Web app running on http, not on https
Before I copy and paste any configs (such as httpd.conf and httpd-ssl.conf), let me throw this out there and see if you guys can at least point me in the right direction. Environment === Apache 2.2.19, installed with mod_jk (latest connector) and mod_ssl (enabled with Apache's compile). Tomcat 6.0.32, running on port 8081. Apache is listening on port 80 (for non-SSL) and on port 443 (for SSL). I've got a web app on Tomcat. We'll call it myWebApp. I've got the needed certificate for SSL, verified to be working properly. I've got mod_jk, workers.properties, etc., set up to route calls to Tomcat. In other words, http://localhost/myWebApp; properly pulls up myWebApp, without me needing to specify Tomcat port 8081. Although if I go to http://localhost:8081/myWebApp;, it works the same way. Obviously, mod_jk is doing its job. Problem === Here's where it gets lost on me... If I type http://localhost;, I get the expected It works! Apache page. Cool. If I type https://localhost;, I get the expected It works! Apache page. Cool. If I type http://localhost/myWebApp;, I get the expected result of my web app coming up. Cool. If I type https://localhost/myWebApp;, I get an unexpected 404 error: Not Found. The requested URL /myWebApp was not found on this server. NOT COOL! I think I'm probably missing something small (in terms of effort, not impact). I'll be happy to send any logs or config files, if need be. I just wanted to see if someone could tell at first blush, before I go through the trouble of copying each log or conf file. Thanks in advance. Jonathan P.S. Thanks to all who advised me on compiling Apache and mod_jk. Worked great! smime.p7s Description: S/MIME cryptographic signature
RE: Web app running on http, not on https
That was it, Mark. It's all good now! You da man! :-) Jonathan -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, July 22, 2011 11:59 AM To: Tomcat Users List Subject: Re: Web app running on http, not on https On 22/07/2011 15:54, Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2 wrote: If I type https://localhost/myWebApp;, I get an unexpected 404 error: Not Found. The requested URL /myWebApp was not found on this server. NOT COOL! At a guess, you have forgotten that mod_jk config is *per virtual host* and haven't configured the SSL virtual host. See JkMountCopy in the docs. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
RE: RedHat and mod_jk
FYI... I got the S.A. to compile Apache, and then to compile mod_jk. It works, just like you guys said that it would. Thanks for ALL of your help! :-) JL -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, July 18, 2011 11:33 AM To: Tomcat Users List Subject: Re: RedHat and mod_jk Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 7/16/2011 12:50 AM, Mark Eggers wrote: I've been successful in the past in getting permission to build critical components locally. I've also been in environments where this was strictly forbidden, even at the expense of not meeting business requirements and/or exposing the infrastructure to known security risks. Meeting requirements is preferred (in my book). It also appears that more and more admins are uncomfortable with building, installing, and then managing systems with locally installed software. This goes back to the challenge that the original poster had. Why an admin would balk at learning how to do this is another question . . . Fortunately for me, I'm the admin *and* I get to make these kinds of decisions. I just don't feel like keeping MySQL up-to-date myself. :) A reason why admins balk may be because they are asked to take care of more and more systems (due to virtualisation e.g.), and can no longer afford to spend the time to do that. Anyway, whatever their reasons, a number of admins will not do it, and the practical consequence in this case will be a decrease of the usage of mod_jk. The basic point is : mod_jk is not included in the RedHat standard Apache/Tomcat packages. But maybe this is just an oversight of RedHat, and maybe with a little nudge, they may be persuaded to include it again. Does anyone know how one would go about trying to nudge them in this direction ? Alternatively, what would it take for mod_jk to be (maybe again) part of the standard Apache httpd distribution ? (so that these packagers would include it in the next Apache httpd packaged version without even having to think about it). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
RE: Binary of mod_jk.so for Apache 2.2.x
