RE: getting some cookie & security related issues.

2017-11-29 Thread Naga Ramesh 
Hi Mark,

Please find my comments here & PFA diagram.

User > AWS > Tomcat
  (HTTPS)(HTTPS)

User-HTTPS request> AWS-ELB(https-443)  re-direct to tomcat connector
port-8080

What is the (expected) path when the user makes an HTTPS request? Is it:

User > AWS > Tomcat 
  (HTTPS)(HTTPS)


Regards,
Naga Ramesh

-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Thursday, November 30, 2017 1:06 PM
To: Tomcat Users List
Subject: Re: getting some cookie & security related issues.

On 30/11/2017 06:53, Naga Ramesh wrote:
> Team,
> 
> We are facing some issues on security level testing time, so please 
> check the below mentioned issues and suggest me the changes on tomcat 
> level ASAP.
> 
> 1.  *Session Cookie do not contain secure attribute:* for this
> what are all the changes I need to take are on tomcat level
> 
> 2.  *Site susceptible to Man-In-The-Middle HTTPS Downgrade
> attack*: Here we have used the AWS ELB with SSL and mapped to the
> tomcat instance, but in testing time instance went to http instead
> of Https, so what are all the changes need to take care for this
> issues on tomcat level.
> 
> Versions:
> Tomcat version:
tomcat-8.0.33
> Java Version: 1.8.0_60-b27
> 
> And also attached the server.xml, web.xml & context file of tomcat/conf.

Thank you for providing the version and configuration details. To answer
your questions we need to know a little more information.

What is the (expected) path when the user makes an HTTP request? Is it:

User > AWS > Tomcat
  (HTTP)(HTTP)


What is the (expected) path when the user makes an HTTPS request? Is it:

User > AWS > Tomcat
  (HTTPS)(HTTP)

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: getting some cookie & security related issues.

2017-11-29 Thread Mark Thomas 
On 30/11/2017 06:53, Naga Ramesh wrote:
> Team,
> 
> We are facing some issues on security level testing time, so please
> check the below mentioned issues and suggest me the changes on tomcat
> level ASAP.
> 
> 1.  *Session Cookie do not contain secure attribute:* for this
> what are all the changes I need to take are on tomcat level
> 
> 2.  *Site susceptible to Man-In-The-Middle HTTPS Downgrade
> attack*: Here we have used the AWS ELB with SSL and mapped to the
> tomcat instance, but in testing time instance went to http instead
> of Https, so what are all the changes need to take care for this
> issues on tomcat level.
> 
> Versions:
> Tomcat version:tomcat-8.0.33
> Java Version: 1.8.0_60-b27
> 
> And also attached the server.xml, web.xml & context file of tomcat/conf.

Thank you for providing the version and configuration details. To answer
your questions we need to know a little more information.

What is the (expected) path when the user makes an HTTP request? Is it:

User > AWS > Tomcat
  (HTTP)(HTTP)


What is the (expected) path when the user makes an HTTPS request? Is it:

User > AWS > Tomcat
  (HTTPS)(HTTP)

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Understanding tomcat + apache and I/O

2017-11-29 Thread TurboChargedDad . 
It should also be noted that if  I bounce one of the larger instances.
Everyone suffers during the time to startup.  The connection counts raise
in the same way although I am not sure at this time if there is an actual
outage experienced by anyone.  I will have to do some testing to determine
that.



On Wed, Nov 29, 2017 at 2:16 PM, TurboChargedDad . 
wrote:

