Re: is it logical that WsBaseFrame/WsServerFrame calls WsSession.onclose that results in a call to the client again?

2019-08-26 Thread Mark Thomas 
On 26/08/2019 15:17, Johan Compagner wrote:
> Hi,



> That is a stack that we encounter which i find quite strange
> it seems to me that WsFrameBase.processDataControl
> 
> does a wsSession.onClose(new CloseReason(Util.getCloseCode(code), reason));
> 
> when it gets an op_code close
> 
> that sounds reasonably but the problem is WsSession will call when it was
> in a open state an sendCloseMessage:
> 
> if (state == State.OPEN) { state = State.OUTPUT_CLOSED;
> sendCloseMessage(closeReason);
> 
> 
> problem is it is closed so this will result in a exception (broken pipe
> stuff) when that is called
> 
> As far as i can understand it should not try to send a close message at
> that point, because the close did already happen from the client side..
> I guess if onclose was called programatically from the server side then it
> is logical.

RFC 6455, section 5.5.1

Close is a two-stage process and closing the TCP connection is the
server's responsibility.

Looks like you have a non-spec compliant client.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5 - Native Library - Crash

2019-08-26 Thread Mark Thomas 
On 26/08/2019 16:14, Eduardo Quintanilla wrote:
> Any tips for building Tomcat Native on Windows 10?

https://cwiki.apache.org/confluence/display/TOMCAT/Building+the+Tomcat+Native+Connector+binaries+for+Windows

You can build it with later versions of Visual Studio but that will end
up creating additional dependencies on various Windows DLLs.

Mark


> 
> Best regards,
> Eduardo Quintanilla
> Software Developer
> Block Networks
> 
> From: Christopher Schultz 
> Sent: jueves, 22 de agosto de 2019 11:57 a. m.
> To: users@tomcat.apache.org
> Subject: Re: Tomcat 8.5 - Native Library - Crash
> 
> 
> Eduardo,
> 
> On 8/22/19 10:18, Eduardo Quintanilla wrote:
>> Chris,
>>
>> The crash dump and logs[1] from my dev environment.
>>
>> [1]https://1drv.ms/u/s!AjSSUmqOgKmfi1g7z4wUvfYPksCk?e=CLH6VF
> 
> Okay, as I suspected, it's a SIGSEGV, or what Java programmers would
> call a NullPointerException.
> 
> The C code is computing a pointer with a 44 byte offset to a NULL
> pointer and trying to dereference it, which causes the problem.
> 
> I'm not sure which field has a 44-byte offset into the structure it's
> supposed to be contained in. That highly depends upon the
> architecture, compiler, etc. and those are the things I don't have
> access to.
> 
> If someone in the community is able to build tcnative for Windows in
> the same way[1] that the Tomcat team builds it, can you identify the
> following:
> 
> 1. What line of code corresponds to tcnative-1.dll+0x14d32
> 2. Which structure is being used
> 3. Which field is 44 bytes into that structure
> 
> Knowing all those things should make this a very easy fix.
> 
> Of course, the "fix" will involve throwing an exception back over into
> the Java space, to the application will still throw an error. But at
> least it won't bring-down the whole JVM.
> 
>>> Do you always get the "stream is not writable" error before the
>>> JVM performs the crash-dump?
>>
>> Yes but only in the Tomcat of the production environment.
> 
> That's ... interesting. If Tomcat knows it can't write to the
> stream... why is it still writing to the stream?
> 
> Note that the crash dump you posted is for an error in
> jni.Address.get() and not the one for Socket.sendb(). If you can
> generate a crash dump in Socket.sendb() that would be helpful, too.
> 
> Also, please see:
> 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=62626
> https://bz.apache.org/bugzilla/show_bug.cgi?id=63405
> 
> -chris
> 
>>
>> Best regards, Eduardo Quintanilla Software Developer
>>
>> From: Christopher Schultz 
>> mailto:ch...@christopherschultz.net>> Sent:
>> jueves, 22 de agosto de 2019 8:25 a. m. To:
>> users@tomcat.apache.org Subject: Re: Tomcat 
>> 8.5 - Native Library -
>> Crash
>>
>>
>> Eduardo,
>>
>> On 8/21/19 17:36, Eduardo Quintanilla wrote:
>>> We have been getting some crashes in Tomcat 8.5.43 lately.
>>>
>>> The environment is: * JDK 1.8.0_202 * Windows Server 2012 R2
>>>
>>> The logs shows a tcnative exception.
>>>
>>> Crash Log: Current thread JavaThread
>>> "https-openssl-apr-8081-exec-298" daemon _thread_in_native Java
>>> frames: (J=compiled Java code, j=interpreted, Vv=VM code) J
>>> 15034
>>> org.apache.tomcat.jni.Socket.sendb(JLjava/nio/ByteBuffer;II)I (0
>>> bytes) @ 0x02962ddf [0x02962d80+0x5f] J 29164 C2
>>> org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper.doWrite(ZLjav
> a
>>
>>>
> /nio/ByteBuffer;)V
>>> (242 bytes) @ 0x06d6933c [0x06d68b20+0x81c] J
>>> 27479 C2 org.apache.tomcat.util.net.SocketWrapperBase.flush(Z)Z
>>> (20 bytes) @ 0x053f6144 [0x053f60a0+0xa4] J 24666
>>> C2
>>> org.apache.coyote.http2.Http2OutputBuffer.doWrite(Ljava/nio/ByteBuffe
> r
>>
>>>
> ;)I
>>> (28 bytes) @ 0x06b51b74 [0x06b51660+0x514] J
>>> 24689 C2
>>> org.apache.catalina.connector.OutputBuffer.writeBytes([BII)V (38
>>> bytes) @ 0x031c09f8 [0x031c04c0+0x538] J 27348
>>> C2 org.apache.catalina.connector.CoyoteOutputStream.write([BII)V
>>> (26 bytes) @ 0x071d51a8 [0x071d5120+0x88]
>>
>> What's the actual error? Can you post the entire crash dump?
>>
>>> Tomcat logs: org.apache.catalina.connector.ClientAbortException:
>>> org.apache.coyote.CloseNowException: Connection [214], Stream
>>> [279], This stream is not writable
>>
>> Do you always get the "stream is not writable" error before the
>> JVM performs the crash-dump?
>>
>> I believe there is at least one lingering SEGV hiding in
>> Socket.sendb(), possibly only on Windows. I don't have a Windows
>> development environment to be able to disassemble the crash dump
>> and locate the line of code being executed when the SEGV occurs, so
>> I have added NULL-checks to everything I can find in there but it
>> looks like it's not enough. Something is missing, somewhere.
>>
>> -chris
>>
>>
>>
>> The information transmitted is intended only for the person or
>> entity to which it is addressed and may contain

