Clarification on Apache Tribes setup docs
Hey there, We are planning to implement Apache Tribes(on our Tomcat-7) in our network for server to server communication. I am looking at https://tomcat.apache.org/tomcat-7.0-doc/tribes/setup.html to learn more about Apache Tribes, but seems documentation is not yet published. Please correct me if am looking at wrong place or is there anything material available to learn more about it Appreciate your help on this! Thanks & Regards, Santhosh A
Tomcat behind IIS on windows 2012
If I want to have IIS act as an intermediary between Tomcat and the outside world, if I've understood it correctly, there seem to be two choices. Either add something called HttpPlatformHandler into IIS https://www.iis.net/downloads/microsoft/httpplatformhandler or, use the Apache Tomcat Connectors https://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/win64/jk-1.2.30/ia64/ Is either considered best practice, to be preferred over the other? Regards Richard ps: I posted this same question over at javaranch a week or so back, but with no responses as yet. I'll copy any answer here over to that forum. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: intermittent connectivity failure under ssl
Remy, what more information would you like? Any more info on the issue that you are referencing? On Fri, Mar 2, 2018 at 10:56 AM, Rémy Maucherat wrote: > On Fri, Mar 2, 2018 at 4:19 PM, Alex O'Ree wrote: > > > Ran into a strange problem, not too sure what the problem is. Basically, > > I'm getting intermittent connectivity from a http client to tomcat but > only > > through SSL using the Http11NioProtocol. Some http requests go through, > > others fail with the stack trace below. Usually, restarting tomcat fixes > > it, but it appears to be random and unpredictable. This is a bit of a > major > > issue for me so any help is appreciated. > > > > Any pointers for how to troubleshoot this? Running tomcat 8.5.28. > > > > There's no tomcat logs to indicate that there's a problem. The following > is > > logged on the client side: > > > > Caused by: java.net.SocketException: SocketException invoking > > https://localhost:8443/myproject/services/Endpoint1: Unexpected end of > > file from server > > > > > > > > Caused by: java.net.SocketException: Unexpected end of file from server > > at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient. > > java:792) > > at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:647) > > at sun.net.www.protocol.http.HttpURLConnection.getInputStream0( > > HttpURLConnection.java:1536) > > at sun.net.www.protocol.http.HttpURLConnection.getInputStream( > > HttpURLConnection.java:1441) > > at java.net.HttpURLConnection.getResponseCode( > > HttpURLConnection.java:480) > > at sun.net.www.protocol.https.HttpsURLConnectionImpl. > > getResponseCode(HttpsURLConnectionImpl.java:338) > > at org.apache.cxf.transport.http.URLConnectionHTTPConduit$ > > URLConnectionWrappedOutputStream.getResponseCode( > > URLConnectionHTTPConduit.java:266) > > at org.apache.cxf.transport.http.HTTPConduit$ > WrappedOutputStream. > > handleResponseInternal(HTTPConduit.java:1543) > > at org.apache.cxf.transport.http.HTTPConduit$ > WrappedOutputStream. > > handleResponse(HTTPConduit.java:1513) > > at org.apache.cxf.transport.http.HTTPConduit$ > > WrappedOutputStream.close(HTTPConduit.java:1318) > > ... 46 more > > > > It's impossible to say without more information, but this could look like > an issue that is fixed in the next build. > > Rémy >
RE: tomcat 8.5.28
Thank You Sir. I will go through the wiki and try it out. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, March 2, 2018 11:55 AM To: users@tomcat.apache.org Subject: Re: tomcat 8.5.28 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Olaf, On 3/2/18 9:30 AM, Olaf Kock wrote: > On 02.03.2018 15:22, Cheltenham, Chris wrote: >> From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] >> Sent: Friday, March 02, 2018 9:08 AM To: 'Tomcat Users List' >> Subject: tomcat 8.5.28 >> >> Hello, >> >> Has anyone set up tomcat as a non-root use? >> >> I have set it up successfully however, I have to bound the non-root >> user to port 8443. >> >> What is the best way to reroute 8443 through 443? There are several >> options. Everything is set up at send to port 443 so I need to >> reroute 8443 in and out of 443 >> >> CentOS 7 by the way - > "what is the best (TM)?" -> "It depends" > > Tomcat runs well on unprivileged ports, and depending on your OS, > familiarity with configuring it, other infrastructure etc, you have > different options. Are you familiar with them - as you mention that > there are many? > > You can * use iptables redirection, * have a > proxy/webserver/loadbalancer in front, * enable unprivileged binding > to the port You can also use jsvc which can: * bind to privileged ports, then drop privileges * monitor and restart dead Tomcat processes * send a signal to rotate logs (like stdout!) I use a reverse-proxy for everything (and I'd recommend that everyone doing anything in the "real world" do the same), so I don't need such things, but I think I'd probably want to use jsvc for this purpose because it's fairly self-contained PLUS you get the auto-restart capabilities should you want them. > As we were discussing documentation in another thread these days: > I've expected to find a solution to your question in the FAQ and > wanted to link to it - but didn't find any entry there. There's a > patch to go on my list, with no ETA though. Maybe a side-task during > that Manchester Tomcat training. It's in the Wiki, not the user's guide: https://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_priv ileges.3F It doesn't even come up in Google, so it's no wonder that nobody can find it. We should probably roll some of this stuff into the user's guide so it's in a better place. The Wiki is ... not a great place to put things IMO. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqZgdgACgkQHPApP6U8 pFiGERAAoE7DTJUDhCMMTVT12j1tR5TS/0+TDltXlaT/CWFJ1ulCv2l8Oix4A7RH oFALw0gYjZg9/WPZd73CEtN5dfKHSffll18mJcSIpaJ2uf2sx+nbcqMpGOxrkQ5x osM9Vj/X7QTAXfBABwffAzw12kw5QpfwdxfapQS9KkK2U4gvtIB1oo1WCBL+yziA rKA3mA6IBKIGWk8u9BhbHJeTnmL4mPaIZqLep+M5CgOykfAu7TYdvMViovOxWCTv o5kB6xsuhZ88zdmkGJ2BGFokl0UzKtcYic3IN/s4KqcU2fM+2UJrSSHocpxW3Nfw ppmHGp4XaKW6oAFu4VjDDnWjnP6nDs5lH1VLmIySDm8B7nXpqbC7ML/rBde1VFMZ jVbUojbxJ+jIpXs6jg6nxTCRh/PssvWEQ/3e0Ank+xfJ3s4ay+kXYlP8M4IL8VFV M8tsXY8pAmknh9BnGV2fz0R49+Ir8aJEBRrYm1TLKnC8L9O/hqqlOEftqikYajvD qJlYKCmeZfDYdFkKR1TcgcC1kOpZkgdkSCc77NEBM0+y5ln/shDUCX5MkxrHe/zE leqntUfdWVhsfeG84MR5zmFbcWcNYNVov6A/7cW6Sb5Rlv7PWIcruyTgTEIotqwd DPFNk54910K3yy4UAyDgBgkiZTqz8k2eWx4W7FGaaMD2c9xCq50= =9WCp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: where to find org.apache.catalina.filters.RemoteAddrFilter?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Coty, On 3/1/18 3:43 PM, Coty Sutherland wrote: > On Thu, Mar 1, 2018 at 3:35 PM, Zari Ladak > wrote: >> Hi All, >> >> I would like to use the >> org.apache.catalina.filters.RemoteAddrFilter filter as part of my >> web.xml settings. I am just curious to know which jar file has >> that class. > > You can find which paths are included in which jars from the > build.xml (though it takes a bit of knowledge about what ant is > doing), or a quick grep on the jar files in lib: > > $ grep RemoteAddrFilter lib/* Binary file lib/catalina.jar matches I like this little gem: $ for jar in $CATALINA_HOME/lib/*.jar ; do echo "$jar" ; unzip -v "$jar" | grep RemoteAddrFilter" ; done This will print a list of all the JARs (I'm sure there is a way to suppress the ones that don't match) and then, underneath the one that matches, you'll see the file: /apache-tomcat-8.0.46/lib/annotations-api.jar /apache-tomcat-8.0.46/lib/catalina-ant.jar /apache-tomcat-8.0.46/lib/catalina-ha.jar /apache-tomcat-8.0.46/lib/catalina-storeconfig.jar /apache-tomcat-8.0.46/lib/catalina-tribes.jar /apache-tomcat-8.0.46/lib/catalina.jar 1935 Defl:N 740 62% 08-10-2017 13:11 cf250a0f org/apache/catalina/filters/RemoteAddrFilter.class /apache-tomcat-8.0.46/lib/ecj-4.6.3.jar /apache-tomcat-8.0.46/lib/el-api.jar ... So you can see that catalina.jar contains the file. I like this better just in case the filename has been mangled in some way inside of the JAR file (even though it shouldn't be). - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqZiE4ACgkQHPApP6U8 pFhIURAAv4Enj7MRHMwS924fy1Me9iPt84bv/51KBt+CM1/Ihj7HX7r9ANRx04J2 p2OJ8TNVeHsDcllUuyaXpP+Sz9DfXct5WENOf6K7Ka+NvrcPSRMGYL3M9kJbwUPj V/t91W19SzxFK2vX5cKe4mv8X8/oyBUDLYE57XxIJZWlkWuj49sdTngUO5Z/X+as hK/QkZRkW/0GkMwoDqeITWTYUMIhcSISC6/7QVeNP7k+LS9noWlP57PUsSfY93RU BeaF5cd2Muq5w5jymEiTy+LICx8FPxpP5WxIDyGsMEY03UNf14WUAPczj/Sbn5hg tH2SFmiP0i8NbjTeqBjqbcpoHctBn11B1ggu7hk3HCpzw+aHNmZCrOFazWWzyKl6 0iGLOj7h5DKGT7TLbeOVmdB8kxILpmG24yKPKeUNgefVMvrLjIvWZDo3IsHuLp/g zNj+YDaCQjhIIBQoLCDjHOtPRZR7AfTOG6uxGBgomCabBjl0tLmQwMzmaosdWM0l b5VPNfhIpnt/PXeJEUF177cgfXPGHRNM+C/hO4MCRIrUeKlYTRQEPoYVmP57AeYq DNQ3d4yp+krp+7N1fAMXuJ32PHTCdJNeHB8l9BmCNuoNVWrxpMe6rHBGwlCwy+nl xLLHG+OKXKnIsxzl+nOZYl79UzNMRQFlV1mwV13N8V60o2OT52E= =OKIw -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Running Tomcat 9 using OpenJDK 10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 3/2/18 11:20 AM, Cheltenham, Chris wrote: > Yes , I was able to start up tomcat 9.0.4 with the corresponding > java. One thing that was annoying was that > $JAVA_HOME/jre/lib/security dorectory has changes to > $JAVA_HOME/lib/security. > > Not a big deal but if you are using certs it is. I'm curious ... why is this a big deal? Do you typically modify your JRE's files after installation? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqZhzcACgkQHPApP6U8 pFhzkw/+PLdg/e03X7iLjrnUQ+48IcWWE0tJfgHRIIDKy8OOQ8RiY4watZBUjehk aMAn+HGd99hSJSGvf+fji9Lh3m7ZXw6VzKs0ZIHZOKLy2gi+zds8p9DVH/kOxKMI mohDKGG5oIIjnylTu87iXRsQt8r3m/HzPvHrlgPsqg4SRVONOAlVC5D9DT/WARFN XcadcQuK9hmJa3SVyXX8vcrxAYfrezahRGm4VJchv9R3V7ViOLvvdmBU5XKQX6hT vSYr7VJcO9Y0EhM/hYaZuF7ieg8Y+QhNF5vFTAtdPE0Aw6FtzZlfhltlvVyR+zjv MjrupbJXYq7IH8cARGVD9UhZs/XDdDBBF39xppHq0T1QNn08jxCHKkffURhOyv6O Gfgbx6RZHWcmSGOuzSi4vGRcEQrccNdgLPgYUIYToYHzNcob3MF6M/QC8HiP0hY8 6Y3nt/oizZECHoMpBX+MxH8G9bQ0vI5UpHqgpevaF5UUk5Hoa+ZE2GDlQweQe2mj DaYn/PopvbR0rJqoF0xBHlEatnuulzcSnoMIYcLCymBdamHq+POf77Hnm0CIEm9d rAU6rWBX0oUCCv0t7YWEf8qUgSMWxW13dVkBiAUAQz6eWlqNwp7VxFSY2rhh4vbG YmvbVaLMp1cDgHAKDM2sswsxeDUcINoO9J92A/uCVReTtLfXSqI= =yZmm -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Want help understanding missing piece in architecture
