Re: JVM crashing with caCertificatePath in server.xml
ADDITIONAL ENVIRONMENT INFO UPDATE: libtcnative: org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.3.0] using APR version [1.7.4]. CRASH LOG See enclosed: hs_err_pid4464.log c_rehash.pl I didn’t have perl, tried strawberry perl, it didn’t seem to create symlinks on Windows so I do it with a powershell using "openssl x509 -subject_hash -fingerprint -noout -in " making symlinks in the same directory for each CA cert PEM e.g. a655d288.0 (link) -> cert.pem (file). This didn’t seem to make a difference though, JVM still crashed. -Andy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding Tomcat url redirection
Lavanya,
On 5/14/24 15:11, lavanya tech wrote:
You are right. We need aliasing here which means the URL in the browser
does not change.
May I know where should I put the below rewrite files ?
# Redirect everything that is not server.lbg.com to
# server.lbg.com. Don't worry about /towl yet.
RewriteCond %{HTTP_HOST} !^server\.lbg\.com$
RewriteRule ^/(.*) https://server.lbg.com:8443/$1 [R=301,L]
# Redirect anything that isn't already going to /towl
# to go to /towl
RewriteCond %{REQUEST_URI} !^/towl
RewriteRule ^/(.*) https://server.lbg.com:8443/towl/$1 [R=301,L]
AIUI, you can put all of the above in conf/rewrite.config and configure
the under your just as you had it before.
If you want aliasing and not redirection, then you don't want the [R]
flag. IMO, you should really do a redirect. If you don't, then the
application and the browser disagree about the base URL and all kinds of
things like that.
-chris
On Tuesday, May 14, 2024, Christopher Schultz
wrote:
Lavanya,
On 5/14/24 09:12, lavanya tech wrote:
IMHO removing the port number is always the preferred solution — I never
did it
can we achieve this with tomcat or we need to setup an reverse proxy
here.
Your application uses whatever internal URLs it wants. Are you building
those yourself, or are you asking Tomcat for the e.g. hostname, etc.? If
it's Tomcat, this is where the proxyName and proxyPort come in.
- Yes, I have not built these UrLs before. It’s was working from the
very
beginning. As. I mentioned we are not able to reach goal or whatever.
Rather than saying redirection, I would say it’s aliasing.
Please be specific. "Aliasing" (to me) means "the URL does to the right
place but doesn't change in the browser's URL" and "redirection" (to
everybody) means "HTTP 301 or 302 response to a new URL".
Instead of moving applications or changing tomcat configuration it’s easier
to achieve with reverse proxy ?
https://example.lbg.com/ to https://server.lbg.com:8443/towl
This will be a nightmare. Do not try to rewrite URLs using a reverse
proxy. You should redirect users to the right place if necessary. You can
use a reverse-proxy if you want, but it won't be any less complicated than
having Tomcat do it.
I think your rewrite.config file just needs a few tweaks:
# Redirect everything that is not server.lbg.com to
# server.lbg.com. Don't worry about /towl yet.
RewriteCond %{HTTP_HOST} !^server\.lbg\.com$
RewriteRule ^/(.*) https://server.lbg.com:8443/$1 [R=301,L]
# Redirect anything that isn't already going to /towl
# to go to /towl
RewriteCond %{REQUEST_URI} !^/towl
RewriteRule ^/(.*) https://server.lbg.com:8443/towl/$1 [R=301,L]
The application should be deployed as towl.war (or towl/ directory). You
should listen on ports 80, 443, and 8443, and you should always end up at
the right place. You should have proxyPort="8443" and proxyName="
server.lbg.com" in your .
You will not need a ROOT context, since the rewrite will take care of that
for you.
-chris
On Mon, May 13, 2024 at 10:17 PM lavanya tech
wrote:
Hi Chris,
Sorry, If I did confuse. It’s important that
https://server.lbg.com:8443/towl is always working. Goal is not to
disable /towl, but just redirect or aliasing
https//example.lbg.com/ to https://server.lbg.com:8443/towl
Thanks,
Lavanya
On Monday, May 13, 2024, Christopher Schultz <
ch...@christopherschultz.net
wrote:
Lavanya,
On 5/13/24 05:57, lavanya tech wrote:
Somehow made it work now i can only access urls as you mentioned before
https://example.lbg.com and https://server.lbg.com with port 8443 and
with
out
https://example.lbg.com/towl and https://server.lbg.com/towl --> I
have an
error now File not found.
So i think we need to make work https://example.lbg.com/ to
https://server.lbg.com/towl
I'm sorry, I'm still confused as to which way you want things.
Do you want to redirect /towl -> / or do you want to redirect / - >
/towl?
Or does it depend upon the hostname? It would really be better if you
could settle on one specific beahvior.
