Re: Retrieve server.built, server.number
On Wed, Apr 10, 2024 at 2:14 PM Mark Thomas wrote: > ... and it might represent an information leakage vulnerability in your > > application. Be Careful. > > Shall we start the flame war now on whether exposing the current version > you are running represents a valid vulnerability or if hiding it is > just security by obscurity? Or do you want to save it for Bratislava? > > :) > > More seriously, your time is likely to be better spent (in my view) > keeping your Tomcat installations up to date with the latest releases > than it is ensuring that you hide the version number. > The amusing thing (or irritating thing, depending on your point of view) is when a large organization uses a vulnerability scanner and a Tomcat instance gets flagged as a security risk because it reveals its version number in the 404 error page. (Yes, this is a real scenario.)
Re: Tomcat on Windows : new keystore possibilities
On Mon, Apr 8, 2024 at 8:27 AM david w wrote: If you can share a way for this to not be necessary, I'm all ears... > I can read computer certificates from non-privileged accounts on Windows. (How would a user application such as a browser work otherwise?) I'm not sure what's different on your system or why you think a privileged account is required. In any case, this would not be a Tomcat-specific issue but rather some kind of configuration issue. (What I am saying is that troubleshooting this issue on your machine is really outside the scope of this specific mailing list.) I would repeat my recommendation not to run a web server of any kind (Tomcat or otherwise) using a privileged account. Bill
Re: Tomcat on Windows : new keystore possibilities
On Mon, Apr 8, 2024 at 3:49 AM david w wrote: The account running the Tomcat Windows Service needs local Administrator > rights to be able to refernce these certificate stores. > Fortunately, this statement is not correct. I would definitely not recommend running the Tomcat service using a privileged account. Bill
Re: Question regarding config.ini 'answer file'
On Tue, Mar 28, 2023 at 1:50 PM Jason Murray | ROI Solutions wrote: In a nutshell: my goal is to automate Tomcat 8.5 upgrades on Windows Server > as much as possible. > Are you sure you need Tomcat 8.5? If you can use 9.x, my recommendation would be to install using this: https://github.com/Bill-Stewart/ApacheTomcatSetup It won't configure everything you're asking for, but it should get you most of the way there. The build process could be adjusted to accommodate 8.5, but I would think 9.x would be preferable.
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.71]
Documentation and installer source: https://github.com/Bill-Stewart/ApacheTomcatSetup Download installer executable: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases (Why an alternative installer for Windows? See the "Background" section in the documentation for details.) New in the 9.0.71 installer: The installer now prompts before overwriting older and different files in the conf directory when upgrading.
Re: Unexpected messages in commons-daemon.log
On Tue, May 24, 2022 at 7:48 AM Mark Thomas wrote: Nothing to worry about. Just some new logging that should probably be > logging at debug level. I reviewed the associated PR but didn't realize > the code was called every minute. > > Having just looked at the relevant part of the source code and given the > TRACE level call just below, that logging looks to be unnecessary. I'll > remove it. > FWIW I am running 9.0.63 on Windows and I don't see any SERVICE_CONTROL_INTERROGATE entries in the commons-daemon log. Bill
Re: Unexpected messages in commons-daemon.log
On Tue, May 24, 2022 at 3:20 AM Pontus Ågren wrote: Since installing Tomcat 9.0.63 (as a service on Windows Server 2019) > commons-daemon.log is filling up with this... > > [2022-05-24 09:19:27] [info] [ 6772] Service SERVICE_CONTROL_INTERROGATE > signalled. > [2022-05-24 09:19:27] [info] [ 6772] Service SERVICE_CONTROL_INTERROGATE > signalled. > [2022-05-24 09:20:27] [info] [ 6772] Service SERVICE_CONTROL_INTERROGATE > signalled. > ... > > The pattern is two lines at the same time every minute and one line every > five minutes (09:24:15). Nothing in the Windows logs. > > Everything is running as expected so no worries. I'm just wondering if > this is something that needs looking into? Googling doesn't give anything > useful. > SERVICE_CONTROL_INTERROGATE is a standard Win32 service control request documented here: https://docs.microsoft.com/en-us/windows/win32/services/service-control-requests If there is a management application installed on the server that interrogates installed applications, services, inventory, etc. I could see this as a normal message. Bill
Re: Stuff in the "temp" directory within the Tomcat directory
