Re: JSSE or APR
John, On 20.8.2014 18:08, John McLean wrote: I used the following ubuntu guide to create my csr: https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html If you followed steps from that guide you now might have: 1. Private key in PEM format (e.g. server.key) 2. Certificate signing request (e.g. server.csr) 3. Signed certificate from your CA in PEM format (e.g. cert-server.pem) 4. Optionaly, one or more files for certificate chain in PEM format (e.g. chain-server.pem). YMMV for filenames. Those files may be used directly in APR connector configuration, or they may be imported into keystore for JSSE connector configuration. For JSSE connectors you may use one of two different file formats: PKCS#12 or JKS. This used openssl so does than mean I'm using APR? We cannot tell you what connector are you using. You should know that. Did you configure server.xml? Which connector did you declare in server.xml? If you didn't declare HTTPS connector in server.xml, then you probably still don't have HTTPS enabled. You should read about connector specifics, and decide which connector suits you. Once you select proper connector you may use aforementioned files (or derived keystore) to configure your APR or JSSE connector. If you need help with that, let us know. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JSSE or APR
On 21.8.2014 10:24, Ognjen Blagojevic wrote: For JSSE connectors you may use one of two different file formats: PKCS#12 or JKS. That would be, keystore file formats. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Client certificate is null using APR connector
Version of tomcat is 7.0.54 and APR connector configuration looks like this: Connector protocol=org.apache.coyote.http11.Http11AprProtocol port=8443 maxThreads=200 scheme=https secure=true SSLEnabled=true connectionTimeout=60 SSLPassword=pass SSLCertificateFile=c:\programs\eis\tomcat-ssl\cert.crt SSLCertificateKeyFile=c:\programs\eis\tomcat-ssl\cert.key SSLCACertificateFile=c:\programs\eis\tomcat-ssl\cacert.pem SSLVerifyClient=require / When APR connector is used, javax.servlet.request.X509Certificate attribute in request is null. This attribute should be filled by tomcat's Http11AprProcessor. Client certificate (SSLSocket.getInfoB(socketRef, SSL.SSL_INFO_CLIENT_CERT)) is present in this processor, but retrieving certLength (SSLSocket.getInfoI(socketRef, SSL.SSL_INFO_CLIENT_CERT_CHAIN)) returns error (value -1), and therefore before mentioned javax.servlet.request.X509Certificate attribute is not filled. This happens when using chrome/firefox but not with internet explorer. This behavior was reported and fixed as a bug in tomcat 5 ( https://issues.apache.org/bugzilla/show_bug.cgi?id=37869) but apparently it was changed back to previous behavior in some of tomcat 6 release. Using java connector works fine but we would like to have this worked also with APR connector. Any ideas? Thanks
Re: question on different version of tomcat running on the same pc
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 8/19/14, 7:06 PM, André Warnier wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Shawn, On 8/19/14, 2:31 PM, NEW IT wrote: So you meant after I fired up the Tomcat 7 then change the environment variables for the version 6 and startup there too? Yes, you can do that, but... CATALINA_HOME could set to version 7 and CATALINA_BASE set to version 6 OK? No, CATALINA_BASE has to agree with CATALINA_HOME's configuration. So you can't for example create a setup under /opt/tomcats/mywebapp/ and then launch with CATALINA_BASE=/opt/tomcats/mywebapp/ under both Tomcat 6 and Tomcat 7. The reason is that server.xml usually contains certain things that are version-specific. But, if you want to deply the same web application to Tomcat 6 and Tomcat 7, you could do something like this: $ JAVA_HOME=/opt/java-7 $ CATALINA_HOME=/opt/apache-tomcat-7.0.55 $ CATALINA_BASE=/opt/tomcats/mywebapp-tc7/ $ CATALINA_HOME/startup.sh $ JAVA_HOME=/opt/java-6 $ CATALINA_HOME=/opt/apache-tomcat-6.0.41 $ CATALINA_BASE=/opt/tomcats/mywebapp-tc6/ $ CATALINA_HOME/startup.sh This will launch Tomcat 6 on Java 6 with your webapp configured in mywebapp-tc6 and a similar setup with later versions for mywebapp-tc7. - -chris On Tue, Aug 19, 2014 at 10:43 AM, Christopher Schultz ch...