Re: intermittent connectivity failure under ssl
On 09/03/18 20:18, Alex O'Ree wrote: > I'll see what I can cook up. It'll be a complete tomcat setup and it was > reproducible with just a hello world jsp file + test ssl certs and configs. > Using any browser or java client connecting to tomcat. Page reloads are > intermittently failing. Where's the best place to dump this? And > obviously, you'll need a windows box to replicate (x64) Zip up the entire Tomcat dir and put it on dropbox or similar and then ping me with the download details. Microsoft kindly provide Apache committers with MSDN subscriptions for their Apache work so if you include the OS details I can make sure I am using the same OS. I'll most likely just extract your changes from the default install and apply them to a locally built instance. That way I can debug and test any fixes more easily. Mark > > On Fri, Mar 9, 2018 at 3:01 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Alex, > > On 3/9/18 2:50 PM, Mark Thomas wrote: On 09/03/18 19:39, Alex O'Ree wrote: > So I believe i have a resolution for this issue (still > undergoing additional testing). I hate SSL by the way. After > exhaustive scanning of the java.net.debug logs i came up with > nothing. 0 hints to the problem. I tried with browsers and java > http clients and all of them ended with a socket exception > (unexpected end of file). Did i mention i'm using the windows > variant of tomcat 8.5.28? On a whim, I asked a coworker who has > been using tomcat for quite some time. He suggested that issue > may be related to OpenSSL. After checking the configs and reading > the docs here: > http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomca > t_Configuration_File > > > for my setup, it was defaulting to use open ssl since it was not defined > in > the config file. After changing the JSSEImplementation my > problems appear to be sorted. Literally 3 months trying to solve > this one. Whatever version of open ssl that comes with the > windows build of tomcat has something wrong with it. Unlikely. More likely is that there is a bug in the APR/Native connector. But with a reliable way to reproduce the problem, we'll never know. > > If you are willing to see if you can come up with a repeatable test > case, it would be VERY helpful. Mark has a knack for finding and > fixing irritating bugs like this in the connector very quickly, but > not if he can't see the problem happen. > > I'd certainly like to see any issue with the native library (or its > use of OpenSSL) found and fixed for everyone's sake. > > -chris >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: intermittent connectivity failure under ssl
I'll see what I can cook up. It'll be a complete tomcat setup and it was reproducible with just a hello world jsp file + test ssl certs and configs. Using any browser or java client connecting to tomcat. Page reloads are intermittently failing. Where's the best place to dump this? And obviously, you'll need a windows box to replicate (x64) On Fri, Mar 9, 2018 at 3:01 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Alex, > > On 3/9/18 2:50 PM, Mark Thomas wrote: > > On 09/03/18 19:39, Alex O'Ree wrote: > >> So I believe i have a resolution for this issue (still > >> undergoing additional testing). I hate SSL by the way. After > >> exhaustive scanning of the java.net.debug logs i came up with > >> nothing. 