RE: tomcat ssl setup

2017-09-28 Thread John Ellis


John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Peter Kreuser [mailto:l...@kreuser.name] 
Sent: Wednesday, September 27, 2017 3:43 PM
To: Tomcat Users List 
Subject: Re: tomcat ssl setup

John,


> Am 27.09.2017 um 18:08 schrieb John Ellis :
> 
> 
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: l...@kreuser.name [mailto:l...@kreuser.name] 
> Sent: Tuesday, September 26, 2017 3:26 PM
> To: Tomcat Users List 
> Subject: Re: tomcat ssl setup
> 
> John,
> 
> 
> 
>> Am 26.09.2017 um 21:26 schrieb John Ellis :
>> 
>> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
>> what Jira and/or Confluence would use so I did that and it worked fine on 
>> http port of 8080. I then edited the server.xml file again for the SSL port 
>> and got the same result as before; never gets to a webpage login using the 
>> secure port of 8443 but I can still get the webpage on port 8080. When I 
>> look at the Tomcat 8 Catalina log file I see several lines where it says- 
>> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
>> googling that error and found a couple of posts saying to change from JKS to 
>> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
>> for the algorithm. Can someone provide me with the proper keytool commands 
>> that I need to use to create an SSL certificate for Tomcat?   
>> 
>> John Ellis
>> 
>> 405.285.2500 office
>> 
>> 
> 
> 
> We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride 
> a dead horse, also SSL setup has changed quite a bit in 8.5/9.0.
> 
> So my setup is as follows:
> 
> server.xml:
> 
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
>allowTrace="false"
>maxThreads="150"
>SSLEnabled="true"
>compression="off"
>scheme="https"
>server="Apache Tomcat"
>secure="true"
>defaultSSLHostConfigName=“ localhost” >
>hostName="localhost"
>honorCipherOrder="true"
>certificateVerification="none"
>protocols="TLSv1.2"
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
>  certificateKeystoreFile="${catalina.base}/conf/ssl/jssecacerts"
>  certificateKeystorePassword="changeit"
>  certificateKeyAlias="tomcat"
>  type="RSA" />
>
>  
> 
> https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
>  
> 
> 
> I use openssl to create the certs (as let’s encrypt for an official cert will 
> generate the same structure) and then convert to JKS:
> 
> openssl genrsa -aes256 -out server.key 4096 -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
> openssl req -new -key server.key -out server.csr -sha512  -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
> #there is more to it to get SAN extensions, but that’s not necessary to get 
> it running
> 
> openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
> server.crt # you may need your own ca and a signing-process to make this work 
> in all browsers
> 
> #Verify Server Cert
> openssl x509 -in server.crt -text -noout
> 
> openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts 
> -name tomcat keytool -list -v -keystore jssecacerts -storepass changeit
> 
> 
> Hope this helps for a start.
> 
> Regards
> 
> Peter
> 
> Peter I have never seen entries in the "" part of the 
> server.xml file. Does that have to be in there for SSL to work in Tomcat?
> 
That's the way you define one Connector on one port with different certificates 
in TC 8.5 and 9.0.
I guess that's one of the important new features!
> 
> 
> Wow. I started posting in this forum back on the 19th; specifically about 
> version 9 of Tomcat and yours is the 1st reply where I have seen anything 
> about having to configure
the  "" part of the server.xml. I will give that a try. BTW, do 
you have the exact order and text of the openssl commands that you used. I have 
been using the keytool command but for some strange reason yesterday all of a 
sudden wh

Re: Java 9 support + HSTS for tomcat.apache.org

2017-09-28 Thread Oliver Heister
> > IMO a remark regarding Java 9 should be added to
> > http://tomcat.apache.org/whichversion.html .
>
> Sounds good. I don't know of anything specific that does NOT work with
> Java 9, but markt has been following the pre-releases of Java 9 pretty
> closely, and has made adjustments (mostly disabling various
> workarounds for bugs in previous JVMs) accordingly. There may be some
> NEW items that may need to be worked-around -- those usually turn out
> to be various ClassLoader-pinning memory-leaks -- but my guess is that
> most Tomcat versions will work just find under Java 9 without any
> special effort.
>
> Could you try (the latest patch-level of) whatever version of Tomcat
> you are currently using with Java 9 and let us know how things go?

