Struts Vulnerability

[Sean Son]

Hello all

I am new to the mailing list as well as new to Apache Struts.  We all heard
in the news about the vulnerability affecting Apache Struts. I have been
tasked to determine which of our servers have Struts running on them.  I
have a few questions on how to determine if a server is running Struts or
not:

1) How does one determine if a Windows server, running IIS, has the Apache
Struts framework installed on it?

2) Does Apache Struts only run on Apache Webserver and Tomcat?

3) Is there a simple way to determine if a server has Struts installed,
instead of logging into each of the servers and checking the programs list?


I appreciate ALL help!

Re: Strange MySQL error when starting tomcat 8 on boot

[Sean Son]

On Wed, Aug 10, 2016 at 11:41 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Sean,
>
> On 8/10/16 10:39 AM, Sean Son wrote:
> > On Wed, Aug 10, 2016 at 10:06 AM, Sean Son
> > <linuxmailinglistsem...@gmail.com
> >> wrote:
> >
> >>
> >>
> >> On Tue, Aug 9, 2016 at 5:05 PM, Mark Eggers
> >> <its_toas...@yahoo.com.invalid
> >>> wrote:
> >>
> >>> Sean,
> >>>
> >>>
> >>> On 8/9/2016 1:55 PM, Sean Son wrote:
> >>>> On Mon, Aug 8, 2016 at 11:31 AM, Mark Eggers
> >>>> <its_toas...@yahoo.com.invalid> wrote:
> >>>>
> >>>>> Sean,
> >>>>>
> >>>>> On 8/8/2016 7:10 AM, Sean Son wrote:
> >>>>>> On Fri, Aug 5, 2016 at 5:34 PM, Mark Eggers
> >>>>> <its_toas...@yahoo.com.invalid>
> >>>>>> wrote:
> >>>>>>
> >>>>>>> On 8/5/2016 2:19 PM, Sean Son wrote:
> >>>>>>>> Hello!
> >>>>>>>>
> >>>>>>>> I am currently running Tomcat 8 on RHEL 7.2 with one
> >>>>>>>> web application called AppVet (A mobile Application
> >>>>>>>> Vetting program).  The application works well but
> >>>>>>>> when I tried to use a script to allow tomcat to start
> >>>>>>>> up at boot, the webapp gives an authentication error.
> >>>>>>>> I saw the following error in the logs for appvet:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> [ERROR] Could not connect to database:
> >>>>>>>> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
> >>>>>>>>
> >>>>>>>>
> Communications link failure
> >>>>>>>>
> >>>>>>>> The last packet sent successfully to the server was
> >>>>>>>> 0 milliseconds ago. The driver has not received any
> >>>>>>>> packets from the server. Make sure your MySQL
> >>>>>>>> password in your AppVetProperties.xml file is
> >>>>>>>> correct
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> I know for a fact that the MySQL password is correct
> >>>>>>>> in that XML file. I double checked it already.  Any
> >>>>>>>> ideas on how I should fix this error?
> >>>>>>>>
> >>>>>>>> This is the script that I am using for
> >>>>>>>> startup/shutdown of Tomcat8 on boot:
> >>>>>>>>
> >>>>>>>> http://pastebin.com/mrvfDtTD
> >>>>>>>>
> >>>>>>>> Thanks!
> >>>>>>>>
> >>>>>>>> Sean
> >>>>>>>>
> >>>>>>>
> >>>>>>> It appears that your Tomcat process is running as root.
> >>>>>>> Do not do this.
> >>>>>>>
> >>>>>>> Is your MySQL server up and running before Tomcat is
> >>>>>>> started?
> >>>>>>>
> >>>>>>> . . . just my two cents /mde/
> >>>>>>>
> >>>>>>>
> >>>>>> Hello thank you for your response
> >>>>>>
> >>>>>> I created a user account for Tomcat, I will set the
> >>>>>> script to use that account instead of the root account.
> >>>>>> Question though, does this account need a password?
> >>>>>
> >>>>> Yes, especially since you'll be running a service.
> >>>>>
> >>>>> Note that if you're running Tomcat on a privileged port
> >>>>> (less than 1024), a non-root account will not be able to
> >>>>> bind to this port.
> >>>>>
> >>>>> You have three choices.
> >>>>>
> >>>>> 1. iptables
> >>>>>
> >>>>> route port 80 to port 8080 (Tomcat default) internally.
> >>>>> Take a look at the iptables documentation.
> >>>>>
> >>>>> 2. j

Re: Strange MySQL error when starting tomcat 8 on boot

[Sean Son]

On Wed, Aug 10, 2016 at 10:06 AM, Sean Son <linuxmailinglistsem...@gmail.com
> wrote:

>
>
> On Tue, Aug 9, 2016 at 5:05 PM, Mark Eggers <its_toas...@yahoo.com.invalid
> > wrote:
>
>> Sean,
>>
>>
>> On 8/9/2016 1:55 PM, Sean Son wrote:
>> > On Mon, Aug 8, 2016 at 11:31 AM, Mark Eggers
>> > <its_toas...@yahoo.com.invalid> wrote:
>> >
>> >> Sean,
>> >>
>> >> On 8/8/2016 7:10 AM, Sean Son wrote:
>> >>> On Fri, Aug 5, 2016 at 5:34 PM, Mark Eggers
>> >> <its_toas...@yahoo.com.invalid>
>> >>> wrote:
>> >>>
>> >>>> On 8/5/2016 2:19 PM, Sean Son wrote:
>> >>>>> Hello!
>> >>>>>
>> >>>>> I am currently running Tomcat 8 on RHEL 7.2 with one web
>> >>>>> application called AppVet (A mobile Application  Vetting
>> >>>>> program).  The application works well but when I tried to use
>> >>>>> a script to allow tomcat to start up at boot, the webapp
>> >>>>> gives an authentication error. I saw the following error in
>> >>>>> the logs for appvet:
>> >>>>>
>> >>>>>
>> >>>>> [ERROR] Could not connect to database:
>> >>>>> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
>> >>>>> Communications link failure
>> >>>>>
>> >>>>> The last packet sent successfully to the server was 0
>> >>>>> milliseconds ago. The driver has not received any packets
>> >>>>> from the server. Make sure your MySQL password in your
>> >>>>> AppVetProperties.xml file is correct
>> >>>>>
>> >>>>>
>> >>>>> I know for a fact that the MySQL password is correct in that
>> >>>>> XML file. I double checked it already.  Any ideas on how I
>> >>>>> should fix this error?
>> >>>>>
>> >>>>> This is the script that I am using for startup/shutdown of
>> >>>>> Tomcat8 on boot:
>> >>>>>
>> >>>>> http://pastebin.com/mrvfDtTD
>> >>>>>
>> >>>>> Thanks!
>> >>>>>
>> >>>>> Sean
>> >>>>>
>> >>>>
>> >>>> It appears that your Tomcat process is running as root. Do not
>> >>>> do this.
>> >>>>
>> >>>> Is your MySQL server up and running before Tomcat is started?
>> >>>>
>> >>>> . . . just my two cents /mde/
>> >>>>
>> >>>>
>> >>> Hello thank you for your response
>> >>>
>> >>> I created a user account for Tomcat, I will set the script to use
>> >>> that account instead of the root account.   Question though, does
>> >>> this account need a password?
>> >>
>> >> Yes, especially since you'll be running a service.
>> >>
>> >> Note that if you're running Tomcat on a privileged port (less than
>> >> 1024), a non-root account will not be able to bind to this port.
>> >>
>> >> You have three choices.
>> >>
>> >> 1. iptables
>> >>
>> >> route port 80 to port 8080 (Tomcat default) internally. Take a look
>> >> at the iptables documentation.
>> >>
>> >> 2. jsvc
>> >>
>> >> jsvc from the Apache Commons Daemon project allows you to run a
>> >> service such as Tomcat more easily. I don't remember if there is an
>> >> RPM for RHEL or not (possible in EPEL). It's configuration and
>> >> startup script are different, but the documentation is a good start
>> >> (there are Tomcat examples).
>> >>
>> >> https://commons.apache.org/proper/commons-daemon/jsvc.html
>> >>
>> >> 3. Apache HTTPD front end with mod_proxy_ajp or mod_jk
>> >>
>> >> I'd do this if you need Apache HTTPD for other web applications (a
>> >> PHP application, perhaps). There is good documentation available on
>> >> the Tomcat web site, as well as a ton of discussion on the mailing
>> >> list to get this running.
>> >>
>> >> If you don't feel like building software, I'd recommend
>> >> mod_proxy_ajp. I find mod_jk more flexible and 

Re: Strange MySQL error when starting tomcat 8 on boot

[Sean Son]

On Tue, Aug 9, 2016 at 5:05 PM, Mark Eggers <its_toas...@yahoo.com.invalid>
wrote:

> Sean,
>
>
> On 8/9/2016 1:55 PM, Sean Son wrote:
> > On Mon, Aug 8, 2016 at 11:31 AM, Mark Eggers
> > <its_toas...@yahoo.com.invalid> wrote:
> >
> >> Sean,
> >>
> >> On 8/8/2016 7:10 AM, Sean Son wrote:
> >>> On Fri, Aug 5, 2016 at 5:34 PM, Mark Eggers
> >> <its_toas...@yahoo.com.invalid>
> >>> wrote:
> >>>
> >>>> On 8/5/2016 2:19 PM, Sean Son wrote:
> >>>>> Hello!
> >>>>>
> >>>>> I am currently running Tomcat 8 on RHEL 7.2 with one web
> >>>>> application called AppVet (A mobile Application  Vetting
> >>>>> program).  The application works well but when I tried to use
> >>>>> a script to allow tomcat to start up at boot, the webapp
> >>>>> gives an authentication error. I saw the following error in
> >>>>> the logs for appvet:
> >>>>>
> >>>>>
> >>>>> [ERROR] Could not connect to database:
> >>>>> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
> >>>>> Communications link failure
> >>>>>
> >>>>> The last packet sent successfully to the server was 0
> >>>>> milliseconds ago. The driver has not received any packets
> >>>>> from the server. Make sure your MySQL password in your
> >>>>> AppVetProperties.xml file is correct
> >>>>>
> >>>>>
> >>>>> I know for a fact that the MySQL password is correct in that
> >>>>> XML file. I double checked it already.  Any ideas on how I
> >>>>> should fix this error?
> >>>>>
> >>>>> This is the script that I am using for startup/shutdown of
> >>>>> Tomcat8 on boot:
> >>>>>
> >>>>> http://pastebin.com/mrvfDtTD
> >>>>>
> >>>>> Thanks!
> >>>>>
> >>>>> Sean
> >>>>>
> >>>>
> >>>> It appears that your Tomcat process is running as root. Do not
> >>>> do this.
> >>>>
> >>>> Is your MySQL server up and running before Tomcat is started?
> >>>>
> >>>> . . . just my two cents /mde/
> >>>>
> >>>>
> >>> Hello thank you for your response
> >>>
> >>> I created a user account for Tomcat, I will set the script to use
> >>> that account instead of the root account.   Question though, does
> >>> this account need a password?
> >>
> >> Yes, especially since you'll be running a service.
> >>
> >> Note that if you're running Tomcat on a privileged port (less than
> >> 1024), a non-root account will not be able to bind to this port.
> >>
> >> You have three choices.
> >>
> >> 1. iptables
> >>
> >> route port 80 to port 8080 (Tomcat default) internally. Take a look
> >> at the iptables documentation.
> >>
> >> 2. jsvc
> >>
> >> jsvc from the Apache Commons Daemon project allows you to run a
> >> service such as Tomcat more easily. I don't remember if there is an
> >> RPM for RHEL or not (possible in EPEL). It's configuration and
> >> startup script are different, but the documentation is a good start
> >> (there are Tomcat examples).
> >>
> >> https://commons.apache.org/proper/commons-daemon/jsvc.html
> >>
> >> 3. Apache HTTPD front end with mod_proxy_ajp or mod_jk
> >>
> >> I'd do this if you need Apache HTTPD for other web applications (a
> >> PHP application, perhaps). There is good documentation available on
> >> the Tomcat web site, as well as a ton of discussion on the mailing
> >> list to get this running.
> >>
> >> If you don't feel like building software, I'd recommend
> >> mod_proxy_ajp. I find mod_jk more flexible and a little easier to
> >> use (opinions on easy of use vary), but you'd have to build mod_jk
> >> from source. It's easy to do, but some people find that a little
> >> more challenging.
> >>
> >>>
> >>> Also, I cant tell if the MySQL server is up and running prior to
> >>> Tomcat being started. I know that mysqld is enabled to start at
> >>> boot, but I dont know if Tomcat starts prior to MySQL.  How would
>

