Deployment Woe with Cargo

2015-01-07 Thread jieryn 
Greetings,

I'm using Apache Tomcat 7.0.55 via Apache TomEE 1.7.1, on a RHEL
machine with IBM Java.7.

My team has a deployment procedure which uses Jenkins CI to check out,
build, test, and then leverage Codehaus Cargo to deploy the final
generated WAR artifact. The procedure is long but fairly
straightforward, and I believe it is a general best practice to have
the full CI environment validate the build and then do the deployment
via push button.

The problem that we have is that Cargo / Tomcat, I'm not sure who to
blame, as part of the redeploy task, first performs an undeploy and
then performs a deploy. This means that for the entire time(transfer
the war file), which is often 60-90 seconds, the application is down
and unavailable. It would be a lot better if we could transfer the war
file first and then do the undeploy and deploy. (We do not leverage
parallel deployment#00x for single-thread/brain concurrency sanity.)

To whom should I address my concerns, please?
Thank you!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8, Apache 2.4, Tomcat Connector 1.2.40, Windows 7 home basic issue

2015-01-07 Thread Sandip Gaikwad 
Hi Terence,


I removed following line



* *
Replaced **
with ** .

I have removed example2 from tomcat's webapps.

Please refer attached files.

When i access http://localhost/jenkins/ i am getting following error:
Not Found

The requested URL http://jenkins/ was not found on this server.


Thanks,

On Sat, Jan 3, 2015 at 9:15 AM, Terence M. Bandoian 
wrote:

> On 1/1/2015 9:20 AM, Sandip Gaikwad wrote:
>
>> Hi,
>>
>> Following are entries in files. Please let me know what is going wrong.
>>
>> *workers.properties*
>> worker.list=worker1
>> # Set properties for worker1 (ajp13)
>> worker.worker1.type=ajp13
>> worker.worker1.host=localhost
>> worker.worker1.port=8009
>> worker.worker1.connection_pool_size=10
>> worker.worker1.connection_pool_timeout=600
>> worker.worker1.socket_keepalive=true
>> worker.worker1.socket_timeout=300
>>
>>
>> *httpd.conf*
>> LoadModule jk_module "C:/Apache24/modules/mod_jk.so"
>> JkWorkersFile "C:/tomcat-connectors-1.2.40-src/conf/workers.properties"
>> JkLogFile "C:/Apache24/logs/mod_jk.log"
>> JkLogLevel info
>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
>> JkRequestLogFormat "%w %V %T"
>> JkMount /jenkins/* worker1
>>
>> *server.xml*
>> 
>> 
>>   > modJk="C:/Apache24/modules/mod_jk.so"/>
>>   > />
>>   > SSLEngine="on" />
>>   
>>   
>>   
>>
>>   
>> >   type="org.apache.catalina.UserDatabase"
>>   description="User database that can be updated and saved"
>> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>>   pathname="conf/tomcat-users.xml" />
>>   
>>
>>   
>>
>> >connectionTimeout="2"
>>redirectPort="8443" />
>>
>
>
> If you don't want to allow direct access to Tomcat, the Connector above
> should be removed.
>
>
>  
>>
>
>
> The address attribute should probably be set on the Connector above.
> Setting it 127.0.0.1 (address="127.0.0.1") will limit access to the local
> host.
>
> -Terence Bandoian
>
>
>  
>>   
>> >resourceName="UserDatabase"/>
>>   
>>
>>   > unpackWARs="true" autoDeploy="true">
>> > modJk="C:/Apache24/modules/mod_jk.so"/>
>> > directory="logs"
>>prefix="localhost_access_log" suffix=".txt"
>>pattern="%h %l %u %t "%r" %s %b" />
>>   
>> 
>>   
>> 
>>
>> Thanks,
>> Sandip
>>
>>
>> On Thu, Jan 1, 2015 at 7:45 PM, Christopher Schultz <
>> ch...@christopherschultz.net >
>> wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Sandip,
>>
>> On 1/1/15 12:19 AM, Sandip Gaikwad wrote:
>> > Could you please let me know how to block direct access to tomcat
>> > and allow access through apache http server only?
>> >
>> > I used http://
>> >
>> http://www.slideshare.net/mohanraj_nagasamy/integrating-
>> tomcat-and-apache-on-windows-presentation
>> >
>> >
>> for reference.
>>
>> tl;dr
>>
>> > What indicates that each request is coming from apache httpd only?
>>
>> Nothing, really. There are ways to determine this, but you are better
>> off solving the root problem.
>>
>> > Example: i have added following code in httpd.conf # Send
>> > everything for context /example1 to worker named worker1 (ajp13)
>> > JkMount /example1/* worker1
>> >
>> > in tomcat i have two apps example1 and example2
>> >
>> > I am expecting to access only http://localhost/example1 . But i can
>> > access http://localhost/example2 as well.
>> >
>> > How can i stop http://localhost/example2 from being accessed?
>>
>> Only one process can bind to a single interface+port, so you need to
>> figure out whether Tomcat or httpd is using port 80.
>>
>> If httpd is bound to port 80, then the only reasons why a request to
>> /example2 would hit your application are:
>>
>>a) You have a JkMount somewhere for that
>>b) You have made your DocumentRoot = appbase
>>
>> The first is easy to fix: just remove that JkMount.
>> The second is a horrible security problem that you'll need to fix
>> immediately.
>>
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1
>> Comment: GPGTools - http://gpgtools.org
>>
>> iQIcBAEBCAAGBQJUpVaXAAoJEBzwKT+lPKRYY5AQAJ6+2NAhVtCWl1KMSQj2FGr8
>> TMh/cpFAUiFY8NYbxLhPLZnELf/PhoCZlBAHnUJN7j+ozr5YbjbBW7sVJ9kI3yu8
>> W1lB5zlxZKuVGBp3+GZsMdQcMDr/tg4Jkr8/TFKqUZOo5RPeTVoXxy+azdCNyMuy
>> BdogSIpqpxc1k6r1lQOGljiKzXiZJDdpkJwDau1mnzY8eO54pxZWHIJI63c4gu5y
>> akinaEncJDzI5dFwAQWiL/C+CtO8ujiUePH+FfpwfzoQozqIa+hpCaipwtOdc+0Z
>> V1qCSzLQDMAIKcuPWGnFrn9D8s24f8SasfAh83ca6oA8Ht4YoOEJILhCC81gRFhj
>> HGBLuVtAyfIKYza8Vn3QIoGDzqM/YqCdeOSrZKPkfnhma/lYy7JeuNfzXs8av3Eg
>> q0R8+4K1Bdl8I1J3rDZv/fuQMpWcYcuXpbdHJJ8Iwr7yeSVESrKT/HLtEZJIqBwI
>> F4FucgZUtkzgxodFqKrZBNgHNt0Bqnph04xVivq

Re: Tomcat 8, Apache 2.4, Tomcat Connector 1.2.40, Windows 7 home basic issue

2015-01-07 Thread Terence M. Bandoian 

Please see inline comments from previous message.

-Terence Bandoian


On 1/2/2015 9:45 PM, Terence M. Bandoian wrote:

On 1/1/2015 9:20 AM, Sandip Gaikwad wrote:

Hi,

Following are entries in files. Please let me know what is going wrong.

*workers.properties*
worker.list=worker1
# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.connection_pool_size=10
worker.worker1.connection_pool_timeout=600
worker.worker1.socket_keepalive=true
worker.worker1.socket_timeout=300


*httpd.conf*
LoadModule jk_module "C:/Apache24/modules/mod_jk.so"
JkWorkersFile "C:/tomcat-connectors-1.2.40-src/conf/workers.properties"
JkLogFile "C:/Apache24/logs/mod_jk.log"
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
JkMount /jenkins/* worker1

*server.xml*


  modJk="C:/Apache24/modules/mod_jk.so"/>
  className="org.apache.catalina.startup.VersionLoggerListener" />
  SSLEngine="on" />
  className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" 
/>
  className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> 



  

  

  





If you don't want to allow direct access to Tomcat, the Connector 
above should be removed.