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cris, On 3/2/18 11:46 AM, Berneburg, Cris J. - US wrote: > There's a concept I'm trying to wrap my brain around. It's > similar to MVC, separating responsibilities between the display > and model/controller layers. In terms of coding, I know how to > make that happen. However, in terms of server architecture, I do > not. > > For the purposes of semantics, please assume "server" refers to > either a physical box and/or software service, application, > container, etc. > > Let's say we have a database server and Tomcat application server. > The web application uses JSP. The app is configured to connect to > the DB. With this configuration, all the communication with the > DB and page rendering occurs within the Tomcat application. > > Now let's say that we want the Tomcat application to only do > rendering. It connects to a different server, X, and no longer to > the DB. The X server connects to the DB. Requests and data flow > between the Tomcat app and the X server. > > What is X? Is it a web service? Application behind a web socket? > What platforms support those? Is that what the whole SOAP, xml, > and JSON stuff is for? Obviously, this gets into what the "appropriate" architecture is for an application, etc. so the best anyone can do is give you *examples* of what might be reasonable. If you want something like this: client -> presentation -> business -> db Where "presentation" is "only" your JSPs and the "business" is the "X" component you have described above, then there are many ways to accomplish your objective. The communication protocol is up to you, and will be affected by how to decide to design X. If you use HTTP - a reasonable choice - then you also need to decide what bits you'll send across that protocol. Obvious choices are JSON or XML. SOAP is just a particular implementation of XML-based RPC. Rest is a loose standard for using HTTP verbs that make sense instead of having one big "do-everything" URL where you feed-in requests via e.g. XML or JSON documents in a POST. You could also use Websocket, but that would depend upon what the relationship between your client (presentation) and server (X/business) has to be. If it's request/response-oriented, then Websocket is probably more trouble than it is worth. If maintaining a connection over a long period of time, and either the client or server should be able to "speak" at any time, then Websocket is probably the right solution in that case. Regardless of the exact implementation, I think it would reasonably be called a "web service". Some people think that "web service means SOAP" or "web service means ___" but I would say it's a fairly loose term. I'd call anything that provides an HTTP/Websocket interface but is intended to be used by *software* and not humans/web browsers directly should be called a web service. If humans are using it, it's called a "web site" or a "web application" IMHO. > And why do it? Are there any benefits to such an architecture? > Scaling maybe? Support for rendering different output types (HTML > vs Something Else)? Theoretically I'm thinking that maybe the > different servers could live inside different security zones, but I > don't know if that's a valid requirement. There are LOTS of reasons you might want to do this kind of thing. Scaling is usually *not* one of them, because in a typical web/app/db server setup, you can horizontally scale-out the web servers or the app servers pretty much indefinitely, as long as the downstream service(s) can handle the load. If you have your database running on Chuck's iPhone, having 500 application servers isn't going to improve the speed of your web application if it's db-heavy. IMO the real benefit of that kind of architecture is *flexibility*. Let's say that you have a series of low-level services all wrapped-up inside of X. Then you have a web-layer (presentation) that talks to X which does all the "real work". If you were just building the web application and nothing else, it might be a waste of time to split presentation/business into separate services/projects/whatever. But let's say that you want to build a mobile application that isn't just an app-wrapper around your web site? Your mobile app can then call X directly and ignore the web/presentation parts of your "web application". Then you can create another mobile application on another platform, too, and re-use the same service. You now want a desktop application to go along with those mobile apps? No problem, call X directly. And the web version continues to provide your web-based clients the same service they have always enjoyed. I have seen LOTS of deployments like this, and many of them end up using the database itself as the "X" in your setup: they write most of their application using stored-procedures in the database, then everyone uses JDBC (or whatever) to call the database to ask for things to be done. You want a ne
Re: tomcat 8.5.28
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Olaf, On 3/2/18 9:30 AM, Olaf Kock wrote: > On 02.03.2018 15:22, Cheltenham, Chris wrote: >> From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] >> Sent: Friday, March 02, 2018 9:08 AM To: 'Tomcat Users List' >> Subject: tomcat 8.5.28 >> >> Hello, >> >> Has anyone set up tomcat as a non-root use? >> >> I have set it up successfully however, I have to bound the >> non-root user to port 8443. >> >> What is the best way to reroute 8443 through 443? There are >> several options. Everything is set up at send to port 443 so I >> need to reroute 8443 in and out of 443 >> >> CentOS 7 by the way - > "what is the best (TM)?" -> "It depends" > > Tomcat runs well on unprivileged ports, and depending on your OS, > familiarity with configuring it, other infrastructure etc, you > have different options. Are you familiar with them - as you mention > that there are many? > > You can * use iptables redirection, * have a > proxy/webserver/loadbalancer in front, * enable unprivileged > binding to the port You can also use jsvc which can: * bind to privileged ports, then drop privileges * monitor and restart dead Tomcat processes * send a signal to rotate logs (like stdout!) I use a reverse-proxy for everything (and I'd recommend that everyone doing anything in the "real world" do the same), so I don't need such things, but I think I'd probably want to use jsvc for this purpose because it's fairly self-contained PLUS you get the auto-restart capabilities should you want them. > As we were discussing documentation in another thread these days: > I've expected to find a solution to your question in the FAQ and > wanted to link to it - but didn't find any entry there. There's a > patch to go on my list, with no ETA though. Maybe a side-task > during that Manchester Tomcat training. It's in the Wiki, not the user's guide: https://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_priv ileges.3F It doesn't even come up in Google, so it's no wonder that nobody can find it. We should probably roll some of this stuff into the user's guide so it's in a better place. The Wiki is ... not a great place to put things IMO. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqZgdgACgkQHPApP6U8 pFiGERAAoE7DTJUDhCMMTVT12j1tR5TS/0+TDltXlaT/CWFJ1ulCv2l8Oix4A7RH oFALw0gYjZg9/WPZd73CEtN5dfKHSffll18mJcSIpaJ2uf2sx+nbcqMpGOxrkQ5x osM9Vj/X7QTAXfBABwffAzw12kw5QpfwdxfapQS9KkK2U4gvtIB1oo1WCBL+yziA rKA3mA6IBKIGWk8u9BhbHJeTnmL4mPaIZqLep+M5CgOykfAu7TYdvMViovOxWCTv o5kB6xsuhZ88zdmkGJ2BGFokl0UzKtcYic3IN/s4KqcU2fM+2UJrSSHocpxW3Nfw ppmHGp4XaKW6oAFu4VjDDnWjnP6nDs5lH1VLmIySDm8B7nXpqbC7ML/rBde1VFMZ jVbUojbxJ+jIpXs6jg6nxTCRh/PssvWEQ/3e0Ank+xfJ3s4ay+kXYlP8M4IL8VFV M8tsXY8pAmknh9BnGV2fz0R49+Ir8aJEBRrYm1TLKnC8L9O/hqqlOEftqikYajvD qJlYKCmeZfDYdFkKR1TcgcC1kOpZkgdkSCc77NEBM0+y5ln/shDUCX5MkxrHe/zE leqntUfdWVhsfeG84MR5zmFbcWcNYNVov6A/7cW6Sb5Rlv7PWIcruyTgTEIotqwd DPFNk54910K3yy4UAyDgBgkiZTqz8k2eWx4W7FGaaMD2c9xCq50= =9WCp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] Want help understanding missing piece in architecture
Hi Folks There's a concept I'm trying to wrap my brain around. It's similar to MVC, separating responsibilities between the display and model/controller layers. In terms of coding, I know how to make that happen. However, in terms of server architecture, I do not. For the purposes of semantics, please assume "server" refers to either a physical box and/or software service, application, container, etc. Let's say we have a database server and Tomcat application server. The web application uses JSP. The app is configured to connect to the DB. With this configuration, all the communication with the DB and page rendering occurs within the Tomcat application. Now let's say that we want the Tomcat application to only do rendering. It connects to a different server, X, and no longer to the DB. The X server connects to the DB. Requests and data flow between the Tomcat app and the X server. What is X? Is it a web service? Application behind a web socket? What platforms support those? Is that what the whole SOAP, xml, and JSON stuff is for? And why do it? Are there any benefits to such an architecture? Scaling maybe? Support for rendering different output types (HTML vs Something Else)? Theoretically I'm thinking that maybe the different servers could live inside different security zones, but I don't know if that's a valid requirement. Thanks for your time and patience. :-) -- Cris Berneburg CACI Lead Software Engineer
RE: Running Tomcat 9 using OpenJDK 10
Thanks for the reply and the heads up. I am controlling the apps that will be running under it, so that shouldn't be a problem. I am also using the APR connectors, so I don't think the certs will be an issue for me either. Now I just need to compile it. Thanks again! Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting. -Original Message- From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] Sent: Friday, March 2, 2018 11:20 AM To: Tomcat Users List Subject: RE: Running Tomcat 9 using OpenJDK 10 Yes , I was able to start up tomcat 9.0.4 with the corresponding java. One thing that was annoying was that $JAVA_HOME/jre/lib/security dorectory has changes to $JAVA_HOME/lib/security. Not a big deal but if you are using certs it is. Now, the applications is used did not like java 9 , so I pulled back to java 8_161. But that's been my brief experiences with TCAT 9 and Java 9 === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Mark A. Claassen [mailto:mclaas...@ocie.net] Sent: Friday, March 2, 2018 11:03 AM To: Tomcat Users List Subject: Running Tomcat 9 using OpenJDK 10 Has anyone tried running Tomcat 9 using OpenJDK 9 or 10? I know the OpenJDK releases don't have all the modules (like JavaFX) that the Oracle JDK does and I was wondering if the libraries that Tomcat needs are part of the standard OpenJDK distribution? Thanks, Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Running Tomcat 9 using OpenJDK 10
Yes , I was able to start up tomcat 9.0.4 with the corresponding java. One thing that was annoying was that $JAVA_HOME/jre/lib/security dorectory has changes to $JAVA_HOME/lib/security. Not a big deal but if you are using certs it is. Now, the applications is used did not like java 9 , so I pulled back to java 8_161. But that's been my brief experiences with TCAT 9 and Java 9 === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Mark A. Claassen [mailto:mclaas...@ocie.net] Sent: Friday, March 2, 2018 11:03 AM To: Tomcat Users List Subject: Running Tomcat 9 using OpenJDK 10 Has anyone tried running Tomcat 9 using OpenJDK 9 or 10? I know the OpenJDK releases don't have all the modules (like JavaFX) that the Oracle JDK does and I was wondering if the libraries that Tomcat needs are part of the standard OpenJDK distribution? Thanks, Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Running Tomcat 9 using OpenJDK 10
Has anyone tried running Tomcat 9 using OpenJDK 9 or 10? I know the OpenJDK releases don't have all the modules (like JavaFX) that the Oracle JDK does and I was wondering if the libraries that Tomcat needs are part of the standard OpenJDK distribution? Thanks, Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting.
