Re: Tomcat 8 and Oracle Wallets

[Christophe Vanlancker]

I ran a strace on the Tomcat process, and see that Tomcat actually IS able to 
see and read the wallets. 



[pid 21880] open("< full path to wallets>/oracle_wallets/cwallet.sso", 
O_RDONLY) = 362 


So I think this means that the problem lies somewhere between Tomcat and the 
OJDBC driver. 


Regards, 
Christophe 

-- 
-- 
Christophe Vanlancker  
+32 (494) 232277 | Linux & Open-Source consultant - Inuits.eu 


From: "Christophe Vanlancker"  
To: "users"  
Sent: Thursday, 15 November, 2018 13:24:10 
Subject: Tomcat 8 and Oracle Wallets 

Hello, 

I'm having an issue with setting up SSL encrypted connections to an Oracle 
database. 

I looked up on many websites and places and got the impression that either 
people abandon setting up the encryption or implemented the connection in code 
rather than through the jndi context in Tomcat itself. 

Tomcat 8.5.34 
JDK 1.8.0_171 
RedHat 7.4 (Selinux permissive) 
OracleDB 12.2.0.1.0 

I've written a simple Java application which just connects to the database 
using TCPS and makes a simple query. 
This works. 

java -D oracle.net.tns_admin ="./oracle_wallets/" -D oracle.net.wallet_location 
="(SOURCE=(METHOD=FILE) (METHOD_DATA = (DIRECTORY=./oracle_wallets)))" -cp ./: 
./lib/ ojdbc8.jar :./lib/ oraclepki.jar DataSourceSample 

I'm using the official ojdbc8.jar from Oracle appropriate for the version of 
Java and the Oracle database. 

Because Oracle Wallets is an invention of Oracle itself, I added the 
appropriate security provider in java.security: 
security.provider.4=oracle.security.pki.OraclePKIProvider ( loaded before 
com.sun.net.ssl.internal.ssl.Provider ) so it gets loaded before the default 
PKCS implementation in Java. 

cwallet.sso cwallet.sso.lck ewallet.p12 ewallet.p12.lck sqlnet.ora tnsnames.ora 
are all placed inside the ./oracle_wallets. 

As said before, the little Java app that I wrote is able to open the wallets 
and connect to the database: 

AArray = [B@6328d34a 
AArray = [B@145eaa29 
AArray = [B@15bb6bea 
 
Driver Name: Oracle JDBC driver 
Driver Version: 12.2.0.1.0 
Default Row Prefetch Value is: 20 
Database Username is: MY_USER 
 
82062920015 SomeResults1 
87093009324 SomeResults2 
74031825702 SomeResults3 
 


I translated this to Tomcat in the following way: 

I placed the ojdbc8.jar and oraclepki.jar in the libs folder of Catalina. 

I added the Java options in bin/setenv.sh: 

export CATALINA_OPTS="$CATALINA_OPTS -Doracle.net.tns_admin=/oracle_wallets/" 
export CATALINA_OPTS="$CATALINA_OPTS 
-Doracle.net.wallet_location='(SOURCE=(METHOD=FILE) (METHOD_DATA = (DIRECTORY= 
 /oracle_wallets)))'" 

The entries in the context.xml file look like this: 

 

I can confirm that the rights on the filesystem for the wallets are permissive 
enough for Tomcat to read them. 
Tomcat is able to connect to the database. 

But for some reason it's as if it's unable to read the wallets. 


