Re: Creating another Tomcat copy in hot stand-by when original goes down.
Hi everyone, @Andre : Yes, the material is quite enough, I am using a AJP connector and as Spring-security automatically rewrites/redirects to https, that is not the problem I am having. The problem is that even if *one* Tomcat is going down, the whole setup is dying, Not the point of this task. I want to keep one alive and it should keep working. @Chris : I have no option other then Apache httpd as I see it now, I have already configured some stuff, which I will be posting below. What I want is to load-balance between both the Tomcat's, but if one goes down, the other one should still work. I have already put the JSESSIONID(consumed by Spring-security), in the config. The problem I am having right now is that even if *one* tomcat goes down, then I get a 503, service not available. What am I doing wrong? Also, is there any way to detect which Tomcat is being used by the user right now? Here are the changes I made : For apache2 in sites-enabled/000-default : BalancerMember ajp://localhost:8010 route=jvmroute-first connectiontimeout=10 BalancerMember http://localhost:8011 route=jvmroute-second connectiontimeout=10 ProxySet stickysession=JSESSIONID Order Deny,Allow Deny from none Allow from all ProxyPass / balancer://mycluster/ ProxyPassReverse / balancer://mycluster/ First Apache tomcat instance : Connector port="8010" protocol="AJP/1.3" redirectPort="443" URIEncoding="utf-8" compressableMimeType="text/html,text/xml,text/plain,text/css,text/ javascript,application/x-javascript,application/javascript" /> // No modifications inside Second tomcat instance : // No modifications inside So if I shut down one tomcat, then I cannot access the site. What is the mistake I am making. Kindly let me know. Thank you. On Wed, Dec 9, 2015 at 1:29 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > Akshay, > > On 12/8/15 8:07 AM, Kernel freak wrote: > > I am working on a Debian server in which I would like to setup 2 > instances > > of Apache tomcat which will be load balanced by an Apache HTTP server(Do > I > > require a http server? ). In-case one copy of Apache tomcat goes down, > the > > other one will automatically comes online. > > You won't require Apache httpd, but you will need some kind of proxying > server. Nginx and haproxy will work. Squid, Varnish, etc. will > presumably all work as well. This community has expertise with Apache > httpd -> Tomcat as well as some others. I personally have only ever used > Apache httpd (and likely haproxy, though I don't actually know what AWS > ELB is using. In either case, I don't configure it directly, so it > doesn't matter). > > > While I was creating a configuration for one of our server, I know how to > > relay requests based upon URL to Apache Tomcat, these are the 2 things I > > don't know. > > > > 1) Will this work with https? Reason I ask is, there are many pages which > > are served under https and the configuration which I have and shown below > > seems to be calling with http instead of https. > > > > 2) How to trigger the 2nd copy of tomcat. > > > > Here is what I have till now in Apache web server : > > > > // Below is the redirection for tomcat webapps. > > > > ServerName www.domain_tomcat.de > > ServerAlias domain_tomcat.de > > ProxyRequests on > > I don't think you want this *at all*. "ProxyRequests" is for > forward-proxying, like providing a MITM for outgoing HTTP traffic. > > > ProxyPreserveHost On > > > > Order deny,allow > > Allow from all > > > > > > // I was thinking instead of routing to maintenance.html, I would start > the > > other app, but that sounds quite hackish. I thought there might be a > better > > way. > > ErrorDocument 503 /maintenance.html > > ErrorDocument 404 /maintenance.html > > ErrorDocument 500 /maintenance.html > > > > ProxyPass /maintenance.html ! > > > > // As you can see below, I am redirecting with http, which is my first > > point, will it automatically redirect to https, as tomcat webapp is using > > Spring-security and it has specific paths for which it must use https. > > ProxyPass / http://localhost:8080/ > > ProxyPassReverse / http://localhost:8080/ > > If your VirtualHost supports HTTPS, then you can still use > http://localhost:8080 as your target. You just need to make sure that > you send-over all the appropriate headers to the back-end server, and > enable the various Valves on the Tomcat side to handle the proxying of > this information: > > http://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Proxies_Support &
Failover not working even after configuration.
I am working on Apache and tomcat to setup Load-balancing and fail-over. Initially I thought that load-balancing would include fail-over, but I was wrong. I thought that if one instance is not active, then consuming other instance also becomes a part of load-management. Enough with the terminologies, I setup fail-over, but the ironical part is fail-over itself is failing. As soon as I shut down one instance of tomcat, the entire setup is dead and I am getting 503. Can someone help me understand what is the problem. Added this in apache2.conf : JkWorkersFile /etc/apache2/workers.properties JkMount /* loadbalancer workers.properties : worker.list=loadbalancer worker.server1.port=8010 worker.server1.host=localhost worker.server1.type=ajp13 worker.server2.port=8011 worker.server2.host=localhost worker.server2.type=ajp13 worker.server1.lbfactor=1 worker.server2.lbfactor=1 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=server1,server2 worker.loadbalancer.method=B worker.balancer.sticky_session=True 000-default in sites-enabled : JkMountCopy On BalancerMember ajp://localhost:8010 route=server1 connectiontimeout=10 BalancerMember ajp://localhost:8011 route=server2 connectiontimeout=10 ProxySet stickysession=JSESSIONID|jsessionid Order Deny,Allow Deny from none Allow from all ProxyRequests off ProxyPass /balancer-manager !ProxyPass / balancer://mycluster/ProxyPassReverse / balancer://mycluster/ SetHandler balancer-manager Order Deny,AllowDeny from noneAllow from all First tomcat's server.xml : // No modifications inside Second Tomcat's server.xml : // No modifications here I am working on Apache and tomcat to setup Load-balancing and fail-over. Initially I thought that load-balancing would include fail-over, but I was wrong. I thought that if one instance is not active, then consuming other instance also becomes a part of load-management. Enough with the terminologies, I setup fail-over, but the ironical part is fail-over itself is failing. As soon as I shut down one instance of tomcat, the entire setup is dead and I am getting 503. Can someone help me understand what is the problem. Added this in apache2.conf : JkWorkersFile /etc/apache2/workers.properties JkMount /* loadbalancer workers.properties : GNU nano 2.2.6 File: workers.properties worker.list=loadbalancer worker.server1.port=8010 worker.server1.host=localhost worker.server1.type=ajp13 worker.server2.port=8011 worker.server2.host=localhost worker.server2.type=ajp13 worker.server1.lbfactor=1 worker.server2.lbfactor=1 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=server1,server2 worker.loadbalancer.method=B worker.balancer.sticky_session=True 000-default in sites-enabled : JkMountCopy On BalancerMember ajp://localhost:8010 route=server1 connectiontimeout=10 BalancerMember ajp://localhost:8011 route=server2 connectiontimeout=10 ProxySet stickysession=JSESSIONID|jsessionid Order Deny,Allow Deny from none Allow from all ProxyRequests off ProxyPass /balancer-manager !ProxyPass / balancer://mycluster/ProxyPassReverse / balancer://mycluster/ SetHandler balancer-manager Order Deny,AllowDeny from noneAllow from all First tomcat's server.xml : // No modifications inside Second Tomcat's server.xml : // No modifications here What mistake I am making in the config for implementing load-balancing and fail-over together. Thanks a lot.