-chris
On Mon, May 13, 2024 at 9:41 AM lavanya tech
wrote:
Hi Chris,
Where are you defining the RewriteValve itself?
Defined rewritevalve here
resource="conf/rewrite.config" />
2) reated rewrite.config and added as below under conf/
RewriteCond %{REQUEST_URI} ^/towl/(.*)
RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R]
3) After renaming towl to ROOT -> /webapps/ROOT/WEB-INF/web.xml ( I
already have this mappings /* in web.xml file)
Logging Area
Authentication for registered users.
/*
/api/v1/search
/api/v1/suggest/*
LDAP_USER
api
4) Restarted Tomcat, Then I cannot access
https://server.lbg.com:8443/towl
--> Have below error
Message java.nio.file.NoSuchFileException:
Re: JVM crashing with caCertificatePath in server.xml
On 5/14/24 15:23, Andy Arismendi wrote: Sure thing - ADDITIONAL ENVIRONMENT INFO: libtcnative: tcnative-1.dll is included in the Tomcat 9.0.89 64-bit Windows zip download, not sure about the version... OpenSSL version: 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024) (with FIPS 140-2) Regarding expecting a directory of certificate hash files, I wasn’t aware of this, assumed it would pick up CA cert PEM files in a directory. The Tomcat documentation does say this just needs to be a directory full of PEM files. I can trace through the code to see if it's more like what Michael-O posted. Honestly, the whole idea of having to run c_rehash is a stupid hack for stupid programs. You should never have to do that. :/ I would however not expect this or an empty directory to crash the JVM however… +1 Are you able to provide a better backtrace than "libtcnative.dll++0xccd10"? A Java stack trace would be great, but a native one would be even better. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JVM crashing with caCertificatePath in server.xml
On 2024/05/14 19:23:47 Andy Arismendi wrote: > Sure thing - > > ADDITIONAL ENVIRONMENT INFO: > > libtcnative: tcnative-1.dll is included in the Tomcat 9.0.89 64-bit Windows > zip download, not sure about the version... > OpenSSL version: 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024) > (with FIPS 140-2) Have a look at catalina.out, it should be 1.3.0, I guess. > Regarding expecting a directory of certificate hash files, I wasn’t aware of > this, assumed it would pick up CA cert PEM files in a directory. I would > however not expect this or an empty directory to crash the JVM however… Nope, it won't. See SSL_CTX_load_verify_locations at https://www.openssl.org/docs/manmaster/man3/SSL_CTX_load_verify_locations.html: If CApath is not NULL, it points to a directory containing CA certificates in PEM format. The files each contain one CA certificate. The files are looked up by the CA subject name hash value, which must hence be available. If more than one CA certificate with the same name hash value exist, the extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the ordering of the extension number, regardless of other properties of the certificates. Use the c_rehash utility to create the necessary links. Please don't forget the log file. The issue is somewhere here: https://github.com/apache/tomcat-native/blob/43ddd1e8059528454110198ca0d7d191322beeaf/native/src/sslcontext.c#L673-L738 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JVM crashing with caCertificatePath in server.xml
Sure thing - ADDITIONAL ENVIRONMENT INFO: libtcnative: tcnative-1.dll is included in the Tomcat 9.0.89 64-bit Windows zip download, not sure about the version... OpenSSL version: 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024) (with FIPS 140-2) Regarding expecting a directory of certificate hash files, I wasn’t aware of this, assumed it would pick up CA cert PEM files in a directory. I would however not expect this or an empty directory to crash the JVM however… -Andy On May 14, 2024, at 2:53 PM, Michael Osipov wrote: Please provide the log file, the OpenSSL version used and the libtcnative version used. Please note that caCertificatePath expects a directory with certificate hash files. Plain certs won't work. M
Re: Regarding Tomcat url redirection
Hi Chris,
You are right. We need aliasing here which means the URL in the browser
does not change.
May I know where should I put the below rewrite files ?
# Redirect everything that is not server.lbg.com to
# server.lbg.com. Don't worry about /towl yet.
RewriteCond %{HTTP_HOST} !^server\.lbg\.com$
RewriteRule ^/(.*) https://server.lbg.com:8443/$1 [R=301,L]
# Redirect anything that isn't already going to /towl
# to go to /towl
RewriteCond %{REQUEST_URI} !^/towl
RewriteRule ^/(.*) https://server.lbg.com:8443/towl/$1 [R=301,L]
Thanks,
Lavanya
On Tuesday, May 14, 2024, Christopher Schultz
wrote:
> Lavanya,
>
> On 5/14/24 09:12, lavanya tech wrote:
>
>> IMHO removing the port number is always the preferred solution — I never
>>> did it
>>>
>>>
can we achieve this with tomcat or we need to setup an reverse proxy
here.
