control you want, inside of each > Location. > AAA will happen *before* the call is forwarded to Tomcat. > You can also exclude some URLs inside each location, from being forwarded > by mod_jk to > Tomcat, by using something like >SetEnvIf REQUEST_URI "\.(css|gif|jpg|js)$" no-jk > for example, to have all your images, stylesheets, javascript,.. served > directly by Apache > (if you want, and if it makes sense in your context). Thanks for that idea, I was already thinking about something like that. Since I have resolved the first Issue now, I should be able to move forward and try this. Thanks and all the best, Simon - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Happy New year 2010
An great an Happy new year 2010 to all the members of this community and user of tomcat ... Success and achievement - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
resource not available : Apache Tomcat/6.0.20 with java jdk1.6.0_16 on linux 2.6.30.1
Hello, I am sending you this long email because i'm stuck on a "resource not available" for 2 weeks no, i googled a lot on for this error, read plenty of mailing list , but still unresolved my case :-( ... Below is the a long and detailled snapshot of what happens, thanks in advance for giving me some clues on this weird case : 1/ I have set up : Using JRE_HOME: /opt/jdk1.6.0_16 Using CATALINA_HOME:/usr/sfw/tomcat Using CATALINA_BASE: /srv/apache2/wsites/myportal/catalina Using CATALINA_TMPDIR: /srv/apache2/wsites/myportal/catalina/temp 2/ When i am running the script $CATALINA_HOME/bin/startup.sh for Starting TOMCAT with an CATALINA_HOME and CATALINA_BASE filled is working like a charm see below for some log : = Java command executed : /usr/sfw/tomcat# /opt/jdk1.6.0_16/bin/java -verbose -Djava.util.logging.config.file=/srv/apache2/wsites/myportal/catalina/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/sfw/tomcat/endorsed -classpath :/usr/sfw/tomcat/bin/bootstrap.jar -Djava.security.manager -Djava.security.policy==/srv/apache2/wsites/myportal/catalina/conf/catalina.policy -Dcatalina.base=/srv/apache2/wsites/myportal/catalina -Dcatalina.home=/usr/sfw/tomcat -Djava.io.tmpdir=/srv/apache2/wsites/myportal/catalina/temp org.apache.catalina.startup.Bootstrap start > logs/java.result 2>&1 As i use the verbose option, below is a part of this verbose log [ Those number in the left are the log line number ] : --- 1224 Oct 4, 2009 2:11:52 AM org.apache.catalina.core.StandardEngine start 1225 INFO: Starting Servlet Engine: Apache Tomcat/6.0.20 1248 [Loaded org.apache.catalina.startup.ContextConfig from file:/usr/sfw/tomcat/lib/catalina.jar] 1249 [Loaded org.apache.catalina.startup.WebRuleSet from file:/usr/sfw/tomcat/lib/catalina.jar] 1250 [Loaded org.apache.catalina.startup.SetPublicIdRule from file:/usr/sfw/tomcat/lib/catalina.jar] 1262 [Loaded org.apache.catalina.startup.SetSessionConfig from file:/usr/sfw/tomcat/lib/catalina.jar] 1263 [Loaded org.apache.catalina.util.RequestUtil from file:/usr/sfw/tomcat/lib/catalina.jar] 1264 [Loaded org.apache.catalina.startup.TldConfig from file:/usr/sfw/tomcat/lib/catalina.jar] 1429 [Loaded org.apache.catalina.loader.ResourceEntry from file:/usr/sfw/tomcat/lib/catalina.jar] 1430 [Loaded mypackage.Hello from file:/srv/apache2/wsites/myportal/catalina/webapps/sample/WEB-INF/classes/mypackage/Hello.class] 1438 Oct 4, 2009 2:11:53 AM org.apache.coyote.http11.Http11Protocol start 1439 INFO: Starting Coyote HTTP/1.1 on http-8070 1470 Oct 4, 2009 2:11:53 AM org.apache.jk.common.ChannelSocket init 1471 INFO: JK: ajp13 listening on /0.0.0.0:8011 1484 Oct 4, 2009 2:11:53 AM org.apache.jk.server.JkMain start 1485 INFO: Jk running ID=0 time=0/110 config=null Below is the log with the command without the "-verbose" option : Oct 4, 2009 7:12:45 PM org.apache.catalina.core.AprLifecycleListener init Oct 4, 2009 7:12:45 