Re: help installing mod_jk on Centos 7 on a Google Cloud server

[Loai Abdallatif]

you are running apache with selinux context . just try to avoid its
complexity

On Sun, Nov 25, 2018 at 10:27 PM Lou Wallace  wrote:

> How will selinux help? Not sure what you mean...
>
> On Sun, Nov 25, 2018 at 3:16 PM Loai Abdallatif  >
> wrote:
>
> > try  selinux to permissive mode using #setenforce 0 to exclude it from
> > analyses
> >
> > On Sun, Nov 25, 2018 at 8:05 PM Lou Wallace 
> > wrote:
> >
> > > hey Greg,
> > >
> > > No obvious errors in mod_jk log. Only has five lines
> > >
> > > [Sun Nov 25 15:22:11.637 2018] [14159:139840145266816] [info]
> > > init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
> > > [Sun Nov 25 15:22:11.657 2018] [14159:139840145266816] [info]
> > > init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
> > > [Sun Nov 25 15:37:01.930 2018] [15407:140260327409792] [info]
> > > init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
> > > [Sun Nov 25 15:37:01.951 2018] [15407:140260327409792] [info]
> > > init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
> > > [Sun Nov 25 18:00:36.252 2018] [26421:139699565041792] [info]
> > > init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
> > > [Sun Nov 25 18:00:36.276 2018] [26421:139699565041792] [info]
> > > init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
> > >
> > > error_log
> > >
> > > [Sun Nov 25 18:00:36.250346 2018] [core:notice] [pid 26421] SELinux
> > policy
> > > enabled; httpd running as context system_u:system_r:httpd_t:s0
> > > [Sun Nov 25 18:00:36.251392 2018] [suexec:notice] [pid 26421] AH01232:
> > > suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> > > [Sun Nov 25 18:00:36.252380 2018] [jk:warn] [pid 26421] No JkLogFile
> > > defined in httpd.conf. Using default /etc/httpd/logs/mod_jk.log
> > > [Sun Nov 25 18:00:36.252466 2018] [jk:warn] [pid 26421] No JkShmFile
> > > defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
> > > [Sun Nov 25 18:00:36.273798 2018] [auth_digest:notice] [pid 26421]
> > AH01757:
> > > generating secret for digest authentication ...
> > > [Sun Nov 25 18:00:36.275236 2018] [lbmethod_heartbeat:notice] [pid
> 26421]
> > > AH02282: No slotmem from mod_heartmonitor
> > > [Sun Nov 25 18:00:36.276120 2018] [jk:warn] [pid 26421] No JkLogFile
> > > defined in httpd.conf. Using default /etc/httpd/logs/mod_jk.log
> > > [Sun Nov 25 18:00:36.276179 2018] [jk:warn] [pid 26421] No JkShmFile
> > > defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
> > > [Sun Nov 25 18:00:36.280163 2018] [mpm_prefork:notice] [pid 26421]
> > AH00163:
> > > Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 configured --
> > > resuming normal operations
> > > [Sun Nov 25 18:00:36.280201 2018] [core:notice] [pid 26421] AH00094:
> > > Command line: '/usr/sbin/httpd -D FOREGROUND'
> > >
> > >
> > >
> > >
> > >
> > >
> > > On Sun, Nov 25, 2018 at 12:42 PM Greg Huber 
> wrote:
> > >
> > > > OK, sorry, if you are remote then 8080 port may not be open.
> > > >
> > > > You need to check tomcat app actually shows the page correctly.
> > > >
> > > > If the page http://IP/index.jsp <http://IP:8080/index.jsp>
> > > > just shows the jsp, have a look at the /var/log/httpd logs to see
> what
> > > its
> > > > doing,
> > > >
> > > > eg access.log
> > > > xxx.xxx.xxx.xxx.xxx - - [25/Nov/2018:07:28:08 +] "GET /index.jsp
> > > > HTTP/1.1" 200 27080 "
> > > >
> > > > also look in the error.log for errors
> > > >
> > > > mod_jk.log
> > > > [Sun Nov 25 07:27:10 2018][1452:140132954712192] [info]
> > init_jk::mod_jk.c
> > > > (3591): mod_jk/1.2.46 initialized
> > > >
> > > > You could try yum package links which is a command line browser.
> > > >
> > > > Name: links
> > > > Arch: x86_64
> > > > Epoch   : 1
> > > > Version : 2.13
> > > > Release : 1.el7
> > > > Size: 2.8 M
> > > > Repo: epel/x86_64
> > > > Summary : Web browser running in both graphics and text mode
> > > > URL : http://links.twibright.com/
> > > > Licence : GPLv2+
> > > > Description : Links is a web browser capable of running in either
> > > graphic

Re: help installing mod_jk on Centos 7 on a Google Cloud server

[Loai Abdallatif]

try  selinux to permissive mode using #setenforce 0 to exclude it from
analyses

On Sun, Nov 25, 2018 at 8:05 PM Lou Wallace  wrote:

> hey Greg,
>
> No obvious errors in mod_jk log. Only has five lines
>
> [Sun Nov 25 15:22:11.637 2018] [14159:139840145266816] [info]
> init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
> [Sun Nov 25 15:22:11.657 2018] [14159:139840145266816] [info]
> init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
> [Sun Nov 25 15:37:01.930 2018] [15407:140260327409792] [info]
> init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
> [Sun Nov 25 15:37:01.951 2018] [15407:140260327409792] [info]
> init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
> [Sun Nov 25 18:00:36.252 2018] [26421:139699565041792] [info]
> init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
> [Sun Nov 25 18:00:36.276 2018] [26421:139699565041792] [info]
> init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
>
> error_log
>
> [Sun Nov 25 18:00:36.250346 2018] [core:notice] [pid 26421] SELinux policy
> enabled; httpd running as context system_u:system_r:httpd_t:s0
> [Sun Nov 25 18:00:36.251392 2018] [suexec:notice] [pid 26421] AH01232:
> suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> [Sun Nov 25 18:00:36.252380 2018] [jk:warn] [pid 26421] No JkLogFile
> defined in httpd.conf. Using default /etc/httpd/logs/mod_jk.log
> [Sun Nov 25 18:00:36.252466 2018] [jk:warn] [pid 26421] No JkShmFile
> defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
> [Sun Nov 25 18:00:36.273798 2018] [auth_digest:notice] [pid 26421] AH01757:
> generating secret for digest authentication ...
> [Sun Nov 25 18:00:36.275236 2018] [lbmethod_heartbeat:notice] [pid 26421]
> AH02282: No slotmem from mod_heartmonitor
> [Sun Nov 25 18:00:36.276120 2018] [jk:warn] [pid 26421] No JkLogFile
> defined in httpd.conf. Using default /etc/httpd/logs/mod_jk.log
> [Sun Nov 25 18:00:36.276179 2018] [jk:warn] [pid 26421] No JkShmFile
> defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
> [Sun Nov 25 18:00:36.280163 2018] [mpm_prefork:notice] [pid 26421] AH00163:
> Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 configured --
> resuming normal operations
> [Sun Nov 25 18:00:36.280201 2018] [core:notice] [pid 26421] AH00094:
> Command line: '/usr/sbin/httpd -D FOREGROUND'
>
>
>
>
>
>
> On Sun, Nov 25, 2018 at 12:42 PM Greg Huber  wrote:
>
> > OK, sorry, if you are remote then 8080 port may not be open.
> >
> > You need to check tomcat app actually shows the page correctly.
> >
> > If the page http://IP/index.jsp 
> > just shows the jsp, have a look at the /var/log/httpd logs to see what
> its
> > doing,
> >
> > eg access.log
> > xxx.xxx.xxx.xxx.xxx - - [25/Nov/2018:07:28:08 +] "GET /index.jsp
> > HTTP/1.1" 200 27080 "
> >
> > also look in the error.log for errors
> >
> > mod_jk.log
> > [Sun Nov 25 07:27:10 2018][1452:140132954712192] [info] init_jk::mod_jk.c
> > (3591): mod_jk/1.2.46 initialized
> >
> > You could try yum package links which is a command line browser.
> >
> > Name: links
> > Arch: x86_64
> > Epoch   : 1
> > Version : 2.13
> > Release : 1.el7
> > Size: 2.8 M
> > Repo: epel/x86_64
> > Summary : Web browser running in both graphics and text mode
> > URL : http://links.twibright.com/
> > Licence : GPLv2+
> > Description : Links is a web browser capable of running in either
> graphics
> > or text mode.
> > : It provides a pull-down menu system, renders complex pages,
> > has partial HTML
> > : 4.0 support (including tables, frames and support for
> > multiple character sets
> > : and UTF-8), supports color and monochrome terminals and
> > allows horizontal
> > : scrolling.
> >
> > On Sun, 25 Nov 2018 at 17:07, Lou Wallace 
> wrote:
> >
> > > How can I do that from the command line shell? I tried it from browser
> > and
> > > it timed out using http://IP:8080/index.jsp
> > >
> > >
> > > On Sun, Nov 25, 2018 at 11:54 AM Greg Huber 
> wrote:
> > >
> > > > >>But my .jsp web page is still showing as plain text
> > > >
> > > > With tomcat running does it show correctly ie
> > > > http://127.0.0.1:8080/../mypage.jsp
> > > >
> > > > then try http://127.0.0.1/../mypage.jsp
> > > >
> > > > ##
> > > >
> > > > tomcat server.xml using default port
> > > >  > > >connectionTimeout="2"
> > > >redirectPort="8443" />
> > > >
> > > >
> > > > On Sun, 25 Nov 2018 at 15:28, Lou Wallace 
> > > wrote:
> > > >
> > > > > hmm this is weird
> > > > >
> > > > > After adding
> > > > >
> > > > > #Options Indexes FollowSymLinks
> > > > > #No folders/files listed
> > > > > Options -Indexes -FollowSymLinks
> > > > >
> > > > > I decided to allow httpd.conf to try and load mod_jk.so again so I
> > > added
> > > > > back LoadModule jk_module /etc/httpd/modules/mod_jk.so and
> restarted
> > > > httpd
> > > > >
> > > > > then when I do apachectl -M I see as last 

Re: help installing mod_jk on Centos 7 on a Google Cloud server

[Loai Abdallatif]

Hi Lou

may be its worth to check Selinux ,
try setenforce 0

On Wed, Nov 21, 2018 at 8:41 PM Lou Wallace  wrote:

> Hey Greg,
>
> Thanks for the info. I changed both httpd.conf and workers.properties to
> your settings. Got the same error msg when I restarted httpd.
>
> When I checked journalist I get
>
> ● httpd.service - The Apache HTTP Server
>Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor
> preset: disabled)
>Active: failed (Result: exit-code) since Wed 2018-11-21 18:32:37 UTC;
> 3min 51s ago
>  Docs: man:httpd(8)
>man:apachectl(8)
>   Process: 24340 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited,
> status=1/FAILURE)
>   Process: 24339 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
> (code=exited, status=1/FAILURE)
>  Main PID: 24339 (code=exited, status=1/FAILURE)
> Nov 21 18:32:37 server2 systemd[1]: Starting The Apache HTTP Server...
> Nov 21 18:32:37 server2 httpd[24339]: AH00526: Syntax error on line 63 of
> /etc/httpd/conf/httpd.conf:
> Nov 21 18:32:37 server2 httpd[24339]: Invalid command 'JkWorkersFile',
> perhaps misspelled or defined by a module not included in the server
> configuration
> Nov 21 18:32:37 server2 systemd[1]: httpd.service: main process exited,
> code=exited, status=1/FAILURE
> Nov 21 18:32:37 server2 kill[24340]: kill: cannot find process ""
> Nov 21 18:32:37 server2 systemd[1]: httpd.service: control process exited,
> code=exited status=1
> Nov 21 18:32:37 server2 systemd[1]: Failed to start The Apache HTTP Server.
> Nov 21 18:32:37 server2 systemd[1]: Unit httpd.service entered failed
> state.
> Nov 21 18:32:37 server2 systemd[1]: httpd.service failed.
>
>
>
> On Wed, Nov 21, 2018 at 11:31 AM Greg Huber  wrote:
>
> > For my centos/mod._jk I use :
> >
> > /etc/httpd/conf.d/my.conf :
> >
> > ...
> > JkWorkersFile "/etc/httpd/conf.d/workers.properties"
> > JkLogFile "/etc/httpd/logs/mod_jk.log"
> > JkShmFile "/etc/httpd/logs/jk-runtime-status.log"
> > JkLogLevel info
> > JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
> > 
> > JkMount  / worker1
> > JkMount  /* worker1
> > 
> >
> > workers.properties :
> > # Define 1 real worker using ajp13
> > worker.list=worker1
> > # Set properties for worker1 (ajp13)
> > worker.worker1.type=ajp13
> > worker.worker1.host=localhost
> > worker.worker1.port=8009
> > worker.worker1.socket_keepalive=1
> >
> >
> > On Wed, 21 Nov 2018 at 16:19, Lou Wallace 
> wrote:
> >
> > > Hi Everyone,
> > >
> > > So still having issues with mod_jk. I have downloaded
> > >
> > > wget
> > >
> > >
> >
> http://www.eu.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.46-src.tar.gz
> > > wget
> > >
> > >
> >
> http://www.eu.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.46-src.tar.gz.sha1
> > >
> > > and make install, and everything seems fine
> > >
> > > I then edited the httpd.conf file and added
> > >
> > > LoadModule jk_module modules/mod_jk.so
> > >
> > > JkWorkersFile "/etc/httpd/conf/workers.properties"
> > > JkLogFile "/var/log/mod_jk.log"
> > > JkLogLevel  info
> > > JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
> > > JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
> > > JkRequestLogFormat "%w %V %T"
> > >
> > > then I edited workers.properties and added
> > >
> > > worker.list=app1,app2
> > >
> > > worker.app1.type=ajp13
> > > worker.app1.host=app1.example.com
> > > worker.app1.port=8201
> > > worker.app1.socket_timeout=10
> > >
> > > worker.app2.type=ajp13
> > > worker.app2.host=app2.example.com
> > > worker.app2.port=8201
> > > worker.app1.socket_timeout=10
> > >
> > > Then when I restart Apache using systemctl restart httpd I get
> > >
> > > Job for httpd.service failed because the control process exited with
> > error
> > > code. See "systemctl status httpd.servic
> > > e" and "journalctl -xe" for details.
> > >
> > > So checking mod_jk log I see
> > >
> > > [Wed Nov 21 15:54:19 2018] [11957:140478724515968] [warn]
> > > jk_map_handle_duplicates::jk_map.c (456): Duplicate key $
> > >
> > > and the httpd log last entries are
> > >
> > > [Wed Nov 21 15:54:13.789384 2018] [mpm_prefork:notice] [pid 7569]
> > AH00170:
> > > caught SIGWINCH, shutting down gracefully
> > > [Wed Nov 21 15:54:19.910325 2018] [core:notice] [pid 11957] SELinux
> > policy
> > > enabled; httpd running as context system_u:system_r:httpd_t:s0
> > > [Wed Nov 21 15:54:19.911278 2018] [suexec:notice] [pid 11957] AH01232:
> > > suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> > > [Wed Nov 21 15:54:19.916294 2018] [jk:warn] [pid 11957] No JkShmFile
> > > defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
> > > [Wed Nov 21 15:54:19.916632 2018] [jk:emerg] [pid 11957] Initializing
> > > shm:/etc/httpd/logs/jk-runtime-status.11957 errno=13. Unable to start
> due
> > > to shared memory failure.
> > > [Wed Nov 21 15:54:19.916639 2018] [jk:emerg] [pid 11957] Initializing
> > > shm:/etc/httpd/logs/jk-runtime-status.11957 errno=13. Unable to start
> due
> 

Re: Error in apache mod-jk logs

[Loai Abdallatif]

The Application works smoothly but when I do may refresh on the browser ,
the error below occurs
[Sat Nov 03 13:06:20 2018][54448:140562048997120] [warn]
ajp_get_endpoint::jk_ajp_common.c (3372): Unable to get the free endpoint
for worker worker_app1 from 1 slots
[Sat Nov 03 13:06:20 2018][54448:140562048997120] [info]
service::jk_lb_worker.c (1343): could not get free endpoint for worker
worker_app1 (0 retries)
[Sat Nov 03 13:06:20 2018][54448:140562048997120] [info]
service::jk_lb_worker.c (1650): All tomcat instances failed, no more
workers left for recovery (attempt=1, retry=1)
[Sat Nov 03 13:06:20 2018][54448:140562048997120] [info]
service::jk_lb_worker.c (1670): All tomcat instances are busy or in error
state
[Sat Nov 03 13:06:20 2018][54448:140562048997120] [error]
service::jk_lb_worker.c (1675): All tomcat instances failed, no more
workers left


On Sat, Nov 3, 2018 at 7:19 PM Loai Abdallatif 
wrote:

> Dear Colleagues
> We installed apache with mod_jk that connected to tomcat workers on the
> different machine, during monitoring the received requests we notice the
> below error on mod_jk log, and after checking the worker log we find the
> request received and logged in the access-log of the worker but the main
> problem is Tomcat Instance is working and running while the apache shows
> the below error.
>
> also I requested static object from Tomcat worker , and the below error
> didn't appear in modjk logs
>
>
> [Sat Nov 03 13:06:20 2018][54448:140562048997120] [warn]
> ajp_get_endpoint::jk_ajp_common.c (3372): Unable to get the free endpoint
> for worker worker_app1 from 1 slots
> [Sat Nov 03 13:06:20 2018][54448:140562048997120] [info]
> service::jk_lb_worker.c (1343): could not get free endpoint for worker
> worker_app1 (0 retries)
> [Sat Nov 03 13:06:20 2018][54448:140562048997120] [info]
> service::jk_lb_worker.c (1650): All tomcat instances failed, no more
> workers left for recovery (attempt=1, retry=1)
> [Sat Nov 03 13:06:20 2018][54448:140562048997120] [info]
> service::jk_lb_worker.c (1670): All tomcat instances are busy or in error
> state
> [Sat Nov 03 13:06:20 2018][54448:140562048997120] [error]
> service::jk_lb_worker.c (1675): All tomcat instances failed, no more
> workers left
>

Error in apache mod-jk logs

[Loai Abdallatif]

Dear Colleagues
We installed apache with mod_jk that connected to tomcat workers on the
different machine, during monitoring the received requests we notice the
below error on mod_jk log, and after checking the worker log we find the
request received and logged in the access-log of the worker but the main
problem is Tomcat Instance is working and running while the apache shows
the below error.

also I requested static object from Tomcat worker , and the below error
didn't appear in modjk logs


[Sat Nov 03 13:06:20 2018][54448:140562048997120] [warn]
ajp_get_endpoint::jk_ajp_common.c (3372): Unable to get the free endpoint
for worker worker_app1 from 1 slots
[Sat Nov 03 13:06:20 2018][54448:140562048997120] [info]
service::jk_lb_worker.c (1343): could not get free endpoint for worker
worker_app1 (0 retries)
[Sat Nov 03 13:06:20 2018][54448:140562048997120] [info]
service::jk_lb_worker.c (1650): All tomcat instances failed, no more
workers left for recovery (attempt=1, retry=1)
[Sat Nov 03 13:06:20 2018][54448:140562048997120] [info]
service::jk_lb_worker.c (1670): All tomcat instances are busy or in error
state
[Sat Nov 03 13:06:20 2018][54448:140562048997120] [error]
service::jk_lb_worker.c (1675): All tomcat instances failed, no more
workers left

Re: 2 Factor Authentication Tomcat 7

[Loai Abdallatif]

Thank Chris, Totally I agree with you

On Tue, Oct 23, 2018 at 6:03 PM Will Nordmeyer  wrote:

> Chris,
>
> I understand all of that and am working all those concerns to the
> PTB... but as with many management situations reality doesn't fit with
> the "security" mindset.
> On Tue, Oct 23, 2018 at 10:59 AM Christopher Schultz
>  wrote:
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > Will,
> >
> > On 10/23/18 10:44, Will Nordmeyer wrote:
> > > I'm currently running Tomcat 7 (will likely migrate to 8 or 9 in
> > > the next year).  I tried working with Oracle on this with no
> > > success.
> > >
> > > We have an Oracle Database connection defined within our web.xml
> > > (see below).  We need to convert to using 2 Factor (certificate?)
> > > based Authentication.
> > >
> > > How do we convert from our embedded username password to 2FA
> >
> > Uhh...
> >
> > How would you enter your second-factor into the server? During service
> > startup? What happens if the connection times-out and you have to
> > re-authenticate? Do you want to be paged in the middle of the night to
> > re-enter your 2FA code? How about 10 times per hour on 100 different
> > servers?
> >
> > 2FA doesn't make any sense at all for services contacting other
> > services. 2FA makes sense for humans contacting services because
> > humans are so much worse at password management, social engineering
> > resistance, etc.
> >
> > If you have a segment of your IT team mandating 2FA for database
> > connections (even for services), tell them that THEY have to use THEIR
> > 2FA credentials to unlock the database for YOUR services. See how long
> > that policy survives.
> >
> > - -chris
> > -BEGIN PGP SIGNATURE-
> > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> >
> > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvPN1UACgkQHPApP6U8
> > pFgyzA//b2S8wolPV9oj9rnXikgcY+aKsWsO1eDOQ89lHLNAW/vZXXBp+imE15ec
> > Ow211CgpoHvePTF6apUq0iW4zBi8xTil9ZbHHW8dcFICGtBrhOMvwzT6TBIJyPVw
> > KJF/l3f1VBBDKyfuwmdHENuakRQazvT9dnd9YBN5QTzGvkYVaGmh6gEm4u/gz+bF
> > Bncfb9ThLvPGKhNsS8mPlCS8bc/NDzjWPqaI+nQQWs2paSNHYEkgj7x0zSV0KOUV
> > HmuhRdahcAm2Tmxd6uLdQtoizO+SvX7N6emPg0UPG1I0+pKoklWVhQsSahKG1a3f
> > 9rmvaAXjiOdNFnxO6bwKWI6Q/2quJdV+77QA0MbqGMLngC38WlLfzIcB7ryfyhoh
> > SwwNeCn6AkYaQ7AwdmaskTKW1QCB/k34KmcBzbxsf2V3ChWVDDHxqlzHGkg0P7DO
> > Ctd8OAdWuhAErUxuXlNd3JOJqflOENtCB9WMPy5i2N71dZlnPhK/OUjtoE3U4dEj
> > WiynhDHuOcXXOPo4+QuhvDBNoat/todKqh5SCVkEonSx/dPSTwMbpKkCdSwM7oTT
> > dcYXEA+gb2fHIsARP6bsWDdxwhfuIhPWCtI/BVFYaXSeeVpSuUp4IF0/g3Geh26s
> > w3IFH6aP95P8t+vxeIBnwdFDZddot4VbWCJOEOJSmgqP39OcHg4=
> > =baEw
> > -END PGP SIGNATURE-
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Load Balancing to Tomcat Workers

[Loai Abdallatif]

Hello,

I have configures web server with jk load balancer to tomcat server
(192.168.237.11) with two containers  worker 0, worker1)
the problem is that the web application session seems keep rotating between
both workers but I need session stickeness, means the client will be
connected to the same worker which doesn't occur ,

the workers.properties file has this content :
worker.list=EVOUCHER_LB, jk-status, jk-manager, EVOUCHER_LB
# Define worker0 -- appserver1
worker.worker_app1.type=ajp13
worker.worker_app1.host=192.168.237.11
worker.worker_app1.port=8009
worker.worker_app1.socket_timeout=1200
worker.worker_app1.connection_pool_size=1
worker.worker_app1.connection_pool_timeout=1300
worker.worker_app1.lbfactor=1
worker.worker_app1.redirect=worker_app2
worker.worker_app1.sticky_session=1
#
#Define worker1 -- appserver1
worker.worker_app2.type=ajp13
worker.worker_app2.host=192.168.237.11
worker.worker_app2.port=8109
worker.worker_app2.socket_timeout=1200
worker.worker_app2.connection_pool_size=1
worker.worker_app2.connection_pool_timeout=1300
worker.worker_app2.lbfactor=1
worker.worker_app2.redirect=worker_app1
worker.worker_app2.sticky_session=1

