Hello Everyone,
Using OpenSSL 1.0.2k-fips
I am trying to install the apr.
I used several different versions of APR 1.4 through 1.6
Then I compiled tnative 1.1.16, 1.2.x
When I start tomcat I get the same message each time.
30-Oct-2017 12:51:14.602 INFO [main]
org.apache.catalin
, 2017 3:17 PM
To: users@tomcat.apache.org
Subject: Re: apr
Hi Chris,
Did you recompile APR with FIPS? You must completely compile
tcnative.dll.
Marcus
From: Cheltenham, Chris
Sent: Monday, October 30, 2017 1:49 PM
To: users@tomcat.apache.org
Subject: apr
e: apr
On 30/10/2017 17:49, Cheltenham, Chris wrote:
> Hello Everyone,
>
> Using OpenSSL 1.0.2k-fips
>
> I am trying to install the apr.
>
> I used several different versions of APR 1.4 through 1.6
>
> Then I compiled tnative 1.1.16, 1.2.x
The latest release of the 1.
ll # 215-301-6571
>
> -Original Message-
> From: Mark Thomas [mailto:ma...@apache.org]
> Sent: Tuesday, October 31, 2017 3:24 AM
> To: Tomcat Users List
> Subject: Re: apr
>
> On 30/10/2017 17:49, Cheltenham, Chris wrote:
>> Hello Everyone,
>>
>> Using
10/31/17 10:41 AM, Cheltenham, Chris wrote:
> Thanks Mark , but where in the error logs do you see I am building
> against 1.0.1?
>
> 31-Oct-2017 10:40:15.243 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
> APR based Apache Tomcat Native libr
# 215-301-6571
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, October 31, 2017 11:48 AM
To: users@tomcat.apache.org
Subject: Re: apr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 10/31/17 10:41 AM, Cheltenham, Chris wrote
lphia
Work # 215-400-5025
Cell # 215-301-6571
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Tuesday, October 31, 2017 12:47 PM
To: Tomcat Users List
Subject: Re: apr
On 31/10/17 14:41, Cheltenham, Chris wrote:
> Thanks Mark , but where in the error logs do you
Mr. Shultz,
I really appreciate your detailed answers.
Helps me out a lot.
I am now thinking big picture because my application does not require APR.
May I ask this , what exactly does APR give me for apache-tomcat?
I am thinking to scrap the whole APR install.
The reason I am trying to instal
: Thursday, November 2, 2017 9:36 AM
To: users@tomcat.apache.org
Subject: Re: security headers
You seem to be responding on the wrong thread, but here are some answers
anyway (will save Christopher some typing)
On 02.11.2017 13:55, Cheltenham, Chris wrote:
> Mr. Shultz,
>
> I really apprec
Eric,
If you have upgraded java along with tomcat then yes that it is very
probable.
You can restrict how much memory java can use however, if it is consuming
too much memory.
-Xmx and –Xms startup parameters.
However, you may be jeopardizing performance.
In this case you can only add more
Eric,
Just curious how much ram do you have in the server and cpu resources.
#free -m and # cat /proc/cpuinfo | egrep 'cores|processor'
(Not to insult your intelligence , I am just specifying what I was curious
to see)
And it's always easier to copy/paste than to think.
I see in another thread
Hello All,
I am trying to run tomcat as a non root user.
It will start as the tomcat user but it will not bind to connector 443
unless it starts as root.
Does anyone know why?
23-Feb-2018 09:14:59.140 SEVERE [main]
org.apache.catalina.core.StandardService.initInternal Failed to in
, February 23, 2018 12:53 PM
To: Tomcat Users List
Subject: Re: Running as user tomcat
Hi Chris,
> Am 23.02.2018 um 18:36 schrieb Cheltenham, Chris
> :
>
> Hello All,
>
> I am trying to run tomcat as a non root user.
>
> It will start as the tomcat user but it will not bind to
Since AJP is not really needed by Tomcat; If I comment out the AJP startup
line in server.xml will that affect anything.
I still don’t even understand what its for.
I have read the apache docs but it doesn’t mean anything to me..
Apache's description doesn't tell me anything.