Caused by: oracle.net.ns.NetException: The Network Adapter could not establish 
the connection 
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:523) 
at 
oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:521) 
at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:660) 
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:286) 
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1438) 
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:518) 
... 68 more 
Caused by: oracle.net.ns.NetException: Unable to initialize ssl context. 
at 
oracle.net.nt.CustomSSLSocketFactory.getSSLSocketEngine(CustomSSLSocketFactory.java:564)
 
at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:143) 
at oracle.net.nt.ConnOption.connect(ConnOption.java:161) 
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:470) 
... 73 more 
Caused by: oracle.net.ns.NetException: Unable to initialize the key store. 
at 
oracle.net.nt.CustomSSLSocketFactory.getKeyManagerArray(CustomSSLSocketFactory.java:642)
 
at 
oracle.net.nt.CustomSSLSocketFactory.getSSLSocketEngine(CustomSSLSocketFactory.java:547)
 
... 76 more 
Caused by: java.security.KeyStoreException: SSO not found 
at java.security.KeyStore.getInstance(KeyStore.java:851) 
at 
oracle.net.nt.CustomSSLSocketFactory.getKeyManagerArray(CustomSSLSocketFactory.java:628)
 
... 77 more 
Caused by: java.security.NoSuchAlgorithmException: SSO KeyStore not available 
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) 
at java.security.Security.getImpl(Security.java:695) 
at java.security.KeyStore.getInstance(KeyStore.java:848) 
... 78 more 

I tried checking if it was maybe linked to the application by removing it, but 
the same result. 

Would be nice if anyone has tried this similarly with or without succes. 


Regards, 
Christophe 

-- 
-- 
Christophe Vanlancker  
+32 (494) 232277 | Linux & Open-Source consultant - Inuits.eu 

Re: Translation help wanted

[Richard HO]

Hi, Mark

I used to be a JEE application server developer and developed it for three
years. I am also a blogger at the same time.
My article will be posted to the WeChat subscription account.
Currently, there are more than 15,000 subscribers. Content will be read by
all  followers.

This morning, I posted an article about the translation of Tocmat
internationalization information and error messages.
Our target language is Simplified Chinese. So, many developers have joined
in and everyone works together.
 At noon, the progress of Chinese translation has reached 10%.

[image: WechatIMG551.jpeg]
  But in the afternoon, I suddenly found that the progress became 3%,

  and I saw your name in the contributor.


  Excuse me, did you clear some content?

Is the translated content unqualified?



[image: 3abc.jpg]
[image: translator.jpg]



Richard


Mark Thomas  于2018年11月12日周一 下午7:49写道：

> All,
>
> Apache Tomcat includes some translations for error messages and parts of
> the user interface - primarily the Manager web application. We would
> like to improve the coverage and quality of these translations.
> Accordingly, the Tomcat project has been set up on POEditor, a web-based
> service for managing the translation of resource files.
>
> The aim is that anyone who wants to contribute to the translations (it
> could be anything from fixing a typo in an existing translation to
> adding support for a new language) can create an account and contribute.
>
> If you would like to contribute in this way then the
> The Tomcat project can be found here:
>
> https://poeditor.com/join/project/NUTIjDWzrl
>
> Anyone should be able to join up as a contributor. If you are
> interested, please sign up and start contributing.
>
> Note: All contributions will be taken as being made under the terms of
> the Apache License version 2.
>
> I'm aiming to export the translations on a regular basis to the Tomcat
> source code. How regularly will depend on the rate of new/updated
> translations but as a minimum, I'm aiming to get any updates into the
> next Tomcat 9 release.
>
> If you have any difficulties or questions, please ask here.
>
> Thanks,
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: sss

[Mario Marius]

Ssss

Trimis de pe iPhone‑ul meu

Pe 6 sept. 2018, la 15:30, minglei yin  a scris:

> sss

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Translation help wanted

[Mark Thomas]

On 16/11/2018 09:37, Richard HO wrote:
> Hi, Mark
> 
> I used to be a JEE application server developer and developed it for
> three years. I am also a blogger at the same time. 
> My article will be posted to the WeChat subscription account.
> Currently, there are more than 15,000 subscribers. Content will be read
> by all  followers.
> 
> This morning, I posted an article about the translation of Tocmat
> internationalization information and error messages. 
> Our target language is Simplified Chinese. So, many developers have
> joined in and everyone works together.