On Thu, Feb 10, 2022 at 11:17 AM James H. H. Lampert wrote: I'm doing some cleanup on a customer box, removing a previous version of > Tomcat 8.5 that I'd replaced some time ago, and I'm finding huge amounts > of "stuff" in the "temp" directory within the Tomcat directory. Is that > stuff Tomcat itself left behind, or stuff our webapp left behind, or both? > > Assuming any of it is from Tomcat itself, any advice on keeping the > contents of that directory down to something reasonable? > I would think that the application considers those files to be temporary and doesn't expect them to be retained (except for files it is using actively or very recently). My approach in the past has been to schedule a removal of files in 'temp' that have a last write timestamp older than 30 days. In the case the Tomcat application server is not running, I would suspect that all of the files in 'temp' could be removed with no ill effects. The above may depend on your application, of course. Bill
Re: Tomcat 9 can not start on windows 10 as service
On Wed, Feb 9, 2022 at 10:47 AM W wrote: Thank Bill, I downloaded it and run it successfully. But when I modified > confg/tomcat-users.xml (so I can use manager), Tomcat service stopped. > Status became disabled. When I tried to restart the service, it told me > that the service was marked for deletion. So I uninstalled tomcat by using > "Add or remove program". It went through. But tomcat service is still in > Service window and I can not remove it. > How to remove it please?Thanks. If you delete the service while it is running you will have to restart the system to complete the removal. Bill
Re: Tomcat 9 can not start on windows 10 as service
On Tue, Feb 8, 2022 at 9:37 PM W wrote: Hi, > I install tomcat 9 using downloaded installation package. It was installed > successfully. I made tomcat manager working. I deployed my application... > Suddenly, tomcat stopped. Then I try to restart it using windows service. I > got error 5: access denied. I uninstalled tomcat and re-installed it. The > same thing happened. > Now I can go to tomcat\bin directory run startup.bat. It works. > What is wrong? How can I run it automatically using windows service? > Please. > Any information would be appreciated. Thanks in advance. For Windows users, I provided an alternative installer that might work better for you: https://github.com/Bill-Stewart/ApacheTomcatSetup It provides a means for specifying which account you want to use to run the Tomcat service (running as local system is definitely not recommended), and it also sets file system permissions appropriately. HTH Bill
Re: Tomcat 9 Encrpytion of JDBC
On Fri, Jan 14, 2022 at 10:25 AM Alan F wrote: > Interested to know your best practices on securing jdbc plain text > passwords, in my last place they used a mechanism to encrypt all passwords. > Is this the best method as I read some people don't recommend this. Any > details or procs on best practice appreciated. > The "best practice," generally speaking, is that doing so is basically pointless from a security perspective. https://cwiki.apache.org/confluence/display/TOMCAT/Password Bill
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.50]
Documentation and installer source: https://github.com/Bill-Stewart/ApacheTomcatSetup Download installer executable: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.48]
Documentation and installer source: https://github.com/Bill-Stewart/ApacheTomcatSetup Download installer executable: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.46]
Documentation and installer source: https://github.com/Bill-Stewart/ApacheTomcatSetup Download installer executable: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.45]
Documentation and installer source: https://github.com/Bill-Stewart/ApacheTomcatSetup Download installer executable: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.44]
Documentation and installer source: https://github.com/Bill-Stewart/ApacheTomcatSetup Download installer: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JNDI ldaps Problem with SSO
On Thu, Feb 25, 2021 at 2:31 AM wrote:
We are having a problem with our Single sign On config.
> When using ldap - all works well.
>
> When switiching to ldaps , the User loses to connection all together
> (Server not reachable)
>
> server.xml
>
> Good:
> connectionURL="ldap://x..com:3268;
>userBase="DC=XXXINTRA,DC=CH"
>userSubtree="true"
>userSearch="(sAMAccountName={0})"
>userRoleName="memberOf"
>
>
> roleBase="OU=PF00_App-Access,OU=PF00_App,OU=PF00_Server,OU=PF00_Res,OU=PF00,DC=XXXINTRA,DC=ch
> "
>roleName="CN"
>roleSearch="(member:1.2.840.113556.1.4.1941:={0})"
>roleSubtree="true"
>roleNested="true" />
>
> bad:
>
> connectionURL="ldaps://x..com:3269"
>userBase="DC=XXXINTRA,DC=CH"
>userSubtree="true"
>userSearch="(sAMAccountName={0})"
>userRoleName="memberOf"
>
>
> roleBase="OU=PF00_App-Access,OU=PF00_App,OU=PF00_Server,OU=PF00_Res,OU=PF00,DC=XXXINTRA,DC=ch"
>roleName="CN"
>roleSearch="(member:1.2.840.113556.1.4.1941:={0})"
>roleSubtree="true"
>roleNested="true" />
>
If you are running Tomcat on Windows, my question is whether the Java
running your Tomcat server trusts the Windows certificate store for the
secure LDAP.
