Re: ECDSA Private Keys

[logo]

Chris and Mark,


> Am 09.01.2020 um 21:49 schrieb Christopher Schultz 
> :
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> All,
> 
> On 1/9/20 3:45 PM, Christopher Schultz wrote:
>> Mark and Peter,
>> 
>> On 1/9/20 3:36 PM, Mark Thomas wrote:
>>> On 09/01/2020 20:22, logo wrote:
 Mark,
 
> Am 09.01.2020 um 20:36 schrieb Mark Thomas
> :
> 
> On 02/01/2020 09:24, logo wrote:
> 
> 
> 
>> The connector comes up correctly, is accessible through
>> the browser but if I test the ssl setup, I get an error
>> message that the key/cert may not be used for "Key
>> agreement"
>> 
>> See: testssl.sh :8443
>> 
>> Signature Algorithm  ECDSA with SHA256 Server key 
>> size  EC 256 bits Server key usage Digital
>> Signature, Key Encipherment Certificate incorrectly used
>> for key agreement Server extended key usageTLS Web 
>> Server Authentication, TLS Web Client Authentication
 
 The key usage error is caused by identifying ECDH_RSA ciphers
 on the connector… (most certainly an unexpected edge case,
 I’ve debugged it that far). That should not be the case - as it
 is an ECDSA Cert, right?
>> 
>>> I don't think so.
>> 
>>> I'm seeing ECHD/RSA ciphers in the output and I am not getting
>>> that warning.
>> 
>>> My reading of a couple of questions on stack exchange suggests
>>> RSA vs DSA ciphers depends on how the CA signs the cert. My test
>>> CA signs with RSA.
>> 

Root and Intermediate are RSA-signed.

Cert is:
Signature Algorithm   ECDSA with SHA256
Server key size  EC 256 bits


>> DSA is almost never used. Nearly 100% of keys in the world are 
>> plain-RSA or EC. I know of no CA that uses DSA for signing. So
>> pretty much every cert you will come across will be EC-with-RSA or 
>> RSA-with-RSA (that's keytype-with-signature-type).
> 
> Obviously, the above is a mixture of half-truths and irrelevant
> information. I was thinking of RSA versus DSA keys, not ECDSA as a
> signature algorithm in its own right.

Maybe I’m causing a lot of hassle by asking these questions. So far I was happy 
to get a cert with a key, drop it in the right spot and all worked well. If I 
stick to RSA that should stay like this.

So actually it won’t be a problem of the client - as long as it finds one 
matching cipher. So for now, we should be fine if an EC-key is supported.

Nevertheless I will try to contact Dirk Wetter and ask him if he can explain 
the finding. 

Peter


> 
> Carry on...
> 
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> 
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4XkdgACgkQHPApP6U8
> pFiJ/xAAudFM0wtuRNTIZy6hHGpwLZ4QX6Z9mbWYBYJ93eId8VKL8jQyHgkGTXyT
> OZ2moW+13Grr5zGxo7WgS4EGc1+MKnrBfSY0BwQJwKCwDCJOKTCqMjSybUMrrM7Y
> POf/Lwc+KbxTNhMd7KonxpwYOhox6Cu+I0wh/EQl5jsJCDK4VFW9Y7BjywlQsGjI
> reYQCEu7Sc98c+x8lw1eb6soAj7cIRzmyf8lofS0eOXW10waesIrZSL+8/QyiGd6
> ku6198xaB4ofGOaeXBOO3L91e/2Kx4oRPd0FQHqe0h/nUp9+YJbOr6ypub9nCuuX
> Oq/MAPUv2Abds3mYAAdRNipJmsGmcud3dgJubzmVAQqfoJTCZHtn90p7IBJGK1t0
> 7nCmFCDGdqEYv43v6lBrzc6X5BBMT99c7gZ7pqWq7n2lAmorVNZK3rDkT4wMUjP3
> OO0YapUd2+PyrneBFGb5e6lHvzHGk6sbKTNoeMkcMFAD3S5cE20w79gBruYP3y3B
> PlwFIXmYQTGBExIpTxZQziD19yKsavi8tMXWfLHt9yw04a9vIxeQdaSG6sFLQrj7
> ZzyX1q9uhxieyTNNjwaDxhkLpnSJDHelu5SLV32TBr+9OL3426r3cVsivQQlouWD
> iAGdB84DMZLj0dINM1Y7XJHe/4FHjoMfnn7ELIiTdYmPm1sLJMQ=
> =c/td
> -END PGP SIGNATURE-
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat app within docker container

