Re: AW: Publishing Tomcat webapp
Hello again, I still didn't manage to configure SSL for my Tomcat. I tried a whole bunch of tutorials and solutions but nothing worked for me. Once again I will provide you with what I have, so if anybody can help me I would really appreciate it. If anyone has a free time I will provide you with remote access to configure it together with me. So, I have a subdomain testjc.fgu.ba created in a cpanel, and it automatically generated the SSL certificate for the testjc.fgu.ba and www.testjc.fgu.ba. I have a certificate.crt, private.key and ca_bundle.crt files in my cpanel. The subdomain has an A record pointing to my PC IP address where I installed Tomcat instance and it is currently running. You can access it via http, but I want to do the encryption and be able to have https access to my Tomcat. What should I do next? Sincerely, JC čet, 21. srp 2022. u 14:25 Thomas Hoffmann (Speed4Trade GmbH) napisao je: > > > > -Ursprüngliche Nachricht- > > Von: Christopher Schultz > > Gesendet: Donnerstag, 21. Juli 2022 14:11 > > An: users@tomcat.apache.org > > Betreff: Re: AW: Publishing Tomcat webapp > > > > Thomas, > > > > On 7/17/22 03:07, Thomas Hoffmann (Speed4Trade GmbH) wrote: > > > Hello, > > > > > >> -Ursprüngliche Nachricht- > > >> Von: Aryeh Friedman > > >> Gesendet: Sonntag, 17. Juli 2022 08:43 > > >> An: Tomcat Users List > > >> Betreff: Re: Publishing Tomcat webapp > > >> > > >> On Sun, Jul 17, 2022 at 2:39 AM Aryeh Friedman > > >> > > >> wrote: > > >>> Once you have it pointing to that domain just upload the war file to > > >>> it > > >> and give people the link. > > >> > > >> Small wording correction... I mean upload the war file as being a > > >> part of the webapp and/or a part of an other webapp you have for > > downloading... > > >> take a look at the download section of the site I list in my > signature. > > >> > > >> -- > > >> Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org > > > > > > Usually you need 2 things: > > > 1) A webserver or webspace. This includes a public IP address > > > 2) A domain. You can buy it online. > > > > > > When you own a domain, you have access to the DNS settings. Create an > > A-Record with the domain-name and point it to the IP address of your > > server. > > > If an A-records already exists, modify it to point to the IP address > of the > > server. > > > > > > Install tomcat on the webserver and install your web-application. > > > Tomcat listens per default on all ports, so no special configuration > needed > > (only if you host multiple domains on that server). > > > > s/ports/interfaces/ > > > > -chris > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > Thanks for correcting my typo. Listens on all *interfaces* of course, not > ports > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
Re: Publishing Tomcat webapp
Hello again, I still didn't manage to configure SSL for my Tomcat. I tried a whole bunch of tutorials and solutions but nothing worked for me. Once again I will provide you with what I have, so if anybody can help me I would really appreciate it. If anyone has a free time I will provide you with remote access to configure it together with me. So, I have a subdomain testjc.fgu.ba created in a cpanel, and it automatically generated the SSL certificate for the testjc.fgu.ba and www.testjc.fgu.ba. I have a certificate.crt, private.key and ca_bundle.crt files in my cpanel. The subdomain has an A record pointing to my PC IP address where I installed Tomcat instance and it is currently running. You can access it via http, but I want to do the encryption and be able to have https access to my Tomcat. What should I do next? Sincerely, JC čet, 21. srp 2022. u 14:15 Christopher Schultz napisao je: > Aryeh, > > On 7/18/22 09:08, Aryeh Friedman wrote: > > Here are the steps to installing a SSL cert (it varies slightly based > > on who your certificate authority [CA] is): > > > > Generate a CSR > > Stop. The OP already has a key, cert, and chain. None of this is necessary. > > > [..] with keytool (it must be key tool despite what the > > tomcat docs say since for whatever reason it refuses to import from > > any other SSL tool): > > > > keytool –keystore clientkeystore –genkey –alias mykey > > > > Submit the above to your CA (they will give you directions on how to > > submit it) and have them issued a signed cert for it > > > > The signed cert usually comes with some intermediate