The AJP Connector
if necessary it is proxied to Tomcat via AJP. You take HTTP
request from that system, put it in an AJP record and send it over TCPIP to
Tomcat's AJP connector.
Is it more clear now?
-Original Message-
From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org]
Sent: Wednesday, Feb
In this case are you tunneling into tomcat via 8009 AJP connector?
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
-Original Message-
From: Christopher Schultz [mailto:ch...@christ
Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, February 28, 2018 9:26 AM
To: users@tomcat.apache.org
Subject: Re: Security of AJP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 2/28/18 8:40 AM, Cheltenham, Chris wrote:
> Since AJP is not really needed by Tomcat; If I comm
t: Thursday, March 1, 2018 8:34 AM
To: Tomcat Users List
Subject: Re: Security of AJP
On 2/28/2018 10:16 AM, Mark H. Wood wrote:
> On Wed, Feb 28, 2018 at 09:25:53AM -0500, Christopher Schultz wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Chris,
&g
Hello,
Has anyone set up tomcat as a non-root use?
I have set it up successfully however, I have to bound the non-root user
to port 8443.
What is the best way to reroute 8443 through 443?
There are several options.
Everything is set up at send to port 443 so I need to reroute 8443 i
From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org]
Sent: Friday, March 02, 2018 9:08 AM
To: 'Tomcat Users List'
Subject: tomcat 8.5.28
Hello,
Has anyone set up tomcat as a non-root use?
I have set it up successfully however, I have to bound the non-root user
to port 8443.
What is
[mailto:ma...@apache.org]
Sent: Friday, March 2, 2018 9:39 AM
To: Tomcat Users List ; Olaf Kock
Subject: Re: tomcat 8.5.28
On 02/03/18 14:30, Olaf Kock wrote:
>
>
> On 02.03.2018 15:22, Cheltenham, Chris wrote:
>> What?
>
> don't feed the trolls ;)
Better still, u
]
Sent: Friday, March 2, 2018 9:49 AM
To: users@tomcat.apache.org
Subject: Re: tomcat 8.5.28
On 02.03.2018 15:41, Cheltenham, Chris wrote:
> Mark,
>
> Can you elaborate on what is going on there?
> What trolls?
> I don’t know what that means.
See : https://en.wikipedia.org/wiki
2018 at 15:08, Cheltenham, Chris
wrote:
> Hello,
>
>
>
> Has anyone set up tomcat as a non-root use?
>
>
>
> I have set it up successfully however, I have to bound the non-root
> user to port 8443.
>
>
>
> What is the best way to reroute 8443
All,
I am not sure is this out of scope with Tomcat's policies?
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
-Original Message-
From: Cheltenham, Chris [mailto:cchelt
Yes , I was able to start up tomcat 9.0.4 with the corresponding java.
One thing that was annoying was that $JAVA_HOME/jre/lib/security dorectory
has changes to $JAVA_HOME/lib/security.
Not a big deal but if you are using certs it is.
Now, the applications is used did not like java 9 , so I pulle
...@christopherschultz.net]
Sent: Friday, March 2, 2018 11:55 AM
To: users@tomcat.apache.org
Subject: Re: tomcat 8.5.28
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 3/2/18 9:30 AM, Olaf Kock wrote:
> On 02.03.2018 15:22, Cheltenham, Chris wrote:
>> From: Cheltenham, Chris [mailto:cc
Hello Everyone,
Is there a way to redirect ports 80 and 443 to 8443.
I have a non root user but I cannot use CentOS firewalld nor iptables.
I have tried these things.
But it still fails.
===
Thank You;
Chris Cheltenham
Technology Services
The School Di
...@christopherschultz.net]
Sent: Tuesday, March 13, 2018 2:03 PM
To: Tomcat Users List
Subject: Re: Binding a non root user to port 443
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 3/13/18 1:26 PM, Cheltenham, Chris wrote:
> Is there a way to redirect ports 80 and 443 to 8443.
&g
Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, March 13, 2018 2:03 PM
To: Tomcat Users List
Subject: Re: Binding a non root user to port 443
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 3/13/18 1:26 PM, Cheltenham, Chris wrote:
> Is ther
: SHA256
Chris,
On 3/13/18 1:26 PM, Cheltenham, Chris wrote:
> Is there a way to redirect ports 80 and 443 to 8443.