Re: Is it possible to disable JMX?

2019-08-26 Thread Mark Thomas 
On 27/08/2019 03:59, Alex O'Ree wrote:
> you may have to edit catalina.bat and add --no-jmx to the command line

That won't work. Quoting from the changelog:

 Add --no-jmx flag to allow disabling JMX in startup.Tomcat.main.


Disabling JMX is only possible when using Tomcat as am embedded component.

> 
> On Mon, Aug 26, 2019 at 2:05 PM Pascal Schumacher 
> wrote:
> 
>> |Hi,
>>
>> according to https://tomcat.apache.org/tomcat-9.0-doc/changelog.html it
>> should be possible to disable JMX when using Tomcat 9.0.20+.
>>
>> I tried different way to pass --no-jmx to Tomcat 9.0.24 ("catalina.bat
>> start --no-jmx", "startup.bat --no-jmx", editing catalina.bat), but the
>> "Catalina" folder is present in JMX and memory consumption remains the
>> same.
>>
>> I guess I am misunderstanding something and there is not way to disable
>> JMX when using org.apache.catalina.startup.Bootstrap?

Correct. See above.

Why do you want to disable JMX?

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Is it possible to disable JMX?

2019-08-26 Thread Alex O'Ree 
you may have to edit catalina.bat and add --no-jmx to the command line

On Mon, Aug 26, 2019 at 2:05 PM Pascal Schumacher 
wrote:

> |Hi,
>
> according to https://tomcat.apache.org/tomcat-9.0-doc/changelog.html it
> should be possible to disable JMX when using Tomcat 9.0.20+.
>
> I tried different way to pass --no-jmx to Tomcat 9.0.24 ("catalina.bat
> start --no-jmx", "startup.bat --no-jmx", editing catalina.bat), but the
> "Catalina" folder is present in JMX and memory consumption remains the
> same.
>
> I guess I am misunderstanding something and there is not way to disable
> JMX when using org.apache.catalina.startup.Bootstrap?
>
> Thanks and kind regards,
> Pascal|
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Is it possible to disable JMX?

2019-08-26 Thread Pascal Schumacher 

|Hi,

according to https://tomcat.apache.org/tomcat-9.0-doc/changelog.html it
should be possible to disable JMX when using Tomcat 9.0.20+.

I tried different way to pass --no-jmx to Tomcat 9.0.24 ("catalina.bat
start --no-jmx", "startup.bat --no-jmx", editing catalina.bat), but the
"Catalina" folder is present in JMX and memory consumption remains the same.

I guess I am misunderstanding something and there is not way to disable
JMX when using org.apache.catalina.startup.Bootstrap?

Thanks and kind regards,
Pascal|

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Help with proxy from secure Apache to unsecured Tomcat

2019-08-26 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 8/26/19 09:24, Mark Bordelon wrote:
> I also was of the opinion that this had to be an apache issue. The
> ssl logging was taken from the included out-of-the-box
> conf.d/ssl.conf. Issue was solved randomly by setting server name
> to www.cloviscorp.com  instead of
> cloviscorp.com .

Try restoring your previous configuration but also adding:

ServerName cloviscorp.com
ServerAlias www.cloviscorp.com

And (your choice):

UseCanonicalName On

On the Tomcat side, you can either use the "default virtual host"
(recommended, IMO) or you can match the vhost name from httpd and also
provide any aliases you need.

If you need to support multiple non-default vhosts in Tomcat in a
single JVM, then you probably don't want to use the default vhost. But
if everything is going to a single vhost in Tomcat, you are better off
only defining the default vhost (which is, uhh, the default) and
letting everything get mapped to that.

