Re: File "catalina.out" not being created/populated when using Tomcat 9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

[Brian]

-Original Message-
From: Emmanuel Bourg 
Reply-To: Tomcat Users List 
Date: Tuesday, June 23, 2020 at 20:01
To: "users@tomcat.apache.org" 
Subject: Re: File "catalina.out" not being created/populated when using Tomcat 
9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

Le 24/06/2020 à 02:35, Brian a écrit :

> Good news: I updated "/etc/tmpfiles.d/tomcat9.conf" (the file I created) 
with the new value of 2770. Deleted all the logs inside "/val/log/tomcat9" and 
restarted Ubuntu. "catalina.out" got created and populated.
> Bad news: Then I deleted all the logs inside "/val/log/tomcat9" and just 
restarted Tomcat (which is something I do sometimes, in production). 
"catalina.out" didn't get created this time.
> 
> Just to confirm, again I deleted all the logs inside "/val/log/tomcat9" 
and restarted Ubuntu. "catalina.out" got created and populated again.
> 
> Any ideas?

The catalina.out file is held by rsyslogd and isn't recreated unless you
restart rsyslogd. Try this when you clean the logs and restart Tomcat:

  systemctl restart rsyslog tomcat9


Hi,

I just realized that when the "bad news" experiment took place, in the syslog 
there was NOT another of those " file '/var/log/tomcat9/catalina.out': open 
error: Permission denied.." errors, so I guess it was not a permissions issue 
anymore, which makes me think that the "2770" value finally solved that issue. 
That is nice, thanks!
OK, I restarted rsyslog and the started again Tomcat as you adviced and... you 
are right, the catalina.out file got created again. So I think you are right 
about rsyslogd still holding the log file.

To be honest with you, I'm happy about the catalina.out file finally getting 
created and I really appreciate your kind help, I really do. But I'm not really 
happy about having to restart rsyslog before every time I need to restart 
Tomcat. It is weird, and I guess a lot of users will never imagine that they 
have to do that and they will not feel very pleased when they realize that the 
catalina.out file doesn't get created after restarting Tomcat. And probably 
most of them will not even notice that the Tomcat log is being added to the 
syslog, for that matter. This whole new relation between syslog and Tomcat is 
really weird and I don't think the users are being warned about it. I have used 
Tomcat+Ubuntu for several years and I haven't seen this complication before. If 
there is an advantage about this relation between syslog and Tomcat, I really 
can't see it. 

Thanks again!

Brian

Re: File "catalina.out" not being created/populated when using Tomcat 9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

[Emmanuel Bourg]

Le 24/06/2020 à 02:35, Brian a écrit :

> Good news: I updated "/etc/tmpfiles.d/tomcat9.conf" (the file I created) with 
> the new value of 2770. Deleted all the logs inside "/val/log/tomcat9" and 
> restarted Ubuntu. "catalina.out" got created and populated.
> Bad news: Then I deleted all the logs inside "/val/log/tomcat9" and just 
> restarted Tomcat (which is something I do sometimes, in production). 
> "catalina.out" didn't get created this time.
> 
> Just to confirm, again I deleted all the logs inside "/val/log/tomcat9" and 
> restarted Ubuntu. "catalina.out" got created and populated again.
> 
> Any ideas?

The catalina.out file is held by rsyslogd and isn't recreated unless you
restart rsyslogd. Try this when you clean the logs and restart Tomcat:

  systemctl restart rsyslog tomcat9

Emmanuel Bourg

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: File "catalina.out" not being created/populated when using Tomcat 9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

[Brian]

-Original Message-
From: Emmanuel Bourg 
Reply-To: Tomcat Users List 
Date: Tuesday, June 23, 2020 at 19:02
To: "users@tomcat.apache.org" 
Subject: Re: File "catalina.out" not being created/populated when using Tomcat 
9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

Le 23/06/2020 à 19:48, Brian a écrit :

> It seems that rsyslogd is still unable to deal with 
"/var/log/tomcat9/catalina.out". 
> What could be wrong now? Do you have any ideas? 

I got the permissions wrong, the adm group is now allowed to write to
/var/log/tomcat9 but not to enter it. Try 2770 instead of 2760.

Emmanuel Bourg


Hi Emmanuel,

Good news: I updated "/etc/tmpfiles.d/tomcat9.conf" (the file I created) with 
the new value of 2770. Deleted all the logs inside "/val/log/tomcat9" and 
restarted Ubuntu. "catalina.out" got created and populated.
Bad news: Then I deleted all the logs inside "/val/log/tomcat9" and just 
restarted Tomcat (which is something I do sometimes, in production). 
"catalina.out" didn't get created this time.

Just to confirm, again I deleted all the logs inside "/val/log/tomcat9" and 
restarted Ubuntu. "catalina.out" got created and populated again.

Any ideas?

Brian

Re: File "catalina.out" not being created/populated when using Tomcat 9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

[Emmanuel Bourg]

Le 23/06/2020 à 19:48, Brian a écrit :

> It seems that rsyslogd is still unable to deal with 
> "/var/log/tomcat9/catalina.out". 
> What could be wrong now? Do you have any ideas? 

I got the permissions wrong, the adm group is now allowed to write to
/var/log/tomcat9 but not to enter it. Try 2770 instead of 2760.

Emmanuel Bourg

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: broken pipe error keeps increasing open files

[Ayub Khan]

Chris,

Yes we have nginx as reverse proxy, below is the nginx config. We notice
this issue only when there is high number of requests, during non peak
hours we do not see this issue.

location /myapp/myservice{
#local machine
proxy_pass  http://localhost:8080;
proxy_http_version  1.1;

proxy_set_headerConnection  $connection_upgrade;
proxy_set_headerUpgrade $http_upgrade;
proxy_set_headerHost$host;
proxy_set_headerX-Real-IP   $remote_addr;
proxy_set_headerX-Forwarded-For $proxy_add_x_forwarded_for;


proxy_buffers 16 16k;
proxy_buffer_size 32k;
}

location / {
#  if using AWS Load balancer, this bit checks for the presence of the
https proto flag.  if regular http is found, then issue a redirect to hit
the https endpoint instead
if ($http_x_forwarded_proto != 'https') {
rewrite ^ https://$host$request_uri? permanent;
}

proxy_pass  http://127.0.0.1:8080;
proxy_http_version  1.1;

proxy_set_headerConnection  $connection_upgrade;
proxy_set_headerUpgrade $http_upgrade;
proxy_set_headerHost$host;
proxy_set_headerX-Real-IP   $remote_addr;
proxy_set_headerX-Forwarded-For $proxy_add_x_forwarded_for;


proxy_buffers 16 16k;
proxy_buffer_size 32k;
}

*below is the connector*




these ports are random, I am not sure who owns the process.

localhost:http-alt->localhost:55866 (CLOSE_WAIT) , here port 55866 is a
random port.