>
> I have a non root user but I cannot use CentOS firewalld nor iptables.
How about authbind?
> I have tried these things.
>
> redirectPort="8443"
443
On Tue, Mar 13, 2018 at 11:18 AM, Cheltenham, Chris
wrote:
> I may lobby for iptables but the admins are pushing back.
"pushing back" because of laziness or actual reasons?
--
Hassan Schroeder hassan.schroe...@gmail.com
twitter: @hassan
Consulting
-6571
-Original Message-
From: Hassan Schroeder [mailto:hassan.schroe...@gmail.com]
Sent: Tuesday, March 13, 2018 2:40 PM
To: Tomcat Users List
Subject: Re: Binding a non root user to port 443
On Tue, Mar 13, 2018 at 11:18 AM, Cheltenham, Chris
wrote:
> I may lobby for iptables
Hello Coty,
I am not sure what you mean?
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: W
Coty,
Oh this thread was long ago and answered by someone else.
Thanks
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
-Original Message-
From: Cheltenham, Chris
-
Hash: SHA256
Chris,
On 3/14/18 10:02 AM, Cheltenham, Chris wrote:
> Oh this thread was long ago and answered by someone else.
You asked the same question on 2018-03-02, and got many replies including
the ones I gave in this thread. Actually, I replied as well.
Previous thread: https://markmail.
Work # 215-400-5025
Cell # 215-301-6571
-Original Message-
From: Olaf Kock [mailto:tom...@olafkock.de]
Sent: Wednesday, March 14, 2018 11:59 AM
To: users@tomcat.apache.org
Subject: Re: Binding a non root user to port 443
On 14.03.2018 16:02, Cheltenham, Chris wrote:
> Chris,
>
>
Cell # 215-301-6571
-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
Sent: Wednesday, March 14, 2018 6:45 PM
To: users@tomcat.apache.org
Subject: Re: Binding a non root user to port 443
Hi.
On 14.03.2018 18:21, Cheltenham, Chris wrote:
> Ok , I thank you guys f
21:26 AM
Subject: Re: Binding a non root user to port 443
Chris,
On 15.03.2018 13:34, Cheltenham, Chris wrote:
> Andre,
>
> You probably missed where I had mentioned the infrastructure group poo poo'd
> altering iptables for whatever reason.
>
> Here is what I think are my 5 be
There is a behavior I see in tomcat at times which is puzzling to me.
Sometimes when I start up tomcat it doesn't log anything.
Maybe I am restarting ti to fast?
I don't have any other symptoms to report other than . sometimes when a
start tomcat it does not log anything.
Does any
lphia
Work # 215-400-5025
Cell # 215-301-6571
-Original Message-
From: Christopher Schultz
Sent: Thursday, April 5, 2018 10:58 AM
To: users@tomcat.apache.org
Subject: Re: tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 4/5/18 9:08 AM, Cheltenham, Chris wrote:
> Th
-6571
-Original Message-
From: Christopher Schultz
Sent: Thursday, April 5, 2018 12:45 PM
To: users@tomcat.apache.org
Subject: Re: tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 4/5/18 11:13 AM, Cheltenham, Chris wrote:
> Thanks for answering. It's not a big p
Hello,
I have been trying to find out what this meand starting up Tomcat to no
avail.
Please help.
I mean -d64 that is.
JAVA_OPTS="-d64"
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-
linux have their own 32-bit or 64-bit
java installations.
On Fri, Apr 20, 2018 at 8:32 AM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:
> Hello,
>
>
>
> I have been trying to find out what this meand starting up Tomcat to
> no avail.
>
> Please
the application is run in a 32-bit environment
unless a 64-bit system is used.
Thanks,
Robert
From: Cheltenham, Chris
Sent: Friday, April 20, 2018 6:32 AM
To: 'Tomcat Users List'
Subject: setupenv.sh
CAUTION: This email is from an external source. Do not click links or
open attachm
Hello,
How do I configure Tomcat 8.5.x to use log4j?
Is there a good document to follow?
I am not very familiar with java but it looks like you configure to logs
to accept java logging for Tomcat.
===
Thank You;
Chris Cheltenham
Technology Services
The
45 matches
Mail list logo