Big thanks to Chris, Andre, and everyone else for all of the guidance! I think I'm going to do this: 1. Compile Apache 2.2.19 in /myuser/ space (since I don't have root or admin privileges). 2. Ask the admin to do his part in taking the compiling code and installing it. I have a question about doing this with mod_ssl, but I think it would be best for me to start a different thread with this. Thanks again! Jonathan -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, July 14, 2011 2:37 PM To: Tomcat Users List Subject: Re: Binary of mod_jk.so for Apache 2.2.x -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan, On 7/14/2011 1:08 PM, Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2 wrote: Chris, something DID just dawn on me... I have my own account on that Linux server, though not with root access or anything. Would it be possible for me to compile mod_jk.so into my own space and then tell him where the mod_jk.so is? Yes. If so, would the following steps be how I would generate mod_jk.so (and forgive the newbieness of the question, please)? tar -xvzf tomcat-connectors-1.2.30-src.tar.gz cd tomcat-connectors-1.2.30-src/native/ # which apxs The # which apxs was intended to be a command to determine the location of Apache httpd's apxs program, which is a configuration-dumping utility to help with building Apache httpd modules. apxs if often found in /usr/sbin/apxs so Leon's post was using that as an example: ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility Replace /usr/sbin/apxs with whatever the result of which apxs is. If that doesn't return anything, you may have to have your SA install the Apache httpd development package or something. It might also be called apxs2 (that's the case in my Debian Lenny environment). Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4fN0kACgkQ9CaO5/Lv0PD2ZwCfcQuD5WScbq+HJgCKTHZtY3JY Ii0AoK8WtgF4SmXAemVGRmMde4f0K8P1 =HFWz -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
RE: Binary of mod_jk.so for Apache 2.2.x
There is no apxs on the Linux server. The S.A. confirmed this. That file and nothing closely resembling it are found anywhere on the whole box. Is it needed to compile mod_jk? -Original Message- From: Mark Eggers [mailto:its_toas...@yahoo.com] Sent: Thursday, July 14, 2011 1:22 PM To: Tomcat Users List Subject: Re: Binary of mod_jk.so for Apache 2.2.x - Original Message - From: Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2 jonathan.leffingwell@navy.mil To: Tomcat Users List users@tomcat.apache.org Cc: Sent: Thursday, July 14, 2011 10:08 AM Subject: RE: Binary of mod_jk.so for Apache 2.2.x Chris, something DID just dawn on me... I have my own account on that Linux server, though not with root access or anything. Would it be possible for me to compile mod_jk.so into my own space and then tell him where the mod_jk.so is? If so, would the following steps be how I would generate mod_jk.so (and forgive the newbieness of the question, please)? tar -xvzf tomcat-connectors-1.2.30-src.tar.gz cd tomcat-connectors-1.2.30-src/native/ # which apxs ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility make make install At this point, I think all I want to do is produce a functioning mod_jk.so and let him put it into the modules directory. Would this do it? Thanks again! JL -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, July 14, 2011 12:34 PM To: Tomcat Users List Subject: Re: Binary of mod_jk.so for Apache 2.2.x -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leon, On 7/12/2011 7:42 PM, Leon Kolchinsky wrote: Go to http://tomcat.apache.org/download-connectors.cgi and download the source code: # tar -xvzf tomcat-connectors-1.2.30-src.tar.gz Read docs/webserver_howto/apache.html or native/BUILDING.txt for options. # cd tomcat-connectors-1.2.30-src/native/ # which apxs # ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility # make # make install All that as root? Hmm. Also, not everyone has a C compiler, especially on a production machine. (The answer, of course, is to build somewhere else and upload.) Jonathan, I understand that you want convenience, but there are several factors to consider, here: 1. Unless you download a binary from a trusted source (i.e. not anyone on this list, but something like something.apache.org, or from your distro's package manager), you should consider yourself compromised. 