My bad - I was looking in the catalina log, not the localhost log...
Now I see the config being parsed:
01-Mar-2020 21:12:49.147 FINE [localhost-startStop-1]
org.apache.catalina.valves.rewrite.RewriteValve.startInternal Read
configuration from: /WEB-INF/rewrite.config
01-Mar-2020 21:12:49.155
No matter where I place the rewrite.config, cannot get the
RewriteValve to find it.
I tried:
* /usr/local/tomcat/conf/Catalina/localhost/ROOT.xml and
/usr/local/tomcat/webapps/ROOT/WEB-INF/rewrite.config
* /usr/local/tomcat/conf/context.xml and
/usr/local/tomcat/conf/localhost/rewrite.config
The
I hit a snag with the query string. In some cases it contains the
webapp base URI in a query parameter, such as:
/admin/acl/authorizations/?forClass=https%3A//localhost%3A5443/admin/ns%23Authorization
So I'm trying to rewrite those as well, from
https%3A//localhost%3A5443/ to
Am 2020-02-29 um 15:12 schrieb Mark Thomas:
On 29/02/2020 13:05, Thomas Meyer wrote:
Am 29. Februar 2020 13:10:13 MEZ schrieb Mark Thomas :
On 29/02/2020 11:23, Michael Osipov wrote:
Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um
Thanks! I actually needed proxyPort="443" to make the URL
https://localhost, but your suggestion did the trick.
On Sat, Feb 29, 2020 at 11:12 AM Mark Thomas wrote:
>
>
>
> On 28/02/2020 22:26, Martynas Jusevičius wrote:
> > Yes the clients connect only directly to nginx.
> >
> > So the proxy
On 29/02/2020 13:05, Thomas Meyer wrote:
> Am 29. Februar 2020 13:10:13 MEZ schrieb Mark Thomas :
>> On 29/02/2020 11:23, Michael Osipov wrote:
>>> Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
> Am 2020-02-29 um 12:05 schrieb Mark Thomas:
>>
Am 2020-02-29 um 14:05 schrieb Thomas Meyer:
Am 29. Februar 2020 13:10:13 MEZ schrieb Mark Thomas :
On 29/02/2020 11:23, Michael Osipov wrote:
Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020
Am 29. Februar 2020 13:10:13 MEZ schrieb Mark Thomas :
>On 29/02/2020 11:23, Michael Osipov wrote:
>> Am 2020-02-29 um 12:13 schrieb Mark Thomas:
>>> On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
> On 29/02/2020 10:40, Michael Osipov wrote:
>>>
>>>
On 29/02/2020 11:23, Michael Osipov wrote:
> Am 2020-02-29 um 12:13 schrieb Mark Thomas:
>> On 29/02/2020 11:07, Michael Osipov wrote:
>>> Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10:40, Michael Osipov wrote:
>>
>>
>>
> Tomcat does not support renegotiation of TLS
Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10:40, Michael Osipov wrote:
Tomcat does not support renegotiation of TLS contexts based
on URLs like HTTPd.
Yes it does.
If you specify
Am 2020-02-29 um 12:13 schrieb Mark Thomas:
On 29/02/2020 11:07, Michael Osipov wrote:
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10:40, Michael Osipov wrote:
Tomcat does not support renegotiation of TLS contexts based
on URLs like HTTPd.
Yes it does.
If you specify
On 29/02/2020 11:07, Michael Osipov wrote:
> Am 2020-02-29 um 12:05 schrieb Mark Thomas:
>> On 29/02/2020 10:40, Michael Osipov wrote:
>>> Tomcat does not support renegotiation of TLS contexts based
>>> on URLs like HTTPd.
>>
>> Yes it does.
>>
>> If you specify CLIENT-CERT auth for a sub-set
Am 2020-02-29 um 12:05 schrieb Mark Thomas:
On 29/02/2020 10:40, Michael Osipov wrote:
Am 2020-02-29 um 10:09 schrieb Thomas Meyer:
Hi,
Instead of configuring the container for client cert Auth change the
webapp:
1) define a realm in local context.xml
2) add resp security constraint only
On 29/02/2020 10:40, Michael Osipov wrote:
> Am 2020-02-29 um 10:09 schrieb Thomas Meyer:
>> Hi,
>>
>> Instead of configuring the container for client cert Auth change the
>> webapp:
>> 1) define a realm in local context.xml
>> 2) add resp security constraint only for rest api calls
>
> This
Am 2020-02-29 um 10:09 schrieb Thomas Meyer:
Am 27. Februar 2020 10:58:01 MEZ schrieb "Martynas Jusevičius"
:
Hi list,
I'm using a Docker image based on tomcat:8.0-jre8. It serves as an
end-user facing webapp but also as a REST API which authenticates
using client certificates. The same URLs
On 28/02/2020 22:26, Martynas Jusevičius wrote:
> Yes the clients connect only directly to nginx.
>
> So the proxy config within 2 pairs of containers is like this:
>
> # website service; clientAuth=false
> nginx:80 -> tomcat:8080
> nginx:443 -> tomcat:8443
>
> # API service; clientAuth=true
Am 27. Februar 2020 10:58:01 MEZ schrieb "Martynas Jusevičius"
:
>Hi list,
>
>I'm using a Docker image based on tomcat:8.0-jre8. It serves as an
>end-user facing webapp but also as a REST API which authenticates
>using client certificates. The same URLs serve both purposes, however
>only
Yes the clients connect only directly to nginx.
So the proxy config within 2 pairs of containers is like this:
# website service; clientAuth=false
nginx:80 -> tomcat:8080
nginx:443 -> tomcat:8443
# API service; clientAuth=true
nginx-api:90 -> tomcat-api:8080
nginx-api:5443 -> tomcat-api:8443
On 28/02/2020 21:00, Martynas Jusevičius wrote:
> Setting up a second container with a different port was easy enough.
>
> However I got stuck on the URL mapping/rewriting. Using nginx as a
> proxy, I don't think it's possible to rewrite headers with the
> upstream module:
>
Setting up a second container with a different port was easy enough.
However I got stuck on the URL mapping/rewriting. Using nginx as a
proxy, I don't think it's possible to rewrite headers with the
upstream module:
https://nginx.org/en/docs/http/ngx_http_upstream_module.html
As I understand it
Tomcat is deep within the Docker image configured with a single
connector and a single ROOT webapp, so it's easier to deploy a second
container than to add a second connector or context :)
Thanks for your help.
On Thu, Feb 27, 2020 at 11:36 AM Mark Thomas wrote:
>
> On 27/02/2020 10:28,
On 27/02/2020 10:28, Martynas Jusevičius wrote:
> Yes, that could be an option. Or, since we're on Docker, a second
> instance of the webapp on a different port would be easier.
>
> But we would need to add some URL rewriting proxy before that
> connector to strip that port number to make the
Yes, that could be an option. Or, since we're on Docker, a second
instance of the webapp on a different port would be easier.
But we would need to add some URL rewriting proxy before that
connector to strip that port number to make the webapp see the
canonical URLs. That should be doable with
On 27/02/2020 09:58, Martynas Jusevičius wrote:
> Hi list,
>
> I'm using a Docker image based on tomcat:8.0-jre8. It serves as an
> end-user facing webapp but also as a REST API which authenticates
> using client certificates. The same URLs serve both purposes, however
> only administrators are
Hi list,
I'm using a Docker image based on tomcat:8.0-jre8. It serves as an
end-user facing webapp but also as a REST API which authenticates
using client certificates. The same URLs serve both purposes, however
only administrators are using the API.
The Connector is configured using
25 matches
Mail list logo