Tomcat (TomEE)/9.0.12 (8.0.0-M1) JSF 2.3 - Empty Strings from form inputs expected as NULL
What is the current way of coercing empty string input fields to NULL With 9.0.12? This issue seems to come up with each new major version of EL/JSF. All of the previous work arounds are no longer producing null values. Surely I’m missing something obvious that has been published. Web.xml javax.faces.INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL true org.apache.myfaces.EXPRESSION_FACTORY com.sun.el.ExpressionFactoryImpl Dropping the javax.el-3.0.1-b11.jar in WEB-INF/lib seems to have no effect. Faces-config.xml com.example.EmptyToNullStringELResolver Custom el resolver causes a null pointer exception java.lang.NullPointerException at org.apache.myfaces.shared.resource.ValueExpressionFilterInputStream.read(ValueExpressionFilterInputStream.java:130) at java.io.InputStream.read(InputStream.java:179) at java.nio.channels.Channels$ReadableByteChannelImpl.read(Channels.java:385) at org.omnifaces.util.Utils.stream(Utils.java:397) at org.omnifaces.resourcehandler.UnmappedResourceHandler.handleResourceRequest(UnmappedResourceHandler.java:176) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:196) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at ... Thank you, Ted S.
Tomcat 9 - Web Application deployment fails: OperationNotSupportedException: Context is read only
My web application deploys/starts normally locally on MacOS with the same TomEE and JVM 1.8.0_202-b08 and other JMS (embedded ActiveMQ) Websocket application, but on the remote Linux (CentOS) it fails with the “Context is read only” error below. Any suggestion of where to begin looking? Seems like I’ve looked everywhere the past two days. Thank you, Ted S. Server & OS: 27-Mar-2019 11:17:25.189 INFO [main] sun.reflect.NativeMethodAccessorImpl.invoke Server version:Apache Tomcat (TomEE)/9.0.12 (8.0.0-M1) 27-Mar-2019 11:17:25.190 INFO [main] sun.reflect.NativeMethodAccessorImpl.invoke Server built: Sep 4 2018 22:13:41 UTC 27-Mar-2019 11:17:25.190 INFO [main] sun.reflect.NativeMethodAccessorImpl.invoke Server number: 9.0.12.0 27-Mar-2019 11:17:25.190 INFO [main] sun.reflect.NativeMethodAccessorImpl.invoke OS Name: Linux 27-Mar-2019 11:17:25.190 INFO [main] sun.reflect.NativeMethodAccessorImpl.invoke OS Version: 3.10.0-957.5.1.el7.x86_64 27-Mar-2019 11:17:25.190 INFO [main] sun.reflect.NativeMethodAccessorImpl.invoke Architecture: amd64 27-Mar-2019 11:17:25.190 INFO [main] sun.reflect.NativeMethodAccessorImpl.invoke Java Home: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.201.b09-2.el7_6.x86_64/jre 27-Mar-2019 11:17:25.190 INFO [main] sun.reflect.NativeMethodAccessorImpl.invoke JVM Version: 1.8.0_201-b09 27-Mar-2019 11:17:25.191 INFO [main] sun.reflect.NativeMethodAccessorImpl.invoke JVM Vendor:Oracle Corporation Stack Trace: 27-Mar-2019 12:01:04.804 INFO [http-nio-9086-exec-4] org.apache.openejb.util.JarExtractor.extract Extracting jar: /usr/share/apache-tomee-plus-8.0.0-M1/webapps/o-test.war 27-Mar-2019 12:01:05.483 INFO [http-nio-9086-exec-4] org.apache.openejb.util.JarExtractor.extract Extracted path: /usr/share/apache-tomee-plus-8.0.0-M1/webapps/o-test 27-Mar-2019 12:01:05.539 SEVERE [http-nio-9086-exec-4] sun.reflect.NativeMethodAccessorImpl.invoke Creation of the naming context failed: [javax.naming.OperationNotSupportedException: Context is read only] 27-Mar-2019 12:01:05.540 SEVERE [http-nio-9086-exec-4] org.apache.tomee.catalina.TomcatWebAppBuilder.startInternal Error merging Java EE JNDI entries in to war /o-test: Exception: null java.lang.NullPointerException at org.apache.catalina.core.NamingContextListener.createSubcontexts(NamingContextListener.java:1253) at org.apache.catalina.core.NamingContextListener.addEnvironment(NamingContextListener.java:785) at org.apache.catalina.core.NamingContextListener.processGlobalResourcesChange(NamingContextListener.java:432) at org.apache.catalina.core.NamingContextListener.propertyChange(NamingContextListener.java:382) at