Ah. That explains the influx of email to my inbox for all those new
contributors.

>  At noon, the progress of Chinese translation has reached 10%.

Excellent!

> WechatIMG551.jpeg
>   But in the afternoon, I suddenly found that the progress became 3%, 
> 
>   and I saw your name in the contributor. 
>   
> 
>   Excuse me, did you clear some content?

I'm fairly sure it wasn't me. The UI isn't great for telling who deleted
stuff but I see translations that are ~10 hours old that have been
deleted. That was the middle of the night for me and I was asleep so I'm
fairly sure I didn't delete anything.

> Is the translated content unqualified? 

Not as far as I am concerned. I think someone (and I can't tell who)
accidentally pressed the "Flush All Translations" button which wipes
everything out.

As project admin I have the option to restore those. Based on what you
have written I'll try doing that. I'll do an export first though in case
the restoration causes any other data to be lost.

Mark


> 
> 
> 
> 3abc.jpg
> translator.jpg
> 
> 
> 
> Richard
> 
> 
> Mark Thomas mailto:ma...@apache.org>> 于2018年11月12
> 日周一 下午7:49写道：
> 
> All,
> 
> Apache Tomcat includes some translations for error messages and parts of
> the user interface - primarily the Manager web application. We would
> like to improve the coverage and quality of these translations.
> Accordingly, the Tomcat project has been set up on POEditor, a web-based
> service for managing the translation of resource files.
> 
> The aim is that anyone who wants to contribute to the translations (it
> could be anything from fixing a typo in an existing translation to
> adding support for a new language) can create an account and contribute.
> 
> If you would like to contribute in this way then the
> The Tomcat project can be found here:
> 
> https://poeditor.com/join/project/NUTIjDWzrl
> 
> Anyone should be able to join up as a contributor. If you are
> interested, please sign up and start contributing.
> 
> Note: All contributions will be taken as being made under the terms of
> the Apache License version 2.
> 
> I'm aiming to export the translations on a regular basis to the Tomcat
> source code. How regularly will depend on the rate of new/updated
> translations but as a minimum, I'm aiming to get any updates into the
> next Tomcat 9 release.
> 
> If you have any difficulties or questions, please ask here.
> 
> Thanks,
> 
> Mark
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> 
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Translation help wanted

[Mark Thomas]

On 16/11/2018 11:50, Mark Thomas wrote:
> On 16/11/2018 09:37, Richard HO wrote:
>> Hi, Mark
>>
>> I used to be a JEE application server developer and developed it for
>> three years. I am also a blogger at the same time. 
>> My article will be posted to the WeChat subscription account.
>> Currently, there are more than 15,000 subscribers. Content will be read
>> by all  followers.
>>
>> This morning, I posted an article about the translation of Tocmat
>> internationalization information and error messages. 
>> Our target language is Simplified Chinese. So, many developers have
>> joined in and everyone works together.
> 
> Ah. That explains the influx of email to my inbox for all those new
> contributors.
> 
>>  At noon, the progress of Chinese translation has reached 10%.
> 
> Excellent!
> 
>> WechatIMG551.jpeg
>>   But in the afternoon, I suddenly found that the progress became 3%, 
>>
>>   and I saw your name in the contributor. 
>>   
>>
>>   Excuse me, did you clear some content?
> 
> I'm fairly sure it wasn't me. The UI isn't great for telling who deleted
> stuff but I see translations that are ~10 hours old that have been
> deleted. That was the middle of the night for me and I was asleep so I'm
> fairly sure I didn't delete anything.
> 
>> Is the translated content unqualified? 
> 
> Not as far as I am concerned. I think someone (and I can't tell who)
> accidentally pressed the "Flush All Translations" button which wipes
> everything out.
> 
> As project admin I have the option to restore those. Based on what you
> have written I'll try doing that. I'll do an export first though in case
> the restoration causes any other data to be lost.