@christopherschultz.net wrote: To whom it may concern, On 8/19/14, 1:32 PM, NEW IT wrote: Besides setting for the 2 different ports, how do deal with the Environment Variables of Path, CATALINA_HOME? They are having the values for the 7 for now and JAVA_HOME could be using the the same one for Tomcat 7 and 6? You can do anything you want, here. CATALINA_HOME specifies where the Tomcat installation is. CATALINA_BASE specifies where your local deployment goes: this allows you to use a single CATALINA_HOME with multiple Tomcat instances running with separate configurations (those with different CATALINA_BASEs). JAVA_HOME specifies the JVM to use. You can set the above environment variables, launch Tomcat, then set them to other values and launch another instance of Tomcat. You can change your JVM, Tomcat version, etc. whenever you want. Once the JVM is launched, that process is independent of the shell you used to launch it. On our development servers, we have multiple developers with multiple per-webapp JVMs running all off the same CATALINA_HOME under different JVMs. All you have to worry about is the port settings in each CATALINA_BASE/conf/server.xml. Hope that helps, -chris The subject says on the same pc. Now that is not a guarantee that we are talking about Windows here, but at least a strong suspicion. In such a case, there is the question of whether this relates to running Tomcat as a Windows Service, or in a command window, or both. So this may all be a bit more complicated than meets the eye. While that may be true, that's an implementation detail (e.g. Windows Service versus Debian Linux package-maintained service, etc.). The point is that Tomcat can in fat be run side-by-side on the same machine: the mechanisms exist to do so... you may have to work a bit to get it working with your deployment strategy. I understand that. What I meant is that the OP may need some guidance as to what parameters / environment variables / system variables etc.. are used when running as a Windows Service, or in a Windows command window e.g. For example, if running Tomcat in a command window, then the file bin/setenv.bat would be run if it exists. But when running as a Service, it won't. (Neither do I know how you would have to set CATALINA_HOME e.g., if you have 2 different Tomcats running as Services; neither in fact whether it matters in that case). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.9 native library not found
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 8/20/14, 12:28 PM, Mark Eggers wrote: On 8/20/2014 8:35 AM, Neil Aggarwal wrote: Mark: CATALINA_OPTS=-Djava.library.path=/usr/local/apr/lib I already have this in my startup script: CATALINA_OPTS=-Djava.library.path=/usr/local/apr/lib -Djava.awt.headless=true -Xmx2048m And the log has this: INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: / usr/local/apr/lib I think /usr/local/apr/lib is already in the java.library.path variable. Thanks, Neil Neil, The ld.so.conf.d information I gave is completely wrong it seems. Java doesn't appear to respect ld.so.conf.d configuration files, because when I placed the apr.conf in that directory and ran ldconfig, I got the following: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java /packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib I'm not ld master, but I think you might need to reboot in order for changes to ld.conf and friends to change anything. However, adding the following line to setenv.sh worked. CATALINA_OPTS=-Djava.library.path=/usr/local/apr/lib Loaded APR based Apache Tomcat Native library 1.1.31 using APR version 1.5.1. I'm running the following environment: Fedora 20 64 bit latest updates apr-util-1.5.3-1.fc20.x86_64 apr-util-devel-1.5.3-1.fc20.x86_64 apr-devel-1.5.1-1.fc20.x86_64 apr-util-ldap-1.5.3-1.fc20.x86_64 apr-1.5.1-1.fc20.x86_64 openssl-libs-1.0.1e-39.fc20.i686 openssl-1.0.1e-39.fc20.x86_64 openssl-libs-1.0.1e-39.fc20.x86_64 openssl-devel-1.0.1e-39.fc20.x86_64 Oracle JRE/JDK 1.7.0_67 64 bit Tomcat 8 built from source - revision 1619129 I built and installed the library with: ./configure --with-apr=/usr --with-ssl=/usr make make install About the only difference I see is that the configure command is different. In CentOS 6.5 I use the same configure command as I listed above. Does CentOS 7 change how APR is set up? I don't know since I've not installed CentOS 7 yet. Neil, It is certainly possible that loading libtcnative isn't the problem, but loading one of the dependent libraries is the problem. Given that you were able to build the library on the target machine (you built and ran on the same machine, right?), the chances that those support libraries (e.g. libssl, libcrypt, etc.) are not available is very low. Can you write a simple Java program that calls System.loadLibrary and see if you get better error messages? Tomcat might be hiding some error and masking the underlying error. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJT9gpbAAoJEBzwKT+lPKRYWIAQAMu+qC+KTCXBGHRHBaF2tfMd ZDrrKWLIqDZdT/Pvc1ynhL9t22WAuavpC+A28yzXXP3zpYFiJ8QJv9KHpYYcrapI AYsb/5G9nYfor/C8YqeBYdvyBmck4XG9Z+Y7ILgLnjKjwev3df6DrNcQOu8SnMwj flcBQTNyXPoq0PMCjCAR8kOcPDKc0bEyul4L4la9VTKL38y7wT778Vuwf8LuG5EC 0LKCs9zxVx1u9Fox9y3I2sNpSUvXVXRwdPBnoKnksIk5Hv+kaDWG+BaVYX4VOoca xdHruv6pqAVCmRsuzPXYbUQCPCHOeLxgUb10wC6WLf0PUjZdpoxIxBYDQesoqXEt XyxNCW2ig9+3NwuZdKhC9xiVmfUyMgcYgFT3fq+68ncIZd/hUMm10Y6i9a5xaSzF JL90EwVws2nn9id2UUBaCDa0pa3e90Wuyb3VmqtN5/f9JcDbJzAHzGjhl0Qs43k5 JCYDYzRwWn9ZCUpR8YsxivJmKBY0juldKTgZKbxOZifDEDhDwwZ/h2k7WpBOgBt9 q0vv+86mzAnrdDQUS8QpKfIo0RHoTYAzGT0sreP9GwnGL70kc+GxBJAofINpTqTB AEy8FUrcFAFgmofelxt+YOAkHfzLJnYjeto013iaAaQKkg4/PkImXt+mTgGBaMAz Up/Fr7gDThLaJOgy3hIk =plEt -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: question on different version of tomcat running on the same pc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 8/21/14, 8:11 AM, André Warnier wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 8/19/14, 7:06 PM, André Warnier wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Shawn, On 8/19/14, 2:31 PM, NEW IT wrote: So you meant after I fired up the Tomcat 7 then change the environment variables for the version 6 and startup there too? Yes, you can do that, but... CATALINA_HOME could set to version 7 and CATALINA_BASE set to version 6 OK? No, CATALINA_BASE has to agree with CATALINA_HOME's configuration. So you can't for example create a setup under /opt/tomcats/mywebapp/ and then launch with CATALINA_BASE=/opt/tomcats/mywebapp/ under both Tomcat 6 and Tomcat 7. The reason is that server.xml usually contains certain things that are version-specific. But, if you want to deply the same web application to Tomcat 6 and Tomcat 7, you could do something like this: $ JAVA_HOME=/opt/java-7 $ CATALINA_HOME=/opt/apache-tomcat-7.0.55 $ CATALINA_BASE=/opt/tomcats/mywebapp-tc7/ $ CATALINA_HOME/startup.sh $ JAVA_HOME=/opt/java-6 $ CATALINA_HOME=/opt/apache-tomcat-6.0.41 $ CATALINA_BASE=/opt/tomcats/mywebapp-tc6/ $ CATALINA_HOME/startup.sh This will launch Tomcat 6 on Java 6 with your webapp configured in mywebapp-tc6 and a similar setup with later versions for mywebapp-tc7. - -chris On Tue, Aug 19, 2014 at 10:43 AM, Christopher Schultz ch...@christopherschultz.net wrote: To whom it may concern, On 8/19/14, 1:32 PM, NEW IT wrote: Besides setting for the 2 different ports, how do deal with the Environment Variables of Path, CATALINA_HOME? They are having the values for the 7 for now and JAVA_HOME could be using the the same one for Tomcat 7 and 6? You can do anything you want, here. CATALINA_HOME specifies where the Tomcat installation is. CATALINA_BASE specifies where your local deployment goes: this allows you to use a single CATALINA_HOME with multiple Tomcat instances running with separate configurations (those with different CATALINA_BASEs). JAVA_HOME specifies the JVM to use. You can set the above environment variables, launch Tomcat, then set them to other values and launch another instance of Tomcat. You can change your JVM, Tomcat version, etc. whenever you want. Once the JVM is launched, that process is independent of the shell you used to launch it. On our development servers, we have multiple developers with multiple per-webapp JVMs running all off the same CATALINA_HOME under different JVMs. All you have to worry about is the port settings in each CATALINA_BASE/conf/server.xml. Hope that helps, -chris The subject says on the same pc. Now that is not a guarantee that we are talking about Windows here, but at least a strong suspicion. In such a case, there is the question of whether this relates to running Tomcat as a Windows Service, or in a command window, or both. So this may all be a bit more complicated than meets the eye. While that may be true, that's an implementation detail (e.g. Windows Service versus Debian Linux package-maintained service, etc.). The point is that Tomcat can in fat be run side-by-side on the same machine: the mechanisms exist to do so... you may have to work a bit to get it working with your deployment strategy. I understand that. What I meant is that the OP may need some guidance as to what parameters / environment variables / system variables etc.. are used when running as a Windows Service, or in a Windows command window e.g. For example, if running Tomcat in a command window, then the file bin/setenv.bat would be run if it exists. But when running as a Service, it won't. (Neither do I know how you would have to set CATALINA_HOME e.g., if you have 2 different Tomcats running as Services; neither in fact whether it matters in that case). When running Tomcat as a Windows Service, you need to use tomcatXw.exe to set the catalina.home and catalina.base system properties. You can also use service.bat to set those values in the service: if you have CATALINA_HOME and CATALINA_BASE environment variables set, service.bat will use them to configure the service. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJT9gvSAAoJEBzwKT+lPKRYPg4QAJ6ScuSv+TrjCmxE82/zNlIZ v8Fy9O5kqEoi209FTkUf75RjjISWMXewMQViJv7kHsDucA0CIAjQbLdUIzf92ALw GxXI8uvlkC9CqJnRQtv9vwBqvbmDAobiWC+1aMI5QPCvkRKrs8yBJY9p0msi6Y6n nMvYsUWMuoWbRrUrQFi0sgG3HCkt1iib4alWHExeMJMwRg4DrATSUQTjFVqr61Us sfB3QyqzvJWBdT533St9Bwl8MKOpWFCnSjaJhpBlCko94bvGfC/2IiHUDDBU3F3W LnD98uLD7bh5dRrizbSD87+WCjX0VZK3yX9of26WUCGv7Eb3pSMZUvX70DGdPHSk lgaxzYPEwzrVm6qO4N5TOWlQPI+vmJmHusvA2pqEXJkEgj0WKQBYTek1gqBXi2Z4 yAJOYf16H/tjSezrM65LOainvCxaL5YfafubqkwehgEUXDGnuFQOF/nrUc8Q7IdQ