>>> Your application uses whatever internal URLs it wants. Are you building
>>> those yourself, or are you asking Tomcat for the e.g. hostname, etc.? If
>>> it's Tomcat, this is where the proxyName and proxyPort come in.
>>>
>>
>> - Yes, I have not built these UrLs before. It’s was working from the
>> very
>> beginning. As. I mentioned we are not able to reach goal or whatever.
>>
>> Rather than saying redirection, I would say it’s aliasing.
>>
>
> Please be specific. "Aliasing" (to me) means "the URL does to the right
> place but doesn't change in the browser's URL" and "redirection" (to
> everybody) means "HTTP 301 or 302 response to a new URL".
>
> Instead of moving applications or changing tomcat configuration it’s easier
>> to achieve with reverse proxy ?
>>
>> https://example.lbg.com/ to https://server.lbg.com:8443/towl
>>
>
> This will be a nightmare. Do not try to rewrite URLs using a reverse
> proxy. You should redirect users to the right place if necessary. You can
> use a reverse-proxy if you want, but it won't be any less complicated than
> having Tomcat do it.
>
> I think your rewrite.config file just needs a few tweaks:
>
> # Redirect everything that is not server.lbg.com to
> # server.lbg.com. Don't worry about /towl yet.
> RewriteCond %{HTTP_HOST} !^server\.lbg\.com$
> RewriteRule ^/(.*) https://server.lbg.com:8443/$1 [R=301,L]
>
> # Redirect anything that isn't already going to /towl
> # to go to /towl
> RewriteCond %{REQUEST_URI} !^/towl
> RewriteRule ^/(.*) https://server.lbg.com:8443/towl/$1 [R=301,L]
>
> The application should be deployed as towl.war (or towl/ directory). You
> should listen on ports 80, 443, and 8443, and you should always end up at
> the right place. You should have proxyPort="8443" and proxyName="
> server.lbg.com" in your .
>
> You will not need a ROOT context, since the rewrite will take care of that
> for you.
>
> -chris
>
> On Mon, May 13, 2024 at 10:17 PM lavanya tech
>>> wrote:
>>>
>>> Hi Chris,
>>>
>>> Sorry, If I did confuse. It’s important that
>>> https://server.lbg.com:8443/towl is always working. Goal is not to
>>> disable /towl, but just redirect or aliasing
>>>
>>> https//example.lbg.com/ to https://server.lbg.com:8443/towl
>>>
>>>
>>>
>>>
>>> Thanks,
>>> Lavanya
>>>
>>> On Monday, May 13, 2024, Christopher Schultz <
>>> ch...@christopherschultz.net
>>>
wrote:
>>>
>>> Lavanya,
>>>
>>> On 5/13/24 05:57, lavanya tech wrote:
>>>
>>> Somehow made it work now i can only access urls as you mentioned before
>>> https://example.lbg.com and https://server.lbg.com with port 8443 and
>>> with
>>> out
>>>
>>> https://example.lbg.com/towl and https://server.lbg.com/towl --> I
>>> have an
>>> error now File not found.
>>>
>>> So i think we need to make work https://example.lbg.com/ to
>>> https://server.lbg.com/towl
>>>
>>>
>>> I'm sorry, I'm still confused as to which way you want things.
>>>
>>> Do you want to redirect /towl -> / or do you want to redirect / - >
>>> /towl?
>>>
>>> Or does it depend upon the hostname? It would really be better if you
>>> could settle on one specific beahvior.
>>>
>>> -chris
>>>
>>> On Mon, May 13, 2024 at 9:41 AM lavanya tech
>>>
>>> wrote:
>>>
>>> Hi Chris,
>>>
>>>
>>> Where are you defining the RewriteValve itself?
>>>
>>> Defined rewritevalve here
>>> >>unpackWARs="true" autoDeploy="true">
>>>
>>> >> className="org.apache.catalina.valves.rewrite.RewriteValve" />
>>> resource="conf/rewrite.config" />
>>>
>>> 2) reated rewrite.config and added as below under conf/
>>>
>>> RewriteCond %{REQUEST_URI} ^/towl/(.*)
>>> RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R]
>>>
>>> 3) After renaming towl to ROOT -> /webapps/ROOT/WEB-INF/web.xml ( I
>>> already have this mappings /* in web.xml file)
>>>
>>>
>>>
>>>Logging Area
>>>
>>>Authentication for registered users.