It looks like Tomcat 8.5.23 and Tomcat 9.0.1 Beta will be released
soon and they include the fix mentioned in
https://marc.info/?l=tomcat-dev&m=150617928913339&w=2 . So we will
test Tomcat 8.5.23.


> > 2. Currently MITM attacks by evil ISPs or WiFi networks are
> > possible against people downloading tomcat from
> > http://tomcat.apache.org/download-80.cgi . (The page has links to
> > PGP, md5 and sha1 hashes for validation, but the links are on a
> > http page that does not redirect to https. This means they could be
> > replaced in case of MITM.)
> >
> > IMO a HTTP 301 redirect to the https version and HSTS headers
> > should be added to http://tomcat.apache.org/ .
>
> Agreed about the redirect... not so sure about HSTS, as that affects
> the whole domain.

HSTS (RFC 6797) would only affect http://tomcat.apache.org/ .
"HSTS preload" would affect the base domain and all subdomains.


> > Should I try to submit issues in Bugzilla for both?
>
> Yes, please. Post-back with URLs to the BZ issues you raise.

OK.

Regards
Oliver

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



how to set Http11AprProtocol with embedded tomcat

2017-09-28 Thread Wang, Jennifer
NONCONFIDENTIAL // EXTERNAL
How to set Http11AprProtocol with embedded tomcat in java spring boot app?

I keep get below error.


org.apache.catalina.LifecycleException: Failed to initialize component 
[Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
   at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
   at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140)
   at 
org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
   at 
org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
   at 
org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
   at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
   at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
   at 
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
   at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
   at 
org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
   at 
org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
   at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
   at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
   at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
   at hello.Application.main(Application.java:13)
Caused by: org.apache.catalina.LifecycleException: The configured protocol 
[org.apache.coyote.http11.Http11AprProtocol] requires the APR/native library 
which is not available

Thanks!

Jennifer



how to set Http11AprProtocol with embedded tomcat

2017-09-28 Thread Wang, Jennifer
NONCONFIDENTIAL // EXTERNAL
How to set Http11AprProtocol with embedded tomcat in java spring boot app?

I keep get below error.


org.apache.catalina.LifecycleException: Failed to initialize component 
[Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
   at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
   at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140)
   at 
org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
   at 
org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
   at 
org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
   at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
   at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
   at 
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
   at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
   at 
org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
   at 
org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
   at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
   at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
   at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
   at hello.Application.main(Application.java:13)
Caused by: org.apache.catalina.LifecycleException: The configured protocol 
[org.apache.coyote.http11.Http11AprProtocol] requires the APR/native library 
which is not available

Thanks!

Jennifer



RE: tomcat ssl setup

2017-09-28 Thread John Ellis


John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Peter Kreuser [mailto:l...@kreuser.name] 
Sent: Wednesday, September 27, 2017 3:43 PM
To: Tomcat Users List 
Subject: Re: tomcat ssl setup