>  >> So now all you have to do is upgrade to Tomcat 8.0 or, even better,
> >>Tomcat 8.5 :)
>   That's the plan but it's kind of like pulling teeth.
>
> >>Can you expand on the "weirdness"? I see you have some more details
> >>below but I think you could be more specific.
>
> Let's say that there are 12 users on a given system all running a tomcat
> server that has SSL terminated on the same host. user01 user02 user03 and
> son on all the way to user12.  Each user has their own /home/userNN
> directory.  Each user has their own own environment file in /etc/sysconfig/
> '/etc/sysconfig/tomcat7@userNN .  In each of those files contains the
> various settings that are required for each user.  CATALINA_HOME Java path,
> PID etc. Each user starts it's own JVM in a work directory in their home
> directory.
>
>  Now imagine that user10's application starts to experience a database
> issue and the app stops responding..  It used to be true that everyone
> would stop responding because the AJP connectors were BIO.  Then the HTTP
> connections would stack up across the board.  The stacking of the HTTP
> connections was expected given the situation.  Eventually the reverse proxy
> servers would die from running out of memory if were didn't get the outage
> under control quickly enough.
>
>   Now that we switched that we have had 2 outages.  In both cases the only
> tenants impacted from a performance perspective were the tenants
> experiencing the failures.  No other alarms were detected during these
> outages for any other tenants.  Something odd does happen however.  The
> Apache HTTP connections rise for everyone along with the offending site.
>
> Please see the shared graph.
>
> https://photos.app.goo.gl/ZzEgpQUdbv9L84X82
>
>   This is caclulated by doing a netstat and grepping for EST then httpd
> then the AJP port that would have connections passed back to it. ( sudo
> -tt > /bin/netstat -ntp | grep EST | grep httpd | grep ':8125' | wc -l )
>
> tcp0  0 127.0.0.1:37014 127.0.0.1:8125
>   ESTABLISHED 5529/httpd
> tcp0  0 127.0.0.1:40630 127.0.0.1:8125
>   ESTABLISHED 29638/httpd
> tcp0  0 127.0.0.1:40172 127.0.0.1:8125
>   ESTABLISHED 28592/httpd
> tcp0  0 127.0.0.1:36842 127.0.0.1:8125
>   ESTABLISHED 5529/httpd
> tcp0  0 127.0.0.1:40616 127.0.0.1:8125
>   ESTABLISHED 29640/httpd
> tcp0  0 127.0.0.1:37314 127.0.0.1:8125
>   ESTABLISHED 20267/httpd
> tcp0  0 127.0.0.1:39436 127.0.0.1:8125
>   ESTABLISHED 29577/httpd
> tcp0  0 127.0.0.1:39180 127.0.0.1:8125
>   ESTABLISHED 25280/httpd
> tcp0  0 127.0.0.1:40490 127.0.0.1:8125
>   ESTABLISHED 29577/httpd
> tcp0  0 127.0.0.1:39330 127.0.0.1:8125
>   ESTABLISHED 29633/httpd
> tcp0  0 127.0.0.1:40628 127.0.0.1:8125
>   ESTABLISHED 29631/httpd
> tcp0  0 127.0.0.1:39278 127.0.0.1:8125
>   ESTABLISHED 28799/httpd
> tcp0  0 127.0.0.1:39354 127.0.0.1:8125
>   ESTABLISHED 29637/httpd
> tcp0  0 127.0.0.1:39686 127.0.0.1:8125
>   ESTABLISHED 29575/httpd
> tcp0  0 127.0.0.1:37002 127.0.0.1:8125
>   ESTABLISHED 8354/httpd
> tcp0  0 127.0.0.1:39292 127.0.0.1:8125
>   ESTABLISHED 29574/httpd
> tcp0  0 127.0.0.1:39752 127.0.0.1:8125
>   ESTABLISHED 29631/httpd
> tcp0  0 127.0.0.1:41450 127.0.0.1:8125
>   ESTABLISHED 29574/httpd
> tcp0  0 127.0.0.1:37328 127.0.0.1:8125
>   ESTABLISHED 20266/httpd
> tcp0  0 127.0.0.1:39726 127.0.0.1:8125
>   ESTABLISHED 28799/httpd
>
>
>   It is the example above that determines the connection counts for each
> tenant.
>
> I cannot for the life of me understand how or why this is happening.. The
> only rise in connections should be detected in the offending application?
> Right?
>
> I can't say beyond a shadow of a doubt that the AJP connector threads
> aren't being wonky.  I am having trouble getting JMX to tell me that
> information through zabbix.
>
>
> Thoughts?
>
> Thanks in advance.
>
> On Wed, Nov 29, 2017 at 8:51 AM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Big Papa,
>>
>> On 11/29/17 12:06 AM, TurboChargedDad . wrote:
>> > So.. Thank you for those help me understand the NIO vs BIO in
>> > tomcat 7..
>>
>> So now all you have to do is

Re: Understanding tomcat + apache and I/O

2017-11-29 Thread TurboChargedDad . 
 >> So now all you have to do is upgrade to Tomcat 8.0 or, even better,
>>Tomcat 8.5 :)
  That's the plan but it's kind of like pulling teeth.