>>>
>>>/*
>>>/api/v1/search
>>>/api/v1/suggest/*
>>>
>>>
>>>LDAP_USER
>>>api
>>>
>>>
Re: JVM crashing with caCertificatePath in server.xml
On 2024/05/14 18:21:36 Andy Arismendi wrote: > Hi, just ran into this today. The JVM is crashing when caCertificatePath is > added to server.xml. I tried the latest Zulu JRE 8 and 11 but still had the > crash. > > > ENVIRONMENT > > Tomcat: 9.0.89 (64-bit Windows zip) > OS: Windows Server 2019 > JVM: > openjdk version "1.8.0_322" > OpenJDK Runtime Environment (Zulu 8.60.0.21-CA-win64) (build 1.8.0_322-b06) > OpenJDK 64-Bit Server VM (Zulu 8.60.0.21-CA-win64) (build 25.322-b06, mixed > mode) > > > CRASH INFO > > When caCertificatePath is present in server.xml and points to a valid > directory (empty or with PEM files) the JVM crashes during Tomcat startup. > This is the JVM console output: > > 14-May-2024 17:34:58.443 INFO [main] org.apache.coyote.AbstractProtocol.init > Initializing ProtocolHandler ["https-openssl-nio2-1.2.3.4-443"] > # > # A fatal error has been detected by the Java Runtime Environment: > # > # EXCEPTION_ACCESS_VIOLATION (0xc005) at pc=0x0001800ccd10, > pid=1244, tid=0x0ab0 > # > # JRE version: OpenJDK Runtime Environment (Zulu 8.60.0.21-CA-win64) > (8.0_322-b06) (build 1.8.0_322-b06) > # Java VM: OpenJDK 64-Bit Server VM (25.322-b06 mixed mode windows-amd64 > compressed oops) > # Problematic frame: > # C [tcnative-1.dll+0xccd10] > # > # Core dump written. Default location: D:\Program > Files\apache-tomcat\bin\hs_err_pid1244.mdmp > # > # An error report file with more information is saved as: > # D:\Program Files\apache-tomcat\bin\hs_err_pid1244.log > # > # If you would like to submit a bug report, please visit: > # http://www.azul.com/support/ > # The crash happened outside the Java Virtual Machine in native code. > # See problematic frame for where to report the bug. > # > > > CONFIG INFO > > Here’s the server.xml that causes the JVM crash. > > maxThreads="1000" port="443" scheme="https" secure="true" SSLEnabled="true" > allowTrace="false" xpoweredBy="false" address="1.2.3.4" acceptCount="1" > socket.rxBufSize="131072" socket.txBufSize="131072" minSpareThreads="100" > maxConnections="1"> >ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" > disableCompression="true" disableSessionTickets="false" > honorCipherOrder="true" caCertificatePath="C:\PKI\CA"> > certificateKeyFile="C:\PKI\server.key" > certificateChainFile="C:\PKI\server-chain.pem"/> > > Please provide the log file, the OpenSSL version used and the libtcnative version used. Please note that caCertificatePath expects a directory with certificate hash files. Plain certs won't work. M - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JVM crashing with caCertificatePath in server.xml
Hi, just ran into this today. The JVM is crashing when caCertificatePath is added to server.xml. I tried the latest Zulu JRE 8 and 11 but still had the crash. ENVIRONMENT Tomcat: 9.0.89 (64-bit Windows zip) OS: Windows Server 2019 JVM: openjdk version "1.8.0_322" OpenJDK Runtime Environment (Zulu 8.60.0.21-CA-win64) (build 1.8.0_322-b06) OpenJDK 64-Bit Server VM (Zulu 8.60.0.21-CA-win64) (build 25.322-b06, mixed mode) CRASH INFO When caCertificatePath is present in server.xml and points to a valid directory (empty or with PEM files) the JVM crashes during Tomcat startup. This is the JVM console output: 14-May-2024 17:34:58.443 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio2-1.2.3.4-443"] # # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_ACCESS_VIOLATION (0xc005) at pc=0x0001800ccd10, pid=1244, tid=0x0ab0 # # JRE version: OpenJDK Runtime Environment (Zulu 8.60.0.21-CA-win64) (8.0_322-b06) (build 1.8.0_322-b06) # Java VM: OpenJDK 64-Bit Server VM (25.322-b06 mixed mode windows-amd64 compressed oops) # Problematic frame: # C [tcnative-1.dll+0xccd10] # # Core dump written. Default location: D:\Program Files\apache-tomcat\bin\hs_err_pid1244.mdmp # # An error report file with more information is saved as: # D:\Program Files\apache-tomcat\bin\hs_err_pid1244.log # # If you would like to submit a bug report, please visit: # http://www.azul.com/support/ # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # CONFIG INFO Here’s the server.xml that causes the JVM crash. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding Tomcat url redirection
Lavanya,
On 5/14/24 09:12, lavanya tech wrote:
IMHO removing the port number is always the preferred solution — I never
did it
can we achieve this with tomcat or we need to setup an reverse proxy here.