RE: Tomcat 8.0.9 native library not found
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Tomcat 8.0.9 native library not found I'm not ld master, but I think you might need to reboot in order for changes to ld.conf and friends to change anything. Just run the ldconfig utility (as root) to rebuild the cache. Normally without options, but -v might provide some pertinent information. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.9 native library not found
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 8/21/2014 8:10 AM, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Tomcat 8.0.9 native library not found I'm not ld master, but I think you might need to reboot in order for changes to ld.conf and friends to change anything. Just run the ldconfig utility (as root) to rebuild the cache. Normally without options, but -v might provide some pertinent information. - Chuck Chuck, I probably should have run it with the -v option, but catalina.out didn't list all of the paths specified in the files in /etc/ld.so.conf.d. Neil, I didn't notice --with-ssl=/usr in your configuration. Here's the gory details of what I just did: My quick and dirty CentOS 7 system: 3.10.0-123.6.3.el7.x86_64#1 SMP Wed Aug 6 21:12:36 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux apr-devel-1.4.8-3.el7.x86_64 apr-1.4.8-3.el7.x86_64 apr-util-1.5.2-6.el7.x86_64 apr-util-devel-1.5.2-6.el7.x86_64 openssl-1.0.1e-34.el7_0.4.x86_64 openssl-devel-1.0.1e-34.el7_0.4.x86_64 openssl-libs-1.0.1e-34.el7_0.4.x86_64 openssl098e-0.9.8e-29.el7.centos.2.x86_64 Java / JRE Oracle 1.7.0_67 64 bit Ant 1.8.1 Tomcat 8 from SVN Revision: 1619129 Steps to install Tomcat native: 1. ant (to build Tomcat) 2. cd output/build/bin 3. tar xvfz tomcat-native.tar.gz 4. cd tomcat-native-1.1.31-src/jni/native/ 5. ./configure --with-apr=/usr --with-ssl=/usr 6. make 7. make install (as root) 8. Create apr.conf in /etc/ld.so.conf.d with the following content /usr/local/apr/lib 9. ldconfig -v (partial output below) libtcnative-1.so.0 - libtcnative-1.so.0.1.31 libssl.so.6 - libssl.so.0.9.8e libevent_openssl-2.0.so.5 - libevent_openssl-2.0.so.5.1.9 libssl3.so - libssl3.so libssl.so.10 - libssl.so.1.0.1e libgstdataprotocol-0.10.so.0 - libgstdataprotocol-0.10.so.0.30.0 libaprutil-1.so.0 - libaprutil-1.so.0.5.2 libapr-1.so.0 - libapr-1.so.0.4.8 libgnutls-xssl.so.0 - libgnutls-xssl.so.0.0.0 This is catalina.out without setenv.sh: 21-Aug-2014 08:36:50.460 INFO [main] org.apache.catalina.core.AprLifecycleListener.init The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java /packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib The following setenv.sh was created: CATALINA_OPTS=-Djava.library.path=/usr/local/apr/lib This is catalina.out with the above setenv.sh: 21-Aug-2014 08:44:23.168 INFO [main] org.apache.catalina.core.AprLifecycleListener.init Loaded APR based Apache Tomcat Native library 1.1.31 using APR version 1.4.8. 21-Aug-2014 08:44:23.180 INFO [main] org.apache.catalina.core.AprLifecycleListener.init APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. I noticed that you did not include --with-ssl=/usr in your last mail message. Do you have the openssl development libraries installed? . . . just my (rather long) 2 cents /mde/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (MingW32) iQEcBAEBAgAGBQJT9hfVAAoJEEFGbsYNeTwtzzcH/3JgjkNcMUzBLBKrJejAyjfg xPHmq37UzJv9sjNN3I4FDjgIduwJrzSMEDEUJyMh4MFm0RuEFmgFSkYgsjmSRdsY VvW4hQYy6Qb98jyr7FB+K9GtQ0M0cEbd2JApgyOSniB45uJkI+0b+6qUxM6VO4qV oXG37Xp0HfRVeHmTzlFQW8yRSbGTM6uNfdNbM8nXQi6RyfI/83+QVAqx0BWJBUfQ S7VxcG7WG+J1Mw7WTUhXAX0FCgLZ34jxHqqOkuyFWSt/8cQTeDABcO4dP8hZYOd9 2LNG4+PF9QjdqlL0YnfT2czC9SaewDxzUl0boMfnJh/pgF221fZyn+ALk01o7Ok= =MbrH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Context-specific log files getting deleted
In the Tomcat-based web interface for our CRM application product, we have one customer running Tomcat on a WinDoze box (everybody else runs it on the same AS/400 as the CRM application itself), and we have a log file of our own, in context/logs, which is set to periodically close the log file, give it a suffix, and start a new log file. With most other installations, we see archived versions of our log file going back for months. But in this one installation, the one running on a WinDoze box, we only see the active log file and one archive. There are no signs of any redeployments, and Tomcat's own log files go back for months. I've already asked our web interface people (who are in another timezone) if they have any idea what (other than somebody going in and manually deleting the archived logs) could be causing this, but is there some Tomcat-specific reason why this would be happening? -- James H. H. Lampert Touchtone Corporation - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: question on different version of tomcat running on the same pc
