Hi.
I have not been following this in detail, but some of the things I've seen written made me
think of the warning (in red type) on the page :
http://tomcat.apache.org/connectors-doc/reference/apache.html
In other words, if your front-end Apache httpd is configured in such a way that, to serve
a request URL from a browser, it /can/ access a directory and files which really belong to
Tomcat, then all kinds of weird and dangerous things will happen.
Such as JSP pages being served 'as is', and browsers being able to access directories and
files which Tomcat would normally forbid (such as the content of a webapps/yourapp/WEB-INF
directory).
On 25.11.2018 21:26, Lou Wallace wrote:
How will selinux help? Not sure what you mean...
On Sun, Nov 25, 2018 at 3:16 PM Loai Abdallatif <loai.abdalla...@gmail.com>
wrote:
try selinux to permissive mode using #setenforce 0 to exclude it from
analyses
On Sun, Nov 25, 2018 at 8:05 PM Lou Wallace <mrlouwall...@gmail.com>
wrote:
hey Greg,
No obvious errors in mod_jk log. Only has five lines
[Sun Nov 25 15:22:11.637 2018] [14159:139840145266816] [info]
init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
[Sun Nov 25 15:22:11.657 2018] [14159:139840145266816] [info]
init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
[Sun Nov 25 15:37:01.930 2018] [15407:140260327409792] [info]
init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
[Sun Nov 25 15:37:01.951 2018] [15407:140260327409792] [info]
init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
[Sun Nov 25 18:00:36.252 2018] [26421:139699565041792] [info]
init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
[Sun Nov 25 18:00:36.276 2018] [26421:139699565041792] [info]
init_jk::mod_jk.c (3591): mod_jk/1.2.46 initialized
error_log
[Sun Nov 25 18:00:36.250346 2018] [core:notice] [pid 26421] SELinux
policy
enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sun Nov 25 18:00:36.251392 2018] [suexec:notice] [pid 26421] AH01232:
suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Nov 25 18:00:36.252380 2018] [jk:warn] [pid 26421] No JkLogFile
defined in httpd.conf. Using default /etc/httpd/logs/mod_jk.log
[Sun Nov 25 18:00:36.252466 2018] [jk:warn] [pid 26421] No JkShmFile
defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
[Sun Nov 25 18:00:36.273798 2018] [auth_digest:notice] [pid 26421]
AH01757:
generating secret for digest authentication ...
[Sun Nov 25 18:00:36.275236 2018] [lbmethod_heartbeat:notice] [pid 26421]
AH02282: No slotmem from mod_heartmonitor
[Sun Nov 25 18:00:36.276120 2018] [jk:warn] [pid 26421] No JkLogFile
defined in httpd.conf. Using default /etc/httpd/logs/mod_jk.log
[Sun Nov 25 18:00:36.276179 2018] [jk:warn] [pid 26421] No JkShmFile
defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
[Sun Nov 25 18:00:36.280163 2018] [mpm_prefork:notice] [pid 26421]
AH00163:
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_jk/1.2.46 configured --
resuming normal operations
[Sun Nov 25 18:00:36.280201 2018] [core:notice] [pid 26421] AH00094:
Command line: '/usr/sbin/httpd -D FOREGROUND'
On Sun, Nov 25, 2018 at 12:42 PM Greg Huber <gregh3...@gmail.com> wrote:
OK, sorry, if you are remote then 8080 port may not be open.
You need to check tomcat app actually shows the page correctly.
If the page http://IP/index.jsp <http://IP:8080/index.jsp>
just shows the jsp, have a look at the /var/log/httpd logs to see what
its
doing,
eg access.log
xxx.xxx.xxx.xxx.xxx - - [25/Nov/2018:07:28:08 +0000] "GET /index.jsp
HTTP/1.1" 200 27080 "
also look in the error.log for errors
mod_jk.log
[Sun Nov 25 07:27:10 2018][1452:140132954712192] [info]
init_jk::mod_jk.c
(3591): mod_jk/1.2.46 initialized
You could try yum package links which is a command line browser.
Name : links
Arch : x86_64
Epoch : 1
Version : 2.13
Release : 1.el7
Size : 2.8 M
Repo : epel/x86_64
Summary : Web browser running in both graphics and text mode
URL : http://links.twibright.com/
Licence : GPLv2+
Description : Links is a web browser capable of running in either
graphics
or text mode.
: It provides a pull-down menu system, renders complex
pages,
has partial HTML
: 4.0 support (including tables, frames and support for
multiple character sets
: and UTF-8), supports color and monochrome terminals and
allows horizontal
: scrolling.