OK. Anything that had been re-translated should not have been changed. A
total of 188 translations were recovered putting simplified Chinese at a
very impressive 17%.

I'll work on getting those added into the Tomcat code base.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8 and Oracle Wallets

[Luis Rodríguez Fernández]

Hello Christophe,

Very interesting, thanks!

Would it be possible in your scenario to export the certificates from the
wallet and import them to a different keystore (PCKS12 or JKS)? You can
have a look at [1]

Hope it helps,

Luis

[1]
https://blogs.oracle.com/dev2dev/ssl-connection-to-oracle-db-using-jdbc,-tlsv12,-jks-or-oracle-wallets






El vie., 16 nov. 2018 a las 12:03, Christophe Vanlancker (<
carroarma...@inuits.eu>) escribió:

> I ran a strace on the Tomcat process, and see that Tomcat actually IS able
> to see and read the wallets.
>
>
>
> [pid 21880] open("< full path to wallets>/oracle_wallets/cwallet.sso",
> O_RDONLY) = 362
>
>
> So I think this means that the problem lies somewhere between Tomcat and
> the OJDBC driver.
>
>
> Regards,
> Christophe
>
> --
> --
> Christophe Vanlancker 
> +32 (494) 232277 | Linux & Open-Source consultant - Inuits.eu
>
>
> From: "Christophe Vanlancker" 
> To: "users" 
> Sent: Thursday, 15 November, 2018 13:24:10
> Subject: Tomcat 8 and Oracle Wallets
>
> Hello,
>
> I'm having an issue with setting up SSL encrypted connections to an Oracle
> database.
>
> I looked up on many websites and places and got the impression that either
> people abandon setting up the encryption or implemented the connection in
> code rather than through the jndi context in Tomcat itself.
>
> Tomcat 8.5.34
> JDK 1.8.0_171
> RedHat 7.4 (Selinux permissive)
> OracleDB 12.2.0.1.0
>
> I've written a simple Java application which just connects to the database
> using TCPS and makes a simple query.
> This works.
>
> java -D oracle.net.tns_admin ="./oracle_wallets/" -D
> oracle.net.wallet_location ="(SOURCE=(METHOD=FILE) (METHOD_DATA =
> (DIRECTORY=./oracle_wallets)))" -cp ./: ./lib/ ojdbc8.jar :./lib/
> oraclepki.jar DataSourceSample
>
> I'm using the official ojdbc8.jar from Oracle appropriate for the version
> of Java and the Oracle database.
>
> Because Oracle Wallets is an invention of Oracle itself, I added the
> appropriate security provider in java.security:
> security.provider.4=oracle.security.pki.OraclePKIProvider ( loaded before
> com.sun.net.ssl.internal.ssl.Provider ) so it gets loaded before the
> default PKCS implementation in Java.
>
> cwallet.sso cwallet.sso.lck ewallet.p12 ewallet.p12.lck sqlnet.ora
> tnsnames.ora are all placed inside the ./oracle_wallets.
>
> As said before, the little Java app that I wrote is able to open the
> wallets and connect to the database:
>
> AArray = [B@6328d34a
> AArray = [B@145eaa29
> AArray = [B@15bb6bea
> 
> Driver Name: Oracle JDBC driver
> Driver Version: 12.2.0.1.0
> Default Row Prefetch Value is: 20
> Database Username is: MY_USER
> 
> 82062920015 SomeResults1
> 87093009324 SomeResults2
> 74031825702 SomeResults3
> 
>
>
> I translated this to Tomcat in the following way:
>
> I placed the ojdbc8.jar and oraclepki.jar in the libs folder of Catalina.
>
> I added the Java options in bin/setenv.sh:
>
> export CATALINA_OPTS="$CATALINA_OPTS -Doracle.net.tns_admin= path>/oracle_wallets/"
> export CATALINA_OPTS="$CATALINA_OPTS
> -Doracle.net.wallet_location='(SOURCE=(METHOD=FILE) (METHOD_DATA =
> (DIRECTORY=  /oracle_wallets)))'"
>
> The entries in the context.xml file look like this:
>
>  auth="Container"
> type="javax.sql.DataSource"
> username="MY_USER"
> password="*"
> url="jdbc:oracle:thin:@MY_DATABASE"
> driverClassName="oracle.jdbc.OracleDriver"
> timeBetweenEvictionRunsMillis="12"
> testOnBorrow="True"
> logAbandoned="True"
> removeAbandonedTimeout="3600"
> maxIdle="20"
> initialSize="32"
> removeAbandonedOnBorrow="True"
> maxTotal="256"
> validationQuery="select 1 from dual"
> removeAbandonedOnMaintenance="True"
> maxWaitMillis="30"
> />
>
> I can confirm that the rights on the filesystem for the wallets are
> permissive enough for Tomcat to read them.
> Tomcat is able to connect to the database.
>
> But for some reason it's as if it's unable to read the wallets.
>
>
> Caused by: oracle.net.ns.NetException: The Network Adapter could not
> establish the connection
> at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:523)
> at
> oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:521)
>
> at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:660)
> at oracle.net.ns.NSProtocol.connect(NSProtocol.java:286)
> at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1438)
> at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:518)
> ... 68 more
> Caused by: oracle.net.ns.NetException: Unable to initialize ssl context.
> at
> oracle.net.nt.CustomSSLSocketFactory.getSSLSocketEngine(CustomSSLSocketFactory.java:564)
>
> at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:143)
> at oracle.net.nt.ConnOption.connect(ConnOption.java:161)
> at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:470)
> ... 73 more
> Caused by: oracle.net.ns.NetException: Unable to initialize the key store.
> at
> 