>>Can you expand on the "weirdness"? I see you have some more details
>>below but I think you could be more specific.

Let's say that there are 12 users on a given system all running a tomcat
server that has SSL terminated on the same host. user01 user02 user03 and
son on all the way to user12.  Each user has their own /home/userNN
directory.  Each user has their own own environment file in /etc/sysconfig/
'/etc/sysconfig/tomcat7@userNN .  In each of those files contains the
various settings that are required for each user.  CATALINA_HOME Java path,
PID etc. Each user starts it's own JVM in a work directory in their home
directory.

 Now imagine that user10's application starts to experience a database
issue and the app stops responding..  It used to be true that everyone
would stop responding because the AJP connectors were BIO.  Then the HTTP
connections would stack up across the board.  The stacking of the HTTP
connections was expected given the situation.  Eventually the reverse proxy
servers would die from running out of memory if were didn't get the outage
under control quickly enough.

  Now that we switched that we have had 2 outages.  In both cases the only
tenants impacted from a performance perspective were the tenants
experiencing the failures.  No other alarms were detected during these
outages for any other tenants.  Something odd does happen however.  The
Apache HTTP connections rise for everyone along with the offending site.

Please see the shared graph.

https://photos.app.goo.gl/ZzEgpQUdbv9L84X82

  This is caclulated by doing a netstat and grepping for EST then httpd
then the AJP port that would have connections passed back to it. ( sudo -tt >
/bin/netstat -ntp | grep EST | grep httpd | grep ':8125' | wc -l )

tcp0  0 127.0.0.1:37014 127.0.0.1:8125
ESTABLISHED 5529/httpd
tcp0  0 127.0.0.1:40630 127.0.0.1:8125
ESTABLISHED 29638/httpd
tcp0  0 127.0.0.1:40172 127.0.0.1:8125
ESTABLISHED 28592/httpd
tcp0  0 127.0.0.1:36842 127.0.0.1:8125
ESTABLISHED 5529/httpd
tcp0  0 127.0.0.1:40616 127.0.0.1:8125
ESTABLISHED 29640/httpd
tcp0  0 127.0.0.1:37314 127.0.0.1:8125
ESTABLISHED 20267/httpd
tcp0  0 127.0.0.1:39436 127.0.0.1:8125
ESTABLISHED 29577/httpd
tcp0  0 127.0.0.1:39180 127.0.0.1:8125
ESTABLISHED 25280/httpd
tcp0  0 127.0.0.1:40490 127.0.0.1:8125
ESTABLISHED 29577/httpd
tcp0  0 127.0.0.1:39330 127.0.0.1:8125
ESTABLISHED 29633/httpd
tcp0  0 127.0.0.1:40628 127.0.0.1:8125
ESTABLISHED 29631/httpd
tcp0  0 127.0.0.1:39278 127.0.0.1:8125
ESTABLISHED 28799/httpd
tcp0  0 127.0.0.1:39354 127.0.0.1:8125
ESTABLISHED 29637/httpd
tcp0  0 127.0.0.1:39686 127.0.0.1:8125
ESTABLISHED 29575/httpd
tcp0  0 127.0.0.1:37002 127.0.0.1:8125
ESTABLISHED 8354/httpd
tcp0  0 127.0.0.1:39292 127.0.0.1:8125
ESTABLISHED 29574/httpd
tcp0  0 127.0.0.1:39752 127.0.0.1:8125
ESTABLISHED 29631/httpd
tcp0  0 127.0.0.1:41450 127.0.0.1:8125
ESTABLISHED 29574/httpd
tcp0  0 127.0.0.1:37328 127.0.0.1:8125
ESTABLISHED 20266/httpd
tcp0  0 127.0.0.1:39726 127.0.0.1:8125
ESTABLISHED 28799/httpd


  It is the example above that determines the connection counts for each
tenant.