Re: SSL on Tomcat

[Loai Abdallatif]

Thanks Chris, Luis

On Tue, Oct 2, 2018 at 10:00 AM Luis Rodríguez Fernández 
wrote:

> Hello Christopher,
>
> It makes sense, thank you very much for your advice!
>
> Cheers,
>
> Luis
>
> El lun., 1 oct. 2018 a las 20:39, Christopher Schultz (<
> ch...@christopherschultz.net>) escribió:
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > Luis,
> >
> > On 10/1/18 11:06 AM, Luis Rodríguez Fernández wrote:
> > > Agree with Christopher, you have to fix your client. Just get the
> > > root Certificate Authority public key and import it in your client
> > > truststore.
> >
> > I'd recommend trusting the finest-grained cert you can get away with.
> > That might not always be the root CA cert. It might be the server's
> > cert directly.
> >
> > > If you did not change it the client (java) the default keystore is
> > > located in  $JAVA_HOME/jre/lib/security/cacerts. Something like:
> > >
> > > keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts
> > > -storepass trust_store_password_here -alias Root -import -file
> > > the_downloaded_ca.crt
> > >
> > > The default password for cacerts is changeit
> >
> > FWIW, I wouldn't recommend changing the JVM's trust store. I say so
> > for two reasons:
> >
> > 1. You will be trusting that certificate for ALL JVMS LAUNCHED
> > AFTERWARD. Perhaps you don't want some other service to trust your
> > 192.168.1.120 certificate when it's only supposed to be used with a
> > single client service.
> >
> > 2. You will have to remember to update the trust store every time you
> > change your Java installation. That means upgrades, downgrades, etc.
> >
> > The best way to do this IMO is to create a trust store specific for
> > that service (client) and use it EXPLICITLY.
> >
> > - -chris
> > -BEGIN PGP SIGNATURE-
> > Comment: GPGTools - http://gpgtools.org
> > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> >
> > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluyafIACgkQHPApP6U8
> > pFijGRAAr8BXcoObcsRM/n++276xFYoAJPGKigExp6wpLjI0iHasPpXC0BPaMInb
> > w7ZkgwAY77Qq7jCcUB8FGrBQXo+axN2r8MVsghV/UyTIwnZyKDM0lb4z6d6016Bc
> > fQjoalUal857FH20PRAv5U+GrrpNcE7Mua5yu6eTqlMpX2hC0kBCc+oaH6xmtZr/
> > lvtn9UK5/ymS83yW5sxxYRa3uEnFf6U2EFJoWKGraEOHquEiX01Jn5nOYxccyPMT
> > TtjZ+yzkc/gvBTsme0ZVdOXTK9m+0Q10f/Fgc4bidSb9ZybaBcm8YsOqpqjP9poC
> > YU4KtJP7BsJbMVzNV7YFlmIDlOVXwzk84oqEj8trbUe8AtJnq9gCLFp6/1ElmXE4
> > xP26Gw1ck2vqQC/4u43HsiBegLFaBUorjNw3fWkf3PTiqSXHjXToJK9oYRv1DNkr
> > SV8dlnujLbqmDQWag2FHTkE6Ka5sFBdbeFUdFP0Qd7jkhmErr5nziO1RtZ1bkIUz
> > MaCYdpLR+OdU1XMrENnLHRedmpjDXp4UA1/mqr/PSMadQrlK7Z4fF5UVurXFWn7Z
> > C+HNYzoSmvUL+y1KsficoK3ZGthUpkgApFFbFh3aSKdm07V+Xt1KK6sRndcjdoff
> > KtU/sG0d0SSLnJmRCJHINRSOccmHZUiWGJ9+UXXE2Gd4nEw43r4=
> > =okQm
> > -END PGP SIGNATURE-
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
>

Re: SSL on Tomcat

[Loai Abdallatif]

thanks very much , I did it and it works

On Mon, Oct 1, 2018 at 6:07 PM Luis Rodríguez Fernández 
wrote:

> Hello Loai,
>
> Agree with Christopher, you have to fix your client. Just get the root
> Certificate Authority public key and import it in your client truststore.
> If you did not change it the client (java) the default keystore is located
> in  $JAVA_HOME/jre/lib/security/cacerts. Something like:
>
>  keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass
> trust_store_password_here -alias Root -import -file the_downloaded_ca.crt
>
> The default password for cacerts is changeit
>
> Hopeit helps,
>
> Luis
>
>
>
>
> El sáb., 29 sept. 2018 a las 12:05, Loai Abdallatif (<
> loai.abdalla...@gmail.com>) escribió:
>
> > Thanks Chris, but how to do it, should I copy the ssl certificate from
> > Webserver 192.168.1.120 to my tomcat container (worker0) in 192.168.1.111
> > in server.xml .
> > any idea please
> >
> > On Sat, Sep 29, 2018 at 1:35 AM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA256
> > >
> > > Loai,
> > >
> > > On 9/27/18 10:50, Loai Abdallatif wrote:
> > > > Hello,
> > > >
> > > > I have Set Apache Load Balancer ( ModJK) with Server IP
> > > > 192.168.1.120 (Webserver01.epsilon.test)  which forward the traffic
> > > > to tomcat server .(192.168.1.111 (appserver01.epsilon.test)
> > > >
> > > > each tomcat server has three workers ( 0,1,2)
> > > >
> > > > I deployed *Central Authentication Service* (CAS)  on Worker0  and
> > > > its is working with warning related to ssl Certificate, I have
> > > > another Application on this worker0 called ServiceCatalog
> > > > unfortunatly it didnt work and gave error as below
> > > >
> > > >
> > > > ERROR org.jasig.cas.client.util.CommonUtils -
> > > > sun.security.validator.ValidatorException: PKIX path building
> > > > failed
> > > >  : sun.security.provider.certpath.SunCertPathBuilderException:
> > > > unable to find valid certification path to requested
> > > >  target javax.net.ssl.SSLHandshakeException:
> > > > sun.security.validator.ValidatorException: PKIX path building
> > > > failed: sun.sec
> > > >  urity.provider.certpath.SunCertPathBuilderException: unable to
> > > > find valid certification path to requested target
> > >
> > > As Guido says, your client (org.jasig.cas.client) does not trust the
> > > server it's trying to connect to.
> > >
> > > Is the server in this case the one you set up above? It's not clear
> > > exactly what you are trying to do.
> > >
> > > There is nothing you can change with Tomcat to fix this error... you
> > > must configure your client to trust the server.
> > >
> > > - -chris
> > > -BEGIN PGP SIGNATURE-
> > > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> > >
> > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluurMsACgkQHPApP6U8
> > > pFiGARAAk5GnoU7+3tk16yh+cCme1mzPZiEUf0y1uE8CK74zaNB4OXbeF6iuNOEm
> > > 9OP5MV6zyQC/NxI+DSlUzN32ZUEDLKSw7OUcMmhBfrZs690NEChHTJV9p/EpC7NS
> > > 8LwMU/r3MFrvpkaLuPQsq+DbzbNRefh6+eOEhGTT3WtwW6SYtXxNUbBz4WmCSTrz
> > > LHPYGTpUT19CX2BE5sNQeV5F4/ul3fLSMuVp4RryVo4BLQKBwh/rexb1fUbsdxyn
> > > /v3HyCgreuhFV7DVMF+BuA46sccOm6kScMf7r9LrDioMswZvn79dFGgo9qMDgCWE
> > > 37j7Dnv72GdtlkkNAkP9sKm413B4LzAhuL56bAyK+3SRRKuiqDPgq+4tcEOsIb4u
> > > j6j3ZtJbpoojibAuNZWcvR3kjEPfCDUnRa6JSKXu1Y7Bekr3kLYbiGtOVWXi0ozs
> > > 9zzq8D7lqSDD7b0UhuZ22yuR0OBZMlxn0/ELH0GNikyLuwAd3UrrcNXfL7kpl5P9
> > > BFSEnpZ8uD7bhXrkVCBdM+ktXrCYS8StEIFNwXe5WeUbLdXoCDNKvlKgZKq2/IkD
> > > /Zjh44ecYr8TNdfvyNJxL2YGTUZcfwyZETrMX/1ont7VfFU/xHuh1DE6R60vAtfB
> > > 8nEsqNc+FFocsKlEwQbVyt0XP54DPfPGzXX544NLfbaIr2/2JOk=
> > > =Bjfw
> > > -END PGP SIGNATURE-
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> > >
> >
>
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
>

Re: SSL on Tomcat

[Loai Abdallatif]

Thanks Chris, but how to do it, should I copy the ssl certificate from
Webserver 192.168.1.120 to my tomcat container (worker0) in 192.168.1.111
in server.xml .
any idea please

On Sat, Sep 29, 2018 at 1:35 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Loai,
>
> On 9/27/18 10:50, Loai Abdallatif wrote:
> > Hello,
> >
> > I have Set Apache Load Balancer ( ModJK) with Server IP
> > 192.168.1.120 (Webserver01.epsilon.test)  which forward the traffic
> > to tomcat server .(192.168.1.111 (appserver01.epsilon.test)
> >
> > each tomcat server has three workers ( 0,1,2)
> >
> > I deployed *Central Authentication Service* (CAS)  on Worker0  and
> > its is working with warning related to ssl Certificate, I have
> > another Application on this worker0 called ServiceCatalog
> > unfortunatly it didnt work and gave error as below
> >
> >
> > ERROR org.jasig.cas.client.util.CommonUtils -
> > sun.security.validator.ValidatorException: PKIX path building
> > failed
> >  : sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to find valid certification path to requested
> >  target javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path building
> > failed: sun.sec
> >  urity.provider.certpath.SunCertPathBuilderException: unable to
> > find valid certification path to requested target
>
> As Guido says, your client (org.jasig.cas.client) does not trust the
> server it's trying to connect to.
>
> Is the server in this case the one you set up above? It's not clear
> exactly what you are trying to do.
>
> There is nothing you can change with Tomcat to fix this error... you
> must configure your client to trust the server.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluurMsACgkQHPApP6U8
> pFiGARAAk5GnoU7+3tk16yh+cCme1mzPZiEUf0y1uE8CK74zaNB4OXbeF6iuNOEm
> 9OP5MV6zyQC/NxI+DSlUzN32ZUEDLKSw7OUcMmhBfrZs690NEChHTJV9p/EpC7NS
> 8LwMU/r3MFrvpkaLuPQsq+DbzbNRefh6+eOEhGTT3WtwW6SYtXxNUbBz4WmCSTrz
> LHPYGTpUT19CX2BE5sNQeV5F4/ul3fLSMuVp4RryVo4BLQKBwh/rexb1fUbsdxyn
> /v3HyCgreuhFV7DVMF+BuA46sccOm6kScMf7r9LrDioMswZvn79dFGgo9qMDgCWE
> 37j7Dnv72GdtlkkNAkP9sKm413B4LzAhuL56bAyK+3SRRKuiqDPgq+4tcEOsIb4u
> j6j3ZtJbpoojibAuNZWcvR3kjEPfCDUnRa6JSKXu1Y7Bekr3kLYbiGtOVWXi0ozs
> 9zzq8D7lqSDD7b0UhuZ22yuR0OBZMlxn0/ELH0GNikyLuwAd3UrrcNXfL7kpl5P9
> BFSEnpZ8uD7bhXrkVCBdM+ktXrCYS8StEIFNwXe5WeUbLdXoCDNKvlKgZKq2/IkD
> /Zjh44ecYr8TNdfvyNJxL2YGTUZcfwyZETrMX/1ont7VfFU/xHuh1DE6R60vAtfB
> 8nEsqNc+FFocsKlEwQbVyt0XP54DPfPGzXX544NLfbaIr2/2JOk=
> =Bjfw
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: SSL on Tomcat