0 hints to the problem. I tried with browsers and java > >> http clients and all of them ended with a socket exception > >> (unexpected end of file). Did i mention i'm using the windows > >> variant of tomcat 8.5.28? On a whim, I asked a coworker who has > >> been using tomcat for quite some time. He suggested that issue > >> may be related to OpenSSL. After checking the configs and reading > >> the docs here: > >> http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomca > t_Configuration_File > >> > >> > for my setup, it was defaulting to use open ssl since it was not defined > in > >> the config file. After changing the JSSEImplementation my > >> problems appear to be sorted. Literally 3 months trying to solve > >> this one. Whatever version of open ssl that comes with the > >> windows build of tomcat has something wrong with it. > > > > Unlikely. > > > > More likely is that there is a bug in the APR/Native connector. But > > with a reliable way to reproduce the problem, we'll never know. > > If you are willing to see if you can come up with a repeatable test > case, it would be VERY helpful. Mark has a knack for finding and > fixing irritating bugs like this in the connector very quickly, but > not if he can't see the problem happen. > > I'd certainly like to see any issue with the native library (or its > use of OpenSSL) found and fixed for everyone's sake. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqi6CsACgkQHPApP6U8 > pFjQCw//cTuR+GNMMG/cdhyZ09+bWd6NPDdAdc8/poIPrBoKgz7LbSPiWa5QzZBa > VlOyRmfHizZPCUslmxxJUEUI45vLzHePmetUQaOfAfLp1QQEnQXnQFtL7/x4/RG8 > TZJLOBud708YSDFKQesHQSxd424+ZFXgn6kGpUXKNRIqkqtlmiVFPQ0uatqNUQTF > htMcMOhL3cxAXOEqkJL7HAEFnJAR1Q9A1itG2nk2hk2yn0wa2aQxQxp5EEa/Gwts > +7XgZAiHTxvptJSd7lKpvG3l8wi//aC4JMQQZi9WgJf/+pK3HL5PZ55R52uojB+i > IVUFOMM/gTavyMrHPvLWNUF2AITzXmov85ZJmRZdOsBT4WaUMr4XawFViktoeJMq > aQonhP5RCOvWLnKHqxmTShExezV9gs+HgmxSRCVCNF0dqVFIa/X3rm/i/pfJJXCe > IaXJTMRizpKlQfYz5zrptTUzJ0sfRqxL8WEjz6C4Z1FEOeIqW04V4UsVH2Hz5BUO > WPBjWq807WjeEcpvwE6YkxcHitXIlof9GcCIFWKE6ub0GOI1QSWHWAOIraHSK8OZ > jWonnzE/FWojuiK4Ntbx0JrWGgIkXMhBprkHI1WRMk+nbHqT64xYQkhDYl//j5rq > Va3eZ3gz1yYt4D/Qi8q7lxhqLfe8cNkJeO3gCoPJLuKl+lISTSE= > =neYx > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: intermittent connectivity failure under ssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Alex, On 3/9/18 2:50 PM, Mark Thomas wrote: > On 09/03/18 19:39, Alex O'Ree wrote: >> So I believe i have a resolution for this issue (still >> undergoing additional testing). I hate SSL by the way. After >> exhaustive scanning of the java.net.debug logs i came up with >> nothing. 0 hints to the problem. I tried with browsers and java >> http clients and all of them ended with a socket exception >> (unexpected end of file). Did i mention i'm using the windows >> variant of tomcat 8.5.28? On a whim, I asked a coworker who has >> been using tomcat for quite some time. He suggested that issue >> may be related to OpenSSL. After checking the configs and reading >> the docs here: >> http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomca t_Configuration_File >> >> for my setup, it was defaulting to use open ssl since it was not defined in >> the config file. After changing the JSSEImplementation my >> problems appear to be sorted. Literally 3 months trying to solve >> this one. Whatever version of open ssl that comes with the >> windows build of tomcat has something wrong with it. > > Unlikely. > > More likely is that there is a bug in the APR/Native connector. But > with a reliable way to reproduce the problem, we'll never know. If you are willing to see if you can come up with a repeatable test case, it would be VERY helpful. Mark has a knack for finding and fixing irritating bugs like this in the connector very quickly, but not if he can't see the problem happen. I'd certainly like to see any issue with the native library (or its use of OpenSSL) found and fixed for everyone's sake. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqi6CsACgkQHPApP6U8 pFjQCw//cTuR+GNMMG/cdhyZ09+bWd6NPDdAdc8/poIPrBoKgz7LbSPiWa5QzZBa VlOyRmfHizZPCUslmxxJUEUI45vLzHePmetUQaOfAfLp1QQEnQXnQFtL7/x4/RG8 TZJLOBud708YSDFKQesHQSxd424+ZFXgn6kGpUXKNRIqkqtlmiVFPQ0uatqNUQTF htMcMOhL3cxAXOEqkJL7HAEFnJAR1Q9A1itG2nk2hk2yn0wa2aQxQxp5EEa/Gwts +7XgZAiHTxvptJSd7lKpvG3l8wi//aC4JMQQZi9WgJf/+pK3HL5PZ55R52uojB+i IVUFOMM/gTavyMrHPvLWNUF2AITzXmov85ZJmRZdOsBT4WaUMr4XawFViktoeJMq aQonhP5RCOvWLnKHqxmTShExezV9gs+HgmxSRCVCNF0dqVFIa/X3rm/i/pfJJXCe IaXJTMRizpKlQfYz5zrptTUzJ0sfRqxL8WEjz6C4Z1FEOeIqW04V4UsVH2Hz5BUO WPBjWq807WjeEcpvwE6YkxcHitXIlof9GcCIFWKE6ub0GOI1QSWHWAOIraHSK8OZ jWonnzE/FWojuiK4Ntbx0JrWGgIkXMhBprkHI1WRMk+nbHqT64xYQkhDYl//j5rq Va3eZ3gz1yYt4D/Qi8q7lxhqLfe8cNkJeO3gCoPJLuKl+lISTSE= =neYx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: intermittent connectivity failure under ssl
On 09/03/18 19:39, Alex O'Ree wrote: > So I believe i have a resolution for this issue (still undergoing > additional testing). I hate SSL by the way. After exhaustive scanning of > the java.net.debug logs i came up with nothing. 0 hints to the problem. I > tried with browsers and java http clients and all of them ended with a > socket exception (unexpected end of file). Did i mention i'm using the > windows variant of tomcat 8.5.28? On a whim, I asked a coworker who has > been using tomcat for quite some time. He suggested that issue may be > related to OpenSSL. After checking the configs and reading the docs here: > http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File > for my setup, it was defaulting to use open ssl since it was not defined in > the config file. After changing the JSSEImplementation my problems appear > to be sorted. Literally 3 months trying to solve this one. Whatever version > of open ssl that comes with the windows build of tomcat has something wrong > with it. Unlikely. More likely is that there is a bug in the APR/Native connector. But with a reliable way to reproduce the problem, we'll never know. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: intermittent connectivity failure under ssl
So I believe i have a resolution for this issue (still undergoing additional testing). I hate SSL by the way. After exhaustive scanning of the java.net.debug logs i came up with nothing. 0 hints to the problem. I tried with browsers and java http clients and all of them ended with a socket exception (unexpected end of file). Did i mention i'm using the windows variant of tomcat 8.5.28? On a whim, I asked a coworker who has been using tomcat for quite some time. He suggested that issue may be related to OpenSSL. After checking the configs and reading the docs here: http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File for my setup, it was defaulting to use open ssl since it was not defined in the config file. After changing the JSSEImplementation my problems appear to be sorted. Literally 3 months trying to solve this one. Whatever version of open ssl that comes with the windows build of tomcat has something wrong with it. On Mon, Mar 5, 2018 at 9:29 AM, Alex O'Reewrote: > thanks. what else could be cause this? Chrome says error empty response > frequently > > On Mon, Mar 5, 2018 at 9:27 AM, Rémy Maucherat wrote: > >> On Mon, Mar 5, 2018 at 2:59 PM, Alex O'Ree wrote: >> >> > I may be on to something. I found at a coderanch something that was >> > related. I'm using a class that extends Http11NioProtocol to provide >> > encryption support for the keystore passwords. I was setting the xml >> > attribute in server.xml/Connector@protocol = the class name of the >> > extended >> > class. This may be related to the problem as it looks like the protocol >> > attribute must be one of HTTP/1.1, etc. >> > >> > Assuming this is the issue, which attribute can i used to specify my >> > overridden class? >> > >> >> That's the correct way to use this attribute, you should specify your >> custom