- -chris

>> On Aug 26, 2019, at 03:35, André Warnier (tomcat) 
>> wrote:
>> 
>> Hi.
>> 
>> That looks more like an Apache httpd issue, than a Tomcat issue
>> (as you mention, the tomcat logfiles do not show anything, and
>> the rest tends to indicate that Apache httpd is not proxying
>> these calls to tomcat, but trying to resolve them locally).
>> 
>> This being said, I cannot find any obvious configuration error in
>> the setup below.
>> 
>> The only thing which makes me a bit suspicious is this :
>> 
>>> ssl_error_log:[Sat Aug 24 11:44:36 2019] [error] [client
>>> 79.75.96.60] = File does not exist:
>>> /var/www/html/com/cloviscorp/ClovisWebApp
>> 
>> where does that "ssl_error_log:" prefix come from ? It does not
>> seem to have a reason to be there, considering your configuration
>> copied below.
>> 
>> On 24.08.2019 14:56, Mark Bordelon wrote:
>>> VERSIONS AND SETUP: Both  Apache/2.2.34 (Unix)   and  Apache
>>> Tomcat/8.0.53  are running on the same Linux AWS EC2 instance.
>>> 
>>> 
>>> 
>>> CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
>>> 
>>> 
>>>  ServerName cloviscorp.com DocumentRoot
>>> /var/www/html/com/cloviscorp >> "/var/www/html/com/cloviscorp"> Order Allow,Deny Allow From
>>> All AllowOverride All Options -Indexes 
>>> 
>>> ProxyRequests Off  Order deny,allow Allow from all 
>>>  ProxyPreserveHost On ProxyPass /ClovisWebApp
>>> http://localhost:8080/ClovisWebApp ProxyPassReverse /
>>> http://localhost:8080/
>>> 
>>>  Order allow,deny Allow from all 
>>> 
>>> Header set Access-Control-Allow-Origin null Header set
>>> Access-Control-Allow-Headers "Origin, X-Requested-With,
>>> Content-Type"
>>> 
>>> ErrorLog logs/cloviscorp.com-error_log CustomLog
>>> logs/cloviscorp.com-access_log common 
>>> 
>>>  ServerName cloviscorp.com DocumentRoot
>>> /var/www/html/com/cloviscorp >> "/var/www/html/com/cloviscorp"> Order Allow,Deny Allow From
>>> All AllowOverride All Options -Indexes 
>>> 
>>> SSLEngine on SSLCertificateFile "/etc/httpd/server.crt" 
>>> SSLCertificateKeyFile "/etc/httpd/server.key"
>>> 
>>> ProxyRequests Off  Order deny,allow Allow from all 
>>>  ProxyPreserveHost On ProxyPass /ClovisWebApp
>>> http://localhost:8080/ClovisWebApp ProxyPassReverse
>>> /ClovisWebApp http://localhost:8080/ClovisWebApp
>>> 
>>>  Order allow,deny Allow from all 
>>> 
>>> ErrorLog logs/cloviscorp-secure.com-error_log CustomLog
>>> logs/cloviscorp-secure.com-access_log common 
>>> 
>>> 
>>> 
>>> 
>>> CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
>>> 
>>> 
>>> >> connectionTimeout="2" redirectPort="8443" 
>>> proxyName="www.cloviscorp.com" proxyPort="80"/>
>>> 
>>> >> protocol="HTTP/1.1" connectionTimeout="2" 
>>> redirectPort="8443" />
>>> 
>>> 
>>> 
>>> PROBLEM:
>>> 
>>> A) http://www.cloviscorp.com/ClovisWebApp/textservice/health
>>> WORKS FINE B)
>>> https://www.cloviscorp.com/ClovisWebApp/textservice/health
>>> RETURNS: Not Found The requested URL
>>> /ClovisWebApp/textservice/health was not found on this server.
>>> 
>>> 
>>> 
>>> LOGS:
>>> 
>>> Tomcat logs show nothing, Apache log the following when I hit
>>> the second = (Secure) link: ssl_error_log:[Sat Aug 24 11:44:36
>>> 2019] [error] [client 79.75.96.60] = File does not exist:
>>> /var/www/html/com/cloviscorp/ClovisWebApp 
>>> 
- -
>>>
>>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>> 
>> 
>> 
>> -
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
> 
> 
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1j/RkACgkQHPApP6U8
pFjfhRAAx1GmXWM3dnG4GGFjeTWV5bAY1jPj60SU/nnAKJyMtlOvU5Xk1Sw1dCKv

Re: Help with proxy from secure Apache to unsecured Tomcat

2019-08-26 Thread Mark Bordelon 
Dear Chris,
All that messiness and variance was the result of lots of experimentation. I 
will immediately clean up and normalize the ProxyPassReverse sections, as well 
as remove the unnecessary ProxyRequest and Proxy element. Thank you very much 
for pointing it out.


