Re: Configuring Tomcat on different IP's
Uma, Do a ping localhost from the command line. It will only resolve to one name. So don't get concerned that it doesn't work. As long as the IPs work you are fine. Now for the access issue. Did you set up a security constraint in your web.xml file? Add this to the web.xml of the app on the https side. security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you require authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint This is from the link I sent you earlier: http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 This will prevent access to the webapp through http and force the client to https. If I understand your problem, it is that the client can get to the webapp from the http IP. Add the following elements to your context as well: crossContext=false override=true privileged=false' As for the connector, I think Bill correct, so yes you can remove it. Let us know how it goes. Doug PS When you get it working, add the word SOLVED to the end of your subject line and post all your config files. Just one way to give back to the list. Thanks - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 10:52 PM Subject: Re: Configuring Tomcat on different IP's Doug, I am finally getting something to work after doing lot of experiments. Now the issue is 1)It does not work with http://localhost, seems to be a problem with my DNS. 2)It works with http://172.27.2.44 This address (172.27.2.44) is defined in the first service and the host tag has a context as Context path= docBase=/IBS1 debug=0 /Context Look its IBS1. This context has an index.jsp file which just fwd the request to https://172.27.2.246/IBS/Login.jsp This address (172.27.2.246) is defined in the second service and the host tag has a context as Context path= docBase=/IBS debug=0 /Context Look its IBS now. This context has all the files that needs to run under https. 3)Now when the user logs in using https://172.27.2.246/IBS/Login.jsp he goes to https://172.27.2.246/IBS/d1.jsp 4)When the user changes the port to HTTP (in the address bar of the browser) and doesnt change the IP address as http://172.27.2.246 /IBS/d1.jsp, then the user gets cannot find server. This is perfect. 5)When the user changes the port to HTTP and change the IP address (in the address bar of the browser) as http://172.27.2.44/IBS/d1.jsp, as I am internally checking for the session, the programme finds the session is invalid and sends him to (HTTP Login page) http://172.27.2.44 /IBS/Login.jsp. Now the user still can access my IBS context files using http protocol and 80 port. Now see this IP configuration (172.27.2.44) on port 80 has got a context reference of IBS1 and it still supports IBS context that is on port 443. It seems to me that Tomcat 5 is still internally checking for the contexts somewhere else other than the server.xml file. If we can disable that then it should work fine. Can I know from where the Tomcat is reading the default context? So that I can disable them? or if there is any better solution to this please help me out. Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/30/2004 06:58 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, This has moved beyond my experiance. Other than experimenting or diving into the source what I suggest now is to reply to this post and edit the subject line to read: Two service on one Tomcat instance.[Was Re: Configuring Tomcat on different IP's] In the hope that someone with more information will respond. You may try google with a search based on tomcat and two or multiple service. Sorry I ran out of ideas. Doug - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 11:50 PM Subject: Re: Configuring Tomcat on different IP's Doug, I fogot to tell you that the first context has only one .jsp file. Here is the content of that index.jsp file % response.sendRedirect(https://172.27.2.246/IBS/Login.jsp;); % Thanks Uma
Re: Configuring Tomcat on different IP's
Doug, Thanks for reply. I am not clear with this line Add this to the web.xml of the app on the https side. Do you mean to add those lines in the web.xml of IBS context(which contain HTTPS files)? or the web.xml file present in the conf directory? Add the following elements to your context as well: crossContext=false override=true privileged=false' Should I add them to the IBS context or IBS1 context? I will definitely post all of my configuration files to the mail-list. So that it could be of some help to other developers. Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/31/2004 06:24 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, Do a ping localhost from the command line. It will only resolve to one name. So don't get concerned that it doesn't work. As long as the IPs work you are fine. Now for the access issue. Did you set up a security constraint in your web.xml file? Add this to the web.xml of the app on the https side. security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you require authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint This is from the link I sent you earlier: http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 This will prevent access to the webapp through http and force the client to https. If I understand your problem, it is that the client can get to the webapp from the http IP. Add the following elements to your context as well: crossContext=false override=true privileged=false' As for the connector, I think Bill correct, so yes you can remove it. Let us know how it goes. Doug PS When you get it working, add the word SOLVED to the end of your subject line and post all your config files. Just one way to give back to the list. Thanks - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 10:52 PM Subject: Re: Configuring Tomcat on different IP's Doug, I am finally getting something to work after doing lot of experiments. Now the issue is 1)It does not work with http://localhost, seems to be a problem with my DNS. 2)It works with http://172.27.2.44 This address (172.27.2.44) is defined in the first service and the host tag has a context as Context path= docBase=/IBS1 debug=0 /Context Look its IBS1. This context has an index.jsp file which just fwd the request to https://172.27.2.246/IBS/Login.jsp This address (172.27.2.246) is defined in the second service and the host tag has a context as Context path= docBase=/IBS debug=0 /Context Look its IBS now. This context has all the files that needs to run under https. 3)Now when the user logs in using https://172.27.2.246/IBS/Login.jsp he goes to https://172.27.2.246/IBS/d1.jsp 4)When the user changes the port to HTTP (in the address bar of the browser) and doesnt change the IP address as http://172.27.2.246 /IBS/d1.jsp, then the user gets cannot find server. This is perfect. 5)When the user changes the port to HTTP and change the IP address (in the address bar of the browser) as http://172.27.2.44/IBS/d1.jsp, as I am internally checking for the session
Re: Configuring Tomcat on different IP's
