Re: feature request: reload SSL certificate automatically after X days (configuration option)

I don't think so, this connector auth is only used in very particular cases (= never ;)): HTTP2 - we don't care, AJP - we don't care much. It is also a kind of automatic authorization - no password or so - so will pass and not fail. My point was if you have some security contraint (JWT, basic,

[tomcat] branch 9.0.x updated: Add support for Unix domain sockets for NIO

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 0d27655 Add support for Unix domain sockets for

Re: feature request: reload SSL certificate automatically after X days (configuration option)

hmmm.. at least for us, Certbot fetches acme-challenge on HTTP connector. According to https://github.com/payara/Payara/blob/master/appserver/packager/appserver-core/src/main/resources/bin/letsencrypt.py an app most likely should have a HTTP connector for Letsencrypt. Then it really doesn't

[GitHub] [tomcat] michael-o commented on pull request #382: Add support for unix domain sockets.

michael-o commented on pull request #382: URL: https://github.com/apache/tomcat/pull/382#issuecomment-750148235 I see no reason why this cannot work which Java UDS and APR UDS. This is an automated message from the Apache

[GitHub] [tomcat] martin-g commented on pull request #382: Add support for unix domain sockets.

martin-g commented on pull request #382: URL: https://github.com/apache/tomcat/pull/382#issuecomment-750260041 @rmaucher https://github.com/apache/tomcat/commit/884b997f5a9a7da9f696d00574d3b727afbfae8c#diff-117ff4ae372c7a4f6643546174bcc2dbf5a25bd399fe1b89f55e72d2d4150285R212

[GitHub] [tomcat] rmaucher commented on pull request #382: Add support for unix domain sockets.

rmaucher commented on pull request #382: URL: https://github.com/apache/tomcat/pull/382#issuecomment-750274850 It can 100% work with APR, except I personally don't want to add features to that component at this point. This

Re: feature request: reload SSL certificate automatically after X days (configuration option)

Thank you Romain, do you then think the place to check for ACME Valve (if that would the be appropriate naming) would be in CoyoteAdapter.postParseRequest line 814 before doConnectorAuthenticationAuthorization(...) ? On Wed, Dec 23, 2020 at 9:22 AM Romain Manni-Bucau wrote: > Side note: using

[tomcat] branch master updated: Add support for Unix domain sockets for NIO

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 884b997 Add support for Unix domain sockets for

Re: feature request: reload SSL certificate automatically after X days (configuration option)

Le mer. 23 déc. 2020 à 15:08, Mladen Adamović a écrit : > hmmm.. at least for us, Certbot fetches acme-challenge on HTTP connector. > According to > > https://github.com/payara/Payara/blob/master/appserver/packager/appserver-core/src/main/resources/bin/letsencrypt.py > an app most likely should

Re: feature request: reload SSL certificate automatically after X days (configuration option)

On Wed, Dec 23, 2020 at 12:12 PM Romain Manni-Bucau wrote: > I don't think so, this connector auth is only used in very particular cases > (= never ;)): HTTP2 - we don't care, AJP - we don't care much. It is also a > kind of automatic authorization - no password or so - so will pass and not >

Re: feature request: reload SSL certificate automatically after X days (configuration option)

Le mer. 23 déc. 2020 à 15:36, Mladen Adamović a écrit : > On Wed, Dec 23, 2020 at 3:17 PM Romain Manni-Bucau > wrote: > > > I'm tempted to say either provide a default tomcat-letsencrypt module > > "ready to activate" - and I would support you in that work - or nothing > > since tomcat is

Re: feature request: reload SSL certificate automatically after X days (configuration option)

On Wed, Dec 23, 2020 at 3:17 PM Romain Manni-Bucau wrote: > I'm tempted to say either provide a default tomcat-letsencrypt module > "ready to activate" - and I would support you in that work - or nothing > since tomcat is letsencryts friendly thanks its pluggable design IMHO > I'm not sure what

[tomcat] branch 8.5.x updated: Avoid JMX stacktraces when ruinning the testsuite

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 3f78050 Avoid JMX stacktraces when ruinning the

[tomcat] branch 9.0.x updated: Avoid JMX stacktraces when ruinning the testsuite

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 91b9b78 Avoid JMX stacktraces when ruinning the

[GitHub] [tomcat] rmaucher commented on pull request #382: Add support for unix domain sockets.

rmaucher commented on pull request #382: URL: https://github.com/apache/tomcat/pull/382#issuecomment-750141172 I added the feature for NIO, since it wasn't too difficult using https://openjdk.java.net/jeps/380 . Testing with curl works fine, I'll add a test in the testsuite next. It does