[Loai Abdallatif]

Thank you Guido

appreciate your assistance , and if possible send me any tutorial related
to my case ( apache server different than Tomcat , CAS app need SSL )

On Fri, Sep 28, 2018 at 11:40 AM Jäkel, Guido  wrote:

> Dear Loai,
>
> Your client can't very (don't trust) the certificate (chain) of the
> target. Either target's certificate is not an "official" one (e.g. self
> signed) or your clients JVM certificate trust chain is not up to date.
>
> I you like I may send you a small java commandline tool to check the
> verification chain and/or add exceptions to the local trust store in case
> of self-signed certificates.
>
> Guido
>
>
> >-Original Message-
> >From: Loai Abdallatif [mailto:loai.abdalla...@gmail.com]
> >Sent: Thursday, September 27, 2018 4:52 PM
> >To: Tomcat Users List 
> >Subject: Re: SSL on Tomcat
> >
> >hello, shall I add the certificate to server.xml on tomcat server or just
> on Webserver
> >
> >
> >On Thu, Sep 27, 2018 at 5:50 PM, Loai Abdallatif <
> loai.abdalla...@gmail.com <mailto:loai.abdalla...@gmail.com> > wrote:
> >
> >
> >   Hello,
> >
> >   I have Set Apache Load Balancer ( ModJK) with Server IP
> 192.168.1.120 (Webserver01.epsilon.test)  which forward the
> >traffic to tomcat server .(192.168.1.111 (appserver01.epsilon.test)
> >
> >
> >   each tomcat server has three workers ( 0,1,2)
> >
> >   I deployed Central Authentication Service (CAS)  on Worker0  and
> its  is working with warning related to ssl
> >Certificate, I have another Application on this worker0 called
> ServiceCatalog unfortunatly it didnt work and gave error as below
> >
> >
> >
> >
> >
> >
> >
> >
> >   ERROR org.jasig.cas.client.util.CommonUtils -
> sun.security.validator.ValidatorException: PKIX path building failed
> >: sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested
> >target
> >   javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.sec
> >urity.provider.certpath.SunCertPathBuilderException: unable to find valid
> certification path to requested target
> >   at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> >   at
> sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
> >   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
> >   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
> >   at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
> >   at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> >   at
> sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
> >   at
> sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
> >   at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> >   at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> >   at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> >   at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> >   at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> >   at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnectio
> >n.java:185)
> >   at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
> >   at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
> >   at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
> >   at
> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429)
> >   at
> org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(A
> >bstractCasProtocolUrlBasedTicketValidator.java:41)
> >   at
> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidato
> >r.java:193)
> >   at
> org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthentica
> >tionProvider.java:157)
> >   at
> org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticatio
> >nProvider.java:142)
> >
> >
> >
>
>

Re: SSL on Tomcat

[Loai Abdallatif]

hello, shall I add the certificate to server.xml on tomcat server or just
on Webserver

On Thu, Sep 27, 2018 at 5:50 PM, Loai Abdallatif 
wrote:

> Hello,
>
> I have Set Apache Load Balancer ( ModJK) with Server IP 192.168.1.120
> (Webserver01.epsilon.test)  which forward the traffic to tomcat server
> .(192.168.1.111 (appserver01.epsilon.test)
>
> each tomcat server has three workers ( 0,1,2)
>
> I deployed *Central Authentication Service* (CAS)  on Worker0  and its
> is working with warning related to ssl Certificate, I have another
> Application on this worker0 called ServiceCatalog unfortunatly it didnt
> work and gave error as below
>
>
>
>
>
>
> ERROR org.jasig.cas.client.util.CommonUtils - 
> sun.security.validator.ValidatorException:
> PKIX path building failed
>
>: 
> sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested
>
>target
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException:
> PKIX path building failed: sun.sec
>
> 
> urity.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
> at sun.security.ssl.ClientHandshaker.serverCertificate(
> ClientHandshaker.java:1614)
> at sun.security.ssl.ClientHandshaker.processMessage(
> ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
> at sun.security.ssl.SSLSocketImpl.readRecord(
> SSLSocketImpl.java:1072)
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(
> SSLSocketImpl.java:1385)
> at sun.security.ssl.SSLSocketImpl.startHandshake(
> SSLSocketImpl.java:1413)
> at sun.security.ssl.SSLSocketImpl.startHandshake(
> SSLSocketImpl.java:1397)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(
> HttpsClient.java:559)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnec
> tion.connect(AbstractDelegateHttpsURLConnectio
>
> n.java:185)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(
> HttpURLConnection.java:1564)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(
> HttpURLConnection.java:1492)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.
> getInputStream(HttpsURLConnectionImpl.java:263)
> at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(
> CommonUtils.java:429)
> at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTic
> ketValidator.retrieveResponseFromServer(A
>
> bstractCasProtocolUrlBasedTicketValidator.java:41)
> at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidato
> r.validate(AbstractUrlBasedTicketValidato
>
>  r.java:193)
> at org.springframework.security.cas.authentication.
> CasAuthenticationProvider.authenticateNow(CasAuthentica
>
>
> tionProvider.java:157)
> at org.springframework.security.cas.authentication.
> CasAuthenticationProvider.authenticate(CasAuthenticatio
>
>
> nProvider.java:142)
>
>

SSL on Tomcat

[Loai Abdallatif]

Hello,

I have Set Apache Load Balancer ( ModJK) with Server IP 192.168.1.120
(Webserver01.epsilon.test)  which forward the traffic to tomcat server
.(192.168.1.111 (appserver01.epsilon.test)

each tomcat server has three workers ( 0,1,2)

I deployed *Central Authentication Service* (CAS)  on Worker0  and its  is
working with warning related to ssl Certificate, I have another Application
on this worker0 called ServiceCatalog unfortunatly it didnt work and gave
error as below






ERROR org.jasig.cas.client.util.CommonUtils -
sun.security.validator.ValidatorException: PKIX path building
failed
: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to
requested
target
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.sec
urity.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnectio
n.java:185)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429)
at
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(A
bstractCasProtocolUrlBasedTicketValidator.java:41)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidato
r.java:193)
at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthentica
tionProvider.java:157)
at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticatio
nProvider.java:142)

Re: three layers model

[Loai Abdallatif]

Thanks Chris for your response

On Thu, Aug 9, 2018 at 8:37 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Loai,
>
> On 8/8/18 3:51 PM, Loai Abdallatif wrote:
> > Dear All
> >
> > I have java apps running over three tiers model ( Apache - modJK) ,
> > Tomcat 8.5.29, and postgress 9.4 cluster with repmgr and pgpool --
> > all the layers use same OS Debian 8.10
> >
> > we are planing to upgrade the OS to 9.5 and also upgrade the tomcat
> > to version 9 and JDK to version 9> Is there any comparability list
> > for using these components ?
>
> If the JRE runs, Tomcat should run. Barring any dependency issues
> (like things being removed from JREs that need to be added-back-in to
> support your application), any future JRE should work with any older
> Tomcat.
>
> There should really be no compatibility problems with Tomcat and the
> JRE. Your application, however, may have some compatibility issues
> with those upgrades.
>
> I you find any problems with Java 9 and Tomcat 9, please report them
> here. That configuration should certainly be supported.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltse8wACgkQHPApP6U8
> pFjeKA//UU0DhfLUoHp2NqWFMu/nXl9D/Ijr2fU8Kk9a2+ZikvUj9DkzUuBUHaEi
> Kb9hRqEurnwaB9OhvSAfhpxNJ+1FNrlCmH7Q0hTPP730h9VdJCJMaKiILZ196TKK
> HG2vdwq3xO8mS5xc17q3o/IfcIQFNN6gnz7OvovtkRnralkSRmPMyrmq5UXb9aeA
> M3a5iW7JNUO2TqYxmHzGgQ06CQH66xqY+JCnBe/ro9Jgahg/ulpHJT1ofpun95dq
> MYOMVoXz0+yq+AET4KhX5YDApIw7r6bopsUwjA/EySu+NhI3CGCDMfCJXi5GIVt/
> D4V0Y0tNCCDnaMlmaeJBuPImLdYc76jWckg2iHXqXSE6PNcwADYRWlbP6/Ijb0np
> Tng+6393kgwcnzPHaZmHEZHppsN/+CiDjV74nvL1hrVCDOyJvJILkpvyq/BVI7Yt
> 4nnTNLRrlmXUJcTjiS8g4dksfw6ilwxI3LdTHAplIj4TEC27JCwJGlX9yJSs3wc6
> ZOu3FEtwQsM6TfnTlQQ8sFzQXGzyua/ZM4iHsAjY68z8WbOktzA8ccS7pGOZ86KB
> 9tTfCMOat4BXdfASEJsbYMeLyRICMcDrLKgy4zDmzdlELKCFel+iLwyWgMb7rgP3
> bJGqrm1MA8s2J8U1nWV96LFp9Zmr0oO7qrYnRAgl40FlvYkYe/I=
> =iL1M
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

three layers model

[Loai Abdallatif]

Dear All

I have java apps running over three tiers model ( Apache - modJK) , Tomcat
8.5.29, and postgress 9.4 cluster with repmgr and pgpool -- all the layers
use same OS Debian 8.10

we are planing to upgrade the OS to 9.5 and also upgrade the tomcat to
version 9 and JDK to version 9

Is there any comparability list for using these components ?

Re: application goes down after restart the tomcat server 8.29 or restart the OS

[Loai Abdallatif]

Thanks Chris, you input  appreciated

On Fri, Jun 8, 2018 at 10:31 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Loai,
>
> On 6/7/18 5:26 PM, Loai Abdallatif wrote:
> > thanks Chris, yes the apps are dependent on each others
>
> Sounds like you need to loosen that requirement.
>
> Try techniques such as "lazy initialization", or even
> automated-retries if something isn't up the first time to try to
> connect to it.
>
> Good luck,
> - -chris
>
> > On Thu, Jun 7, 2018 at 5:12 PM, Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > Loai,
> >
> > On 6/6/18 4:32 PM, Loai Abdallatif wrote:
> >>>> Dear Colleagues I have HR application deployed on two tomcat
> >>>> workers , but when I restart the tomcat instance or restart
> >>>> the OS , then the application failed to start and just works
> >>>> if I re-deploy the application again , please advise
> >
> > My guess is that your application relies on load-order of
> > applications being initialized, and when one of the dependencies
> > isn't running, the application cannot start.
> >
> > If that's the case, you need to make sure that your applications
> > can tolerate unavailability of any dependencies during startup.
> >
> > -chris
> >>
> >> -
> >>
> >>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsa2ZIACgkQHPApP6U8
> pFhrWxAAs0YJgtBYpX/t0CMh2g57T6hHGMy8GDX1PnWIK4soJq+O9AXsecq9tdsj
> 9DQZ1zd1Bp4CeXQAy5JkUqcBD72TRArcly/4LUxQTNrftoPCnwK6kbyNYm3ftljE
> a07we37pAOXqxsaUyzlASQidq0uBhQVGzx4Q6UdhRKunsT95ddJUDBTlGJjV8qTa
> IoNpyzW11DSOPrYyZqFEq1nHwwkqpIuGUGOdNTWtS+O5i5g06YX1Et3Q7Gbpc9b7
> YsXALyYQ5o9K7Crq9qglPXukOqsKWnmX0oy7fhkFwrBYdQlV8STCzsGgh87bc1gx
> ltSA75pZ1gt/hqjQAXZwCpCb9PLvY6mDCpB6THou19QgMu4LwNTyxZRo4DlSBx5b
> +5PDkFO+MUISq7qfvjc6Qggn1RZ9KQF1PlwL7COcdjwwW3lLo7uRf9f4sQgT8IvT
> rzg4pSRPMJPRCngkoK6CrFnwCa4qO9esCsXAOBwpsSswSm/0lI5FfqQyaeCOynwT
> F1oCMWie99SE+xZo+iTgnxnxGJE+bJ3bJfw8xWw9Op9OCN3RHRS9MjPW6w+8hYUV
> slooqpR2b9+jzAjhefh/ewEJB9nE+8vi8keBJaIXqgQMh6w+jdE5NpqRJdCk64S2
> hORTO0+NTE84oMdkKPuA5EKg+NDcApWhalSJn4sphjhTSNBqtSE=
> =mpVz
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: application goes down after restart the tomcat server 8.29 or restart the OS