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8070 Oct 4, 2009 7:12:45 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 2145 ms Oct 4, 2009 7:12:45 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Oct 4, 2009 7:12:46 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.20 Oct 4, 2009 7:12:47 PM org.apache.juli.ClassLoaderLogManager readConfiguration Oct 4, 2009 7:12:47 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8070 Oct 4, 2009 7:12:48 PM org.apache.jk.common.ChannelSocket init Oct 4, 2009 7:12:48 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 2262 ms I am accessing the tomcat default page using my firefox 3 browser @ http://localhost:8070/1stWebapp is displaying well the tomcat webpage with the lion and all ... As I'm using className="org.apache.catalina.valves.RequestDumperValve" /> in the $CATALINA_BASE/conf/server.xml , i am able to see the internal process between my firefox client and the tomcat' coyotte see below : INFO: REQUEST URI =/1stWebapp/ Oct 4, 2009 7:18:08 PM org.apache.catalina.valves.RequestDumperValve invoke INFO: authType=null
Re: resource not available : Apache Tomcat/6.0.20 with java jdk1.6.0_16 on linux 2.6.30.1
Thank Konstantin and Peter for your fast reply, Unfortunately i put 2 "=" like in the java command but still the same error as tomcat not finding the web.xml of my webapp !!! Regarding the answer of Peter i am doing an strace on it, answer is up to come ... Peter Crowther wrote: Try Konstantin's fix first, as the security policy could certainly cause the problems you're seeing. I suspect that's the issue (it came in while I was writing this). If you can eliminate that and the problem's still there, time for a little more debugging. Depending on your flavour of UNIX, there will almost certainly be something that you can use to monitor the system calls that the Java process makes as it's failing to load web.xml. It's strace(1) on most Linuxes, for example. It would be very interesting to see what the process is doing as it looks for that web.xml. In particular: does it look and find it? Does it look and get permission denied? Or, the really interesting case, does it never look - in which case there's probably a Java security policy setting preventing access. - Peter Konstantin Kolinko wrote: I have not dug through all the log output that you are citing, but at least the following things are difference between your startup.sh and jsvc command lines: 1) The value of -Djava.io.tmpdir 2) The value of -Djava.security.policy The -Djava.security.policy value of jsvc is certainly wrong. There must be a double equal sign there: -Djava.security.policy==/srv/apache2/wsites/myportal/catalina/conf/catalina.policy That is, the value starts with a '='. See java security docs for the meaning. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: resource not available : Apache Tomcat/6.0.20 with java jdk1.6.0_16 on linux 2.6.30.1
Hi back Konstantin,
When i put a web.xml in ${catalina.base}/conf it's working, that's
great, thanks Konstantin for this remarks ;-)
But what i really wanted, is not using an web.xml in
${catalina.base}/conf but use the web.xml of each application, and use
the master web.xml in ${catalina.home} in the case of a web.xml missing
in an application
Perhaps i am misunderstanding the concept of CATALINA_HOME and
CATALINA_BASE !!!
If it's working with the java command without the web.xml in
${catalina.base}/confwhy it's not working with the "jsvc" command,
that's my bigger interrogation for now ...
Nevertheless thanks you very much for giving me this light on this case ...
I am analysing the strace logs for trying to have an answer
Cheers
Gerald
Konstantin Kolinko wrote:
1316 INFO: No default web.xml
That message is about ${catalina.base}/conf/web.xml
You have -user jsrvd on your jsvс command line. Are those files
readable by that user?