Apache failover configuration not working(Update)
Hello friends, I am working on a server-configuration in which I would like to setup load-balancing with fail-over. Unfortunately, I am not having much luck with the process. I will be posting my updated config, so it is easier to understand. Kindly have a look. First Tomcat's server.xml : > SSLEnabled="true" maxThreads="200" compression="force" >> compressionMinSize="1024" scheme="https" secure="true" clientAuth="false" >> sslProtocol="TLS" >> keystoreFile="keystore.jks" keystorePass="PASSWORD" URIEncoding="utf-8" >> compressableMimeType="text/html,text/xml,text/plain,text/css,text/ >> javascript,application/x-javascript,application/javascript" >> /> >> // I didn't remove the above connector, as I didn't knew how to use SSL >> with load-balancing and fail-over. >> > >> > URIEncoding="utf-8" >> compressableMimeType="text/html,text/xml,text/plain,text/css,text/ >> javascript,application/x-javascript,application/javascript" >> /> >> > > > unpackWARs="true" autoDeploy="true"> > channelSendOptions="8"> > > expireSessionsOnShutdown="false" >notifyListenersOnReplication="true"/> > >className="org.apache.catalina.tribes.group.GroupChannel"> > className="org.apache.catalina.tribes.membership.McastService" > address="228.0.0.4" // What kind of address is > this? > port="45564" > frequency="500" > dropTime="3000"/> > className="org.apache.catalina.tribes.transport.nio.NioReceiver" > address="148.251.151.18" > port="4000" > autoBind="100" > selectorTimeout="5000" > maxThreads="6"/> > > className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> >className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/> > > className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/> > className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/> > > > Second tomcat config : > > SSLEnabled="true" maxThreads="200" compression="force" > compressionMinSize="1024" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > keystoreFile="keystore.jks" keystorePass="PAssword" > URIEncoding="utf-8" > compressableMimeType="text/html,text/xml,text/plain,text/css,text/ > javascript,application/x-javascript,application/javascript" > /> > URIEncoding="utf-8" > compressableMimeType="text/html,text/xml,text/plain,text/css,text/ > javascript,application/x-javascript,application/javascript" > /> > // The cluster config same as above, only the above stuff has changed. > workers.properties : worker.list=loadbalancer > worker.server1.port=8010 > worker.server1.host=localhost > worker.server1.type=ajp13 > > worker.server2.port=8011 > worker.server2.host=localhost > worker.server2.type=ajp13 > > worker.server1.lbfactor=1 > worker.server2.lbfactor=1 > > worker.loadbalancer.type=lb > worker.loadbalancer.balance_workers=server1,server2 > worker.loadbalancer.method=B > worker.balancer.sticky_session=true > 000-defaults in sites-enabled JkMountCopy On > > BalancerMember ajp://localhost:8010 route=server1 connectiontimeout=10 > BalancerMember ajp://localhost:8011 route=server2 connectiontimeout=10 > >ProxySet stickysession=JSESSIONID|jsessionid >Order Deny,Allow >Deny from none >Allow from all > > > > > ProxyRequests off > > ProxyPass /balancer-manager ! > ProxyPass / balancer://mycluster/ > ProxyPassReverse / balancer://mycluster/ > > > > SetHandler balancer-manager > > Order Deny,Allow > Deny from none > Allow from all > > This added in apache2.conf : JkWorkersFile /etc/apache2/workers.properties > > JkMount /* loadbalancer > Now, when both the tomcat versions are online, then I have no issues, but as soon as one tomcat goes down, then the whole setup dies. What am I doing wrong. Also, if I remove connector for 443, should I also remove the redirectPort in AJP connector. Kindly let me know. Thank you.
Re: Failover not working even after configuration.
Hi, Thank you for finding out that mistake with port-number. What I fail to understand is, where to redirect the AJP request then? Can you tell me that. I am as of now creating additional mail, as I changed the config and added a Cluster in tomcat. I just need to know what's the deal with those connectors, as the webapp requires https.. Should I remove that redirectPort in ajp? Kindly let me know. Thank you. On Wed, Dec 9, 2015 at 4:46 PM, André Warnier (tomcat) <a...@ice-sa.com> wrote: > > On 09.12.2015 15:56, Kernel freak wrote: > >> I am working on Apache and tomcat to setup Load-balancing and fail-over. >> Initially I thought that load-balancing would include fail-over, but I was >> wrong. I thought that if one instance is not active, then consuming other >> instance also becomes a part of load-management. >> > > It should : > quote : http://tomcat.apache.org/connectors-doc/reference/workers.html > > Load balancer management includes: > > Instantiating the workers in the web server. > Using the worker's load-balancing factor, perform weighed-round-robin > load balancing where high lbfactor means stronger machine (that is going to > handle more requests) > Keeping requests belonging to the same session executing on the same > Tomcat worker. > Identifying failed Tomcat workers, suspending requests to them and > instead fall-backing on other workers managed by the lb worker. > > The overall result is that workers managed by the same lb worker are > load-balanced (based on their lbfactor and current user session) and also > fall-backed so a single Tomcat process death will not "kill" the entire > site. > > > Enough with the > >> terminologies, I setup fail-over, but the ironical part is fail-over >> itself >> is failing. >> >> As soon as I shut down one instance of tomcat, the entire setup is dead >> and >> I am getting 503. Can someone help me understand what is the problem. >> >> > Maybe the first step would be to remove the irrelevant parts of he > configuration below. > Also, please make an effort at formatting your email, in plain text. > What comes below is almost unreadable as it is. > (Even in the original mail to the list, see by yourself) > > I have reformatted what I could.. > > > Added this in apache2.conf : >> >> JkWorkersFile /etc/apache2/workers.properties >> JkMount /* loadbalancer >> >> workers.properties : >> >> worker.list=loadbalancer >> worker.server1.port=8010 >> worker.server1.host=localhost >> worker.server1.type=ajp13 >> >> worker.server2.port=8011 >> worker.server2.host=localhost >> worker.server2.type=ajp13 >> >> worker.server1.lbfactor=1 >> worker.server2.lbfactor=1 >> >> worker.loadbalancer.type=lb >> worker.loadbalancer.balance_workers=server1,server2 >> worker.loadbalancer.method=B >> worker.balancer.sticky_session=True >> >> 000-default in sites-enabled : >> >> >> JkMountCopy On >> > > > >> BalancerMember ajp://localhost:8010 route=server1 >> connectiontimeout=10 >> BalancerMember ajp://localhost:8011 route=server2 >> connectiontimeout=10 >> >> ProxySet stickysession=JSESSIONID|jsessionid >> Order Deny,Allow >> Deny from none >> Allow from all >> >> ProxyRequests off >> ProxyPass /balancer-manager ! >> > > ProxyPass / balancer://mycluster/ > ProxyPassReverse / balancer://mycluster/ > > SetHandler balancer-manager > Order Deny,Allow > Deny from none > Allow from all > > >> >> >> First tomcat's server.xml : >> >> > On your front-end, you are re-directing everything to the tomcats, via AJP. > So this Connector is superfluous, and only makes the discussion more > confusing : > > > compression="force" compressionMinSize="1024" >> connectionTimeout="2" >> redirectPort="443" URIEncoding="utf-8" >> compressableMimeType="text/html,text/xml,text/plain,text/css,text/ >> javascript,application/x-javascript,application/javascript"/> >> >> > Same for this one. You are using AJP, so you are never accessing tomcat > directly via HTTPS. Useless : > > > SSLEnabled="true" maxThreads="200" compression="force" >>compressionMinSize="1024" scheme="https" secure="true" >> clientAuth="false" sslProtocol="TLS" >>
