On August 6, 2020 2:37:34 PM UTC, Barry Roberts wrote:
>I'm having an issue very similar to this one:
>https://marc.info/?l=tomcat-user=159171480518941=2
>
>The only difference is, I'm upgrading my docker from 8.5.51 to 8.5.57.
>My config adds a parameter in the rewrite rule, so I can see in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 8/5/20 19:46, James H. H. Lampert wrote:
> I've now proceeded to the "real" server, with the Tomcat portion of
> the procedure refined to give me plenty of "undo" capability. And
> it turns out I need it.
>
> It seems that with the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 8/6/20 13:03, James H. H. Lampert wrote:
> On 8/6/20 9:37 AM, Christopher Schultz wrote: . . .
>> As a short-term workaround, you can load your stuff into a
>> keystore like this:
>>
>> $ openssl pkcs12 -export \ -inkey
On Thu, Aug 6, 2020 at 10:18 AM Christopher Schultz wrote:
The problem is that if you don't have your old command-line saved and
> handy, you have to figure out how to re-generate it. Thus, the
> feature-request for procrun to dump the current configuration to a
> script which can re-create
On 8/6/20 10:10 AM, Christopher Schultz wrote:
$ openssl pkcs12 -export \ -in /etc/tomcat8/test.foo.net.crt \
-inkey /etc/tomcat8/test.foo.net.key \ -certfile
/etc/tomcat8/test.foo.net.issuer.crt \ -out
/etc/tomcat8/test.foo.net.p12 \ -chain
Then reconfigure your to use your keystore.
Dear
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Barry,
On 8/6/20 14:36, Barry Roberts wrote:
> On Thu, Aug 6, 2020 at 9:51 AM Mark Thomas
> wrote:
>>
>>
>> Minimum steps to recreate the issue with an 8.5.57 install of a
>> standard ASF provided distribution?
>>
>> Mark
>>
>
> A minimal example
On Thu, Aug 6, 2020 at 10:01 AM wrote:
I like what you are showing here, but are you implying a shared
> CATALINA_HOME and CATALINA_BASE?
>
Sorry; I don't understand the question. The alternate installer doesn't set
or use the CATALINA_HOME or CATALINA_BASE environment variables; it uses
procrun
On Thu, Aug 6, 2020 at 9:09 AM Christopher Schultz wrote:
I don't know if you are interested in such things, but being table to
> export a configuration from one machine to another might be useful for
> your installer, too. Something like "deploy to server A,
> manually-configure, tweak, test,
On Thu, Aug 6, 2020 at 9:51 AM Mark Thomas wrote:
>
>
> Minimum steps to recreate the issue with an 8.5.57 install of a standard ASF
> provided distribution?
>
> Mark
>
A minimal example similar to what I'm doing in 8.5.57, the redirects
work as expected.
I'm at a loss as to what configuration
On 8/6/20 9:37 AM, Christopher Schultz wrote:
. . .
As a short-term workaround, you can load your stuff into a keystore
like this:
$ openssl pkcs12 -export \
-inkey /etc/tomcat8/test.foo.net.key \
-
$ openssl pkcs12 -export \
-in /etc/tomcat8/test.foo.net.crt \
-inkey
How do configure TC to log the activities of the RewriteValve? I added
org.apache.catalina.valves.rewrite.RewriteValve.level = FINE
to logging.properties. But I'm not seeing any output related to
rewrite. Do I have the logging config wrong? Am I looking in the wrong
place for the log data?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 8/5/20 16:39, James H. H. Lampert wrote:
> First, I did a quick SSLLabs scan on the server. That told me that
> "sslEnabledProtocols" in an SSLHostConfig was indeed wrong. And it
> told me that all simulated Chrome handshakes failed, but
On 8/6/20 9:37 AM, Christopher Schultz wrote:
$ openssl pkcs12 -export \
-inkey /etc/tomcat8/test.foo.net.key \
-
Dear Mr. Schultz:
Is there supposed to be something after that last hyphen? When I type
that command, I just get a terminal window full of helptext.