If you are running Tomcat on Windows, try adding the following parameter to
the Java command line for your application:
-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT
(If you are using procrun which is likely on Windows, this means to go to
the "Java" tab for the Tomcat service configuration and add the above line
to the "Java Options" text box.)
Bill
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.43]
Documentation and installer source: https://github.com/Bill-Stewart/ApacheTomcatSetup Download installer: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases See installer source file for release notes: https://github.com/Bill-Stewart/ApacheTomcatSetup/blob/master/ApacheTomcat.iss - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Security Vulnerability -Default files
On Fri, Jan 22, 2021 at 11:49 AM Christopher Schultz wrote: > I think the OP is a non-native English speaker. I interpreted this to > mean "I'm hoping to get some help you you and this group." I appreciate the less-entitled potential interpretation. Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Security Vulnerability -Default files
On Thu, Jan 21, 2021 at 8:43 PM Nitin Kadam wrote: > I am from a Windows Administrator background and hence facing these > challenges, So expecting help from you and this group. "Expecting help from you and this group": This phrasing makes it sound like you think you are entitled to something. Please keep in mind that respondents on this list provide support for free, and there is no service-level agreement. Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Security Vulnerability -Default files
On Thu, Jan 21, 2021 at 7:19 AM Nitin Kadam wrote: > Hi Team, > > The internal security team reported below as Security findings. We do not > have anyone from a Tomcat background and for same we need to know the best > steps to resolve this issue. I am thinking you might need to adjust your expectations regarding an open-source software public mailing list. Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.41]
Documentation and installer source: https://github.com/Bill-Stewart/ApacheTomcatSetup Download installer: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.40]
Documentation and installer source: https://github.com/Bill-Stewart/ApacheTomcatSetup Download installer: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Windows Service
On Fri, Nov 20, 2020 at 10:59 AM jonmcalexander wrote:
> When adding an instance as a service and using a domain service account to
> run Tomcat,
> what additional user rights assignments does the service account need?
The account will need at least SeServiceLogonRight ("Log on as a
service"). Do you mean in addition to that?
Is something not working? Can you provide more detail about what's
provoking the question?
Bill
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.39]
Documentation and installer source: https://github.com/Bill-Stewart/ApacheTomcatSetup Download installer: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.38]
Documentation and installer source: https://github.com/Bill-Stewart/ApacheTomcatSetup Download installer: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9
On Tue, Aug 25, 2020 at 8:29 AM Mark Thomas wrote: >> Enhancement requests for this should go to Commons Daemon. Should > >> be simple enough just to dump current config. > > > > Done. > > > > https://issues.apache.org/jira/browse/DAEMON-422 > > Done. > > It outputs the command to (re-)create the current config to stderr (in a > similar manner to version and usage). Users are free to pipe that to a > file or whatever else they want to do with it. > Thanks Mark! Bill
Re: [OT] Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9
On Thu, Aug 6, 2020 at 10:18 AM Christopher Schultz wrote: The problem is that if you don't have your old command-line saved and > handy, you have to figure out how to re-generate it. Thus, the > feature-request for procrun to dump the current configuration to a > script which can re-create itself. > I just thought I would also mention that this problem (needing to reproduce a service configuration) doesn't arise when using my alternative installer to upgrade a Tomcat instance: An upgrade installs on top of, and replaces, an older version in-place without modifying the service configuration details. Bill
Re: [OT Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9
On Thu, Aug 6, 2020 at 10:01 AM wrote: I like what you are showing here, but are you implying a shared > CATALINA_HOME and CATALINA_BASE? > Sorry; I don't understand the question. The alternate installer doesn't set or use the CATALINA_HOME or CATALINA_BASE environment variables; it uses procrun (tomcat.exe) with a very long command line to install Tomcat as a service. Bill
Re: [OT] Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9
On Thu, Aug 6, 2020 at 10:18 AM Christopher Schultz wrote: The problem is that if you don't have your old command-line saved and > handy, you have to figure out how to re-generate it. Thus, the > feature-request for procrun to dump the current configuration to a > script which can re-create itself. > > I'm just suggesting that if your installer can dump that kind of thing > out it might also be handy. > I agree that this would be useful. Once it exists in procrun, perhaps the installer could be extended to take advantage of it. Bill