On Wed, Jun 24, 2020 at 12:48 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Ayub,
>
> On 6/23/20 16:23, Ayub Khan wrote:
> > I executed  *sudo lsof -p $(cat /var/run/tomcat8.pid)  *and I saw
> > the below output, some in CLOSE_WAIT and others in ESTABLISHED. If
> > there are 200 open file descriptors 160 are in CLOSE_WAIT state.
> > When the count for CLOSE_WAIT increases I just have to restart
> > tomcat.
> >
> > java65189 tomcat8  715u IPv6  237878311   0t0
> > TCP localhost:http-alt->localhost:43760 (CLOSE_WAIT) java65189
> > tomcat8  716u IPv6  237848923   0t0   TCP
> > localhost:http-alt->localhost:40568 (CLOSE_WAIT)
>
> These are connections from some process into Tomcat listening on port
> 8080 (that's what localhost:http-alt is). So what process owns the
> outgoing connection on port 40568 on the same host?
>
> Are you using a reverse proxy?
>
> > most of the open files are in CLOSE_WAIT state I do not see
> > anything related to database ip.
>
> Agreed. It looks like you have a reverse proxy who is losing-track of
> connections, or who is (re)opening connections when it may be unnecessar
> y.
>
> Can you share your  configuration from server.xml? Remember
> to remove any secrets.
>
> - -chris
>
> > On Mon, Jun 22, 2020 at 4:27 PM Felix Schumacher <
> > felix.schumac...@internetallee.de> wrote:
> >
> >>
> >> Am 22.06.20 um 13:22 schrieb Ayub Khan:
> >>> Felix,
> >>>
> >>> I executed ls -l /proc/$(cat /var/run/tomcat8.pid)/fd/ and
> >>> from the
> >> output
> >>> I see majority of them are related to sockets as shown below,
> >>> some of
> >> them
> >>> point to the jar file of tomcat and others to the log file
> >>> which is
> >> created.
> >>>
> >>> socket:[2084570754] socket:[2084579487] socket:[2084578478]
> >>> socket:[2084570167]
> >>
> >> Can you try the other command (lsof -p $(cat ...tomcat.pid))? It
> >> should give a bit more details on the used sockets that the proc
> >> directory.
> >>
> >> Felix
> >>
> >>>
> >>> On Mon, Jun 22, 2020 at 1:28 PM Felix Schumacher <
> >>> felix.schumac...@internetallee.de> wrote:
> >>>
>  Am 22.06.20 um 11:41 schrieb Ayub Khan:
> > Chris,
> >
> > I am using HikariCP for connection pooling. If the database
> > is leaking connections then I should see connection not
> > available exception.
> >
> > How do I find out which file descriptors are leaking ?
> > these are not
>  files
> > open on disk as there is no explicit disk file I/O in this
> > application.
> >
> > I just use the below command to check for open file
> > descriptors:
> >
> > watch "sudo ls /proc/`cat /var/run/tomcat8.pid`/fd/ | wc
> > -l"
>  You could have a look at the name of the files in the pids
>  proc
> >> directory.
> 
>  $ ls -l /proc/$(cat /var/run/tomcat8.pid)/fd/
> 
>  Or you could use the tool lsof to find the open file
>  descriptors.
> 
>  $ lsof -p $(cat /var/run/tomcat8.pid)
> 
>  For both calls you should first change to the uid of the
>  tomcat user or use sudo as in your example.
> 
>  Felix
> 
> > Thanks and Regards Ayub
> >
> > On Sun, Jun 21, 2020 at 8:18 PM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > Ayub,

Re: broken pipe error keeps increasing open files

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ayub,

On 6/23/20 16:23, Ayub Khan wrote:
> I executed  *sudo lsof -p $(cat /var/run/tomcat8.pid)  *and I saw
> the below output, some in CLOSE_WAIT and others in ESTABLISHED. If
> there are 200 open file descriptors 160 are in CLOSE_WAIT state.
> When the count for CLOSE_WAIT increases I just have to restart
> tomcat.
>
> java65189 tomcat8  715u IPv6  237878311   0t0
> TCP localhost:http-alt->localhost:43760 (CLOSE_WAIT) java65189
> tomcat8  716u IPv6  237848923   0t0   TCP
> localhost:http-alt->localhost:40568 (CLOSE_WAIT)

These are connections from some process into Tomcat listening on port
8080 (that's what localhost:http-alt is). So what process owns the
outgoing connection on port 40568 on the same host?

Are you using a reverse proxy?

> most of the open files are in CLOSE_WAIT state I do not see
> anything related to database ip.

Agreed. It looks like you have a reverse proxy who is losing-track of
connections, or who is (re)opening connections when it may be unnecessar
y.

Can you share your  configuration from server.xml? Remember
to remove any secrets.

- -chris

> On Mon, Jun 22, 2020 at 4:27 PM Felix Schumacher <
> felix.schumac...@internetallee.de> wrote:
>
>>
>> Am 22.06.20 um 13:22 schrieb Ayub Khan:
>>> Felix,
>>>
>>> I executed ls -l /proc/$(cat /var/run/tomcat8.pid)/fd/ and
>>> from the
>> output
>>> I see majority of them are related to sockets as shown below,
>>> some of
>> them
>>> point to the jar file of tomcat and others to the log file
>>> which is
>> created.
>>>
>>> socket:[2084570754] socket:[2084579487] socket:[2084578478]
>>> socket:[2084570167]
>>
>> Can you try the other command (lsof -p $(cat ...tomcat.pid))? It
>> should give a bit more details on the used sockets that the proc
>> directory.
>>
>> Felix
>>
>>>
>>> On Mon, Jun 22, 2020 at 1:28 PM Felix Schumacher <
>>> felix.schumac...@internetallee.de> wrote:
>>>
 Am 22.06.20 um 11:41 schrieb Ayub Khan:
> Chris,
>
> I am using HikariCP for connection pooling. If the database
> is leaking connections then I should see connection not
> available exception.
>
> How do I find out which file descriptors are leaking ?
> these are not
 files
> open on disk as there is no explicit disk file I/O in this
> application.
>
> I just use the below command to check for open file
> descriptors:
>
> watch "sudo ls /proc/`cat /var/run/tomcat8.pid`/fd/ | wc
> -l"
 You could have a look at the name of the files in the pids
 proc
>> directory.

 $ ls -l /proc/$(cat /var/run/tomcat8.pid)/fd/

 Or you could use the tool lsof to find the open file
 descriptors.

 $ lsof -p $(cat /var/run/tomcat8.pid)

 For both calls you should first change to the uid of the
 tomcat user or use sudo as in your example.

 Felix

> Thanks and Regards Ayub
>
> On Sun, Jun 21, 2020 at 8:18 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> Ayub,
>
> On 6/20/20 11:51, Ayub Khan wrote:
 Sorry we are using  8.0.32 version of tomcat.

 below is the configuration:

 Server version: Apache Tomcat/8.0.32 (Ubuntu) Server
 built:   Jan 24 2020 16:24:30 UTC Server number:
 8.0.32.0 OS Name: Linux OS Version:
 4.4.0-1087-aws Architecture:   amd64 JVM Version:
 1.8.0_181-b13 JVM Vendor: Oracle Corporation

 I use the below command to check the file
 descriptors:

 watch "sudo ls /proc/`cat /var/run/tomcat8.pid`/fd/ |
 wc -l"
> So you know there is some kind of increase in file-handle
> use, but you don't know what types of file handles are
> increasing, right?
>
> Can you try to find out which kinds of file handles are
> increasing?
>
> I have a sneaking suspicion that it's your database
> connections and not actually files open on the disk.
>
> Are you using a database connection pool? If not, you
> should really use one and limit the number of connections
> to something sane. If you are using one, are you monitoring
> it to see how many connections are actually being used? Are
> you sure you are using proper resource management[1]? Even
> a single code-path that leaks connections can leak them
> quickly under load.
>
 When there an issue related to broken files, this
 value keeps increasing, the only way to bring it down
 is to remove vm instance from AWS load balancer.>
 Which version of tomcat should I install ?
> Tomcat 8.0.x hasn't been supported since its last release
> on 29 June 2018. That was 8.0.53. Your release is from 8
> February 2016 and is dangerously out of date (unless you
> are using the Ubuntu-packaged version, in which case I hope
> they 

Re: File "catalina.out" not being created/populated when using Tomcat 9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

[calder]