Uma, Doug, Thanks for reply. I am not clear with this line Add this to the web.xml of the app on the https side. Do you mean to add those lines in the web.xml of IBS context(which contain HTTPS files)? Yes or the web.xml file present in the conf directory? No. Note that adding anything here will affect all apps on the server. Add the following elements to your context as well: crossContext=false override=true privileged=false' Should I add them to the IBS context or IBS1 context? Both will be fine. This technically should not be needed, but to help security I would do it. Note add these after you get the addition to web.xml done and working. Then when you add these to the context, do them one at a time instead of all three at once. Just in case it breaks something. I will definitely post all of my configuration files to the mail-list. So that it could be of some help to other developers. Sorry if my writing is confusing sometimes. Feel free to ask for clarification any time. Thank You Doug Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/31/2004 06:24 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, Do a ping localhost from the command line. It will only resolve to one name. So don't get concerned that it doesn't work. As long as the IPs work you are fine. Now for the access issue. Did you set up a security constraint in your web.xml file? Add this to the web.xml of the app on the https side. security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you require authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint This is from the link I sent you earlier: http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 This will prevent access to the webapp through http and force the client to https. If I understand your problem, it is that the client can get to the webapp from the http IP. Add the following elements to your context as well: crossContext=false override=true privileged=false' As for the connector, I think Bill correct, so yes you can remove it. Let us know how it goes. Doug PS When you get it working, add the word SOLVED to the end of your subject line and post all your config files. Just one way to give back to the list. Thanks - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 10:52 PM Subject: Re: Configuring Tomcat on different IP's Doug, I am finally getting something to work after doing lot of experiments. Now the issue is 1)It does not work with http://localhost, seems to be a problem with my DNS. 2)It works with http://172.27.2.44 This address (172.27.2.44) is defined in the first service and the host tag has a context as Context path= docBase=/IBS1 debug=0 /Context Look its IBS1. This context has an index.jsp file which just fwd the request to https://172.27.2.246/IBS/Login.jsp This address (172.27.2.246) is defined in the second service and the host tag has a context as Context path= docBase=/IBS debug=0 /Context Look its IBS now. This context has all the files that needs to run under https. 3)Now when the user logs in using https://172.27.2.246/IBS/Login.jsp he goes to https://172.27.2.246/IBS/d1.jsp 4)When the user changes the port to HTTP (in the address bar of the browser) and doesnt change the IP address as http://172.27.2.246 /IBS/d1.jsp, then the user gets cannot find server. This is perfect. 5)When the user changes the port to HTTP and change the IP address (in the address bar of the browser) as http://172.27.2.44/IBS/d1.jsp, as I am internally checking for the session, the programme finds the session is invalid and sends him to (HTTP Login page) http://172.27.2.44 /IBS/Login.jsp. Now the user still can access my IBS context files using http protocol and 80 port. Now see this IP configuration (172.27.2.44) on port 80 has got a context reference of IBS1 and it still supports IBS context that is on port 443. It seems to me that Tomcat 5 is still internally checking for the contexts somewhere else other than the server.xml file. If we can
Re: Configuring Tomcat on different IP's
Doug, Thanks for the info. I will try these settings and get back to you. Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/31/2004 06:58 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, Doug, Thanks for reply. I am not clear with this line Add this to the web.xml of the app on the https side. Do you mean to add those lines in the web.xml of IBS context(which contain HTTPS files)? Yes or the web.xml file present in the conf directory? No. Note that adding anything here will affect all apps on the server. Add the following elements to your context as well: crossContext=false override=true privileged=false' Should I add them to the IBS context or IBS1 context? Both will be fine. This technically should not be needed, but to help security I would do it. Note add these after you get the addition to web.xml done and working. Then when you add these to the context, do them one at a time instead of all three at once. Just in case it breaks something. I will definitely post all of my configuration files to the mail-list. So that it could be of some help to other developers. Sorry if my writing is confusing sometimes. Feel free to ask for clarification any time. Thank You Doug Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/31/2004 06:24 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, Do a ping localhost from the command line. It will only resolve to one name. So don't get concerned that it doesn't work. As long as the IPs work you are fine. Now for the access issue. Did you set up a security constraint in your web.xml file? Add this to the web.xml of the app on the https side. security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you require authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint This is from the link I sent you earlier: http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 This will prevent access to the webapp through http and force the client to https. If I understand your problem, it is that the client can get to the webapp from the http IP. Add the following elements to your context as well: crossContext=false override=true privileged=false' As for the connector, I think Bill correct, so yes you can remove it. Let us know how it goes. Doug PS When you get it working, add the word SOLVED to the end of your subject line and post all your config files. Just one way to give back to the list. Thanks - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 10:52 PM Subject: Re: Configuring Tomcat on different IP's Doug, I am finally getting something to work after doing lot of experiments. Now the issue is 1)It does not work
Re: Configuring Tomcat on different IP's
Uma, This has moved beyond my experiance. Other than experimenting or diving into the source what I suggest now is to reply to this post and edit the subject line to read: Two service on one Tomcat instance.[Was Re: Configuring Tomcat on different IP's] In the hope that someone with more information will respond. You may try google with a search based on tomcat and two or multiple service. Sorry I ran out of ideas. Doug - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 11:50 PM Subject: Re: Configuring Tomcat on different IP's Doug, I fogot to tell you that the first context has only one .jsp file. Here is the content of that index.jsp file % response.sendRedirect(https://172.27.2.246/IBS/Login.jsp;); % Thanks Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Tomcat on different IP's