I cannot for the life of me understand how or why this is happening.. The
only rise in connections should be detected in the offending application?
Right?

I can't say beyond a shadow of a doubt that the AJP connector threads
aren't being wonky.  I am having trouble getting JMX to tell me that
information through zabbix.


Thoughts?

Thanks in advance.

On Wed, Nov 29, 2017 at 8:51 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Big Papa,
>
> On 11/29/17 12:06 AM, TurboChargedDad . wrote:
> > So.. Thank you for those help me understand the NIO vs BIO in
> > tomcat 7..
>
> So now all you have to do is upgrade to Tomcat 8.0 or, even better,
> Tomcat 8.5 :)
>
> > I made those changes things have improved quite a bit.  I am still
> > experiencing some weirdness that I have tried to understand but
> > can't get a handle on it.
>
> Can you expand on the "weirdness"? I see you have some more details
> below but I think you could be more specific.
>
> > Quick overview.. --Proxies-- Apache Proxies (2) - The end user
> > terminates SSL at the proxy/edge The proxies use HTTPS/SSL to
> > reverse proxy back to the tomcat server. --/Proxies--
> >
> > PXY1 & 2 configs for prefork mode. 
> > StartSe

Re: How to run Tomcat in Synology

2017-11-29 Thread Antonio S . Cofiño 

Hola Jose,


On 29/11/17 08:45, jose luis Calvo wrote:

Tomcat version: 7.0.82-0113
Operating System: Synology DSM 6.1.4-15217 Update 2
Model: DS414

Subject: After install component from Package Center Tomcat is ready
to configure but only there are three initial folders "docs"
"host-manager" and "manager". Please help me I don't know what I
should to do now. I doesn't exist any tomcat-users.xml file and
others... is so empty in compare with windows/linux installation.
That is the tomcat's 'webapps' directory which is been symbolic linked 
from the tomcat deployment directory (CATALINA_HOME).


The CATALINA_HOME in Synology box is at:

/var/packages/Tomcat7/target/src

But I'm using Tomcat7 Package provided by Synology and the DSM version 
is 5.2-5967 Update 4, different as yours.


As André has suggested in a different e-mail you alway can install the 
"vanilla" package from

https://tomcat.apache.org/download-80.cgi

assuming that you have the right Java version in your Synology box.

Saludos

Antonio S. Cofiño


Tarjet: My intention is install Tomcat  with MariaDB and MyPhpAdmin to
run my web pages with servlets and more...

Thank you in advance, Best regards.
José Pamplona (Spain)

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Understanding tomcat + apache and I/O

2017-11-29 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Big Papa,

On 11/29/17 12:06 AM, TurboChargedDad . wrote:
> So.. Thank you for those help me understand the NIO vs BIO in
> tomcat 7..

So now all you have to do is upgrade to Tomcat 8.0 or, even better,
Tomcat 8.5 :)

> I made those changes things have improved quite a bit.  I am still 
> experiencing some weirdness that I have tried to understand but
> can't get a handle on it.

Can you expand on the "weirdness"? I see you have some more details
below but I think you could be more specific.

> Quick overview.. --Proxies-- Apache Proxies (2) - The end user
> terminates SSL at the proxy/edge The proxies use HTTPS/SSL to
> reverse proxy back to the tomcat server. --/Proxies--
> 
> PXY1 & 2 configs for prefork mode.  
> StartServers 30 MinSpareServers 15 MaxSpareServers 30 ServerLimit
> 400 MaxClients 400 MaxRequestsPerChild 4000 

If you want high performance, you have to abandon the prefork model
and move to event. Some modules (e.g. mod_php IIRC) don't work
properly with the event model. Think about using your lb with PHP
running on another server as Jim Riggs suggests[1]. You may get better
performance, stability, and fault-tolerance.

> --Tomcat server-- (1) Apache terminates SSL over the top of Tomcat
> on the same server. Reverse proxies to the tomcat server using NIO
> AJP connectors. --/Tomcat server--

Above you say that you are using HTTPS/SSL to connect httpd -> Tomcat.
If you are using AJP then this is not true. So which is it? Are you
using HTTP or AJP as your protocol?