files (this is > > the part that varies by CA) which you have to apply in order to the > > keystore (the following is the set of files I use): > > > > This may or may not be necessary, depending upon what CPanel is willing > to give to you. > > > keytool -noprompt -importcert -alias AAACertificateServices -file > > AAACertificateServices.crt -keystore sslStore > > > > keytool -importcert -trustcacerts -keystore sslStore -file > > USERTrustRSCA.crt -alias USERTrustRSCA > > > > keytool -importcert -trustcacerts -keystore sslStore -file > > /SectigoRSAOrganizationValidationSecureServerCA.crt -alias > > SectigoRSAOrganizationValidationSecureServerCA > > > > keytool -importcert -trustcacerts -alias mykey (this *MUST* match the > > alias of the CSR you submitted to the CA) > > -file 1008013344repl_2.crt -keystore sslStore > > > > Modify the tomcat server.xml to uncomment out the right https line in > > the config and tell it where to find the sslStore (some OS's force you > > to put it in $TOMCAT_HOME)... for example I do the following: > > > > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > port="443" maxThreads="200" > > scheme="https" secure="true" SSLEnabled="true" > > keystoreFile="/usr/local/apache-tomcat-9.0/keystore" > > keystorePass="mySuperSecretPassword" > > clientAuth="false" sslProtocol="TLS" > sslEnabledProtocols="TLSv1.2"/> > > A modern configuration would use s and s, > which I'd highly recommend doing. > > > Restart tomcat and you should have SSL how if you go to https if you > > on port 8080 you will likely want to put in 8443 not 443 > > I disagree: using 443 is what the whole world expects for a > publicly-accessible web site using https. > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Publishing Tomcat webapp
Now I have another setback. I have my tomcat running on the domain name www.mydomain.com and I have an SSL certificate on this domain (CA_BUNDLE, Certificate and Key) in my CPanel. How to configure Tomcat to use this SSL and HTTPS protocol. Thanks again for your help pon, 18. srp 2022. u 08:24 Jasmin Ćatić napisao je: > Thank you very much. I have done it successfully. > Best regards > JC > > ned, 17. srp 2022. u 09:08 Thomas Hoffmann (Speed4Trade GmbH) > napisao je: > >> Hello, >> >> > -Ursprüngliche Nachricht- >> > Von: Aryeh Friedman >> > Gesendet: Sonntag, 17. Juli 2022 08:43 >> > An: Tomcat Users List >> > Betreff: Re: Publishing Tomcat webapp >> > >> > On Sun, Jul 17, 2022 at 2:39 AM Aryeh Friedman >> > >> > wrote: >> > > Once you have it pointing to that domain just upload the war file to >> > > it >> > and give people the link. >> > >> > Small wording correction... I mean upload the war file as being a part >> of the >> > webapp and/or a part of an other webapp you have for downloading... >> > take a look at the download section of the site I list in my signature. >> > >> > -- >> > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org >> >> Usually you need 2 things: >> 1) A webserver or webspace. This includes a public IP address >> 2) A domain. You can buy it online. >> >> When you own a domain, you have access to the DNS settings. Create an >> A-Record with the domain-name and point it to the IP address of your server. >> If an A-records already exists, modify it to point to the IP address of >> the server. >> >> Install tomcat on the webserver and install your web-application. >> Tomcat listens per default on all ports, so no special configuration >> needed (only if you host multiple domains on that server). >> >
Re: Publishing Tomcat webapp
Thank you very much. I have done it successfully. Best regards JC ned, 17. srp 2022. u 09:08 Thomas Hoffmann (Speed4Trade GmbH) napisao je: > Hello, > > > -Ursprüngliche Nachricht- > > Von: Aryeh Friedman > > Gesendet: Sonntag, 17. Juli 2022 08:43 > > An: Tomcat Users List > > Betreff: Re: Publishing Tomcat webapp > > > > On Sun, Jul 17, 2022 at 2:39 AM Aryeh Friedman > > > > wrote: > > > Once you have it pointing to that domain just upload the war file to > > > it > > and give people the link. > > > > Small wording correction... I mean upload the war file as being a part > of the > > webapp and/or a part of an other webapp you have for downloading... > > take a look at the download section of the site I list in my signature. > > > > -- > > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org > > Usually you need 2 things: > 1) A webserver or webspace. This includes a public IP address > 2) A domain. You can buy it online. > > When you own a domain, you have access to the DNS settings. Create an > A-Record with the domain-name and point it to the IP address of your server. > If an A-records already exists, modify it to point to the IP address of > the server. > > Install tomcat on the webserver and install your web-application. > Tomcat listens per default on all ports, so no special configuration > needed (only if you host multiple domains on that server). >