[Loai Abdallatif]

thanks Chris, yes the apps are dependent on each others

On Thu, Jun 7, 2018 at 5:12 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Loai,
>
> On 6/6/18 4:32 PM, Loai Abdallatif wrote:
> > Dear Colleagues I have HR application deployed on two tomcat
> > workers , but when I restart the tomcat instance or restart the OS
> > , then the application failed to start and just works if I
> > re-deploy the application again , please advise
>
> My guess is that your application relies on load-order of applications
> being initialized, and when one of the dependencies isn't running, the
> application cannot start.
>
> If that's the case, you need to make sure that your applications can
> tolerate unavailability of any dependencies during startup.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsZPTAACgkQHPApP6U8
> pFh0YRAAkCcE1TdQP9lMVtqHmsS3h80xgsxhKYXjeEKB19XRtEdT6IWbaggr6zDv
> QQKaNR6ewb3BOsO3Dokp9rZT8/iITVnJL0ni/9zXm3Ahc9q+2t9rQD2EhPFPsoOr
> +MeGgfE8LLRKUCq/75XuDo5wA28uaOyD9gVu1P9sdR9SBo2+ysNTXZfzS6haIF6H
> wtnRDlmfSJT4XR5PtDeC+yJjkQkNzGJIr5RxqDY6IqL+s7dE4yLakrsHpno5BgU5
> CPPU3PCUjixwf+XDDE3fnC5Gl/RsL2MSSrgEK8/+IIWJYVpTSKP2lPHWZFYTVNl/
> WrVLZz6B3rk613LwIRmZfmTcUOTYca7i7BDuSDihQkcR+O4kIFizSdGvnuUu4+9X
> LM6UDbBFcmeN9qB83fCU0ixju4zlAkZMlLKgZtDvh45V5I4CPdSZxQzK1kwz6ZU0
> AO8haplvGnUkZSSwJyaYSoMYDkaYOGHSWY1sXLaOCPomFPuiWiRZvp3Ny3K5EOjC
> +aEiOX1Twr1X6GdnNJpheXu4ojS6CUZIgqupgXIrX81MnRbtOcKxFiYIaFtFyFWU
> xNX+tyr6xcA+6Tkm0fn/lhsLLj5HI5L3saESyNFbgauArWeicU31EWCN3jXQaN3W
> dtyDbSJoJvJ5fPcgPvd+DT5zKQ2tX8MAz/zF3KiIfUNiT7PhZQI=
> =nNJ3
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

application goes down after restart the tomcat server 8.29 or restart the OS

[Loai Abdallatif]

Dear Colleagues
I have HR application deployed on two tomcat workers , but when I restart
the tomcat instance or restart the OS , then the application failed to
start and just works if I re-deploy the application again , please advise

Re: Worker0 ( catalina.out)

[Loai Abdallatif]

Thanks Christopher

On Mon, Apr 16, 2018 at 11:29 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Loai,
>
> Unfortunately, there really isn't enough information in your question
> to help you out.
>
> But it's fairly clear this is a problem with your application's use of
> Grails and/or Spring. Someone here might be able to help, but you are
> likely better off asking on a Grails or Spring-related forum.
>
> Thanks,
> - -chris
>
> On 4/16/18 3:45 PM, Loai Abdallatif wrote:
> > Also this error occurred in the same file ( catalina.out)
> >
> >
> > java.io.IOException: Did not receive successful HTTP response:
> > status code = 500, status message = [Internal Server Error] at
> > org.springframework.remoting.httpinvoker.
> > SimpleHttpInvokerRequestExecutor.validateResponse(
> > SimpleHttpInvokerRequestExecutor.java:186) at
> > org.springframework.remoting.httpinvoker.
> > SimpleHttpInvokerRequestExecutor.doExecuteRequest(
> > SimpleHttpInvokerRequestExecutor.java:93)
> >
> >
> > On Mon, Apr 16, 2018 at 10:43 PM, Loai Abdallatif
> > <loai.abdalla...@gmail.com
> >> wrote:
> >
> >> Hello every one
> >>
> >> I have deployed Core app in worker 0 and got the following error
> >>
> >>
> >> Receive call from the ESB. consumerKey
> >> SC-serviceName RemotePersonService-methodName getPerson
> >> --- serviceName
> >> RemotePersonService-methodNamegetPerson-Error-
> >> METHOD_NOT_FOUND(SC,RemotePersonService,getPerson)
> >> - ERROR StackTrace - Full Stack Trace:
> >> java.io.InvalidClassException:
> >> org.grails.datastore.gorm.support.BeforeValidateHelper; local
> >> class incompatible: stream classdesc serialVersionUID = 1, local
> >> class serialVersionUID = -8212532861964790326
> >>
> >> ERROR org.grails.web.errors.GrailsExceptionResolver -
> >> InvalidClassException occurred when processing request: [POST]
> >> /ServiceCatalog/httpinvoker/RemoteESBService
> >> org.grails.datastore.gorm.support.BeforeValidateHelper; local
> >> class incompatible: stream classdesc serialVersionUID = 1, local
> >> class serialVersionUID = -8212532861964790326. Stacktrace
> >> follows: java.io.InvalidClassException:
> >> org.grails.datastore.gorm.support.BeforeValidateHelper; local
> >> class incompatible: stream classdesc serialVersionUID = 1, local
> >> class serialVersionUID = -8212532861964790326 at
> >> java.io.ObjectStreamClass.initNonProxy(
> >> ObjectStreamClass.java:687)
> >>
> >>
> >>
> >
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlrVB7QACgkQHPApP6U8
> pFgSog/+OxhhPnje3Xrattf3qGunpG57/rJ9X1UBLGsQjX2voqg1l1LT/uYXRor8
> 8C7Wgv9IAEtRrxnPYzi5nxm38pSJ89bjbY+UiWxOFmVd0bj1WZH3QgGKjI64jtCg
> Sep0aDqOi3QgA0G7C7JAY3lw7FHudWgnt2sfvU2R/3XBHNUKwqZetWSd+oJ5lGuv
> 5ZN4S7XpyUJ3AO8WpaPi4+/xxK/nfPXdOeDSEQxTNjv4TFgeoCYkVE6POd2Pubhh
> M1HK+QhgWdu/kc/YNewYw1/pWxYs8ahYAYy5GIzo2I+O/6OfObqA2YOKxZXc77HT
> diwTCM2Bk15AwodX212IxnHNHPYCnuRdcTKCcC7gLyH1DfUG0Y32Ys2MXq3HOhew
> khJCshesG1gGLVBE96VxoLN+xM//rdlfEC7x6/tRHQJE3aw1FaTDw/g9h9Cl9i3x
> 6O5Sdd+biwB1i9MGQsoI9dvUHlcWg3I8/4UP52HVB2Hg+XOhluV4KON1z4f4DGR0
> 5EnK94cTsKlDKFOMlaTaM85HxeCT/Tz1lmCdo7yhwz8hxa+jTomGuak9r3AUxx4A
> /9XLmk0yk3X2kO5xKXKu3EKnhwXKNC+Fgro/hx5GS5wSY3f35vVpS9PpJXZYAWQ6
> PpoHbUClhReBHC1lB0UZ7//BRS/6i/atU/ddFQRPD0Mb+JUklm8=
> =riTx
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Worker0 ( catalina.out)

[Loai Abdallatif]

Also this error occurred in the same file ( catalina.out)


java.io.IOException: Did not receive successful HTTP response: status code
= 500, status message = [Internal Server Error]
at org.springframework.remoting.httpinvoker.
SimpleHttpInvokerRequestExecutor.validateResponse(
SimpleHttpInvokerRequestExecutor.java:186)
at org.springframework.remoting.httpinvoker.
SimpleHttpInvokerRequestExecutor.doExecuteRequest(
SimpleHttpInvokerRequestExecutor.java:93)


On Mon, Apr 16, 2018 at 10:43 PM, Loai Abdallatif <loai.abdalla...@gmail.com
> wrote:

> Hello every one
>
> I have deployed Core app in worker 0 and got the following error
>
>
> Receive call from the ESB.
> consumerKey SC-serviceName RemotePersonService-methodName getPerson
> ---
> serviceName RemotePersonService-methodNamegetPerson-Error-
> METHOD_NOT_FOUND(SC,RemotePersonService,getPerson)
> -
> ERROR StackTrace - Full Stack Trace:
> java.io.InvalidClassException: 
> org.grails.datastore.gorm.support.BeforeValidateHelper;
> local class incompatible: stream classdesc serialVersionUID = 1, local
> class serialVersionUID = -8212532861964790326
>
> ERROR org.grails.web.errors.GrailsExceptionResolver -
> InvalidClassException occurred when processing request: [POST]
> /ServiceCatalog/httpinvoker/RemoteESBService
> org.grails.datastore.gorm.support.BeforeValidateHelper; local class
> incompatible: stream classdesc serialVersionUID = 1, local class
> serialVersionUID = -8212532861964790326. Stacktrace follows:
> java.io.InvalidClassException: 
> org.grails.datastore.gorm.support.BeforeValidateHelper;
> local class incompatible: stream classdesc serialVersionUID = 1, local
> class serialVersionUID = -8212532861964790326
> at java.io.ObjectStreamClass.initNonProxy(
> ObjectStreamClass.java:687)
>
>
>

Worker0 ( catalina.out)

[Loai Abdallatif]

Hello every one

I have deployed Core app in worker 0 and got the following error


Receive call from the ESB.
consumerKey SC-serviceName RemotePersonService-methodName getPerson
---
serviceName
RemotePersonService-methodNamegetPerson-Error-METHOD_NOT_FOUND(SC,RemotePersonService,getPerson)
-
ERROR StackTrace - Full Stack Trace:
java.io.InvalidClassException:
org.grails.datastore.gorm.support.BeforeValidateHelper; local class
incompatible: stream classdesc serialVersionUID = 1, local class
serialVersionUID = -8212532861964790326

ERROR org.grails.web.errors.GrailsExceptionResolver - InvalidClassException
occurred when processing request: [POST]
/ServiceCatalog/httpinvoker/RemoteESBService
org.grails.datastore.gorm.support.BeforeValidateHelper; local class
incompatible: stream classdesc serialVersionUID = 1, local class
serialVersionUID = -8212532861964790326. Stacktrace follows:
java.io.InvalidClassException:
org.grails.datastore.gorm.support.BeforeValidateHelper; local class
incompatible: stream classdesc serialVersionUID = 1, local class
serialVersionUID = -8212532861964790326
at
java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:687)

Re: Webapp not working

[Loai Abdallatif]

Here also access logs of apache
192.168.1.17 - - [14/Apr/2018:14:50:26 +0100] "GET /Core/ HTTP/1.1" 404
1295 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/49.0.2623.112 Safari/537.36"
192.168.1.17 - - [14/Apr/2018:14:50:28 +0100] "GET /Core/ HTTP/1.1" 404
1294 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/49.0.2623.112 Safari/537.36"


On Sat, Apr 14, 2018 at 6:59 PM, Loai Abdallatif <loai.abdalla...@gmail.com>
wrote:

> Hi Andre
>
> thanks for your response.
>
> 1- the logs belong to tomcat servers ( 
> appserver01.domain._access_log.2018-04-14.txt
> )
> 2+3- Im using Debian 8.10,  Apache/2.4.10 (Debian)   , : mod_jk/1.2.43 ,
> Tomcat : 8.5.29
> 4- I have one app in worker0 and its working, but the apps in worker1 and
> worker2 doesnt work
> 5- I got the same error when accessing the web server ( 192.168.1.210/Core)
> and when accessing the tomcat server 192.168.1.211:8081/Core
>
>
> On Sat, Apr 14, 2018 at 6:33 PM, André Warnier (tomcat) <a...@ice-sa.com>
> wrote:
>
>> On 14.04.2018 17:02, Loai Abdallatif wrote:
>>
>>> HI every one
>>>
>>> Im using apache mod-jk with tomcat , i have three workers ( worker0-2)
>>> and
>>> each one has app.
>>> I have obtaining webabb called Core from development team. I have placed
>>> it
>>> into webapps directory of worker1 . but unfortunatly I got two errors
>>> related to 302, 404, any one can help.
>>>
>>> the error is below:
>>>
>>> 192.168.1.17 - - [14/Apr/2018:19:42:27 +0300] "GET /Core/ HTTP/1.1" 404
>>> 1083 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
>>> Gecko) Chrome/49.0.2623.112 Safari/537.36"
>>> 192.168.1.17 - - [14/Apr/2018:19:47:08 +0300] "GET /Core HTTP/1.1" 302 -
>>> "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko)
>>> Chrome/49.0.2623.112 Safari/537.36"
>>> 192.168.1.17 - - [14/Apr/2018:19:47:08 +0300] "GET /Core/ HTTP/1.1" 404
>>> 1083 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
>>> Gecko) Chrome/49.0.2623.112 Safari/537.36"
>>> 192.168.1.17 - - [14/Apr/2018:19:51:52 +0300] "GET /Core/ HTTP/1.1" 404
>>> 1083 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
>>> Gecko) Chrome/49.0.2623.112 Safari/537.36"
>>> 192.168.1.17 - - [14/Apr/2018:19:52:04 +0300] "GET /Core HTTP/1.1" 302 -
>>> "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko)
>>> Chrome/49.0.2623.112 Safari/537.36"
>>> 192.168.1.17 - - [14/Apr/2018:19:52:04 +0300] "GET /Core/ HTTP/1.1" 404
>>> 1083 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
>>> Gecko) Chrome/49.0.2623.112 Safari/537.36"
>>> 192.168.1.17 - - [14/Apr/2018:19:52:04 +0300] "GET /favicon.ico HTTP/1.1"
>>> 404 1085 "http://192.168.1.211:8081/Core/; "Mozilla/5.0 (Windows NT 6.0)
>>> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112
>>> Safari/537.36"
>>>
>>>
>> 1) Is that log above the Apache httpd access log, or the Tomcat access
>> log ?
>> 2) in any case, you should have a look at the tomcat logs
>> 3) you should also communicate the OS under which this is running, and as
>> a minimum, the version of Apache httpd, and the version of tomcat. Since
>> you are using mod_jk, the version of mod_jk would help also (you can find
>> it in the first line printed by Apache httpd in it's error log).
>> 4) As about the only thing that can be said at this time, with the
>> limited data above, is this :
>> if you have 3 workers, in the standard configuration, the Apache
>> httpd-side mod_jk module will rotate ("round-robin", one request at a time)
>> between these workers, to process browser requests. If you have only one
>> application under tomcat, it should be installed *on each of the tomcats*,
>> not just on one. If the application is installed only on one worker, then 2
>> requests out of every 3 will fail.
>> 5) also :
>> - HTTP status code 302 is not an error, it is a "redirect". It happens
>> because the client is requesting "/Core" instead of "/Core/".  Apache httpd
>> automatically sends this redirect to "/Core/", like to tell the browser
>> that it should speak correctly.
>> The next request that 

Re: Webapp not working

[Loai Abdallatif]

Hi Andre

thanks for your response.

1- the logs belong to tomcat servers (
appserver01.domain._access_log.2018-04-14.txt
)
2+3- Im using Debian 8.10,  Apache/2.4.10 (Debian)   , : mod_jk/1.2.43 ,
Tomcat : 8.5.29
4- I have one app in worker0 and its working, but the apps in worker1 and
worker2 doesnt work
5- I got the same error when accessing the web server ( 192.168.1.210/Core)
and when accessing the tomcat server 192.168.1.211:8081/Core


On Sat, Apr 14, 2018 at 6:33 PM, André Warnier (tomcat) <a...@ice-sa.com>
wrote:

> On 14.04.2018 17:02, Loai Abdallatif wrote:
>
>> HI every one
>>
>> Im using apache mod-jk with tomcat , i have three workers ( worker0-2) and
>> each one has app.
>> I have obtaining webabb called Core from development team. I have placed
>> it
>> into webapps directory of worker1 . but unfortunatly I got two errors
>> related to 302, 404, any one can help.
>>
>> the error is below:
>>
>> 192.168.1.17 - - [14/Apr/2018:19:42:27 +0300] "GET /Core/ HTTP/1.1" 404
>> 1083 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
>> Gecko) Chrome/49.0.2623.112 Safari/537.36"
>> 192.168.1.17 - - [14/Apr/2018:19:47:08 +0300] "GET /Core HTTP/1.1" 302 -
>> "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko)
>> Chrome/49.0.2623.112 Safari/537.36"
>> 192.168.1.17 - - [14/Apr/2018:19:47:08 +0300] "GET /Core/ HTTP/1.1" 404
>> 1083 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
>> Gecko) Chrome/49.0.2623.112 Safari/537.36"
>> 192.168.1.17 - - [14/Apr/2018:19:51:52 +0300] "GET /Core/ HTTP/1.1" 404
>> 1083 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
>> Gecko) Chrome/49.0.2623.112 Safari/537.36"
>> 192.168.1.17 - - [14/Apr/2018:19:52:04 +0300] "GET /Core HTTP/1.1" 302 -
>> "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko)
>> Chrome/49.0.2623.112 Safari/537.36"
>> 192.168.1.17 - - [14/Apr/2018:19:52:04 +0300] "GET /Core/ HTTP/1.1" 404
>> 1083 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
>> Gecko) Chrome/49.0.2623.112 Safari/537.36"
>> 192.168.1.17 - - [14/Apr/2018:19:52:04 +0300] "GET /favicon.ico HTTP/1.1"
>> 404 1085 "http://192.168.1.211:8081/Core/; "Mozilla/5.0 (Windows NT 6.0)
>> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"
>>
>>
> 1) Is that log above the Apache httpd access log, or the Tomcat access log
> ?
> 2) in any case, you should have a look at the tomcat logs
> 3) you should also communicate the OS under which this is running, and as
> a minimum, the version of Apache httpd, and the version of tomcat. Since
> you are using mod_jk, the version of mod_jk would help also (you can find
> it in the first line printed by Apache httpd in it's error log).
> 4) As about the only thing that can be said at this time, with the limited
> data above, is this :
> if you have 3 workers, in the standard configuration, the Apache
> httpd-side mod_jk module will rotate ("round-robin", one request at a time)
> between these workers, to process browser requests. If you have only one
> application under tomcat, it should be installed *on each of the tomcats*,
> not just on one. If the application is installed only on one worker, then 2
> requests out of every 3 will fail.
> 5) also :
> - HTTP status code 302 is not an error, it is a "redirect". It happens
> because the client is requesting "/Core" instead of "/Core/".  Apache httpd
> automatically sends this redirect to "/Core/", like to tell the browser
> that it should speak correctly.
> The next request that you see above after the 302, is a correct request
> for "/Core/", but it fails (with a 404 "not found" response) because Apache
> httpd (or tomcat) does not find the resource corresponding to "/Core/".
> That may be for 2 reasons :
> a) your mod_jk configuration is incorrect, and Apache httpd does not know
> that it should forward this request to tomcat.  Httpd them tries to serve
> it locally, but it does not have a resource named "/Core/" either, so it
> returns the 404.
> or
> b) the request is correctly forwarded by httpd to *one of the tomcat
> workers*, but that worker does not have any application matching "/Core/",
> so it returns a 404 to Apache, which returns it to the browser.
> The 404 return pages of Apache httpd and tomcat have a different style, so
> you should be able to see in the browser which one you are getting.
>
> But again, look at the error logs first, both at the Apache httpd level,
> and the tomcat level.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Webapp not working

[Loai Abdallatif]

HI every one

Im using apache mod-jk with tomcat , i have three workers ( worker0-2) and
each one has app.
I have obtaining webabb called Core from development team. I have placed it
into webapps directory of worker1 . but unfortunatly I got two errors
related to 302, 404, any one can help.

the error is below:

192.168.1.17 - - [14/Apr/2018:19:42:27 +0300] "GET /Core/ HTTP/1.1" 404
1083 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/49.0.2623.112 Safari/537.36"
192.168.1.17 - - [14/Apr/2018:19:47:08 +0300] "GET /Core HTTP/1.1" 302 -
"-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/49.0.2623.112 Safari/537.36"
192.168.1.17 - - [14/Apr/2018:19:47:08 +0300] "GET /Core/ HTTP/1.1" 404
1083 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/49.0.2623.112 Safari/537.36"
192.168.1.17 - - [14/Apr/2018:19:51:52 +0300] "GET /Core/ HTTP/1.1" 404
1083 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/49.0.2623.112 Safari/537.36"
192.168.1.17 - - [14/Apr/2018:19:52:04 +0300] "GET /Core HTTP/1.1" 302 -
"-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/49.0.2623.112 Safari/537.36"
192.168.1.17 - - [14/Apr/2018:19:52:04 +0300] "GET /Core/ HTTP/1.1" 404
1083 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/49.0.2623.112 Safari/537.36"
192.168.1.17 - - [14/Apr/2018:19:52:04 +0300] "GET /favicon.ico HTTP/1.1"
404 1085 "http://192.168.1.211:8081/Core/; "Mozilla/5.0 (Windows NT 6.0)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"

Re: worker0 tomcat ,manager is not wotking

[Loai Abdallatif]

Thanks Schultz

the error is described in the url link below, The issue has been fixed
using following these steps:

   - Go to Tomcat installation and then /opt/worker0/webapps/manager/
   META-INF
   - Open context.xml and comment Valve section as below, and it now works
   fine, but why is that happened?