When i tested a configurations like this (although the two intances listended to the same port without ssl), i had to put the address at the Server element too. Server port=8005 address=10.9.6.85 Parsons Technical Services wrote: Uma, I removed several of the elements that were commented out and made the changes I thought it would need. Unless someone can answer my question about which service picks up which app, you will have to put the context in the server.xml . You can experiment with it after you get it running by trying an external context and see which service picks it up. Give it a try. Doug !-- Example Server Configuration File -- Server port=8005 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ !-- Global JNDI resources -- GlobalNamingResources !-- Test entry for demonstration purposes -- Environment name=simpleValue type=java.lang.Integer value=30/ !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- Define a non-SSL Coyote HTTP/1.1 Connector on the port specified during installation -- Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true address=192.68.xxx.xx2 / !-- Note : To disable connection timeouts, set connectionTimeout value to 0 -- !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector port=8009 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3 / !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). -- !-- Define the top level container in our container hierarchy -- Engine name=Catalina defaultHost=localhost debug=0 !-- Global logger unless overridden at lower levels -- Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ !-- Because this Realm is here, an instance will be shared globally -- !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm debug=0 resourceName=UserDatabase/ !-- Comment out the old realm but leave here for now in case we need to go back quickly -- !-- Realm className=org.apache.catalina.realm.MemoryRealm / -- !-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. -- Host name=localhost debug=0 appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false !-- Logger shared by all Contexts related to this virtual host. By default (when using FileLogger), log files are created in the logs directory relative to $CATALINA_HOME. If you wish, you can specify a different directory with the directory attribute. Specify either a relative (to $CATALINA_HOME) or absolute path to the desired directory.-- Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=localhost_log. suffix=.txt timestamp=true/ DefaultContext reloadable=true / /Host /Engine /Service Service name=CatalinaHTTPS !-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -- Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\Documents and Settings\kworker\server.keystore keystorePass=changeit address=192.68.xxx.xx1 / !-- Define a
RE: Configuring Tomcat on different IP's
Hi, From: Emerson Cargnin [mailto:[EMAIL PROTECTED] When i tested a configurations like this (although the two intances listended to the same port without ssl), i had to put the address at the Server element too. Server port=8005 address=10.9.6.85 What are you talking about? The Server element interface and standard implementation don't support an address attribute. The address attribute would be ignored and has no impact on anything. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Tomcat on different IP's
Doug, I am finally getting something to work after doing lot of experiments. Now the issue is 1)It does not work with http://localhost, seems to be a problem with my DNS. 2)It works with http://172.27.2.44 This address (172.27.2.44) is defined in the first service and the host tag has a context as Context path= docBase=/IBS1 debug=0 /Context Look its IBS1. This context has an index.jsp file which just fwd the request to https://172.27.2.246/IBS/Login.jsp This address (172.27.2.246) is defined in the second service and the host tag has a context as Context path= docBase=/IBS debug=0 /Context Look its IBS now. This context has all the files that needs to run under https. 3)Now when the user logs in using https://172.27.2.246/IBS/Login.jsp he goes to https://172.27.2.246/IBS/d1.jsp 4)When the user changes the port to HTTP (in the address bar of the browser) and doesnt change the IP address as http://172.27.2.246 /IBS/d1.jsp, then the user gets cannot find server. This is perfect. 5)When the user changes the port to HTTP and change the IP address (in the address bar of the browser) as http://172.27.2.44/IBS/d1.jsp, as I am internally checking for the session, the programme finds the session is invalid and sends him to (HTTP Login page) http://172.27.2.44 /IBS/Login.jsp. Now the user still can access my IBS context files using http protocol and 80 port. Now see this IP configuration (172.27.2.44) on port 80 has got a context reference of IBS1 and it still supports IBS context that is on port 443. It seems to me that Tomcat 5 is still internally checking for the contexts somewhere else other than the server.xml file. If we can disable that then it should work fine. Can I know from where the Tomcat is reading the default context? So that I can disable them? or if there is any better solution to this please help me out. Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/30/2004 06:58 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, This has moved beyond my experiance. Other than experimenting or diving into the source what I suggest now is to reply to this post and edit the subject line to read: Two service on one Tomcat instance.[Was Re: Configuring Tomcat on different IP's] In the hope that someone with more information will respond. You may try google with a search based on tomcat and two or multiple service. Sorry I ran out of ideas. Doug - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 11:50 PM Subject: Re: Configuring Tomcat on different IP's Doug, I fogot to tell you that the first context has only one .jsp file. Here is the content of that index.jsp file % response.sendRedirect(https://172.27.2.246/IBS/Login.jsp;); % Thanks Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Tomcat on different IP's