embedded tomcat (8.5.28) classloading issues when adding another war file and classes can be resolved via that webapp classloader and the bootstrap classloader
Hi, i am using an embedded tomcat to e.g. start my wicket application in my IDE. This works fine so far - the whole classpath used and provided by IntelliJ is used. But adding e.g. a war file via setWebapp to start some additional webapps i am running into some issues with that war files. The intellij classpath does provide e.g. hibernate and this is going to resolve classes when loading entities via associations. Hibernate was loaded using classloader A (bootstrap one) and it does even resolve that association class with A where it should have used the ParallelWebappClassloader from my war file first when getting a request for that war file. So this is going havoc because bootstrap classloader is asked first here where it does find that class (embedded tomcat - no extra classloader stuff done). https://tomcat.apache.org/tomcat-8.5-doc/class-loader-howto.html So how is this supposed to work in case i want to load additional war files in an embedded tomcat - any best practices, docs known how to "reproduce" such an isolated environment for an embedded tomcat? So minimal example would be: 1. The bootstrap class with "new Tomcat()" is in my test classpath of my webapp in the IDE and can run the webapp from "src/main/webapp" as usual - which works so far (one big fat classpath ...). 2. I want to add a webapp from a war file in the same Tomcat() instance - but here it gets messy with the classes. Suggestions welcome :) kind regards Torsten PS: In the "real" tomcat this is going to work because the bootstrap classloader does not know that class at all there - where in the webapp one this is "mixed". smime.p7s Description: S/MIME cryptographic signature
Re: intermittent connectivity failure under ssl
On Fri, Mar 2, 2018 at 4:19 PM, Alex O'Ree wrote: > Ran into a strange problem, not too sure what the problem is. Basically, > I'm getting intermittent connectivity from a http client to tomcat but only > through SSL using the Http11NioProtocol. Some http requests go through, > others fail with the stack trace below. Usually, restarting tomcat fixes > it, but it appears to be random and unpredictable. This is a bit of a major > issue for me so any help is appreciated. > > Any pointers for how to troubleshoot this? Running tomcat 8.5.28. > > There's no tomcat logs to indicate that there's a problem. The following is > logged on the client side: > > Caused by: java.net.SocketException: SocketException invoking > https://localhost:8443/myproject/services/Endpoint1: Unexpected end of > file from server > > > > Caused by: java.net.SocketException: Unexpected end of file from server > at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient. > java:792) > at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:647) > at sun.net.www.protocol.http.HttpURLConnection.getInputStream0( > HttpURLConnection.java:1536) > at sun.net.www.protocol.http.HttpURLConnection.getInputStream( > HttpURLConnection.java:1441) > at java.net.HttpURLConnection.getResponseCode( > HttpURLConnection.java:480) > at sun.net.www.protocol.https.HttpsURLConnectionImpl. > getResponseCode(HttpsURLConnectionImpl.java:338) > at org.apache.cxf.transport.http.URLConnectionHTTPConduit$ > URLConnectionWrappedOutputStream.getResponseCode( > URLConnectionHTTPConduit.java:266) > at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream. > handleResponseInternal(HTTPConduit.java:1543) > at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream. > handleResponse(HTTPConduit.java:1513) > at org.apache.cxf.transport.http.HTTPConduit$ > WrappedOutputStream.close(HTTPConduit.java:1318) > ... 46 more > It's impossible to say without more information, but this could look like an issue that is fixed in the next build. Rémy
RE: tomcat 8.5.28
All, I am not sure is this out of scope with Tomcat's policies? === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] Sent: Friday, March 2, 2018 10:43 AM To: Tomcat Users List Subject: RE: tomcat 8.5.28 Thanks My friend , I have tried that without success. [root@cjc logs]# iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 [root@cjc logs]# curl -k https://10.32.32.230 curl: (7) Failed connect to 10.32.32.230:443; Connection refused [root@cjc logs]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@cjc logs]# curl -k https://10.32.32.230 curl: (7) Failed connect to 10.32.32.230:443; Connection refused [root@cjc logs]# curl -k https://10.32.32.230:443 curl: (7) Failed connect to 10.32.32.230:443; Connection refused [root@cjc logs]# === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Johan Compagner [mailto:jcompag...@servoy.com] Sent: Friday, March 2, 2018 10:23 AM To: Tomcat Users List Subject: Re: tomcat 8.5.28 sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 then you can save the iptables so they stick after reboot: sudo service iptables save On 2 March 2018 at 15:08, Cheltenham, Chris wrote: > Hello, > > > > Has anyone set up tomcat as a non-root use? > > > > I have set it up successfully however, I have to bound the non-root > user to port 8443. > > > > What is the best way to reroute 8443 through 443? > > There are several options. > > Everything is set up at send to port 443 so I need to reroute 8443 in > and out of 443 > > > > CentOS 7 by the way – > > > > > > === > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > -- Johan Compagner Servoy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat 8.5.28
Thanks My friend , I have tried that without success. [root@cjc logs]# iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 [root@cjc logs]# curl -k https://10.32.32.230 curl: (7) Failed connect to 10.32.32.230:443; Connection refused [root@cjc logs]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@cjc logs]# curl -k https://10.32.32.230 curl: (7) Failed connect to 10.32.32.230:443; Connection refused [root@cjc logs]# curl -k https://10.32.32.230:443 curl: (7) Failed connect to 10.32.32.230:443; Connection refused [root@cjc logs]# === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Johan Compagner [mailto:jcompag...@servoy.com] Sent: Friday, March 2, 2018 10:23 AM To: Tomcat Users List Subject: Re: tomcat 8.5.28 sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 then you can save the iptables so they stick after reboot: sudo service iptables save On 2 March 2018 at 15:08, Cheltenham, Chris wrote: > Hello, > > > > Has anyone set up tomcat as a non-root use? > > > > I have set it up successfully however, I have to bound the non-root > user to port 8443. > > > > What is the best way to reroute 8443 through 443? > > There are several options. > > Everything is set up at send to port 443 so I need to reroute 8443 in > and out of 443 > > > > CentOS 7 by the way – > > > > > > === > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > -- Johan Compagner Servoy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 8.5.28