John,


> Am 27.09.2017 um 18:08 schrieb John Ellis :
> 
> 
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: l...@kreuser.name [mailto:l...@kreuser.name] 
> Sent: Tuesday, September 26, 2017 3:26 PM
> To: Tomcat Users List 
> Subject: Re: tomcat ssl setup
> 
> John,
> 
> 
> 
>> Am 26.09.2017 um 21:26 schrieb John Ellis :
>> 
>> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
>> what Jira and/or Confluence would use so I did that and it worked fine on 
>> http port of 8080. I then edited the server.xml file again for the SSL port 
>> and got the same result as before; never gets to a webpage login using the 
>> secure port of 8443 but I can still get the webpage on port 8080. When I 
>> look at the Tomcat 8 Catalina log file I see several lines where it says- 
>> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
>> googling that error and found a couple of posts saying to change from JKS to 
>> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
>> for the algorithm. Can someone provide me with the proper keytool commands 
>> that I need to use to create an SSL certificate for Tomcat?   
>> 
>> John Ellis
>> 
>> 405.285.2500 office
>> 
>> 
> 
> 
> We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride 
> a dead horse, also SSL setup has changed quite a bit in 8.5/9.0.
> 
> So my setup is as follows:
> 
> server.xml:
> 
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
>allowTrace="false"
>maxThreads="150"
>SSLEnabled="true"
>compression="off"
>scheme="https"
>server="Apache Tomcat"
>secure="true"
>defaultSSLHostConfigName=“ localhost” >
>hostName="localhost"
>honorCipherOrder="true"
>certificateVerification="none"
>protocols="TLSv1.2"
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
>  certificateKeystoreFile="${catalina.base}/conf/ssl/jssecacerts"
>  certificateKeystorePassword="changeit"
>  certificateKeyAlias="tomcat"
>  type="RSA" />
>
>  
> 
> https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
>  
> 
> 
> I use openssl to create the certs (as let’s encrypt for an official cert will 
> generate the same structure) and then convert to JKS:
> 
> openssl genrsa -aes256 -out server.key 4096 -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
> openssl req -new -key server.key -out server.csr -sha512  -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
> #there is more to it to get SAN extensions, but that’s not necessary to get 
> it running
> 
> openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
> server.crt # you may need your own ca and a signing-process to make this work 
> in all browsers
> 
> #Verify Server Cert
> openssl x509 -in server.crt -text -noout
> 
> openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts 
> -name tomcat keytool -list -v -keystore jssecacerts -storepass changeit
> 
> 
> Hope this helps for a start.
> 
> Regards
> 
> Peter
> 
> Peter I have never seen entries in the "" part of the 
> server.xml file. Does that have to be in there for SSL to work in Tomcat?
> 
That's the way you define one Connector on one port with different certificates 
in TC 8.5 and 9.0.
I guess that's one of the important new features!
> 
> 
> 
> Peter I ran the keytool commands again to create all new keystore files, 
> submitted & got back a certificate from Cacert.org and here is how my 
> server.xml file looks now; at least the main parts that I have edited; based 
> on what your looks like-









> 
> 
> 
> 
> 
> -
> To unsubscribe, e-m

RE: tomcat ssl setup

2017-09-28 Thread John Ellis


John Ellis

405.285.2500 office




http://biz-e.io


-Original Message-
From: Peter Kreuser [mailto:l...@kreuser.name] 
Sent: Wednesday, September 27, 2017 3:43 PM
To: Tomcat Users List 
Subject: Re: tomcat ssl setup