Re: feature request: reload SSL certificate automatically after X days (configuration option)

Le mer. 23 déc. 2020 à 12:50, Mladen Adamović a écrit : > On Wed, Dec 23, 2020 at 12:12 PM Romain Manni-Bucau > > wrote: > > > I don't think so, this connector auth is only used in very particular > cases > > (= never ;)): HTTP2 - we don't care, AJP - we don't care much. It is > also a > > kind

[tomcat] branch master updated: Avoid JMX stacktraces when ruinning the testsuite

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 296766e Avoid JMX stacktraces when ruinning the

Re: feature request: reload SSL certificate automatically after X days (configuration option)

Mladen, On 12/23/20 09:07, Mladen Adamović wrote: hmmm.. at least for us, Certbot fetches acme-challenge on HTTP connector. According to https://github.com/payara/Payara/blob/master/appserver/packager/appserver-core/src/main/resources/bin/letsencrypt.py an app most likely should have a HTTP

Re: feature request: reload SSL certificate automatically after X days (configuration option)

On Wed, Dec 23, 2020 at 4:44 PM Romain Manni-Bucau wrote: > 1. Usage, typically if you run in kubernetes or any managed instance env > then you don't care and will restart the instance (with graceful shutdown) > when needed > This is outside of my scope. > 2. There are several tomcat

Re: feature request: reload SSL certificate automatically after X days (configuration option)

Mladen, On 12/23/20 11:24, Mladen Adamović wrote: On Wed, Dec 23, 2020 at 4:44 PM Romain Manni-Bucau wrote: 1. Usage, typically if you run in kubernetes or any managed instance env then you don't care and will restart the instance (with graceful shutdown) when needed This is outside of my

Re: feature request: reload SSL certificate automatically after X days (configuration option)

Romain, On 12/23/20 10:43, Romain Manni-Bucau wrote: Well there are a few points to take into account here: > [snip] > 2. There are several tomcat instances out there using certbot (my blog is a tomee with certbot on for example) so can also be a lack of doc/knowledge +1 I know this works

Re: feature request: reload SSL certificate automatically after X days (configuration option)

Christopher, thank you, now I think I understand better the situation. You were right that I was anxious about this. Let me try to summarize: - there is a consensus that this could be implemented through a Valve - there are two options for this to work: either with the full ACME client or with

Re: feature request: reload SSL certificate automatically after X days (configuration option)

Le mer. 23 déc. 2020 à 20:39, Mladen Adamović a écrit : > Christopher, thank you, now I think I understand better the situation. You > were right that I was anxious about this. > > Let me try to summarize: > - there is a consensus that this could be implemented through a Valve > - there are two

Re: feature request: reload SSL certificate automatically after X days (configuration option)

Le mer. 23 déc. 2020 à 17:24, Mladen Adamović a écrit : > On Wed, Dec 23, 2020 at 4:44 PM Romain Manni-Bucau > wrote: > > > 1. Usage, typically if you run in kubernetes or any managed instance env > > then you don't care and will restart the instance (with graceful > shutdown) > > when needed >

Re: feature request: reload SSL certificate automatically after X days (configuration option)

Le mer. 23 déc. 2020 à 22:23, Mladen Adamović a écrit : > On Wed, Dec 23, 2020 at 9:13 PM Romain Manni-Bucau > wrote: > > > I am for it, dependency free is key as soon as you modify tomcat/lib - > and > > since it is a transversal extension it will often be there. > > > > Aha, you are for

[GitHub] [tomcat] michael-o commented on pull request #382: Add support for unix domain sockets.

michael-o commented on pull request #382: URL: https://github.com/apache/tomcat/pull/382#issuecomment-750490202 > > > It can 100% work with APR, except I personally don't want to add features to that component at this point. If you personally don't want to, @minfrin happily

Re: feature request: reload SSL certificate automatically after X days (configuration option)

On Wed, Dec 23, 2020 at 9:13 PM Romain Manni-Bucau wrote: > I am for it, dependency free is key as soon as you modify tomcat/lib - and > since it is a transversal extension it will often be there. > Aha, you are for writing Tomcat specific ACME library without dependencies. First, I have never

Re: feature request: reload SSL certificate automatically after X days (configuration option)

As I haven't received more replies on this topic, I'm guessing project maintainers are not interested in reviewing and including the code for simpler Letsencrypt integration and discussing the mentioned SSL documentation improvements? Enabling AMCE response servlet (good idea by default) would be

Re: feature request: reload SSL certificate automatically after X days (configuration option)

Side note: using a servlet generally does not work if you have any security on the webapp + requires a webapp whereas using a valve solves these two issues. Romain Manni-Bucau @rmannibucau | Blog | Old Blog