Uma, Sorry for the delay. I went to bed early for a change. Attachments don't survive. You will need to put it in the body of the email. List can you comment on if I am anywhere close on this or totally off my rocker. Thanks. Doug - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:33 AM Subject: Re: Configuring Tomcat on different IP's Doug, Can you look at this server.xml file to see if I have done everything correct? (See attached file: server.xml) Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/29/2004 12:31 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Okay to continue, In the Server element you can declare two services. In one service you would have the connector for the http and the context for your application. Note unless someone can tell me how to control which service a context is associate you will have to put your context in the server.xml. In the other sevice you will declare the https and the other context. Now for clarification I have NOT done this before and am basing it on what I read from the config documentaion. If you look in the server.xml file you will find the connector declaration for the http. If you have NOT used the admin application, you will also find the connector for the https but it will be commented out !---- . To try this first make a copy of the server.xml. Next copy and paste the service section from start tag service to finish tag /service and paste it right after the service finish tag. In the second service tag you will need to change the name on the service and maybe the engine. Then comment out the http connector and uncomment the https connector. Add the address= to each connector. Add the context for your applications in the appropriate service. Restart tomcat and see what the logs say. Again, I have never done this. But the configuration docs say: Quote The following components may be nested inside a Server element: Service - One or more service element. GlobalNamingResources - Configure the JNDI global resources for the server. Unquote So having two services is okay. Now can someone tell me which service an application will be associated with if you use the context.xml in the app? Give it a try and read up on the docs at: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/server.html Good luck. Doug - Original Message - From: Parsons Technical Services [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:26 AM Subject: Re: Configuring Tomcat on different IP's Clicked too fast. There is more to come... - Original Message - From: Parsons Technical Services [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:19 AM Subject: Re: Configuring Tomcat on different IP's Uma, I think this will do what you want. For each connector defined, one for http and one for https use the address attribute to specify the IP to listen on. So in the https connector use address=192.68.xxx.xx1 and Tomcat will listen on 192.68.xxx.xx1 for only https request. On the http connector use address=192.68.xxx.xx2 and Tomcat will listen only for http request on 192.68.xxx.xx2 . Remember this affect all applications running on this instance of Tomcat. See this for details: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html Doug - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:58 PM Subject: Re: Configuring Tomcat on different IP's Doug, Thanks for the reply. It is just for security reasons out network administrator has planned to do. So, I need to configure as such. I have made the settings in the code to see if the user is using http or https and block the user from using http. But there should be some way of doing this, right? Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/29/2004 11:23 cc AM
Re: Configuring Tomcat on different IP's
out ; even if you wanted to. filter=.*\.gif;.*\.js; means that we will not replicate the session after requests with the URI ending with .gif and .js are intercepted. -- !-- Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster managerClassName=org.apache.catalina.cluster.session.DeltaManager expireSessionsOnShutdown=false useDirtyFlag=true Membership className=org.apache.catalina.cluster.mcast.McastService mcastAddr=228.0.0.4 mcastPort=45564 mcastFrequency=500 mcastDropTime=3000/ Receiver className=org.apache.catalina.cluster.tcp.ReplicationListener tcpListenAddress=auto tcpListenPort=4001 tcpSelectorTimeout=100 tcpThreadCount=6/ Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=pooled/ Valve className=org.apache.catalina.cluster.tcp.ReplicationValve filter=.*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;/ /Cluster -- !-- Normally, users must authenticate themselves to each web app individually. Uncomment the following entry if you would like a user to be authenticated the first time they encounter a resource protected by a security constraint, and then have that user identity maintained across *all* web applications contained in this virtual host. -- !-- Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ -- !-- Access log processes all requests for this virtual host. By default, log files are created in the logs directory relative to $CATALINA_HOME. If you wish, you can specify a different directory with the directory attribute. Specify either a relative (to $CATALINA_HOME) or absolute path to the desired directory. -- !-- Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=common resolveHosts=false/ -- !-- Logger shared by all Contexts related to this virtual host. By default (when using FileLogger), log files are created in the logs directory relative to $CATALINA_HOME. If you wish, you can specify a different directory with the directory attribute. Specify either a relative (to $CATALINA_HOME) or absolute path to the desired directory.-- Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=localhost_log. suffix=.txt timestamp=true/ DefaultContext reloadable=true / /Host /Engine /Service /Server Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/29/2004 06:01 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, Sorry for the delay. I went to bed early for a change. Attachments don't survive. You will need to put it in the body of the email. List can you comment on if I am anywhere close on this or totally off my rocker. Thanks. Doug - Original Message - From: [EMAIL
Re: Configuring Tomcat on different IP's
Uma, I removed several of the elements that were commented out and made the changes I thought it would need. Unless someone can answer my question about which service picks up which app, you will have to put the context in the server.xml . You can experiment with it after you get it running by trying an external context and see which service picks it up. Give it a try. Doug !-- Example Server Configuration File -- Server port=8005 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ !-- Global JNDI resources -- GlobalNamingResources !-- Test entry for demonstration purposes -- Environment name=simpleValue type=java.lang.Integer value=30/ !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- Define a non-SSL Coyote HTTP/1.1 Connector on the port specified during installation -- Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true address=192.68.xxx.xx2 / !-- Note : To disable connection timeouts, set connectionTimeout value to 0 -- !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector port=8009 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3 / !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). -- !-- Define the top level container in our container hierarchy -- Engine name=Catalina defaultHost=localhost debug=0 !-- Global logger unless overridden at lower levels -- Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ !-- Because this Realm is here, an instance will be shared globally -- !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm debug=0 resourceName=UserDatabase/ !-- Comment out the old realm but leave here for now in case we need to go back quickly -- !