John,


> Am 27.09.2017 um 18:08 schrieb John Ellis :
> 
> 
> 
> John Ellis
> 
> 405.285.2500 office
> 
> 
> 
> 
> http://biz-e.io
> 
> 
> -Original Message-
> From: l...@kreuser.name [mailto:l...@kreuser.name] 
> Sent: Tuesday, September 26, 2017 3:26 PM
> To: Tomcat Users List 
> Subject: Re: tomcat ssl setup
> 
> John,
> 
> 
> 
>> Am 26.09.2017 um 21:26 schrieb John Ellis :
>> 
>> Yesterday my boss suggested setting up Tomcat vers. 8 as he thought this is 
>> what Jira and/or Confluence would use so I did that and it worked fine on 
>> http port of 8080. I then edited the server.xml file again for the SSL port 
>> and got the same result as before; never gets to a webpage login using the 
>> secure port of 8443 but I can still get the webpage on port 8080. When I 
>> look at the Tomcat 8 Catalina log file I see several lines where it says- 
>> "java.security.KeyStoreException: Cannot store non-PrivateKeys". I have been 
>> googling that error and found a couple of posts saying to change from JKS to 
>> JCEKS but when I ran the commands I didn't have JKS in the command; only RSA 
>> for the algorithm. Can someone provide me with the proper keytool commands 
>> that I need to use to create an SSL certificate for Tomcat?   
>> 
>> John Ellis
>> 
>> 405.285.2500 office
>> 
>> 
> 
> 
> We’re talking about Tomcat 8.5, 8.0 is EOLed so it may not make sense to ride 
> a dead horse, also SSL setup has changed quite a bit in 8.5/9.0.
> 
> So my setup is as follows:
> 
> server.xml:
> 
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
>allowTrace="false"
>maxThreads="150"
>SSLEnabled="true"
>compression="off"
>scheme="https"
>server="Apache Tomcat"
>secure="true"
>defaultSSLHostConfigName=“ localhost” >
>hostName="localhost"
>honorCipherOrder="true"
>certificateVerification="none"
>protocols="TLSv1.2"
>
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
>  certificateKeystoreFile="${catalina.base}/conf/ssl/jssecacerts"
>  certificateKeystorePassword="changeit"
>  certificateKeyAlias="tomcat"
>  type="RSA" />
>
>  
> 
> https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
>  
> 
> 
> I use openssl to create the certs (as let’s encrypt for an official cert will 
> generate the same structure) and then convert to JKS:
> 
> openssl genrsa -aes256 -out server.key 4096 -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost"
> openssl req -new -key server.key -out server.csr -sha512  -subj 
> "/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com"
> #there is more to it to get SAN extensions, but that’s not necessary to get 
> it running
> 
> openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out 
> server.crt # you may need your own ca and a signing-process to make this work 
> in all browsers
> 
> #Verify Server Cert
> openssl x509 -in server.crt -text -noout
> 
> openssl pkcs12 -export -in server.crt -inkey server.key -out jssecacerts 
> -name tomcat keytool -list -v -keystore jssecacerts -storepass changeit
> 
> 
> Hope this helps for a start.
> 
> Regards
> 
> Peter
> 
> Peter I have never seen entries in the "" part of the 
> server.xml file. Does that have to be in there for SSL to work in Tomcat?
> 
That's the way you define one Connector on one port with different certificates 
in TC 8.5 and 9.0.
I guess that's one of the important new features!
> 
> 
> 
> Peter BTW mine still isn't working on the secure port of 8443; I still get a 
> webpage when I go back to the non-secure port of 8080. 
> 
> 
> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-

Re: how to set Http11AprProtocol with embedded tomcat

2017-09-28 Thread Coty Sutherland
On Thu, Sep 28, 2017 at 11:32 AM, Wang, Jennifer
 wrote:
> NONCONFIDENTIAL // EXTERNAL
> How to set Http11AprProtocol with embedded tomcat in java spring boot app?
>
> I keep get below error.

You don't have tomcat-native installed. Resolving the problem should
be as simple as installing tomcat-native (which deps on APR) via RPM
(assuming you're on linux) so that it's on your library path or
updating your JVM's -Djava.library.path system property to point to
APR and tomcat-native so that tomcat can use it.

> org.apache.catalina.LifecycleException: Failed to initialize component 
> [Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
>at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
>at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140)
>at 
> org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
>at 
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
>at 
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
>at 
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
>at 
> org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
>at 
> org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
>at hello.Application.main(Application.java:13)
> Caused by: org.apache.catalina.LifecycleException: The configured protocol 
> [org.apache.coyote.http11.Http11AprProtocol] requires the APR/native library 
> which is not available
>
> Thanks!
>
> Jennifer
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Re: how to set Http11AprProtocol with embedded tomcat

2017-09-28 Thread Wang, Jennifer
NONCONFIDENTIAL // EXTERNAL
Hi Coty,

I download tcnative-1.dll from tomcat site. I am running on windows 7. I did 
set " java.library.path" as below.