[Alex K]

Thanx Logo,


On Fri, Jan 10, 2020 at 3:06 PM logo  wrote:

> Alex,
>
> Am 2020-01-10 12:47, schrieb Alex K:
> > Just to follow-up on this in case it will be useful to anyone, I
> > managed to
> > use also the official tomcat image. I had to amend my .war files and
> > use
> > the openjdk:8-jdk version instead of openjdk:11-jdk.
> >
> > I have used the following Docker files to prepare my custom tomcat
> > image
> > (so as to have tomcat home at /opt/tomcat) and then deployed the final
> > app
> > as following:
> >
> > Got openjdk:8-jdk Docker file from:
> >
> https://github.com/docker-library/tomcat/blob/807a2b4f219d70f5ba6f4773d4ee4ee155850b0d/8.5/jdk8/openjdk/Dockerfile
> > Amended the tomcat home to /opt/tomcat.
> >
> > Then deployed the app using the following Docker file:
> >
> > FROM tomcat:custom
> > USER root
> > ENV CATALINA_HOME /opt/tomcat
> > ENV PATH $CATALINA_HOME/bin:$PATH
> > RUN mkdir -p "$CATALINA_HOME"
> > WORKDIR $CATALINA_HOME
> > ADD iforms_files/app.war $CATALINA_HOME/webapps/
> > ADD iforms_files/orbeon.war $CATALINA_HOME/webapps/
> > ADD iforms_files/server.xml $CATALINA_HOME/conf/
> > ADD iforms_files/mariadb-java-client-2.4.1.jar $CATALINA_HOME/lib
> > ADD iforms_files/setenv.sh $CATALINA_HOME/bin/
> > EXPOSE 8443
> > CMD ["catalina.sh", "run"]
> >
> > I also tried the alpine versions:
> >
> https://hub.docker.com/layers/openjdk/library/openjdk/8-jre-alpine3.9/images/sha256-ea81da311d33e052eeea34336018434bdc50596100f9c623193867faa291b284
> >
> > by using the same Dockerfile (by pointing to the custom built image
> > FROM
> > tomcat:alpine) I was able to deploy same app successfully reaching
> > image
> > size 281MB instead of 660MB with the default tomcat image.
> >
> >
> Almost perfect.
>
> Now have a look at
>
> https://tomcat.apache.org/tomcat-9.0-doc/introduction.html#CATALINA_HOME_and_CATALINA_BASE
> .
>
> This way you don't have to change the installation directory.
>
> set CATALINA_BASE to /opt/tomcat and deploy all your conf and webapp to
> the directories underneath /opt/tomcat.
>
> like this:
>
> FROM tomcat:8-jdk8-openjdk-slim
>   #(slim saves you space)
>
> ENV CATALINA_BASE /opt/tomcat
> WORKDIR $CATALINA_BASE
> RUN mkdir -p temp logs work webapps conf
>
I had to create lib also, so as to copy  mariadb-java-client-2.4.1.jar

ADD iforms_files/app.war $CATALINA_BASE/webapps/
> ADD iforms_files/orbeon.war $CATALINA_BASE/webapps/
> ADD iforms_files/server.xml $CATALINA_BASE/conf/
> # you do need those:
> ADD iforms_files/tomcat-users.xml $CATALINA_BASE/conf/
> ADD iforms_files/web.xml $CATALINA_BASE/conf/
>
> ADD iforms_files/mariadb-java-client-2.4.1.jar $CATALINA_BASE/lib
> ADD iforms_files/setenv.sh $CATALINA_BASE/bin/
>
> EXPOSE 8443
> CMD ["catalina.sh", "run"]
>
> optionally I'd recommend to change the user to tomcat (root is baaah)
>
> ...
> RUN set -x \
>&& groupadd tomcat \
>&& useradd -g tomcat -s /usr/bin/nologin -m -d /home/tomcat tomcat \
>&& chown -R tomcat:tomcat $CATALINA_HOME $CATALINA_BASE
>
> USER tomcat
> ...
>
> Imagesize is sth like 300MB. Unique size 18MB
>
I get 633MB. The .war files I copy seems to add quite a lot. But this is
fine.