On Sun, 25 Nov 2018 at 17:07, Lou Wallace <mrlouwall...@gmail.com>
wrote:
How can I do that from the command line shell? I tried it from
browser
and
it timed out using http://IP:8080/index.jsp
On Sun, Nov 25, 2018 at 11:54 AM Greg Huber <gregh3...@gmail.com>
wrote:
But my .jsp web page is still showing as plain text
With tomcat running does it show correctly ie
http://127.0.0.1:8080/../mypage.jsp
then try http://127.0.0.1/../mypage.jsp
######
tomcat server.xml using default port
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
On Sun, 25 Nov 2018 at 15:28, Lou Wallace <mrlouwall...@gmail.com>
wrote:
hmm this is weird
After adding
#Options Indexes FollowSymLinks
#No folders/files listed
Options -Indexes -FollowSymLinks
I decided to allow httpd.conf to try and load mod_jk.so again so
I
added
back LoadModule jk_module /etc/httpd/modules/mod_jk.so and
restarted
httpd
then when I do apachectl -M I see as last entry in the list
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
allowmethods_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
authn_anon_module (shared)
authn_core_module (shared)
authn_dbd_module (shared)
authn_dbm_module (shared)
authn_file_module (shared)
authn_socache_module (shared)
authz_core_module (shared)
authz_dbd_module (shared)
authz_dbm_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_owner_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cache_module (shared)
cache_disk_module (shared)
data_module (shared)
dbd_module (shared)
deflate_module (shared)
dir_module (shared)
dumpio_module (shared)
echo_module (shared)
env_module (shared)
expires_module (shared)
ext_filter_module (shared)
filter_module (shared)
headers_module (shared)
include_module (shared)
info_module (shared)
log_config_module (shared)
logio_module (shared)
mime_magic_module (shared)
mime_module (shared)
negotiation_module (shared)
remoteip_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
slotmem_plain_module (shared)
slotmem_shm_module (shared)
socache_dbm_module (shared)
socache_memcache_module (shared)
socache_shmcb_module (shared)
status_module (shared)
substitute_module (shared)
suexec_module (shared)
unique_id_module (shared)
unixd_module (shared)
userdir_module (shared)
version_module (shared)
vhost_alias_module (shared)
dav_module (shared)
dav_fs_module (shared)
dav_lock_module (shared)
lua_module (shared)
mpm_prefork_module (shared)
proxy_module (shared)
lbmethod_bybusyness_module (shared)
lbmethod_byrequests_module (shared)
lbmethod_bytraffic_module (shared)
lbmethod_heartbeat_module (shared)
proxy_ajp_module (shared)
proxy_balancer_module (shared)
proxy_connect_module (shared)
proxy_express_module (shared)
proxy_fcgi_module (shared)
proxy_fdpass_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_scgi_module (shared)
proxy_wstunnel_module (shared)
ssl_module (shared)
systemd_module (shared)
cgi_module (shared)
jk_module (shared)
So it says mod_jk is loaded
But my .jsp web page is still showing as plain text
On Sun, Nov 25, 2018 at 5:28 AM Greg Huber <gregh3...@gmail.com>
wrote:
There's the problem, make sure you have copied mod_jk.so to
/etc/httpd/modules/mod_jk.so
My file size 1,556,816 bytes permission owner root and execute
ls -l /etc/httpd/modules/mod_jk.so
-rwxrwxr-x 1 root root
also check the x executable
And apachectl -M (sorry not -S)
...
jk_module (shared)
...
10-my.conf and my.conf are preferred as when yum updates httpd
it
also
updates /etc/httpd/conf/httpd.conf. If you change httpd.conf
you
then
have
to merge the httpd.conf.rpmnew as it won't overwrite config.
The only change I make in httpd.conf is to make sure there is
no
browsing
#Options Indexes FollowSymLinks
#No folders/files listed
Options -Indexes -FollowSymLinks
Cheers Greg
On Sat, 24 Nov 2018 at 22:02, Lou Wallace <
mrlouwall...@gmail.com>
wrote:
Here is what I see
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
allowmethods_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
authn_anon_module (shared)
authn_core_module (shared)
authn_dbd_module (shared)
authn_dbm_module (shared)
authn_file_module (shared)
authn_socache_module (shared)
authz_core_module (shared)
authz_dbd_module (shared)
authz_dbm_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_owner_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cache_module (shared)
cache_disk_module (shared)
data_module (shared)
dbd_module (shared)
deflate_module (shared)
dir_module (shared)
dumpio_module (shared)
echo_module (shared)
env_module (shared)
expires_module (shared)
ext_filter_module (shared)
filter_module (shared)
headers_module (shared)
include_module (shared)
info_module (shared)
log_config_module (shared)
logio_module (shared)
mime_magic_module (shared)
mime_module (shared)
negotiation_module (shared)
remoteip_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
slotmem_plain_module (shared)
slotmem_shm_module (shared)
socache_dbm_module (shared)
socache_memcache_module (shared)
socache_shmcb_module (shared)
status_module (shared)
substitute_module (shared)
suexec_module (shared)
unique_id_module (shared)
unixd_module (shared)
userdir_module (shared)
version_module (shared)
vhost_alias_module (shared)
dav_module (shared)
dav_fs_module (shared)
dav_lock_module (shared)
lua_module (shared)
mpm_prefork_module (shared)
proxy_module (shared)
lbmethod_bybusyness_module (shared)
lbmethod_byrequests_module (shared)
lbmethod_bytraffic_module (shared)
lbmethod_heartbeat_module (shared)
proxy_ajp_module (shared)
proxy_balancer_module (shared)
proxy_connect_module (shared)
proxy_express_module (shared)
proxy_fcgi_module (shared)
proxy_fdpass_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_scgi_module (shared)
proxy_wstunnel_module (shared)
ssl_module (shared)
systemd_module (shared)
cgi_module (shared)
No mod_jk
On Sat, Nov 24, 2018 at 4:23 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Lou,
On 11/24/18 12:19, Lou Wallace wrote:
Hi Greg,
I did this and restarted HTTPD. No error but no change.