@SpringBootApplication
public class Application {

public static void main(String[] args) {

//try both of below
System.setProperty("java.library.path", 
"C:\\Temp\\tomcat-native-1.2.14-win32-bin\\bin\\x64\\tcnative-1.dll");
//System.setProperty("java.library.path", 
"C:\\Temp\\tomcat-native-1.2.14-win32-bin\\bin\\x64");

SpringApplication.run(Application.class, args);
}
}

Thanks!

Jennifer

-Original Message-
From: Coty Sutherland [mailto:csuth...@redhat.com] 
Sent: Thursday, September 28, 2017 12:16 PM
To: Tomcat Users List
Subject: [External] Re: how to set Http11AprProtocol with embedded tomcat

On Thu, Sep 28, 2017 at 11:32 AM, Wang, Jennifer  
wrote:
> NONCONFIDENTIAL // EXTERNAL
> How to set Http11AprProtocol with embedded tomcat in java spring boot app?
>
> I keep get below error.

You don't have tomcat-native installed. Resolving the problem should be as 
simple as installing tomcat-native (which deps on APR) via RPM (assuming you're 
on linux) so that it's on your library path or updating your JVM's 
-Djava.library.path system property to point to APR and tomcat-native so that 
tomcat can use it.

> org.apache.catalina.LifecycleException: Failed to initialize component 
> [Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
>at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
>at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140)
>at 
> org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
>at 
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
>at 
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
>at 
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
>at 
> org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
>at 
> org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
>at hello.Application.main(Application.java:13)
> Caused by: org.apache.catalina.LifecycleException: The configured 
> protocol [org.apache.coyote.http11.Http11AprProtocol] requires the 
> APR/native library which is not available
>
> Thanks!
>
> Jennifer
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Re: how to set Http11AprProtocol with embedded tomcat

2017-09-28 Thread Wang, Jennifer
NONCONFIDENTIAL // EXTERNAL
Hi Coty,

I download tcnative-1.dll from tomcat site. I am running on windows 7. I did 
set " java.library.path" as below.




@SpringBootApplication
public class Application {

public static void main(String[] args) {

//try both of below
System.setProperty("java.library.path", 
"C:\\Temp\\tomcat-native-1.2.14-win32-bin\\bin\\x64\\tcnative-1.dll");
//System.setProperty("java.library.path", 
"C:\\Temp\\tomcat-native-1.2.14-win32-bin\\bin\\x64");

SpringApplication.run(Application.class, args);
}
}

Thanks!

Jennifer

-Original Message-
From: Coty Sutherland [mailto:csuth...@redhat.com] 
Sent: Thursday, September 28, 2017 12:16 PM
To: Tomcat Users List
Subject: [External] Re: how to set Http11AprProtocol with embedded tomcat

On Thu, Sep 28, 2017 at 11:32 AM, Wang, Jennifer  
wrote:
> NONCONFIDENTIAL // EXTERNAL
> How to set Http11AprProtocol with embedded tomcat in java spring boot app?
>
> I keep get below error.

You don't have tomcat-native installed. Resolving the problem should be as 
simple as installing tomcat-native (which deps on APR) via RPM (assuming you're 
on linux) so that it's on your library path or updating your JVM's 
-Djava.library.path system property to point to APR and tomcat-native so that 
tomcat can use it.