-- Realm className=org.apache.catalina.realm.MemoryRealm / -- !-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. -- Host name=localhost debug=0 appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false !-- Logger shared by all Contexts related to this virtual host. By default (when using FileLogger), log files are created in the logs directory relative to $CATALINA_HOME. If you wish, you can specify a different directory with the directory attribute. Specify either a relative (to $CATALINA_HOME) or absolute path to the desired directory.-- Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=localhost_log. suffix=.txt timestamp=true/ DefaultContext reloadable=true / /Host /Engine /Service Service name=CatalinaHTTPS !-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -- Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=C:\Documents and Settings\kworker\server.keystore keystorePass=changeit address=192.68.xxx.xx1 / !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector port=8019 enableLookups=false redirectPort=443 debug=0 protocol=AJP/1.3 / !-- Define the top level container in our
Re: Configuring Tomcat on different IP's
Doug, I am now testing it on my local machine. My network admin has provided me with this IP configuration Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 172.27.2.246 Subnet Mask . . . . . . . . . . . : 255.255.0.0 IP Address. . . . . . . . . . . . : 172.27.2.44 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : 172.27.1.59 I have added the context within the host tag of each service. I have changed the port from 8080 to 80 for the first service. When I type http://localhost it doesn't work. I am pasting the stdout.txt and the other two log files that are generated along with the server.xml file. Can you please have a look at it and correct me? There is an error in the stdout.txt. see these lines SEVERE: Error filterStart Mar 30, 2004 9:41:45 AM org.apache.catalina.core.StandardContext start SEVERE: Context startup failed due to previous errors ---STDOUT.TXT Mar 30, 2004 9:41:22 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 80 Mar 30, 2004 9:41:24 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 443 Mar 30, 2004 9:41:24 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 6269 ms Mar 30, 2004 9:41:25 AM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Mar 30, 2004 9:41:25 AM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.0.19 Mar 30, 2004 9:41:25 AM org.apache.catalina.core.StandardHost start INFO: XML validation disabled Mar 30, 2004 9:41:26 AM org.apache.catalina.core.StandardHost getDeployer INFO: Create Host deployer for direct deployment ( non-jmx ) Mar 30, 2004 9:41:26 AM org.apache.catalina.core.StandardHostDeployer install INFO: Processing Context configuration file URL file:E:\Tomcat 5.0 \conf\Catalina\localhost\admin.xml Mar 30, 2004 9:41:27 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.struts.util.LocalStrings', returnNull=true Mar 30, 2004 9:41:27 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.struts.action.ActionResources', returnNull=true Mar 30, 2004 9:41:29 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.webapp.admin.ApplicationResources', returnNull=true Mar 30, 2004 9:41:35 AM org.apache.catalina.core.StandardHostDeployer install INFO: Processing Context configuration file URL file:E:\Tomcat 5.0 \conf\Catalina\localhost\balancer.xml Mar 30, 2004 9:41:35 AM org.apache.catalina.core.StandardHostDeployer install INFO: Processing Context configuration file URL file:E:\Tomcat 5.0 \conf\Catalina\localhost\manager.xml Mar 30, 2004 9:41:36 AM org.apache.catalina.core.StandardHostDeployer install INFO: Installing web application at context path /IBS from URL file:E:\Tomcat 5.0\webapps\IBS Mar 30, 2004 9:41:36 AM org.apache.catalina.core.StandardHostDeployer install INFO: Installing web application at context path /IBS1 from URL file:E:\Tomcat 5.0\webapps\IBS1 Mar 30, 2004 9:41:36 AM org.apache.catalina.core.StandardHostDeployer install INFO: Installing web application at context path /jsp-examples from URL file:E:\Tomcat 5.0\webapps\jsp-examples Mar 30, 2004 9:41:37 AM org.apache.catalina.core.StandardHostDeployer install INFO: Installing web application at context path /servlets-examples from URL file:E:\Tomcat 5.0\webapps\servlets-examples Mar 30, 2004 9:41:38 AM org.apache.catalina.core.StandardHostDeployer install INFO: Installing web application at context path /struts from URL file:E:\Tomcat 5.0\webapps\struts Mar 30, 2004 9:41:38 AM org.apache.catalina.startup.ContextConfig applicationConfig INFO: Missing application web.xml, using defaults only StandardEngine[Catalina].StandardHost[localhost].StandardContext[/struts] Mar 30, 2004 9:41:38 AM org.apache.catalina.core.StandardHostDeployer install INFO: Installing web application at context path /TEST from URL file:E:\Tomcat 5.0\webapps\TEST Mar 30, 2004 9:41:38 AM org.apache.catalina.core.StandardHostDeployer install INFO: Installing web application at context path /test1 from URL file:E:\Tomcat 5.0\webapps\test1 Mar 30, 2004 9:41:38 AM org.apache.catalina.core.StandardHostDeployer install INFO: Installing web application at context path /tomcat-docs from URL file:E:\Tomcat 5.0\webapps\tomcat-docs Mar 30, 2004 9:41:39 AM org.apache.catalina.core.StandardHostDeployer install INFO: Installing web application at context path /webdav from URL file:E:\Tomcat 5.0\webapps\webdav Mar 30, 2004 9:41:39 AM org.apache.catalina.core.StandardHostDeployer install INFO: Installing web application at context path /workwear from URL file:E:\Tomcat 5.0\webapps\workwear Mar 30, 2004 9:41:39 AM org.apache.catalina.core.StandardHostDeployer install INFO: Installing web application at context path /workwear1 from URL file:E:\Tomcat
Re: Configuring Tomcat on different IP's
Doug, I fogot to tell you that the first context has only one .jsp file. Here is the content of that index.jsp file % response.sendRedirect(https://172.27.2.246/IBS/Login.jsp;); % Thanks Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Tomcat on different IP's
Uma, First don't take this wrong but I got to ask Why? Someone with more knowledge will have to chime in to say if this can be done. But if the goal is to send all request for http://www.mysite.com to https://www.mysite.com then Tomcat can do this for you. And without two IPs. For details see; http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 If you have some special reason for the two IPs then, never mind Doug www.parsonstechnical.com - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:23 PM Subject: Configuring Tomcat on different IP's Hi, My Tomcat 5.0.19 configuration is typical. I have got 2 IP addresses (202.200.xxx.xx1 and 202.200.xxx.xx2) which are pointing to 2 internal IP addresses (192.68.xxx.xx1 and 192.68.xxx.xx2) I have registered one domain name (www.mysite.com). The entire site should work only on https:// I need to configure this domain in such a way that the first IP address (202.200.xxx.xx1) will have only one page(dummy jsp page that will fwd to https home page of the site) and this IP address will accept only 80 port. The second IP address (202.200.xxx.xx2) will server only 443 requests. And the pages that are accessed in https should not be accessed by http protocol. I understand that I need to create 2 contexts and place the dummy jsp page in one context and the rest of the files in the 2nd context. But how do I configure that the first context should work only on 80 and the second context should work only on 443 port? Any help would be great. Thanks Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Tomcat on different IP's