Re: Strange MySQL error when starting tomcat 8 on boot

[Sean Son]

On Mon, Aug 8, 2016 at 11:31 AM, Mark Eggers <its_toas...@yahoo.com.invalid>
wrote:

> Sean,
>
> On 8/8/2016 7:10 AM, Sean Son wrote:
> > On Fri, Aug 5, 2016 at 5:34 PM, Mark Eggers
> <its_toas...@yahoo.com.invalid>
> > wrote:
> >
> >> On 8/5/2016 2:19 PM, Sean Son wrote:
> >>> Hello!
> >>>
> >>> I am currently running Tomcat 8 on RHEL 7.2 with one web application
> >>> called AppVet (A mobile Application  Vetting program).  The
> >>> application works well but when I tried to use a script to allow
> >>> tomcat to start up at boot, the webapp gives an authentication error.
> >>> I saw the following error in the logs for appvet:
> >>>
> >>>
> >>> [ERROR] Could not connect to database:
> >>> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
> >>> Communications link failure
> >>>
> >>> The last packet sent successfully to the server was 0 milliseconds
> >>> ago. The driver has not received any packets from the server. Make
> >>> sure your MySQL password in your AppVetProperties.xml file is
> >>> correct
> >>>
> >>>
> >>> I know for a fact that the MySQL password is correct in that XML
> >>> file. I double checked it already.  Any ideas on how I should fix
> >>> this error?
> >>>
> >>> This is the script that I am using for startup/shutdown of Tomcat8 on
> >>> boot:
> >>>
> >>> http://pastebin.com/mrvfDtTD
> >>>
> >>> Thanks!
> >>>
> >>> Sean
> >>>
> >>
> >> It appears that your Tomcat process is running as root. Do not do this.
> >>
> >> Is your MySQL server up and running before Tomcat is started?
> >>
> >> . . . just my two cents
> >> /mde/
> >>
> >>
> > Hello thank you for your response
> >
> > I created a user account for Tomcat, I will set the script to use that
> > account instead of the root account.   Question though, does this account
> > need a password?
>
> Yes, especially since you'll be running a service.
>
> Note that if you're running Tomcat on a privileged port (less than
> 1024), a non-root account will not be able to bind to this port.
>
> You have three choices.
>
> 1. iptables
>
> route port 80 to port 8080 (Tomcat default) internally. Take a look at
> the iptables documentation.
>
> 2. jsvc
>
> jsvc from the Apache Commons Daemon project allows you to run a service
> such as Tomcat more easily. I don't remember if there is an RPM for RHEL
> or not (possible in EPEL). It's configuration and startup script are
> different, but the documentation is a good start (there are Tomcat
> examples).
>
> https://commons.apache.org/proper/commons-daemon/jsvc.html
>
> 3. Apache HTTPD front end with mod_proxy_ajp or mod_jk
>
> I'd do this if you need Apache HTTPD for other web applications (a PHP
> application, perhaps). There is good documentation available on the
> Tomcat web site, as well as a ton of discussion on the mailing list to
> get this running.
>
> If you don't feel like building software, I'd recommend mod_proxy_ajp. I
> find mod_jk more flexible and a little easier to use (opinions on easy
> of use vary), but you'd have to build mod_jk from source. It's easy to
> do, but some people find that a little more challenging.
>
> >
> > Also, I cant tell if the MySQL server is up and running prior to Tomcat
> > being started. I know that mysqld is enabled to start at boot, but I dont
> > know if Tomcat starts prior to MySQL.  How would I figure that out?
> >
>
> I thought REHL 7 uses systemd and not init scripts?
>
> There have been many discussions on the mailing list concerning systemd
> and Tomcat. I think someone has posted appropriate systemd scripts.
>
> If not, then look at /etc/rc3.d. Start and stop scripts are executed in
> numerical order. Start scripts start with S, stop scripts start with K.
>
> Adjust the numbers in your Tomcat init script (/etc/initinit.d) so that
> the start comes after MySQL (second number in the chkconfig line).
>
> You'll have to chkconfig --del and chkconfig --add to have the new
> numbers take effect in /etc/rcx.d.
>
> >
> > Thanks!
> >
>
> . . . just my two cents
> /mde/
>
>
>

hello thank you for your response.