On Thu, Aug 21, 2014 at 8:11 AM, André Warnier a...@ice-sa.com wrote: The subject says on the same pc. Now that is not a guarantee that we are talking about Windows here, but at least a strong suspicion. In such a case, there is the question of whether this relates to running Tomcat as a Windows Service, or in a command window, or both. So this may all be a bit more complicated than meets the eye. While that may be true, that's an implementation detail (e.g. Windows Service versus Debian Linux package-maintained service, etc.). The point is that Tomcat can in fat be run side-by-side on the same machine: the mechanisms exist to do so... you may have to work a bit to get it working with your deployment strategy. I understand that. What I meant is that the OP may need some guidance as to what parameters / environment variables / system variables etc.. are used when running as a Windows Service, or in a Windows command window e.g. For example, if running Tomcat in a command window, then the file bin/setenv.bat would be run if it exists. But when running as a Service, it won't. (Neither do I know how you would have to set CATALINA_HOME e.g., if you have 2 different Tomcats running as Services; neither in fact whether it matters in that case). André and Chris, You provided some really helpful and insightful information. I wanted to go back to the OP's original post: For development purpose, I wonder if I could install and run Tomcat 6 and 7 the same time on my same development box? NEWITUS, I wanted to provide a very pragmatic and easy approach to the problem you described, so here are my assumptions, and suggested steps: Assumptions: - I need to test and develop my application on both Tomcat6, Tomcat7 (and Tomcat8) platform. - I am developing on Windows platform (for Linux/Mac changes are minimal, please request again - and I will update the scripts). - I need an easy way to install/uninstall Tomcat6,7,8... - I am not considering Tomcat as a Windows service, as I want to be able to easily move things around to other Windows/Linux/Mac machines and setups. - I have multiple JDKs installed on my system, and I want to test with all of them. Steps: 1. Download ZIP binaries from tomcat.apache.org, for various Tomcat release versions, e.g. http://tomcat.apache.org/download-60.cgi http://tomcat.apache.org/download-70.cgi http://tomcat.apache.org/download-80.cgi Pick Core ZIP version, e.g. apache-tomcat-6.0.41.zip apache-tomcat-7.0.55.zip apache-tomcat-8.0.9.zip (Linux/Mac users can also use ZIP version and unzip utility) 2. Unzip each ZIP version file to your dev environment folder, e.g. C:\dev You will end up with the following directories: C:\dev\apache-tomcat-6.0.41 C:\dev\apache-tomcat-7.0.55 C:\dev\apache-tomcat-8.0.9 3. Let's assume you have three JDKs installed, e.g. C:\Program Files\jdk1.6.0_45 C:\Program Files\jdk1.7.0_67 C:\Program Files\jdk1.8.0_20 Obviously, the latest one will be in the PATH (on Windows) and we will customize which one we want to use for any of the environment variations, e.g. Tomca6 + JDK6 Tomcat6 + JDK7 Tomcat6 + JDK8 Tomcat7 + JDK6 Tomcat7 + JDK7 Tomcat7 + JDK8 Tomcat8 + JDK7 Tomcat8 + JDK8 (Tomcat8 requires JDK7 and above) For various Mac and Linux flavours, there are ways you can setup JDK binaries to be on your path by default. 4. In order to run these three Tomcat instances at the same time, you will need to update the port numbers, as you can have only one program bind to a single IP+PORT combination. Out of the box - all three Tomcat versions didn't change default port assignments. They are all defined in the TOMCAT_VERSION/conf/server.xml file, e.g. C:\dev\apache-tomcat-6.0.41\conf\server.xml C:\dev\apache-tomcat-7.0.55\conf\server.xml C:\dev\apache-tomcat-8.0.9\conf\server.xml The default port numbers are as follows, in order of appearance in the server.xml 8005 - shutdown port - appears at the top of the file in Server element (Line 22 in all three server.xml files) 8080 - appserving port - further down under Connector element (Line 68-70 in all three server.xml files) 8009 - ajp port - further down under next Connector element (Line 90-92 in all three server.xml files) Also, you will see references to port 8443 which is disabled (commented out) by default on all three server.xml files (Tomcat 6,7,8). You can safely ignore that port for now, unless you want to configure secure (SSL) connector as well, in that case you will need to update all references (redirect attributes). I suggest you don't touch that for now. 5. Given the default (out-of-box) port assignment, you might want to define your port assignment rules, e.g. default-out-of-box: 8005, 8009, 8080 Tomcat6: 8006, 8010, 8081 Tomcat7: 8007, 8011, 8082 Tomcat8: 8008, 8012, 8083 Update all three server.xml files accordingly. 6. Now, we just need to take care of the JAVA_HOME and Java binaries you would like to use to run these Tomcat