Re: [OT Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9
On Thu, Aug 6, 2020 at 9:09 AM Christopher Schultz wrote: I don't know if you are interested in such things, but being table to > export a configuration from one machine to another might be useful for > your installer, too. Something like "deploy to server A, > manually-configure, tweak, test, prove" and then "copy deployment > configuration to servers B - Z". > The alternative installer doesn't export a configuration, but it does let you repeat an installation using command-line options to get a similar effect; e.g.: apache-tomcat-a.b.c-setup.exe /type=core /serviceusername="domain\account" /jvmoptions="-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT" /jvmms=2048 /jvmmx=2048 /silent /log="c:\windows\temp\tomcatinstall.log" (all on one line of course) For reference: /type="core" - installs only the core components (no docs, Manager, Host Manager, or examples web apps) /serviceusername="domain\account" - runs the service using the specified account (and also, by default permissions are set on the install directories to allow this account to write to the logs, temp, and work directories) /jvmoptions="-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT" - tells the Java instance running Tomcat to trust the Windows certificate store /jvmms=2048 /jvmmx=2048 - sets the Java memory pool sizes for the service /silent - hands-free installation /log="c:\windows\temp\tomcatinstall.log" - logs to the specified file See the documentation - https://github.com/Bill-Stewart/ApacheTomcatSetup - for further information. Bill
Re: [OT Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9
On Tue, Aug 4, 2020 at 4:01 PM Christopher Schultz wrote: I have a client who runs our product on Windows (we usually run it on > Linux) and there are 2-4 separate Tomcat-based services on each node, > so they have "Tomcat 8.5.x for FOO", "Tomcat 8.5.x for BAR", etc. in > their service descriptions. Can they use your installer to upgrade > just one of those with a new Tomcat version? > The alternative installer can only upgrade Tomcat instances it installs. (It can't upgrade instances installed using Apache's installer or manual installations; it doesn't know about those.) The process in your case would be something like this: 1. Document the Tomcat service installation details for the instance you want to replace and back up its config files. 2. Remove it (reverse whatever process you used to install, whether Apache installer, manual, etc.). 3. Install using alternate installer; e.g.: apache-tomcat-a.b.c-setup.exe /instance="FOO" 4. Update the config files, copy application server files, etc. See the documentation - https://github.com/Bill-Stewart/ApacheTomcatSetup - for details. (Without /instance it installs a default instance - i.e., default directory of "\Program Files\Apache Tomcat", "Apache Tomcat" as the service name, etc.) To upgrade (in general): 1. Touch (update timestamps of) config files you don't want the installer to overwrite. 2. Run the above install commands with the new version of the installer. Don't forget the /instance parameter if you used it to install initially (otherwise, the installer will install or upgrade the default instance). Note that each instance installed using the alternate installer (default or otherwise) installs to a separate directory and appears as a separate entry in the Windows "installed application" list. (This is typically the expected behavior for application installations on Windows machines.) I certainly don't claim that the alternative installer is suitable for all applications and configurations, but for fairly common use cases on Windows machines, the two-step upgrade process noted above (I think) is pretty simple. Bill
Re: [OT Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9
On Tue, Aug 4, 2020 at 2:18 PM Christopher Schultz wrote: So how do you switch Java versions? > What do you mean? 1. Point an existing Tomcat instance to a different Java runtime, or 2. Upgrade an existing instance of Java? For 1: Use the procrun GUI and change the path to the jvm.dll file. Naturally you would need to restart Tomcat instance. For 2: My alternative installer is for upgrading Tomcat, not the Java instance. To do that, you would need to: a. Stop the Tomcat instance b. Upgrade/install the Java you want c. (If path to jvm.dll changed) Use the procrun GUI to change the path to the jvm.dll file d. Start the Tomcat instance Bill
Re: Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9
On Tue, Aug 4, 2020 at 7:47 AM Christopher Schultz wrote: Done. > > https://issues.apache.org/jira/browse/DAEMON-422 > I like this idea as an enhancement to procrun. I would also point out, for anyone interested, that my alternate installer supports upgrading without needing to document the settings: It automatically stops the service, updates the files, and restarts the service (preserving all configuration details). https://github.com/Bill-Stewart/ApacheTomcatSetup Bill
Re: Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9
On Mon, Jul 27, 2020 at 12:22 AM Hans Schou wrote: Yes I can add and change information, but how can I get the information out > so I can use that for an upgrade to a new major version? > >From an elevated command line, run: tomcat8w.exe "//ES//servicename" This displays the GUI configuration dialog. From there you can manually document your settings.