> HTH
>
> Peter
>
> 
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat app within docker container

[logo]

Alex,

Am 2020-01-10 12:47, schrieb Alex K:
Just to follow-up on this in case it will be useful to anyone, I 
managed to
use also the official tomcat image. I had to amend my .war files and 
use

the openjdk:8-jdk version instead of openjdk:11-jdk.

I have used the following Docker files to prepare my custom tomcat 
image
(so as to have tomcat home at /opt/tomcat) and then deployed the final 
app

as following:

Got openjdk:8-jdk Docker file from:
https://github.com/docker-library/tomcat/blob/807a2b4f219d70f5ba6f4773d4ee4ee155850b0d/8.5/jdk8/openjdk/Dockerfile
Amended the tomcat home to /opt/tomcat.

Then deployed the app using the following Docker file:

FROM tomcat:custom
USER root
ENV CATALINA_HOME /opt/tomcat
ENV PATH $CATALINA_HOME/bin:$PATH
RUN mkdir -p "$CATALINA_HOME"
WORKDIR $CATALINA_HOME
ADD iforms_files/app.war $CATALINA_HOME/webapps/
ADD iforms_files/orbeon.war $CATALINA_HOME/webapps/
ADD iforms_files/server.xml $CATALINA_HOME/conf/
ADD iforms_files/mariadb-java-client-2.4.1.jar $CATALINA_HOME/lib
ADD iforms_files/setenv.sh $CATALINA_HOME/bin/
EXPOSE 8443
CMD ["catalina.sh", "run"]

I also tried the alpine versions:
https://hub.docker.com/layers/openjdk/library/openjdk/8-jre-alpine3.9/images/sha256-ea81da311d33e052eeea34336018434bdc50596100f9c623193867faa291b284

by using the same Dockerfile (by pointing to the custom built image 
FROM
tomcat:alpine) I was able to deploy same app successfully reaching 
image

size 281MB instead of 660MB with the default tomcat image.



Almost perfect.

Now have a look at 
https://tomcat.apache.org/tomcat-9.0-doc/introduction.html#CATALINA_HOME_and_CATALINA_BASE.


This way you don't have to change the installation directory.

set CATALINA_BASE to /opt/tomcat and deploy all your conf and webapp to 
the directories underneath /opt/tomcat.


like this:

FROM tomcat:8-jdk8-openjdk-slim
 #(slim saves you space)

ENV CATALINA_BASE /opt/tomcat
WORKDIR $CATALINA_BASE
RUN mkdir -p temp logs work webapps conf
ADD iforms_files/app.war $CATALINA_BASE/webapps/
ADD iforms_files/orbeon.war $CATALINA_BASE/webapps/
ADD iforms_files/server.xml $CATALINA_BASE/conf/
# you do need those:
ADD iforms_files/tomcat-users.xml $CATALINA_BASE/conf/
ADD iforms_files/web.xml $CATALINA_BASE/conf/

ADD iforms_files/mariadb-java-client-2.4.1.jar $CATALINA_BASE/lib
ADD iforms_files/setenv.sh $CATALINA_BASE/bin/

EXPOSE 8443
CMD ["catalina.sh", "run"]

optionally I'd recommend to change the user to tomcat (root is baaah)

...
RUN set -x \
  && groupadd tomcat \
  && useradd -g tomcat -s /usr/bin/nologin -m -d /home/tomcat tomcat \
  && chown -R tomcat:tomcat $CATALINA_HOME $CATALINA_BASE

USER tomcat
...

Imagesize is sth like 300MB. Unique size 18MB

HTH

Peter



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat app within docker container

[Martynas Jusevičius]

Why build the webapp outside Docker? It means that docker build is not
enough to give you an image, it needs some extra steps beforehand.