Re: Apache failover configuration not working(Update)
Yes, I can do that, but Spring-security switches back and forth http/https depending upon the security-configuration in webapp, that's why I have not removed it. What do you mean by your worker members should appear in workers.properties? File: workers.properties worker.list=loadbalancer worker.server1.port=8010 worker.server1.host=localhost worker.server1.type=ajp13 worker.server2.port=8011 worker.server2.host=localhost worker.server2.type=ajp13 worker.server1.lbfactor=1 worker.server2.lbfactor=1 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=server1,server2 worker.loadbalancer.method=B worker.loadbalancer.sticky_session_force=false worker.loadbalancer.sticky_session=false On Wed, Dec 9, 2015 at 5:31 PM, Mikel Ibiricu <jlumi...@gmail.com> wrote: > Hi > > I was reading your previous message and Andre's reply and I could not > figured out why you don't manage https certificates in Apache Httpd and > take all its configuration out of the tomcats. > > Second way, not sure about that, it's been a while since the last time I > used a load balancer, but should not the load balancer worker members > appear in the workers.properties' worker_list? > > Regards, > Mikel > El 09/12/2015 17:24, "Kernel freak" <kernelfr...@gmail.com> escribió: > > > Hello friends, > > > > I am working on a server-configuration in which I would like to setup > > load-balancing with fail-over. Unfortunately, I am not having much luck > > with the process. I will be posting my updated config, so it is easier to > > understand. Kindly have a look. > > > > First Tomcat's server.xml : > > > > > > > >> SSLEnabled="true" maxThreads="200" compression="force" > > >> compressionMinSize="1024" scheme="https" secure="true" > > clientAuth="false" > > >> sslProtocol="TLS" > > >> keystoreFile="keystore.jks" keystorePass="PASSWORD" > URIEncoding="utf-8" > > >> compressableMimeType="text/html,text/xml,text/plain,text/css,text/ > > >> javascript,application/x-javascript,application/javascript" > > >> /> > > >> // I didn't remove the above connector, as I didn't knew how to use > > SSL > > >> with load-balancing and fail-over. > > >> > > > > > >> > >> URIEncoding="utf-8" > > >> compressableMimeType="text/html,text/xml,text/plain,text/css,text/ > > >> javascript,application/x-javascript,application/javascript" > > >> /> > > >> > > > > > > > > > > > unpackWARs="true" autoDeploy="true"> > > > > > channelSendOptions="8"> > > > > > >> className="org.apache.catalina.ha.session.DeltaManager" > > >expireSessionsOnShutdown="false" > > >notifyListenersOnReplication="true"/> > > > > > >> > className="org.apache.catalina.tribes.group.GroupChannel"> > > > > > className="org.apache.catalina.tribes.membership.McastService" > > > address="228.0.0.4" // What kind of address is > > > this? > > > port="45564" > > > frequency="500" > > > dropTime="3000"/> > > > > > className="org.apache.catalina.tribes.transport.nio.NioReceiver" > > > address="148.251.151.18" > > > port="4000" > > > autoBind="100" > > > selectorTimeout="5000" > > > maxThreads="6"/> > > > > > > > > > className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> > > >> > > > > className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/> > > > > > > > > > > > className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/> > > > > > > > > className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/> > > > > > &g
Re: Tomcat, Apache web-server : Simultaneously running both servers and Virtual Hosting.
Hi Chris, I just saw your mail, although I was able to solve this problem yesterday before leaving. This is what I did. I just waned to know, if this configuration will also work if I am using https. Thank you. Here is what I did : Tomcat's server.xml : // Multiple webapps hosted Added this in jk.conf : JkWorkersFile /PATH/to/workers.properties JkLogFile /var/log/apache2/mod_jk.log JkLogLevel notice JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " JkOptions +ForwardURIProxy JkMountFile /path/to/uriworkermap.properties workers.properties : worker.list = worker_app1 worker.worker_app1.type = lb worker.worker_app1.balance_workers = app1_instance1 worker.worker_app1.sticky_session = true worker.worker_app1.sticky_session_force = false worker.worker_app1.method = busyness worker.app1_instance1.type = ajp13 worker.app1_instance1.host = 127.0.0.1 worker.app1_instance1.port = 8010 worker.app1_instance1.host = localhost worker.app1_instance1.lbfactor = 1 worker.app1_instance1.socket_timeout = 40 worker.app1_instance1.socket_keepalive = true worker.app1_instance1.reply_timeout = 3 uriworkermap.properties : /|/* = worker_app1; Added this to 000-default in sites-enabled // This is the tomcat domain. ServerName www.domain_tomcat_webapp.de ServerAlias domain_tomcat_webapp.de ProxyRequests on ProxyPreserveHost On Order deny,allow Allow from all ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ <Location / > Order allow,deny Allow from all Will this config also work if the the request made is in https? Kindly let me know. Thanks a lot. :-) On Mon, Dec 7, 2015 at 8:55 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > Akshay, > > On 12/7/15 2:53 PM, Christopher Schultz wrote: > > Akshay, > > > > On 12/7/15 5:26 AM, Kernel freak wrote: > >> >> protocol="org.apache.coyote.http11.Http11NioProtocol" > >> compression="force" compressionMinSize="1024" > >>connectionTimeout="2" maxPostSize="5242880" > >>URIEncoding="utf-8" > >> compressableMimeType="text/html,text/xml,text/plain,text/css,text/ > >> javascript,application/x-javascript,application/javascript"/> > >> > >> > >> >> protocol="org.apache.coyote.http11.Http11NioProtocol" > >> maxPostSize="5242880" SSLEnabled="true" maxThreads="200" compre$ > >> compressionMinSize="1024" scheme="https" secure="true" > >> clientAuth="false" sslProtocol="TLS" > >>keystoreFile="keystorefile" keystorePass="PASSWORD" > >> URIEncoding="utf-8" > >> compressableMimeType="text/html,text/xml,text/plain,text/css,text/ > >> javascript,application/x-javascript,application/javascript"/> > > > > You have configured Tomcat for ports 80 and 443. When you start httpd: > > > >> [] Restarting web server: apache2(98)Address already in use: > >> make_sock: could not bind to address [::]:80 > >> (98)Address already in use: make_sock: could not bind to address > 0.0.0.0:80 > >> no listening sockets available, shutting down > >> Unable to open logs > >> Action 'start' failed. > >> The Apache error log may have more information. > >> failed! > > > > ... you get a port conflict. You have to choose: httpd or Tomcat on port > > 80 (and 443). > > > >> I understand that Tomcat is running on 80, but how do I then configure > >> the servers so they can run simultaneously. > > > > It looks like you started configuring for mod_jk, but didn't really > > finish. What you have to do is proxy *all* applications from http -> > > Tomcat. Then remove the HTTP from Tomcat and rely > > exclusively on the AJP connector(s). (You really only need one single > > AJP connector, since it will forward TLS information across to Tomcat.) > > Have a look at > > http://people.apache.org/~schultz/ApacheCon%20NA%202015/Load-balancing%20Tomcat%20with%20mod_jk.pdf > starting at slide 19. > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Creating another Tomcat copy in hot stand-by when original goes down.