Doug, Thanks for the reply. It is just for security reasons out network administrator has planned to do. So, I need to configure as such. I have made the settings in the code to see if the user is using http or https and block the user from using http. But there should be some way of doing this, right? Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/29/2004 11:23 cc AM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, First don't take this wrong but I got to ask Why? Someone with more knowledge will have to chime in to say if this can be done. But if the goal is to send all request for http://www.mysite.com to https://www.mysite.com then Tomcat can do this for you. And without two IPs. For details see; http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 If you have some special reason for the two IPs then, never mind Doug www.parsonstechnical.com - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:23 PM Subject: Configuring Tomcat on different IP's Hi, My Tomcat 5.0.19 configuration is typical. I have got 2 IP addresses (202.200.xxx.xx1 and 202.200.xxx.xx2) which are pointing to 2 internal IP addresses (192.68.xxx.xx1 and 192.68.xxx.xx2) I have registered one domain name (www.mysite.com). The entire site should work only on https:// I need to configure this domain in such a way that the first IP address (202.200.xxx.xx1) will have only one page(dummy jsp page that will fwd to https home page of the site) and this IP address will accept only 80 port. The second IP address (202.200.xxx.xx2) will server only 443 requests. And the pages that are accessed in https should not be accessed by http protocol. I understand that I need to create 2 contexts and place the dummy jsp page in one context and the rest of the files in the 2nd context. But how do I configure that the first context should work only on 80 and the second context should work only on 443 port? Any help would be great. Thanks Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Tomcat on different IP's
Uma, I think this will do what you want. For each connector defined, one for http and one for https use the address attribute to specify the IP to listen on. So in the https connector use address=192.68.xxx.xx1 and Tomcat will listen on 192.68.xxx.xx1 for only https request. On the http connector use address=192.68.xxx.xx2 and Tomcat will listen only for http request on 192.68.xxx.xx2 . Remember this affect all applications running on this instance of Tomcat. See this for details: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html Doug - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:58 PM Subject: Re: Configuring Tomcat on different IP's Doug, Thanks for the reply. It is just for security reasons out network administrator has planned to do. So, I need to configure as such. I have made the settings in the code to see if the user is using http or https and block the user from using http. But there should be some way of doing this, right? Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/29/2004 11:23 cc AM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, First don't take this wrong but I got to ask Why? Someone with more knowledge will have to chime in to say if this can be done. But if the goal is to send all request for http://www.mysite.com to https://www.mysite.com then Tomcat can do this for you. And without two IPs. For details see; http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 If you have some special reason for the two IPs then, never mind Doug www.parsonstechnical.com - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:23 PM Subject: Configuring Tomcat on different IP's Hi, My Tomcat 5.0.19 configuration is typical. I have got 2 IP addresses (202.200.xxx.xx1 and 202.200.xxx.xx2) which are pointing to 2 internal IP addresses (192.68.xxx.xx1 and 192.68.xxx.xx2) I have registered one domain name (www.mysite.com). The entire site should work only on https:// I need to configure this domain in such a way that the first IP address (202.200.xxx.xx1) will have only one page(dummy jsp page that will fwd to https home page of the site) and this IP address will accept only 80 port. The second IP address (202.200.xxx.xx2) will server only 443 requests. And the pages that are accessed in https should not be accessed by http protocol. I understand that I need to create 2 contexts and place the dummy jsp page in one context and the rest of the files in the 2nd context. But how do I configure that the first context should work only on 80 and the second context should work only on 443 port? Any help would be great. Thanks Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Tomcat on different IP's
Clicked too fast. There is more to come... - Original Message - From: Parsons Technical Services [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:19 AM Subject: Re: Configuring Tomcat on different IP's Uma, I think this will do what you want. For each connector defined, one for http and one for https use the address attribute to specify the IP to listen on. So in the https connector use address=192.68.xxx.xx1 and Tomcat will listen on 192.68.xxx.xx1 for only https request. On the http connector use address=192.68.xxx.xx2 and Tomcat will listen only for http request on 192.68.xxx.xx2 . Remember this affect all applications running on this instance of Tomcat. See this for details: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html Doug - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:58 PM Subject: Re: Configuring Tomcat on different IP's Doug, Thanks for the reply. It is just for security reasons out network administrator has planned to do. So, I need to configure as such. I have made the settings in the code to see if the user is using http or https and block the user from using http. But there should be some way of doing this, right? Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/29/2004 11:23 cc AM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, First don't take this wrong but I got to ask Why? Someone with more knowledge will have to chime in to say if this can be done. But if the goal is to send all request for http://www.mysite.com to https://www.mysite.com then Tomcat can do this for you. And without two IPs. For details see; http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 If you have some special reason for the two IPs then, never mind Doug www.parsonstechnical.com - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:23 PM Subject: Configuring Tomcat on different IP's Hi, My Tomcat 5.0.19 configuration is typical. I have got 2 IP addresses (202.200.xxx.xx1 and 202.200.xxx.xx2) which are pointing to 2 internal IP addresses (192.68.xxx.xx1 and 192.68.xxx.xx2) I have registered one domain name (www.mysite.com). The entire site should work only on https:// I need to configure this domain in such a way that the first IP address (202.200.xxx.xx1) will have only one page(dummy jsp page that will fwd to https home page of the site) and this IP address will accept only 80 port. The second IP address (202.200.xxx.xx2) will server only 443 requests. And the pages that are accessed in https should not be accessed by http protocol. I understand that I need to create 2 contexts and place the dummy jsp page in one context and the rest of the files in the 2nd context. But how do I configure that the first context should work only on 80 and the second context should work only on 443 port? Any help would be great. Thanks Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Tomcat on different IP's