> org.apache.catalina.LifecycleException: Failed to initialize component 
> [Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
>at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
>at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140)
>at 
> org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
>at 
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
>at 
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
>at 
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
>at 
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
>at 
> org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
>at 
> org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
>at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
>at hello.Application.main(Application.java:13)
> Caused by: org.apache.catalina.LifecycleException: The configured 
> protocol [org.apache.coyote.http11.Http11AprProtocol] requires the 
> APR/native library which is not available
>
> Thanks!
>
> Jennifer
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Java 9 support + HSTS for tomcat.apache.org

2017-09-28 Thread Konstantin Kolinko
2017-09-26 11:57 GMT+03:00 Oliver Heister :
>  2. Currently MITM attacks by evil ISPs or WiFi networks are possible
> against people downloading tomcat from
> http://tomcat.apache.org/download-80.cgi . (The page has links to PGP, md5
> and sha1 hashes for validation, but the links are on a http page that does
> not redirect to https. This means they could be replaced in case of MITM.)
>
> IMO a HTTP 301 redirect to the https version and HSTS headers should be
> added to http://tomcat.apache.org/ .

The recommended way to validate releases it to check the PGP
signature, not the checksums.

It is not so easy to compromise a PGP signature. You cannot generate a
new signature without having a key.


I think that HSTS is an overkill.

Maybe update links to *.cgi pages (in menu and on the site) to use https:

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Re: how to set Http11AprProtocol with embedded tomcat

2017-09-28 Thread Coty Sutherland
On Thu, Sep 28, 2017 at 12:27 PM, Wang, Jennifer
 wrote:
> NONCONFIDENTIAL // EXTERNAL
> Hi Coty,
>
> I download tcnative-1.dll from tomcat site. I am running on windows 7. I did 
> set " java.library.path" as below.
>
>
>
>
> @SpringBootApplication
> public class Application {
>
> public static void main(String[] args) {
>
> //try both of below
> System.setProperty("java.library.path", 
> "C:\\Temp\\tomcat-native-1.2.14-win32-bin\\bin\\x64\\tcnative-1.dll");
> //System.setProperty("java.library.path", 
> "C:\\Temp\\tomcat-native-1.2.14-win32-bin\\bin\\x64");

I think trying to set the library path in code is too late as the JVM
has already initialized. You'll need to set it in the JVM arguments
that start the Application. I got it working using the following
config snippet:

 
 org.springframework.boot
 spring-boot-maven-plugin
 
 
 -Djava.library.path=/path/to/tomcat-native/
 
 

and starting with `mvn spring-boot:run`. I also configured that the
System.setProperty call didn't work.

HTH

>
> SpringApplication.run(Application.class, args);
> }
> }
>
> Thanks!
>
> Jennifer
>
> -Original Message-
> From: Coty Sutherland [mailto:csuth...@redhat.com]
> Sent: Thursday, September 28, 2017 12:16 PM
> To: Tomcat Users List
> Subject: [External] Re: how to set Http11AprProtocol with embedded tomcat
>
> On Thu, Sep 28, 2017 at 11:32 AM, Wang, Jennifer  
> wrote:
>> NONCONFIDENTIAL // EXTERNAL
>> How to set Http11AprProtocol with embedded tomcat in java spring boot app?
>>
>> I keep get below error.
>
> You don't have tomcat-native installed. Resolving the problem should be as 
> simple as installing tomcat-native (which deps on APR) via RPM (assuming 
> you're on linux) so that it's on your library path or updating your JVM's 
> -Djava.library.path system property to point to APR and tomcat-native so that 
> tomcat can use it.
>
>> org.apache.catalina.LifecycleException: Failed to initialize component 
>> [Connector[org.apache.coyote.http11.Http11AprProtocol-8443]]
>>at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
>>at 
>> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:140)
>>at 
>> org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
>>at 
>> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
>>at 
>> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
>>at 
>> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
>>at 
>> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
>>at 
>> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
>>at 
>> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
>>at 
>> org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
>>at 
>> org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
>>at 
>> org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
>>at 
>> org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
>>at 
>> org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
>>at hello.Application.main(Application.java:13)
>> Caused by: org.apache.catalina.LifecycleException: The configured
>> protocol [org.apache.coyote.http11.Http11AprProtocol] requires the
>> APR/native library which is not available
>>
>> Thanks!
>>
>> Jennifer
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Randomly tomcat process create another copy process of it. Now see two PIDs of tomcat running