> On Aug 26, 2019, at 06:27, Christopher Schultz  
> wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Mark,
> 
> On 8/24/19 08:56, Mark Bordelon wrote:
>> CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
>> 
>> 
> 
> [snip]
> 
>> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp 
>>  
>> ProxyPassReverse / http://localhost:8080/ 
> 
> [snip]
> 
>> 
> 
> Does not match this:
> 
>> 
> 
> [snip]
> 
>> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp 
>>  
>> ProxyPassReverse /ClovisWebApp http://localhost:8080/ClovisWebApp 
>> 
> 
> [snip]
> 
>> 
> 
> Is that intentional?
> 
> Also, I think you might want to map:
> 
> ProxyPass /ClovisWebApp/ http://localhost:8080/ClovisWebApp/ 
> 
> ProxyPassReverse /ClovisWebApp/ http://localhost:8080/ClovisWebApp/ 
> 
> 
> (Note the trailing slashes.)
> 
> Aside from your above mapping, this looks really weird to me:
> 
>ProxyRequests Off
>
>Order deny,allow
>Allow from all
>
> 
> If you have "ProxyRequests Off" (which is the default, BTW), then why
> do you have a  section. Do you have plans to use httpd as a
> *forward* proxy? That "Allow from all" is ... probably a bad idea.
> 
> - -chris
> 
>> CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
>> 
>> 
>> > connectionTimeout="2" redirectPort="8443" 
>> proxyName="www.cloviscorp.com" proxyPort="80"/>
>> 
>> > protocol="HTTP/1.1" connectionTimeout="2" redirectPort="8443"
>> />
>> 
>> 
>> 
>> PROBLEM:
>> 
>> A) http://www.cloviscorp.com/ClovisWebApp/textservice/health WORKS
>> FINE B) https://www.cloviscorp.com/ClovisWebApp/textservice/health
>> RETURNS: Not Found The requested URL
>> /ClovisWebApp/textservice/health was not found on this server.
>> 
>> 
>> 
>> LOGS:
>> 
>> Tomcat logs show nothing, Apache log the following when I hit the
>> second = (Secure) link: ssl_error_log:[Sat Aug 24 11:44:36 2019]
>> [error] [client 79.75.96.60] = File does not exist:
>> /var/www/html/com/cloviscorp/ClovisWebApp 
>> -
>> 
>> 
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 
> 
>> For additional commands, e-mail: users-h...@tomcat.apache.org 
>> 
>> 
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ 
> 
> 
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1j3icACgkQHPApP6U8
> pFiQ/BAAtJc/5VuuablzpslEWune5q31qnqJiOUX1YdTQBbniJHURT27XhqXcX+2
> rsTYDAA4hMqRnZ03DhhQVpTD7VQ9gOPX/y0I1tuEj3dZk+FmXTXdcJgJXDd5LPTW
> geY3xw9RojSzbQb7UCNPRAAzIvY69tqI8piUvZek33ICg2NHkJcw0MICw+SI4Soz
> tZehLAoqwb7RypJ+rEjnvQXiETsb9o7mZSB5hsIuNI3s+rC7kUAGxqrQrRXtodC3
> JCe+ul2mXGGiFUti4a0XPgYCMmIWMovwqyFXIH7uRCC1L1mGALKPMK/EtXX1gqct
> 4EwDMZ4OVZ9LTqYdh/bDT5DZR2XvBDQkt3/PBTTrVrgHYk8eEb3JkbI6iXsQ6xHF
> WLnwaND3F8CP9KtsSfWxgwTyjOKBIOXEuOjviIpNx4nELUwgsVOdELJPngzf9oXL
> dmzuwMIcD3EiUjMb8vQvUxUKGV30CQKKjSlcuz3Yb3wCqdyzUClVzODkt5ytCC7W
> jUlNHoOKzm/wEXoWpsaSKhr8jZh90VMu4iCKQgwN5Y0WRemzPm56xsHF9AA+owLF
> PX47XL0NIDn5VlcXQFkrRdwiP0/YsgWaY6PJt1VAheoPfen9D8cPIkayGVWPs7a6
> NeqCtVUzqbapUv6kyXzthQmZ+nwfp9dpmbNKhslB6OthBQYOpo8=
> =M26S
> -END PGP SIGNATURE-
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 
> 
> For additional commands, e-mail: users-h...@tomcat.apache.org 
>

Re: Help with proxy from secure Apache to unsecured Tomcat

2019-08-26 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 8/24/19 08:56, Mark Bordelon wrote:
> CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
> 
> 

[snip]

> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp 
> ProxyPassReverse / http://localhost:8080/

[snip]

> 

Does not match this:

> 

[snip]

> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp 
> ProxyPassReverse /ClovisWebApp http://localhost:8080/ClovisWebApp

[snip]

> 

Is that intentional?

Also, I think you might want to map:

ProxyPass /ClovisWebApp/ http://localhost:8080/ClovisWebApp/
ProxyPassReverse /ClovisWebApp/ http://localhost:8080/ClovisWebApp/

(Note the trailing slashes.)

Aside from your above mapping, this looks really weird to me:

ProxyRequests Off

Order deny,allow
Allow from all


If you have "ProxyRequests Off" (which is the default, BTW), then why
do you have a  section. Do you have plans to use httpd as a
*forward* proxy? That "Allow from all" is ... probably a bad idea.