Doug, There will be only one site running in the server, so there wont be much problems. I never created a connector. Can you help me out with this? Any sample .xml file would be helpful. Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/29/2004 11:49 cc AM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, I think this will do what you want. For each connector defined, one for http and one for https use the address attribute to specify the IP to listen on. So in the https connector use address=192.68.xxx.xx1 and Tomcat will listen on 192.68.xxx.xx1 for only https request. On the http connector use address=192.68.xxx.xx2 and Tomcat will listen only for http request on 192.68.xxx.xx2 . Remember this affect all applications running on this instance of Tomcat. See this for details: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html Doug - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:58 PM Subject: Re: Configuring Tomcat on different IP's Doug, Thanks for the reply. It is just for security reasons out network administrator has planned to do. So, I need to configure as such. I have made the settings in the code to see if the user is using http or https and block the user from using http. But there should be some way of doing this, right? Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/29/2004 11:23 cc AM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, First don't take this wrong but I got to ask Why? Someone with more knowledge will have to chime in to say if this can be done. But if the goal is to send all request for http://www.mysite.com to https://www.mysite.com then Tomcat can do this for you. And without two IPs. For details see; http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 If you have some special reason for the two IPs then, never mind Doug www.parsonstechnical.com - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:23 PM Subject: Configuring Tomcat on different IP's Hi, My Tomcat 5.0.19 configuration is typical. I have got 2 IP addresses (202.200.xxx.xx1 and 202.200.xxx.xx2) which are pointing to 2 internal IP addresses (192.68.xxx.xx1 and 192.68.xxx.xx2) I have registered one domain name (www.mysite.com). The entire site should work only on https:// I need to configure this domain in such a way that the first IP address (202.200.xxx.xx1) will have only one page(dummy jsp page that will fwd to https home page of the site) and this IP address will accept only 80 port. The second IP address (202.200.xxx.xx2) will server only 443 requests. And the pages that are accessed in https should not be accessed by http protocol. I understand that I need to create 2 contexts and place the dummy jsp page in one context and the rest of the files in the 2nd context. But how do I configure
Re: Configuring Tomcat on different IP's
Okay to continue, In the Server element you can declare two services. In one service you would have the connector for the http and the context for your application. Note unless someone can tell me how to control which service a context is associate you will have to put your context in the server.xml. In the other sevice you will declare the https and the other context. Now for clarification I have NOT done this before and am basing it on what I read from the config documentaion. If you look in the server.xml file you will find the connector declaration for the http. If you have NOT used the admin application, you will also find the connector for the https but it will be commented out !---- . To try this first make a copy of the server.xml. Next copy and paste the service section from start tag service to finish tag /service and paste it right after the service finish tag. In the second service tag you will need to change the name on the service and maybe the engine. Then comment out the http connector and uncomment the https connector. Add the address= to each connector. Add the context for your applications in the appropriate service. Restart tomcat and see what the logs say. Again, I have never done this. But the configuration docs say: Quote The following components may be nested inside a Server element: Service - One or more service element. GlobalNamingResources - Configure the JNDI global resources for the server. Unquote So having two services is okay. Now can someone tell me which service an application will be associated with if you use the context.xml in the app? Give it a try and read up on the docs at: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/server.html Good luck. Doug - Original Message - From: Parsons Technical Services [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:26 AM Subject: Re: Configuring Tomcat on different IP's Clicked too fast. There is more to come... - Original Message - From: Parsons Technical Services [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:19 AM Subject: Re: Configuring Tomcat on different IP's Uma, I think this will do what you want. For each connector defined, one for http and one for https use the address attribute to specify the IP to listen on. So in the https connector use address=192.68.xxx.xx1 and Tomcat will listen on 192.68.xxx.xx1 for only https request. On the http connector use address=192.68.xxx.xx2 and Tomcat will listen only for http request on 192.68.xxx.xx2 . Remember this affect all applications running on this instance of Tomcat. See this for details: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html Doug - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:58 PM Subject: Re: Configuring Tomcat on different IP's Doug, Thanks for the reply. It is just for security reasons out network administrator has planned to do. So, I need to configure as such. I have made the settings in the code to see if the user is using http or https and block the user from using http. But there should be some way of doing this, right? Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/29/2004 11:23 cc AM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, First don't take this wrong but I got to ask Why? Someone with more knowledge will have to chime in to say if this can be done. But if the goal is to send all request for http://www.mysite.com to https://www.mysite.com then Tomcat can do this for you. And without two IPs. For details see; http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 If you have some special reason for the two IPs then, never mind Doug www.parsonstechnical.com - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:23 PM Subject: Configuring Tomcat on different IP's Hi, My Tomcat 5.0.19 configuration is typical. I have got 2 IP addresses (202.200.xxx.xx1 and 202.200.xxx.xx2) which are pointing to 2 internal IP addresses (192.68.xxx.xx1 and 192.68.xxx.xx2) I have registered one domain name (www.mysite.com). The entire site should work only on https:// I need to configure this domain