Your application uses whatever internal URLs it wants. Are you building
those yourself, or are you asking Tomcat for the e.g. hostname, etc.? If
it's Tomcat, this is where the proxyName and proxyPort come in.
- Yes, I have not built these UrLs before. It’s was working from the very
beginning. As. I mentioned we are not able to reach goal or whatever.
Rather than saying redirection, I would say it’s aliasing.
Please be specific. "Aliasing" (to me) means "the URL does to the right
place but doesn't change in the browser's URL" and "redirection" (to
everybody) means "HTTP 301 or 302 response to a new URL".
Instead of moving applications or changing tomcat configuration it’s easier
to achieve with reverse proxy ?
https://example.lbg.com/ to https://server.lbg.com:8443/towl
This will be a nightmare. Do not try to rewrite URLs using a reverse
proxy. You should redirect users to the right place if necessary. You
can use a reverse-proxy if you want, but it won't be any less
complicated than having Tomcat do it.
I think your rewrite.config file just needs a few tweaks:
# Redirect everything that is not server.lbg.com to
# server.lbg.com. Don't worry about /towl yet.
RewriteCond %{HTTP_HOST} !^server\.lbg\.com$
RewriteRule ^/(.*) https://server.lbg.com:8443/$1 [R=301,L]
# Redirect anything that isn't already going to /towl
# to go to /towl
RewriteCond %{REQUEST_URI} !^/towl
RewriteRule ^/(.*) https://server.lbg.com:8443/towl/$1 [R=301,L]
The application should be deployed as towl.war (or towl/ directory). You
should listen on ports 80, 443, and 8443, and you should always end up
at the right place. You should have proxyPort="8443" and
proxyName="server.lbg.com" in your .
You will not need a ROOT context, since the rewrite will take care of
that for you.
-chris
On Mon, May 13, 2024 at 10:17 PM lavanya tech
wrote:
Hi Chris,
Sorry, If I did confuse. It’s important that
https://server.lbg.com:8443/towl is always working. Goal is not to
disable /towl, but just redirect or aliasing
https//example.lbg.com/ to https://server.lbg.com:8443/towl
Thanks,
Lavanya
On Monday, May 13, 2024, Christopher Schultz
wrote:
Lavanya,
On 5/13/24 05:57, lavanya tech wrote:
Somehow made it work now i can only access urls as you mentioned before
https://example.lbg.com and https://server.lbg.com with port 8443 and
with
out
https://example.lbg.com/towl and https://server.lbg.com/towl --> I
have an
error now File not found.
So i think we need to make work https://example.lbg.com/ to
https://server.lbg.com/towl
I'm sorry, I'm still confused as to which way you want things.
Do you want to redirect /towl -> / or do you want to redirect / - > /towl?
Or does it depend upon the hostname? It would really be better if you
could settle on one specific beahvior.
-chris
On Mon, May 13, 2024 at 9:41 AM lavanya tech
wrote:
Hi Chris,
Where are you defining the RewriteValve itself?
Defined rewritevalve here
resource="conf/rewrite.config" />
2) reated rewrite.config and added as below under conf/
RewriteCond %{REQUEST_URI} ^/towl/(.*)
RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R]
3) After renaming towl to ROOT -> /webapps/ROOT/WEB-INF/web.xml ( I
already have this mappings /* in web.xml file)
Logging Area
Authentication for registered users.
/*
/api/v1/search
/api/v1/suggest/*
LDAP_USER
api
4) Restarted Tomcat, Then I cannot access
https://server.lbg.com:8443/towl
--> Have below error
Message java.nio.file.NoSuchFileException:
/git/apache-tomcat-10.1.11/webapps/towl/WEB-INF/lib/xss-1.0.8.jar
Description The server encountered an unexpected condition that
prevented
it from fulfilling the request.
5) Also https://example.lbg.com doesnot work anymore
Before you do anything with redirecting, can you just make sure you are
only deploying ROOT.war and nothing else?
How can I do that. I already changed towl.war to ROOT.war
But still both the urls have error as mentioned above.
Si I revereted back the changes.
That's weird. Try stopping, deleting the work/ directory and restarting.
--> I have this wierd behavior for some reason, thoudh index.jsp is
located
no changes were made to file. After deleting cookies url works
where Am I going wrong.
Thanks,
Lavanya
On Fri, May 10, 2024 at 6:50 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Lavanya,
On 5/10/24 04:37, lavanya tech wrote:
I tried the below and have the issues.
1)proxyPort="443" and proxyName="example.lbg.com" to the connector
2) remanmed towl.war to ROOT.war
3) created
Re: Regarding Tomcat url redirection
Hi Chris,
>
> IMHO removing the port number is always the preferred solution — I never
> did it
>
>>
>> can we achieve this with tomcat or we need to setup an reverse proxy here.