Hello friends, I am working on a Debian server in which I would like to setup 2 instances of Apache tomcat which will be load balanced by an Apache HTTP server(Do I require a http server? ). In-case one copy of Apache tomcat goes down, the other one will automatically comes online. While I was creating a configuration for one of our server, I know how to relay requests based upon URL to Apache Tomcat, these are the 2 things I don't know. 1) Will this work with https? Reason I ask is, there are many pages which are served under https and the configuration which I have and shown below seems to be calling with http instead of https. 2) How to trigger the 2nd copy of tomcat. Here is what I have till now in Apache web server : // Below is the redirection for tomcat webapps. ServerName www.domain_tomcat.de ServerAlias domain_tomcat.de ProxyRequests on ProxyPreserveHost On Order deny,allow Allow from all // I was thinking instead of routing to maintenance.html, I would start the other app, but that sounds quite hackish. I thought there might be a better way. ErrorDocument 503 /maintenance.html ErrorDocument 404 /maintenance.html ErrorDocument 500 /maintenance.html ProxyPass /maintenance.html ! // As you can see below, I am redirecting with http, which is my first point, will it automatically redirect to https, as tomcat webapp is using Spring-security and it has specific paths for which it must use https. ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/Order allow,deny Allow from all My tomcat config is rather simple : I can setup a similar instance of Tomcat in another location if desired. But how can I handle the switching between them when one goes down. Kindly let me know. Thank you. :-)
Re: Tomcat, Apache web-server : Simultaneously running both servers and Virtual Hosting.
Hi, Thank you for the links, I will go through it. I have configured Apache Tomcat to serve multiple webapps depending upon the URL, but Apache web-server is what seems to be stopping me. The major problem I am having is I cannot find any examples if someone has tried to do this before. I have gone a bit further since I posted the question in the mailing list. Can you please check out this question : http://serverfault.com/questions/740534/apache-webserver-tomcat-runing-multiple-tomcat-webapps-and-apache-webserver Thanks a lot. Now my only-problem is how to inform Apache2 that, don't process this URL, just forward it. I will read it in parallel what you gave. Regards, Akshay S
Re: Tomcat, Apache web-server : Simultaneously running both servers and Virtual Hosting.
Thank you for the changes you suggested. First problem is, not all the webapps have Https enabled, so I have to use port-number 80. Can you suggest me an alternative configuration. I have changed it to port 8080 and given a proxyPort=80 as follows : < --> - // Multiple webapp declarations My sites-enabled file looks like this : ServerAdmin webmaster@localhost ServerName www.domain-shop.com DocumentRoot /var/www Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined ServerName www.domain_tomcat.de ServerAlias domain_tomcat.de ProxyRequests off ProxyPreserveHost On Order deny,allow Allow from all ProxyPass / ajp://localhost:8010/ ProxyPassReverse / ajp://localhost:8010/ <Location / > Order allow,deny Allow from all workers.properties looks like : worker.list = worker_app1 worker.worker_app1.type = lb worker.worker_app1.balance_workers = app1_instance1 worker.worker_app1.sticky_session = true worker.worker_app1.sticky_session_force = false worker.worker_app1.method = busyness worker.app1_instance1.type = ajp13 worker.app1_instance1.host = 127.0.0.1 worker.app1_instance1.port = 8010 worker.app1_instance1.host = localhost worker.app1_instance1.lbfactor = 1 worker.app1_instance1.socket_timeout = 40 worker.app1_instance1.socket_keepalive = true worker.app1_instance1.reply_timeout = 3 uriworkermap.properties looks like : # Proxy everything to backend: /|/* = worker_app1; jk.conf in modules-enabled JkWorkersFile /etc/apache2/workrs.properties JkLogFile /var/log/apache2/mod_jk.log JkLogLevel notice JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " JkOptions +ForwardURIProxy JkMountFile /etc/apache2/uriworkermap.properties After this, when I try to open domain_tomcat.de, I get : The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. So, what am I missing. Kindly let me know. Thanks a lot. :-) On Mon, Dec 7, 2015 at 3:48 PM, Frederik Nosi <frederik.n...@postecom.it> wrote: > (Yes, it's me who replied on serverfault.com, on this one: > http://serverfault.com/questions/740534/apache-webserver-tomcat-runing-multiple-tomcat-webapps-and-apache-webserver > ), > On 12/07/2015 11:26 AM, Kernel freak wrote: > > Hello friends, > > I am working on some server side changes in which I have the webapps or > website hosted by Apache server is called by the URL. So if url > iswww.domain-one.com, then the specific webapp or website must be served. > > I have partial success in these regards as I have already configured Apache > Tomcat to host multiple webapps, and call them based on URL. It is working. > > Now on to the 2nd stage of problem, where I have hosted a CMS on Apache > server, and would like to call it with a URL, *but also keep Apache tomcat > running in parallel*, and this is the main problem I am dealing with. > > This may seem like a Apache server issue, but it's both, as I want to run > Apache web-server and Apache tomcat simultaneously with Virtual hosting. I > just hope there might be people here who know both servers. > > I tried mod_jk without any luck. Here are the changes I made to tomcat and > apache server. > > Tomcat changes : server.xml : > > protocol="org.apache.coyote.http11.Http11NioProtocol" > compression="force" compressionMinSize="1024" >connectionTimeout="2" maxPostSize="5242880" >URIEncoding="utf-8" > compressableMimeType="text/html,text/xml,text/plain,text/css,text/ > javascript,application/x-javascript,application/javascript"/> > > > > You're using port 80 on your server for tomcat, that's why apache fails to > start, because port 80 is in use, see later. > > > protocol="org.apache.coyote.http11.Http11NioProtocol" > maxPos
Re: Tomcat, Apache web-server : Simultaneously running both servers and Virtual Hosting.
So you don't know what mistake I am making in the configuration? On Mon, Dec 7, 2015 at 4:52 PM, Hassan Schroeder <hassan.schroe...@gmail.com > wrote: > On Mon, Dec 7, 2015 at 7:11 AM, Kernel freak <kernelfr...@gmail.com> > wrote: > > > More information about this error may be available in the server error > log. > > > > So, what am I missing. > > To start, the information in the server log referenced above. > > Secondly, I'd strongly recommend you start out by using plain old > mod_proxy and mod_proxy_http rather than mod_jk - less config > required, doesn't require changing your Tomcat config other than > picking a different port number than 80 for your connectors. > > Good luck, > -- > Hassan Schroeder hassan.schroe...@gmail.com > http://about.me/hassanschroeder > twitter: @hassan > Consulting Availability : Silicon Valley or remote > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: URL based redirection working partially with Apache tomcat
Hi Chris, I was able to finally resolve it by adding Host elements directly in server.xml and creating separate webapps folder for each app to hold the WAR file. I am on to a bigger fish. I will post a question soon in mailing list. Thank you. On Thu, Dec 3, 2015 at 6:37 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > To whom it may concern, > > On 12/3/15 10:54 AM, Kernel freak wrote: > > Hello friends, > > > > I would like to deploy multiple webapps(as of now 2,waiting for domain > name > > for 3rd) on a single Apache Tomcat instance. I have been partially > > successful as one URL is working properly, other is not. > > > > Situation : > > 1) I have created two folders called domain1_webapps and domain2_webapps > > and put the respective webapps named ROOT.war in each of them. > > 2) Then I configured server.xml as mentioned below. > > > > > > > autoDeploy="true"/> > > unpackWARs="true" > > appBase="domain1_webapps"/> > > unpackWARs="true" > > appBase="domain2_webapps"/> > > > > Right now when I call www.domain-one.com( not domain-one.com), I get the > > correct site. But for the 2nd one, I have to call > > www.domain-two.com/app_name. > > > > *How can I remove in 2nd domain the app_name context-path which is > getting > > appended. Kindly let me know. * > > > > The ironical situation is I have not kept the app_name anywhere, guess > > Tomcat must be retrieving it from POM.xml. > > > > Reference question on SO : > > > http://stackoverflow.com/questions/34069289/apache-tomcat-url-based-redirection-partially-works > > Have you read the documentation for how to deploy a web application in > Tomcat? > > > http://tomcat.apache.org/tomcat-8.0-doc/config/context.html#Defining_a_context > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Tomcat, Apache web-server : Simultaneously running both servers and Virtual Hosting.