> Tomcat apache prefork mode config:  
> StartServers   8 MinSpareServers5 MaxSpareServers   20 
> ServerLimit  800 MaxClients   800 MaxRequestsPerChild
> 4000 

What does "Tomcat apache prefork mode" mean? The above is an httpd
configuration, not a Tomcat one.

> Typical vhost config for a given tenant would look like this.. 
>   > ServerAdmin ad...@company.com
>  ServerName somewhere.somedomain.com
>  ProxyPass /
> ajp://localhost:8126/ retry=3

Okay, now you are using AJP. I think there's definitely some confusion
here as to what is being configured with what.

> Typical tomcat connector thread config :  protocol="org.apache.coyote.ajp.AjpNioProtocol"
> redirectPort="8443" maxThreads="300" />

If this is the only  in Tomcat, then you are 100% using AJP
and not HTTP as your protocol.

Using NIO is the best practice here IMO.

> We are operating a multi-tenant environment.  As of right now, we
> have somewhere around 20 tomcat instances on a large machine of
> which only a handful are "busy".

Good.

> It used to be that when any one of them experienced a blocking
> issue. Every one of them went down.  All of their AJP connector
> threads would rise until the system because tomcat was
> unresponsive.

That would be a capacity-planning problem with the httpd proxies. You
probably didn't do your math correctly.

> So far that appears for the most part to be addressed...
Good. Maybe your math is better but it may still be wrong.

> However...  When an issue is experienced.  The site(s)
> experiencing the issue(s) going down doesn't seem to bring down any
> of the other sites. (w00t! w00t!)

Good.

> But the httpd connections for each site all still climb together.

That shouldn't happen (of course!).

> (Please see attached graph) Again no outage is experienced buy as 
> demonstrated by the graph attached to this message.

Attachments are stripped. Either post your graph elsewhere or describe
it in words.

> That graph is from zabbix using a custom metric that checks every
> 3 mins..  It does the following for each virtual host / tomcat
> instances
> 
> For user25 : UserParameter=somewebsite.constats,sudo -tt
> /bin/netstat -ntp | grep EST | grep httpd | grep ':8125' | wc -l 
> UserParameter=somewebsite2.constats,sudo -tt /bin/netstat -ntp |
> grep EST | grep httpd | grep ':8126' | wc -l
> 
> So there is virtually no way they can be getting mixed up.  Not to 
> mention that there are a few that do not experience a rise in
> connections.

So the "Weirdness" is that your AJP connection count on the httpd
proxy instances increases across all web servers (or all workers?).
What does mod_proxy's status page say for *each worker*? THAT'S what
you need to compare, not just the total number of connections/threads
on the proxy.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloeyX0dHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFgAZQ/+OyyDIEaWzgF5zG1o
amUGjCUackktehlpW9STa5kRhIj9REYT4Cql64Cwqvw8ciZVQXAOsYJBACXFKcfa
fvegRQ03YeLy9LDXhPtsx4Nr+qT17ySiFo/MckEIkxCR9mBbFokUb1bVes9kkYQu
yJjQ7AV8SWDWKGdAkbRk4WTuJ23bvRwZ2g4MNb0sDg5dJEQIOY7JYhlFJQLPm/1a
Yeeo/xRMLfY4FBI0zpA1DAXEwiLyXup4SOztHnoxbK5h0YgrRGMOKvAwZXs5/u/2
NbiqCnsA80OzUrSXd5sDBYzsuR2yOfnnUMcUJh

Re: Trying to understand How Tomcat uses Keystore for SSL

2017-11-29 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Don,

On 11/28/17 4:55 PM, Don Flinn wrote:
>>> In fact, I think you are using PEM-encoded DER files and not a 
>>> packaged keystore, even though your SSLHostConfig's
>>> keystoreType is set to "PKCS12".
> 
> Yes, I am using PEM files.  Got to read more on DER files.

PEM is an encoding, while DER is really the file format. It's like
saying "is this file text/plain or UTF-8?"

This is a great read for almost anyone who cares about x509 certificates
:

https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-ce
r-vs-pem-certificates-and-how-to-convert-them

> So do I just drop the keystoreType="PKCS12"  from the connector?
Theoretically, yes. The keystoreType is only used when there is a
keystore and not "certificate files", etc.