>>
>
> Your application uses whatever internal URLs it wants. Are you building
> those yourself, or are you asking Tomcat for the e.g. hostname, etc.? If
> it's Tomcat, this is where the proxyName and proxyPort come in.
- Yes, I have not built these UrLs before. It’s was working from the very
beginning. As. I mentioned we are not able to reach goal or whatever.
Rather than saying redirection, I would say it’s aliasing.
Instead of moving applications or changing tomcat configuration it’s easier
to achieve with reverse proxy ?
https://example.lbg.com/ to https://server.lbg.com:8443/towl
Kindly let me know what’s the best way.
Thanks,
Ammu
>
> -chris
>
> On Mon, May 13, 2024 at 10:17 PM lavanya tech
> wrote:
>
> Hi Chris,
>
> Sorry, If I did confuse. It’s important that
> https://server.lbg.com:8443/towl is always working. Goal is not to
> disable /towl, but just redirect or aliasing
>
> https//example.lbg.com/ to https://server.lbg.com:8443/towl
>
>
>
>
> Thanks,
> Lavanya
>
> On Monday, May 13, 2024, Christopher Schultz >
> wrote:
>
> Lavanya,
>
> On 5/13/24 05:57, lavanya tech wrote:
>
> Somehow made it work now i can only access urls as you mentioned before
> https://example.lbg.com and https://server.lbg.com with port 8443 and
> with
> out
>
>https://example.lbg.com/towl and https://server.lbg.com/towl --> I
> have an
> error now File not found.
>
> So i think we need to make work https://example.lbg.com/ to
> https://server.lbg.com/towl
>
>
> I'm sorry, I'm still confused as to which way you want things.
>
> Do you want to redirect /towl -> / or do you want to redirect / - > /towl?
>
> Or does it depend upon the hostname? It would really be better if you
> could settle on one specific beahvior.
>
> -chris
>
> On Mon, May 13, 2024 at 9:41 AM lavanya tech
>
> wrote:
>
> Hi Chris,
>
>
> Where are you defining the RewriteValve itself?
>
> Defined rewritevalve here
>unpackWARs="true" autoDeploy="true">
>
> className="org.apache.catalina.valves.rewrite.RewriteValve" />
>resource="conf/rewrite.config" />
>
> 2) reated rewrite.config and added as below under conf/
>
>RewriteCond %{REQUEST_URI} ^/towl/(.*)
>RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R]
>
> 3) After renaming towl to ROOT -> /webapps/ROOT/WEB-INF/web.xml ( I
> already have this mappings /* in web.xml file)
>
>
>
> Logging Area
>
> Authentication for registered users.
>
> /*
> /api/v1/search
> /api/v1/suggest/*
>
>
> LDAP_USER
> api
>
>
>
> 4) Restarted Tomcat, Then I cannot access
> https://server.lbg.com:8443/towl
> --> Have below error
>
> Message java.nio.file.NoSuchFileException:
> /git/apache-tomcat-10.1.11/webapps/towl/WEB-INF/lib/xss-1.0.8.jar
>
> Description The server encountered an unexpected condition that
> prevented
> it from fulfilling the request.
>
> 5) Also https://example.lbg.com doesnot work anymore
>
> Before you do anything with redirecting, can you just make sure you are
> only deploying ROOT.war and nothing else?
> How can I do that. I already changed towl.war to ROOT.war
>
> But still both the urls have error as mentioned above.
>
>
> Si I revereted back the changes.
> That's weird. Try stopping, deleting the work/ directory and restarting.
> --> I have this wierd behavior for some reason, thoudh index.jsp is
> located
> no changes were made to file. After deleting cookies url works
>
> where Am I going wrong.
>
> Thanks,
> Lavanya
>
>
> On Fri, May 10, 2024 at 6:50 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> Lavanya,
>
>
> On 5/10/24 04:37, lavanya tech wrote:
>
> I tried the below and have the issues.
>
> 1)proxyPort="443" and proxyName="example.lbg.com" to the connector
> 2) remanmed towl.war to ROOT.war
> 3) created rewrite.config and added as below under conf/
>
>
> Where are you defining the RewriteValve itself?
>
> RewriteCond %{REQUEST_URI} ^/towl/(.*)
>
> RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R]
>
>
> If this is being handled by the ROOT servlet then I think it's right.
>
> 4) added this in web.xml file of /webapps/towl/web.xml/
>
>
>
>
>
>
>
>
>Restricted Access to
> /towl
>/towl/*
>
>
> No, this is wrong. Since this is the "towl" application and not ROOT,
> you want to map /* and not /towl/* because the application will never
> see the /towl/ as it's an application/context prefix that Tomcat will
> remove.