java.beans.PropertyChangeSupport.fire(PropertyChangeSupport.java:335) at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:327) at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:263) at org.apache.catalina.deploy.NamingResourcesImpl.addEnvironment(NamingResourcesImpl.java:303) at org.apache.tomee.catalina.OpenEJBNamingResource.addEnvironment(OpenEJBNamingResource.java:78) at org.apache.tomee.catalina.TomcatJndiBuilder.mergeRef(TomcatJndiBuilder.java:403) at org.apache.tomee.catalina.TomcatJndiBuilder.mergeJndi(TomcatJndiBuilder.java:125) at org.apache.tomee.catalina.TomcatWebAppBuilder.startInternal(TomcatWebAppBuilder.java:1394) at org.apache.tomee.catalina.TomcatWebAppBuilder.configureStart(TomcatWebAppBuilder.java:1130) at org.apache.tomee.catalina.GlobalListenerSupport.lifecycleEvent(GlobalListenerSupport.java:133) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5007) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:703) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:986) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1651) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:287) at com.su
Re: Tomcat connection error
Hi Faisal, Your application(s) run as expected for a while, then you get the SQL Connection error? Then the only way to “fix it” is to restart Tomcat? At the same time are you also restarting MySQL? Thanks, Ted > On Feb 18, 2019, at 02:17, Luis Rodríguez Fernández wrote: > > Hello Faisal, > > It looks like your problem is more related with your hikari connection pool > than with tomcat itself. I would recommend you to double check your hikari > configuration properties. Pay specially attention on how you are > configuring your connection pool (minimum and maximum size, timeout, > etc...) It looks like there is "something" in your application that > prevents to get connections from your pool. > > Hope it helps, > > Luis > > > > > > >> El lun., 18 feb. 2019 a las 6:33, escribió: >> >> Dear all, >> >> >> >> I am working on a project and I am facing following issue on almost every >> second day. I need to restart tomcat to get it running again. >> >> Can someone guide me on it. Ask if you need some other insight to look into >> it. >> >> >> >> 2019-02-18 04:49:35.572 WARN 20698 --- [io-4200-exec-15] >> o.h.engine.jdbc.spi.SqlExceptionHelper : SQL Error: 0, SQLState: null >> >> 2019-02-18 04:49:35.572 ERROR 20698 --- [io-4200-exec-15] >> o.h.engine.jdbc.spi.SqlExceptionHelper : HikariPool-1 - Connection is not >> available, request timed out after 3ms. >> >> 2019-02-18 04:49:35.573 WARN 20698 --- [io-4200-exec-15] >> o.s.s.o.provider.endpoint.TokenEndpoint : Handling error: >> InternalAuthenticationServiceException, Unable to acquire JDBC Connection; >> nested exception is org.hibernate.exception.JDBCConnectionException: Unable >> to acquire JDBC Connection >> >> >> >> Server is Ubuntu (aws) >> >> Database is mySql >> >> java version "1.8.0_181" >> >> Java(TM) SE Runtime Environment (build 1.8.0_181-b13) >> >> Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode) >> >> >> >> Best Regards | Bien Cordialement | تحياتي >> >> Faisal Zaidi >> Application Architect >> >> >> >> > > -- > > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." > > - Samuel Beckett - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
502 Proxy Error