- -chris

> CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
> 
> 
>  connectionTimeout="2" redirectPort="8443" 
> proxyName="www.cloviscorp.com" proxyPort="80"/>
> 
>  protocol="HTTP/1.1" connectionTimeout="2" redirectPort="8443"
> />
> 
> 
> 
> PROBLEM:
> 
> A) http://www.cloviscorp.com/ClovisWebApp/textservice/health WORKS
> FINE B) https://www.cloviscorp.com/ClovisWebApp/textservice/health
> RETURNS: Not Found The requested URL
> /ClovisWebApp/textservice/health was not found on this server.
> 
> 
> 
> LOGS:
> 
> Tomcat logs show nothing, Apache log the following when I hit the
> second = (Secure) link: ssl_error_log:[Sat Aug 24 11:44:36 2019]
> [error] [client 79.75.96.60] = File does not exist:
> /var/www/html/com/cloviscorp/ClovisWebApp 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1j3icACgkQHPApP6U8
pFiQ/BAAtJc/5VuuablzpslEWune5q31qnqJiOUX1YdTQBbniJHURT27XhqXcX+2
rsTYDAA4hMqRnZ03DhhQVpTD7VQ9gOPX/y0I1tuEj3dZk+FmXTXdcJgJXDd5LPTW
geY3xw9RojSzbQb7UCNPRAAzIvY69tqI8piUvZek33ICg2NHkJcw0MICw+SI4Soz
tZehLAoqwb7RypJ+rEjnvQXiETsb9o7mZSB5hsIuNI3s+rC7kUAGxqrQrRXtodC3
JCe+ul2mXGGiFUti4a0XPgYCMmIWMovwqyFXIH7uRCC1L1mGALKPMK/EtXX1gqct
4EwDMZ4OVZ9LTqYdh/bDT5DZR2XvBDQkt3/PBTTrVrgHYk8eEb3JkbI6iXsQ6xHF
WLnwaND3F8CP9KtsSfWxgwTyjOKBIOXEuOjviIpNx4nELUwgsVOdELJPngzf9oXL
dmzuwMIcD3EiUjMb8vQvUxUKGV30CQKKjSlcuz3Yb3wCqdyzUClVzODkt5ytCC7W
jUlNHoOKzm/wEXoWpsaSKhr8jZh90VMu4iCKQgwN5Y0WRemzPm56xsHF9AA+owLF
PX47XL0NIDn5VlcXQFkrRdwiP0/YsgWaY6PJt1VAheoPfen9D8cPIkayGVWPs7a6
NeqCtVUzqbapUv6kyXzthQmZ+nwfp9dpmbNKhslB6OthBQYOpo8=
=M26S
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Help with proxy from secure Apache to unsecured Tomcat

2019-08-26 Thread Mark Bordelon 
I also was of the opinion that this had to be an apache issue. 
The ssl logging was taken from the included out-of-the-box conf.d/ssl.conf.
Issue was solved randomly by setting server name to www.cloviscorp.com 
 instead of cloviscorp.com .


> On Aug 26, 2019, at 03:35, André Warnier (tomcat)  wrote:
> 
> Hi.
> 
> That looks more like an Apache httpd issue, than a Tomcat issue (as you 
> mention, the tomcat logfiles do not show anything, and the rest tends to 
> indicate that Apache httpd is not proxying these calls to tomcat, but trying 
> to resolve them locally).
> 
> This being said, I cannot find any obvious configuration error in the setup 
> below.
> 
> The only thing which makes me a bit suspicious is this :
> 
> > ssl_error_log:[Sat Aug 24 11:44:36 2019] [error] [client 79.75.96.60] =
> > File does not exist: /var/www/html/com/cloviscorp/ClovisWebApp
> 
> where does that "ssl_error_log:" prefix come from ?
> It does not seem to have a reason to be there, considering your configuration 
> copied below.
> 
> On 24.08.2019 14:56, Mark Bordelon wrote:
>> VERSIONS AND SETUP:
>> Both  Apache/2.2.34 (Unix)   and  Apache Tomcat/8.0.53  are running on the 
>> same Linux AWS EC2 instance.
>> 
>> 
>> 
>> CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
>> 
>> 
>> 
>> ServerName cloviscorp.com
>> DocumentRoot /var/www/html/com/cloviscorp
>> 
>> Order Allow,Deny
>> Allow From All
>> AllowOverride All
>> Options -Indexes
>> 
>> 
>> ProxyRequests Off
>> 
>> Order deny,allow
>> Allow from all
>> 
>> ProxyPreserveHost On
>> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp
>> ProxyPassReverse / http://localhost:8080/
>> 
>> 
>> Order allow,deny
>> Allow from all
>> 
>> 
>> Header set Access-Control-Allow-Origin null
>> Header set Access-Control-Allow-Headers "Origin, X-Requested-With, 
>> Content-Type"
>> 
>> ErrorLog logs/cloviscorp.com-error_log
>> CustomLog logs/cloviscorp.com-access_log common
>> 
>> 
>> 
>> ServerName cloviscorp.com
>> DocumentRoot /var/www/html/com/cloviscorp
>> 
>> Order Allow,Deny
>> Allow From All
>> AllowOverride All
>> Options -Indexes
>> 
>> 
>> SSLEngine on
>> SSLCertificateFile "/etc/httpd/server.crt"
>> SSLCertificateKeyFile "/etc/httpd/server.key"
>> 
>> ProxyRequests Off
>> 
>> Order deny,allow
>> Allow from all
>> 
>> ProxyPreserveHost On
>> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp
>> ProxyPassReverse /ClovisWebApp http://localhost:8080/ClovisWebApp
>> 
>> 
>> Order allow,deny
>> Allow from all
>> 
>> 
>> ErrorLog logs/cloviscorp-secure.com-error_log
>> CustomLog logs/cloviscorp-secure.com-access_log common
>> 
>> 
>> 
>> 
>> 
>> CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
>> 
>> 
>> >connectionTimeout="2"
>>redirectPort="8443"
>>   proxyName="www.cloviscorp.com"
>>   proxyPort="80"/>
>> 
>> >port="8080" protocol="HTTP/1.1"
>>connectionTimeout="2"
>>redirectPort="8443" />
>> 
>> 
>> 
>> PROBLEM:
>> 
>> A) http://www.cloviscorp.com/ClovisWebApp/textservice/health WORKS FINE
>> B) https://www.cloviscorp.com/ClovisWebApp/textservice/health RETURNS:
>>   Not Found
>>   The requested URL /ClovisWebApp/textservice/health was not found on this 
>> server.
>> 
>> 
>> 
>> LOGS:
>> 
>> Tomcat logs show nothing, Apache log the following when I hit the second =
>> (Secure) link:
>> ssl_error_log:[Sat Aug 24 11:44:36 2019] [error] [client 79.75.96.60] =
>> File does not exist: /var/www/html/com/cloviscorp/ClovisWebApp
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: Help with proxy from secure Apache to unsecured Tomcat

2019-08-26 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

Sorry for top-posting, but are you seeing an httpd error message or a
Tomcat one? If you can't tell, please post all of the response headers
you get.