>
>
>
>
>
>
>
>
> Also I noticed that even if I rename the towl application to ROOT,
> when
>
> i
>
> call the url
Re: Regarding Tomcat url redirection
Lavanya,
On 5/14/24 03:47, lavanya tech wrote:
Hi Chris,
Tried the below steps. I have the redirection working. But the URL is not
in the browser anymore.
1)
2) /conf/Catalina/localhost --> I added the below in rewrite.config
RewriteCond %{HTTP_HOST} ^example\.lbg\.com$
RewriteCond %{REQUEST_URI} !^/towl$
RewriteRule ^/(.*) https://server.lbg.com:8443/towl [R=301,L]
The problem with this is that it can redirect forever.
/towl/foo -> /towl/towl/foo -> /towl/towl/towl/foo and so on.
Your "stop criteria" ( !^/towl$ ) needs to be more like !^/towl/ without
the $.
Then it redirects from https://example.lbg.com -->
https://server.lbg.com:8443/towl but the application team raised a concern
the
- alias https://example.lbg.com/--> url stays in the browser
IMHO removing the port number is always the preferred solution.
If https://example.lbg.com/ isn't returning a 301 response, then
something is not quite right with your configuration.
- towl indexer uses the internal address https://
server.lbg.com.8443/towl rsp.
localhost:8443/towl
can we achieve this with tomcat or we need to setup an reverse proxy here.
Your application uses whatever internal URLs it wants. Are you building
those yourself, or are you asking Tomcat for the e.g. hostname, etc.? If
it's Tomcat, this is where the proxyName and proxyPort come in.
-chris
On Mon, May 13, 2024 at 10:17 PM lavanya tech
wrote:
Hi Chris,
Sorry, If I did confuse. It’s important that
https://server.lbg.com:8443/towl is always working. Goal is not to
disable /towl, but just redirect or aliasing
https//example.lbg.com/ to https://server.lbg.com:8443/towl
Thanks,
Lavanya
On Monday, May 13, 2024, Christopher Schultz
wrote:
Lavanya,
On 5/13/24 05:57, lavanya tech wrote:
Somehow made it work now i can only access urls as you mentioned before
https://example.lbg.com and https://server.lbg.com with port 8443 and
with
out
https://example.lbg.com/towl and https://server.lbg.com/towl --> I
have an
error now File not found.
So i think we need to make work https://example.lbg.com/ to
https://server.lbg.com/towl
I'm sorry, I'm still confused as to which way you want things.
Do you want to redirect /towl -> / or do you want to redirect / - > /towl?
Or does it depend upon the hostname? It would really be better if you
could settle on one specific beahvior.
-chris
On Mon, May 13, 2024 at 9:41 AM lavanya tech
wrote:
Hi Chris,
Where are you defining the RewriteValve itself?
Defined rewritevalve here
resource="conf/rewrite.config" />
2) reated rewrite.config and added as below under conf/
RewriteCond %{REQUEST_URI} ^/towl/(.*)
RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R]
3) After renaming towl to ROOT -> /webapps/ROOT/WEB-INF/web.xml ( I
already have this mappings /* in web.xml file)
Logging Area
Authentication for registered users.
/*
/api/v1/search
/api/v1/suggest/*
LDAP_USER
api
4) Restarted Tomcat, Then I cannot access
https://server.lbg.com:8443/towl
--> Have below error
Message java.nio.file.NoSuchFileException:
/git/apache-tomcat-10.1.11/webapps/towl/WEB-INF/lib/xss-1.0.8.jar
Description The server encountered an unexpected condition that
prevented
it from fulfilling the request.
5) Also https://example.lbg.com doesnot work anymore
Before you do anything with redirecting, can you just make sure you are
only deploying ROOT.war and nothing else?
How can I do that. I already changed towl.war to ROOT.war
But still both the urls have error as mentioned above.
Si I revereted back the changes.
That's weird. Try stopping, deleting the work/ directory and restarting.
--> I have this wierd behavior for some reason, thoudh index.jsp is
located
no changes were made to file. After deleting cookies url works
where Am I going wrong.
Thanks,
Lavanya
On Fri, May 10, 2024 at 6:50 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Lavanya,
On 5/10/24 04:37, lavanya tech wrote:
I tried the below and have the issues.
1)proxyPort="443" and proxyName="example.lbg.com" to the connector
2) remanmed towl.war to ROOT.war
3) created rewrite.config and added as below under conf/
Where are you defining the RewriteValve itself?
RewriteCond %{REQUEST_URI} ^/towl/(.*)
RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R]
If this is being handled by the ROOT servlet then I think it's right.