Best regards,
Konstantin Kolinko
2009/10/4 Linux sysadmin :
Thank Konstantin and Peter for your fast reply,
Unfortunately i put 2 "=" like in the java command but still the same
error as tomcat not finding the web.xml of my webapp !!!
Regarding the answer of Peter i am doing an strace on it, answer is up to
come ...
Peter Crowther wrote:
Try Konstantin's fix first, as the security policy could certainly
cause the problems you're seeing. I suspect that's the issue (it came
in while I was writing this).
If you can eliminate that and the problem's still there, time for a
little more debugging. Depending on your flavour of UNIX, there will
almost certainly be something that you can use to monitor the system
calls that the Java process makes as it's failing to load web.xml.
It's strace(1) on most Linuxes, for example. It would be very
interesting to see what the process is doing as it looks for that
web.xml. In particular: does it look and find it? Does it look and
get permission denied? Or, the really interesting case, does it never
look - in which case there's probably a Java security policy setting
preventing access.
- Peter
Konstantin Kolinko wrote:
I have not dug through all the log output that you are citing, but at
least the following things are difference between your startup.sh and
jsvc command lines:
1) The value of -Djava.io.tmpdir
2) The value of -Djava.security.policy
The -Djava.security.policy value of jsvc is certainly wrong. There
must be a double equal sign there:
-Djava.security.policy==/srv/apache2/wsites/myportal/catalina/conf/catalina.policy
That is, the value starts with a '='. See java security docs for the
meaning.
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: resource not available : Apache Tomcat/6.0.20 with java jdk1.6.0_16 on linux 2.6.30.1
Hi back konstantin,
The truth is that i make a link from the ${catalina.home}/conf in the
${catalina.base}/conf regarding the web.conf, thus it's the default from
tomcat original distribution ...
In my ${catalina.base} there is only those dirs : "conf" and
"webapps". there is link for logs, work and temp pointed to other
directories ...
Thanks for the idea of using an dir "lib" for shared libraries as see
in the catalina.properties using "shared.loader=".
When running tomcat with "jsrvd" i am deleting of the files in the
"logs" and "work" directories that being sure that i would not have
rights access permission denied or something like this ...
I am looking forward your next email ;-)
Gerald
Konstantin Kolinko wrote:
5 октября 2009 г. 1:41 пользователь Linux sysadmin
написал:
It should be not the web.xml of your application, but the default one.
See conf/web.xml in the official distribution of Tomcat from tomcat.apache.org.
The distinct feature is that it has a long list of mime-types. It is
also the one that defines the JSP and default servlets. Of course, all
of them can be in webapp's web.xml.
See RUNNING.txt in the official distribution.
When using CATALINA_BASE, the following folders are moved there:
/conf
/logs
/webapps
/work
/temp
You can remove those folders from CATALINA_HOME.
The following folder can be created for the sake of placing
"setenv.sh" (setenv.bat) file there:
/bin
The rest of /bin files remain in CATALINA_HOME. That is, there are the
following folders:
/bin
/lib
Also I usually have some shared libraries in CATALINA_BASE. That is, I
have a /lib folder there, but for that you need to edit your
conf/catalina.properties file, or wait for Tomcat 6.0.21. Such feature
is proposed to be included in that release.
Access rights? Or may be you did not shutdown your previous Tomcat instance?
Also, if there were confusions with what user was used to start the
Tomcat, please check what user is the owner of your log files (maybe:
delete them all) and remove the files that are in the /work folder
before starting Tomcat.
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: resource not available : Apache Tomcat/6.0.20 with java jdk1.6.0_16 on linux 2.6.30.1
thanks Peter for this recommendation ...
have a nice day
Peter Crowther wrote:
2009/10/5 Linux sysadmin :
The truth is that i make a link from the ${catalina.home}/conf in the
${catalina.base}/conf regarding the web.conf, thus it's the default from
tomcat original distribution ...