Not sure how 10-my.conf and my.conf are called, but I did
create
them as described.
Also when I checked configtest
[root@server2 conf]# apachectl configtest Syntax OK
and apachectl -S
[root@server2 conf]# apachectl -S VirtualHost
configuration:
*:443
server2.us-west2-a.c.helpful-kingdom-220815.internal
(/etc/httpd/conf.d/ssl.conf:56) ServerRoot: "/etc/httpd"
Main
DocumentRoot: "/var/www/html" Main ErrorLog:
"/etc/httpd/logs/error_log" Mutex mpm-accept:
using_defaults
Mutex
authdigest-opaque: using_defaults Mutex
proxy-balancer-shm:
using_defaults Mutex rewrite-map: using_defaults Mutex
authdigest-client: using_defaults Mutex ssl-stapling:
using_defaults Mutex proxy: using_defaults Mutex
authn-socache:
using_defaults Mutex ssl-cache: using_defaults Mutex
default:
dir="/run/httpd/" mechanism=default PidFile:
"/run/httpd/httpd.pid" Define:
_RH_HAS_HTTPPROTOCOLOPTIONS
Define:
DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="apache"
id=48
Group:
name="apache" id=48
Looking forward to your thoughts.
Try:
$ apachectl -M
I get something like this:
Loaded Modules:
core_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
alias_module (shared)
auth_basic_module (shared)
authn_file_module (shared)
authz_default_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
headers_module (shared)
include_module (shared)
jk_module (shared) <-- here is mod_jk
mime_module (shared)
negotiation_module (shared)
php5_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
ssl_module (shared)
status_module (shared)
Syntax OK
If mod_jk isn't loading, obviously none of the
module-defined
directives will work.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird -
https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlv5wT8ACgkQHPApP6U8
pFgJMA//ex7/qu/RFlla2FiSxRDJeYfwxaGywm1IrtNXL2y0/nkjIyJKLuNkwfec
jWQm0ihAXKjBaLks9boK8dVmmEfEibsEDBSRK7LVtLwOd97PQgo6Wv8/itehOAQW
4Q8Vyc3Ov2PmXPTCzxehAyzdO8ltSZ5wFZ7TA6tXQYDzgY3yDxl3PMDl3Th0Byi1
tts6340/Ih4jhPdYoA0W9LXVqIYjEn/tzMgXUazjXE9jRUxP8bslOeMzQjiuLjvt
BkwNDqYoTN3INxwljJ9BXVumbk4DehIIx4lw1zuxdzuiLPHYxYsJY+pYLWtAY3i4
Op6ATyoKrBiOjjN6DIFWM0ilsRS0ktM7bdwRlRFCXGTUzfwv2v2qzv6PkRsaUbma
bQ9a7+FFMoHGgWQ62VUtByCyyzHsPI1RoRlXwHRNYufMI+1UpV4IxfqA8tbCcwc+
ONzzVti5y16K6mZAH4FDsU/WiFW35hkJLkDrkrvw/z3uCvQjn72etkQFoICUmlEY
uxirMQHdM8CKrJ7whqiH/1ihdJXwcOPU20QCAfwEbyE58oN+sJxFWDCbGjfVbOfe
l9yQrKzzp1rnNepPyeseCeOQqSKXBeBDahkSEO/WGDu2PYuOYf2vT/BV6cthLMlm
WhyNoGDl3P3Hr68i4Zwe3a++cXWfzosHpLQOP5RxggV9QUsvKn8=
=gAVW
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail:
users-unsubscr...@tomcat.apache.org
For additional commands, e-mail:
users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org