class that way. >> >> For server.xml values encryption, you can also use the Tomcat vault here: >> https://github.com/picketbox/tomcat-vault >> >> Rémy >> >> >> > >> > On Fri, Mar 2, 2018 at 1:58 PM, Alex O'Ree wrote: >> > >> > > Remy, what more information would you like? Any more info on the issue >> > > that you are referencing? >> > > >> > > On Fri, Mar 2, 2018 at 10:56 AM, Rémy Maucherat >> wrote: >> > > >> > >> On Fri, Mar 2, 2018 at 4:19 PM, Alex O'Ree >> wrote: >> > >> >> > >> > Ran into a strange problem, not too sure what the problem is. >> > Basically, >> > >> > I'm getting intermittent connectivity from a http client to tomcat >> but >> > >> only >> > >> > through SSL using the Http11NioProtocol. Some http requests go >> > through, >> > >> > others fail with the stack trace below. Usually, restarting tomcat >> > fixes >> > >> > it, but it appears to be random and unpredictable. This is a bit >> of a >> > >> major >> > >> > issue for me so any help is appreciated. >> > >> > >> > >> > Any pointers for how to troubleshoot this? Running tomcat 8.5.28. >> > >> > >> > >> > There's no tomcat logs to indicate that there's a problem. The >> > >> following is >> > >> > logged on the client side: >> > >> > >> > >> > Caused by: java.net.SocketException: SocketException invoking >> > >> > https://localhost:8443/myproject/services/Endpoint1: Unexpected >> end >> > of >> > >> > file from server >> > >> > >> > >> > >> > >> > >> > >> > Caused by: java.net.SocketException: Unexpected end of file from >> > server >> > >> > at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient. >> > >> > java:792) >> > >> > at sun.net.www.http.HttpClient.pa >> rseHTTP(HttpClient.java:647) >> > >> > at sun.net.www.protocol.http.HttpURLConnection. >> > getInputStream0( >> > >> > HttpURLConnection.java:1536) >> > >> > at sun.net.www.protocol.http.HttpURLConnection. >> > getInputStream( >> > >> > HttpURLConnection.java:1441) >> > >> > at java.net.HttpURLConnection.getResponseCode( >> > >> > HttpURLConnection.java:480) >> > >> > at sun.net.www.protocol.https.HttpsURLConnectionImpl. >> > >> > getResponseCode(HttpsURLConnectionImpl.java:338) >> > >> > at org.apache.cxf.transport.http.URLConnectionHTTPConduit$ >> > >> > URLConnectionWrappedOutputStream.getResponseCode( >> > >> > URLConnectionHTTPConduit.java:266) >> > >> > at org.apache.cxf.transport.http. >> > HTTPConduit$WrappedOutputStrea >> > >> m. >> > >> > handleResponseInternal(HTTPConduit.java:1543) >> > >> > at org.apache.cxf.transport.http. >> > HTTPConduit$WrappedOutputStrea >> > >> m. >> > >> > handleResponse(HTTPConduit.java:1513) >> > >> > at org.apache.cxf.transport.http.HTTPConduit$ >> > >> > WrappedOutputStream.close(HTTPConduit.java:1318) >> > >> > ... 46 more >> > >> > >> > >> >> > >> It's impossible to say without more information, but this could look >> > like >> > >> an issue that is fixed in the next build. >> > >> >> > >> Rémy >> > >>
Re: [ANN] Apache Tomcat 9.0.6 available
Maven seems to be updated, Thanks :) On Fri, Mar 9, 2018 at 11:18 PM, Mark Thomaswrote: > > > On 09/03/2018 16:14, Maxim Solodovnik wrote: > >> Hello Mark, >> >> It seems maven artifacts are not available: >> https://repo.maven.apache.org/maven2/org/apache/tomcat/embed >> /tomcat-embed-websocket/ >> https://repo.maven.apache.org/maven2/org/apache/tomcat/tomcat-api/ >> > > I might have forgotten to press the right button. I'll do that now. Give > it a few minutes to take effect. > > Mark > > > > >> Is it expected? >> >> On Fri, Mar 9, 2018 at 7:18 PM, Mark Thomas wrote: >> >> The Apache Tomcat team announces the immediate availability of Apache >>> Tomcat 9.0.6. >>> >>> Apache Tomcat 9 is an open source software implementation of the Java >>> Servlet, JavaServer Pages, Java Unified