This should work for conf, but be very careful about symbolic links
and Tomcat in general. Symlinks in webapps will not work by default -
look up "allowLinking" to allow them, and be Very Careful if you do as
I seem to recall that undeploying a webapp with a symlink in it can
delete all the files in the area that you've linked to.
Many UNIX admins are used to being able to use symlinks and they Just
Work. This is not always true for Java in general, and Tomcat in
particular.
- Peter
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Encrypted jdbc
Greetings all, = Server number: 8.0.28.0 OS Name:Linux OS Version: 2.6.32-573.8.1.el6.x86_64 JVM Version:1.8.0_66-b17 = Back end database is mariadb residing on a another remote linux instance. I have downloaded and copied the Mariadb jdbc driver to the lib directory of the TC server. Can you let me know how to encrypt the database connectivity from the TC instance to the DB instance. thanks OSP
Re: Encrypted jdbc
I'm sure someone here also would have done a similar thing. But will ask mariadb form as well. On Fri, Apr 8, 2016 at 12:09 AM, Tommy Pham wrote: > Perhaps trying asking the MariaDB forum/list? > > On Thu, Apr 7, 2016 at 7:08 AM, Linux Support > wrote: > > > Greetings all, > > > > = > > Server number: 8.0.28.0 > > OS Name:Linux > > OS Version: 2.6.32-573.8.1.el6.x86_64 > > JVM Version:1.8.0_66-b17 > > = > > > > Back end database is mariadb residing on a another remote linux > instance. I > > have downloaded and copied the Mariadb jdbc driver to the lib directory > of > > the TC server. > > > > Can you let me know how to encrypt the database connectivity from the TC > > instance to the DB instance. > > > > thanks > > OSP > > >
Re: Adding Tomcat instances dynamically to Apache Load Balancer without restart
Doesn't AWS ELB fir to the purpose. May be something similar in your environment that translates hopefully On Fri, Apr 8, 2016 at 12:34 AM, Christoph Nenning < christoph.nenn...@lex-com.net> wrote: > > Hi All, > > > > Good Morning. > > > > I am working in a Cloud based project where I encounter Scale-in/ Scale > out > > of Tomcat instances. > > We have Apache load balancer as well. The requirement is to dynamically > add > > any new Tomcat instances during scale out to Load balancer and remove > > tomcat instances during scale-in, without restart of balancer. > > > > I did initial analysis on this. I understand that with mod_jk or > mod_proxy, > > we need to restart the balancer in the above cases. > > > > I came across a module mod_cluster which supports to dynamically add or > > remove tomcat instances from load balancer, without restart. Here the > > tomcat automatically registers with load balancer through separate > channel. > > But I have process running which gets the status of tomcat whether it is > > successfully started or not. Is there a way to register the tomcat > through > > my process with the balancer instead of tomcat itself registering with > > balancer? > > > > Could someone please suggest me any other modules if any, other than > > mod-cluster. > > Also is it possible to handle dynamic registration of tomcat with LB in > > tomcat itself with minimal changes ? > > If anyone used mod_cluster or some other modules, can you please share > some > > links for doing the setup. > > > > Thanks in Advance. > > > > Best Regards, > > Mohan > > > We do it like this: > - mod_proxy > - several small config files which can be easily overwritten (and > generated by scripts) > - apache graceful instead of restart > > So when a tomcat instance is created or stopped we re-generate the > according httpd config file and do graceful reload. > > > Regards, > Christoph > > This Email was scanned by Sophos Anti Virus >
Tomcat 8.5.4