>> If there's anything inaccurate on the Tomcat site
> 
> No, I was talking about other sites, not the Tomcat site.  I've
> been reading all over the internet for that which seems related.
> My statement was a caution to not believe everything you read.
> 'Trust but verify'

Mark has given a number of presentations on TLS and they are very
accessible. Have a look at the slides (and some audio/video) on the
"presentations" page on the Tomcat site. Each of them has a varying
level of "introductoryness", but I think the more recent ones like
"Introduction to Tomcat and TLS" from TomcatCon in Miami are probably
the best ones to see for beginners.

> Your e-mail has been very helpful, not only to me, but I believe
> to others.  With respect to the Tomcat site, I think a lot of what
> you wrote would be very helpful there.  For example, the Tomcat 
> write up on SSL describes how to do self signed certificates and 
> fleetingly mentions that if you have a certificate from a CA that
> you could use e.g. openssl and then refers the reader to their java
> documentation and openssl documentation.  Not too helpful to the
> security/Tomcat novice.

Agreed. Would you care to write some new documentation and/or prepare
a patch for the site? IT's usually best when beginners write for their
own audience. I, for example, understand it backwards and forwards so
when I write I have a skewed perspective. Writing as a beginner can
re-focus the narrative for a different audience.

If you need any help grabbing the site from svn, etc. please just ask.

> Thanks for your patience and help.

You are more important than the software. No, really:
https://blogs.apache.org/foundation/entry/asf_15_community_over_code

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAloexiYdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFiY1Q//SLRGAzEuc2QzyvK9
svCG+s0HKA1QY+ubtdmoy+czFtm1b857uQ6L0Zo8KCp+edzYvTyd7iupGjPngEqr
5B9qRV3bcu3jsvMUcXEFe779MjjKsSX+m0jF8/9A1RtOvtEqqemlC6Q5AVuSZZUf
usSrTjXV2XyVlEtv0J5Rw+hMtLUpRwppg1LKAX5ZflHdhA1Zdq+TH6NSbLQlPr1z
WRzpLuOfSpt6Cnx2Kfqcwgop0EqCyPFcIqC3o2V+ONDQh4Z7FOdUNn70O03ympDg
fRMZbo8o0mX6RyjSk0nDFEfXLv2lafPoOrE5OUMvnuN4bZ472Jpq3nDtl0ZwYSIy
IcjXnfw+NUNTcIkJVz0K009/K/U8U4O4NBm5IBW4uFa2yapx717pB8H/Fmr6LvEr
FuIZG6wODc7YtN3kqbHR8J/3N1n3q6SM3CXyyjfazN0Kur0e4FOIE5WagzZTwQSm
K7LJsuIu84sVEShPcTB2CvTsaawJQj7clCM+eZngejuvuxSiwiC0u0zWKfoPDD8Z
bbXY69RJ0F1iKw7rgj+tr1KOxoNaDyHV8ys7CKinuG32hb37qzntygLrGZ0ZPOQZ
pUTuSsm1Zn/Zd/3oLWIhXJ9UZA5OfwhYYt6YwaTo4JYLhB1IsiVl9qqdzo2CQLIY
UHuG7kdiTBEig/ej+/RBOLZSI0k=
=6iU6
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to run Tomcat in Synology

2017-11-29 Thread tomcat 

On 29.11.2017 10:54, jose luis Calvo wrote:

it's incredible! what is happening in support teams?  I need help please.


We know that, and we're trying.  But we can't know what is in the package of the various 
OS distributions. Those are made by different people than the Tomcat developers.
It can be that the person who created that Tomcat package for Synergy, just did not 
include all the files.
If you download and install a "genuine original tomcat" from the "genuine original" tomcat 
website (e.g. https://tomcat.apache.org/download-80.cgi), and follow the installation 
instructions provided there, /then/ we may be able to help you.

(And that version /does/ have a tomcat-users.xml file in the "conf" directory)

Que la fuerza esté con usted !