I did this on my 18.04 [temporary test] system and it now works
(catalina.out is written to)
(the "ls" commands were for visual inspection on progress)

calder@ren: ~$ sudo service tomcat9 stop
calder@ren: ~$ sudo -u tomcat -g adm touch /var/log/tomcat9/catalina.out
calder@ren: ~$ ls -l /var/log/tomcat9/
[...]
calder@ren: ~$ sudo chown tomcat9:syslog /var/log/tomcat9 -R
calder@ren: ~$ sudo chown tomcat:syslog /var/log/tomcat9 -R
calder@ren: ~$ sudo ls -l /var/log
[...]
calder@ren: ~$ sudo chmod g+rwx /var/log/tomcat9/
calder@ren: ~$ sudo chmod g+rw /var/log/tomcat9/ -R
calder@ren: ~$ sudo chmod g+s /var/log/tomcat9/ -R
calder@ren: ~$ sudo service rsyslog restart
calder@ren: ~$ sudo service tomcat9 start
calder@ren: ~$ ls -l /var/log/tomcat9/
[...]
calder@ren: ~$ sudo ls -l /var/log/tomcat9/
-rw-rwS--- 1 tomcat syslog 26276 Jun 23 21:31 catalina.2020-06-23.log
-rw-rwSr-- 1 tomcat syslog  4125 Jun 23 21:31 catalina.out
-rw-rwS--- 1 tomcat syslog 0 Jun 23 19:51 localhost.2020-06-23.log
-rw-rwS--- 1 tomcat syslog  1462 Jun 23 20:53
localhost_access_log.2020-06-23.txt

calder@ren: ~$ sudo cat /var/log/tomcat9/catalina.out

[2020-06-23 21:30:57] [info] Server version name:   Apache
Tomcat/9.0.31 (Ubuntu)
[2020-06-23 21:30:57] [info] Server built:  Feb 24 2020 22:37:00 UTC
[2020-06-23 21:30:57] [info] Server version number: 9.0.31.0
[2020-06-23 21:30:57] [info] OS Name:   Linux
[2020-06-23 21:30:57] [info] OS Version:5.4.0-37-generic
[2020-06-23 21:30:57] [info] Architecture:  amd64
[2020-06-23 21:30:57] [info] Java Home:
/usr/lib/jvm/java-11-openjdk-amd64
[2020-06-23 21:30:57] [info] JVM Version:
11.0.7+10-post-Ubuntu-3ubuntu1
[ . . . ]
[2020-06-23 21:30:59] [info] Deployment of web application archive
[/var/lib/tomcat9/webapps/ourtest.war] has finished in [1,563] ms
[2020-06-23 21:31:00] [info] Starting ProtocolHandler ["http-nio-8080"]
[2020-06-23 21:31:00] [info] Server startup in [2,549] milliseconds

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: broken pipe error keeps increasing open files

[Ayub Khan]

Felix,

I executed  *sudo lsof -p $(cat /var/run/tomcat8.pid)  *and I saw the below
output, some in CLOSE_WAIT and others in ESTABLISHED. If there are 200 open
file descriptors 160 are in CLOSE_WAIT state. When the count for CLOSE_WAIT
increases I just have to restart tomcat.

java65189 tomcat8  715u IPv6  237878311   0t0   TCP
localhost:http-alt->localhost:43760 (CLOSE_WAIT)
java65189 tomcat8  716u IPv6  237848923   0t0   TCP
localhost:http-alt->localhost:40568 (CLOSE_WAIT)

most of the open files are in CLOSE_WAIT state I do not see anything
related to database ip.



On Mon, Jun 22, 2020 at 4:27 PM Felix Schumacher <
felix.schumac...@internetallee.de> wrote:

>
> Am 22.06.20 um 13:22 schrieb Ayub Khan:
> > Felix,
> >
> > I executed ls -l /proc/$(cat /var/run/tomcat8.pid)/fd/ and  from the
> output
> > I see majority of them are related to sockets as shown below, some of
> them
> > point to the jar file of tomcat and others to the log file which is
> created.
> >
> >  socket:[2084570754]
> >  socket:[2084579487]
> >  socket:[2084578478]
> > socket:[2084570167]
>
> Can you try the other command (lsof -p $(cat ...tomcat.pid))? It should
> give a bit more details on the used sockets that the proc directory.
>
> Felix
>
> >
> > On Mon, Jun 22, 2020 at 1:28 PM Felix Schumacher <
> > felix.schumac...@internetallee.de> wrote:
> >
> >> Am 22.06.20 um 11:41 schrieb Ayub Khan:
> >>> Chris,
> >>>
> >>> I am using HikariCP for connection pooling. If the database is leaking
> >>> connections then I should see connection not available exception.
> >>>
> >>> How do I find out which file descriptors are leaking ?  these are not
> >> files
> >>> open on disk as there is no explicit disk file I/O in this application.
> >>>
> >>> I just use the below command to check for open file descriptors:
> >>>
> >>> watch "sudo ls /proc/`cat /var/run/tomcat8.pid`/fd/ | wc -l"
> >> You could have a look at the name of the files in the pids proc
> directory.
> >>
> >>  $ ls -l /proc/$(cat /var/run/tomcat8.pid)/fd/
> >>
> >> Or you could use the tool lsof to find the open file descriptors.
> >>
> >>  $ lsof -p $(cat /var/run/tomcat8.pid)
> >>
> >> For both calls you should first change to the uid of the tomcat user or
> >> use sudo as in your example.
> >>
> >> Felix
> >>
> >>> Thanks and Regards
> >>> Ayub
> >>>
> >>> On Sun, Jun 21, 2020 at 8:18 PM Christopher Schultz <
> >>> ch...@christopherschultz.net> wrote:
> >>>
> >>> Ayub,
> >>>
> >>> On 6/20/20 11:51, Ayub Khan wrote:
> >> Sorry we are using  8.0.32 version of tomcat.
> >>
> >> below is the configuration:
> >>
> >> Server version: Apache Tomcat/8.0.32 (Ubuntu) Server built:   Jan
> >> 24 2020 16:24:30 UTC Server number:  8.0.32.0 OS Name:
> >> Linux OS Version: 4.4.0-1087-aws Architecture:   amd64 JVM
> >> Version:1.8.0_181-b13 JVM Vendor: Oracle Corporation
> >>
> >> I use the below command to check the file descriptors:
> >>
> >> watch "sudo ls /proc/`cat /var/run/tomcat8.pid`/fd/ | wc -l"
> >>> So you know there is some kind of increase in file-handle use, but you
> >>> don't know what types of file handles are increasing, right?
> >>>
> >>> Can you try to find out which kinds of file handles are increasing?
> >>>
> >>> I have a sneaking suspicion that it's your database connections and
> >>> not actually files open on the disk.
> >>>
> >>> Are you using a database connection pool? If not, you should really
> >>> use one and limit the number of connections to something sane. If you
> >>> are using one, are you monitoring it to see how many connections are
> >>> actually being used? Are you sure you are using proper resource
> >>> management[1]? Even a single code-path that leaks connections can leak
> >>> them quickly under load.
> >>>
> >> When there an issue related to broken files, this value keeps
> >> increasing, the only way to bring it down is to remove vm instance
> >> from AWS load balancer.> Which version of tomcat should I install
> >> ?
> >>> Tomcat 8.0.x hasn't been supported since its last release on 29 June
> >>> 2018. That was 8.0.53. Your release is from 8 February 2016 and is
> >>> dangerously out of date (unless you are using the Ubuntu-packaged
> >>> version, in which case I hope they kept-up with security patches thee
> >>> past 4 years).
> >>>
> >>> -chris
> >>>
> >> On Sat, Jun 20, 2020 at 6:28 PM Christopher Schultz <
> >> ch...@christopherschultz.net> wrote:
> >>
> >> Ayub,
> >>
> >> On 6/19/20 16:46, Ayub Khan wrote:
> > tomcat 8.5 broken pipe increases open files on ubuntu AWS
> >> Which exact version of Tomcat 8.5? If you aren't running the
> >> latest version (8.5.56), please upgrade and re-test.
> >>
> > If there is slow response from db I see this stack trace and
> > the open files goes high and the only way to open files go
> > down is to remove the 

Re: Reason for failed POST to .../api/tokens in Tomcat 8 and 9?

[Konstantin Kolinko]

вт, 23 июн. 2020 г. в 20:08, Victor Norman :
>
> Cookie:
> JSESSIONID=F61EBB3764D21F4A6161304BB9D820EF; 
> JSESSIONID=BA81E2D37D390F411711FAB57F5B8DBF

1) Having two session cookies is not a crime, but why?

(It is not a cause of this issue. Just an odd configuration.)

I see that when I go to http://agora.cs.calvin.edu:8080/
I receive a HTML page with "http://agora.cs.calvin.edu:8080/agora/;>" and a
Set-Cookie header in a response.  That page does not need a session
and thus does not need sending the session cookie.