So i decided to go the SystemD route and I found this article online:

https://panovski.me/install-tomcat-8-on-centos-7/

I followed the instructions and instead of downloading Tomcat and
i

Re: Strange MySQL error when starting tomcat 8 on boot

[Sean Son]

On Fri, Aug 5, 2016 at 5:34 PM, Mark Eggers <its_toas...@yahoo.com.invalid>
wrote:

> On 8/5/2016 2:19 PM, Sean Son wrote:
> > Hello!
> >
> > I am currently running Tomcat 8 on RHEL 7.2 with one web application
> > called AppVet (A mobile Application  Vetting program).  The
> > application works well but when I tried to use a script to allow
> > tomcat to start up at boot, the webapp gives an authentication error.
> > I saw the following error in the logs for appvet:
> >
> >
> > [ERROR] Could not connect to database:
> > com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
> > Communications link failure
> >
> > The last packet sent successfully to the server was 0 milliseconds
> > ago. The driver has not received any packets from the server. Make
> > sure your MySQL password in your AppVetProperties.xml file is
> > correct
> >
> >
> > I know for a fact that the MySQL password is correct in that XML
> > file. I double checked it already.  Any ideas on how I should fix
> > this error?
> >
> > This is the script that I am using for startup/shutdown of Tomcat8 on
> > boot:
> >
> > http://pastebin.com/mrvfDtTD
> >
> > Thanks!
> >
> > Sean
> >
>
> It appears that your Tomcat process is running as root. Do not do this.
>
> Is your MySQL server up and running before Tomcat is started?
>
> . . . just my two cents
> /mde/
>
>
Hello thank you for your response

I created a user account for Tomcat, I will set the script to use that
account instead of the root account.   Question though, does this account
need a password?

Also, I cant tell if the MySQL server is up and running prior to Tomcat
being started. I know that mysqld is enabled to start at boot, but I dont
know if Tomcat starts prior to MySQL.  How would I figure that out?


Thanks!

Strange MySQL error when starting tomcat 8 on boot

[Sean Son]

Hello!

I am currently running Tomcat 8 on RHEL 7.2 with one web application called
AppVet (A mobile Application  Vetting program).  The application works well
but when I tried to use a script to allow tomcat to start up at boot, the
webapp gives an authentication error. I saw the following error in the logs
for appvet:


[ERROR] Could not connect to database:
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications
link failure

The last packet sent successfully to the server was 0 milliseconds ago. The
driver has not received any packets from the server.
Make sure your MySQL password in your AppVetProperties.xml file is correct


I know for a fact that the MySQL password is correct in that XML file. I
double checked it already.  Any ideas on how I should fix this error?

This is the script that I am using for startup/shutdown of Tomcat8 on boot:

http://pastebin.com/mrvfDtTD

Thanks!

Sean

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

On Mon, Jul 18, 2016 at 10:47 AM, André Warnier (tomcat) <a...@ice-sa.com>
wrote:

> On 18.07.2016 16:33, Sean Son wrote:
>
>> On Thu, Jul 14, 2016 at 8:15 AM, Ognjen Blagojevic <
>> ognjen.d.blagoje...@gmail.com> wrote:
>>
>> Sean,
>>>
>>> On 13.7.2016 21:56, Sean Son wrote:
>>>
>>> Thank you for your answer guys. Is there anywhere in the Tomcat config
>>>> files that I would need to specify the DNS name?  Like in Apache we
>>>> would specify the DNS name in a Virtualhost.
>>>>
>>>>
>>> Take a look at context xml, attribute "name" in Host element [1], and
>>> attribute "defaultHost" in Engine element [2].
>>>
>>> -Ognjen
>>>
>>> ps. Please, write your answers below the quotes, that is standard on
>>> Tomcat mailing lists.
>>>
>>> [1] http://tomcat.apache.org/tomcat-8.0-doc/config/host.html
>>> [2] http://tomcat.apache.org/tomcat-8.0-doc/config/engine.html
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>> Unfortunately I was not able to make any sense of those two links. In
>> which
>> file, would the Host element or Engine element appear in? I do not see
>> anything of the sort in context.xml ?
>>
>> Why is tomcat so confusing?
>>
>>
> Maybe less confusing if you start here :
> http://tomcat.apache.org/tomcat-8.0-doc/config/index.html
> and then work you way down to the 2 links above.
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
Thank you Andre! I will do that.

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

On Thu, Jul 14, 2016 at 8:15 AM, Ognjen Blagojevic <
ognjen.d.blagoje...@gmail.com> wrote:

> Sean,
>
> On 13.7.2016 21:56, Sean Son wrote:
>
>> Thank you for your answer guys. Is there anywhere in the Tomcat config
>> files that I would need to specify the DNS name?  Like in Apache we
>> would specify the DNS name in a Virtualhost.
>>
>
> Take a look at context xml, attribute "name" in Host element [1], and
> attribute "defaultHost" in Engine element [2].
>
> -Ognjen
>
> ps. Please, write your answers below the quotes, that is standard on
> Tomcat mailing lists.
>
> [1] http://tomcat.apache.org/tomcat-8.0-doc/config/host.html
> [2] http://tomcat.apache.org/tomcat-8.0-doc/config/engine.html
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
Unfortunately I was not able to make any sense of those two links. In which
file, would the Host element or Engine element appear in? I do not see
anything of the sort in context.xml ?