- -chris

On 8/24/19 08:56, Mark Bordelon wrote:
> VERSIONS AND SETUP: Both  Apache/2.2.34 (Unix)   and  Apache
> Tomcat/8.0.53  are running on the same Linux AWS EC2 instance.
> 
> 
> 
> CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
> 
> 
>  ServerName cloviscorp.com DocumentRoot
> /var/www/html/com/cloviscorp  "/var/www/html/com/cloviscorp"> Order Allow,Deny Allow From All 
> AllowOverride All Options -Indexes 
> 
> ProxyRequests Off  Order deny,allow Allow from all 
>  ProxyPreserveHost On ProxyPass /ClovisWebApp
> http://localhost:8080/ClovisWebApp ProxyPassReverse /
> http://localhost:8080/
> 
>  Order allow,deny Allow from all 
> 
> Header set Access-Control-Allow-Origin null Header set
> Access-Control-Allow-Headers "Origin, X-Requested-With,
> Content-Type"
> 
> ErrorLog logs/cloviscorp.com-error_log CustomLog
> logs/cloviscorp.com-access_log common 
> 
>  ServerName cloviscorp.com DocumentRoot
> /var/www/html/com/cloviscorp  "/var/www/html/com/cloviscorp"> Order Allow,Deny Allow From All 
> AllowOverride All Options -Indexes 
> 
> SSLEngine on SSLCertificateFile "/etc/httpd/server.crt" 
> SSLCertificateKeyFile "/etc/httpd/server.key"
> 
> ProxyRequests Off  Order deny,allow Allow from all 
>  ProxyPreserveHost On ProxyPass /ClovisWebApp
> http://localhost:8080/ClovisWebApp ProxyPassReverse /ClovisWebApp
> http://localhost:8080/ClovisWebApp
> 
>  Order allow,deny Allow from all 
> 
> ErrorLog logs/cloviscorp-secure.com-error_log CustomLog
> logs/cloviscorp-secure.com-access_log common 
> 
> 
> 
> 
> CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
> 
> 
>  connectionTimeout="2" redirectPort="8443" 
> proxyName="www.cloviscorp.com" proxyPort="80"/>
> 
>  protocol="HTTP/1.1" connectionTimeout="2" redirectPort="8443"
> />
> 
> 
> 
> PROBLEM:
> 
> A) http://www.cloviscorp.com/ClovisWebApp/textservice/health WORKS
> FINE B) https://www.cloviscorp.com/ClovisWebApp/textservice/health
> RETURNS: Not Found The requested URL
> /ClovisWebApp/textservice/health was not found on this server.
> 
> 
> 
> LOGS:
> 
> Tomcat logs show nothing, Apache log the following when I hit the
> second = (Secure) link: ssl_error_log:[Sat Aug 24 11:44:36 2019]
> [error] [client 79.75.96.60] = File does not exist:
> /var/www/html/com/cloviscorp/ClovisWebApp 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1j3QEACgkQHPApP6U8
pFgwgw//e6Vd1SB+qNUWvh0Khk0aavl1qu4Fw+U7Ulk3PK8GYv9EyQtOdTUu/oN4
5ZlZBHfi0AUMv3iIUev0QPiDUe96FKsejVyu0z0VK9yaoYz+Gut8RNY4fWkY9Ks7
9w2TrMrMXXN81jxK9y0XAljrZkMsnIo6TI3kODjUDHu52A5XPI4GED06uYNQIg/E
gPwc8g7wxOxpxjrzIz0IYOZbVjYqInRAtAw0yvduQqBqcz2grmZrySRR52t2B1gV
cwT6LgES+xx69qmppK8bB2gd9qW82VmtBdRlQupJBvJxUsodtOlaMYYVaqi+lrhO
3+KHTsjpUBUu8p7RKRMP1IQTyHE65luXO9JGQ5Tk7LmNOOE8V6ZyPjfKOf2ioLQE
Z5FQ2okUJTMGL3OLJHk/OwJS0Y2T9wdehjpCXJV0rNQXI0OwXu3F5+a6UNRBNbzn
GhjsmYS5H+RlLGo6QM0Iv/tVYaYpL3I7tJbz6aa0SELtvafv5vjs4aOHREfADD9u
EYtanq9VYdI/l0CHFd+P/jCZp0JXZzgcr4XAhDAGTmhY+W+5NiVymWnRPZc7SZ6E
kk0PnFlwq1gCNPMc7g8Er9fWGhk8Pfo3yONV2W1ndWznjTgQj4CHQ2XH53zo/rif
FFnWpyF+TUgHuN/CtdSkpwcUBfNWfyGz5gCJGNOgxIQX0adneuc=
=C5Ze
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8.5 - Native Library - Crash

2019-08-26 Thread Eduardo Quintanilla 
Any tips for building Tomcat Native on Windows 10?