If that HTML response is generated by a JSP page, use <%@page session="false"%>.

(Also, I wonder whether one needs to return a HTML page? A JSP page
may generate a redirect response with HTTP status code 302 by using <%
response.sendRedirect(...) %> code instead of relying on a "meta
refresh" element of HTML).

2)
> Content-Length:
> 0

The POST request sends no data - the length of content is zero..
Looking at the source code [1], if I figured it correctly, I think
that it actually expects a username and a password.

Why was such a request sent?

[1] 
https://github.com/apache/guacamole-client/blob/master/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java

3) Guacamole is an Apache project, You may better ask on their mailing list,

[2] https://guacamole.apache.org/support/#mailing-lists

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: File "catalina.out" not being created/populated when using Tomcat 9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

[Brian]

-Original Message-
From: Emmanuel Bourg 
Date: Monday, June 22, 2020 at 18:14
To: Tomcat Users List , Brian 
Subject: Re: File "catalina.out" not being created/populated when using Tomcat 
9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

Le 22/06/2020 à 18:43, Brian a écrit :

> I'm not really an expert with Linux. It would seem to me that the "adm" 
group (to which syslog seems to belong) lacks a write permission

Indeed, rsyslog in Ubuntu runs as syslog:adm and needs special
permissions to write to /var/log/tomcat9. This issue should be reported
to Ubuntu.

The tomcat9 package in Debian isn't affected by this issue because
rsyslogd runs as root.


> OK, I did it and the write permission was added to the adm group. I 
restarted Tomcat and it worked, the catalina.out file got created! However, 
after I restarted the whole Ubuntu, I discovered that the permissions went back 
to how there were (not write for adm). Why is that?

The permissions on this directory are managed by systemd-tmpfiles. The
tomcat9 package defines the expected permissions in
/usr/lib/tmpfiles.d/tomcat9.conf and the permissions are enforced when
the system starts.

It's possible to override the default settings, you have to copy the
configuration file to /etc/tmpfiles.d/ and change the permissions on
/var/log/tomcat9 from 2750 to 2760:

  cp /usr/lib/tmpfiles.d/tomcat9.conf /etc/tmpfiles.d/
  sed -i s/2750/2760/ /etc/tmpfiles.d/tomcat9.conf

The write permissions for the adm group will then be persistent.


Hi Emmanuel,

Thanks a lot for your help, but unfortunately I think that something is still 
not working.
I copied the file running the cp command, and then edited the created file to 
replace "2750" with "2760", then restarted Ubuntu But I still have the same 
problem, catalina.out never gets created.
Then I tried editing the original file (/usr/lib/tmpfiles.d/tomcat9.conf) 
replacing "2750" with "2760", then restarted Ubuntu But I still have the 
same problem.
I verified that the permissions stay correct, I mean giving write permission to 
the adm group after I restart Ubuntu, and that DOES work! When I perform a "ls 
-l /var/log/", this is what I see for the "tomcat9" directory:

drwxrwS---  3 tomcatadm4096 Jun 23 11:31 tomcat9

Finally, I checked the syslog and this is what I found:

Jun 23 12:27:43 ip-172-31-92-155 systemd[1]: Starting Apache Tomcat 9 Web 
Application Server...
Jun 23 12:27:43 ip-172-31-92-155 systemd[1]: Started Apache Tomcat 9 Web 
Application Server.
Jun 23 12:27:43 ip-172-31-92-155 tomcat9[594]: NOTE: Picked up 
JDK_JAVA_OPTIONS:  --add-opens=java.base/java.lang=ALL-UNNAMED 
--add-opens=java.base/java.io=ALL-UNNAMED 
--add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
Jun 23 12:27:43 ip-172-31-92-155 rsyslogd: file 
'/var/log/tomcat9/catalina.out': open error: Permission denied [v8.2001.0 try 
https://www.rsyslog.com/e/2433 ]
Jun 23 12:27:44 ip-172-31-92-155 tomcat9[594]: Jun 23, 2020 12:27:44 PM 
org.apache.catalina.startup.VersionLoggerListener log
Jun 23 12:27:44 ip-172-31-92-155 tomcat9[594]: INFO: Server version name:   
Apache Tomcat/9.0.31 (Ubuntu)
.

It seems that rsyslogd is still unable to deal with 
"/var/log/tomcat9/catalina.out". 
What could be wrong now? Do you have any ideas? 

Brian



Emmanuel Bourg

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Reason for failed POST to .../api/tokens in Tomcat 8 and 9?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Victor,

On 6/23/20 13:08, Victor Norman wrote:
> We are trying to upgrade a server that uses Guacamole / Tomcat7 on
> Ubuntu 16.04 to Ubuntu 18.04 or 20.04 with Tomcat 8 or 9.
>
> You can try out the server yourself, by going to
> http://agora.cs.calvin.edu:8080/.
>
> Each time we get close to having it work, we see this error show up
> in the console of the browser:
>
> POST http://agora.cs.calvin.edu:8080/agora/api/tokens 403

403 is obviously "forbidden". That can happen for a lot of reasons,
most of them likely in your application.

> Drilling down on that in Chrome, I find:
>
>
> * Request URL: http://agora.cs.calvin.edu:8080/agora/api/tokens *
> Request Method: POST * Status Code: 403 * Remote Address:
> 153.106.116.108:8080 * Referrer Policy: no-referrer-when-downgrade
> 1.  Response Headersview source * Content-Type: application/json *
> Date: Tue, 23 Jun 2020 16:42:56 GMT * Transfer-Encoding: chunked 2.
> Request Headersview source * Accept: application/json, text/plain,
> */* * Accept-Encoding: gzip, deflate * Accept-Language:
> en-US,en;q=0.9 * Cache-Control: no-cache * Connection: keep-alive
> * Content-Length: 0 * Content-Type:
> application/x-www-form-urlencoded * Cookie:
> JSESSIONID=F61EBB3764D21F4A6161304BB9D820EF;
> JSESSIONID=BA81E2D37D390F411711FAB57F5B8DBF * DNT: 1 * Host:
> agora.cs.calvin.edu:8080 * Origin: http://agora.cs.calvin.edu:8080

Since you have an "Origin" header, is this a REST call? Are you using
CORS? Has it been configured correctly?

> * Pragma: no-cache * Referer:
> http://agora.cs.calvin.edu:8080/agora/ * User-Agent: Mozilla/5.0
> (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
>
> What is this request to POST to ../api/tokens?

This must be something Guacamole-related, or in your own application.
Tomcat won't do this.

> Is this some new security added in tomcat8 or 9 that we need to
> account for?  Or is it a file permissions issue somehow?
>
> I'd really appreciate any insight anyone has.

It's tough to say why you are getting this response. You will probably
have to dig-into your application's logs to see what is happening. If
you have CORS enabled, it's very easy to get that configuration wrong
 and lock clients out.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7yPgwACgkQHPApP6U8
pFipVxAAune0nuUM8GqljUeECPC2hfn+PUVKsC8XZXr9TBqCoqOlHnav2H7VUrlP
e80O+z7nC3fOuUm7xDk+kNp5aY4luIOSY3miNtsSU402VkGy1Aa2kJtmp00BSH5X
UvLVLKU29H+gucOhvcqPjiiSgRWuN7uYpkhRet4DYQC/disc6PM/QLomkAG/IK0W
tIiOgIsTobc7K9XpihTkD7tZHhla1aV0dZ+c4WSfy0R2XvyisA43yHtWImMTrzEt
GtRy7ZsXb8ibDMv0ZY2coN1LEFofUEo9BJFQsnbtTd5WXKQrUxNeddLB6HI3LXqt
6aX0ENHcFVwoCHNk6o860/aItAjSHn5nNYLkFTaoi9GSX8tdXkC/zqReUCA75QPJ
CCUbKWBjxC295+H5HhKPu/2UPuOSe+6nKLOUIz/5RWUnINypTC6X+IIvxowXh4Dh
i0IA7dexpEmFg5MZjs3YfYruDjljGkv7iSmCySCJxGosUdQcY7gIvgtro9fGxe8s
xXNzmri1i2ir7Dh4a1K+ZrbW7GW1JVXQ9mIcI5xgOBvu3690G9ufcQaNdA1ozpjl
e4o4WBD8UEZtsnxp5CAyU1BYKed+AQCBlFBOurPWWTShKenhlyZ+2mDlFpbL7Nms
gV1CUkonnIU3ESXwihMclUae4rIBSMakSPxuNMTfbNLfjulxRR4=
=7uFs
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reason for failed POST to .../api/tokens in Tomcat 8 and 9?