I've worked on this for three days and at this point am not sure where to begin debugging. I don't know if this is a SSL Cert issue, an Apache Reverse Proxy issue, a Tomcat Connector issue or a Tomcat import of the SSL Cert issue. Any feedback is much appreciated. Thank you in advance, Ted S. Server version: Apache Tomcat/7.0.68 Server built: Feb 8 2016 20:25:54 UTC Server number: 7.0.68.0 OS Name:Linux OS Version: 3.10.0-327.3.1.el7.x86_64 Architecture: amd64 JVM Version:1.8.0_91-b14 JVM Vendor: Oracle Corporation Important Points: 1. Apache was unable to be restarted without reboot. 2. After reboot requests to https://example.com/somecontext receive "502 Proxy Error" 3. I rekeyed SSL Certs and re-imported into Tomcat (command below) 4. Requests to https://example.com/somecontext still receive "502 Proxy Error" 4. I suspect one problem may be with contents of the element After a recent reboot I encountered the following issue. Issue: Requests via browser client to https://example.com/somecontext return - -- begin browser page Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /. Reason: Error reading from remote server -- end browser page Unexpected Observed Behavior: Requests via browser client to https://www.example.com/ return the default index.html for the server. Requests via command line client curl https://www.example.com/ return "502 Proxy Error" This server has been in production for seven months correctly responding to requests on ports 80 & 443 (with secure content). I updated content and wanted to change to redirecting incoming requests from port 80 to port 443. When I attempted to restart Apache, Apache failed to kill the running process. I issued 'kill'. Then tried to start. Apache failed to start. I restored the container to the state listed below, then tried to start Apache. Apache failed to start. I rebooted the server, then started Apache. Then any request via browser behaved as above. I then rekeyed the SSL Cert and re-imported the cert into Tomcat with: $ openssl pkcs12 -export -in /etc/pki/tls/certs/example.com.crt -inkey /etc/pki/ tls/private/example.key -out examplecert.p12 -name tomcat -CAfile /etc/pki/tls/certs/ca_bundle.crt -caname root -chain Configuration files content: -- begin virtualhost.conf ServerName www.example.com ServerAlias example.com *.example.com ProxyRequests off ProxyPreserveHost on ProxyPass / http://example.com:8081/ ProxyPassReverse / http://example.com:8081/ ProxyPass /somecontext http://example.com:8081/somecontext ProxyPassReverse /somecontext http://example.com:8081/somecontext ServerName www.exampledefaultdomain.com ServerAlias exampledefaultdomain.com *.exampledefaultdomain.com ServerName www.example.com ServerAlias example.com *.example.com ProxyRequests off ProxyPreserveHost on CustomLog "/etc/httpd/logs/examplessl.log" "%h %l %u %t \"%r\" %>s %b" ErrorLog "/etc/httpd/logs/examplessl_error.log" SSLEngine on SSLProxyEngine on SSLCertificateFile /path/to/certs/example.com.crt SSLCertificateKeyFile /path/to/keys/example.key SSLCertificateChainFile /path/to/certs/ca_bundle.crt ProxyPass / http://example.com:8443/ ProxyPassReverse / http://example.com:8443/ ProxyPass /somecontext http://example.com:8443/somecontext ProxyPassReverse /somecontext http://example.com:8443/somecontext -- end virtualhost.conf -- begin ssl.conf - ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCertificateFile /path/to/certs/example.com.crt SSLCertificateKeyFile /path/to/keys/example.key SSLCACertificateFile /path/to/certs/ca_bundle.crt -- end ssl.conf - -- begin Tomcat server.xml Connector: -- end Tomcat server.xml Connector: $ openssl x509 -in /etc/pki/tls/certs/example.com.crt -noout -subject subject= /OU=Domain Control Validated/CN=example.com $ apachectl -S VirtualHost configuration: *:443 is a NameVirtualHost default server www.example.com (/etc/httpd/conf.d/ssl.conf:56) port 443 namevhost www.example.com (/etc/httpd/conf.d/ssl.conf:56) port 443 namevhost www.example.com (/etc/httpd/conf.d/virtualhosts.conf:35) alias example.com wild alias *.example.com *:80 is a NameVirtualHost default server www.example.com (/etc/httpd/conf.d/virtualhosts.conf:13) port 80 namevhost www.example.com (/etc/httpd/conf.d/virtualhosts.conf:13) alias example.com wild alias *.example.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Proxy Apache https to Tomcat http