And if I try the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 8/6/20 14:10, James H. H. Lampert wrote:
> On 8/6/20 9:37 AM, Christopher Schultz wrote:
>> $ openssl pkcs12 -export \ -inkey /etc/tomcat8/test.foo.net.key
>> \ -
>
> Dear Mr. Schultz:
>
> Is there supposed to be something after that last
On Thu, Aug 6, 2020 at 1:23 PM Christopher Schultz
wrote:
>
> Are you trying to redirect across contexts (from one web application
> to another)? If so, you need to make sure you are actually doing a
> redirect. Your RewriteRules aren't redirecting.
>
> Try the [R] flag.
>
> - -chris
Actually,
Sorry for the top posting, outlook and all that.
I like what you are showing here, but are you implying a shared CATALINA_HOME
and CATALINA_BASE? I find this to be the least desirable configuration, in my
opinion.
Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Bill,
On 8/6/20 11:56, Bill Stewart wrote:
> On Thu, Aug 6, 2020 at 9:09 AM Christopher Schultz wrote:
>
> I don't know if you are interested in such things, but being table
> to
>> export a configuration from one machine to another might be
>>
On Thu, Aug 6, 2020 at 10:18 AM Christopher Schultz wrote:
The problem is that if you don't have your old command-line saved and
> handy, you have to figure out how to re-generate it. Thus, the
> feature-request for procrun to dump the current configuration to a
> script which can re-create
On August 6, 2020 1:14:26 PM UTC, Trae McCombs wrote:
>Correct me if I'm wrong but 8.5 is really just a forked 9.x so wouldn't
>they both EOL roughly at the same time?
No.
Every major Tomcat version is a fork from the previous version going back to at
least 4.1.x
The Tomcat teams stated
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Bill,
On 8/4/20 18:59, Bill Stewart wrote:
> On Tue, Aug 4, 2020 at 4:01 PM Christopher Schultz wrote:
>
> I have a client who runs our product on Windows (we usually run it
> on
>> Linux) and there are 2-4 separate Tomcat-based services on each
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 8/4/20 20:20, James H. H. Lampert wrote:
> I am once again attempting to get our development AWS box switched
> over to Let's Encrypt.
>
> This time, I've managed to get the httpd server working with the
> Let's Encrypt cert.
This is far
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Fang,
On 8/5/20 22:16, FANG YAP wrote:
> Did that as well, but the scanner still flagged but it is to say is
> a false positive result in their scan?
Well, they are complaining that Tomcat is revealing its version number
(right?). That's not a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Trae,
On 8/6/20 09:14, Trae McCombs wrote:
> Correct me if I'm wrong but 8.5 is really just a forked 9.x so
> wouldn't they both EOL roughly at the same time?
While the history of 8.5 is true, the conclusion is likely not.
The Tomcat committers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Manuel and Kaydo,
On 8/6/20 09:23, Manuel Dominguez Sarmiento wrote:
> JMX is usually setup on port 1099 for monitoring the JVM. It can
> be either secured, or insecure (no password, no encryption) which
> is the default configuration. If you
Hi,
On Wed, Aug 5, 2020 at 5:59 PM Rajat Gupta wrote:
> Hi,
>
> Please let us know the date of End Of Service and End Of Life for Tomcat
> *8.5*
>
It is not known yet.
At the moment there is a date set only for 7.0.x:
https://tomcat.apache.org/tomcat-70-eol.html
Newer versions will live
Correct me if I'm wrong but 8.5 is really just a forked 9.x so wouldn't
they both EOL roughly at the same time?
Also, this question must get asked a lot because I know I asked it and I
think one other person before this gentleman did.
Thanks!
Trae
On Thu, Aug 6, 2020 at 4:35 AM Martin Grigorov
Hi Everyone,
Our security scanner has identified an application that has "Java JMX Agent
Insecure Configuration" on one of our Tomcat 8.5 servers. This server was
setup by a vendor and I am not sure what JMX is being used for or how it is
setup. Does anyone have any ideas on how to resolve
JMX is usually setup on port 1099 for monitoring the JVM. It can be
either secured, or insecure (no password, no encryption) which is the
default configuration.
If you cannot modify the app, then the safest bet would probably be to
block access to the port with the system firewall (for
I'm having an issue very similar to this one:
https://marc.info/?l=tomcat-user=159171480518941=2
The only difference is, I'm upgrading my docker from 8.5.51 to 8.5.57.
My config adds a parameter in the rewrite rule, so I can see in the
access log that the rule is rewriting properly. It just
29 matches
Mail list logo