Why is tomcat so confusing?

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

On Thu, Jul 14, 2016 at 8:15 AM, Ognjen Blagojevic <
ognjen.d.blagoje...@gmail.com> wrote:

> Sean,
>
> On 13.7.2016 21:56, Sean Son wrote:
>
>> Thank you for your answer guys. Is there anywhere in the Tomcat config
>> files that I would need to specify the DNS name?  Like in Apache we
>> would specify the DNS name in a Virtualhost.
>>
>
> Take a look at context xml, attribute "name" in Host element [1], and
> attribute "defaultHost" in Engine element [2].
>
> -Ognjen
>
> ps. Please, write your answers below the quotes, that is standard on
> Tomcat mailing lists.
>
> [1] http://tomcat.apache.org/tomcat-8.0-doc/config/host.html
> [2] http://tomcat.apache.org/tomcat-8.0-doc/config/engine.html
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
Thanks for the links and sorry bad habit of mine Lol   Today i will set up
a DNS record for the server and test out the SSL. I will let you all know
what I see.

Thanks!

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

Thank you for your answer guys. Is there anywhere in the Tomcat config
files that I would need to specify the DNS name?  Like in Apache we would
specify the DNS name in a Virtualhost.

On Wed, Jul 13, 2016 at 7:56 AM, Ognjen Blagojevic <
ognjen.d.blagoje...@gmail.com> wrote:

> Sean,
>
> On 12.7.2016 14:49, Sean Son wrote:
>
>> Hello thank you for your response. I am currently only accessing the
>> server using IP address only. We do not have a DNS record set up for the
>> server as of yet. It will be something like webapp.example.com
>>
>
> Once there is a DNS record in place, and you access your server using
> FQDN, your error will be gone.
>
> If you are the only one who access the server, and you find that warning
> particularly annoying, you may enter FQDN and IP address in hosts file, and
> access server using FQDN, before your DNS admins do their job.
>
> -Ognjen
>
>

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

On Tue, Jul 12, 2016 at 8:49 AM, Sean Son <linuxmailinglistsem...@gmail.com>
wrote:

>
>
> On Mon, Jul 11, 2016 at 6:25 PM, Ognjen Blagojevic <
> ognjen.d.blagoje...@gmail.com> wrote:
>
>> On 11.7.2016 16:29, Sean Son wrote:
>>
>>> Here is the certificate path:
>>>
>>> - Go Daddy Root Certificate Authority - G2
>>>- Go Daddy Secure Certificate Authority - G2
>>>   - *.example.com <http://example.com>
>>>
>>>
>> That looks Ok.
>>
>> Did you, perhaps, tried to access server on subdomain of example.com?
>> Wildcard certificate "*.example.com" is valid for "www.example.com", but
>> not for "www.department.example.com".
>>
>> -Ognjen
>>
>>
>>
> Hello thank you for your response. I am currently only accessing the
> server using IP address only. We do not have a DNS record set up for the
> server as of yet. It will be something like webapp.example.com
>
>
> Thanks
>
>
>

Are there any logs on the tomcat server that I should check in order to fix
this SSL issue? or is this strictly a certificate related issue?

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

On Mon, Jul 11, 2016 at 6:25 PM, Ognjen Blagojevic <
ognjen.d.blagoje...@gmail.com> wrote:

> On 11.7.2016 16:29, Sean Son wrote:
>
>> Here is the certificate path:
>>
>> - Go Daddy Root Certificate Authority - G2
>>- Go Daddy Secure Certificate Authority - G2
>>   - *.example.com <http://example.com>
>>
>>
> That looks Ok.
>
> Did you, perhaps, tried to access server on subdomain of example.com?
> Wildcard certificate "*.example.com" is valid for "www.example.com", but
> not for "www.department.example.com".
>
> -Ognjen
>
>
>
Hello thank you for your response. I am currently only accessing the server
using IP address only. We do not have a DNS record set up for the server as
of yet. It will be something like webapp.example.com


Thanks

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

Here is the certificate path:

- Go Daddy Root Certificate Authority - G2
   - Go Daddy Secure Certificate Authority - G2
  - *.example.com


Thanks

On Fri, Jul 8, 2016 at 6:23 PM, Ognjen Blagojevic <
ognjen.d.blagoje...@gmail.com> wrote:

> On 7.7.2016 23:17, Daniel Savard wrote:
>
>> Certificate Error
> There are issues with the site's certificate chain
> (net::ERR_CERT_COMMON_NAME_INVALID).
>
> Looks like adding the keyAlias to the connector did not fix anything
> unfortunately.
>
>

>>> Did you examined the received certificate in the browser. Usually this
>> help
>> to identify why it failed. In this case, the chain of certification seems
>> to be the problem.
>>
>
> +1
>
> What is your certification path / certificate hierarchy?
>
> In Firefox: click on padlock icon, click on arrow, More information, View
> Certificate, Details, Certificate Hierarchy
>
> In Chrome: click on padlock icon, Details, View Certificate, Certification
> path.
>
>
> -Ognjen
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

On Thu, Jul 7, 2016 at 12:24 PM, Sean Son <linuxmailinglistsem...@gmail.com>
wrote:

> Copying Daniel and Ognjen on this
>
> On Thu, Jul 7, 2016 at 12:02 PM, Sean Son <
> linuxmailinglistsem...@gmail.com> wrote:
>
>> Hello
>>
>>  I tried adding the keyAlias to the connector and when i restarted
>> Tomcat, and i browsed to the sever page, I got this error:
>>
>> Certificate Error
>> There are issues with the site's certificate chain
>> (net::ERR_CERT_COMMON_NAME_INVALID).
>>
>> Looks like adding the keyAlias to the connector did not fix anything
>> unfortunately.
>>
>>
>>
>>
>>
>>
>>
>> On Thu, Jul 7, 2016 at 10:55 AM, Daniel Savard <daniel.sav...@gmail.com>
>> wrote:
>>
>>> 2016-07-07 10:52 GMT-04:00 Sean Son <linuxmailinglistsem...@gmail.com>:
>>>
>>> > So I should modify my  connector to look like this?
>>> >
>>> > >> > protocol="org.apache.coyote.http11.Http11NioProtocol"
>>> >maxThreads="150" keystoreFile="conf/tomcat.jks"
>>> > keystorePass="password"
>>> keyAlias="{b81d8607-57e9-4c35-a058-cd46099e7797}"
>>> > SSLEnabled="true" scheme="https" secure="true"
>>> >clientAuth="false" sslProtocol="TLS" />
>>> >
>>> >
>>> Yes.
>>>
>>> -
>>> Daniel Savard
>>>
>>
>>
>
Sorry I noticed that this is the connector configuration in my server.xml
file:



I updated it with the keyAlias information.  This connector was provided to
me by someone.  Unfortunately I am still getting the same error message.

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

Copying Daniel and Ognjen on this

On Thu, Jul 7, 2016 at 12:02 PM, Sean Son <linuxmailinglistsem...@gmail.com>
wrote:

> Hello
>
>  I tried adding the keyAlias to the connector and when i restarted Tomcat,
> and i browsed to the sever page, I got this error:
>
> Certificate Error
> There are issues with the site's certificate chain
> (net::ERR_CERT_COMMON_NAME_INVALID).
>
> Looks like adding the keyAlias to the connector did not fix anything
> unfortunately.
>
>
>
>
>
>
>
> On Thu, Jul 7, 2016 at 10:55 AM, Daniel Savard <daniel.sav...@gmail.com>
> wrote:
>
>> 2016-07-07 10:52 GMT-04:00 Sean Son <linuxmailinglistsem...@gmail.com>:
>>
>> > So I should modify my  connector to look like this?
>> >
>> > > > protocol="org.apache.coyote.http11.Http11NioProtocol"
>> >maxThreads="150" keystoreFile="conf/tomcat.jks"
>> > keystorePass="password"
>> keyAlias="{b81d8607-57e9-4c35-a058-cd46099e7797}"
>> > SSLEnabled="true" scheme="https" secure="true"
>> >clientAuth="false" sslProtocol="TLS" />
>> >
>> >
>> Yes.
>>
>> -
>> Daniel Savard
>>
>
>

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

Hello

 I tried adding the keyAlias to the connector and when i restarted Tomcat,
and i browsed to the sever page, I got this error:

Certificate Error
There are issues with the site's certificate chain
(net::ERR_CERT_COMMON_NAME_INVALID).

Looks like adding the keyAlias to the connector did not fix anything
unfortunately.







On Thu, Jul 7, 2016 at 10:55 AM, Daniel Savard <daniel.sav...@gmail.com>
wrote:

> 2016-07-07 10:52 GMT-04:00 Sean Son <linuxmailinglistsem...@gmail.com>:
>
> > So I should modify my  connector to look like this?
> >
> >  > protocol="org.apache.coyote.http11.Http11NioProtocol"
> >maxThreads="150" keystoreFile="conf/tomcat.jks"
> > keystorePass="password" keyAlias="{b81d8607-57e9-4c35-a058-cd46099e7797}"
> > SSLEnabled="true" scheme="https" secure="true"
> >clientAuth="false" sslProtocol="TLS" />
> >
> >
> Yes.
>
> -
> Daniel Savard
>

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

So I should modify my  connector to look like this?



On Wed, Jul 6, 2016 at 6:50 AM, Ognjen Blagojevic <
ognjen.d.blagoje...@gmail.com> wrote:

> Sean,
>
> On 5.7.2016 17:14, Sean Son wrote:
>
>> Hello Daniel and all
>>
>> Here is the output.. the full output
>>
>> http://pastebin.com/AQckw6ig
>>
>
> Keytool output indicates that there are two entries in keystore:
>
> 1. Entry with alias "root", created Jun 16, 2016, which is intermediate
> certificate for Go Daddy:
>
> Owner: CN=Go Daddy Secure Certificate Authority - G2 ...
> Issuer: CN=Go Daddy Root Certificate Authority - G2 ...
>
> This is "trustedCertEntry", which means that it does not contain a private
> key, and therefore may not be used for encryption necessary for TLS / HTTPS
> communication.
>
>
> 2. Entry with alias "{b81d8607-57e9-4c35-a058-cd46099e7797}", created Jun
> 16, 2016. This is certificate for domain example.com, signed by Go Daddy:
>
> Owner: CN=*.example.com, OU=Domain Control Validated
> Issuer: CN=Go Daddy Secure Certificate Authority - G2, ...
>
> This is PrivateKeyEntry which means that it contains private and public
> key pair, and since owner is different from issuer it means it also
> contains associated certificate. This entry may be used to encrypt data for
> TLS / HTTPS communication.
>
>
> Therefore, you must point Tomcat to use second entry from your keystore.
> Try adding keyAlias="{b81d8607-57e9-4c35-a058-cd46099e7797}" to your
> connector configuration.
>
> -Ognjen
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