[Victor Norman]

Friends,

We are trying to upgrade a server that uses Guacamole / Tomcat7 on Ubuntu 16.04 
to Ubuntu 18.04 or 20.04 with Tomcat 8 or 9.

You can try out the server yourself, by going to 
http://agora.cs.calvin.edu:8080/.

Each time we get close to having it work, we see this error show up in the 
console of the browser:

POST http://agora.cs.calvin.edu:8080/agora/api/tokens 403

Drilling down on that in Chrome, I find:


 *
Request URL:
http://agora.cs.calvin.edu:8080/agora/api/tokens
 *
Request Method:
POST
 *
Status Code:
403
 *
Remote Address:
153.106.116.108:8080
 *
Referrer Policy:
no-referrer-when-downgrade
  1.  Response Headersview source
 *
Content-Type:
application/json
 *
Date:
Tue, 23 Jun 2020 16:42:56 GMT
 *
Transfer-Encoding:
chunked
  2.  Request Headersview source
 *
Accept:
application/json, text/plain, */*
 *
Accept-Encoding:
gzip, deflate
 *
Accept-Language:
en-US,en;q=0.9
 *
Cache-Control:
no-cache
 *
Connection:
keep-alive
 *
Content-Length:
0
 *
Content-Type:
application/x-www-form-urlencoded
 *
Cookie:
JSESSIONID=F61EBB3764D21F4A6161304BB9D820EF; 
JSESSIONID=BA81E2D37D390F411711FAB57F5B8DBF
 *
DNT:
1
 *
Host:
agora.cs.calvin.edu:8080
 *
Origin:
http://agora.cs.calvin.edu:8080
 *
Pragma:
no-cache
 *
Referer:
http://agora.cs.calvin.edu:8080/agora/
 *
User-Agent:
Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36

What is this request to POST to ../api/tokens?

Is this some new security added in tomcat8 or 9 that we need to account for?  
Or is it a file permissions issue somehow?

I'd really appreciate any insight anyone has.

Thanks.


Prof. Victor Norman
Computer Science
Calvin College University
v...@calvin.edu
-
"A designer knows he has achieved perfection not when there is nothing left to 
add, but when there is nothing left to take away." -- Antoine de Saint Exupéry

RE: Tomcat Connector issue

[George Stanchev]

Is it possible something is wrong with the header values

[Thu Jun 18 09:37:28.229 2020] [6060:2544] [debug] 
ajp_unmarshal_response::jk_ajp_common.c (799): (worker-local) Header[0] 
[Expires] = [19-Mar-1971 08:23:00 GMT]
[Thu Jun 18 09:37:28.229 2020] [6060:2544] [debug] 
ajp_unmarshal_response::jk_ajp_common.c (799): (worker-local) Header[1] 
[Cache-Control] = [no-store, no-cache, private, must-revalidate]
[Thu Jun 18 09:37:28.230 2020] [6060:2544] [debug] 
ajp_unmarshal_response::jk_ajp_common.c (799): (worker-local) Header[2] 
[Pragma] = [no-cache]
[Thu Jun 18 09:37:28.231 2020] [6060:2544] [debug] 
ajp_unmarshal_response::jk_ajp_common.c (799): (worker-local) Header[3] 
[Location] = 
[https://host/idp/login?fsid=2baf82dbd9e74657988568e2ae98ceef=https%3A%2F%2Fhost%2Fworkcenter%2Ftmtrack.dll%3Fshell%3Dswc]
[Thu Jun 18 09:37:28.232 2020] [6060:2544] [debug] 
ajp_unmarshal_response::jk_ajp_common.c (799): (worker-local) Header[4] 
[Content-Length] = [0]


This is pretty standard, I can't see anything wrong...

-Original Message-
From: George Stanchev 
Sent: Tuesday, June 23, 2020 10:33 AM
To: users@tomcat.apache.org
Subject: RE: Tomcat Connector issue

Thanks all for the responses. It is on AWS VM machine that I don't have access 
to. I've googed the crap of x57 but besides some Bugzilla report from Adobe 
that seemed unrelated nothing good comes out of Google. x57 as Mark said is bad 
parameter and it is a generic error meaning either the p->lpEcb->ConnID is 
invalid or something is wrong with the headers or their sizes. Also chunking is 
off so keep-alive is JK_FALSE. I can try to enable the chunking to see if I can 
fork the execution into the HSE_REQ_SEND_RESPONSE_HEADER_EX call on 
jk_isapi_plugin.c#1066 and if it would make a difference. The headers from TC 
on the 302 response are pretty vanilla and I cannot imagine headers+sizes are 
wrong which leaves p->lpEcb->ConnID. I have omitted the actual binary dump of 
the AJP message because it is from a customer and didn't want to disclose their 
hostname but I can obfuscate it and post it if we think it is related to the 
issue.

For now forking into the _EX call is the only idea I have to explore...

Asked to procur another VM image in case something is wrong with IIS but it is 
a problem for them...

Any ideas on how to even approach this are much appreciated...

George

-Original Message-
From: Mark Thomas 
Sent: Tuesday, June 23, 2020 9:42 AM
To: users@tomcat.apache.org
Subject: Re: Tomcat Connector issue

On 23/06/2020 16:35, Christopher Schultz wrote:
> 
> 
> On 6/23/20 11:32, Mark Thomas wrote:
>> On 23/06/2020 16:20, Christopher Schultz wrote:
>>> George,
>>>
>>> On 6/22/20 17:13, George Stanchev wrote:
 We are getting HSE_REQ_SEND_RESPONSE_HEADER failed with
 error=87 (0x0057) on a 302 redirect proxied by TC connector 
 1.2.46.
>>> Windows error 0x0057 is ... "Cannot connect to printer"???
> 
>> Not sure where you found that. 0x57 is "Invalid Parameter"
> 
> Yeah, it sounded weird. Searching Google for "windows 0x0057" (at 
> least here in the US) gives a million pages about errors connecting to 
> printers, like this one which is the top-hit for me with expanded
> explanation:
> 
> https://appuals.com/fix-printer-error-0x0057/
> 
> "
> Error 0x0057 is a printer related error on Windows which does not 
> allow the user to add the printer. This error is usually due to 
> corrupt drivers previously installed and the permission issues. ...
> The 1st one would delete the driver and the second method would be to 
> copy the driver from a working computer.
> "
> 
> I don't have a "perror" program for Windows handy right now, so I just 
> tried Google :/

For the archives:
https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--0-499-

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat Connector issue

[George Stanchev]

Thanks all for the responses. It is on AWS VM machine that I don't have access 
to. I've googed the crap of x57 but besides some Bugzilla report from Adobe 
that seemed unrelated nothing good comes out of Google. x57 as Mark said is bad 
parameter and it is a generic error meaning either the p->lpEcb->ConnID is 
invalid or something is wrong with the headers or their sizes. Also chunking is 
off so keep-alive is JK_FALSE. I can try to enable the chunking to see if I can 
fork the execution into the HSE_REQ_SEND_RESPONSE_HEADER_EX call on 
jk_isapi_plugin.c#1066 and if it would make a difference. The headers from TC 
on the 302 response are pretty vanilla and I cannot imagine headers+sizes are 
wrong which leaves p->lpEcb->ConnID. I have omitted the actual binary dump of 
the AJP message because it is from a customer and didn't want to disclose their 
hostname but I can obfuscate it and post it if we think it is related to the 
issue.