Re: Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9
On Fri, Jul 24, 2020 at 9:36 AM Christopher Schultz wrote: Note that everything you can configure using tomcatXw.exe //ES/svcname > you can also install from the command-line. > Correct. See the InstallService PascalScript procedure in the installer which performs the equivalent: https://github.com/Bill-Stewart/ApacheTomcatSetup/blob/master/ApacheTomcat.iss Bill
Re: Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9
On Fri, Jul 24, 2020 at 2:26 AM Hans Schou wrote: "document" manually? Like copy into a text file? > Yes, however you customarily do so. > > 2. If you used Apache's Windows installer, uninstall it (unfortunately > this removes the service and service configuration info). > > I use the zip file version, roughly I do this: > CD D:\Apache > unzip apache-tomcat-9.0.37.zip > MKLINK /D tomcat-9.0 apache-tomcat-9.0.37 > And then I make all my instances have CATALINA_BASE=D:\Apache\tomcat-9.0 > so I can minor upgrade several instances at the same time just by changing > the symlink (services must be stopped first). > Sounds like you have a fairly robust procedure already in place, and the alternative installer may not provide too much benefit. > 1. Update the timestamps of the config files you don't want the installer > to overwrite. > > Is this necessary when using zip-package? > That depends on where you extract the files and if your unzip tool is set to skip or overwrite newer files when extracting.
Re: Upgrade: tomcat8w.exe //ES//example - dump Java Options and other information to tomcat9
On Thu, Jul 23, 2020 at 6:24 AM Hans Schou wrote: I am about to upgrade a lot of Tomcat 8.0 instances to 9.0 on Windows. > ... > But in this process I loose some parameters like "Log on", "Initial memory > pool" and "Java options" which has been set with > tomcat8w.exe //ES//example > or > tomcat8w.exe //US//example > > Is there a way where I can get the say "Java options" parameters with a > command line tool so I don't have to start the GUI for every instans? > > Or is there a better way to upgrade from 8.0 to 9.0? > Simplifying upgrades on the Windows platform is one of the main reasons I created an alternative Windows installer. Latest version here: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases Documentation is here: https://github.com/Bill-Stewart/ApacheTomcatSetup Basically the steps would be: 1. Back up/document your 8.x configuration. 2. If you used Apache's Windows installer, uninstall it (unfortunately this removes the service and service configuration info). 3. Install the latest Tomcat version using the alternative installer, and configure Tomcat as needed. In the future, upgrades using the alternative installer are pretty simple: 1. Update the timestamps of the config files you don't want the installer to overwrite. 2. Download and run the latest version of the alternative installer to perform the upgrade. The installer automatically stops the service, upgrades the files, and restarts the service. All service configuration information is preserved. Of course, I would strongly recommend testing all of the above in a test environment first. Bill
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.37]
Documentation and installer source: https://github.com/Bill-Stewart/ApacheTomcatSetup Download installer: https://github.com/Bill-Stewart/ApacheTomcatSetup/releases
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.36]
Please see here: https://github.com/Bill-Stewart/ApacheTomcatSetup The Setup executable is available on the Releases tab. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: File access error on Windows Server 2019 after upgrading to Tomcat 8.5.45
On Tue, Jun 9, 2020 at 9:56 AM calder wrote: > A bit off-topic, but wanted to jump in and clear this up, as the Java > error messages are somewhat misleading. Thanks for the clarification. Regards Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: File access error on Windows Server 2019 after upgrading to Tomcat 8.5.45
On Mon, Jun 8, 2020 at 3:54 PM BOSECKER Nancy wrote: > In 8.5.45, I get the Java error: File not Found exception - > Access is denied. The file exists and is readable, but must be > being held onto by some unknown process. I've tried Windows > process manager and resource manager, but neither of these can > tell me what is holding the file handle. I can open the file in > an editor with no error. I can also delete the file without any > error. Your assumption that the file is being held open by an unknown process may not be correct. The ability to write/update/delete files is based on the account being used to run Tomcat. Also, "file not found" is not the same as "access denied". You should post the exact error line(s) from your log. Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.35]