2. If you build your own mod_jk, you know it will work with your exact environment. No weird problems with slight version mismatches between httpd version or other libraries. No questions about which architecture's files you need to download, etc. 3. Building mod_jk from source is relatively trivial. See above. Most Linux distros some with a C compiler by default, and all of them can trivially install gcc. Consider trying it. Recently, the Tomcat team decided to stop providing binaries for *NIX platforms because of the above (maybe that was just for tcnative, but I wouldn't be surprised if the policy is now to avoid rolling binaries for any non-Java components). Why? Because if we wanted to provide binaries for, say, mod_jk, we need to support (at least) two architectures: x86 and x86_64. Also, there are 4 major versions of Apache httpd: 1.3, 2.0, 2.2, and 2.4. Sometimes, even httpd patch level can affect compatibility (though it really shouldn't) or maybe it was built against 2.2.11 but the user has 2.2.13 and wants to know why no binary?. We cannot possibly provide enough binaries to make everyone happy. Since it's so easy to build mod_jk, we ask users in *NIX environments to just do it. We do provide binaries for both 32- and 64-bit Microsoft Windows environments for Apache httpd, Microsoft IIS and (wtf?) Netscape, because those folks rarely have compilers handy. If you have any trouble building mod_jk, please don't hesitate to come back for help. - -chris If all the tools are available on the production system (compiler, libraries), then you do this as a normal user: myuser$ tar -xvzf tomcat-connectors-1.2.32-src.tar.gz myuser$ cd tomcat-connectors-1.2.32-src/native/ myuser$ which apxs myuser$ ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility myuser$ make (where myuser$ is whatever prompt you have for your user id). Then you tell the system admin where the location is (probably now in /home/myuser/tomcat-connectors-1.2.32-src/native/), and have him do as root: # cd /home/myuser/tomcat-connectors-1.2.32-src/native/ # make install That should get the mod_jk.so installed. The administrator will then have to configure it (see tomcat-connectors-1.2.32-src/conf for examples), and finally restart the Apache HTPPD server. Hopefully the administrator should be able to do that. . . . . just my two cents
RE: Binary of mod_jk.so for Apache 2.2.x
Thanks, Chris. Unfortunately, I don't have root access, and I know just enough Linux to be dangerous! LOL! The Linux S.A. doesn't know anything about compiling (don't get me started on THAT), so he was asking if there were a binary module to drop into the modules folder. I was hoping to avoid having to learn how to do his job FOR him. :-D JL -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, July 14, 2011 12:34 PM To: Tomcat Users List Subject: Re: Binary of mod_jk.so for Apache 2.2.x -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leon, On 7/12/2011 7:42 PM, Leon Kolchinsky wrote: Go to http://tomcat.apache.org/download-connectors.cgi and download the source code: # tar -xvzf tomcat-connectors-1.2.30-src.tar.gz Read docs/webserver_howto/apache.html or native/BUILDING.txt for options. # cd tomcat-connectors-1.2.30-src/native/ # which apxs # ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility # make # make install All that as root? Hmm. Also, not everyone has a C compiler, especially on a production machine. (The answer, of course, is to build somewhere else and upload.) Jonathan, I understand that you want convenience, but there are several factors to consider, here: 1. Unless you download a binary from a trusted source (i.e. not anyone on this list, but something like something.apache.org, or from your distro's package manager), you should consider yourself compromised. 2. If you build your own mod_jk, you know it will work with your exact environment. No weird problems with slight version mismatches between httpd version or other libraries. No questions about which architecture's files you need to download, etc. 3. Building mod_jk from source is relatively trivial. See above. Most Linux distros some with a C compiler by default, and all of them can trivially install gcc. Consider trying it. Recently, the Tomcat team decided to stop providing binaries for *NIX platforms because of the above (maybe that was just for tcnative, but I wouldn't be surprised if the policy is now to avoid rolling binaries for any non-Java components). Why? Because if we wanted to provide binaries for, say, mod_jk, we need to support (at least) two architectures: x86 and x86_64. Also, there are 4 major versions of Apache httpd: 1.3, 2.0, 2.2, and 2.4. Sometimes, even httpd patch level can affect compatibility (though it really shouldn't) or maybe it was built against 2.2.11 but the user has 2.2.13 and wants to know why no binary?. We cannot possibly provide enough binaries to make everyone happy. Since it's so easy to build mod_jk, we ask users in *NIX environments to just do it. We do provide binaries for both 32- and 64-bit Microsoft Windows environments for Apache httpd, Microsoft IIS and (wtf?) Netscape, because those folks rarely have compilers handy. If you have any trouble building mod_jk, please don't hesitate to come back for help. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4fGnQACgkQ9CaO5/Lv0PCRlgCfd41tx9q8BpKfY35elKUCmokO b9oAoIC3QamvoAhLvtageSz0/zQzEVxE =0myN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