The address attribute should probably be set on the Connector above.  
Setting it 127.0.0.1 (address="127.0.0.1") will limit access to the 
local host.


-Terence Bandoian




  

  

  
modJk="C:/Apache24/modules/mod_jk.so"/>
directory="logs"

   prefix="localhost_access_log" suffix=".txt"
   pattern="%h %l %u %t "%r" %s %b" />
  

  


Thanks,
Sandip


On Thu, Jan 1, 2015 at 7:45 PM, Christopher Schultz 
mailto:ch...@christopherschultz.net>> 
wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sandip,

On 1/1/15 12:19 AM, Sandip Gaikwad wrote:
> Could you please let me know how to block direct access to tomcat
> and allow access through apache http server only?
>
> I used http://
>
http://www.slideshare.net/mohanraj_nagasamy/integrating-tomcat-and-apache-on-windows-presentation
>
>
for reference.

tl;dr

> What indicates that each request is coming from apache httpd only?

Nothing, really. There are ways to determine this, but you are 
better

off solving the root problem.

> Example: i have added following code in httpd.conf # Send
> everything for context /example1 to worker named worker1 (ajp13)
> JkMount /example1/* worker1
>
> in tomcat i have two apps example1 and example2
>
> I am expecting to access only http://localhost/example1 . But i 
can

> access http://localhost/example2 as well.
>
> How can i stop http://localhost/example2 from being accessed?

Only one process can bind to a single interface+port, so you need to
figure out whether Tomcat or httpd is using port 80.

If httpd is bound to port 80, then the only reasons why a request to
/example2 would hit your application are:

   a) You have a JkMount somewhere for that
   b) You have made your DocumentRoot = appbase

The first is easy to fix: just remove that JkMount.
The second is a horrible security problem that you'll need to fix
immediately.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUpVaXAAoJEBzwKT+lPKRYY5AQAJ6+2NAhVtCWl1KMSQj2FGr8
TMh/cpFAUiFY8NYbxLhPLZnELf/PhoCZlBAHnUJN7j+ozr5YbjbBW7sVJ9kI3yu8
W1lB5zlxZKuVGBp3+GZsMdQcMDr/tg4Jkr8/TFKqUZOo5RPeTVoXxy+azdCNyMuy
BdogSIpqpxc1k6r1lQOGljiKzXiZJDdpkJwDau1mnzY8eO54pxZWHIJI63c4gu5y
akinaEncJDzI5dFwAQWiL/C+CtO8ujiUePH+FfpwfzoQozqIa+hpCaipwtOdc+0Z
V1qCSzLQDMAIKcuPWGnFrn9D8s24f8SasfAh83ca6oA8Ht4YoOEJILhCC81gRFhj
HGBLuVtAyfIKYza8Vn3QIoGDzqM/YqCdeOSrZKPkfnhma/lYy7JeuNfzXs8av3Eg
q0R8+4K1Bdl8I1J3rDZv/fuQMpWcYcuXpbdHJJ8Iwr7yeSVESrKT/HLtEZJIqBwI
F4FucgZUtkzgxodFqKrZBNgHNt0Bqnph04xVivqidhZvdE6SKap3/U5iSHXBNWcP
AGlWdWt2pqiWzCA0sHdQaw9AWlOB5RAGGebotnidu2V8PNiNwsjO5Llg0feagr9a
rikDkOpwChF3+u5z9yztCBgcNHBo1Nf4UW2eijqtsci+0OJ4cA75A4xjpd5AvrAj
Bz0SrueuRUKvwSEvJus7
=pJXZ
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org

For additional commands, e-mail: users-h...@tomcat.apache.org





--
Sandip Gaikwad
9987626799





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Can we Enable SSL protocol in Tomcat 7.0.57 ?