Please see here: https://github.com/Bill-Stewart/ApacheTomcatSetup The Setup executable is available on the Releases tab. Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat and ssl
On Tue, Apr 28, 2020 at 10:42 PM Naga Ramesh wrote: > Can you check the below link.. > > https://mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/ I think you intended to reply to the mailing list (users at tomcat dot apache dot org) rather than to me directly. Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat and ssl
On Mon, Apr 27, 2020 at 3:31 PM calder wrote: > > On Mon, Apr 27, 2020 at 11:22 AM Beard, Shawn M. wrote: > > > I have an app running in tomcat 9 that makes an ssl call to an external > > webservice. > > > > It fails with these errors in the logs: > > > > ERROR javax.net.ssl.SSLHandshakeException: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > > valid certification path to requested target > > When we've seen that in our logs, it's because self-signed certs are being > used. This error can also occur on a Windows domain when the TLS certificate is issued by a corporate (internal) certificate authority (i.e., Java doesn't trust the issuer). On a Windows machine, you can tell Java to trust the certificates in the Windows certificate store by using this command line parameter: -Djavax.net.ssl.trustStoreType=WINDOWS-ROOT Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.34]
Please see here: https://github.com/Bill-Stewart/ApacheTomcatSetup The Setup executable is available on the Releases tab. Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] Apache Tomcat 9.0.34 available
On Thu, Apr 9, 2020 at 10:54 AM Mark Thomas wrote: > The correct SHA512 is: > 2bb67b23dc4fd484026f1a8b382f8fe3693644b45576f835f3822d4627e1c1a5c395b054c66cb7b50a29ac591389bdd6b9d2fe42de9fdfb0f4dd38bdeb58027f Thank you. The issue was my download had somehow gotten corrupted. I downloaded the file again and all is well. (Lesson learned: Verify file hash.) My apologies for the unnecessary noise in this list. Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] Apache Tomcat 9.0.34 available
On Thu, Apr 9, 2020 at 10:41 AM Bill Stewart wrote: > > On Thu, Apr 9, 2020 at 10:36 AM Mark Thomas wrote: > > > Where did you get that zip file from? > > https://tomcat.apache.org/download-90.cgi > > (Not sure which specific mirror was used; I since navigated elsewhere) > > > What is the SHA512 hash of the zip file you downloaded? > > DA20C41125C879B193C1B3AE9A6728E3CA5A9C5CF9F97C54AE81585D7D942D91526FD62D663A0A09483373205F8B2745A6F02F9AE441F8979429C59189D4A72E > > > Did you download over HTTPS? > > Yes. Also missing: tomcat9.exe Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] Apache Tomcat 9.0.34 available
On Thu, Apr 9, 2020 at 10:36 AM Mark Thomas wrote: > Where did you get that zip file from? https://tomcat.apache.org/download-90.cgi (Not sure which specific mirror was used; I since navigated elsewhere) > What is the SHA512 hash of the zip file you downloaded? DA20C41125C879B193C1B3AE9A6728E3CA5A9C5CF9F97C54AE81585D7D942D91526FD62D663A0A09483373205F8B2745A6F02F9AE441F8979429C59189D4A72E > Did you download over HTTPS? Yes. Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] Apache Tomcat 9.0.34 available
On Thu, Apr 9, 2020 at 9:08 AM Mark Thomas wrote: > The Apache Tomcat team announces the immediate availability of Apache > Tomcat 9.0.34. Thank you. FYI: The file tcnative-1.dll is missing from the 'apache-tomcat-9.0.34-windows-x64.zip' distribution. Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ANN: Bill Stewart's Apache Tomcat Setup for Windows [9.0.31]
Please see here: https://github.com/Bill-Stewart/ApacheTomcatSetup The Setup executable for Tomcat 9.0.31 is available on the Releases tab. Bill
Alternative Windows installer
Thanks to permission from the PMC, the initial release of my alternative Windows installer is available: https://github.com/Bill-Stewart/ApacheTomcatSetup I designed this to meet some specific needs in my organization. Perhaps others might find it useful as well. Regards, Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Alternative Windows service installer package
> Mark Thomas wrote: > Generally, Tomcat's source code is provided under the ALv2. Normally, > the answer would be "The ALv2 gives you all the permissions you need.". > However..., those files all contain the Tomcat logo which is a trademark > so section 6 applies which means the ALv2 does not give you permission > to use those files. In the meantime, I have updated the installer to use the "powered by" logo instead of the other one: http://www.apache.org/foundation/press/kit/poweredBy/pb-tomcat.jpg Will that be acceptable? Thanks Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Alternative Windows service installer package