RE: tomcat redirects to http instead of https

[Dino Edwards]

>This looks like an old config. Are you using Apache 2.2?

No I'm currently trying to use Apache 2.4, but you are right It is indeed a 
config from an older version of Apache 2.2

> 1. I don't see ServerName to identify the VirtualHost for SNI 2. You are 
> using "Order" instead of "Require"

I'm not using Named-Based Virtual Hosts

> Are you sure you don't have any other  which is performing any 
> proxying?

There are no other configs enabled in /etc/apache2/sites-enabled

> Can you post your  configuration for your port 8080 connector ?



> If this is a one-box-wonder, do you actually need httpd? Just checking..

I do, there are two different applications in the box that use two different 
Tomcat instances running in different ports and I use Apache to proxy to each 
app while using one common SSL config


Dino

help installing mod_jk on Centos 7 on a Google Cloud server

[Lou Wallace]

Hi All,

I am in need of some help in getting mod_jk installed on a new google cloud
server.

Right now it has Apache, Tomcat, Java, mysql, perl and python installed.
But mod_jk isn't there.

When I try yum install mod_jk it isn't found in any of the mirrors.

I've been to the Tomcat site and when I try and get binaries or source it
sees I am on a windows pc and forces me to those directories.

So, if someone can give me a simple set of commands to do this it would be
awesome. Also is there other tomcat connectors needed with java?

Preferable it will be done from the ssh client on the cloud server.

Thanks!

Lou

tomcat redirects to http instead of https

[Dino Edwards]

Hello,

I have an interesting issue with Tomcat. If I click/or paste a HTTPS link in 
the browser to an application served by Tomcat, it redirects to http instead of 
https. If I manually change the http:// to https:// in the browser the 
application comes up with no problems. Obviously it's not ideal, cause this 
application sends out emails with https addresses that end-users are supposed 
to simply click and get to the application.