RE: question on different version of tomcat running on the same pc
From: Neven Cvetkovic [mailto:neven.cvetko...@gmail.com] Subject: Re: question on different version of tomcat running on the same pc Hope this helps. You deserve a medal for the clear and precise descriptions. Would you consider adding this to the Tomcat Wiki, perhaps on this page? http://wiki.apache.org/tomcat/HowTo#Installation - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Context-specific log files getting deleted
2014-08-21 21:30 GMT+04:00 James H. H. Lampert jam...@touchtonecorp.com: In the Tomcat-based web interface for our CRM application product, we have one customer running Tomcat on a WinDoze box (everybody else runs it on the same AS/400 as the CRM application itself), and we have a log file of our own, in context/logs, which is set to periodically close the log file, give it a suffix, and start a new log file. With most other installations, we see archived versions of our log file going back for months. But in this one installation, the one running on a WinDoze box, we only see the active log file and one archive. There are no signs of any redeployments, and Tomcat's own log files go back for months. I've already asked our web interface people (who are in another timezone) if they have any idea what (other than somebody going in and manually deleting the archived logs) could be causing this, but is there some Tomcat-specific reason why this would be happening? Tomcat version = ? Is automatic deployment enabled on Host? Is there a context.war file? If there is one, what is its timestamp? Is there a conf/Service/Host/contextname/xml file? If there is one, what is its timestamp? What is the timestamp of context directory? Anything in Tomcat logs for those dates? Anything in Tomcat manager access logs for those dates? Redeployment should leave a trace there. Anything in Windows Event Log for those dates? Was your webapp running? Maybe it failed to start and nobody cared? Was the directory writable? The following is mentioned in the FAQ, but I think it does not matter for recent versions of Tomcat (or of Apache Commons Daemon), as it is more UAC friendly than it was in old times: http://wiki.apache.org/tomcat/FAQ/Windows#Q8 Time zone = ? Are daylight changes enabled? (I remember someone reporting that a daylight timezone change have triggered a redeployment. That matters only if automated deployments are enabled). Huh, it was your own thread... http://tomcat.markmail.org/thread/pmtgnmgkmp5e3b6m Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.9 native library not found
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 8/21/14, 12:01 PM, Mark Eggers wrote: On 8/21/2014 8:10 AM, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Tomcat 8.0.9 native library not found I'm not ld master, but I think you might need to reboot in order for changes to ld.conf and friends to change anything. Just run the ldconfig utility (as root) to rebuild the cache. Normally without options, but -v might provide some pertinent information. - Chuck Chuck, I probably should have run it with the -v option, but catalina.out didn't list all of the paths specified in the files in /etc/ld.so.conf.d. Neil, I didn't notice --with-ssl=/usr in your configuration. Here's the gory details of what I just did: My quick and dirty CentOS 7 system: 3.10.0-123.6.3.el7.x86_64#1 SMP Wed Aug 6 21:12:36 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux apr-devel-1.4.8-3.el7.x86_64 apr-1.4.8-3.el7.x86_64 apr-util-1.5.2-6.el7.x86_64 apr-util-devel-1.5.2-6.el7.x86_64 openssl-1.0.1e-34.el7_0.4.x86_64 openssl-devel-1.0.1e-34.el7_0.4.x86_64 openssl-libs-1.0.1e-34.el7_0.4.x86_64 openssl098e-0.9.8e-29.el7.centos.2.x86_64 Java / JRE Oracle 1.7.0_67 64 bit Ant 1.8.1 Tomcat 8 from SVN Revision: 1619129 Steps to install Tomcat native: 1. ant (to build Tomcat) 2. cd output/build/bin 3. tar xvfz tomcat-native.tar.gz 4. cd tomcat-native-1.1.31-src/jni/native/ 5. ./configure --with-apr=/usr --with-ssl=/usr 6. make 7. make install (as root) 8. Create apr.conf in /etc/ld.so.conf.d with the following content /usr/local/apr/lib I really wouldn't recommend messing-around with ld.so.conf. There's no reason not to use -Djava.library.path. 9. ldconfig -v (partial output below) libtcnative-1.so.0 - libtcnative-1.so.0.1.31 libssl.so.6 - libssl.so.0.9.8e libevent_openssl-2.0.so.5 - libevent_openssl-2.0.so.5.1.9 libssl3.so - libssl3.so libssl.so.10 - libssl.so.1.0.1e libgstdataprotocol-0.10.so.0 - libgstdataprotocol-0.10.so.0.30.0 libaprutil-1.so.0 - libaprutil-1.so.0.5.2 libapr-1.so.0 - libapr-1.so.0.4.8 libgnutls-xssl.so.0 - libgnutls-xssl.so.0.0.0 This is catalina.out without setenv.sh: 21-Aug-2014 08:36:50.460 INFO [main] org.apache.catalina.core.AprLifecycleListener.init The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java /packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib The following setenv.sh was created: CATALINA_OPTS=-Djava.library.path=/usr/local/apr/lib This is catalina.out with the above setenv.sh: 21-Aug-2014 08:44:23.168 INFO [main] org.apache.catalina.core.AprLifecycleListener.init Loaded APR based Apache Tomcat Native library 1.1.31 using APR version 1.4.8. 21-Aug-2014 08:44:23.180 INFO [main] org.apache.catalina.core.AprLifecycleListener.init APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. I noticed that you did not include --with-ssl=/usr in your last mail message. Do you have the openssl development libraries installed? I wonder if the JVM requires that you have java.library.path set to where your initial libraries are loaded to protect processes against a class of security problems. If all of ld.so.conf were available, evil Java classes could try to load arbitrary libraries from /usr/lib that are known to have certain vulnerabilities and exploit them. Reducing the attack surface can make the JVM a safer place to live... - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJT9ki4AAoJEBzwKT+lPKRYwyIP/2dU+FH8khya6Px98YLVP/o3 1rVL+/yc0c+kv4Z4lOpFpW1uzzJfV+fvoUrTeBgVRTXFPDdi+MmD5u7H8jaQdbBR U1PhhbFUq7vbdCIMvUZ0YhzQY5kTs8GOUQ6uGJAoHGhTMc59dhsXY41fG4SEjgC1 zf9sZB5fGgvSnmm3tTU9L54WXC5YbMiiZRRd2HqamLZMVnyVvv43zaUO5243QUfo h7+U1QeEn5+SBxu5kaOzx86Lpq8soRgEVVrvRgIW7MziWfZ4HKmef3v9oPZ+ZUiP hrz326EOnehkz3ZcWZTPG6+MRs2F72jOKo9LAiK+ByxZc77FQ9hVar3gfKhARcO6 OsjgsNIF6w4g0zNOApFJ0SyK0DuK/MU00fgGUEXfgD5W3pw3qunuZX2kbf0uUI71 xNiBS8qknOzD3g4liBsYufo9HarrAajhK4Mp666b4AxSZ0LWf4ZxTqRLZGq9Z26w f/k84wXrKHgLD7iAUTeGC8KpX0+XHnp/oRVzZjJeYyMnUNuGhZ1rei5fM3xsVPX0 mfdzig7Nn6ymU6ndtcvynOMgwZ97uyv9+ZsucoVs7hgSGcRzI54Yy8YIHbYXQu70 NEUUhCryskjko5Me67tUbUHJcZbo7YfdfWzmOWPlOTEG9Gp8pQiahLJCEkMOkBq9 r6Nhe+K25sJOsi9RlJZo =YUTy -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: question on different version of tomcat running on the same pc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chuck, On 8/21/14, 2:08 PM, Caldarale, Charles R wrote: From: Neven Cvetkovic [mailto:neven.cvetko...@gmail.com] Subject: Re: question on different version of tomcat running on the same pc Hope this helps. You deserve a medal for the clear and precise descriptions. Would you consider adding this to the Tomcat Wiki, perhaps on this page? http://wiki.apache.org/tomcat/HowTo#Installation +1 It must be a slow day at $work ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJT9kkTAAoJEBzwKT+lPKRYDOIP/0SkZo+7X+/WK2qfXmHxc/3W iTK+1vRWguoog8lm0agLLBwRmJUaI4PfQQaKSS/52Aa94OSmn/tesnPBLz9SDvkP zhDoBdK4ORke11AJ+PdCBc4u2KAY46qXm63k9CBveFFrTjhu+JffwXae/bVwpKtp YYviWXSMpz3HlKNBKDgsa2XoCxJ7X4wkbVGzEp5C+o/1oCd3LUp/nyur8Vnsazrd auFNCyj/330xZqIpVCOQirWkGsohDMwQQr+noKSAD8zW/tFeb2Inrkj60De5+CKi gv2cih6mVjZ3AoDU26IYnN/HutI7K5ZzPUBJ43Qv4YG08gCOyzt4mnuIHrn71UQa HSpU3aDKSbfS+RgdveFZYIZBRBRjovOYkOael23iQeJPcTidYYhtGlruzQ1/VF1p gJpsiUSZfehNqm6GyS/wqlxY1MLBC9NUykleXF6UihMvOQp0JiN63OeE7tiIH7/n 6JgbMMWYVnXmMXkhevklPSgeMu2/MueyZy+Q89cuUXg0ercN9jTNT9JkeOLAgql7 UN7LIIyqsGmYcZagh99S4xz6oRJBhPumyE2fH5RcVhVAi1Ffxy9AF8libJA4apGo W4L1avRpDm65o1pwS40eftjmInB+W6CaKEfOGgpqvl+p8uVL1iFbEvQHHxhDplf6 kNVFRbil5rBRcXrspJoX =NF+G -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Context-specific log files getting deleted
It appears to be Tomcat 7.0.50. We can be reasonably certain that the webapp was running. We can be reasonably certain that it did not redeploy, because that would have (1) changed an awful lot of timestamps that did not change, and (2) would have required somebody to manually change its own configuration files, because straight out of the WAR file, it would not, in this installation, know where to find the CRM server for which it is front-ending. I do see, if I pull up properties for the webapp's own logs directory, what appears to be a grayed check under Read-only (Only applies to files in folder). But that is also true of Tomcat's general logs directory, and it's got archived catalina.date.log files going back to February. I was wondering if there was a Tomcat explanation, for the apparent disappearance of the webapp's own archived logs, other than either redeployment or somebody going in and manually deleting the archived logs. I've already asked the developers of the webapp (who are in another time zone, and are not expected to get back to me until tomorrow) if they have any idea why we'd lose our own logs. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: question on different version of tomcat running on the same pc