2015-01-07 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Utkarsh,

On 1/7/15 1:57 AM, Utkarsh Dave wrote:
> Thanks for the response. So would the desired changes in server.xml
> will be sslEnabledProtocols="SSL,TLS"

I think you want sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv3".
You might optionally want to enable SSLv2Hello as well if it doesn't
get done for you, and your clients require it.

- -chris

> On Tue, Jan 6, 2015 at 1:47 PM, Mark Thomas 
> wrote:
> 
>> On 06/01/2015 07:46, Utkarsh Dave wrote:
>>> Hi Team,
>>> 
>>> My project is planning to upgrade to Tomcat 7.0.57 that has the
>>> fix for POODLE vulnerability and have the SSL protocol disable
>>> by default. We were up till now using the manual configuration
>>> change in server.xml
>> in
>>> order to disable use of SSL.
>>> 
>>> My questions is that after upgrading to Tomcat 7.0.57, is there
>>> any
>> similar
>>> configuraion change available, through which we can re enable
>>> SSL
>> protocols
>>> again.
>> 
>> Yes. The only change in 7.0.57 is to the defaults. The
>> configuration attributes for SSL/TLS protocols that you used to
>> exclude SSL can now be used to restore SSL support if required.
>> 
>> Mark
>> 
>> 
>> -
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUrX9FAAoJEBzwKT+lPKRYd+gP/RfHxz/QfFqanlFnJmwEmJQw
LpC0jlOSw0IgsWaI2eC9Kkcun0+bRF2gw5v++5MOgyeXPfJf1VX/atuJycKsQM7c
x3r9zM1tJijYNmQq7MGjs/4OITLs/LFPfzmKZ2L3p3Azek/4vg2ccSXRnquebOP3
f1FZkpSgK7Okbg6neE+qEsZWqrugaHv2gqmmpuRqEsCg/OiN3ARnxRDz/btv56M0
QgZuO4zNF4lH2am2NDQuRFrM8KJVWziblBcXVKId5nbuROWFRuUaKYuEZP+uV4ni
dxZmy7Uf9bnZ3OVdIFQ6zV/L1K/Edz7BpvTg6BH7o3bEhIU8i45XfiAldr7Ofi+q
K75s+CKjYyNTMKbHQfLd7kU4X9xX1p8aK9iXmoMmBVzrOtcwmJzxPWoGsedEKysh
E+vFQtIwlQ8NlmsEloqTxp+H2PDs84/zOOaPfAn5GzXulN5zJFMqYFrUOF5VkJDA
U8tbvhp088wgKFQ+Byiowmr65gbWhuSYZ66VypbBUoMbZ+UI48wd8sTnpF7QGO2c
UMd4/yzG0vofC0o1xvRvHKDvGOTYRlhnXzDpsCVfQm/GB0Tyou+AHcxXh2rBcjTm
i3uzQ1ogMVQ7zaenf/hyz2ewItF7fHqsEwISDJgZWNDFJce24ke5++//r08gNltv
2al97qrgBwLWHzsQ84wA
=P4QG
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Does the securePort for Cluster/Channel/Receiver work yet?

2015-01-07 Thread Purvis Robert (HEALTH AND SOCIAL CARE INFORMATION CENTRE) 
I have found an old message from 29 April 2009 (at 6:12pm) from Bill Smith 
asking "Apache Tribes: does anything actually use securePort". The reply then 
from Filip Hanik was "it's not yet implemented". (See 
http://grokbase.com/t/tomcat/users/094xre16mh/apache-tribes-does-anything-actually-use-secureport
 )

Has it been implemented yet? I'd like to know if it is possible to have 
tomcat-to-tomcat traffic encrypted by setting the securePort options on the 
Receiver object and Interceptor/Member objects.

Another way of getting secure traffic, of course, is through ssh tunnels.

Robert Purvis





This message may contain confidential information. If you are not the intended 
recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take 
any action in reliance on its contents:
to do so is strictly prohibited and may be unlawful.

Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff 
in England and Scotland
NHSmail is approved for exchanging patient data and other sensitive information 
with NHSmail and GSi recipients
NHSmail provides an email address for your career in the NHS and can be 
accessed anywhere