My current setup, I have Apache proxying to Tomcat 7 like this:


ProxyRequests Off

SSLEngine on
SSLCertificateFile .cer
SSLCertificateKeyFile ...key
SSLCertificateChainFile ..cer
SSLProtocol -all +TLSv1.2
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

Order deny,allow
Allow from all


ProxyPass /app http://localhost:8080/app
ProxyPassReverse /app http://localhost:8080/app
ProxyTimeout 3600

.



This used to work with Tomcat 6, but obviously something has changed with 
Tomcat 7.

I would appreciate some assistance on this

Thanks

Re: help installing mod_jk on Centos 7 on a Google Cloud server

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Lou,

On 11/16/18 9:56 AM, Lou Wallace wrote:
> Hi All,
> 
> I am in need of some help in getting mod_jk installed on a new
> google cloud server.
> 
> Right now it has Apache, Tomcat, Java, mysql, perl and python
> installed. But mod_jk isn't there.
> 
> When I try yum install mod_jk it isn't found in any of the
> mirrors.
> 
> I've been to the Tomcat site and when I try and get binaries or
> source it sees I am on a windows pc and forces me to those
> directories.

Not true. You can download any package you want.

https://tomcat.apache.org/download-connectors.cgi

Click on whatever package you want and download it. Only binaries for
Windows are provided. If you aren't on Windows, you have to either go
to your package-manager (who doesn't have it, in this case) or build
from source.

> So, if someone can give me a simple set of commands to do this it
> would be awesome.

$ wget
http://mirrors.sonic.net/apache/tomcat/tomcat-connectors/jk/tomcat-conne
ctors-1.2.46-src.tar.gz
(this is from a mirror; feel free to pick another)

$ wget
https://www.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connector
s-1.2.46-src.tar.gz.sha512

$ sha512sum -c tomcat-connectors-1.2.46-src.tar.gz.sha512

(check all is okay)

$ tar xzf tomcat-connectors-1.2.46-src.tar.gz

$ cat tomcat-connectors-1.2.46-src/native/BUILDING.txt

Now, read.

> Also is there other tomcat connectors needed with java?

?

> Preferable it will be done from the ssh client on the cloud
> server.

How else would you do it?

Alternatively, have you considered using mod_proxy_*, which is
built-into Apache httpd?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvu8mYACgkQHPApP6U8
pFh6ZRAAqmV66ca74v4+ps9b7YMuHRIVGTOQYn86kGQRYIwivtMF2q1mQIH3/yuk
AS7tnm2uMAUBf84SPLNukbLk/aCcZEqgc4KkpMffOrGx6PZzOZWyiRhTjPffCtFu
mqQ/aYb7akiRstGBL0LtqfU0PKeQx4Dm0TvtktIy1boZPZ6A88967BO8VEleFZRV
haqAv6xroNr2inMofRwRTNwRoRGGEMJ8j562CYooVS6KLd7sWNq1b1aSPSkWHFVL
aPVw4w9HF1FKfR6hMQdsjV8i9AMt5YT1aglfwYk+9v1anOcLFSGVXOJb/AA7wh9U
C76t/wOZwsrEIUjAbViGPzPDExrhTJmLa5G2dyuu+Q6D2dICU7vcW8VMIR0N6w+Y
e1VmmgM3CQ6eXP8/+HOj5r2wRORYeeyJky+8SXVazeY7CqQM6+pIst/y+pGtwgJJ
Jff1ZNHJwrPjfURrPWoZyZNlw+bGHYHq7vYE+aUuM+GwL/pTjv/JHBHEYvBK8dzy
KN0A5nAswXBkkImcFvpoh4cdo0Ir88jutXmOnvdNzjwMUzzFxsbDbNUkcka5IlOa
/9ueArFjdfIbkZMim9g+7Pbe26gupHEGKlWv7Lwfn0uO0QcGBP5rka+MoHoGGdrL
aEs/u3F53akr2k3DESHKwt/1MYbc5+QBBJKBIbPXbb0/EYJZoNg=
=XhgM
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat redirects to http instead of https