On Fri, Jan 10, 2020 at 12:47 PM Alex K  wrote:
>
> Just to follow-up on this in case it will be useful to anyone, I managed to
> use also the official tomcat image. I had to amend my .war files and use
> the openjdk:8-jdk version instead of openjdk:11-jdk.
>
> I have used the following Docker files to prepare my custom tomcat image
> (so as to have tomcat home at /opt/tomcat) and then deployed the final app
> as following:
>
> Got openjdk:8-jdk Docker file from:
> https://github.com/docker-library/tomcat/blob/807a2b4f219d70f5ba6f4773d4ee4ee155850b0d/8.5/jdk8/openjdk/Dockerfile
> Amended the tomcat home to /opt/tomcat.
>
> Then deployed the app using the following Docker file:
>
> FROM tomcat:custom
> USER root
> ENV CATALINA_HOME /opt/tomcat
> ENV PATH $CATALINA_HOME/bin:$PATH
> RUN mkdir -p "$CATALINA_HOME"
> WORKDIR $CATALINA_HOME
> ADD iforms_files/app.war $CATALINA_HOME/webapps/
> ADD iforms_files/orbeon.war $CATALINA_HOME/webapps/
> ADD iforms_files/server.xml $CATALINA_HOME/conf/
> ADD iforms_files/mariadb-java-client-2.4.1.jar $CATALINA_HOME/lib
> ADD iforms_files/setenv.sh $CATALINA_HOME/bin/
> EXPOSE 8443
> CMD ["catalina.sh", "run"]
>
> I also tried the alpine versions:
> https://hub.docker.com/layers/openjdk/library/openjdk/8-jre-alpine3.9/images/sha256-ea81da311d33e052eeea34336018434bdc50596100f9c623193867faa291b284
>
> by using the same Dockerfile (by pointing to the custom built image FROM
> tomcat:alpine) I was able to deploy same app successfully reaching image
> size 281MB instead of 660MB with the default tomcat image.
>
>
>
>
> On Fri, Jan 10, 2020 at 11:52 AM Alex K  wrote:
>
> > Hi,
> >
> > On Thu, Jan 9, 2020 at 7:50 PM Mark Eggers 
> > wrote:
> >
> >> Alex,
> >>
> >> On 1/9/2020 8:51 AM, Alex K wrote:
> >> > Hi all,
> >> >
> >> > I have two .war files that when deployed at a plain Debian 9 VM are
> >> working
> >> > fine.
> >> > I have prepared a docker file so as to deploy the same apps within a
> >> docker
> >> > container and for some reason one of the apps is not loading due to some
> >> > error.
> >> >
> >> > Dockerfile:
> >> > FROM debian:latest
> >> > USER root
> >> >
> >> > ENV CATALINA_HOME /opt/tomcat
> >> > ENV PATH $CATALINA_HOME/bin:$PATH
> >> > RUN mkdir -p "$CATALINA_HOME"
> >> > WORKDIR $CATALINA_HOME
> >> >
> >> > # Install packages
> >> > RUN apt update && apt install default-jdk -y && groupadd tomcat &&
> >> useradd
> >> > -s /bin/false -g tomcat -d $CATALINA_HOME tomcat
> >> > COPY apache-tomcat-8.5.50.tar.gz /tmp/
> >> >
> >> > RUN tar xzvf /tmp/apache-tomcat-8.5.50.tar.gz -C /opt/tomcat
> >> > --strip-components=1
> >> >
> >> > ADD app.war $CATALINA_HOME/webapps/
> >> > ADD orbeon.war $CATALINA_HOME/webapps/
> >> > ADD server.xml $CATALINA_HOME/conf/
> >> > ADD web.xml $CATALINA_HOME/conf/
> >> > ADD mariadb-java-client-2.4.1.jar $CATALINA_HOME/lib
> >> > ADD setenv.sh $CATALINA_HOME/bin/
> >> >
> >> > RUN chgrp -R tomcat $CATALINA_HOME && \
> >> > chown -R tomcat webapps/ work/ temp/ logs/ && \
> >> > chmod -R g+r conf && \
> >> > chmod g+x conf && \
> >> > chmod 750 $CATALINA_HOME/bin/setenv.sh && \
> >> > rm -f /tmp/apache-tomcat-8.5.50.tar.gz;
> >> >
> >> > EXPOSE 8443
> >> > CMD ["catalina.sh", "run"]
> >> >
> >> > I have tried also several other ways, by using directly other docker
> >> tomcat
> >> > images everytime resulting with some error.
> >> >
> >> > The error I am getting now is:
> >> >
> >> > 10:21:32.201 WARN  c.h.c.c.s.CubaXmlWebApplicationContext  - Exception
> >> > encountered during context initialization - cancelling refresh attempt:
> >> > org.springframework.beans.factory.BeanCreationException: Error creating
> >> > bean with name 'org.springframework.security.filterChains': Cannot
> >> resolve
> >> > reference to bean
> >> > 'org.springframework.security.web.DefaultSecurityFilterChain#0' while
> >> > setting bean property 'sourceList' with key [0]; nested exception is
> >> > org.springframework.beans.factory.BeanCreationException: Error creating
> >> > bean with name
> >> > 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot
> >> > create inner bean '(inner bean)#27690bd5' of type
> >> >
> >> [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]
> >> > while setting constructor argument with key [4]; nested exception is
> >> > org.springframework.beans.factory.BeanCreationException: Error creating
> >> > bean with name '(inner bean)#27690bd5': Cannot resolve reference to bean
> >> > 'clientAuthenticationEntryPoint' while setting constructor argument;
> >> nested
> >> > exception is org.springframework.beans.factory.BeanCreationException:
> >> Error
> >> > creating bean with name 'clientAuthenticationEntryPoint' defined in
> >> class
> >> > path resource [com/haulmont/addon/restapi/rest-dispatcher-spring.xml]:
> >> > Instantiation of 