Dear André, firstly thank you for your quickly response. I can
understand what happen because Synology Service told me that (all
consersation are below):

Dear Customer,
Thank you for contacting Synology. We will get back to you as soon as
possible. Thanks for your patience.
Below is a copy of your message that we've just received from you.
Problem Explanation:

I have a NAS Synology DS414 and I can not use tomcat 6 or 7 correctly,
my installation no have file "tomcat-users.xml" because I can't find
it into tomcat folder. When I run tomcat it is showing me a password
box dialog but I didn't password before and in folders there isn't
"tomcat-users.XML" ¿Could you know what kind of problems have a
Synology OS with Tomcat installations?
Thank you in advance from Pamplona. Spain.

Problem Reproduce Steps:
Related hardware:
Product Information/Question Personal Information
Product: DS414 Type of Customer: End User
Product Version: DSM 6.1.4-15217 Update 1 Company Name:
Product Serial Number: 1490MEN655802 Full Name: Jose Calvo
Type of Usage: For Personal Use Job Title: Government
E-mail: joseluis.ka...@gmail.com Address:
Telephone:
Location: Europe / Spain
Type of Message: Need Technical Support Category: Packages (Java 7 / Java 8)
Synology Support 
23 nov. (hace 6 días)

Synology 
answers...___

Dear Jose,
By default Tomcat will not have any users/passwords in which case you
would need to create one.
https://tecadmin.net/set-admin-password-in-tomcat/#
https://www.mkyong.com/tomcat/tomcat-default-administrator-password/
Please note that Tomcat is a 3rd party package and unfortunately we do
not provide setup assistance (aside from ensuring the package can
install onto the unit) in which case it is recommended to contact
Tomcat directly or refer to their user forums/help page for
assistance.
http://tomcat.apache.org/findhelp.html
https://wiki.apache.org/tomcat/SupportAndTraining
Regards,
DeSjonae
___
Sent by Synology Technical Support from Synology MailPlus

jose luis Calvo
Dear DeSjonae. Thank you for your support. My main problem is I can't open To...
23 nov. (hace 6 días)
Synology Support
27 nov. (hace 2 días)

Hi Jose,
When you launch tomcat from the diskstation are you being presented
with a login box asking for username/password? If so then please note
that the username/pwd needs to be created via CLI as per my initial
email before you can login to Tomcat manager as by default there is no
username/pwd. If you need assistance with configuring tomcat or the
username/pwd then I would recommend contacting tomcat directly or
referring to their user forums on how to setup the software.

2017-11-29 9:58 GMT+01:00 André Warnier (tomcat) :

On 29.11.2017 08:45, jose luis Calvo wrote:


Tomcat version: 7.0.82-0113
Operating System: Synology DSM 6.1.4-15217 Update 2
Model: DS414

Subject: After install component from Package Center Tomcat is ready
to configure but only there are three initial folders "docs"
"host-manager" and "manager". Please help me I don't know what I
should to do now. I doesn't exist any tomcat-users.xml file and
others... is so empty in compare with windows/linux installation.

Tarjet: My intention is install Tomcat  with MariaDB and MyPhpAdmin to
run my web pages with servlets and more...



Hi.
We also do not know what is in Synology's Tomcat package, or where it puts
the various files when you install it.
I believe that you will have to ask Synology about that.

Also, as far as I can tell, DSM is an operating system for a NAS.  I'm not
sure if it is really a good idea to install and use Tomcat and MariaDB and
MyPhpAdmin on such a system.
A NAS is a device that is specialised and optimised for providing shared
disk space for other computers. It is not really designed to run
applications directly.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional

Re: How to run Tomcat in Synology

2017-11-29 Thread jose luis Calvo 
it's incredible! what is happening in support teams?  I need help please.

Dear André, firstly thank you for your quickly response. I can
understand what happen because Synology Service told me that (all
consersation are below):

Dear Customer,
Thank you for contacting Synology. We will get back to you as soon as
possible. Thanks for your patience.
Below is a copy of your message that we've just received from you.
Problem Explanation:

I have a NAS Synology DS414 and I can not use tomcat 6 or 7 correctly,
my installation no have file "tomcat-users.xml" because I can't find
it into tomcat folder. When I run tomcat it is showing me a password
box dialog but I didn't password before and in folders there isn't
"tomcat-users.XML" ¿Could you know what kind of problems have a
Synology OS with Tomcat installations?
Thank you in advance from Pamplona. Spain.