On Fri, Jul 1, 2016 at 6:14 PM, Daniel Savard 
wrote:

> 2016-07-01 16:08 GMT-04:00 Christopher Schultz <
> ch...@christopherschultz.net
> >:
>
> >
> > >
> > > Thank you for the reply.  How would I go about specifying the alias
> > > of the certificate?
> >
> > You may have to re-import it, but I've had bad experiences with Java
> > keystores so ALWAYS keep a backup in case you host something.
> >
> > The first item in your keystore certainly looks like a certificate to
> > me. It's the *second* item that is a private key.
> >
> > What if you add these attributes to your connector:
> >
> > keyAlias="root"
> >
> > ?
> >
> > If that doesn't work, try using a tool like Portecle to try to adjust
> > some things (like the "aliases"). It's much better and safer than
> > using keytool IMO. Remember ALWAYS KEEP A BACKUP!
> >
> >
> Chris,
>
> in a keystore, the entry with the certificate created using the private key
> from that keystore is a single entry identified as PrivateKey. If you have
> a single certificate created from a private key in that keystore you will
> have only one entry, not two and it will be labeled as private key.
>
> In fact, it can be checked using the -v option to print details about each
> entry. This should be enough to identify without ambiguity which entry is
> what. This is what I recommend to do in order to understand what really is
> in the keystore. I doubt the alias root with the first entry in the
> keystore is actually the certificate needed here.
>
> Sean,
>
> print the details and you will have the alias and Common Name clearly
> identified on the output in a verbose format. Use the -v option to the
> keytool command for this. No need to post everything here if you are
> unsure.
>
> -
> Daniel Savard
>



Hello Daniel and all

Here is the output.. the full output

http://pastebin.com/AQckw6ig

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

On Fri, Jul 1, 2016 at 2:57 AM, Daniel Savard <daniel.sav...@gmail.com>
wrote:

> 2016-06-29 9:08 GMT-04:00 Sean Son <linuxmailinglistsem...@gmail.com>:
>
> > Hello Daniel
> >
> > Thank you for the information. Here is the output of the keytool command:
> >
> > Keystore type: JKS
> > Keystore provider: SUN
> >
> > Your keystore contains 2 entries
> >
> > root, Jun 16, 2016, trustedCertEntry,
> > Certificate fingerprint (SHA1):
> > 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8
> > {b81d8607-57e9-4c35-a058-cd46099e7797}, Jun 16, 2016, PrivateKeyEntry,
> > Certificate fingerprint (SHA1):
> > 6C:67:52:63:6B:EF:A2:3D:CD:A7:CB:64:99:99:4F:9C:3E:85:B9:AA
> >
> >
> > Is it possible that the error that I am seeing, is related to the fact
> > that I am using a wildcard certificate?
> >
>
> So, the first entry in the keystore isn't your certificate. As I told you
> before, if you do not specify explicitely the alias of the certificate so
> send, the first entry in the keystore is sent. In this case, root.
>
> The attribute to tell the connector which certificate to send, is keyAlias,
> however it seems your certificate has no alias in the keystore.
>
> -
> Daniel Savard
>


Thank you for the reply.  How would I go about specifying the alias of the
certificate?

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

Hello Daniel

Thank you for the information. Here is the output of the keytool command:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

root, Jun 16, 2016, trustedCertEntry,
Certificate fingerprint (SHA1):
27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8
{b81d8607-57e9-4c35-a058-cd46099e7797}, Jun 16, 2016, PrivateKeyEntry,
Certificate fingerprint (SHA1):
6C:67:52:63:6B:EF:A2:3D:CD:A7:CB:64:99:99:4F:9C:3E:85:B9:AA


Is it possible that the error that I am seeing, is related to the fact that
I am using a wildcard certificate?


Thanks



On Tue, Jun 28, 2016 at 5:09 PM, Daniel Savard <daniel.sav...@gmail.com>
wrote:

> 2016-06-28 16:24 GMT-04:00 Sean Son <linuxmailinglistsem...@gmail.com>:
> 
>
> >
> > as for the output to the keytool command:
> >
> > Isnt the output to that command, confidential information?
> >
> >
> No, there isn't anything confidential from the output of a simple -list. It
> doesn't display the private key or anything like that. It will  just show
> the list of certificates in your keystore.
>
> The first entry in the keystore will be the one sent back by the Tomcat
> server since you didn't specify any alias. So, I assume this is the
> intended behavior.
>
> Since you do not specify any trust store, the default trust store shipped
> with your version of Java will be used. If the clients trying to connect
> are not having certificats signed by one of these, it will fails. It may
> not be a problem in your case since you do not provide any details on the
> clients' certificates.
>
> Regards,
> -
> Daniel Savard
>

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

Here is the complete  configuration

 








as for the output to the keytool command:

Isnt the output to that command, confidential information?