On Wed, Dec 18, 2019 at 8:21 AM Mark Thomas wrote: > No need to be a commmitter. Your message has been moderate through. > Expect the PMC to discuss it and then respond. Understood; thank you. > The upgrades looked to be the most obvious feature difference. That > raises questions about whether we should install Tomcat into separate > CATALINA_HOME / CATALINA_BASE by default as that makes upgrades and > downgrades trivial. The way I envision it working the best for most people is to use the same appid so that upgrades replace the existing installed version (this is the usual behavior for most application installs on Windows). Some other features: * To install a new service instance, run the installer again, select to install a service instance, specify new service parameters, and complete the install. The new service instance will be installed side-by-side with existing service instances. * Upgrading will upgrade all service instances to the new version (because the files get upgraded). * Uninstall will remove all service instances for that version. (Individual service instance removal is not currently supported from the installer - removing an individual service instance would need to be done manually outside of the installer.) * Upgrades can occur with service(s) running; installer will stop the service(s), replacing the files, and start the service(s) again. It gets a little more complex if an application requires an old version of Tomcat but they want to install a later version on the same OS instance. In that case the admin will need to do some manual work to keep a copy of the old version. (As an aside: Another feature difference is support for silent installation with command-line support for all options that appear in the installer GUI.) Regards, Bill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Alternative Windows service installer package
Mark Thomas wrote: > > Question 1: Do I need to get permission to use these images from ASF if I > > host the installer publicly, and if so how would I do that? > > Generally, Tomcat's source code is provided under the ALv2. Normally, > the answer would be "The ALv2 gives you all the permissions you need.". > However..., those files all contain the Tomcat logo which is a trademark > so section 6 applies which means the ALv2 does not give you permission > to use those files. > > So that leads us to: > http://tomcat.apache.org/legal.html > > and you need to ask the PMC. The PMC can be contacted via the private > (i.e. there is no public archive) mailing list priv...@tomcat.apache.org > > To save a few emails, you'll need to provide: > > - The name you propose using for this installer > - Any changes made to the Tomcat source > - A mock-up of how you'd like to use the images (or a link to a copy of > the installer if that is easier) > - Details of how upgrade is implemented Thank you. Do I need to be a committer to join that list? > Personally, I'd be more interested in patches to the NSIS installer. Understood, but it seems that the NSIS installer doesn't offer as many features and would need to be overhauled. Regards, Bill
Alternative Windows service installer package
Greetings, I wrote an Inno Setup 6.x script for installing Tomcat 9.x that I think has some useful improvements over the NSIS installer: * Supports silent install (/silent, /verysilent), upgrade, of Tomcat on Windows * You can configure any of the following using the installer GUI or the command line: path to jvm.dll,service name, service display name, service user name, additional JVM options, and initial/maximum memory pool sizes * Default installation does not install anything into webapps directory (although you can select if needed) Example install command line parameters: /servicename="mytomcatserver" /servicedisplayname="My Apache Tomcat Server" /serviceusername=fabrikam\tomcatservice /jvmoptions="‑Djavax.net.ssl.trustStoreType=WINDOWS-ROOT" /javams=2048 /javamx=4096 /silent /log=install.log After this silent install all that would be needed is to set the service account password for the mytomcatserver service and start it. I was thinking about putting this on Github or similar but my question has to do with use of the installer images. The installer I built uses the images from https://github.com/apache/tomcat/tree/master/res (header.bmp, side_left.bmp, tomcat.ico) slightly modified for Inno Setup. Question 1: Do I need to get permission to use these images from ASF if I host the installer publicly, and if so how would I do that? Question 2: Is anyone interested in this alternative installer? Any thoughts/guidance appreciated. Regards, Bill