Expression Language, Java >>> WebSocket and JASPIC technologies. >>> >>> Apache Tomcat 9.0.6 is a bugfix and feature release. The notable changes >>> compared to 9.0.5 include: >>> >>> - TLS stability improvements. >>> >>> - Add the ability to specify static HTML responses for specific error >>>codes and/or exception types with the ErrorReportValve. >>> >>> - Add async HTTP/2 parser for NIO2. >>> >>> - Add documentation for the Host Manager web application. >>>Patch provided by Marek Czernek. >>> >>> Please refer to the change log for the complete list of changes: >>> http://tomcat.apache.org/tomcat-9.0-doc/changelog.html >>> >>> Downloads: >>> http://tomcat.apache.org/download-90.cgi >>> >>> Migration guides from Apache Tomcat 7.x and 8.x: >>> http://tomcat.apache.org/migration.html >>> >>> Enjoy! >>> >>> - The Apache Tomcat team >>> >>> >>> >>> For details of the "Tomcat for Administrators" training course being >>> held in Manchester, UK please see: >>> https://tomcat.apache.org/conference.html >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> >> > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- WBR Maxim aka solomax
Re: [ANN] Apache Tomcat 9.0.6 available
On 09/03/2018 16:14, Maxim Solodovnik wrote: Hello Mark, It seems maven artifacts are not available: https://repo.maven.apache.org/maven2/org/apache/tomcat/embed/tomcat-embed-websocket/ https://repo.maven.apache.org/maven2/org/apache/tomcat/tomcat-api/ I might have forgotten to press the right button. I'll do that now. Give it a few minutes to take effect. Mark Is it expected? On Fri, Mar 9, 2018 at 7:18 PM, Mark Thomaswrote: The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.6. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.6 is a bugfix and feature release. The notable changes compared to 9.0.5 include: - TLS stability improvements. - Add the ability to specify static HTML responses for specific error codes and/or exception types with the ErrorReportValve. - Add async HTTP/2 parser for NIO2. - Add documentation for the Host Manager web application. Patch provided by Marek Czernek. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-9.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-90.cgi Migration guides from Apache Tomcat 7.x and 8.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team For details of the "Tomcat for Administrators" training course being held in Manchester, UK please see: https://tomcat.apache.org/conference.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] Apache Tomcat 9.0.6 available
Hello Mark, It seems maven artifacts are not available: https://repo.maven.apache.org/maven2/org/apache/tomcat/embed/tomcat-embed-websocket/ https://repo.maven.apache.org/maven2/org/apache/tomcat/tomcat-api/ Is it expected? On Fri, Mar 9, 2018 at 7:18 PM, Mark Thomaswrote: > The Apache Tomcat team announces the immediate availability of Apache > Tomcat 9.0.6. > > Apache Tomcat 9 is an open source software implementation of the Java > Servlet, JavaServer Pages, Java Unified Expression Language, Java > WebSocket and JASPIC technologies. > > Apache Tomcat 9.0.6 is a bugfix and feature release. The notable changes > compared to 9.0.5 include: > > - TLS stability improvements. > > - Add the ability to specify static HTML responses for specific error > codes and/or exception types with the ErrorReportValve. > > - Add async HTTP/2 parser for NIO2. > > - Add documentation for the Host Manager web application. > Patch provided by Marek Czernek. > > Please refer to the change log for the complete list of changes: > http://tomcat.apache.org/tomcat-9.0-doc/changelog.html > > Downloads: > http://tomcat.apache.org/download-90.cgi > > Migration guides from Apache Tomcat 7.x and 8.x: > http://tomcat.apache.org/migration.html > > Enjoy! > > - The Apache Tomcat team > > > > For details of the "Tomcat for Administrators" training course being > held in Manchester, UK please see: > https://tomcat.apache.org/conference.html > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- WBR Maxim aka solomax