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 then you can save the iptables so they stick after reboot: sudo service iptables save On 2 March 2018 at 15:08, Cheltenham, Chris wrote: > Hello, > > > > Has anyone set up tomcat as a non-root use? > > > > I have set it up successfully however, I have to bound the non-root user > to port 8443. > > > > What is the best way to reroute 8443 through 443? > > There are several options. > > Everything is set up at send to port 443 so I need to reroute 8443 in and > out of 443 > > > > CentOS 7 by the way – > > > > > > === > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > -- Johan Compagner Servoy
RE: tomcat 8.5.28
Thanks Andre. People have nothing better to do I suppose. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: André Warnier (tomcat) [mailto:a...@ice-sa.com] Sent: Friday, March 2, 2018 9:49 AM To: users@tomcat.apache.org Subject: Re: tomcat 8.5.28 On 02.03.2018 15:41, Cheltenham, Chris wrote: > Mark, > > Can you elaborate on what is going on there? > What trolls? > I don’t know what that means. See : https://en.wikipedia.org/wiki/Internet_troll > > > === > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > > -Original Message- > From: Mark Thomas [mailto:ma...@apache.org] > Sent: Friday, March 2, 2018 9:39 AM > To: Tomcat Users List ; Olaf Kock > > Subject: Re: tomcat 8.5.28 > > On 02/03/18 14:30, Olaf Kock wrote: >> >> >> On 02.03.2018 15:22, Cheltenham, Chris wrote: >>> What? >> >> don't feed the trolls ;) > > Better still, unsubscribe them :) > > Just a reminder to everyone that the list does have moderators and we > can be reached directly at users-owner@... should you need our help. > > I have unsubscribed this particular user. > > Mark > > >> >>> From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] >>> Sent: Friday, March 02, 2018 9:08 AM >>> To: 'Tomcat Users List' >>> Subject: tomcat 8.5.28 >>> >>> Hello, >>> >>> Has anyone set up tomcat as a non-root use? >>> >>> I have set it up successfully however, I have to bound the non-root >>> user to port 8443. >>> >>> What is the best way to reroute 8443 through 443? >>> There are several options. >>> Everything is set up at send to port 443 so I need to reroute 8443 >>> in and out of 443 >>> >>> CentOS 7 by the way - >> "what is the best (TM)?" >> -> "It depends" >> >> Tomcat runs well on unprivileged ports, and depending on your OS, >> familiarity with configuring it, other infrastructure etc, you have >> different options. Are you familiar with them - as you mention that >> there are many? >> >> You can >> * use iptables redirection, >> * have a proxy/webserver/loadbalancer in front, >> * enable unprivileged binding to the port >> >> I default to the second option, because there's an Apache httpd or >> another loadbalancer anyways, and it tended to be best documented >> with regards to all of the specific SSL settings you might want to >> have (the cipher-cocktail of the day), plus easily get LetsEncrypt certs. >> >> The others are valid as well - none is better, they're just different. >> >> As we were discussing documentation in another thread these days: >> I've expected to find a solution to your question in the FAQ and >> wanted to link to it - but didn't find any entry there. There's a >> patch to go on my list, with no ETA though. Maybe a side-task during >> that Manchester Tomcat training. >> >> Olaf >> >> >> >> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
intermittent connectivity failure under ssl
Ran into a strange problem, not too sure what the problem is. Basically, I'm getting intermittent connectivity from a http client to tomcat but only through SSL using the Http11NioProtocol. Some http requests go through, others fail with the stack trace below. Usually, restarting tomcat fixes it, but it appears to be random and unpredictable. This is a bit of a major issue for me so any help is appreciated. Any pointers for how to troubleshoot this? Running tomcat 8.5.28. There's no tomcat logs to indicate that there's a problem. The following is logged on the client side: Caused by: java.net.SocketException: SocketException invoking https://localhost:8443/myproject/services/Endpoint1: Unexpected end of file from server Caused by: java.net.SocketException: Unexpected end of file from server at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:792) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:647) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1536) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.getResponseCode(URLConnectionHTTPConduit.java:266) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1543) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1513) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318) ... 46 more
Re: tomcat 8.5.28
On 02.03.2018 15:41, Cheltenham, Chris wrote: Mark, Can you elaborate on what is going on there? What trolls? I don’t know what that means. See : https://en.wikipedia.org/wiki/Internet_troll === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, March 2, 2018 9:39 AM To: Tomcat Users List ; Olaf Kock Subject: Re: tomcat 8.5.28 On 02/03/18 14:30, Olaf Kock wrote: On 02.03.2018 15:22, Cheltenham, Chris wrote: What? don't feed the trolls ;) Better still, unsubscribe them :) Just a reminder to everyone that the list does have moderators and we can be reached directly at users-owner@... should you need our help. I have unsubscribed this particular user. Mark From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] Sent: Friday, March 02, 2018 9:08 AM To: 'Tomcat Users List' Subject: tomcat 8.5.28 Hello, Has anyone set up tomcat as a non-root use? I have set it up successfully however, I have to bound the non-root user to port 8443. What is the best way to reroute 8443 through 443? There are several options. Everything is set up at send to port 443 so I need to reroute 8443 in and out of 443 CentOS 7 by the way - "what is the best (TM)?" -> "It depends" Tomcat runs well on unprivileged ports, and depending on your OS, familiarity with configuring it, other infrastructure etc, you have different options. Are you familiar with them - as you mention that there are many? You can * use iptables redirection, * have a proxy/webserver/loadbalancer in front, * enable unprivileged binding to the port I default to the second option, because there's an Apache httpd or another loadbalancer anyways, and it tended to be best documented with regards to all of the specific SSL settings you might want to have (the cipher-cocktail of the day), plus easily get LetsEncrypt certs. The others are valid as well - none is better, they're just different. As we were discussing documentation in another thread these days: I've expected to find a solution to your question in the FAQ and wanted to link to it - but didn't find any entry there. There's a patch to go on my list, with no ETA though. Maybe a side-task during that Manchester Tomcat training. Olaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat 8.5.28