Best regards,
Eduardo Quintanilla
Software Developer
Block Networks

From: Christopher Schultz 
Sent: jueves, 22 de agosto de 2019 11:57 a. m.
To: users@tomcat.apache.org
Subject: Re: Tomcat 8.5 - Native Library - Crash


Eduardo,

On 8/22/19 10:18, Eduardo Quintanilla wrote:
> Chris,
>
> The crash dump and logs[1] from my dev environment.
>
> [1]https://1drv.ms/u/s!AjSSUmqOgKmfi1g7z4wUvfYPksCk?e=CLH6VF

Okay, as I suspected, it's a SIGSEGV, or what Java programmers would
call a NullPointerException.

The C code is computing a pointer with a 44 byte offset to a NULL
pointer and trying to dereference it, which causes the problem.

I'm not sure which field has a 44-byte offset into the structure it's
supposed to be contained in. That highly depends upon the
architecture, compiler, etc. and those are the things I don't have
access to.

If someone in the community is able to build tcnative for Windows in
the same way[1] that the Tomcat team builds it, can you identify the
following:

1. What line of code corresponds to tcnative-1.dll+0x14d32
2. Which structure is being used
3. Which field is 44 bytes into that structure

Knowing all those things should make this a very easy fix.

Of course, the "fix" will involve throwing an exception back over into
the Java space, to the application will still throw an error. But at
least it won't bring-down the whole JVM.

>> Do you always get the "stream is not writable" error before the
>> JVM performs the crash-dump?
>
> Yes but only in the Tomcat of the production environment.

That's ... interesting. If Tomcat knows it can't write to the
stream... why is it still writing to the stream?

Note that the crash dump you posted is for an error in
jni.Address.get() and not the one for Socket.sendb(). If you can
generate a crash dump in Socket.sendb() that would be helpful, too.

Also, please see:

https://bz.apache.org/bugzilla/show_bug.cgi?id=62626
https://bz.apache.org/bugzilla/show_bug.cgi?id=63405

-chris

>
> Best regards, Eduardo Quintanilla Software Developer
>
> From: Christopher Schultz 
> mailto:ch...@christopherschultz.net>> Sent:
> jueves, 22 de agosto de 2019 8:25 a. m. To:
> users@tomcat.apache.org Subject: Re: Tomcat 
> 8.5 - Native Library -
> Crash
>
>
> Eduardo,
>
> On 8/21/19 17:36, Eduardo Quintanilla wrote:
>> We have been getting some crashes in Tomcat 8.5.43 lately.
>>
>> The environment is: * JDK 1.8.0_202 * Windows Server 2012 R2
>>
>> The logs shows a tcnative exception.
>>
>> Crash Log: Current thread JavaThread
>> "https-openssl-apr-8081-exec-298" daemon _thread_in_native Java
>> frames: (J=compiled Java code, j=interpreted, Vv=VM code) J
>> 15034
>> org.apache.tomcat.jni.Socket.sendb(JLjava/nio/ByteBuffer;II)I (0
>> bytes) @ 0x02962ddf [0x02962d80+0x5f] J 29164 C2
>> org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper.doWrite(ZLjav
a
>
>>
/nio/ByteBuffer;)V
>> (242 bytes) @ 0x06d6933c [0x06d68b20+0x81c] J
>> 27479 C2 org.apache.tomcat.util.net.SocketWrapperBase.flush(Z)Z
>> (20 bytes) @ 0x053f6144 [0x053f60a0+0xa4] J 24666
>> C2
>> org.apache.coyote.http2.Http2OutputBuffer.doWrite(Ljava/nio/ByteBuffe
r
>
>>
;)I
>> (28 bytes) @ 0x06b51b74 [0x06b51660+0x514] J
>> 24689 C2
>> org.apache.catalina.connector.OutputBuffer.writeBytes([BII)V (38
>> bytes) @ 0x031c09f8 [0x031c04c0+0x538] J 27348
>> C2 org.apache.catalina.connector.CoyoteOutputStream.write([BII)V
>> (26 bytes) @ 0x071d51a8 [0x071d5120+0x88]
>
> What's the actual error? Can you post the entire crash dump?
>
>> Tomcat logs: org.apache.catalina.connector.ClientAbortException:
>> org.apache.coyote.CloseNowException: Connection [214], Stream
>> [279], This stream is not writable
>
> Do you always get the "stream is not writable" error before the
> JVM performs the crash-dump?
>
> I believe there is at least one lingering SEGV hiding in
> Socket.sendb(), possibly only on Windows. I don't have a Windows
> development environment to be able to disassemble the crash dump
> and locate the line of code being executed when the SEGV occurs, so
> I have added NULL-checks to everything I can find in there but it
> looks like it's not enough. Something is missing, somewhere.
>
> -chris
>
>
>
> The information transmitted is intended only for the person or
> entity to which it is addressed and may contain confidential and/or
> privileged material. Any review, retransmission, dissemination or
> other use of, or taking of any action in reliance upon, this
> information by persons or entities other than the intended
> recipient is prohibited. If you received this in error, please
> contact the sender and delete the material from any computer. La
> información transmitida está destinada únicamente a la persona o
> entidad a quien que va dirigida y puede contener información
> confidencial y/o

is it logical that WsBaseFrame/WsServerFrame calls WsSession.onclose that results in a call to the client again?