Hello friends, I am working on some server side changes in which I have the webapps or website hosted by Apache server is called by the URL. So if url is www.domain-one.com, then the specific webapp or website must be served. I have partial success in these regards as I have already configured Apache Tomcat to host multiple webapps, and call them based on URL. It is working. Now on to the 2nd stage of problem, where I have hosted a CMS on Apache server, and would like to call it with a URL, *but also keep Apache tomcat running in parallel*, and this is the main problem I am dealing with. This may seem like a Apache server issue, but it's both, as I want to run Apache web-server and Apache tomcat simultaneously with Virtual hosting. I just hope there might be people here who know both servers. I tried mod_jk without any luck. Here are the changes I made to tomcat and apache server. Tomcat changes : server.xml : www.domain-first.com www.domain-second.com Installed mod_jk with following command : apt-get install libapache2-mod-jk Created file workers.properties in /etc/apache2/ # Define 1 real worker using ajp13 worker.list=worker # Set properties for worker (ajp13) worker.worker.type=ajp13 worker.worker.host=localhost worker.worker.port=8010 Instructed jk.conf to load this file : JkWorkersFile /etc/apache2/workers.properties Finally edited 000-default in sites-enabled to add : JkMount /home/user/tomcat_directory/* worker1 Then restarted Apache2, and I got this error : [] Restarting web server: apache2(98)Address already in use: make_sock: could not bind to address [::]:80 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs Action 'start' failed. The Apache error log may have more information. failed! I understand that Tomcat is running on 80, but how do I then configure the servers so they can run simultaneously. Kindly let me know.. Regards, Akshay S.
URL based redirection working partially with Apache tomcat
Hello friends, I would like to deploy multiple webapps(as of now 2,waiting for domain name for 3rd) on a single Apache Tomcat instance. I have been partially successful as one URL is working properly, other is not. Situation : 1) I have created two folders called domain1_webapps and domain2_webapps and put the respective webapps named ROOT.war in each of them. 2) Then I configured server.xml as mentioned below. Right now when I call www.domain-one.com( not domain-one.com), I get the correct site. But for the 2nd one, I have to call www.domain-two.com/app_name. *How can I remove in 2nd domain the app_name context-path which is getting appended. Kindly let me know. * The ironical situation is I have not kept the app_name anywhere, guess Tomcat must be retrieving it from POM.xml. Reference question on SO : http://stackoverflow.com/questions/34069289/apache-tomcat-url-based-redirection-partially-works Regards, Kernel
Tomcat 7, no_cypher_overlap error, no solutions working, please help.
Hi guys, I am trying to setup https on tomcat, but not having much luck since 5 hours. I am always getting no_cypher_overlap errror. The certificate is not self-signed, but issued. The crt file I am importing for both root and tomcat alias. These are the files I have domainname.ca-bundle, .crt, .csr, .key, .p12, domainname.jks, THis is the command I gave : keytool -import -trustcacerts -alias root -file domainname.crt -keyalg RSA -keystore domainaname.jks Connector looks like this : Still it is not working, there are so many users out there, who have the same problem, and still there is no good solution for this. I have also posted it on Stackoverflow(Link below), no help there too. If anyone knows what I can do, kindly let me know. THis is messed up to configure https for 5 hours with issued certificate. Thanks. http://stackoverflow.com/questions/32866528/apache-tomcat-importing-already-existing-certificates-into-keystore Regards, Kernel
Re: Deploying .ca-bundle file .crt file as SSL certificates
On Wed, Nov 26, 2014 at 7:21 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern, On 11/26/14 12:00 PM, Kernel freak wrote: On Wed, Nov 26, 2014 at 5:33 PM, Christopher Schultz ch...@christopherschultz.net wrote: To whom it may concern, On 11/26/14 9:03 AM, Kernel freak wrote: After arguing with the admins for all this time, I finally have the few files ready. I have the following files : keystore.p12 That should contain your key. Can you confirm that with a 'keytool -list'? server.crt Is this the certificate that was signed by the CA? Yes, this is certificated signed by CA, but its a servercertificate, the domain certificate is below. This server.crt is provided by the hosting guys. I told them I will need a certificate for the server on which my domain is hosted, and i got this file. I have no idea what a domain certificate is. A cert is a cert, and it's signed by another cert all the way up to a root cert, known as a CA who has widespread trust. Hi, Domaincertificate is the one which I want to deploy. It is the one provided by CA authority. ssl-cert-snakeoil.key Uh, oh. That looks like one of OpenSSL's built-in CAs that are used for documentation and instructional purposes. I hope this isn't being used for anything at all. domainname.com.ca-bundle This should be the bundle of certificates for your domain, which may include intermediate certificates. Are you using your own internal CA or something? domainname.com.crt Which certificate is this? This is the SSL certificate which has to be deployed. domainname.com.csr Is this the CSR that you generated yourself? No, this is also provided by hosting guys So, did your hosting guys generate everything for you, then? It's customary to create your own key and CSR and then merely have the CA sign the CSR which results in your certificate. You import your certificate and, if necessary, any intermediate certificates your clients will require to form a trust chain from your server's cert up to the root that the client trusts. Hosting guys only generated the server.crt, and domainname.crt was provided by trusted authority. Can you tell me why the commands you provided/same on apache user guide are not working, showing me the error that unable to load certificates? Thank you for your patience.