RE: Binary of mod_jk.so for Apache 2.2.x
Chris, something DID just dawn on me... I have my own account on that Linux server, though not with root access or anything. Would it be possible for me to compile mod_jk.so into my own space and then tell him where the mod_jk.so is? If so, would the following steps be how I would generate mod_jk.so (and forgive the newbieness of the question, please)? tar -xvzf tomcat-connectors-1.2.30-src.tar.gz cd tomcat-connectors-1.2.30-src/native/ # which apxs ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility make make install At this point, I think all I want to do is produce a functioning mod_jk.so and let him put it into the modules directory. Would this do it? Thanks again! JL -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, July 14, 2011 12:34 PM To: Tomcat Users List Subject: Re: Binary of mod_jk.so for Apache 2.2.x -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leon, On 7/12/2011 7:42 PM, Leon Kolchinsky wrote: Go to http://tomcat.apache.org/download-connectors.cgi and download the source code: # tar -xvzf tomcat-connectors-1.2.30-src.tar.gz Read docs/webserver_howto/apache.html or native/BUILDING.txt for options. # cd tomcat-connectors-1.2.30-src/native/ # which apxs # ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility # make # make install All that as root? Hmm. Also, not everyone has a C compiler, especially on a production machine. (The answer, of course, is to build somewhere else and upload.) Jonathan, I understand that you want convenience, but there are several factors to consider, here: 1. Unless you download a binary from a trusted source (i.e. not anyone on this list, but something like something.apache.org, or from your distro's package manager), you should consider yourself compromised. 2. If you build your own mod_jk, you know it will work with your exact environment. No weird problems with slight version mismatches between httpd version or other libraries. No questions about which architecture's files you need to download, etc. 3. Building mod_jk from source is relatively trivial. See above. Most Linux distros some with a C compiler by default, and all of them can trivially install gcc. Consider trying it. Recently, the Tomcat team decided to stop providing binaries for *NIX platforms because of the above (maybe that was just for tcnative, but I wouldn't be surprised if the policy is now to avoid rolling binaries for any non-Java components). Why? Because if we wanted to provide binaries for, say, mod_jk, we need to support (at least) two architectures: x86 and x86_64. Also, there are 4 major versions of Apache httpd: 1.3, 2.0, 2.2, and 2.4. Sometimes, even httpd patch level can affect compatibility (though it really shouldn't) or maybe it was built against 2.2.11 but the user has 2.2.13 and wants to know why no binary?. We cannot possibly provide enough binaries to make everyone happy. Since it's so easy to build mod_jk, we ask users in *NIX environments to just do it. We do provide binaries for both 32- and 64-bit Microsoft Windows environments for Apache httpd, Microsoft IIS and (wtf?) Netscape, because those folks rarely have compilers handy. If you have any trouble building mod_jk, please don't hesitate to come back for help. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4fGnQACgkQ9CaO5/Lv0PCRlgCfd41tx9q8BpKfY35elKUCmokO b9oAoIC3QamvoAhLvtageSz0/zQzEVxE =0myN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
RE: Binary of mod_jk.so for Apache 2.2.x
André, if you would be so kind as to let me know what you find, I would greatly appreciate it. I will watch the other thread, too. :) -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Thursday, July 14, 2011 1:49 PM To: Tomcat Users List Subject: Re: Binary of mod_jk.so for Apache 2.2.x As things happen, I am just in the process of trying to locate a RedHat mod_jk package for a client of mine, whose admin also does not seem to find it in RHEL6. See the other thread entitled mod_jk under RedHat ? for some recent interesting answers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
Binary of mod_jk.so for Apache 2.2.x
I don't know the first thing about compiling on Linux. I just want to drop a compiled mod_jk.so into the modules directory. Where can I find the binary, not the source? Thanks! smime.p7s Description: S/MIME cryptographic signature
RE: Binary of mod_jk.so for Apache 2.2.x