For now forking into the _EX call is the only idea I have to explore...

Asked to procur another VM image in case something is wrong with IIS but it is 
a problem for them...

Any ideas on how to even approach this are much appreciated...

George

-Original Message-
From: Mark Thomas  
Sent: Tuesday, June 23, 2020 9:42 AM
To: users@tomcat.apache.org
Subject: Re: Tomcat Connector issue

On 23/06/2020 16:35, Christopher Schultz wrote:
> 
> 
> On 6/23/20 11:32, Mark Thomas wrote:
>> On 23/06/2020 16:20, Christopher Schultz wrote:
>>> George,
>>>
>>> On 6/22/20 17:13, George Stanchev wrote:
 We are getting HSE_REQ_SEND_RESPONSE_HEADER failed with
 error=87 (0x0057) on a 302 redirect proxied by TC connector 
 1.2.46.
>>> Windows error 0x0057 is ... "Cannot connect to printer"???
> 
>> Not sure where you found that. 0x57 is "Invalid Parameter"
> 
> Yeah, it sounded weird. Searching Google for "windows 0x0057" (at 
> least here in the US) gives a million pages about errors connecting to 
> printers, like this one which is the top-hit for me with expanded
> explanation:
> 
> https://appuals.com/fix-printer-error-0x0057/
> 
> "
> Error 0x0057 is a printer related error on Windows which does not 
> allow the user to add the printer. This error is usually due to 
> corrupt drivers previously installed and the permission issues. ...
> The 1st one would delete the driver and the second method would be to 
> copy the driver from a working computer.
> "
> 
> I don't have a "perror" program for Windows handy right now, so I just 
> tried Google :/

For the archives:
https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--0-499-

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Connector issue

[Mark Thomas]

On 23/06/2020 16:35, Christopher Schultz wrote:
> 
> 
> On 6/23/20 11:32, Mark Thomas wrote:
>> On 23/06/2020 16:20, Christopher Schultz wrote:
>>> George,
>>>
>>> On 6/22/20 17:13, George Stanchev wrote:
 We are getting HSE_REQ_SEND_RESPONSE_HEADER failed with
 error=87 (0x0057) on a 302 redirect proxied by TC connector
 1.2.46.
>>> Windows error 0x0057 is ... "Cannot connect to printer"???
> 
>> Not sure where you found that. 0x57 is "Invalid Parameter"
> 
> Yeah, it sounded weird. Searching Google for "windows 0x0057" (at
> least here in the US) gives a million pages about errors connecting to
> printers, like this one which is the top-hit for me with expanded
> explanation:
> 
> https://appuals.com/fix-printer-error-0x0057/
> 
> "
> Error 0x0057 is a printer related error on Windows which does not
> allow the user to add the printer. This error is usually due to
> corrupt drivers previously installed and the permission issues. ...
> The 1st one would delete the driver and the second method would be to
> copy the driver from a working computer.
> "
> 
> I don't have a "perror" program for Windows handy right now, so I just
> tried Google :/

For the archives:
https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--0-499-

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Connector issue

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 6/23/20 11:32, Mark Thomas wrote:
> On 23/06/2020 16:20, Christopher Schultz wrote:
>> George,
>>
>> On 6/22/20 17:13, George Stanchev wrote:
>>> We are getting HSE_REQ_SEND_RESPONSE_HEADER failed with
>>> error=87 (0x0057) on a 302 redirect proxied by TC connector
>>> 1.2.46.
>> Windows error 0x0057 is ... "Cannot connect to printer"???
>
> Not sure where you found that. 0x57 is "Invalid Parameter"

Yeah, it sounded weird. Searching Google for "windows 0x0057" (at
least here in the US) gives a million pages about errors connecting to
printers, like this one which is the top-hit for me with expanded
explanation:

https://appuals.com/fix-printer-error-0x0057/

"
Error 0x0057 is a printer related error on Windows which does not
allow the user to add the printer. This error is usually due to
corrupt drivers previously installed and the permission issues. ...
The 1st one would delete the driver and the second method would be to
copy the driver from a working computer.
"

I don't have a "perror" program for Windows handy right now, so I just
tried Google :/

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7yIVkACgkQHPApP6U8
pFgKoBAAiPIynvL8XRjvd2UdkuCxVAdVY45zanKYd+shrMU7y+5hn8kEz3fWi0aH
Yg16uC23bGX+M9f+97voQlHdLiCPZ9S+FzXU4bBsNkEggrWSkJeAcVxY2+FJPiyF
fvpg4Zd2KJLiecm6mwAtltnOOAubfK7+unXPMsa5PPLtZJ2WJtM8/IWgr7BElVj7
BJsKjx20R9O2n9c84DsyR49XV/hkFNgERwd8DVIWNjyEjMbOA+59M/8+knr+yCNc
t37AeQ+8QAl6Zb/WfZbzp2c47TQNQzLRYmNS9+1jlNiBvGL4BCIxR9nfoNsh8lso
eZUYvHLjOl3SuwJq7uzPhQyxeR0O3fdZHj1tPnIXXPqJLg+MkN3tk/1uhiIRiFTd
p1D8CM+NqW1/fKslBgi/2J015g+a30euHA8r/g7710QrI9k0PENZHC7ZYSztV1Gf
FEqzLt+XX0rKveT2IMPGCY/H9xuRN5i+/h0JgMC+uBAALxH22/Nwl5x3cSpUMron
mQAd85JyL023VrO0qb1VbvZMs6T6MDAJdJwdbhC/N8LJp88aPI7/ymtlZGI+Qho2
LKS3y4EC5IccVIHhDiUejH401hzD3s61ZBMOUvW1tOFFyv+QrWPb5XKRsBUoO5GT
Xf5uZJNBkv/Zwz2ZcI0Qt2elNbD5FWrWhM2VLcdraQjJY2u1NnM=
=ysFf
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Configuring external CGI script in Tomcat 8.5

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jean-Jierre,

On 6/23/20 08:55, jean-pierre.urk...@devoteam.com.INVALID wrote:
> Can anyone clarify on how to configure Tomcat 8.5 to serve an
> external executable? The CGI-HowTo documentation is VERY unclear to
> me.
>
> So let's say I have an application installed under 'c:\myApp' that
> provides a CGI executable 'c:\myApp\cgi\myapp.exe' now how do I
> configure Tomcat to have requests to http://localhost/myApp to call
> the c:\myApp\cgi\myapp.exe executable?

Is myapp.exe a CGI-aware program? Or do you need to proxy from
HTTP-CGI to some intermediate communication language and back again?

> I tried to add a context.xml file named myapp.xml to
> {TOMCAT_BASE}\conf\catalina\localhost with following content:

You can also bundle this file into your web application under
META-INF/context.xml which may (or may not) be more convenient.

>  path="/myApp" reloadable="false" privileged="true"
> swallowOutput="true" workDir="work\Catalina\localhost\myApp">
>
> 

Remove the "path" attribute: it's not legal in this location. The name
of the file (myapp[.xml]) dictates the context path.

> But that doesn't seem to work, it will try to download the
> myapp.exe file.

Did you modify web.xml in any particular way? If not, it's never going
to work because all you have done is deploy a web application hosted
at C:\myapp\cgi".

Just because a file is named .exe doesn't make it special in any way.
How else would you download .exe files if they were always executed
when you requested them?

In order to use CGI, you need to configure the CGI servlet.

The documentation can be found here:
http://tomcat.apache.org/tomcat-8.5-doc/cgi-howto.html

Give that a read and see if you can get further.

Please understand that CGI on Windows is essentially impossible to run
securely if you need to pass command-line arguments provided by the
client to the script. Please see the Security Considerations[1] page
and search for CGI for more information.

