My bad - I was looking in the catalina log, not the localhost log...
Now I see the config being parsed:
01-Mar-2020 21:12:49.147 FINE [localhost-startStop-1]
org.apache.catalina.valves.rewrite.RewriteValve.startInternal Read
configuration from: /WEB-INF/rewrite.config
01-Mar-2020 21:12:49.155 FINE
No matter where I place the rewrite.config, cannot get the
RewriteValve to find it.
I tried:
* /usr/local/tomcat/conf/Catalina/localhost/ROOT.xml and
/usr/local/tomcat/webapps/ROOT/WEB-INF/rewrite.config
* /usr/local/tomcat/conf/context.xml and
/usr/local/tomcat/conf/localhost/rewrite.config
The
I hit a snag with the query string. In some cases it contains the
webapp base URI in a query parameter, such as:
/admin/acl/authorizations/?forClass=https%3A//localhost%3A5443/admin/ns%23Authorization
So I'm trying to rewrite those as well, from
https%3A//localhost%3A5443/ to https%3A//local
Am 2020-02-29 um 15:12 schrieb Mark Thomas:
On 29/02/2020 13:05, Thomas Meyer wrote:
Am 29. Februar 2020 13:10:13 MEZ schrieb Mark Thomas :
On 29/02/2020 11:23, Michael Osipov wrote:
Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12:05
Thanks! I actually needed proxyPort="443" to make the URL
https://localhost, but your suggestion did the trick.
On Sat, Feb 29, 2020 at 11:12 AM Mark Thomas wrote:
>
>
>
> On 28/02/2020 22:26, Martynas Jusevičius wrote:
> > Yes the clients connect only directly to nginx.
> >
> > So the proxy conf
On 29/02/2020 13:05, Thomas Meyer wrote:
> Am 29. Februar 2020 13:10:13 MEZ schrieb Mark Thomas :
>> On 29/02/2020 11:23, Michael Osipov wrote:
>>> Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
> Am 2020-02-29 um 12:05 schrieb Mark Thomas:
>> On
Am 2020-02-29 um 14:05 schrieb Thomas Meyer:
Am 29. Februar 2020 13:10:13 MEZ schrieb Mark Thomas :
On 29/02/2020 11:23, Michael Osipov wrote:
Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10:4
Am 29. Februar 2020 13:10:13 MEZ schrieb Mark Thomas :
>On 29/02/2020 11:23, Michael Osipov wrote:
>> Am 2020-02-29 um 12:13 schrieb Mark Thomas:
>>> On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
> On 29/02/2020 10:40, Michael Osipov wrote:
>>>
>>>
On 29/02/2020 11:23, Michael Osipov wrote:
> Am 2020-02-29 um 12:13 schrieb Mark Thomas:
>> On 29/02/2020 11:07, Michael Osipov wrote:
>>> Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10:40, Michael Osipov wrote:
>>
>>
>>
> Tomcat does not support renegotiation of TLS context
Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10:40, Michael Osipov wrote:
Tomcat does not support renegotiation of TLS contexts based
on URLs like HTTPd.
Yes it does.
If you specify CLIEN
Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10:40, Michael Osipov wrote:
Tomcat does not support renegotiation of TLS contexts based
on URLs like HTTPd.
Yes it does.
If you specify CLIEN
On 29/02/2020 11:07, Michael Osipov wrote:
> Am 2020-02-29 um 12:05 schrieb Mark Thomas:
>> On 29/02/2020 10:40, Michael Osipov wrote:
>>> Tomcat does not support renegotiation of TLS contexts based
>>> on URLs like HTTPd.
>>
>> Yes it does.
>>
>> If you specify CLIENT-CERT auth for a sub-set of
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10:40, Michael Osipov wrote:
Am 2020-02-29 um 10:09 schrieb Thomas Meyer:
Hi,
Instead of configuring the container for client cert Auth change the
webapp:
1) define a realm in local context.xml
2) add resp security constraint only f
On 29/02/2020 10:40, Michael Osipov wrote:
> Am 2020-02-29 um 10:09 schrieb Thomas Meyer:
>> Hi,
>>
>> Instead of configuring the container for client cert Auth change the
>> webapp:
>> 1) define a realm in local context.xml
>> 2) add resp security constraint only for rest api calls
>
> This wi
Am 2020-02-29 um 10:09 schrieb Thomas Meyer:
Am 27. Februar 2020 10:58:01 MEZ schrieb "Martynas Jusevičius"
:
Hi list,
I'm using a Docker image based on tomcat:8.0-jre8. It serves as an
end-user facing webapp but also as a REST API which authenticates
using client certificates. The same URLs s
On 28/02/2020 22:26, Martynas Jusevičius wrote:
> Yes the clients connect only directly to nginx.
>
> So the proxy config within 2 pairs of containers is like this:
>
> # website service; clientAuth=false
> nginx:80 -> tomcat:8080
> nginx:443 -> tomcat:8443
>
> # API service; clientAuth=true
Am 27. Februar 2020 10:58:01 MEZ schrieb "Martynas Jusevičius"
:
>Hi list,
>
>I'm using a Docker image based on tomcat:8.0-jre8. It serves as an
>end-user facing webapp but also as a REST API which authenticates
>using client certificates. The same URLs serve both purposes, however
>only administr
Yes the clients connect only directly to nginx.
So the proxy config within 2 pairs of containers is like this:
# website service; clientAuth=false
nginx:80 -> tomcat:8080
nginx:443 -> tomcat:8443
# API service; clientAuth=true
nginx-api:90 -> tomcat-api:8080
nginx-api:5443 -> tomcat-api:8443
ng
On 28/02/2020 21:00, Martynas Jusevičius wrote:
> Setting up a second container with a different port was easy enough.
>
> However I got stuck on the URL mapping/rewriting. Using nginx as a
> proxy, I don't think it's possible to rewrite headers with the
> upstream module:
> https://nginx.org/en/d
Setting up a second container with a different port was easy enough.
However I got stuck on the URL mapping/rewriting. Using nginx as a
proxy, I don't think it's possible to rewrite headers with the
upstream module:
https://nginx.org/en/docs/http/ngx_http_upstream_module.html
As I understand it j
Tomcat is deep within the Docker image configured with a single
connector and a single ROOT webapp, so it's easier to deploy a second
container than to add a second connector or context :)
Thanks for your help.
On Thu, Feb 27, 2020 at 11:36 AM Mark Thomas wrote:
>
> On 27/02/2020 10:28, Martyna
On 27/02/2020 10:28, Martynas Jusevičius wrote:
> Yes, that could be an option. Or, since we're on Docker, a second
> instance of the webapp on a different port would be easier.
>
> But we would need to add some URL rewriting proxy before that
> connector to strip that port number to make the weba
Yes, that could be an option. Or, since we're on Docker, a second
instance of the webapp on a different port would be easier.
But we would need to add some URL rewriting proxy before that
connector to strip that port number to make the webapp see the
canonical URLs. That should be doable with ngin
On 27/02/2020 09:58, Martynas Jusevičius wrote:
> Hi list,
>
> I'm using a Docker image based on tomcat:8.0-jre8. It serves as an
> end-user facing webapp but also as a REST API which authenticates
> using client certificates. The same URLs serve both purposes, however
> only administrators are us
Hi list,
I'm using a Docker image based on tomcat:8.0-jre8. It serves as an
end-user facing webapp but also as a REST API which authenticates
using client certificates. The same URLs serve both purposes, however
only administrators are using the API.
The Connector is configured using clientAuth="
25 matches
Mail list logo