Chris, Problem solved. On Thu, Oct 27, 2016 at 12:32 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Ted, > > (I apologize, I didn't see your message from he 5th until just now. I > would have replied earlier.) > > On 10/27/16 12:21 PM, Ted Spradley wrote: > On Wed, Oct 5, 2016 at 7:52 PM, Christopher Schultz wrote: > >> Explicit descriptor XML file placed in > >> CATALINA_HOME/conf/[service]/[ host]/[app].xml? > > > > Yes - with a caveat. The path is CATALINA_HOME/conf/[service]/[ > > host]/context.xml > > Do you mean a /literal/ context.xml? That will deploy your application > to /context. > > Yes to the literal context.xml. I'm assuming the applications get deployed to the proper context because of the appBase attribute in the host definition. example.com > > The only contents being one empty element with the > > docBase attribute defined > > > > > > > > > > That's just fine. > > > The CATALINA_HOME/exampledotcomapps directory contains three > > applications deployed using the manager application. 1. > > "http:example.com/mycontext" 2. "http:example.com/anotherContext" > > 3. "http:example.com/stillAnontherContext" > > Okay, so you have a with appBase set to > CATAINA_HOME/exampledotcomapps. > > Note that you aren't using the manager, here. The manager is a web > application that lets you upload and manage running applications via > an HTTP interface. Putting files on the disk under CATALINA_HOME/conf > will generally just go ahead and deploy them under a default > configuration -- that is, one where autoDeploy is set to true. > > There is an instance of manager in CATALINA_HOME/exampledotcomapps that I use to deploy those applications. > All three applications are reached as expected through the proxy on > > port 80. > > > > The path CATALINA_HOME/exampledotcomapps matches the appBase > > attribute in the element for example.com in > > CATALINA_HOME/conf/server.xml > > Gotcha. > > > I've since defined a separate Connector to listen for the redirect > > from Apache on port 8082 because I thought there was a > > possibility the proxyPort directive would need to be specifically > > port 443 instead of port 80. > > Several things: mod_proxy isn't redirecting anything... it's proxying > the connection. It sounds pedantic but it's important to use the right > terminology here since both proxying and redirects are valid ways to > change where the data is coming from. A redirect would involve the > client making a follow-up HTTP request. mod_proxy is instead handling > the client's connection on behalf of the client through to Tomcat. > > Thank you for this. The "redirect port" is the port that will be used to redirect the user > if a security-constraint cannot be fulfilled using the current > connector. Most practically, it means that if the application says "I > need TLS" and the connection isn't a TLS connection, then Tomcat will > redirect the user to the same URL but with an https:// protocol and > that port number you specify. It comes preconfigured as 8443 since > that will generally get you back to Tomcat instead of some other > service. For a real service, you probably want that set to "443". > > This is one of the key changes that solved the https access issue. This is the port number that the CLIENT will end up using. Using port > 80 for the redirectPort will basically never work. You should leave it > as 443 if you want httpd to do the TLS termination (which it's pretty > obvious you are in fact trying to do). > > > So now I have a Connector to receive the port 80 traffic and > > another for the port 443 traffic. I've tried it with and without > > the redirectPort attribute. Still no success. > > Okay. This is IMO the best configuration especially if you want to > treat some applications as secure and others as insecure. (In my > environment, everything is secure, so I use only a single Connector.) > > > The Connectors appear in this order in server.xml > > > > > connectionTimeout="2" proxyName="www.example.com" > > proxyPort="80" redirectPort="8443" xpoweredBy="false" > > server="Apache TomEE" /> > protocol="HTTP/1.1" connectionTimeout="2" > > proxyName="www.example.com" proxyPort="443" redirectPort="8443" > > xpoweredBy="false" server="Apache TomEE