Re: Deploying .ca-bundle file .crt file as SSL certificates
Hello, After arguing with the admins for all this time, I finally have the few files ready. I have the following files : keystore.p12, server.crt, ssl-cert-snakeoil.key, domainname.com.ca-bundle, domainname.com.crt domainname.com.csr domainname.com.key, vsftpd.pem. I did the following as Christoph said: root@domainname:/etc/ssl/private# openssl pkcs12 -export -in server.crt -inkey ssl-cert-snakeoil.key -certfile domainname.com.crt -out keystore.p12 -chain (pressed enter here) unable to load certificates // This is the error. If i just plain import the .crt file like this : keytool -import -alias tomcat -file domainname.com.crt -keystore /root/.keystore, Then firefox gives me this error : An error occurred during a connection to domainname.com:8443. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. On Tue, Nov 25, 2014 at 10:24 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern, On 11/25/14 3:32 AM, Kernel freak wrote: I don't have the server.key and server.crt. I have root access to server, I can generate my own if necessary. I only have .crt and .ca-bundle file. Can you tell me what to do. Thank you very much for your help. If you don't have the server's key but you have the server's certificate, then you must start all over again because the key is half of a paired key. Did you generate the CSR yourself? With what key did you generate that CSR? If someone else generated the CSR, go ask them where the key is that they used. If you have lost the key then you must redo the whole process, starting with generating a new key and CSR, then get the CSR signed. Then, import the signed certificate back into the same keystore. Then, configure Tomcat to use that keystore. The instructions on the Tomcat users' guide are fairly straightforward even if they don't explain the intricacies of public key infrastructure -- that's outside the scope of the users' guide. Thanks, - -chris On Mon, Nov 24, 2014 at 7:48 PM, Christopher Schultz ch...@christopherschultz.net wrote: Niranjan, On 11/24/14 10:51 AM, Niranjan Babu Bommu wrote: I think you have create a keystore from the cert, please follow these instruction and ket me know. Create store with temporary key inside: keytool -genkey -alias alias name -keystore yourkeystore.jks -storepass Hello1 Then delete existing entry: keytool -delete -alias temp -keystore yourkeystore.jks -storepass Hello1 Now you've got empty store. You can check that it's empty: keytool -list -keystore yourkeystore.jks -storepass Hello1 Then import your certificate to the store: keytool -import -alias alias name -file cert_file.crt -keypass keypass -keystore yourkeystore.jks -storepass Hello1 Nope: the existing key *and* cert need to be imported simultaneously into the keystore. If the OP already has a cert, he's already got a key, too. The problem is that you probably started with OpenSSL to generate your keys and stuff. Here is the proper procedure to import your key, certificate, and CA bundle into a Java keystore. You'll need these files: server.key (this is your server's secret key) server.crt (this is your server's certificate, signed by the CA) ca.crt (this is your CA's certificate) Here is the incantation: $ openssl pkcs12 -export -in server.crt -inkey server.key \ -certfile ca.crt -out keystore.p12 -chain $ $JAVA_HOME/bin/keytool -importkeystore -srckeystore keystore.p12 \ -srcstoretype pkcs12 \ -destkeystore keystore.jks Now, use keystore.jks in Tomcat's server.xml. If you already had created your key and cert request using Java's 'keytool', then you can instead just import the signed certificate into your keystore: $ $JAVA_HOME/bin/keytool -importcert -file server.crt \ -keystore keystore.jks \ -alias [alias] If you used an alias to create the certificate signing request (CSR), then use the same alias in the above command. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUdPOpAAoJEBzwKT+lPKRYVikP/jrxPiejAjwm9B9T4nGDASyZ BeweTPhXLd1Fg8e95r8K6xBFfZy921Ax+NimRLqTUfU2cCen9YsHB2Xdp0a6xiw4 oC8+e2JlyZhGFhJY2TsgYRpRoqIhhJeluSUpukUYZz73Pq10LHUnetDhsEHwJEtE uz2ekNcXH1Vr+Fy4k+O+PpFJnl8N5QprjO6PX/WlflrFihFa7bC7l+8FqF4QQ7U1 gw0nKt/0VcYOPepyDfV6VKGD7gBurNmlqrx9GxkYss0YVKghyCDFllNuX9tSw7j7 3PcQu/cmEc6u7CePAY4VCXpMSPNO9Ggn
Re: Deploying .ca-bundle file .crt file as SSL certificates
On Wed, Nov 26, 2014 at 5:33 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To whom it may concern, On 11/26/14 9:03 AM, Kernel freak wrote: After arguing with the admins for all this time, I finally have the few files ready. I have the following files : keystore.p12 That should contain your key. Can you confirm that with a 'keytool -list'? server.crt Is this the certificate that was signed by the CA? Yes, this is certificated signed by CA, but its a servercertificate, the domain certificate is below. ssl-cert-snakeoil.key Uh, oh. That looks like one of OpenSSL's built-in CAs that are used for documentation and instructional purposes. I hope this isn't being used for anything at all. domainname.com.ca-bundle This should be the bundle of certificates for your domain, which may include intermediate certificates. Are you using your own internal CA or something? domainname.com.crt Which certificate is this? This is the SSL certificate which has to be deployed. domainname.com.csr Is this the CSR that you generated yourself? No, this is also provided by hosting guys domainname.com.key Weird. Okay, I would expect domainname.com.key to have the key that was used to generate domainname.com.csr, and that domainname.com.crt is a signed version of that CSR. That should be all you need... I'm not sure what all the other stuff is. vsftpd.pem. What is this? I did the following as Christoph said: root@domainname:/etc/ssl/private# openssl pkcs12 -export -in server.crt -inkey ssl-cert-snakeoil.key -certfile domainname.com.crt -out keystore.p12 -chain (pressed enter here) unable to load certificates // This is the error. I think you might want to do this: $ openssl pkcs12 -export -in domainname.com.crt \ -inkey domainname.com.key \ -certfile domainname.com.ca-bundle \ -out keystore.p21 -chain $ keytool -importkeystore -srckeystore keystore.p12 \ -srcstoretype pkcs12 \ -destkeystore keystore.jks You are supposed to be able to use PKCS12 keystores directly with Tomcat, but IIRC it's a pain and a bit more finicky than with just a normal JKS-format keystore. If i just plain import the .crt file like this : keytool -import -alias tomcat -file domainname.com.crt -keystore /root/.keystore A couple of things: 1. Don't run as root. Not for anything. Not even to run keytool. 2. Don't store your keystore under /root/.keystore, or you'll (likely) have to run Tomcat as root. You can put your keystore anywhere you want and point Tomcat to it explicitly. 3. If you import a certificate into a keystore and there is nothing else in it (the keystore), then you can't perform a handshake because the key is required for secure communication. Then firefox gives me this error : An error occurred during a connection to domainname.com:8443. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. The no_cipher_overlap error is likely to be incorrect... the real problem is that the server can't decrypt the client's handshake because the key is unavailable. I think you might need to get some help with this from someone else at your organization... someone who is a bit more versed in PKI and configuring TLS for web servers. I have told you what key is for what, can you give me the updated commands please, unfortunately there is no one here who knows this. - -chris On Tue, Nov 25, 2014 at 10:24 PM, Christopher Schultz ch...@christopherschultz.net wrote: To whom it may concern, On 11/25/14 3:32 AM, Kernel freak wrote: I don't have the server.key and server.crt. I have root access to server, I can generate my own if necessary. I only have .crt and .ca-bundle file. Can you tell me what to do. Thank you very much for your help. If you don't have the server's key but you have the server's certificate, then you must start all over again because the key is half of a paired key. Did you generate the CSR yourself? With what key did you generate that CSR? If someone else generated the CSR, go ask them where the key is that they used. If you have lost the key then you must redo the whole process, starting with generating a new key and CSR, then get the CSR signed. Then, import the signed certificate back into the same keystore. Then, configure Tomcat to use that keystore. The instructions on the Tomcat users' guide are fairly straightforward even if they don't explain the intricacies of public key infrastructure -- that's outside the scope of the users' guide. Thanks, -chris