Re: Publishing Tomcat webapp
Okay, I understand this part and I have done this already. My question was how to publish on the internet, to be accessed by everyone via certain domain name (for example https://mydomain.com/webapp) ned, 17. srp 2022. u 03:44 Aryeh Friedman napisao je: > The standard way I use for doing this is the following: > > 1. Create a .war of the app > 2. Copy it to the right machine and place it in the webapps dir (on Unix > likely something like /usr/local/apache-tomcat-9.0/webapps) > 3. The tomcat on the remote machine (by default config but this can be > changed) will automatically unpack and put it in the right place (i.e. if > your war file is X.war then the webapp will be called X) > > There are a few gotcha's here though: > > 1. The remote tomcat needs to be configured for auto deploy (this the > default) > 2. Your app needs to be truely portable (not dependant on anything outside > of it, it's .class and .jar files is needed and if you do have any such > dependencies the web app can automatically create them through whatever > init code you have > > I add one more thing to the above steps and it works out 99% of the time... > You might need to create what I call a "config mode" which contains > anything that is unique to a given machine and/or mode of operation... for > example in my main webapp I have Config.MODE=Config.MODE.DEV for > development and Config.MOD=Config.MODE.LIVE for production The main > differences is DEV attempts to minimize the use of external API's and often > fakes them LIVE does not and where the respective DB's live. > > On Sat, Jul 16, 2022 at 6:51 PM Jasmin Ćatić > wrote: > > > I access it on localhost, or in my local network via local ip address and > > allocated port. > > For example: > > localhost:8080/webapp > > > > ned, 17. srp 2022. u 00:18 Rob Sargent napisao > je: > > > > > > > > > > > On 7/16/22 16:14, Amn wrote: > > > > You read my mind! I was going to ask this very question, if not > > > > today... tomorrow. > > > > I am looking forward to see the replies to this question. > > > > > > > > On 2022-07-15 5:22 a.m., Jasmin Ćatić wrote: > > > >> Hello, > > > >> > > > >> Can someone please give me a step by step guide on how to make my > > tomcat > > > >> webapp available online with a domain name. > > > >> Thanks. > > > >> > > > >> Regards, > > > >> JC > > > >> > > > How do you (both) access your "webapp" today? > > > > > > - > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > > > > -- > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org >
Re: Publishing Tomcat webapp
I access it on localhost, or in my local network via local ip address and allocated port. For example: localhost:8080/webapp ned, 17. srp 2022. u 00:18 Rob Sargent napisao je: > > > On 7/16/22 16:14, Amn wrote: > > You read my mind! I was going to ask this very question, if not > > today... tomorrow. > > I am looking forward to see the replies to this question. > > > > On 2022-07-15 5:22 a.m., Jasmin Ćatić wrote: > >> Hello, > >> > >> Can someone please give me a step by step guide on how to make my tomcat > >> webapp available online with a domain name. > >> Thanks. > >> > >> Regards, > >> JC > >> > How do you (both) access your "webapp" today? > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Publishing Tomcat webapp
Hello, Can someone please give me a step by step guide on how to make my tomcat webapp available online with a domain name. Thanks. Regards, JC
Re: [OT] issues with Tomcat to Siteminder communication post mod-proxy setup