- -chris

[1] https://tomcat.apache.org/tomcat-8.5-doc/security-howto.html
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7yIKYACgkQHPApP6U8
pFjPiBAAikmoEQtUsztMRYC6aa2OYARZjMMo7pxZ8aVA3leQdwWkiSfC29AVCgGO
KpQalDRtWTiJaV4doVVaqynSGjgO/2f9XyZxXyWjstMKbkkAFZez13P4dMPYS5H7
C55yLKE+Ay3oDm+nvoihoXQK76wKj0b10/vzuzSv8zf68i6fbd8jC/s2zZpBOYcr
VaEGsd7KQIaQ+JxZ4OBk5/h/In9I9ouv0Mp2dvRg0OC1r9MAYPZoU0X+XladqEsP
YjGFHFkICBPC8YO0baZ22vkw6v7JXIBQO0JKxIjCDnLqDKSbTI914pVlxrCWetZO
wzpU4XXK8qvuyY+BhsosUoJll3DdTjkfyEnTGUV8AahRFSWJr87f0Fp3rMmuYCq2
C/i/CMrhXvwj/3/eWQDkN4qngz6fVlqbw8m/gxzy0YO1+pplf0ek5t30d7S/LZV/
WwgXZbvjDRtRQIChRkorw/4EnBcoKZ139OFmLXl3PCDpqJSlUQ1IlwoWgI8Ww6AJ
W/oVmhdX0gGxCc2HGAUFOjcT20o6tYALymVjnCNOlMfJV9dtOq99lUb/UdrXDWKb
yXIIomg8zZxKDq4a5499uYo3eeYioclObQI1C3Ej0L0jTGHzkcRl0EOOTa0MKpnn
lEBJDCYGXa6p81f4/O5GqFzZHv5UiRvcLzug5sfhqI5leESunIY=
=8RaV
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Connector issue

[Mark Thomas]

On 23/06/2020 16:20, Christopher Schultz wrote:
> George,
> 
> On 6/22/20 17:13, George Stanchev wrote:
>> We are getting HSE_REQ_SEND_RESPONSE_HEADER failed with error=87
>> (0x0057) on a 302 redirect proxied by TC connector 1.2.46.
> Windows error 0x0057 is ... "Cannot connect to printer"???

Not sure where you found that. 0x57 is "Invalid Parameter"

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: File "catalina.out" not being created/populated when using Tomcat 9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Emmanuel,

On 6/22/20 19:14, Emmanuel Bourg wrote:
> Le 22/06/2020 à 18:43, Brian a écrit :
>
>> I'm not really an expert with Linux. It would seem to me that the
>> "adm" group (to which syslog seems to belong) lacks a write
>> permission
>
> Indeed, rsyslog in Ubuntu runs as syslog:adm and needs special
> permissions to write to /var/log/tomcat9. This issue should be
> reported to Ubuntu.
>
> The tomcat9 package in Debian isn't affected by this issue because
> rsyslogd runs as root.
>
>
>> OK, I did it and the write permission was added to the adm group.
>> I restarted Tomcat and it worked, the catalina.out file got
>> created! However, after I restarted the whole Ubuntu, I
>> discovered that the permissions went back to how there were (not
>> write for adm). Why is that?
>
> The permissions on this directory are managed by systemd-tmpfiles.
> The tomcat9 package defines the expected permissions in
> /usr/lib/tmpfiles.d/tomcat9.conf and the permissions are enforced
> when the system starts.
>
> It's possible to override the default settings, you have to copy
> the configuration file to /etc/tmpfiles.d/ and change the
> permissions on /var/log/tomcat9 from 2750 to 2760:
>
> cp /usr/lib/tmpfiles.d/tomcat9.conf /etc/tmpfiles.d/ sed -i
> s/2750/2760/ /etc/tmpfiles.d/tomcat9.conf
>
> The write permissions for the adm group will then be persistent.
>
>
>> In any case, why is this permission required in my new VPS, if
>> the old one lacks it and catalina.out works perfectly?
>
> I guess your older VPS had the tomcat8 package installed. The
> tomcat9 package is different as it leverages several systemd
> features to improve the security and the reliability.

With this kind of service (and, similarly, Coty Sutherland's work @
RedHat), I might re-think my policy of always using the vanilla
packages from Apache.

It's *really* nice when the package-manager can do it all.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7yHp4ACgkQHPApP6U8
pFjrOg//akrAF8ZQlS2d5943zClVfwoddOW+I2clK7IYqJcu4LIIMm07v73aVVhe
eAYLQLOZTXM6u3SHI4rsobGDO5QBb4wa0xxKEZFcq+pr809zzwvwd9gufuYfuNFj
xa37zyzQzv0vuhfHZNYy6eUhThVS9eSPLu0vZQnLxNExoMiVM3BNMm0evYjQHwO2
97BtwhTP9IBPjRFLvzyKCmhcotNbqY+bnn5610k5+rgBz5A/Az/ZBLHOhOb5cjWZ
1L/Ue2P86WWl2/5Dqu4IVrN1TQldyr2RQtCbcWjR4LhTKZoBNc+vyhFu/LExfexy
18mvoUY7jNKTwoJ7CiC0p7iy6Se89DzNqUzlCqUC6/1P9pRi9oYDBmeEUEnjaQ7E
tlw/GQbgALk8X+gq0hNMS9HOvlyZOZlN5iBS56cYFOje8iJrasDhxDcqWdhRqpsg
F1S42eGVk37oBpnY7dZcf/SoAmp/vIesGZ5iVi9qKSLgLbmmKGZo2/C4OnyMVkdD
+zMbcK6ClHCGK5lDVys0Hobc8gblLkUc2PY9yOxxD7Cyyml4hQ+0DzQYDbNwggAn
BAuElpOUDyzjyHYkLD12IP8ZC3ZcSZA/MnR1hHU6pbAC4tXA0sjhU6WaWP2wDIyS
hixxYgF8PoM9CwdHHnw6/ROpiqCZeIBn1NYNWcQmxMZALBWOUZ0=
=72na
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] File "catalina.out" not being created/populated when using Tomcat 9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Emmanuel,

On 6/22/20 16:36, Emmanuel Bourg wrote:
> Le 22/06/2020 à 20:03, Christopher Schultz a écrit :
>
>> It looks like whoever is responsible for packing Tomcat for
>> Ubuntu has something missing, there. I suggest you file a bug
>> with Ubuntu.
>
> That must be me :) I'll get a look.

I didn't want to be presumptuous :)

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIyBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7yHdsACgkQHPApP6U8
pFjuPA/2Of4P1VBPvcTa+0bv7zmWeYSzpHDy39sGL72Wqn0r2FvrUUGMJEUiWPi4
W9IhbUXBmv9yfvvhPkvDOwpXa7eakI9X7V4GwPxnScgG/Ha9Jpa3lugQOSGeEnwl
hdWB1c+NGgoL/4R9V7A8FnL3kAz8mRxPD4ghNG/MxakRRTcYjUYm5BDvNBMUz/uq
fnG0DeI9fgCv5HzBHGY2/qVw75BcRemj5MWV+BKBAlUjIEvfummfTxcKRSxI4A65
RXk+gJYhIB+/2SHZL5WGtMaNO7WIl4QLKyqd1rTL0fBUh8e9SPxWt+QtNN5RS21e
S+sSyCav+DheOCQK9OzmXZTReLKjOge5jUo0F2PDvY4j9jzkGBimXJj3ltqTcNA9
ps8l4WocZPUJsAw78XCPVNSmjHaAliZAhvdcaD4WQnsPMbswvAJKORanty/GTS42
fsnO6bcHmiIigHyzEhLU1wAr+tX239Ib1BbiNRGQn3h96/0dhY4vnDoan2Cm/wXQ
C7Bt1EXE75XPcrbN9Lqdu4F4mOSaOY0cP3wcpJSxfnJf8TI/ex7xNX9xwx30mBo6
TsjI9zN09U+eE80TO4gWUd+8GrCqTa40sTLrtMSv19daJOTYiYtSn7gjMTDvWNbU
PZPMP0IX0WuJPkDIHmZGTAI1qDsAvR5sWyt9qitrG4W4rfZwfA==
=8eW4
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Connector issue

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

George,

On 6/22/20 17:13, George Stanchev wrote:
> We are getting HSE_REQ_SEND_RESPONSE_HEADER failed with error=87
> (0x0057) on a 302 redirect proxied by TC connector 1.2.46.
Windows error 0x0057 is ... "Cannot connect to printer"??? I
assume you are on Windows because you mentioned
HSE_REQ_SEND_RESPONSE_HEADER which is IIS, right?