Re: Configuring Tomcat on different IP's
I am using Tomcat 5.0.19 and using context tag within the server.xml file is not recommended. Do you still want me try with this one? Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/29/2004 12:31 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Okay to continue, In the Server element you can declare two services. In one service you would have the connector for the http and the context for your application. Note unless someone can tell me how to control which service a context is associate you will have to put your context in the server.xml. In the other sevice you will declare the https and the other context. Now for clarification I have NOT done this before and am basing it on what I read from the config documentaion. If you look in the server.xml file you will find the connector declaration for the http. If you have NOT used the admin application, you will also find the connector for the https but it will be commented out !---- . To try this first make a copy of the server.xml. Next copy and paste the service section from start tag service to finish tag /service and paste it right after the service finish tag. In the second service tag you will need to change the name on the service and maybe the engine. Then comment out the http connector and uncomment the https connector. Add the address= to each connector. Add the context for your applications in the appropriate service. Restart tomcat and see what the logs say. Again, I have never done this. But the configuration docs say: Quote The following components may be nested inside a Server element: Service - One or more service element. GlobalNamingResources - Configure the JNDI global resources for the server. Unquote So having two services is okay. Now can someone tell me which service an application will be associated with if you use the context.xml in the app? Give it a try and read up on the docs at: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/server.html Good luck. Doug - Original Message - From: Parsons Technical Services [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:26 AM Subject: Re: Configuring Tomcat on different IP's Clicked too fast. There is more to come... - Original Message - From: Parsons Technical Services [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:19 AM Subject: Re: Configuring Tomcat on different IP's Uma, I think this will do what you want. For each connector defined, one for http and one for https use the address attribute to specify the IP to listen on. So in the https connector use address=192.68.xxx.xx1 and Tomcat will listen on 192.68.xxx.xx1 for only https request. On the http connector use address=192.68.xxx.xx2 and Tomcat will listen only for http request on 192.68.xxx.xx2 . Remember this affect all applications running on this instance of Tomcat. See this for details: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html Doug - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:58 PM Subject: Re: Configuring Tomcat on different IP's Doug, Thanks for the reply. It is just for security reasons out network administrator has planned to do. So, I need to configure as such. I
Re: Configuring Tomcat on different IP's
Doug, Can you look at this server.xml file to see if I have done everything correct? (See attached file: server.xml) Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/29/2004 12:31 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Okay to continue, In the Server element you can declare two services. In one service you would have the connector for the http and the context for your application. Note unless someone can tell me how to control which service a context is associate you will have to put your context in the server.xml. In the other sevice you will declare the https and the other context. Now for clarification I have NOT done this before and am basing it on what I read from the config documentaion. If you look in the server.xml file you will find the connector declaration for the http. If you have NOT used the admin application, you will also find the connector for the https but it will be commented out !---- . To try this first make a copy of the server.xml. Next copy and paste the service section from start tag service to finish tag /service and paste it right after the service finish tag. In the second service tag you will need to change the name on the service and maybe the engine. Then comment out the http connector and uncomment the https connector. Add the address= to each connector. Add the context for your applications in the appropriate service. Restart tomcat and see what the logs say. Again, I have never done this. But the configuration docs say: Quote The following components may be nested inside a Server element: Service - One or more service element. GlobalNamingResources - Configure the JNDI global resources for the server. Unquote So having two services is okay. Now can someone tell me which service an application will be associated with if you use the context.xml in the app? Give it a try and read up on the docs at: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/server.html Good luck. Doug - Original Message - From: Parsons Technical Services [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:26 AM Subject: Re: Configuring Tomcat on different IP's Clicked too fast. There is more to come... - Original Message - From: Parsons Technical Services [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:19 AM Subject: Re: Configuring Tomcat on different IP's Uma, I think this will do what you want. For each connector defined, one for http and one for https use the address attribute to specify the IP to listen on. So in the https connector use address=192.68.xxx.xx1 and Tomcat will listen on 192.68.xxx.xx1 for only https request. On the http connector use address=192.68.xxx.xx2 and Tomcat will listen only for http request on 192.68.xxx.xx2 . Remember this affect all applications running on this instance of Tomcat. See this for details: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html Doug - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:58 PM Subject: Re: Configuring Tomcat on different IP's Doug, Thanks for the reply. It is just for security reasons out network administrator has planned to do. So, I need to configure as such. I have made