-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Peter,
On 7/30/19 05:19, logo wrote: > Hi Chris, > > I am also trying to figure this out and get to the same error. > >> Am 25.07.2019 um 17:53 schrieb Joseph Dornisch >> <kingcanut...@gmail.com>: >> >> Hello, >> >> I have a CRL configured in my tomcat server configuration. If I >> update it and want to have Tomcat refresh it, I can login into >> https://127.0.0.1/manager/html and click the "Re-read" button >> under "Configuration->Re-read TLS configuration files" and this >> causes my CRL to be reread. It works great. >> >> However,I have read here, " >> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encr ypt%20Apache%20Tomcat.pdf" >> >> on page 34 you can do basically the same thing with a command something >> like: >> https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolH andler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22&op=reloadSslHostConfigs >> >> >> When I do this, I get back: >> >> Error - java.lang.NullPointerException >> java.lang.NullPointerException at >> org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(J MXProxyServlet.java:264) >> >> at org.apache.catalina.manager.JMXProxyServlet.invokeOperation(JMXProxyServ let.java:207) >> at >> org.apache.catalina.manager.JMXProxyServlet.doGet(JMXProxyServlet.jav a:116) >> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:231) >> >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:166) >> at >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52 ) >> >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:193) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:166) >> >> at com.arl.servlet.core.filters.AbstractRedirectFilter.doFilter(AbstractRed irectFilter.java:250) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:193) >> >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:166) >> at >> com.arl.servlet.core.filters.UrlRewriteFilter.doFilter(UrlRewriteFilt er.java:356) >> >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:193) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:166) >> >> at com.arl.servlet.core.filters.SetCharacterEncodingFilter.doFilter(SetChar acterEncodingFilter.java:128) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:193) >> >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:166) >> at >> org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCh aracterEncodingFilter.java:109) >> >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:193) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:166) >> >> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:199) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:96) >> >> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator Base.java:610) >> at >> org.apache.catalina.valves.RequestFilterValve.process(RequestFilterVa lve.java:348) >> >> at org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:5 2) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:137) >> >> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :81) >> at >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcce ssLogValve.java:660) >> >> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:87) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav a:343) >> >> at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:79 8) >> at >> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLig ht.java:66) >> >> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractPro tocol.java:808) >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpo int.java:1498) >> >> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.j ava:49) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. java:1149) >> >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja va:624) >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh read.java:61) >> >> at java.lang.Thread.run(Thread.java:748) >> >> Is this command supposed to work in Tomcat 8.5.43? Is there a >> different command. Short of this, the only way to force reload >> without manual intervention seems to be to login to the manager >> from code, and then execute >> https://127.0.0.1/manager/html/sslReload?org.apache.catalina.filters. CSRF_NONCE= >> >> <nonce_value_from_established_session> >> >> I've seen that I might also write some code that Tomcat itself >> would run periodically to refresh the SSL configuration. Could >> anyone provide any ideas here? > > If I query with the jmxproxy-Servlet I get to > Catalina:type=ProtocolHandler,port=8443, but I cannot figure out > the necessary address. How can I find it? Once I add an address > (127.0.0.1, localhost or DNSs...) , I get exactly "OK - Number of > results: 0". That may be the cause of the above > java.lang.NullPointerException. > > If I omit the address it I get a detailed stacktrace, with all > sorts of IO exceptions/Illegal argument exceptions that relate to > the actual code of AbstractJsseEndpoint/AbstractEndpoint and > reloadSslHostConfigs. > > Could you please help us here? If I only want to reload one > specific HostConfig, how do I set the hostname parameter? > > I looked at your letsencrypt script > https://people.apache.org/~schultz/ApacheCon%20NA%202018/lets-encrypt- renew.sh, > > but that requires the address already as a parameter... The best thing to do is connect with a JMX client such as VisualVM or perhaps one that your IDE provides. If you connect, you can see what JMX paths are actually available instead of just guessing at them. Use the screenshots in the Let's Encrypt presentation (and possibly the related screenshots in the "Monitoring Apache Tomcat with JMX" presentation as well) to help you find the correct protocol handler path . - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1AWt4ACgkQHPApP6U8 pFhqvxAAoRDPDxU1poECO+s/q/kcWXaoLKE0WrE4rmlasViRuuMdn7QtLJJZ7s0Q MaKk0LeJ+p/fT9fAuQ0Ysm75MhLy88Xj6SvR60mroPQZM1ONkgQ9EzLyYWiMPgt0 alPu0z5Nqk5CW4fl4El4tLFysdniRr7WfYUdt/inwhuJSGWylVMyzqAEIVpmMsHk hpAoB+TWSPL8DLJMauLP64AF+gIO/RTfyM4dtC8yZJqXiSpntF8Eq5JtR2Q4y5UZ ijzA/rMmpQB0I1yTpExicaveMfIWYZg/2rfGh1hh3dP4dyQ4dYR2ZalmRoEW6rhZ zf+1nhmrByIuEoboozxgkDcLOfpXMCnG0yHtz8rAewcUci4UHabddcpLVlV+0Ilg yOADCYwnU8gmnD6vb1fI0B0O8OMr/VyCbhsWklOUyFBmZD64XYC4rkmGQAVhRR97 qWrV1/Rs09Oq1zY0zpzJnRD5xmumsi/uuJ6T7kEhaK1KdT6wkDImParq2n5dnhm/ 3smAZDpS3Nh246oyldpVuxOJpQxEWfHX+GZyAZfAJ0t/OgNV/Xq61Cz0Mr4z5iML fGKKpPxDB0DEWAm8RT11tyzAqk/Mwlx/KE+pxqIM+OCDY1rpkpMEYAIgFA8S1Hd5 Y7cFNQC207nA6TuUOgnZeHzLVw2iqQIbSPqKTuwiT4j3fCbbCXQ= =K62u -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