   **  


source : https://geekflare.com/tomcat-login-problem/

On Tue, Mar 20, 2018 at 12:32 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Loai,
>
> On 3/19/18 4:43 PM, Loai Abdallatif wrote:
> > I have running three tomcat instances worker0,worker1 and worker2
> >
> > the http connector to workero is listening on port 8080 but the
> > manager is not opening as below and the tomcat-users.xml is
> > configured as this:
> >
> > root@appserver01:/opt/worker0/conf# cat tomcat-users.xml  > version="1.0" encoding="utf-8"?>   > rolename="manager-gui"/>  > password="password" roles="manager-gui"/> 
> >
> > unfortunatly still not working and keep sending forbidden as below
>
> Your image was stripped from the mailing list. Can you find a way to
> show the problem using text only?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqwOogdHGNocmlzQGNo
> cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFjP7w/6Ah5ZC6Y+jZz1R0VT
> CxqPg1HpD5eRZLrxvBXodo1CqkHHZsJhdI82HrtnSOpBvqr4o9+Bp9M6X/3lubvn
> A5e+zrNSslVCpALd3r8qUJxwdcK/EcHKVruUHAee7U61Y0wz1JXLhjtX+etARA4w
> 1AioSXc5o2R3JC5ssKAoFT6fg8vzh9JRXkSF8HM4g6RpU3ynR2Zh2Ixoa6Fl8Mf5
> j+4UPuvBJnn/pX76RWn2cfEPGwK6sjn7rgNBMz/qEZhXC8otLfPGYOc4Tn/otImO
> yDeuqetssNd99iw7LAaHB5gm3biqfr5TN3pqBvVojpqqmlDL+XJIYAn2Rik/w9rC
> jzzcuU9eox/iCONPVheywjjafH89onYlkW4Dy/xMF/G7+bAMyzHxSFWzhst7PSZJ
> 7aG2FKVo1m10OThEPtFZkembz6tYxpzSx2V+nxvD5P6BqxCQwW8I8BAHIyemStK5
> LRBRBKtz4yS7fBJdz+YEjJU49XAtwDR+aF41pv3gv5rrbkroysPoCPgOQI+Xo/wR
> bLsAkYp5y8XPoMWVqCT1KOCE2zkVA3kt1vWpEP6kzsElQUQUpG2E5PU93WZ2q5j/
> svGGJlSffcsXhUrxSYc1kj8N7EUZasKl1yEWVBHsjGR4TjYkbu5JQIqtVKcjIdAv
> fmRGxlQqqQuj+5q9m9UKb+tIA1M=
> =QBdh
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

worker0 tomcat ,manager is not wotking

[Loai Abdallatif]

Dear Friends ,

I have running three tomcat instances worker0,worker1 and worker2

the http connector to workero is listening on port 8080
but the manager is not opening as below and the tomcat-users.xml is
configured as this:

root@appserver01:/opt/worker0/conf# cat tomcat-users.xml


   
   


unfortunatly still not working and keep sending forbidden as below

Re: TCP6

[Loai Abdallatif]

Yes sure, I have added the below lines to /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1net.ipv6.conf.default.disable_ipv6 =
1net.ipv6.conf.lo.disable_ipv6 = 1net.ipv6.conf.eth0.disable_ipv6 = 1



On Sun, Mar 18, 2018 at 4:14 PM, André Warnier (tomcat) <a...@ice-sa.com>
wrote:

> On 18.03.2018 15:06, Loai Abdallatif wrote:
>
>> Hello All
>>
>> I disabled ip6
>>
>
> thanks for saying that, but you do not say how you did that.
> Please say, so that future readers of the tomcat users mailing lists
> archives
> (http://tomcat.apache.org/lists.html#Apache_Tomcat_Mailing_Lists)
> will find it, and not need to ask again.
>
>  and restarted the machine , and its working now\
>
>> root@appserver01:/opt/tomcat/controller# netstat -antp
>> Active Internet connections (servers and established)
>> Proto Recv-Q Send-Q Local Address   Foreign Address
>> State   PID/Program name
>> tcp0  0 10.160.180.99:4002  0.0.0.0:*
>> LISTEN  871/java
>> tcp0  0 10.160.180.99:8005  0.0.0.0:*
>> LISTEN  730/java
>> tcp0  0 0.0.0.0:46022   0.0.0.0:*
>> LISTEN  422/rpc.statd
>> tcp0  0 10.160.180.99:8105  0.0.0.0:*
>> LISTEN  799/java
>> tcp0  0 10.160.180.99:8009  0.0.0.0:*
>> LISTEN  730/java
>> tcp0  0 10.160.180.99:8109  0.0.0.0:*
>> LISTEN  799/java
>> tcp0  0 0.0.0.0:111 0.0.0.0:*
>> LISTEN  413/rpcbind
>> tcp0  0 10.160.180.99:8080  0.0.0.0:*
>> LISTEN  730/java
>> tcp0  0 10.160.180.99:8209  0.0.0.0:*
>> LISTEN  871/java
>> tcp0  0 10.160.180.99:8081  0.0.0.0:*
>> LISTEN  799/java
>> tcp0  0 10.160.180.99:8082  0.0.0.0:*
>> LISTEN  871/java
>> tcp0  0 0.0.0.0:22  0.0.0.0:*
>> LISTEN  457/sshd
>> tcp0  0 10.160.180.99:4000  0.0.0.0:*
>> LISTEN  730/java
>> tcp0  0 10.160.180.99:4001  0.0.0.0:*
>> LISTEN  799/java
>> tcp0464 10.160.180.99:2210.160.1.14:54236
>> ESTABLISHED 710/0
>> tcp0  0 10.160.180.99:35993 10.160.180.99:4001
>> TIME_WAIT   -
>> tcp0  0 10.160.180.99:56843 10.160.180.99:4002
>> TIME_WAIT   -
>> tcp0  0 10.160.180.99:56842 10.160.180.99:4002
>> TIME_WAIT   -
>> tcp0  0 10.160.180.99:56889 10.160.180.99:4000
>> TIME_WAIT   -
>> tcp6   0  0 :::111  :::*
>> LISTEN  413/rpcbind
>> tcp6   0  0 :::22   :::*
>> LISTEN  457/sshd
>> tcp6   0  0 :::50203:::*
>> LISTEN  422/rpc.statd
>>
>>
>> On Sun, Mar 18, 2018 at 3:56 PM, M. Manna <manme...@gmail.com> wrote:
>>
>> In your server.xml add address="0.0.0.0" for connector.
>>>
>>> On 18 Mar 2018 1:04 pm, "Loai Abdallatif" <loai.abdalla...@gmail.com>
>>> wrote:
>>>
>>> Dear Friends
>>>>
>>>> *root@appserver01:~# netstat -antp*
>>>> I have started  three tomcat instances on one debian server and I got
>>>> the
>>>> following netstat output:
>>>> how I force the tomcat to bind to tcp instead of tcp6
>>>>
>>>>
>>>> tcp6   0  0 10.160.180.99:8005  :::*
>>>> LISTEN  742/java
>>>> tcp6   0  0 10.160.180.99:8105  :::*
>>>> LISTEN  804/java
>>>> tcp6   0  0 10.160.180.99:8009  :::*
>>>> LISTEN  742/java
>>>> tcp6   0  0 10.160.180.99:8109  :::*
>>>> LISTEN  804/java
>>>> tcp6   0  0 :::111  :::*
>>>> LISTEN  416/rpcbind
>>>> tcp6   0  0 10.160.180.99:8080  :::*
>>>> LISTEN  742/java
>>>> tcp6   0  0 10.160.180.99:8081  :::*
>>>> LISTEN  804/java
>>>> tcp6   0  0 :::22   :::*
>>>> LISTEN  496/sshd
>>>> tcp6   0  0 ::1:25  :::*
>>>> LISTEN  709/exim4
>>>> tcp6   0  0 :::39098:::*
>>>> LISTEN  425/rpc.statd
>>>> tcp6   0  0 10.160.180.99:4000  :::*
>>>> LISTEN  742/java
>>>> tcp6   0  0 10.160.180.99:4001  :::*
>>>> LISTEN  804/java
>>>>
>>>>
>>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: TCP6

[Loai Abdallatif]

Hello All

I disabled ip6 and restarted the machine , and its working now\
root@appserver01:/opt/tomcat/controller# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address   Foreign Address
State   PID/Program name
tcp0  0 10.160.180.99:4002  0.0.0.0:*
LISTEN  871/java
tcp0  0 10.160.180.99:8005  0.0.0.0:*
LISTEN  730/java
tcp0  0 0.0.0.0:46022   0.0.0.0:*
LISTEN  422/rpc.statd
tcp0  0 10.160.180.99:8105  0.0.0.0:*
LISTEN  799/java
tcp0  0 10.160.180.99:8009  0.0.0.0:*
LISTEN  730/java
tcp0  0 10.160.180.99:8109  0.0.0.0:*
LISTEN  799/java
tcp0  0 0.0.0.0:111 0.0.0.0:*
LISTEN  413/rpcbind
tcp0  0 10.160.180.99:8080  0.0.0.0:*
LISTEN  730/java
tcp0  0 10.160.180.99:8209  0.0.0.0:*
LISTEN  871/java
tcp0  0 10.160.180.99:8081  0.0.0.0:*
LISTEN  799/java
tcp0  0 10.160.180.99:8082  0.0.0.0:*
LISTEN  871/java
tcp0  0 0.0.0.0:22  0.0.0.0:*
LISTEN  457/sshd
tcp0  0 10.160.180.99:4000  0.0.0.0:*
LISTEN  730/java
tcp0  0 10.160.180.99:4001  0.0.0.0:*
LISTEN  799/java
tcp0464 10.160.180.99:2210.160.1.14:54236
ESTABLISHED 710/0
tcp0  0 10.160.180.99:35993 10.160.180.99:4001
TIME_WAIT   -
tcp0  0 10.160.180.99:56843 10.160.180.99:4002
TIME_WAIT   -
tcp0  0 10.160.180.99:56842 10.160.180.99:4002
TIME_WAIT   -
tcp0  0 10.160.180.99:56889 10.160.180.99:4000
TIME_WAIT   -
tcp6   0  0 :::111  :::*
LISTEN  413/rpcbind
tcp6   0  0 :::22   :::*
LISTEN  457/sshd
tcp6   0  0 :::50203:::*
LISTEN  422/rpc.statd


On Sun, Mar 18, 2018 at 3:56 PM, M. Manna <manme...@gmail.com> wrote:

> In your server.xml add address="0.0.0.0" for connector.
>
> On 18 Mar 2018 1:04 pm, "Loai Abdallatif" <loai.abdalla...@gmail.com>
> wrote:
>
> > Dear Friends
> >
> > *root@appserver01:~# netstat -antp*
> > I have started  three tomcat instances on one debian server and I got the
> > following netstat output:
> > how I force the tomcat to bind to tcp instead of tcp6
> >
> >
> > tcp6   0  0 10.160.180.99:8005  :::*
> > LISTEN  742/java
> > tcp6   0  0 10.160.180.99:8105  :::*
> > LISTEN  804/java
> > tcp6   0  0 10.160.180.99:8009  :::*
> > LISTEN  742/java
> > tcp6   0  0 10.160.180.99:8109  :::*
> > LISTEN  804/java
> > tcp6   0  0 :::111  :::*
> > LISTEN  416/rpcbind
> > tcp6   0  0 10.160.180.99:8080  :::*
> > LISTEN  742/java
> > tcp6   0  0 10.160.180.99:8081  :::*
> > LISTEN  804/java
> > tcp6   0  0 :::22   :::*
> > LISTEN  496/sshd
> > tcp6   0  0 ::1:25  :::*
> > LISTEN  709/exim4
> > tcp6   0  0 :::39098:::*
> > LISTEN  425/rpc.statd
> > tcp6   0  0 10.160.180.99:4000  :::*
> > LISTEN  742/java
> > tcp6   0  0 10.160.180.99:4001  :::*
> > LISTEN  804/java
> >
>

Re: TCP6

[Loai Abdallatif]

I will thanks

On Sun, Mar 18, 2018 at 3:56 PM, M. Manna <manme...@gmail.com> wrote:

> In your server.xml add address="0.0.0.0" for connector.
>
> On 18 Mar 2018 1:04 pm, "Loai Abdallatif" <loai.abdalla...@gmail.com>
> wrote:
>
> > Dear Friends
> >
> > *root@appserver01:~# netstat -antp*
> > I have started  three tomcat instances on one debian server and I got the
> > following netstat output:
> > how I force the tomcat to bind to tcp instead of tcp6
> >
> >
> > tcp6   0  0 10.160.180.99:8005  :::*
> > LISTEN  742/java
> > tcp6   0  0 10.160.180.99:8105  :::*
> > LISTEN  804/java
> > tcp6   0  0 10.160.180.99:8009  :::*
> > LISTEN  742/java
> > tcp6   0  0 10.160.180.99:8109  :::*
> > LISTEN  804/java
> > tcp6   0  0 :::111  :::*
> > LISTEN  416/rpcbind
> > tcp6   0  0 10.160.180.99:8080  :::*
> > LISTEN  742/java
> > tcp6   0  0 10.160.180.99:8081  :::*
> > LISTEN  804/java
> > tcp6   0  0 :::22   :::*
> > LISTEN  496/sshd
> > tcp6   0  0 ::1:25  :::*
> > LISTEN  709/exim4
> > tcp6   0  0 :::39098:::*
> > LISTEN  425/rpc.statd
> > tcp6   0  0 10.160.180.99:4000  :::*
> > LISTEN  742/java
> > tcp6   0  0 10.160.180.99:4001  :::*
> > LISTEN  804/java
> >
>