Re: letsencrypt tomcat 9
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jean-François, On 3/9/18 5:23 AM, jfrm.mau...@gmail.com wrote: > I would like to witness that I was able install successfully Let's > encrypt certificate using the document written by Christopher > Schultz: > > http://people.apache.org/~schultz/ApacheCon%20NA%202017/Let%27s%20Encr ypt%20Apache%20Tomcat.pdf > > > > At least I don't have any warnings from major browsers when > accessing my webapps. > > So I would like to thank the developper team and Christopher for > this very valuable information. > > My only request would be to promote this information closer to the > Tomcat documentation if possible because it has not been so easy > for me to identify this document among other sources on the web. > > I understand from the presentation that a development is on the way > in Tomcat, so I will subscribe to the developer list to stay > informed on this important subject for me. I think it's reasonable to update the User Guide to include some references about using Let's Encrypt, especially now that Tomcat 8.5 and 9.0 are capable of reloading the keystores. When that presentation was originally written, Tomcat wasn't quite capable of a graceful reload . I'll be updating my presentation for this year's ApacheCon in Montréal, QC in September to include the latest information about using Let's Encrypt with Tomcat. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqioVMACgkQHPApP6U8 pFgi8BAAjFqrCP+vZTQguDyLuFpfpaIlhjAp3KxNCSGyNJjZWvw+7qQzbKVCYNIn N9wGsFQo+6mTBiN+daxL6gUis+e1rXs9oO7ayXOkwBEcsukeYvNrzpwsjVyNFP6t TRm8pGYegpglNNStdNj0pMTcv76w5LpHnZlBEh/8myHzuvAo3Ro8APYpoMgzVj8+ gIouCFP1bCgGOqh/92CEk7zihFFgLK78AJebAX+K2msmO8BsxtbJojppvPwiLxMF PJgMy/TUjR3iUMvefJ46v4AeXqPax4ByHyrSnzjrHPnsO56saFZTbGLKgGBXwsqx gXyitSecBmfyz6OREwRg9eCvnlm/BnikqHZVU2sZPrwTUqrtf4YDtJZzeAJhSlDz CnSbE7WHV7iXsNYNn7voZ01R34ejATOcwEjQDRU/hrjjJxPxZr0gpn2IyTmiyASH zMYCQp6+lVuEbemDu4Mx1a9KMmG/j5wdmbUOAVJRk1ZRWzQJI7XbKBibUV+Z/bt7 FdwWCgmCHy0u66DdqB549Z5CjC9xi2tsD5M0MsEsWczTbCmreCXJ5zr/J0i3VkGX VUZgEciuMef1XF7EQYOxOW38npnYnkqlqDoZVnnC66GEak5Ro2Y0urVOEgBsQluK 2oxZOZ2tCnRFGosxUAW3IQWjgZ45SbtjSIoE305HjgQH5xW/SBI= =Bd3o -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: letsencrypt tomcat 9
Thank you very much for your email. If I have any trouble with using Let's Encrypt certificate with Tomcat, may I contact you then? On Fri, Mar 9, 2018 at 5:23 AM, jfrm.mau...@gmail.comwrote: > > Hi, > > I would like to witness that I was able install successfully Let's encrypt > certificate using the document written by Christopher Schultz: > > http://people.apache.org/~schultz/ApacheCon%20NA%202017/Let% > 27s%20Encrypt%20Apache%20Tomcat.pdf > > At least I don't have any warnings from major browsers when accessing my > webapps. > > So I would like to thank the developper team and Christopher for this very > valuable information. > > My only request would be to promote this information closer to the Tomcat > documentation if possible because it has not been so easy for me to > identify this document among other sources on the web. > > I understand from the presentation that a developpement is on the way in > Tomcat, so I will subscribe to the developper list to stay informed on this > important subject for me. > > Regards > > -- > Jean-François MAUREL > PIMECA > http://www.pimeca.com > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