Problem Reproduce Steps:
Related hardware:
Product Information/Question Personal Information
Product: DS414 Type of Customer: End User
Product Version: DSM 6.1.4-15217 Update 1 Company Name:
Product Serial Number: 1490MEN655802 Full Name: Jose Calvo
Type of Usage: For Personal Use Job Title: Government
E-mail: joseluis.ka...@gmail.com Address:
Telephone:
Location: Europe / Spain
Type of Message: Need Technical Support Category: Packages (Java 7 / Java 8)
Synology Support 
23 nov. (hace 6 días)

Synology 
answers...___

Dear Jose,
By default Tomcat will not have any users/passwords in which case you
would need to create one.
https://tecadmin.net/set-admin-password-in-tomcat/#
https://www.mkyong.com/tomcat/tomcat-default-administrator-password/
Please note that Tomcat is a 3rd party package and unfortunately we do
not provide setup assistance (aside from ensuring the package can
install onto the unit) in which case it is recommended to contact
Tomcat directly or refer to their user forums/help page for
assistance.
http://tomcat.apache.org/findhelp.html
https://wiki.apache.org/tomcat/SupportAndTraining
Regards,
DeSjonae
___
Sent by Synology Technical Support from Synology MailPlus

jose luis Calvo
Dear DeSjonae. Thank you for your support. My main problem is I can't open To...
23 nov. (hace 6 días)
Synology Support
27 nov. (hace 2 días)

Hi Jose,
When you launch tomcat from the diskstation are you being presented
with a login box asking for username/password? If so then please note
that the username/pwd needs to be created via CLI as per my initial
email before you can login to Tomcat manager as by default there is no
username/pwd. If you need assistance with configuring tomcat or the
username/pwd then I would recommend contacting tomcat directly or
referring to their user forums on how to setup the software.

2017-11-29 9:58 GMT+01:00 André Warnier (tomcat) :
> On 29.11.2017 08:45, jose luis Calvo wrote:
>>
>> Tomcat version: 7.0.82-0113
>> Operating System: Synology DSM 6.1.4-15217 Update 2
>> Model: DS414
>>
>> Subject: After install component from Package Center Tomcat is ready
>> to configure but only there are three initial folders "docs"
>> "host-manager" and "manager". Please help me I don't know what I
>> should to do now. I doesn't exist any tomcat-users.xml file and
>> others... is so empty in compare with windows/linux installation.
>>
>> Tarjet: My intention is install Tomcat  with MariaDB and MyPhpAdmin to
>> run my web pages with servlets and more...
>>
>
> Hi.
> We also do not know what is in Synology's Tomcat package, or where it puts
> the various files when you install it.
> I believe that you will have to ask Synology about that.
>
> Also, as far as I can tell, DSM is an operating system for a NAS.  I'm not
> sure if it is really a good idea to install and use Tomcat and MariaDB and
> MyPhpAdmin on such a system.
> A NAS is a device that is specialised and optimised for providing shared
> disk space for other computers. It is not really designed to run
> applications directly.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to run Tomcat in Synology

2017-11-29 Thread tomcat 

On 29.11.2017 08:45, jose luis Calvo wrote:

Tomcat version: 7.0.82-0113
Operating System: Synology DSM 6.1.4-15217 Update 2
Model: DS414

Subject: After install component from Package Center Tomcat is ready
to configure but only there are three initial folders "docs"
"host-manager" and "manager". Please help me I don't know what I
should to do now. I doesn't exist any tomcat-users.xml file and
others... is so empty in compare with windows/linux installation.

Tarjet: My intention is install Tomcat  with MariaDB and MyPhpAdmin to
run my web pages with servlets and more...



Hi.
We also do not know what is in Synology's Tomcat package, or where it puts the various 
files when you install it.

I believe that you will have to ask Synology about that.

Also, as far as I can tell, DSM is an operating system for a NAS.  I'm not sure if it is 
really a good idea to install and use Tomcat and MariaDB and MyPhpAdmin on such a system.
A NAS is a device that is specialised and optimised for providing shared disk space for 
other computers. It is not really designed to run applications directly.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org