Re: Proxy Apache https to Tomcat http
Chris, On Wed, Oct 5, 2016 at 7:52 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Ted, > > On 10/5/16 6:47 PM, Ted Spradley wrote: > > Chris, > > > > On Wed, Oct 5, 2016 at 5:14 PM, Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > Ted, > > > > On 10/5/16 6:10 PM, Ted Spradley wrote: > >>>> Chris, > >>>> > >>>> Thanks for your response. > >>>> > >>>> On Wed, Oct 5, 2016 at 3:14 PM, Christopher Schultz < > >>>> ch...@christopherschultz.net> wrote: > >>>> > >>>> Ted, > >>>> > >>>> On 10/5/16 3:42 PM, TED SPRADLEY wrote: > >>>>>>> Tomcat 7.0.68 Apache 2.4.6 CentOS 7.2.1511 > >>>> > >>>> Thanks. > >>>> > >>>>>>> Problem: A Tomcat application at context "/mycontext" > >>>>>>> on port 8081 running through Apache proxy renders as > >>>>>>> expected when using http://example.com/mycontext but > >>>>>>> https://example.com/mycontext call renders "The > >>>>>>> requested URL /mycontext/ was not found on this > >>>>>>> server." > >>>>>>> > >>>>>>> Question: Do I have a Tomcat Connector configuration > >>>>>>> problem? Or an Apache proxy configuration problem? Or > >>>>>>> an Apache ssl.conf problem? > >>>>>>> > >>>>>>> Note: the CA issued certificate appears to be properly > >>>>>>> installed as evidence by the lock icon in the url bar > >>>>>>> displaying "Verified by Š " when doing a mouseover. > >>>>>>> > >>>>>>> Files: Httpd.conf - ServerName > >>>>>>> www.example.com ServerAlias *.example.com ProxyRequests > >>>>>>> off ProxyPass /mycontext > >>>>>>> http://example.com:8081/mycontext ProxyPassReverse > >>>>>>> /mycontext http://example.com:8081/mycontext > >>>>>>> ProxyRequests off > >>>>>>> ProxyPreserveHost on SSLEngine on SSLCertificateFile > >>>>>>> /path/to/certs/ca.crt SSLCertificateKeyFile > >>>>>>> /path/to/key/private/exampleDotCom.key ServerName > >>>>>>> www.example.com ServerAlias *.example.com ProxyPass > >>>>>>> /mycontext http://example.com:8081/mycontext > >>>>>>> ProxyPassReverse /mycontext > >>>>>>> http://example.com:8081/mycontext > >>>> > >>>> On first inspection, that looks correct. > >>>> > >>>>>>> Tomcat's server.xml Connector >>>>>>> protocol="HTTP/1.1" connectionTimeout="2" > >>>>>>> proxyName="www.example.com" proxyPort="80" > >>>>>>> redirectPort="8443" xpoweredBy="false" server="Apache > >>>>>>> TomEE" /> > >>>> > >>>> That also looks correct. > >>>> > >>>> How have you deployed your actual application? > >>>> > >>>> > >>>>> Yes. It is deployed and responds as expected through the > >>>>> proxy when using http. > > > > Great. But *HOW* have you deployed your actual application? > > > > > >> Sorry, I missed the "How". I'm not sure what descriptors you are > >> asking for when you ask how. > > Auto-deployed WAR file/directory? WAR/dir deployed via manager > application? Explicit descriptor XML file placed in > CATALINA_HOME/conf/[service]/[host]/[app].xml? > > WAR/dir deployed via manager application? Yes Explicit descriptor XML file placed in CATALINA_HOME/conf/[service]/[ host]/[app].xml? Yes - with a caveat. The path is CATALINA_HOME/conf/[service]/[ host]/context.xml The only contents being one empty element with the docBase attribute defined The CATALINA_HOME/exampledotcomapps directory contains three applications deployed using the manager application. 1. "http:example.com/mycontext" 2. "http:example.com/anotherContext" 3. "http:example.com/stillAnontherContext" All three applications are reached as expected
Re: Proxy Apache https to Tomcat http