Hi all, The version details : Using CATALINA_BASE: /apps/TOMCAT/tomcat Using CATALINA_HOME: /apps/TOMCAT/tomcat Using CATALINA_TMPDIR: /apps/TOMCAT/tomcat/temp Using JRE_HOME:/usr Using CLASSPATH: /apps/TOMCAT/tomcat/bin/bootstrap.jar:/apps/TOMCAT/tomcat/bin/tomcat-juli.jar Server version: Apache Tomcat/8.5.4 Server built: Jul 6 2016 08:43:30 UTC Server number: 8.5.4.0 OS Name:SunOS OS Version: 5.11 Architecture: sparcv9 JVM Version:1.8.0_92-b14 JVM Vendor: Oracle Corporation Keytool list : keytool -list Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 3 entries root, Sep 16, 2016, trustedCertEntry, Certificate fingerprint (SHA1): xx:xx:xx:xx:xx:xx:xx:xx:xx:xx: intermediate, Sep 16, 2016, trustedCertEntry, Certificate fingerprint (SHA1): xx:xx:xx:xx:xx:xx:xx:xx:xx:xx: server, Sep 16, 2016, PrivateKeyEntry, Certificate fingerprint (SHA1): xx:xx:xx:xx:xx:xx:xx:xx:xx:xx: The server.xml connector scheme="https" keyAlias="server" certificateKeystoreFile="/apps/JAVA/tomcat.jks" I'm running a configtest.sh and i get the following : SEVERE: Failed to initialize end point associated with ProtocolHandler ["https-jsse-nio-8443"] java.lang.IllegalArgumentException: java.io.IOException: Alias name tomcat does not identify a key entry . . SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] . . Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1012) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) ... 12 more Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name tomcat does not identify a key entry at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010) ... 13 more Caused by: java.io.IOException: Alias name tomcat does not identify a key entry at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:213) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101) ... 20 more I cannot make out where it picks up the alias tomcat The keyalias specified in the server.xml doesn't look like having an impact The entry certificateKeystoreFile="/apps/JAVA/tomcat.jks" didn't have an impact and i had to create a $USER/.keystore file Cheers OSP
Re: Tomcat 8.5.4
Thanks Mark, The issues was not there when i used 8.5.5.. Thank you for pointing me in that direction On Fri, Sep 16, 2016 at 5:20 PM, Mark Thomas wrote: > On 16/09/2016 07:44, Linux Support wrote: > > > > > I cannot make out where it picks up the alias tomcat > > https://bz.apache.org/bugzilla/show_bug.cgi?id=59910 > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Tomcat 8.5.5 variables
Hi All, The environment : Using CATALINA_BASE: /apps/TOMCAT/tomcat Using CATALINA_HOME: /apps/TOMCAT/tomcat Using CATALINA_TMPDIR: /apps/TOMCAT/tomcat/temp Using JRE_HOME:/usr Using CLASSPATH: /apps/TOMCAT/tomcat/bin/bootstrap.jar:/apps/TOMCAT/tomcat/bin/tomcat-juli.jar Server version: Apache Tomcat/8.5.5 Server built: Aug 31 2016 19:51:16 UTC Server number: 8.5.5.0 OS Name:SunOS OS Version: 5.11 Architecture: sparcv9 JVM Version:1.8.0_92-b14 JVM Vendor: Oracle Corporation I need to setup CATALINA_OPTS and JAVA_OPTS for the application to be deployed. Where do i set them up ? Am i to create a environment.sh file in CATALINA_HOME/bin ? Further, will the catalina.sh start invoke those variables defined ? Cheers OSP
Single sign on
Hi, Using 8.5.5 on solaris. Can you please point me in the direction of some documentation/link/blog for how to set up the SSO for a application deployed. Further, please share your experience and the process. Kind regards OSP
Newbie tomcat 8.0.28 question
greetings all, Running CentOS 6.4. Configured the /opt/tomcat-latest to be owned by a system user(tomcat8) other than root. Planning of keeping the tomcat instance running as a non-root owned process. How can i get another non-privileged linux user deploy apps to the environment ? I can allow manager access by configuring a strong passwd and allowing only local access. TA OSP
Re: Newbie tomcat 8.0.28 question