2019-08-26 Thread Johan Compagner 
Hi,

Daemon Thread [http-nio-8080-exec-4] (Suspended (breakpoint at line 84
in EditorEndpoint))

owns: Object  (id=16796)

owns: NioEndpoint$NioSocketWrapper  (id=16797)

EditorEndpoint.onError(Throwable) line: 84

NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line:
not available [native method]

NativeMethodAccessorImpl.invoke(Object, Object[]) line: 62

DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 43

Method.invoke(Object, Object...) line: 567

PojoEndpointServer(PojoEndpointBase).onError(Session, Throwable) line: 133

WsSession.sendCloseMessage(CloseReason) line: 619

WsSession.onClose(CloseReason) line: 526

WsFrameServer(WsFrameBase).processDataControl() line: 348

WsFrameServer(WsFrameBase).processData() line: 290

WsFrameServer(WsFrameBase).processInputBuffer() line: 130

WsFrameServer.onDataAvailable() line: 70

WsHttpUpgradeHandler.upgradeDispatch(SocketEvent) line: 148

UpgradeProcessorInternal.dispatch(SocketEvent) line: 54


UpgradeProcessorInternal(AbstractProcessorLight).process(SocketWrapperBase,
SocketEvent) line: 53

AbstractProtocol$ConnectionHandler.process(SocketWrapperBase,
SocketEvent) line: 789

NioEndpoint$SocketProcessor.doRun() line: 1437

NioEndpoint$SocketProcessor(SocketProcessorBase).run() line: 49

ThreadPoolExecutor(ThreadPoolExecutor).runWorker(ThreadPoolExecutor$Worker)
line: 1128

ThreadPoolExecutor$Worker.run() line: 628

TaskThread$WrappingRunnable.run() line: 61

TaskThread(Thread).run() line: 835



That is a stack that we encounter which i find quite strange
it seems to me that WsFrameBase.processDataControl

does a wsSession.onClose(new CloseReason(Util.getCloseCode(code), reason));

when it gets an op_code close

that sounds reasonably but the problem is WsSession will call when it was
in a open state an sendCloseMessage:

if (state == State.OPEN) { state = State.OUTPUT_CLOSED;
sendCloseMessage(closeReason);


problem is it is closed so this will result in a exception (broken pipe
stuff) when that is called

As far as i can understand it should not try to send a close message at
that point, because the close did already happen from the client side..
I guess if onclose was called programatically from the server side then it
is logical.


-- 
Johan Compagner
Servoy

Re: Help with proxy from secure Apache to unsecured Tomcat

2019-08-26 Thread tomcat 

Hi.

That looks more like an Apache httpd issue, than a Tomcat issue (as you mention, the 
tomcat logfiles do not show anything, and the rest tends to indicate that Apache httpd is 
not proxying these calls to tomcat, but trying to resolve them locally).


This being said, I cannot find any obvious configuration error in the setup 
below.

The only thing which makes me a bit suspicious is this :

> ssl_error_log:[Sat Aug 24 11:44:36 2019] [error] [client 79.75.96.60] =
> File does not exist: /var/www/html/com/cloviscorp/ClovisWebApp

where does that "ssl_error_log:" prefix come from ?
It does not seem to have a reason to be there, considering your configuration 
copied below.

On 24.08.2019 14:56, Mark Bordelon wrote:

VERSIONS AND SETUP:
Both  Apache/2.2.34 (Unix)   and  Apache Tomcat/8.0.53  are running on the same 
Linux AWS EC2 instance.



CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:



 ServerName cloviscorp.com
 DocumentRoot /var/www/html/com/cloviscorp
 
 Order Allow,Deny
 Allow From All
 AllowOverride All
 Options -Indexes
 

 ProxyRequests Off
 
 Order deny,allow
 Allow from all
 
 ProxyPreserveHost On
 ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp
 ProxyPassReverse / http://localhost:8080/

 
 Order allow,deny
 Allow from all
 

 Header set Access-Control-Allow-Origin null
 Header set Access-Control-Allow-Headers "Origin, X-Requested-With, 
Content-Type"

 ErrorLog logs/cloviscorp.com-error_log
 CustomLog logs/cloviscorp.com-access_log common



 ServerName cloviscorp.com
 DocumentRoot /var/www/html/com/cloviscorp
 
 Order Allow,Deny
 Allow From All
 AllowOverride All
 Options -Indexes
 

 SSLEngine on
 SSLCertificateFile "/etc/httpd/server.crt"
 SSLCertificateKeyFile "/etc/httpd/server.key"

 ProxyRequests Off
 
 Order deny,allow
 Allow from all
 
 ProxyPreserveHost On
 ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp
 ProxyPassReverse /ClovisWebApp http://localhost:8080/ClovisWebApp

 
 Order allow,deny
 Allow from all
 

 ErrorLog logs/cloviscorp-secure.com-error_log
 CustomLog logs/cloviscorp-secure.com-access_log common





CONFIGURATION EXCERPT FROM TOMCAT's server.xml:


 

 



PROBLEM:

A) http://www.cloviscorp.com/ClovisWebApp/textservice/health WORKS FINE
B) https://www.cloviscorp.com/ClovisWebApp/textservice/health RETURNS:
   Not Found
   The requested URL /ClovisWebApp/textservice/health was not found on this 
server.



LOGS:

Tomcat logs show nothing, Apache log the following when I hit the second =
(Secure) link:
ssl_error_log:[Sat Aug 24 11:44:36 2019] [error] [client 79.75.96.60] =
File does not exist: /var/www/html/com/cloviscorp/ClovisWebApp
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org