Thanks for the reply, André. It is Red Hat Linux. -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Tuesday, July 12, 2011 2:12 PM To: Tomcat Users List Subject: Re: Binary of mod_jk.so for Apache 2.2.x Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2 wrote: I don't know the first thing about compiling on Linux. I just want to drop a compiled mod_jk.so into the modules directory. Where can I find the binary, not the source? Thanks! What kind of Linux ? explanation: most Linux distributions (RedHat, Suse, Debian, Ubuntu,..) have what is called a software package manager utility, which is a special tool to install software on the system. It will usually get the desired binary modules, already compiled and configured, from some repository (often on the web), and install it for you. It is the easiest and quickest way of installing software on Linux systems. For example, if your system is a Debian or Ubuntu Linux, the following command would download and install mod_jk : apt-get install libapache2-mod-jk - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
To export or not, JAVA_OPTS vs. CATALINA_OPTS
Currently, our catalina.sh file (running on Redhat Linux) has the following first line: JAVA_OPTS=-Xmx1024m -Xms1024m Two questions: 1. What is the difference in doing it that way vs. adding the word export in front of it? 2. What benefit/difference, if any, would it be to use CATALINA_OPTS instead? All we care about is memory utilization and allocation, not environmental variables per se. Thanks! Jonathan smime.p7s Description: S/MIME cryptographic signature
getAttribute(null)?
I have the following code that worked in Tomcat 5.0, but doesn't work in Tomcat 5.5.26: String formName = mapping.getAttribute(); // mapping is a variable of type ActionMapping. In this scenario, formName is null. if (null != session.getAttribute(formName)) { session.removeAttribute(formName); } formName is null. In Tomcat 5.0.x, no exception was thrown and processing continued (as if passing a null argument to getAttribute simply returned NULL). In Tomcat 5.5.26, a ServletException is thrown (with a NullPointerException). I know how to code a work-around (and have done so), but is this considered a bug in Tomcat?
RE: getAttribute(null)?
It's not the why is formName null? that I'm worried about. In this case, it's supposed to be null. What I want to know is this: Is a NullPointerException supposed to be thrown if the argument name in session.getAttribute(name) is NULL? If such an exception IS supposed to be thrown, was this a change put into Tomcat 5.5.x that wasn't in 5.0.x? -Original Message- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2008 11:24 AM To: Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2 Subject: RE: getAttribute(null)? At that point you're talking to the Struts 1.x Base class ActionConfig getParameter method.. http://struts.apache.org/1.2.7/api/org/apache/struts/config/ActionConfig .html#getParameter() where JavaDoc for this parameter is defined as public java.lang.String getParameter() Return general purpose configuration parameter that can be used to pass extra information to the Action instance selected by this Action. Struts does not itself use this value in any way. As of Struts 2.0.11 http://struts.apache.org/2.0.11.1/struts2-core/apidocs/org/apache/struts 2/dispatcher/mapper/ActionMapping.html the getParameter() method has been refined e.g. /** @return The extra parameters */ public java.util.Map getParams() { return params; } relevant doc on java.util.Map http://publib.boulder.ibm.com/infocenter/wsadhelp/v5r1m2/index.jsp?topic =/com.sun.api.doc/java/util/Map.html //code look something like //assume the key for the form attribute will be called Form1 String formKey=new String(Form1); //And now to acquire the value for the Form1 key String value =mapping.getParams().get(formKey); Let me know if does'nt conform to your understanding.. HTH Martin __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Subject: getAttribute(null)? Date: Thu, 12 Jun 2008 10:44:06 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org I have the following code that worked in Tomcat 5.0, but doesn't work in Tomcat 5.5.26: String formName = mapping.getAttribute(); // mapping is a variable of type ActionMapping. In this scenario, formName is null. if (null != session.getAttribute(formName)) { session.removeAttribute(formName); } formName is null. In Tomcat 5.0.x, no exception was thrown and processing continued (as if passing a null argument to getAttribute simply returned NULL). In Tomcat 5.5.26, a ServletException is thrown (with a NullPointerException). I know how to code a work-around (and have done so), but is this considered a bug in Tomcat? Enjoy 5 GB of free, password-protected online storage. Get Windows Live SkyDrive. http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Ref resh_skydrive_062008 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]