Thanks Mark. I might be struggle in setting up the hashed passwords. I have not been able to find a good read detailing how to do that. Will you be able to kindly point me in the direction of something worth the time and effort. cheers osp On Tue, Nov 3, 2015 at 7:41 PM, Mark Thomas wrote: > On 03/11/2015 04:47, Linux Support wrote: > > greetings all, > > > > Running CentOS 6.4. Configured the /opt/tomcat-latest to be owned by a > > system user(tomcat8) other than root. > > > > Planning of keeping the tomcat instance running as a non-root owned > > process. > > > > How can i get another non-privileged linux user deploy apps to the > > environment ? > > > > I can allow manager access by configuring a strong passwd and allowing > only > > local access. > > That would work. > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Newbie tomcat 8.0.28 question
not having a clear text password in the users.xml ( i think ) for the admin user. My understanding is that the admin user logging in through the default page can do a deployment. On Tue, Nov 3, 2015 at 9:50 PM, Mark Thomas wrote: > On 03/11/2015 10:45, Linux Support wrote: > > Thanks Mark. I might be struggle in setting up the hashed passwords. I > have > > not been able to find a good read detailing how to do that. Will you be > > able to kindly point me in the direction of something worth the time and > > effort. > > What, exactly, do you mean by "hashed passwords"? > > Mark > > > > > > cheers > > osp > > > > On Tue, Nov 3, 2015 at 7:41 PM, Mark Thomas wrote: > > > >> On 03/11/2015 04:47, Linux Support wrote: > >>> greetings all, > >>> > >>> Running CentOS 6.4. Configured the /opt/tomcat-latest to be owned by a > >>> system user(tomcat8) other than root. > >>> > >>> Planning of keeping the tomcat instance running as a non-root owned > >>> process. > >>> > >>> How can i get another non-privileged linux user deploy apps to the > >>> environment ? > >>> > >>> I can allow manager access by configuring a strong passwd and allowing > >> only > >>> local access. > >> > >> That would work. > >> > >> Mark > >> > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Newbie tomcat 8.0.28 question
Thanks all. I will incorporate the digested passwd On Wed, Nov 4, 2015 at 2:10 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > To whom it may concern, > > On 11/3/15 6:39 AM, Linux Support wrote: > > not having a clear text password in the users.xml ( i think ) for the > admin > > user. My understanding is that the admin user logging in through the > > default page can do a deployment. > > Do you mean like this? > > http://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html#Digested_Passwords > > (That documentation is a little off... you can use password-munging > algorithms that are not provided by the MessageDigest class). > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
port 80
Hi again, configured the TC service to run as a non privileged user. In my understanding we cannot use a privileged port to bind TC to. Is there a way i can use port 80 for TC in the case of using a non root user ? cheers osp
Need help with url rewrite
Hi I need help with url rewrite. Please let me know the process to contact some one.. Thanks Sri
8.5.24 not able to get to the screen for login info
Hi all We have upgraded our application from 8.0.38 to 8.5.24 Few servers work as expected Few servers give 403 access denined error when i click on webapss or server status Everything works fine with application launching and stuff I have followed troubleshooting steps as provided in stack trace to add the ipadress in contex.xml , none of these tasks fix the issue. Please suggest what actions should be taken before reinstalling.. Any help is appreciated. Thanks Sri
Re: 8.5.24 not able to get to the screen for login info
Yes I hve double checked and compared with the server which is wolring as expected. Thanks Sree On Monday, May 21, 2018, Igal @ Lucee.org wrote: > On 5/21/2018 3:46 PM, Sri Linux wrote: > >> Few servers give 403 access denined error when i click on webapss or >> server >> status >> > > Do you require authentication for those applications? > > If so, make sure that you've set that up properly in the new installation, > e.g. in conf/tomcat-users.xml or whatever data store that you use to > manages users. > > HTH, > > > Igal > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