[ANN] Apache Tomcat 9.0.6 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.6. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.6 is a bugfix and feature release. The notable changes compared to 9.0.5 include: - TLS stability improvements. - Add the ability to specify static HTML responses for specific error codes and/or exception types with the ErrorReportValve. - Add async HTTP/2 parser for NIO2. - Add documentation for the Host Manager web application. Patch provided by Marek Czernek. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-9.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-90.cgi Migration guides from Apache Tomcat 7.x and 8.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team For details of the "Tomcat for Administrators" training course being held in Manchester, UK please see: https://tomcat.apache.org/conference.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Fwd: Accessing tomcat JNDI tree remotely issue
Dear Team, While trying to port our application from WAS 8.5.5 to tomcat 8.0.33, we have hit a roadblock and we are unable to proceed. Hence requesting for your inputs. Following is the scenario: we have DataSourceManager class which looks for datasource in the context as shown below. Properties prop = *new* Properties(); prop.put("java.naming.factory.initial", "org.apache.naming.java.javaURLContextFactory"); prop.put("java.naming.provider.url", “ rmi://localhost:1099”); InitialContext context = *new* InitialContext(prop); dataSource = (DataSource) context.lookup(“apl_datasource”); Following code perfectly works well when code is run within the Tomcat container. But we are unable to access the context remotely i.e from outside the Tomcat container. But this works fine in case of WAS when “com.ibm.websphere.naming.WsnInitialContextFactory” class is used. While running a standalone client from a shell script, when inside DataSourceManager class we do a context lookup for a data source and the lookup fails with following exception. javax.naming.NameNotFoundException: Name [java:comp/env/jdbc/apl_datasource] is not bound in this Context. Unable to find [java:comp]. It seems tomcat does not support remote access to its JNDI tree and context initialized is empty. Tomcat does have the data source in the context but it is only accessible to the process running inside the containers and not accessible to processes running outside the container. PFB the following link for your reference. https:// stackoverflow.com/questions/744389/tomcat-what-is-the- init-context-params-to-use-for-making-an-external-client-con Kindly provide your inputs on 2 points · This link is for tomcat 5.5 and we are porting to tomcat 8. Has scenario changed in tomcat8 · Is there any other way to access the JNDI tree remotely by standalone application. · Is the rmi protocol mentioned in provider url is supported by tomcat, or we should change it to some another protocol. Thanks and Regards, Deepam Singla
letsencrypt tomcat 9
Hi, I would like to witness that I was able install successfully Let's encrypt certificate using the document written by Christopher Schultz: http://people.apache.org/~schultz/ApacheCon%20NA%202017/Let%27s%20Encrypt%20Apache%20Tomcat.pdf At least I don't have any warnings from major browsers when accessing my webapps. So I would like to thank the developper team and Christopher for this very valuable information. My only request would be to promote this information closer to the Tomcat documentation if possible because it has not been so easy for me to identify this document among other sources on the web. I understand from the presentation that a developpement is on the way in Tomcat, so I will subscribe to the developper list to stay informed on this important subject for me. Regards -- Jean-François MAUREL PIMECA http://www.pimeca.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Strange behavior on Tomcat 9.0.5 about ResourceLink's "name" attribute in server.xml