Mark, Can you elaborate on what is going on there? What trolls? I don’t know what that means. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, March 2, 2018 9:39 AM To: Tomcat Users List ; Olaf Kock Subject: Re: tomcat 8.5.28 On 02/03/18 14:30, Olaf Kock wrote: > > > On 02.03.2018 15:22, Cheltenham, Chris wrote: >> What? > > don't feed the trolls ;) Better still, unsubscribe them :) Just a reminder to everyone that the list does have moderators and we can be reached directly at users-owner@... should you need our help. I have unsubscribed this particular user. Mark > >> From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] >> Sent: Friday, March 02, 2018 9:08 AM >> To: 'Tomcat Users List' >> Subject: tomcat 8.5.28 >> >> Hello, >> >> Has anyone set up tomcat as a non-root use? >> >> I have set it up successfully however, I have to bound the non-root >> user to port 8443. >> >> What is the best way to reroute 8443 through 443? >> There are several options. >> Everything is set up at send to port 443 so I need to reroute 8443 in >> and out of 443 >> >> CentOS 7 by the way - > "what is the best (TM)?" > -> "It depends" > > Tomcat runs well on unprivileged ports, and depending on your OS, > familiarity with configuring it, other infrastructure etc, you have > different options. Are you familiar with them - as you mention that > there are many? > > You can > * use iptables redirection, > * have a proxy/webserver/loadbalancer in front, > * enable unprivileged binding to the port > > I default to the second option, because there's an Apache httpd or > another loadbalancer anyways, and it tended to be best documented with > regards to all of the specific SSL settings you might want to have > (the cipher-cocktail of the day), plus easily get LetsEncrypt certs. > > The others are valid as well - none is better, they're just different. > > As we were discussing documentation in another thread these days: I've > expected to find a solution to your question in the FAQ and wanted to > link to it - but didn't find any entry there. There's a patch to go on > my list, with no ETA though. Maybe a side-task during that Manchester > Tomcat training. > > Olaf > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 8.5.28
On 02/03/18 14:30, Olaf Kock wrote: > > > On 02.03.2018 15:22, Cheltenham, Chris wrote: >> What? > > don't feed the trolls ;) Better still, unsubscribe them :) Just a reminder to everyone that the list does have moderators and we can be reached directly at users-owner@... should you need our help. I have unsubscribed this particular user. Mark > >> From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] >> Sent: Friday, March 02, 2018 9:08 AM >> To: 'Tomcat Users List' >> Subject: tomcat 8.5.28 >> >> Hello, >> >> Has anyone set up tomcat as a non-root use? >> >> I have set it up successfully however, I have to bound the non-root user >> to port 8443. >> >> What is the best way to reroute 8443 through 443? >> There are several options. >> Everything is set up at send to port 443 so I need to reroute 8443 in and >> out of 443 >> >> CentOS 7 by the way - > "what is the best (TM)?" > -> "It depends" > > Tomcat runs well on unprivileged ports, and depending on your OS, > familiarity with configuring it, other infrastructure etc, you have > different options. Are you familiar with them - as you mention that > there are many? > > You can > * use iptables redirection, > * have a proxy/webserver/loadbalancer in front, > * enable unprivileged binding to the port > > I default to the second option, because there's an Apache httpd or > another loadbalancer anyways, and it tended to be best documented with > regards to all of the specific SSL settings you might want to have (the > cipher-cocktail of the day), plus easily get LetsEncrypt certs. > > The others are valid as well - none is better, they're just different. > > As we were discussing documentation in another thread these days: I've > expected to find a solution to your question in the FAQ and wanted to > link to it - but didn't find any entry there. There's a patch to go on > my list, with no ETA though. Maybe a side-task during that Manchester > Tomcat training. > > Olaf > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 8.5.28
On 02.03.2018 15:22, Cheltenham, Chris wrote: What? don't feed the trolls ;) From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] Sent: Friday, March 02, 2018 9:08 AM To: 'Tomcat Users List' Subject: tomcat 8.5.28 Hello, Has anyone set up tomcat as a non-root use? I have set it up successfully however, I have to bound the non-root user to port 8443. What is the best way to reroute 8443 through 443? There are several options. Everything is set up at send to port 443 so I need to reroute 8443 in and out of 443 CentOS 7 by the way - "what is the best (TM)?" -> "It depends" Tomcat runs well on unprivileged ports, and depending on your OS, familiarity with configuring it, other infrastructure etc, you have different options. Are you familiar with them - as you mention that there are many? You can * use iptables redirection, * have a proxy/webserver/loadbalancer in front, * enable unprivileged binding to the port I default to the second option, because there's an Apache httpd or another loadbalancer anyways, and it tended to be best documented with regards to all of the specific SSL settings you might want to have (the cipher-cocktail of the day), plus easily get LetsEncrypt certs. The others are valid as well - none is better, they're just different. As we were discussing documentation in another thread these days: I've expected to find a solution to your question in the FAQ and wanted to link to it - but didn't find any entry there. There's a patch to go on my list, with no ETA though. Maybe a side-task during that Manchester Tomcat training. Olaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat 8.5.28
What? === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: THOMAS, NEFERTA C [mailto:nt1...@att.com] Sent: Friday, March 2, 2018 9:16 AM To: Tomcat Users List Cc: ccheltenham-...@philasd.org Subject: RE: tomcat 8.5.28 Please paused on all your attempts none of this sounds above board so many issues and no one has a point of contact to talk to or whom to I should go to please don't proceed until I have spoken to a software specialist. From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] Sent: Friday, March 02, 2018 9:08 AM To: 'Tomcat Users List' Subject: tomcat 8.5.28 Hello, Has anyone set up tomcat as a non-root use? I have set it up successfully however, I have to bound the non-root user to port 8443. What is the best way to reroute 8443 through 443? There are several options. Everything is set up at send to port 443 so I need to reroute 8443 in and out of 443 CentOS 7 by the way - === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat 8.5.28