4) added this in web.xml file of /webapps/towl/web.xml/
Restricted Access to
/towl
/towl/*
No, this is wrong. Since this is the "towl" application and not ROOT,
you want to map /* and not /towl/* because the application will never
see the /towl/ as it's an
Re: Regarding Tomcat url redirection
Hi Chris,
Tried the below steps. I have the redirection working. But the URL is not
in the browser anymore.
1)
2) /conf/Catalina/localhost --> I added the below in rewrite.config
RewriteCond %{HTTP_HOST} ^example\.lbg\.com$
RewriteCond %{REQUEST_URI} !^/towl$
RewriteRule ^/(.*) https://server.lbg.com:8443/towl [R=301,L]
Then it redirects from https://example.lbg.com -->
https://server.lbg.com:8443/towl but the application team raised a concern
the
- alias https://example.lbg.com/--> url stays in the browser
- towl indexer uses the internal address https://
server.lbg.com.8443/towl rsp.
localhost:8443/towl
can we achieve this with tomcat or we need to setup an reverse proxy here.
Pleaes kindly suggest
Thanks,
Lavanya
On Mon, May 13, 2024 at 10:17 PM lavanya tech
wrote:
> Hi Chris,
>
> Sorry, If I did confuse. It’s important that
> https://server.lbg.com:8443/towl is always working. Goal is not to
> disable /towl, but just redirect or aliasing
>
> https//example.lbg.com/ to https://server.lbg.com:8443/towl
>
>
>
>
> Thanks,
> Lavanya
>
> On Monday, May 13, 2024, Christopher Schultz
> wrote:
>
>> Lavanya,
>>
>> On 5/13/24 05:57, lavanya tech wrote:
>>
>>> Somehow made it work now i can only access urls as you mentioned before
>>> https://example.lbg.com and https://server.lbg.com with port 8443 and
>>> with
>>> out
>>>
>>> https://example.lbg.com/towl and https://server.lbg.com/towl --> I
>>> have an
>>> error now File not found.
>>>
>>> So i think we need to make work https://example.lbg.com/ to
>>> https://server.lbg.com/towl
>>>
>>
>> I'm sorry, I'm still confused as to which way you want things.
>>
>> Do you want to redirect /towl -> / or do you want to redirect / - > /towl?
>>
>> Or does it depend upon the hostname? It would really be better if you
>> could settle on one specific beahvior.
>>
>> -chris
>>
>> On Mon, May 13, 2024 at 9:41 AM lavanya tech
>>> wrote:
>>>
>>> Hi Chris,
Where are you defining the RewriteValve itself?
Defined rewritevalve here
>>> unpackWARs="true" autoDeploy="true">
>>> className="org.apache.catalina.valves.rewrite.RewriteValve" />
resource="conf/rewrite.config" />
2) reated rewrite.config and added as below under conf/
RewriteCond %{REQUEST_URI} ^/towl/(.*)
RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R]
3) After renaming towl to ROOT -> /webapps/ROOT/WEB-INF/web.xml ( I
already have this mappings /* in web.xml file)
Logging Area
Authentication for registered users.
/*
/api/v1/search
/api/v1/suggest/*
LDAP_USER
api
4) Restarted Tomcat, Then I cannot access
https://server.lbg.com:8443/towl
--> Have below error
Message java.nio.file.NoSuchFileException:
/git/apache-tomcat-10.1.11/webapps/towl/WEB-INF/lib/xss-1.0.8.jar
Description The server encountered an unexpected condition that
prevented
it from fulfilling the request.
5) Also https://example.lbg.com doesnot work anymore
Before you do anything with redirecting, can you just make sure you are
only deploying ROOT.war and nothing else?
How can I do that. I already changed towl.war to ROOT.war
But still both the urls have error as mentioned above.
Si I revereted back the changes.
That's weird. Try stopping, deleting the work/ directory and restarting.
--> I have this wierd behavior for some reason, thoudh index.jsp is
located
no changes were made to file. After deleting cookies url works
where Am I going wrong.
Thanks,
Lavanya
On Fri, May 10, 2024 at 6:50 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Lavanya,
>
> On 5/10/24 04:37, lavanya tech wrote:
>
>> I tried the below and have the issues.
>>
>> 1)proxyPort="443" and proxyName="example.lbg.com" to the connector
>> 2) remanmed towl.war to ROOT.war
>> 3) created rewrite.config and added as below under conf/
>>
>
> Where are you defining the RewriteValve itself?
>
> RewriteCond %{REQUEST_URI} ^/towl/(.*)
>> RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R]
>>
>
> If this is being handled by the ROOT servlet then I think it's right.
>
> 4) added this in web.xml file of /webapps/towl/web.xml/
>>
>>
>>
>>
>>
>>
>>
>> Restricted Access to
>> /towl
>> /towl/*
>>
>
> No, this is wrong. Since this is the "towl" application and not ROOT,
>