On 09/03/18 08:42, Tarin Gamberini wrote: > On 8 March 2018 at 20:44, Christopher Schultz> wrote: > >> [cut] >> On 3/8/18 1:56 PM, Mark Thomas wrote: >>> On 08/03/18 18:53, Tarin Gamberini wrote: On 08/03/2018 17:52, Rémy Maucherat wrote: > On Thu, Mar 8, 2018 at 5:26 PM, Tarin Gamberini >> [cut] # PROBLEM >> >> I have two datasources in the same web application: >> >> > type="javax.sql.DataSource"/> > global="jdbc/abc/jkl/XXX_YYY" name="jdbc/abc/jkl" >> type="javax.sql.DataSource"/> [cut] > > Well, you have "abc" that s already bound and is a datasource, > then you try to create a subcontext "abc" and it doesn't work. > Sorry, I'm not sure I have understood what you mean. >> [cut] >> each part has to have the expected type, >> like this: >> >> comp:env -> context >> java -> context >> jdbc -> context >> abc -> DataSource >>[can't create a path below a DS] >> >> Hope that helps, >> > Yes, it have helped me a lot. > > I know about JNDI hierarchy but not about the type. > > Sorry for bothering you all, I'll review JNDI during this weekend. No need to apologise. You asked a good (clear, well-written) question and the community provided the answer. I learned something along the way and I'm sure others did to. That is the mailing list worked exactly as it is meant to. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Strange behavior on Tomcat 9.0.5 about ResourceLink's "name" attribute in server.xml
On 8 March 2018 at 20:44, Christopher Schultzwrote: > [cut] > On 3/8/18 1:56 PM, Mark Thomas wrote: > > On 08/03/18 18:53, Tarin Gamberini wrote: > >> On 08/03/2018 17:52, Rémy Maucherat wrote: > >>> On Thu, Mar 8, 2018 at 5:26 PM, Tarin Gamberini > [cut] # PROBLEM > > I have two datasources in the same web application: > > type="javax.sql.DataSource"/> global="jdbc/abc/jkl/XXX_YYY" name="jdbc/abc/jkl" > type="javax.sql.DataSource"/> [cut] > >>> > >>> Well, you have "abc" that s already bound and is a datasource, > >>> then you try to create a subcontext "abc" and it doesn't work. > >>> > >> Sorry, I'm not sure I have understood what you mean. > [cut] > each part has to have the expected type, > like this: > > comp:env -> context > java -> context > jdbc -> context > abc -> DataSource >[can't create a path below a DS] > > Hope that helps, > Yes, it have helped me a lot. I know about JNDI hierarchy but not about the type. Sorry for bothering you all, I'll review JNDI during this weekend. > - -chris > [cut] Best regards, Tarin www.taringamberini.com/en/blog
Re: Strange behavior on Tomcat 9.0.5 about ResourceLink's "name" attribute in server.xml
On 8 March 2018 at 19:56, Mark Thomaswrote: > On 08/03/18 18:53, Tarin Gamberini wrote: > > On 08/03/2018 17:52, Rémy Maucherat wrote: > >> On Thu, Mar 8, 2018 at 5:26 PM, Tarin Gamberini > >>> [cut] > >>> # PROBLEM > >>> > >>> I have two datasources in the same web application: > >>> > >>> >>> type="javax.sql.DataSource"/> > >>> >>> type="javax.sql.DataSource"/> > >>> [cut] > >> > >> Well, you have "abc" that s already bound and is a datasource, then you > try > >> to create a subcontext "abc" and it doesn't work. > > Sorry, I'm not sure I have understood what you mean. Just for > clarification: > > > > 1. > > By «you have "abc" that s already bound and is a datasource» are you > > thinking about the "abc" just after "jdbc/" in «global="jdbc/abc/ABC"» ? > > > > 2. > > By «then you try to create a subcontext "abc"» are you thinking about > > the ending ABC in «global="jdbc/abc/ABC"» ? > > No. Look at the names, not the global names. > Mark I have understood, thanks for clarifying it. Best regards, Tarin www.taringamberini.com/en/blog