Re: Deploying .ca-bundle file .crt file as SSL certificates
Hello Christopher, I don't have the server.key and server.crt. I have root access to server, I can generate my own if necessary. I only have .crt and .ca-bundle file. Can you tell me what to do. Thank you very much for your help. On Mon, Nov 24, 2014 at 7:48 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Niranjan, On 11/24/14 10:51 AM, Niranjan Babu Bommu wrote: I think you have create a keystore from the cert, please follow these instruction and ket me know. Create store with temporary key inside: keytool -genkey -alias alias name -keystore yourkeystore.jks -storepass Hello1 Then delete existing entry: keytool -delete -alias temp -keystore yourkeystore.jks -storepass Hello1 Now you've got empty store. You can check that it's empty: keytool -list -keystore yourkeystore.jks -storepass Hello1 Then import your certificate to the store: keytool -import -alias alias name -file cert_file.crt -keypass keypass -keystore yourkeystore.jks -storepass Hello1 Nope: the existing key *and* cert need to be imported simultaneously into the keystore. If the OP already has a cert, he's already got a key, too. The problem is that you probably started with OpenSSL to generate your keys and stuff. Here is the proper procedure to import your key, certificate, and CA bundle into a Java keystore. You'll need these files: server.key (this is your server's secret key) server.crt (this is your server's certificate, signed by the CA) ca.crt (this is your CA's certificate) Here is the incantation: $ openssl pkcs12 -export -in server.crt -inkey server.key \ -certfile ca.crt -out keystore.p12 -chain $ $JAVA_HOME/bin/keytool -importkeystore -srckeystore keystore.p12 \ -srcstoretype pkcs12 \ -destkeystore keystore.jks Now, use keystore.jks in Tomcat's server.xml. If you already had created your key and cert request using Java's 'keytool', then you can instead just import the signed certificate into your keystore: $ $JAVA_HOME/bin/keytool -importcert -file server.crt \ -keystore keystore.jks \ -alias [alias] If you used an alias to create the certificate signing request (CSR), then use the same alias in the above command. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUc32WAAoJEBzwKT+lPKRYn5UP/RynvOjSw2UlMn4wwPlvWIQC EiyfUjHaSK3YSCniGK9yiDuwEshXjAE88aEFptmnhcgZnJpJ1o0ybbdw5xZLk+Vv 68XDqnuD1klYsmufnDKETKTEpQk4aMke8jHUdbLtx4/TtK0aKZirEKzmDrXFlBDI YvEdlBvhH494Q/fvm0ARBdV1I8nwSt33DQ8WPcAMNVdgJzla7BcgAqupkBiMCpD4 49BDOyDZmiulFzL0Co6d2bEx/yWHECx1Zu/gfH6NXjeJ/UgZNkn9aABS8RsO+sa5 Oq/AJvXTgcKGUUQpBPOVcmhOrjgG9jYyMd9TfYZHllNQDqbBL7MgpkmXiSEGusAg zvsfiksWEhDj4xremuQHVstCV4FZYqyLKjfBbiYABfZ50mOoYgF4J+sN97/CVo8F pp29hiDN7YnqPCJzlWFi0DRPOFjJX2CFXyzoxkDvx/5gXhn8ZoPwU7i6gGxmcMg1 52xPXjEPBbf/q+MbwxUfRRBvNTzXB+b3hU5aN5HHpflqxodasNod+kW7VWnZZZI/ aCq5kKdXX7VQFfsEtWJnPYDe2yCj/KHzLCDAJMJA8iLpMUrN1Xb8jEOOe0vq5h60 vFUiFMrEyWOv7BPVszsnDx1EO8tDpDZS766/AigtYxGJzAF0DS8wNX9awCGYknxB zSoDIu3mfw1r3546epjF =IeMh -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Redirecting to default webapp when domain name is entered
Hello friends, I already have a project ready for deployment. It is in the form of war file. Currently I have renamed the war file to ROOT.war and pasted it inside webapps. I am able to access the webapp by giving domainname.com:8080. Instead of that I would just like to use domainname.com and it should go to the webapp. Thank you very much. System : Debian Wheezy(64 bit) Apache tomcat : 7.0
Re: Redirecting to default webapp when domain name is entered
Hello Andre, Thank you. I did the changes what you told, but I guess there is some service running at port 80. Because now when I click domainname.com:80, it shows me the message by the hosting company as the Domain name is already booked and all. How can I remove that service which is listening port 80? On Tue, Nov 25, 2014 at 1:43 PM, André Warnier a...@ice-sa.com wrote: Kernel freak wrote: Hello friends, I already have a project ready for deployment. It is in the form of war file. Currently I have renamed the war file to ROOT.war and pasted it inside webapps. I am able to access the webapp by giving domainname.com:8080. Instead of that I would just like to use domainname.com and it should go to the webapp. Thank you very much. System : Debian Wheezy(64 bit) Apache tomcat : 7.0 8080 is the port on which Tomcat is listening for requests. That depends on your own configuration of Tomcat. In the server.xml file, look for the HTTP Connector tag, and the 'port=8080' indicated there. If there is nothing else on that system that is already using port 80 (another webserver like Apache httpd for example), then change this Tomcat port to be 80, save the server.xml file, restart Tomcat and that's it (basically). If Tomcat does not start, look in its logfiles why, and if you do not understand it, copy the relevant part of the log in a new email to the list. If there is already something else on the system listening to port 80, then it is quite a bit more complicated.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Redirecting to default webapp when domain name is entered
Hello, I have already bought the domain name and the domain-id. Its a dedicated hosting, and the plan says its allowed to use Apache tomcat. Can you please tell me what to do to disable the service on port80? On Tue, Nov 25, 2014 at 2:43 PM, David kerber dcker...@verizon.net wrote: On 11/25/2014 8:39 AM, Kernel freak wrote: Hello Andre, Thank you. I did the changes what you told, but I guess there is some service running at port 80. Because now when I click domainname.com:80, it shows me the message by the hosting company as the Domain name is already booked and all. How can I remove that service which is listening port 80? You'll have to ask the hosting company. It may be difficult to convince them to allow this. On Tue, Nov 25, 2014 at 1:43 PM, André Warnier a...@ice-sa.com wrote: Kernel freak wrote: Hello friends, I already have a project ready for deployment. It is in the form of war file. Currently I have renamed the war file to ROOT.war and pasted it inside webapps. I am able to access the webapp by giving domainname.com:8080. Instead of that I would just like to use domainname.com and it should go to the webapp. Thank you very much. System : Debian Wheezy(64 bit) Apache tomcat : 7.0 8080 is the port on which Tomcat is listening for requests. That depends on your own configuration of Tomcat. In the server.xml file, look for the HTTP Connector tag, and the 'port=8080' indicated there. If there is nothing else on that system that is already using port 80 (another webserver like Apache httpd for example), then change this Tomcat port to be 80, save the server.xml file, restart Tomcat and that's it (basically). If Tomcat does not start, look in its logfiles why, and if you do not understand it, copy the relevant part of the log in a new email to the list. If there is already something else on the system listening to port 80, then it is quite a bit more complicated.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Deploying .ca-bundle file .crt file as SSL certificates