Hello, Can someone please give me a step by step guide on how to make my tomcat webapp available online with a domain name. Thanks. Regards, JC sri, 13. srp 2022. u 18:31 napisao je: > Could this potentially be caused by > className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> > > But not using Tomcat Native? > > Thanks, > > Dream * Excel * Explore * Inspire > Jon McAlexander > Senior Infrastructure Engineer > Asst. Vice President > He/His > > Middleware Product Engineering > Enterprise CIO | EAS | Middleware | Infrastructure Solutions > > 8080 Cobblestone Rd | Urbandale, IA 50322 > MAC: F4469-010 > Tel 515-988-2508 | Cell 515-988-2508 > > jonmcalexan...@wellsfargo.com > This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the addressee, > you must not use, copy, disclose, or take any action based on this message > or any information herein. If you have received this message in error, > please advise the sender immediately by reply e-mail and delete this > message. Thank you for your cooperation. > > > > -Original Message- > > From: Thomas Hoffmann (Speed4Trade GmbH) > > > > Sent: Wednesday, July 13, 2022 11:28 AM > > To: Tomcat Users List > > Subject: AW: [OT] issues with Tomcat to Siteminder communication post > > mod-proxy setup > > > > Hello, > > > > > -Ursprüngliche Nachricht- > > > Von: jonmcalexan...@wellsfargo.com.INVALID > > > > > > Gesendet: Mittwoch, 13. Juli 2022 18:17 > > > An: users@tomcat.apache.org > > > Betreff: RE: [OT] issues with Tomcat to Siteminder communication post > > > mod- proxy setup > > > > > > Here is the error we are getting. The login form, hosted by Tomcat, > > > does a POST to the /login/login.fcc for siteminder which is on the > > > HTTPD server and is not behind the proxypass or proxypassreverse. > > > > > > javax.net.ssl|DEBUG|96|https-jsse-nio-8305-exec-1|2022-07-12 > > > 13:12:49.399 > > > PDT|SSLSocketImpl.java:1615|close the SSL connection (passive) > > > PDT|12 > > > Jul 2022 13:12:49,399 ERROR [https-jsse-nio-8305-exec-1]: DEVT: > > > Unable to get Channel Secure Session: Unable to perform siteminder > > > handshake > > > java.lang.Exception: Unable to perform siteminder handshake > > > > > > Our SiteMinder team is telling us it's not their issue. Again, this > > > POST worked fine when using mod_jk and SSL wasn't enabled for > > connection on Tomcat. > > > > > > Thanks, > > > > > > > This error message is most likely thrown by the application and not by > > tomcat. > > The underlying error would be important including the full stack below. > > Are there some "caused by" Exceptions below? > > Otherwise the siteminder application is hiding the underlying Exception. > > > > > > > jonmcalexan...@wellsfargo.com > > > This message may contain confidential and/or privileged information. > > > If you are not the addressee or authorized to receive this for the > > > addressee, you must not use, copy, disclose, or take any action based > > > on this message or any information herein. If you have received this > > > message in error, please advise the sender immediately by reply e-mail > > > and delete this message. Thank you for your cooperation. > > > > > > > > > > -Original Message- > > > > From: jonmcalexan...@wellsfargo.com.INVALID > > > > > > > > Sent: Tuesday, July 12, 2022 5:22 PM > > > > To: users@tomcat.apache.org > > > > Subject: RE: [OT] issues with Tomcat to Siteminder communication > > > > post > > > > mod- proxy setup > > > > > > > > I'm wondering if it is having to do with the SMSESSION cookie not > > > > getting passed correctly. Still trying to figure this one out. > > > > > > > > Thanks, > > > > > > > > Dream * Excel * Explore * Inspire > > > > Jon McAlexander > > > > Senior Infrastructure Engineer > > > > Asst. Vice President > > > > He/His > > > > > > > > Middleware Product Engineering > > > > Enterprise CIO | EAS | Middleware | Infrastructure Solutions > > > > > > > > 8080 Cobblestone Rd | Urbandale, IA 50322 > > > > MAC: F4469-010 > > > > Tel 515-988-2508 | Cell 515-988-2508 > > > > > > > > jonmcalexan...@wellsfargo.com > > > > This message may contain confidential and/or privileged information. > > > > If you are not the addressee or authorized to receive this for the > > > > addressee, you must not use, copy, disclose, or take any action > > > > based on this message or any information herein. If you have > > > > received this message in error, please advise the sender immediately > > > > by reply e-mail and delete this message. Thank you for your > cooperation. > > > > > > > > > -Original Message- > > > > > From: Christopher Schultz > > > > > Sent: Tuesday, July 12, 2022 9:16 AM > > > > > To: users@tomcat.apache.org > > > > > Subject: Re: [OT] issues with Tomcat to Siteminder communication > > > > > post > > > > > mod- proxy setup > > > > > > > > > > Jon, > > > > > > > > > > On 7/8/22 16:48,