Caldarale, Charles R wrote: From: Neven Cvetkovic [mailto:neven.cvetko...@gmail.com] Subject: Re: question on different version of tomcat running on the same pc Hope this helps. You deserve a medal for the clear and precise descriptions. Would you consider adding this to the Tomcat Wiki, perhaps on this page? http://wiki.apache.org/tomcat/HowTo#Installation +1 Now all that's left to do is for someone to make a version of this that works for installing and starting the same as Windows Services. Despite what Christopher wrote - which is basically right - there is still some tricky element there, in that you cannot set the system-wide environment variables JAVA_HOME, CATALINA_HOME and CATALINA_BASE. If you do, then each of the respective (tomcat6, tomcat7, tomcat8) service.bat will use the set values, and never prompt for another. I have not actually tested this scenario, but looking at the code of the service.bat file, I believe that in case you install multiple Tomcat services, there is a potential for misbehaving there (for example, it requires JAVA_HOME to be set, but which one ?). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: question on different version of tomcat running on the same pc
On 8/21/2014 6:18 PM, André Warnier wrote: Caldarale, Charles R wrote: From: Neven Cvetkovic [mailto:neven.cvetko...@gmail.com] Subject: Re: question on different version of tomcat running on the same pc Hope this helps. You deserve a medal for the clear and precise descriptions. Would you consider adding this to the Tomcat Wiki, perhaps on this page? http://wiki.apache.org/tomcat/HowTo#Installation +1 Now all that's left to do is for someone to make a version of this that works for installing and starting the same as Windows Services. Despite what Christopher wrote - which is basically right - there is still some tricky element there, in that you cannot set the system-wide environment variables JAVA_HOME, CATALINA_HOME and CATALINA_BASE. If you do, then each of the respective (tomcat6, tomcat7, tomcat8) service.bat will use the set values, and never prompt for another. I have not actually tested this scenario, but looking at the code of the service.bat file, I believe that in case you install multiple Tomcat services, there is a potential for misbehaving there (for example, it requires JAVA_HOME to be set, but which one ?). I think the intent of the instructions was to allow you to run any of them, but start them at different times, changing the environment variables as appropriate before starting each one. Once an instance is started, I believe it's safe to change the env var's to start the next one. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How can I analog this bug to my colleague
I read an article on the internet that says that Tomcat was found to accept content-length headers with chunked encoding over any HTTP connector and multiple content-length headers in a request when using the AJP connector. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. the article is https://bugzilla.redhat.com/show_bug.cgi?id=1069921so I want to know how can I produce this bug again to show the processor of the bug to my colleague , what should I do to produce the bug again , I am looking forward for your reply !!! thanks a lot wangchao 2014/08/22
How can I analog this bug to my colleague
I read an article on the internet that says that Tomcat was found to accept content-length headers with chunked encoding over any HTTP connector and multiple content-length headers in a request when using the AJP connector. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. the article is https://bugzilla.redhat.com/show_bug.cgi?id=1069921so I want to know how can I produce this bug again to show the processor of the bug to my colleague , what should I do to produce the bug again , I am looking forward for your reply !!! thanks a lot wangchao 2014/08/22
Re: Long Polling : Tomcat 7.0.50 / 8.0.9
Hi All, I'm trying to implement long polling using the servlet 3.0 spec. Implementation wise it's done and works fine in tomcat. The problem occurs when it is under load, for eg. when we send just 100,000 requests we see weird behaviour like requests timeout before the defined timeout, Tomcat goes OOM because of GC overhead limit exceeding. I have tried this on 2 diff versions of tomcat (mentioned in subject). OS CentOS 6.5 Process memory 10g both Xmx and Xms So I have a question, upto how many concurrent open(idle) connections can a tomcat instance handle ? How to achieve maximum idle connections ? -- Regards Anurag