Hello friends, I am using apache tomcat and I would like to deploy a Spring-MVC application which I am working on. In that, via Spring-Security I have specified to use https which requires to install the SSL certificate on the server. I am running a Debian Wheezy server, and I have certificate files with extension as .crt and .ca-bundle. Unfortunately I cannot find any resources which mention where and how to install these files. What I found was these files are meant for webserver. Is that correct? If yes, can I use them to deploy these 2 files? Kindly let me know. Also if anyone can help me with one more problem I have posted on StackOverflow : http://stackoverflow.com/questions/27106983/configuring-apache-tomcat-to-start-webapp-by-default Regards, Kernel
Re: Deploying .ca-bundle file .crt file as SSL certificates
Thank you, and what about the CA-Bundle file? Did you got a chance to look at the question I have posted on Stackoverflow mentioned in the original question? On Mon, Nov 24, 2014 at 4:51 PM, Niranjan Babu Bommu niranjan.bo...@gmail.com wrote: Hi Kernel, I think you have create a keystore from the cert, please follow these instruction and ket me know. Create store with temporary key inside: keytool -genkey -alias alias name -keystore yourkeystore.jks -storepass Hello1 Then delete existing entry: keytool -delete -alias temp -keystore yourkeystore.jks -storepass Hello1 Now you've got empty store. You can check that it's empty: keytool -list -keystore yourkeystore.jks -storepass Hello1 Then import your certificate to the store: keytool -import -alias alias name -file cert_file.crt -keypass keypass -keystore yourkeystore.jks -storepass Hello1 Thanks Niranjan On Mon, Nov 24, 2014 at 10:13 AM, Kernel freak kernelfr...@gmail.com wrote: Hello friends, I am using apache tomcat and I would like to deploy a Spring-MVC application which I am working on. In that, via Spring-Security I have specified to use https which requires to install the SSL certificate on the server. I am running a Debian Wheezy server, and I have certificate files with extension as .crt and .ca-bundle. Unfortunately I cannot find any resources which mention where and how to install these files. What I found was these files are meant for webserver. Is that correct? If yes, can I use them to deploy these 2 files? Kindly let me know. Also if anyone can help me with one more problem I have posted on StackOverflow : http://stackoverflow.com/questions/27106983/configuring-apache-tomcat-to-start-webapp-by-default Regards, Kernel -- *Thanks* *Niranjan* *+1 781.956.6900*
Re: Deploying .ca-bundle file .crt file as SSL certificates
I have added the certificate. I modified the server.xml code to add the following lines : Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/root/.keystore keystorepass=password for keystore / Now when I open the application, it redirects to https, but it says unable to connect, your connection to this website maynotbe encrypted. What am I doing wrong? On Mon, Nov 24, 2014 at 5:20 PM, Niranjan Babu Bommu niranjan.bo...@gmail.com wrote: Sorry, I did not notice that. - *Import a root or intermediate CA certificate to an existing Java keystore* keytool -import -trustcacerts -alias root -file *ca.crt* -keystore *yourkeystore.jks* On Mon, Nov 24, 2014 at 11:02 AM, Kernel freak kernelfr...@gmail.com wrote: Thank you, and what about the CA-Bundle file? Did you got a chance to look at the question I have posted on Stackoverflow mentioned in the original question? On Mon, Nov 24, 2014 at 4:51 PM, Niranjan Babu Bommu niranjan.bo...@gmail.com wrote: Hi Kernel, I think you have create a keystore from the cert, please follow these instruction and ket me know. Create store with temporary key inside: keytool -genkey -alias alias name -keystore yourkeystore.jks -storepass Hello1 Then delete existing entry: keytool -delete -alias temp -keystore yourkeystore.jks -storepass Hello1 Now you've got empty store. You can check that it's empty: keytool -list -keystore yourkeystore.jks -storepass Hello1 Then import your certificate to the store: keytool -import -alias alias name -file cert_file.crt -keypass keypass -keystore yourkeystore.jks -storepass Hello1 Thanks Niranjan On Mon, Nov 24, 2014 at 10:13 AM, Kernel freak kernelfr...@gmail.com wrote: Hello friends, I am using apache tomcat and I would like to deploy a Spring-MVC application which I am working on. In that, via Spring-Security I have specified to use https which requires to install the SSL certificate on the server. I am running a Debian Wheezy server, and I have certificate files with extension as .crt and .ca-bundle. Unfortunately I cannot find any resources which mention where and how to install these files. What I found was these files are meant for webserver. Is that correct? If yes, can I use them to deploy these 2 files? Kindly let me know. Also if anyone can help me with one more problem I have posted on StackOverflow : http://stackoverflow.com/questions/27106983/configuring-apache-tomcat-to-start-webapp-by-default Regards, Kernel -- *Thanks* *Niranjan* *+1 781.956.6900* -- *Thanks* *Niranjan* *+1 781.956.6900*
Class threw load exception
Hello guys, I am working on a maven project. I have already asked this question on stackoverflow, but many believe it has something to do with Apache tomcat giving a problem. Whenever I run the project, it says, project threw a load() exception. Below is the link for my project structure, let me know if anything else is needed. The image has error log as well. Stackoverflow link : http://stackoverflow.com/questions/25625289/spring-servlet-not-available/25627240#25627240 OS : Ubuntu 13.10 Eclipse Kepler Apache tomcat 6.0 tomcat-maven plugin added. Image Link : http://pasteboard.co/2KhtgMb6.png
Re: Class threw load exception
/version /dependency dependency groupIdspringframework/groupId artifactIdspring-orm/artifactId version1.2.6/version /dependency dependency groupIdorg.aspectj/groupId artifactIdaspectjrt/artifactId version1.8.2/version /dependency dependency groupIdorg.slf4j/groupId artifactIdslf4j-simple/artifactId version1.7.7/version /dependency dependency groupIdorg.slf4j/groupId artifactIdjcl-over-slf4j/artifactId version1.7.7/version exclusions exclusion artifactIdslf4j-api/artifactId groupIdorg.slf4j/groupId /exclusion /exclusions /dependency dependency groupIdorg.slf4j/groupId artifactIdslf4j-log4j12/artifactId version1.7.7/version /dependency dependency groupIdtomcat/groupId artifactIdcommons-logging/artifactId version4.0.6/version /dependency dependency groupIdorg.springframework/groupId artifactIdspring-aop/artifactId version4.0.6.RELEASE/version /dependency /dependencies /project On Wed, Sep 3, 2014 at 10:44 AM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2014-09-03 11:48 GMT+04:00 Kernel freak kernelfr...@gmail.com: Hello guys, I am working on a maven project. I have already asked this question on stackoverflow, but many believe it has something to do with Apache tomcat giving a problem. Whenever I run the project, it says, project threw a load() exception. Below is the link for my project structure, let me know if anything else is needed. The image has error log as well. Stackoverflow link : http://stackoverflow.com/questions/25625289/spring-servlet-not-available/25627240#25627240 OS : Ubuntu 13.10 Eclipse Kepler Apache tomcat 6.0 tomcat-maven plugin added. Image Link : http://pasteboard.co/2KhtgMb6.png 1. Your exact version of Tomcat 6.0.x = ? 2. Obvious errors: 1) dependency groupIdjavax.servlet/groupId artifactIdservlet-api/artifactId version2.4.public_draft/version /dependency A(. You must use scopeprovided/scope here. A web application is not allowed to bundle its own copy of Servlet API. The JAR shall be provided by Tomcat. Thus the scope. B). The version value is rather wrong. A public draft is draft version of API that one shall not use. With Tomcat 6 you can use version 2.5, http://search.maven.org/#artifactdetails|javax.servlet|servlet-api|2.5|jar or the version provided by Tomcat version that you are using http://search.maven.org/#artifactdetails|org.apache.tomcat|servlet-api|6.0.41|jar 2) Use the same version for all you Spring dependencies. (You mix 4.0.1.RELEASE with 4.0.3.RELEASE and 4.0.6.RELEASE ) Do you have a similar versions mix with Hibernate? Why some release candidate 2 version there? 3. Build a war file and look for what jars are in its WEB-INF/lib directory. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org