Chris, On Wed, Oct 5, 2016 at 7:52 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Ted, > > On 10/5/16 6:47 PM, Ted Spradley wrote: > > Chris, > > > > On Wed, Oct 5, 2016 at 5:14 PM, Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > Ted, > > > > On 10/5/16 6:10 PM, Ted Spradley wrote: > >>>> Chris, > >>>> > >>>> Thanks for your response. > >>>> > >>>> On Wed, Oct 5, 2016 at 3:14 PM, Christopher Schultz < > >>>> ch...@christopherschultz.net> wrote: > >>>> > >>>> Ted, > >>>> > >>>> On 10/5/16 3:42 PM, TED SPRADLEY wrote: > >>>>>>> Tomcat 7.0.68 Apache 2.4.6 CentOS 7.2.1511 > >>>> > >>>> Thanks. > >>>> > >>>>>>> Problem: A Tomcat application at context "/mycontext" > >>>>>>> on port 8081 running through Apache proxy renders as > >>>>>>> expected when using http://example.com/mycontext but > >>>>>>> https://example.com/mycontext call renders "The > >>>>>>> requested URL /mycontext/ was not found on this > >>>>>>> server." > >>>>>>> > >>>>>>> Question: Do I have a Tomcat Connector configuration > >>>>>>> problem? Or an Apache proxy configuration problem? Or > >>>>>>> an Apache ssl.conf problem? > >>>>>>> > >>>>>>> Note: the CA issued certificate appears to be properly > >>>>>>> installed as evidence by the lock icon in the url bar > >>>>>>> displaying "Verified by Š " when doing a mouseover. > >>>>>>> > >>>>>>> Files: Httpd.conf - ServerName > >>>>>>> www.example.com ServerAlias *.example.com ProxyRequests > >>>>>>> off ProxyPass /mycontext > >>>>>>> http://example.com:8081/mycontext ProxyPassReverse > >>>>>>> /mycontext http://example.com:8081/mycontext > >>>>>>> ProxyRequests off > >>>>>>> ProxyPreserveHost on SSLEngine on SSLCertificateFile > >>>>>>> /path/to/certs/ca.crt SSLCertificateKeyFile > >>>>>>> /path/to/key/private/exampleDotCom.key ServerName > >>>>>>> www.example.com ServerAlias *.example.com ProxyPass > >>>>>>> /mycontext http://example.com:8081/mycontext > >>>>>>> ProxyPassReverse /mycontext > >>>>>>> http://example.com:8081/mycontext > >>>> > >>>> On first inspection, that looks correct. > >>>> > >>>>>>> Tomcat's server.xml Connector >>>>>>> protocol="HTTP/1.1" connectionTimeout="2" > >>>>>>> proxyName="www.example.com" proxyPort="80" > >>>>>>> redirectPort="8443" xpoweredBy="false" server="Apache > >>>>>>> TomEE" /> > >>>> > >>>> That also looks correct. > >>>> > >>>> How have you deployed your actual application? > >>>> > >>>> > >>>>> Yes. It is deployed and responds as expected through the > >>>>> proxy when using http. > > > > Great. But *HOW* have you deployed your actual application? > > > > > >> Sorry, I missed the "How". I'm not sure what descriptors you are > >> asking for when you ask how. > > Auto-deployed WAR file/directory? WAR/dir deployed via manager > application? Explicit descriptor XML file placed in > CATALINA_HOME/conf/[service]/[host]/[app].xml? > > Ah, yes. 1. WAR/dir deployed via manager application in CATALINA_HOME/conf/Catalina/[host]/manager.xml 2. App directory is CATALINA_HOME/mycontextapps/mycontext/ with web.xml in CATALINA_HOME/mycontextapps/mycontext/WEB-INF/web.xml I didn't dream up this location, I followed some example deployment of multiple domains with multiple apps each. Is the location of the app files causing the problem? The multiple domains with multiple apps all respond as expected using the proxy with virtualhost *:80. - Ted - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJX9aA5AAoJEBzwKT+lPKRYoxAP/2KTSxTMFqtpm3gYOphW1B1N > Tx56YMCETDtihjLCtWuLQt0QSZ/u92Lbd+xg/aCM9SdkrQQkSby+h2oJuT2E5Dpb > LkWpeODS1xp93l0UO4eTp1RW46ToHZHlVABlYDkr27LPrIqYrtntyCLNPTr3N1Xo > ExBzvZxxM5C36uDVtnrrNxay/qKpq/sOJaW84yc161eXhrHvXh5wQF76hTGJswbs > OQapt+VCzDRcaQVeHpBXm6JvfSwFfjbflgpAcPen/Mwu1sgqeNicOKNd5kBnL2pJ > 7NOEyMIJnVMaZ9hdu/9HF4fVo307ix7n2yjm3JAMZcb3+2GRD3Zw8e6/+YIk7gRI > 8n8I8Q/zW8qEG9S5jqsX7Gb7wF2ZZUKc7xOOpGQy4Ctoa0RizFxipfQB77OhNzeu > 9txqUgks+AvjVV3aCEWMeyqhC9n8QPxws3Sc9A8MxQ4IqII9KWgsP3tQT2iqZukj > kXH1L5ELbe4CIFQBCxVS4BsvnFzGm96iz4DzkIRUnHGL0ipHXoWlQBXPjxFwudw2 > N7Ln+os14LZvnHFLSV1UDpEkB7pfWvIRAiRqavYx42gPpwXxx3MiImuevr+LDRbw > ublChOTt1yzsWNQIYspwGt8srDtBIW7rZZggqVmds9NmD+d3tLHoxfJ3bm7Cc9qA > lm7rwoaI3foiJ2Jnpn0D > =B1CN > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Proxy Apache https to Tomcat http