> I can see the 302 response come over from TC and it looks legit.
> Trace logs below. Anyone else running into a similar error or
> perhaps some clue as to why this can be happening?
Did anything change recently in your environment?

> [Thu Jun 18 09:37:28.185 2020] [6060:2544] [trace]
> jk_tcp_socket_sendfull::jk_connect.c (1042): enter [Thu Jun 18
> 09:37:28.186 2020] [6060:2544] [trace]
> jk_tcp_socket_sendfull::jk_connect.c (1072): exit [Thu Jun 18
> 09:37:28.187 2020] [6060:2544] [trace]
> ajp_connection_tcp_send_message::jk_ajp_common.c (1292): exit [Thu
> Jun 18 09:37:28.188 2020] [6060:2544] [debug]
> ajp_send_request::jk_ajp_common.c (1768): (worker-local) Statistics
> about invalid connections: connect check (0), cping (0), send (0)
> [Thu Jun 18 09:37:28.188 2020] [6060:2544] [debug]
> ajp_send_request::jk_ajp_common.c (1779): (worker-local) request
> body to send 0 - request body to resend 0 [Thu Jun 18 09:37:28.189
> 2020] [6060:2544] [trace] ajp_send_request::jk_ajp_common.c (1904):
> exit [Thu Jun 18 09:37:28.190 2020] [6060:2544] [trace]
> ajp_get_reply::jk_ajp_common.c (2201): enter [Thu Jun 18
> 09:37:28.191 2020] [6060:2544] [trace]
> ajp_connection_tcp_get_message::jk_ajp_common.c (1325): enter [Thu
> Jun 18 09:37:28.193 2020] [6060:2544] [trace]
> jk_tcp_socket_recvfull::jk_connect.c (1093): enter [Thu Jun 18
> 09:37:28.199 2020] [6060:2544] [trace]
> jk_tcp_socket_recvfull::jk_connect.c (1122): exit [Thu Jun 18
> 09:37:28.200 2020] [6060:2544] [trace]
> jk_tcp_socket_recvfull::jk_connect.c (1093): enter [Thu Jun 18
> 09:37:28.202 2020] [6060:2544] [trace]
> jk_tcp_socket_recvfull::jk_connect.c (1122): exit [Thu Jun 18
> 09:37:28.203 2020] [6060:2544] [debug]
> ajp_connection_tcp_get_message::jk_ajp_common.c (1459): received
> from ajp13 pos=0 len=307 max=16384 .. [Thu Jun
> 18 09:37:28.223 2020] [6060:2544] [trace]
> ajp_connection_tcp_get_message::jk_ajp_common.c (1463): exit [Thu
> Jun 18 09:37:28.224 2020] [6060:2544] [trace]
> ajp_process_callback::jk_ajp_common.c (1919): enter [Thu Jun 18
> 09:37:28.225 2020] [6060:2544] [trace]
> ajp_unmarshal_response::jk_ajp_common.c (718): enter [Thu Jun 18
> 09:37:28.226 2020] [6060:2544] [debug]
> ajp_unmarshal_response::jk_ajp_common.c (736): (worker-local)
> status = 302 [Thu Jun 18 09:37:28.228 2020] [6060:2544] [debug]
> ajp_unmarshal_response::jk_ajp_common.c (743): Number of headers is
> = 5 [Thu Jun 18 09:37:28.229 2020] [6060:2544] [debug]
> ajp_unmarshal_response::jk_ajp_common.c (799): (worker-local)
> Header[0] [Expires] = [19-Mar-1971 08:23:00 GMT] [Thu Jun 18
> 09:37:28.229 2020] [6060:2544] [debug]
> ajp_unmarshal_response::jk_ajp_common.c (799): (worker-local)
> Header[1] [Cache-Control] = [no-store, no-cache, private,
> must-revalidate] [Thu Jun 18 09:37:28.230 2020] [6060:2544] [debug]
> ajp_unmarshal_response::jk_ajp_common.c (799): (worker-local)
> Header[2] [Pragma] = [no-cache] [Thu Jun 18 09:37:28.231 2020]
> [6060:2544] [debug] ajp_unmarshal_response::jk_ajp_common.c (799):
> (worker-local) Header[3] [Location] =
> [https://host/idp/login?fsid=2baf82dbd9e74657988568e2ae98ceef
=https%3A%2F%host%2Fworkcenter%2Ftmtrack.dll%3Fshell%3Dswc]
>
>
[Thu Jun 18 09:37:28.232 2020] [6060:2544] [debug]
ajp_unmarshal_response::jk_ajp_common.c (799): (worker-local) Header[4]
[Content-Length] = [0]
> [Thu Jun 18 09:37:28.233 2020] [6060:2544] [trace]
> ajp_unmarshal_response::jk_ajp_common.c (806): exit [Thu Jun 18
> 09:37:28.234 2020] [6060:2544] [trace]
> start_response::jk_isapi_plugin.c (889): enter [Thu Jun 18
> 09:37:28.235 2020] [6060:2544] [debug]
> start_response::jk_isapi_plugin.c (939): Starting response for URI
> '/idp/login' (protocol HTTP/1.1) [Thu Jun 18 09:37:28.236 2020]
> [6060:2544] [debug] start_response::jk_isapi_plugin.c (1048): Not
> using Keep-Alive

Any idea why it's "Not using Keep-Alive"?

> [Thu Jun 18 09:37:28.237 2020] [6060:2544] [error]
> start_response::jk_isapi_plugin.c (1082):
> HSE_REQ_SEND_RESPONSE_HEADER failed with error=87 (0x0057) [Thu
> Jun 18 09:37:28.238 2020] [6060:2544] [trace]
> start_response::jk_isapi_plugin.c (1092): exit [Thu Jun 18
> 09:37:28.239 2020] [6060:2544] [trace]
> ajp_connection_tcp_get_message::jk_ajp_common.c (1325): enter [Thu
> Jun 18 09:37:28.240 2020] [6060:2544] [trace]
> jk_tcp_socket_recvfull::jk_connect.c (1093): enter [Thu Jun 18
> 09:37:28.241 2020] [6060:2544] [trace]
> jk_tcp_socket_recvfull::jk_connect.c (1122): exit [Thu Jun 18
> 09:37:28.242 2020] [6060:2544] [trace]
> jk_tcp_socket_recvfull::jk_connect.c (1093): enter [Thu Jun 18
> 09:37:28.243 2020] 

Configuring external CGI script in Tomcat 8.5

[jean-pierre . urkens]

Can anyone clarify on how to configure Tomcat 8.5 to serve an external
executable? The CGI-HowTo documentation is VERY unclear to me.

So let's say I have an application installed under 'c:\myApp' that provides
a CGI executable 'c:\myApp\cgi\myapp.exe' now how do I configure Tomcat to
have requests to http://localhost/myApp to call the c:\myApp\cgi\myapp.exe
executable?

 

I tried to add a context.xml file named myapp.xml to
{TOMCAT_BASE}\conf\catalina\localhost with following content:

 





 

But that doesn't seem to work, it will try to download the myapp.exe file.

 

Any instructions are welcome. 

 

Re: File "catalina.out" not being created/populated when using Tomcat 9.0.31 + Ubuntu 20.04, and content goes to the Ubuntu syslog instead?

[Emmanuel Bourg]

Le 23/06/2020 à 02:53, Brian a écrit :

> Please do! It definitely looks like a bug.
> I just reported the bug here: 
> https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1884591

I've just uploaded tomcat9/9.0.36-1 in Debian and changed the
permissions [1] on the log directory. This will propagate to Ubuntu
sooner or later.

Emmanuel Bourg

[1] https://salsa.debian.org/java-team/tomcat9/-/commit/51128fe9

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org