2017-09-28 Thread Guang Chao
On Thu, Sep 28, 2017 at 2:50 PM, Naresh Yadav 
wrote:

> my hard requirement is to run tomcat from eclipse only using sysdeo or
> other plugin.
> But yes i can try running from service OR startup bat file also...
>
> Another thing want to highlight is this problem is not consistent and it
> appear randomly...
> my guess is when there is more load on server then someone create another
> tomcat pid.
>

It could be an Eclipse issue not Tomcat issue, because you launch from
Eclipse.


>
> One more information wanted to share is :
>  In this environment we have 2 node tomcat setup running behind
> mod_jk loadbalancer with session replication enabled.
>  right now we observed this problem on one of node only.
>

Do both nodes getting around the same load?  It could be that only one node
is getting all the request, but problem may occur to both.


>
> Please give next level pointers.
>
> On Thu, Sep 28, 2017 at 6:26 AM, Guang Chao 
> wrote:
>
> > On Tue, Sep 26, 2017 at 5:52 PM, Naresh Yadav 
> > wrote:
> >
> > > Hi all,
> > >
> > > Already posted my problem on stackoverflow but not got any respo/nses
> so
> > > thought
> > > of posting here. Please read and help me with possible resolutions ??
> > >
> >
> > Would it be possible one is run as a service and another run using the
> > *.bat file?
> >
> >
> > >
> > > https://stackoverflow.com/questions/46409358/randomly-
> > > tomcat-process-create-another-copy-process-of-it-now-see-two-pids-of-t
> > >
> > > Thanks
> > > Naresh
> > >
> >
> >
> >
> > --
> > Guang  in-java/>
> >
>



-- 
Guang 


Re: Randomly tomcat process create another copy process of it. Now see two PIDs of tomcat running

2017-09-28 Thread Naresh Yadav
from my observation both nodes get almost equal load as we had set load
factor=1 in mod_jk;

On Fri, Sep 29, 2017 at 11:28 AM, Guang Chao 
wrote:

> On Thu, Sep 28, 2017 at 2:50 PM, Naresh Yadav 
> wrote:
>
> > my hard requirement is to run tomcat from eclipse only using sysdeo or
> > other plugin.
> > But yes i can try running from service OR startup bat file also...
> >
> > Another thing want to highlight is this problem is not consistent and it
> > appear randomly...
> > my guess is when there is more load on server then someone create another
> > tomcat pid.
> >
>
> It could be an Eclipse issue not Tomcat issue, because you launch from
> Eclipse.
>
>
> >
> > One more information wanted to share is :
> >  In this environment we have 2 node tomcat setup running behind
> > mod_jk loadbalancer with session replication enabled.
> >  right now we observed this problem on one of node only.
> >
>
> Do both nodes getting around the same load?  It could be that only one node
> is getting all the request, but problem may occur to both.
>
>
> >
> > Please give next level pointers.
> >
> > On Thu, Sep 28, 2017 at 6:26 AM, Guang Chao 
> > wrote:
> >
> > > On Tue, Sep 26, 2017 at 5:52 PM, Naresh Yadav  >
> > > wrote:
> > >
> > > > Hi all,
> > > >
> > > > Already posted my problem on stackoverflow but not got any respo/nses
> > so
> > > > thought
> > > > of posting here. Please read and help me with possible resolutions ??
> > > >
> > >
> > > Would it be possible one is run as a service and another run using the
> > > *.bat file?
> > >
> > >
> > > >
> > > > https://stackoverflow.com/questions/46409358/randomly-
> > > > tomcat-process-create-another-copy-process-of-it-now-see-
> two-pids-of-t
> > > >
> > > > Thanks
> > > > Naresh
> > > >
> > >
> > >
> > >
> > > --
> > > Guang  > in-java/>
> > >
> >
>
>
>
> --
> Guang 
>