Chris, On Wed, Oct 5, 2016 at 5:14 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Ted, > > On 10/5/16 6:10 PM, Ted Spradley wrote: > > Chris, > > > > Thanks for your response. > > > > On Wed, Oct 5, 2016 at 3:14 PM, Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > Ted, > > > > On 10/5/16 3:42 PM, TED SPRADLEY wrote: > >>>> Tomcat 7.0.68 Apache 2.4.6 CentOS 7.2.1511 > > > > Thanks. > > > >>>> Problem: A Tomcat application at context "/mycontext" on port > >>>> 8081 running through Apache proxy renders as expected when > >>>> using http://example.com/mycontext but > >>>> https://example.com/mycontext call renders "The requested URL > >>>> /mycontext/ was not found on this server." > >>>> > >>>> Question: Do I have a Tomcat Connector configuration problem? > >>>> Or an Apache proxy configuration problem? Or an Apache > >>>> ssl.conf problem? > >>>> > >>>> Note: the CA issued certificate appears to be properly > >>>> installed as evidence by the lock icon in the url bar > >>>> displaying "Verified by Š " when doing a mouseover. > >>>> > >>>> Files: Httpd.conf - ServerName > >>>> www.example.com ServerAlias *.example.com ProxyRequests off > >>>> ProxyPass /mycontext http://example.com:8081/mycontext > >>>> ProxyPassReverse /mycontext > >>>> http://example.com:8081/mycontext >>>> *:443> ProxyRequests off ProxyPreserveHost on SSLEngine on > >>>> SSLCertificateFile /path/to/certs/ca.crt > >>>> SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key > >>>> ServerName www.example.com ServerAlias *.example.com > >>>> ProxyPass /mycontext http://example.com:8081/mycontext > >>>> ProxyPassReverse /mycontext http://example.com:8081/mycontext > >>>> > > > > On first inspection, that looks correct. > > > >>>> Tomcat's server.xml Connector >>>> protocol="HTTP/1.1" connectionTimeout="2" > >>>> proxyName="www.example.com" proxyPort="80" > >>>> redirectPort="8443" xpoweredBy="false" server="Apache TomEE" > >>>> /> > > > > That also looks correct. > > > > How have you deployed your actual application? > > > > > >> Yes. It is deployed and responds as expected through the proxy > >> when using http. > > Great. But *HOW* have you deployed your actual application? > Sorry, I missed the "How". I'm not sure what descriptors you are asking for when you ask how. > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJX9XsvAAoJEBzwKT+lPKRYYJYQALKX6jEiUlcQQ2fXCq6a017F > /6rVjJ36ptaaQQ6O2xYLDI+efHASKK0swg6zwxtR10F9PepcXKreTGIGjvzT4vG3 > hvXuWtrKRVyOXDAhkdzXjAmwdovj+3vRf7Qm+GrpAMCI+Fi/GYyCsW2a7Opdlhnh > fWTwz3PVcuJ0+N7wFX55hChm0NjX9P1T6CLxJ7k1Q//vr+PqBUyJiNO1FRuoS1+D > vJOI2Ixm7E/tXCRc81aZA572fXIV78gcJmbHkERpy5WOW+G6UIG1XKNxqF4Afpqj > bL8dPNj22fZRu/qyIpYGVdMfyaSFkbfWP8jM8eQS9fLs9t+BPgzyt/Z0wxhsEVDT > EY/E9qAUr2Ai3TFlgZOz79ED1VQkVDTMlpZQ/w9XsyLjT518KKPBT6v665wVfeaV > N+uxoIGj4Ew37Xcm2RAXkv5BuomdqhtkpJ2n/BZ/pXxUQwpo57mDyBUDoVnSouuS > eC+vmcjroeq73dPE07PNRJpphjw8K5uZCo+en+qH1kVhwe2O8JNtjy5wkjslcdKF > +2vwlUFdoPO+8bhNu8PfsK6XZOJ0Uejf7iogb8OXr3SRjPF8qYnz28OBiAV3NC5E > dq8Do2mFWcWFTi+uV9axQl4+iAr+3P/g8sZJ8CTtySFfQBmBJky6xOIKtbshxRiI > mdFOlM+R4jw1wnwWE5Hp > =kOrd > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Proxy Apache https to Tomcat http
Chris, Thanks for your response. On Wed, Oct 5, 2016 at 3:14 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Ted, > > On 10/5/16 3:42 PM, TED SPRADLEY wrote: > > Tomcat 7.0.68 Apache 2.4.6 CentOS 7.2.1511 > > Thanks. > > > Problem: A Tomcat application at context "/mycontext" on port 8081 > > running through Apache proxy renders as expected when using > > http://example.com/mycontext but https://example.com/mycontext call > > renders "The requested URL /mycontext/ was not found on this > > server." > > > > Question: Do I have a Tomcat Connector configuration problem? Or an > > Apache proxy configuration problem? Or an Apache ssl.conf problem? > > > > Note: the CA issued certificate appears to be properly installed as > > evidence by the lock icon in the url bar displaying "Verified by Š > > " when doing a mouseover. > > > > Files: Httpd.conf - ServerName www.example.com > > ServerAlias *.example.com ProxyRequests off ProxyPass > > /mycontext http://example.com:8081/mycontext ProxyPassReverse > > /mycontext http://example.com:8081/mycontext > > ProxyRequests off ProxyPreserveHost on > > SSLEngine on SSLCertificateFile /path/to/certs/ca.crt > > SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key > > ServerName www.example.com ServerAlias *.example.com ProxyPass > > /mycontext http://example.com:8081/mycontext ProxyPassReverse > > /mycontext http://example.com:8081/mycontext > > On first inspection, that looks correct. > > > Tomcat's server.xml Connector > protocol="HTTP/1.1" connectionTimeout="2" > > proxyName="www.example.com" proxyPort="80" redirectPort="8443" > > xpoweredBy="false" server="Apache TomEE" /> > > That also looks correct. > > How have you deployed your actual application? > Yes. It is deployed and responds as expected through the proxy when using http. > > Ssl.conf - SSLEngine on > > > > SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA > > > > SSLCertificateFile /path/to/certs/ca.crt > > > > SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key > > > > SSLCACertificateFile /path/to/bundle/ca_bundle.crt > > Is ssl.conf actually included anywhere? > Yes. ssl.conf full path is /etc/httpd/conf.d/ssl.conf. >From httpd.conf # Load config files in the "/etc/httpd/conf.d" directory, if any. IncludeOptional conf.d/*.conf > You will probably also want to use the RemoteIPValve and possibly the > SSLValve as well. Have a look at Tomcat's proxy support valves here: > > https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Proxies_Support > Thank you. I'll read the Proxies Support and implement. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJX9V9AAAoJEBzwKT+lPKRYL4YP/0KGogACGY7Ul3K59sMky8mz > tKjFmBU+jLk6DgyvUv6wI5ZcCRLukZsN6vvDU2psiIpGruakQjLfDtiDyPKnBGb3 > G6jmvdfCNPfp9eWRMAKvI90tEvZ10g8/Qbzfp7XZ8tAOuoFSkxyoVYRrZMCoLUYq > UPCVsJQxhu5yFqzDzAz1AJN26b25Q2+F1W8GznCWz3pjmBjI44Y+y3FwlBVeayGZ > QaXp+VCzsKw4RRlUy8uO6KH63GgLvNWFZM3gYE85231Eu9RhtQREZNQG/geufnSD > 3fy6pSQ1GvP+o2giUEgS0ik3zYjzmomtGGpbDQH2wCMuXTMJbJBM4iQZnhZ6Wz1Z > oDY6BRHvq+sTiEyJ4Ln6sKFymKccg3XSkwZ5UWHR+WA9NabyyEb7Li3AFYkpsyjk > o93QgPNqbzVBEmbsQTlsb/pfPPc3KoeCDRm5SLtMmPn9zDWHg30q0MGYbz8U96r8 > cojk8k634UQ+B2q36IZpcZh6Ah295bU+I73JUh6T9RF1EcN8PgqOcH4cC7S10fV+ > fiFqdz8XmV372jiiY1jk2Ka6SdJiYUo/froCUHlaNIsThMZra+D6woK55PO0e1yF > 0HCAMEGAH+bwhJB5UgUj/4rHdcVHO32GRuH0jKpUauhfBh6/k385C58iw4ONsxyG > Iwa3OPXi7GUSCrWJ0lxr > =m3nm > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Proxy Apache https to Tomcat http
Tomcat 7.0.68 Apache 2.4.6 CentOS 7.2.1511 Problem: A Tomcat application at context "/mycontext" on port 8081 running through Apache proxy renders as expected when using http://example.com/mycontext but https://example.com/mycontext call renders "The requested URL /mycontext/ was not found on this server." Question: Do I have a Tomcat Connector configuration problem? Or an Apache proxy configuration problem? Or an Apache ssl.conf problem? Note: the CA issued certificate appears to be properly installed as evidence by the lock icon in the url bar displaying "Verified by " when doing a mouseover. Files: Httpd.conf - ServerName www.example.com ServerAlias *.example.com ProxyRequests off ProxyPass /mycontext http://example.com:8081/mycontext ProxyPassReverse /mycontext http://example.com:8081/mycontext ProxyRequests off ProxyPreserveHost on SSLEngine on SSLCertificateFile /path/to/certs/ca.crt SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key ServerName www.example.com ServerAlias *.example.com ProxyPass /mycontext http://example.com:8081/mycontext ProxyPassReverse /mycontext http://example.com:8081/mycontext Tomcat's server.xml Connector Ssl.conf - SSLEngine on SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA SSLCertificateFile /path/to/certs/ca.crt SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key SSLCACertificateFile /path/to/bundle/ca_bundle.crt Thank you, Ted S.