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dino,

On 11/16/18 11:24 AM, Dino Edwards wrote:
> Hello,
> 
> I have an interesting issue with Tomcat. If I click/or paste a
> HTTPS link in the browser to an application served by Tomcat, it
> redirects to http instead of https. If I manually change the
> http:// to https:// in the browser the application comes up with no
> problems. Obviously it's not ideal, cause this application sends
> out emails with https addresses that end-users are supposed to
> simply click and get to the application.
> 
> My current setup, I have Apache proxying to Tomcat 7 like this:
> 
>  ProxyRequests Off
> 
> SSLEngine on SSLCertificateFile .cer SSLCertificateKeyFile
> ...key SSLCertificateChainFile ..cer SSLProtocol -all
> +TLSv1.2 SetEnvIf User-Agent ".*MSIE.*" nokeepalive
> ssl-unclean-shutdown  Order deny,allow Allow from all 
> 
> 
> ProxyPass /app http://localhost:8080/app ProxyPassReverse /app
> http://localhost:8080/app ProxyTimeout 3600
> 
> .
> 
> 

This looks like an old config. Are you using Apache 2.2?

1. I don't see ServerName to identify the VirtualHost for SNI
2. You are using "Order" instead of "Require"

Are you sure you don't have any other  which is
performing any proxying?

> This used to work with Tomcat 6, but obviously something has
> changed with Tomcat 7.
> 
> I would appreciate some assistance on this

Can you post your  configuration for your port 8080 connector
?

If this is a one-box-wonder, do you actually need httpd? Just checking..
.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvu8w4ACgkQHPApP6U8
pFhg6Q//Q7JjX40+lYhXuHiDLVKZu39rvtgUpdKOMms6/iidOG1pwtjDHhXdm8AO
yVbQ6nhKaTJZZZAJ8Npp5ojuA3eeNkHUMfFPBLDeWk4SqFdnIJOnmsSwHHocX4QX
RAHUdKoJ7PsuqAqMf5p7jOojy0IzUwbPG/KiDmgsr59BsiRIcOaVYbU1tbcuRVzW
KPeK/WNhP0E33AkuRIn9CfkE+4NCdOmPqFp5fpy4iImNrbXD9mkbJJg+qZ43vsUg
TrMMFssWj+pp2GlIq2UB6Ydvl6qcKtVDGGBfGcKZA6xULKnKMCW/SeQe2tl3TqLs
UjHlCOmEzB8hu6TJh59991ecgom7mUisAupkGn9tPOAVU2wDanbvcdqOX8KrPU4s
1qSjTe2Fa1tz494+/MvBxiyLL6/BKlO3zjtw+QhFW2IgAl1QILJqpvY2MFlpQRBR
RJY8zIof0u1Y+2dlgHGl8mD7siq6N/34acRSSQEYZtRAtJbn6n/xJR56icguDf6g
FlmKYu0CQNLBLReBUSG3eY4nOX4QcPUvsooHZxzqhdp3DxuQUhgLNccYU7Chz344
mdq9tXsFG8ulybh5lBo3DcAOoSuxhxxdIDBJXapLU+gWunD4+LQivrGBOGnTtYn+
vXDpV1Y9uj+eszyGouh7ib1hYoS3Jnkkauv6w3HbSgvEKBKGAtI=
=a4dq
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager Server Status Errors After 8.5.35

[Mark Thomas]

On 14/11/2018 17:20, Habib Zurrububabel wrote:
> Tomcat Manager Server Status Errors After updating from 8.5.34 to 8.5.35.
> OS is Red Hat Enterprise Linux Server release 6.8 (Santiago).  Manager log
> shows: javax.management.AttributeNotFoundException:  Cannot find attribute
> maxThreads for org.apache.tomcat.util.net.SocketProperties@207af361
> 

Not sure why this isn't working but it sounds like a bug and I see that
you have opened one. Thanks. This should get addressed for the next
round of releases.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: help installing mod_jk on Centos 7 on a Google Cloud server

[Lou Wallace]

Thanks! I will give this a try!