Re: TCP6

[Loai Abdallatif]

yes

On Sun, Mar 18, 2018 at 3:56 PM, Neven Cvetkovic <neven.cvetko...@gmail.com>
wrote:

> On Sun, Mar 18, 2018 at 2:04 PM, Loai Abdallatif <
> loai.abdalla...@gmail.com>
> wrote:
>
> > Dear Friends
> >
> > *root@appserver01:~# netstat -antp*
> > I have started  three tomcat instances on one debian server and I got the
> > following netstat output:
> > how I force the tomcat to bind to tcp instead of tcp6
> >
> >
> > tcp6   0  0 10.160.180.99:8005  :::*
> > LISTEN  742/java
> > tcp6   0  0 10.160.180.99:8105  :::*
> > LISTEN  804/java
> > tcp6   0  0 10.160.180.99:8009  :::*
> > LISTEN  742/java
> > tcp6   0  0 10.160.180.99:8109  :::*
> > LISTEN  804/java
> > tcp6   0  0 :::111  :::*
> > LISTEN  416/rpcbind
> > tcp6   0  0 10.160.180.99:8080  :::*
> > LISTEN  742/java
> > tcp6   0  0 10.160.180.99:8081  :::*
> > LISTEN  804/java
> > tcp6   0  0 :::22   :::*
> > LISTEN  496/sshd
> > tcp6   0  0 ::1:25  :::*
> > LISTEN  709/exim4
> > tcp6   0  0 :::39098:::*
> > LISTEN  425/rpc.statd
> > tcp6   0  0 10.160.180.99:4000  :::*
> > LISTEN  742/java
> > tcp6   0  0 10.160.180.99:4001  :::*
> > LISTEN  804/java
> >
>
> Loai,
>
> You did bind to IPv4 addresses, e.g. 10.160.180.99
>
> 8005 - shutdown port
> 8105 - probably shutdown port for your second Tomcat instance
> 8009 - probably your AJP port
> 8109 - probably your AJP port for your second Tomcat instance
> 8080 - http port
> 8081 - http port for your second Tomcat instance
>
> Cheers!
> Neven
>

Re: TCP6

[Loai Abdallatif]

Thanks

On Sun, Mar 18, 2018 at 3:57 PM, André Warnier (tomcat) <a...@ice-sa.com>
wrote:

> On 18.03.2018 14:04, Loai Abdallatif wrote:
>
>> Dear Friends
>>
>> *root@appserver01:~# netstat -antp*
>> I have started  three tomcat instances on one debian server and I got the
>> following netstat output:
>> how I force the tomcat to bind to tcp instead of tcp6
>>
>
> Hi.  As far as I know, this is more of a "java thing" than a "tomcat
> thing".
> (per "java" I mean the JVM that runs tomcat).
> Search Google for "java prefer ipv4" for some answers.
>
>
>>
>> tcp6   0  0 10.160.180.99:8005  :::*
>> LISTEN  742/java
>> tcp6   0  0 10.160.180.99:8105  :::*
>> LISTEN  804/java
>> tcp6   0  0 10.160.180.99:8009  :::*
>> LISTEN  742/java
>> tcp6   0  0 10.160.180.99:8109  :::*
>> LISTEN  804/java
>> tcp6   0  0 :::111  :::*
>> LISTEN  416/rpcbind
>> tcp6   0  0 10.160.180.99:8080  :::*
>> LISTEN  742/java
>> tcp6   0  0 10.160.180.99:8081  :::*
>> LISTEN  804/java
>> tcp6   0  0 :::22   :::*
>> LISTEN  496/sshd
>> tcp6   0  0 ::1:25  :::*
>> LISTEN  709/exim4
>> tcp6   0  0 :::39098:::*
>> LISTEN  425/rpc.statd
>> tcp6   0  0 10.160.180.99:4000  :::*
>> LISTEN  742/java
>> tcp6   0  0 10.160.180.99:4001  :::*
>> LISTEN  804/java
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

TCP6

[Loai Abdallatif]

Dear Friends

*root@appserver01:~# netstat -antp*
I have started  three tomcat instances on one debian server and I got the
following netstat output:
how I force the tomcat to bind to tcp instead of tcp6


tcp6   0  0 10.160.180.99:8005  :::*
LISTEN  742/java
tcp6   0  0 10.160.180.99:8105  :::*
LISTEN  804/java
tcp6   0  0 10.160.180.99:8009  :::*
LISTEN  742/java
tcp6   0  0 10.160.180.99:8109  :::*
LISTEN  804/java
tcp6   0  0 :::111  :::*
LISTEN  416/rpcbind
tcp6   0  0 10.160.180.99:8080  :::*
LISTEN  742/java
tcp6   0  0 10.160.180.99:8081  :::*
LISTEN  804/java
tcp6   0  0 :::22   :::*
LISTEN  496/sshd
tcp6   0  0 ::1:25  :::*
LISTEN  709/exim4
tcp6   0  0 :::39098:::*
LISTEN  425/rpc.statd
tcp6   0  0 10.160.180.99:4000  :::*
LISTEN  742/java
tcp6   0  0 10.160.180.99:4001  :::*
LISTEN  804/java

Re: I cant start Tomcat instances

[Loai Abdallatif]

Thanks Olaf very much , I will review he steps

On Sun, Mar 18, 2018 at 12:13 PM, Olaf Kock <tom...@olafkock.de> wrote:

>
>
> On 17.03.2018 19:16, Loai Abdallatif wrote:
>
>> actually all of them has X permissions
>>
>> -rwxr--r-- 1 root   root  70 Mar 17 11:59 shutdown-instance0.sh
>> -rwxr--r-- 1 root   root  70 Mar 17 11:48 shutdown-instance1.sh
>> -rwxr--r-- 1 root   root  70 Mar 17 11:59 shutdown-instance2.sh
>> -rwxr--r-- 1 root   root  69 Mar 17 11:58 startup-instance0.sh
>> -rwxr--r-- 1 tomcat root  69 Mar 17 11:46 startup-instance1.sh
>> -rwxr--r-- 1 tomcat root  69 Mar 17 11:59 startup-instance2.sh
>>
>
> well, there's one problem: The first 4 files have x permission for root,
> but not for the unprivileged user "tomcat" - and I hope that you're not
> starting tomcat as root. You'd look for rwxr-xr-x permission on those files.
>
> Following up on my other answer, to have both in one:
>
> root@appserver01:/opt/tomcat0# cat startup-instance0.sh
>>>> export CATALINA_BASE=/opt/tomcat0
>>>> cd $CATALINA_HOME/bin
>>>> ./startup.sh
>>>>
>>>
> Note that you set BASE but cd to HOME - try to see what happens by
> changing the file to
>
>echo "running as user: "
>whoami
>export CATALINA_BASE=/opt/tomcat0
>echo "cd-ing to " $CATALINA_HOME/bin
>cd $CATALINA_HOME/bin
>echo "current working directory after cd"
>pwd
>./startup.sh
>
> Note: I've copied from your file and just added some lines.
>
> report that output.
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: I cant start Tomcat instances

[Loai Abdallatif]

actually all of them has X permissions

-rwxr--r-- 1 root   root  70 Mar 17 11:59 shutdown-instance0.sh
-rwxr--r-- 1 root   root  70 Mar 17 11:48 shutdown-instance1.sh
-rwxr--r-- 1 root   root  70 Mar 17 11:59 shutdown-instance2.sh
-rwxr--r-- 1 root   root  69 Mar 17 11:58 startup-instance0.sh
-rwxr--r-- 1 tomcat root  69 Mar 17 11:46 startup-instance1.sh
-rwxr--r-- 1 tomcat root  69 Mar 17 11:59 startup-instance2.sh


On Sat, Mar 17, 2018 at 3:39 PM, Stefan Frei <stefan.a.f...@gmail.com>
wrote:

> check the permissons on the .sh files (chmod +x)
>
> 2018-03-17 14:16 GMT+01:00 Loai Abdallatif <loai.abdalla...@gmail.com>:
> > Dear Colleagues
> > I'm new to tomcat, I have successfully installed the service but when I
> > tried to run three instances I coudnt  due to error below
> >
> > : the this I did is copied the cataline Home to three instances tomcat0,
> > tomcat1, and tomcat2 directories
> >
> > and in each directory I have configured the connectors ports, AJP port
> and
> > addresses .
> > the tomcat main instance is working but I think the problem is that in
> > CATALINA_BASE .but I dont know how to instruct the statup script
> >
> >
> > root@appserver01:/opt/tomcat0# ./startup-instance0.sh
> > ./startup-instance0.sh: line 3: ./startup.sh: No such file or directory
> > root@appserver01:/opt/tomcat0#
> > root@appserver01:/opt/tomcat0#
> > root@appserver01:/opt/tomcat0# cat startup-instance0.sh
> > export CATALINA_BASE=/opt/tomcat0
> > cd $CATALINA_HOME/bin
> > ./startup.sh
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: I cant start Tomcat instances

[Loai Abdallatif]

Thanks Olaf

so how to tell the tomcat the instance 0 to take its config from  tomcat0
directory .


On Sat, Mar 17, 2018 at 3:39 PM, Olaf Kock <tom...@olafkock.de> wrote:

>
>
> On 17.03.2018 14:16, Loai Abdallatif wrote:
>
>> Dear Colleagues
>> I'm new to tomcat, I have successfully installed the service but when I
>> tried to run three instances I coudnt  due to error below
>>
>> : the this I did is copied the cataline Home to three instances tomcat0,
>> tomcat1, and tomcat2 directories
>>
>> and in each directory I have configured the connectors ports, AJP port and
>> addresses .
>> the tomcat main instance is working but I think the problem is that in
>> CATALINA_BASE .but I dont know how to instruct the statup script
>>
>>
>> root@appserver01:/opt/tomcat0# ./startup-instance0.sh
>> ./startup-instance0.sh: line 3: ./startup.sh: No such file or directory
>> root@appserver01:/opt/tomcat0#
>> root@appserver01:/opt/tomcat0#
>> root@appserver01:/opt/tomcat0# cat startup-instance0.sh
>> export CATALINA_BASE=/opt/tomcat0
>> cd $CATALINA_HOME/bin
>> ./startup.sh
>>
>
> well,
>
>  ./startup.sh: No such file or directory
>
> Did you see that you set CATALINA_BASE (note: BASE) and then cd to the
> undefined CATALINA_HOME/bin (note: HOME)? You probably didn't intend this:
> Both are typically undefined on a system level, so you're probably not
> cding into the directory you intend.
>
> Olaf
>
>
>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

I cant start Tomcat instances

[Loai Abdallatif]

Dear Colleagues
I'm new to tomcat, I have successfully installed the service but when I
tried to run three instances I coudnt  due to error below

: the this I did is copied the cataline Home to three instances tomcat0,
tomcat1, and tomcat2 directories

and in each directory I have configured the connectors ports, AJP port and
addresses .
the tomcat main instance is working but I think the problem is that in
CATALINA_BASE .but I dont know how to instruct the statup script


root@appserver01:/opt/tomcat0# ./startup-instance0.sh
./startup-instance0.sh: line 3: ./startup.sh: No such file or directory
root@appserver01:/opt/tomcat0#
root@appserver01:/opt/tomcat0#
root@appserver01:/opt/tomcat0# cat startup-instance0.sh
export CATALINA_BASE=/opt/tomcat0
cd $CATALINA_HOME/bin
./startup.sh

Mysql vs Postgress

[Loai Abdallatif]

Dear  all

I have project that is based on Tomcat/apache Servers , any one can help
regarding the best DB engine  * mysql or Postgress ) keeping in mind that
I'm interested in DB clustering/Replication feature ?

Kind Regards,