Re: Tomcat app within docker container

[Alex K]

Just to follow-up on this in case it will be useful to anyone, I managed to
use also the official tomcat image. I had to amend my .war files and use
the openjdk:8-jdk version instead of openjdk:11-jdk.

I have used the following Docker files to prepare my custom tomcat image
(so as to have tomcat home at /opt/tomcat) and then deployed the final app
as following:

Got openjdk:8-jdk Docker file from:
https://github.com/docker-library/tomcat/blob/807a2b4f219d70f5ba6f4773d4ee4ee155850b0d/8.5/jdk8/openjdk/Dockerfile
Amended the tomcat home to /opt/tomcat.

Then deployed the app using the following Docker file:

FROM tomcat:custom
USER root
ENV CATALINA_HOME /opt/tomcat
ENV PATH $CATALINA_HOME/bin:$PATH
RUN mkdir -p "$CATALINA_HOME"
WORKDIR $CATALINA_HOME
ADD iforms_files/app.war $CATALINA_HOME/webapps/
ADD iforms_files/orbeon.war $CATALINA_HOME/webapps/
ADD iforms_files/server.xml $CATALINA_HOME/conf/
ADD iforms_files/mariadb-java-client-2.4.1.jar $CATALINA_HOME/lib
ADD iforms_files/setenv.sh $CATALINA_HOME/bin/
EXPOSE 8443
CMD ["catalina.sh", "run"]

I also tried the alpine versions:
https://hub.docker.com/layers/openjdk/library/openjdk/8-jre-alpine3.9/images/sha256-ea81da311d33e052eeea34336018434bdc50596100f9c623193867faa291b284

by using the same Dockerfile (by pointing to the custom built image FROM
tomcat:alpine) I was able to deploy same app successfully reaching image
size 281MB instead of 660MB with the default tomcat image.




On Fri, Jan 10, 2020 at 11:52 AM Alex K  wrote:

> Hi,
>
> On Thu, Jan 9, 2020 at 7:50 PM Mark Eggers 
> wrote:
>
>> Alex,
>>
>> On 1/9/2020 8:51 AM, Alex K wrote:
>> > Hi all,
>> >
>> > I have two .war files that when deployed at a plain Debian 9 VM are
>> working
>> > fine.
>> > I have prepared a docker file so as to deploy the same apps within a
>> docker
>> > container and for some reason one of the apps is not loading due to some
>> > error.
>> >
>> > Dockerfile:
>> > FROM debian:latest
>> > USER root
>> >
>> > ENV CATALINA_HOME /opt/tomcat
>> > ENV PATH $CATALINA_HOME/bin:$PATH
>> > RUN mkdir -p "$CATALINA_HOME"
>> > WORKDIR $CATALINA_HOME
>> >
>> > # Install packages
>> > RUN apt update && apt install default-jdk -y && groupadd tomcat &&
>> useradd
>> > -s /bin/false -g tomcat -d $CATALINA_HOME tomcat
>> > COPY apache-tomcat-8.5.50.tar.gz /tmp/
>> >
>> > RUN tar xzvf /tmp/apache-tomcat-8.5.50.tar.gz -C /opt/tomcat
>> > --strip-components=1
>> >
>> > ADD app.war $CATALINA_HOME/webapps/
>> > ADD orbeon.war $CATALINA_HOME/webapps/
>> > ADD server.xml $CATALINA_HOME/conf/
>> > ADD web.xml $CATALINA_HOME/conf/
>> > ADD mariadb-java-client-2.4.1.jar $CATALINA_HOME/lib
>> > ADD setenv.sh $CATALINA_HOME/bin/
>> >
>> > RUN chgrp -R tomcat $CATALINA_HOME && \
>> > chown -R tomcat webapps/ work/ temp/ logs/ && \
>> > chmod -R g+r conf && \
>> > chmod g+x conf && \
>> > chmod 750 $CATALINA_HOME/bin/setenv.sh && \
>> > rm -f /tmp/apache-tomcat-8.5.50.tar.gz;
>> >
>> > EXPOSE 8443
>> > CMD ["catalina.sh", "run"]
>> >
>> > I have tried also several other ways, by using directly other docker
>> tomcat
>> > images everytime resulting with some error.
>> >
>> > The error I am getting now is:
>> >
>> > 10:21:32.201 WARN  c.h.c.c.s.CubaXmlWebApplicationContext  - Exception
>> > encountered during context initialization - cancelling refresh attempt:
>> > org.springframework.beans.factory.BeanCreationException: Error creating
>> > bean with name 'org.springframework.security.filterChains': Cannot
>> resolve
>> > reference to bean
>> > 'org.springframework.security.web.DefaultSecurityFilterChain#0' while
>> > setting bean property 'sourceList' with key [0]; nested exception is
>> > org.springframework.beans.factory.BeanCreationException: Error creating
>> > bean with name
>> > 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot
>> > create inner bean '(inner bean)#27690bd5' of type
>> >
>> [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]
>> > while setting constructor argument with key [4]; nested exception is
>> > org.springframework.beans.factory.BeanCreationException: Error creating
>> > bean with name '(inner bean)#27690bd5': Cannot resolve reference to bean
>> > 'clientAuthenticationEntryPoint' while setting constructor argument;
>> nested
>> > exception is org.springframework.beans.factory.BeanCreationException:
>> Error
>> > creating bean with name 'clientAuthenticationEntryPoint' defined in
>> class
>> > path resource [com/haulmont/addon/restapi/rest-dispatcher-spring.xml]:
>> > Instantiation of bean failed; nested exception is
>> > org.springframework.beans.BeanInstantiationException: Failed to
>> instantiate
>> >
>> [org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint]:
>> > Constructor threw exception; nested exception is
>> > java.lang.NoClassDefFoundError: javax/xml/bind/JAXBException
>> > 10:21:32.243 ERROR c.h.a.r.a.r.RestAPIDispatcherServlet- Context
>> > initialization 

Re: Tomcat app within docker container

[Alex K]

Hi,

On Thu, Jan 9, 2020 at 7:50 PM Mark Eggers 
wrote:

> Alex,
>
> On 1/9/2020 8:51 AM, Alex K wrote:
> > Hi all,
> >
> > I have two .war files that when deployed at a plain Debian 9 VM are
> working
> > fine.
> > I have prepared a docker file so as to deploy the same apps within a
> docker
> > container and for some reason one of the apps is not loading due to some
> > error.
> >
> > Dockerfile:
> > FROM debian:latest
> > USER root
> >
> > ENV CATALINA_HOME /opt/tomcat
> > ENV PATH $CATALINA_HOME/bin:$PATH
> > RUN mkdir -p "$CATALINA_HOME"
> > WORKDIR $CATALINA_HOME
> >
> > # Install packages
> > RUN apt update && apt install default-jdk -y && groupadd tomcat &&
> useradd
> > -s /bin/false -g tomcat -d $CATALINA_HOME tomcat
> > COPY apache-tomcat-8.5.50.tar.gz /tmp/
> >
> > RUN tar xzvf /tmp/apache-tomcat-8.5.50.tar.gz -C /opt/tomcat
> > --strip-components=1
> >
> > ADD app.war $CATALINA_HOME/webapps/
> > ADD orbeon.war $CATALINA_HOME/webapps/
> > ADD server.xml $CATALINA_HOME/conf/
> > ADD web.xml $CATALINA_HOME/conf/
> > ADD mariadb-java-client-2.4.1.jar $CATALINA_HOME/lib
> > ADD setenv.sh $CATALINA_HOME/bin/
> >
> > RUN chgrp -R tomcat $CATALINA_HOME && \
> > chown -R tomcat webapps/ work/ temp/ logs/ && \
> > chmod -R g+r conf && \
> > chmod g+x conf && \
> > chmod 750 $CATALINA_HOME/bin/setenv.sh && \
> > rm -f /tmp/apache-tomcat-8.5.50.tar.gz;
> >
> > EXPOSE 8443
> > CMD ["catalina.sh", "run"]
> >
> > I have tried also several other ways, by using directly other docker
> tomcat
> > images everytime resulting with some error.
> >
> > The error I am getting now is:
> >
> > 10:21:32.201 WARN  c.h.c.c.s.CubaXmlWebApplicationContext  - Exception
> > encountered during context initialization - cancelling refresh attempt:
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name 'org.springframework.security.filterChains': Cannot
> resolve
> > reference to bean
> > 'org.springframework.security.web.DefaultSecurityFilterChain#0' while
> > setting bean property 'sourceList' with key [0]; nested exception is
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name
> > 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot
> > create inner bean '(inner bean)#27690bd5' of type
> >
> [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]
> > while setting constructor argument with key [4]; nested exception is
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name '(inner bean)#27690bd5': Cannot resolve reference to bean
> > 'clientAuthenticationEntryPoint' while setting constructor argument;
> nested
> > exception is org.springframework.beans.factory.BeanCreationException:
> Error
> > creating bean with name 'clientAuthenticationEntryPoint' defined in class
> > path resource [com/haulmont/addon/restapi/rest-dispatcher-spring.xml]:
> > Instantiation of bean failed; nested exception is
> > org.springframework.beans.BeanInstantiationException: Failed to
> instantiate
> >
> [org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint]:
> > Constructor threw exception; nested exception is
> > java.lang.NoClassDefFoundError: javax/xml/bind/JAXBException
> > 10:21:32.243 ERROR c.h.a.r.a.r.RestAPIDispatcherServlet- Context
> > initialization failed
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name 'org.springframework.security.filterChains': Cannot
> resolve
> > reference to bean
> > 'org.springframework.security.web.DefaultSecurityFilterChain#0' while
> > setting bean property 'sourceList' with key [0]; nested exception is
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name
> > 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot
> > create inner bean '(inner bean)#27690bd5' of type
> >
> [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]
> > while setting constructor argument with key [4]; nested exception is
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name '(inner bean)#27690bd5': Cannot resolve reference to bean
> > 'clientAuthenticationEntryPoint' while setting constructor argument;
> nested
> > exception is org.springframework.beans.factory.BeanCreationException:
> Error
> > creating bean with name 'clientAuthenticationEntryPoint' defined in class
> > path resource [com/haulmont/addon/restapi/rest-dispatcher-spring.xml]:
> > Instantiation of bean failed; nested exception is
> > org.springframework.beans.BeanInstantiationException: Failed to
> instantiate
> >
> [org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint]:
> > Constructor threw exception; nested exception is
> > java.lang.NoClassDefFoundError: javax/xml/bind/JAXBException
> >
> >
> > Since I am not very familiar with tomcat, I would appreciate 

Re: Tomcat app within docker container

[Alex K]

Hi Logo,

On Thu, Jan 9, 2020 at 7:40 PM logo  wrote:

> Hi Alex,
>
>
>
> > Am 09.01.2020 um 17:51 schrieb Alex K :
> >
> > Hi all,
> >
> > I have two .war files that when deployed at a plain Debian 9 VM are
> working
> > fine.
> > I have prepared a docker file so as to deploy the same apps within a
> docker
> > container and for some reason one of the apps is not loading due to some
> > error.
> >
> > Dockerfile:
> > FROM debian:latest
>
> Why not using any of the different flavored tomcat images?
>
Tried to to that but I failed also with some other errors. Also I tried to
build the official tomcat image so as to change the default tomcat home
dir, as I wanted to be /opt/tomcat instead of /usr/local/tomcat. I will try
again to use such tomcat images, as going from scratch with debian it gives
me approx 1 GB image size which is somehow big to deploy.