On Fri, Nov 16, 2018 at 11:38 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Lou,
>
> On 11/16/18 9:56 AM, Lou Wallace wrote:
> > Hi All,
> >
> > I am in need of some help in getting mod_jk installed on a new
> > google cloud server.
> >
> > Right now it has Apache, Tomcat, Java, mysql, perl and python
> > installed. But mod_jk isn't there.
> >
> > When I try yum install mod_jk it isn't found in any of the
> > mirrors.
> >
> > I've been to the Tomcat site and when I try and get binaries or
> > source it sees I am on a windows pc and forces me to those
> > directories.
>
> Not true. You can download any package you want.
>
> https://tomcat.apache.org/download-connectors.cgi
>
> Click on whatever package you want and download it. Only binaries for
> Windows are provided. If you aren't on Windows, you have to either go
> to your package-manager (who doesn't have it, in this case) or build
> from source.
>
> > So, if someone can give me a simple set of commands to do this it
> > would be awesome.
>
> $ wget
> http://mirrors.sonic.net/apache/tomcat/tomcat-connectors/jk/tomcat-conne
> ctors-1.2.46-src.tar.gz
> 
> (this is from a mirror; feel free to pick another)
>
> $ wget
> https://www.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connector
> s-1.2.46-src.tar.gz.sha512
> 
>
> $ sha512sum -c tomcat-connectors-1.2.46-src.tar.gz.sha512
>
> (check all is okay)
>
> $ tar xzf tomcat-connectors-1.2.46-src.tar.gz
>
> $ cat tomcat-connectors-1.2.46-src/native/BUILDING.txt
>
> Now, read.
>
> > Also is there other tomcat connectors needed with java?
>
> ?
>
> > Preferable it will be done from the ssh client on the cloud
> > server.
>
> How else would you do it?
>
> Alternatively, have you considered using mod_proxy_*, which is
> built-into Apache httpd?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvu8mYACgkQHPApP6U8
> pFh6ZRAAqmV66ca74v4+ps9b7YMuHRIVGTOQYn86kGQRYIwivtMF2q1mQIH3/yuk
> AS7tnm2uMAUBf84SPLNukbLk/aCcZEqgc4KkpMffOrGx6PZzOZWyiRhTjPffCtFu
> mqQ/aYb7akiRstGBL0LtqfU0PKeQx4Dm0TvtktIy1boZPZ6A88967BO8VEleFZRV
> haqAv6xroNr2inMofRwRTNwRoRGGEMJ8j562CYooVS6KLd7sWNq1b1aSPSkWHFVL
> aPVw4w9HF1FKfR6hMQdsjV8i9AMt5YT1aglfwYk+9v1anOcLFSGVXOJb/AA7wh9U
> C76t/wOZwsrEIUjAbViGPzPDExrhTJmLa5G2dyuu+Q6D2dICU7vcW8VMIR0N6w+Y
> e1VmmgM3CQ6eXP8/+HOj5r2wRORYeeyJky+8SXVazeY7CqQM6+pIst/y+pGtwgJJ
> Jff1ZNHJwrPjfURrPWoZyZNlw+bGHYHq7vYE+aUuM+GwL/pTjv/JHBHEYvBK8dzy
> KN0A5nAswXBkkImcFvpoh4cdo0Ir88jutXmOnvdNzjwMUzzFxsbDbNUkcka5IlOa
> /9ueArFjdfIbkZMim9g+7Pbe26gupHEGKlWv7Lwfn0uO0QcGBP5rka+MoHoGGdrL
> aEs/u3F53akr2k3DESHKwt/1MYbc5+QBBJKBIbPXbb0/EYJZoNg=
> =XhgM
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>