Please paused on all your attempts none of this sounds above board so many issues and no one has a point of contact to talk to or whom to I should go to please don't proceed until I have spoken to a software specialist. From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] Sent: Friday, March 02, 2018 9:08 AM To: 'Tomcat Users List' Subject: tomcat 8.5.28 Hello, Has anyone set up tomcat as a non-root use? I have set it up successfully however, I have to bound the non-root user to port 8443. What is the best way to reroute 8443 through 443? There are several options. Everything is set up at send to port 443 so I need to reroute 8443 in and out of 443 CentOS 7 by the way - === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571
tomcat 8.5.28
Hello, Has anyone set up tomcat as a non-root use? I have set it up successfully however, I have to bound the non-root user to port 8443. What is the best way to reroute 8443 through 443? There are several options. Everything is set up at send to port 443 so I need to reroute 8443 in and out of 443 CentOS 7 by the way - === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571
RE: Security of AJP
Everyone, As far as documentation. We realize it is very difficult to write open source docs because there are so many different scenarios that will work for a given customer's environment. Possibly if you declare your audience , that would help. Possibly if you specify minimum knowledge requirements , that would help. To me , if there is no declaration of whom you are speaking to; then its written for the general populous. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Mark A. Claassen [mailto:mclaas...@ocie.net] Sent: Thursday, March 1, 2018 11:20 AM To: Tomcat Users List Subject: RE: Security of AJP Thanks everyone for your feedback. I am the one who unknowingly opened this can of worms. :) It seems like there is a bit of momentum for altering the documentation, so I thought I would offer something that incorporated some of these suggestions. I left out the part about "why" one would use a reverse proxy. Maybe it should be referenced here, but that is seems like something a higher level topic that might be more appropriate somewhere else. (If it doesn't fit anywhere else either, I can add it back.) --- The AJP Connector element represents a Connector component that communicates with a HTTP server via the AJP protocol. This is an unencrypted protocol and is therefore recommended for use on a protected network or encrypted by some other means, like SSH tunneling. The most common configuration for this is when an HTTP server acts as a reverse proxy in front of one or more Tomcat servers. Besides being a more efficient protocol that HTTP, there are several configuration options in this connector designed to allow Tomcat to operate as it would if it were not running behind a reverse proxy. --- Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting. -Original Message- From: Terence M. Bandoian [mailto:tere...@tmbsw.com] Sent: Thursday, March 1, 2018 8:34 AM To: Tomcat Users List Subject: Re: Security of AJP On 2/28/2018 10:16 AM, Mark H. Wood wrote: > On Wed, Feb 28, 2018 at 09:25:53AM -0500, Christopher Schultz wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Chris, >> >> On 2/28/18 8:40 AM, Cheltenham, Chris wrote: >>> Since AJP is not really needed by Tomcat; If I comment out the AJP >>> startup line in server.xml will that affect anything. >>> >>> I still don't even understand what its for. I have read the apache >>> docs but it doesn't mean anything to me.. Apache's description >>> doesn't tell me anything. >>> >>> >>> The AJP Connector element represents a Connector component that >>> communicates with a web connector via the AJP protocol. This is used >>> for cases where you wish to invisibly integrate Tomcat into an >>> existing (or new) Apache installation, and you want Apache to handle >>> the static content contained in the web application, and/or utilize >>> Apache's SSL processing. >>> >>> That is mumbo jumbo. >> Is it? > Well, it could be improved. For example, by using the > widely-understood word "proxy" somewhere, or defining "web connector". > Also by recalling that "Apache" is a huge array of various projects > (including Tomcat!), while "Apache HTTP Server" refers to a specific > web server daemon that can front-end Tomcat. One could even link > "Apache HTTP Server" to 'http://httpd.apache.org/'. > +1. Maybe "...communicates with an HTTP server via..." in the first sentence? Also, the second sentence could be greatly simplified. -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible and how
On 02.03.2018 10:15, M. Osama Alghwell wrote: Hi, sorry for the mistake about the Tomcat, it is 5.4 Mmm. That sounds like a bootlegged, pre-release, and probably illegal version. [...] I am thinking to move it to Linux platform, because I am better with Linux and I think Java is more smoother with Linux. Definitely. According to this : http://www.linuxandubuntu.com/home/top-8-linux-distributions-of-2016 "Fedora - Bleeding Edge" is the smoothest of all. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible and how
Hi, sorry for the mistake about the Tomcat, it is 5.4 Thank you for the guidance I will send if I will face any obstacles. Even though, I tried to do migration from old windows and MS SQL to new one but I faced with a lot of error messages and I couldn't complete it. I am thinking to move it to Linux platform, because I am better with Linux and I think Java is more smoother with Linux. Any hint would be appreciated very much. Thank you On Wed, Feb 28, 2018 at 7:34 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > > Subject: Re: Is it possible and how > > > On 2/28/18 11:12 AM, M. Osama Alghwell wrote: > > > I have a Java application that run on windows and using to Tomcat > > > (unfortunately it is Tomcat 4.5 and I an assigned to upgrade it). > > There was no Tomcat 4.5; 4.1, 5.0, and 5.5 were released, many years ago. > > > > Is it possible to move to Linux platform? and is it possible to > > > jump to Tomcat 8.x? what action should be taken? > > > While that sounds like a big jump (Windows -> Linux, Tomcat 4.x -> > > 8.x), it shouldn't be a *huge* change. You'll also need a Java upgrade > > as well, of course (Tomcat 8 requires Java 7 or later; I recommend > > Java 8). > > Reading the migration guides would also be useful, although they don't go > all the way back to Tomcat 4: > http://tomcat.apache.org/migration.html > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > -- *M. Osama Alghwell*