> https://hub.docker.com/_/tomcat 
>
> You get a working jdk (oracle, adopt, openjdk) and don’t have to build the
> system yourself.
> That may help to get the base running and then copy your file to the
> correct spots.
>
>
> > USER root
> >
> > ENV CATALINA_HOME /opt/tomcat
> > ENV PATH $CATALINA_HOME/bin:$PATH
> > RUN mkdir -p "$CATALINA_HOME"
> > WORKDIR $CATALINA_HOME
> >
> > # Install packages
> > RUN apt update && apt install default-jdk -y && groupadd tomcat &&
> useradd
> > -s /bin/false -g tomcat -d $CATALINA_HOME tomcat
> > COPY apache-tomcat-8.5.50.tar.gz /tmp/
> >
> > RUN tar xzvf /tmp/apache-tomcat-8.5.50.tar.gz -C /opt/tomcat
> > --strip-components=1
> >
> > ADD app.war $CATALINA_HOME/webapps/
> > ADD orbeon.war $CATALINA_HOME/webapps/
> > ADD server.xml $CATALINA_HOME/conf/
> > ADD web.xml $CATALINA_HOME/conf/
> > ADD mariadb-java-client-2.4.1.jar $CATALINA_HOME/lib
> > ADD setenv.sh $CATALINA_HOME/bin/
> >
> > RUN chgrp -R tomcat $CATALINA_HOME && \
> >chown -R tomcat webapps/ work/ temp/ logs/ && \
> >chmod -R g+r conf && \
> >chmod g+x conf && \
> >chmod 750 $CATALINA_HOME/bin/setenv.sh && \
> >rm -f /tmp/apache-tomcat-8.5.50.tar.gz;
> >
> > EXPOSE 8443
> > CMD ["catalina.sh", "run"]
> >
> > I have tried also several other ways, by using directly other docker
> tomcat
> > images everytime resulting with some error.
> >
> > The error I am getting now is:
> >
> > 10:21:32.201 WARN  c.h.c.c.s.CubaXmlWebApplicationContext  - Exception
> > encountered during context initialization - cancelling refresh attempt:
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name 'org.springframework.security.filterChains': Cannot
> resolve
> > reference to bean
> > 'org.springframework.security.web.DefaultSecurityFilterChain#0' while
> > setting bean property 'sourceList' with key [0]; nested exception is
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name
> > 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot
> > create inner bean '(inner bean)#27690bd5' of type
> >
> [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]
> > while setting constructor argument with key [4]; nested exception is
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name '(inner bean)#27690bd5': Cannot resolve reference to bean
> > 'clientAuthenticationEntryPoint' while setting constructor argument;
> nested
> > exception is org.springframework.beans.factory.BeanCreationException:
> Error
> > creating bean with name 'clientAuthenticationEntryPoint' defined in class
> > path resource [com/haulmont/addon/restapi/rest-dispatcher-spring.xml]:
> > Instantiation of bean failed; nested exception is
> > org.springframework.beans.BeanInstantiationException: Failed to
> instantiate
> >
> [org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint]:
> > Constructor threw exception; nested exception is
> > java.lang.NoClassDefFoundError: javax/xml/bind/JAXBException
> > 10:21:32.243 ERROR c.h.a.r.a.r.RestAPIDispatcherServlet- Context
> > initialization failed
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name 'org.springframework.security.filterChains': Cannot
> resolve
> > reference to bean
> > 'org.springframework.security.web.DefaultSecurityFilterChain#0' while
> > setting bean property 'sourceList' with key [0]; nested exception is
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name
> > 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot
> > create inner bean '(inner bean)#27690bd5' of type
> >
> [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]
> > while setting constructor argument with key [4]; nested exception is
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name '(inner bean)#27690bd5': Cannot resolve reference to bean
> > 'clientAuthenticationEntryPoint' while