Thanks

On Tue, Jun 28, 2016 at 4:06 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Sean,
>
> On 6/28/16 2:31 PM, Sean Son wrote:
> > Hey Philip
> >
> > So i was able to get the page to connect with SSL but I noticed
> > that when I clicked on the little icon that looks like a lock next
> > to https:// in the address bar, I saw this certificate error:
> > Certificate Error There are issues with the site's certificate
> > chain (net::ERR_CERT_COMMON_NAME_INVALID).
>
> This usually means that the URL you are using contains a hostname that
> doesn't match the TLS certificate's "common name".
>
> > Does that mean that SSL has been implemented incorrectly?
> >
> > Also I am trying to get an incoming connection through port 80 to
> > tomcat, to automatically redirect to port 8443 (or 443 which ever
> > you think is easiest to implement)  without having to use a reverse
> > proxy in front of it.  In my server.xml I have the following:
> >
> >  > connectionTimeout="2" redirectPort="8443" />   Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJXcti2AAoJEBzwKT+lPKRYYNAP/jimgUxO8gp1W0rOEhqeTszc
> yKjAhGQ6yjBE14mvDK+x2zO7+zw01fzqm3IbsyUeEHdSjo0YPQQl0/h15tnhatgA
> WuMYz78HyXVtB02FPc/gg82LXwI5GowpKRgd3phQ6f1UKOxpcIPZdOG2MvsbLgFG
> m8UX1qxhq34xkQBCkLv+sWd6sgAdGX3P6x/+qxCav3gr+8os5KHFofms6BUReIro
> hTRQ6XXIbB3VvOGC6uK/IXLcKtvf1v7Bv5NUsL4mWd9AFkwLl+VlSjdK055ubftp
> 6CKj5RUmJkJ06Y0Hy1dK4v9mjcMvM0VwsPcwU9E/GOKMMj0Q56EFVKQkroeLjdXj
> bYMPc8FNAG6eYUdlrSx5lfcDqhO/EmiUZXLJykBbPFmcke8jED1b31WdboMaJAce
> YuuYVUgia4+sP2w/u0bXdQB5ie6gYHecYwdhiIB/mYY74jVz6BeQ26x7EjS7w/WT
> 4eI5XbPX6JPtJe0e3WpRIe2Fk/pLQOdcHMbG+g0X69cbRtRcf7PT/feGbJzoC/qJ
> rUiE7okK98P9KawCV4lueV1b7whFAhJs6apGvIOs/1w296eZ60sM373ugF6ygc1b
> gQybFF/NgnwLrKk0A63retwLeSj2ImB0pl3NvJ9yxJZOy+OP4GalV6BJ5+yF5yz2
> UESskxe5+W3VYH8s1Ekt
> =6brz
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

Hey Philip

So i was able to get the page to connect with SSL but I noticed that when I
clicked on the little icon that looks like a lock next to https:// in the
address bar, I saw this certificate error:
Certificate Error
There are issues with the site's certificate chain
(net::ERR_CERT_COMMON_NAME_INVALID).

Does that mean that SSL has been implemented incorrectly?

Also I am trying to get an incoming connection through port 80 to tomcat,
to automatically redirect to port 8443 (or 443 which ever you think is
easiest to implement)  without having to use a reverse proxy in front of
it.  In my server.xml I have the following:



> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: Need help setting up SSL on Tomcat 8

[Sean Son]

Thank you for your reply Philip

yes I have and it still failed.. I can try again and let you know what
errors I am running into.

Thanks!



On Tue, Jun 28, 2016 at 2:15 PM, Philip Hachey  wrote:

> Have you tried following the steps found here?:
> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Need help setting up SSL on Tomcat 8

[Sean Son]

Hello all

I am stuck trying to set up SSL on Tomcat 8. I have tried all sorts of
advice and still I cannot get it to work.

I attempted to use the method describe on this website:

https://sysengineers.wordpress.com/2011/03/16/tomcat-automatic-redirect-https/

but I started to see the following errors in my catalina.2016-06.26.log
file:

WARNING [main] org.apache.catalina.startup.SetAllPropertiesRule.begin
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'SSLCertificateFile' to
'/home/user/apache-tomcat-8.0.35/ssl/certificate.crt' did not find a
matching property.
28-Jun-2016 10:44:20.495 WARNING [main]
org.apache.catalina.startup.SetAllPropertiesRule.begin
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'SSLCertificateKeyFile' to
'/home/user/apache-tomcat-8.0.35/ssl/certificate.key' did not find a
matching property.

So what I did was install openssl-devel and apr-devel and now those errors
have disappeared, but when I try to browse to the web application or the IP
of the server, I get the following error in the browser:

took too long to respond.

Try:

   - Reloading the page
   - Checking the connection
   - Checking the proxy and the firewall

I have no idea what I am doing wrong. I set up my Connector in server.xml
exactly the same way as the example in that website that I linked. Any
suggestions will greatly be appreciated!

Thanks!

Sean

Re: Need help with URL redirecting

[Sean Son]

On Mon, Jun 20, 2016 at 12:53 PM, Mekkelsen Madden, Steve <
steve.mekkelsenmad...@pega.com> wrote:

> One thing you could do is have an entry in your webapps\ROOT folder called
> like: MyAppRedirect.html  (name can be anything)
> Inside the file you need something like:
> 
>
> In your conf\web.xml at the bottom of it, you'll see 3 lines shown below:
> 
> index.html
> index.htm
> index.jsp
> 
>
> Change this to point to your MyAppRedirect.html page.
> 
> MyAppRedirect.html
> 
>
> That's a simple way to redirect your application.  Your DNS / reverse
> proxy could take care of the port # and users only need to call your
> application by name (https://callMyApplication.domain.com) when the
> DNS/reverse proxy redirects it to the server's port say 8088, the html file
> appends the remaining portion of the url to what the users typed.
>
>
> -Original Message-
> From: Sean Son [mailto:linuxmailinglistsem...@gmail.com]
> Sent: Monday, June 20, 2016 12:42 PM
> To: Tomcat Users List <users@tomcat.apache.org>; a...@ice-sa.com
> Subject: Re: Need help with URL redirecting
>
> On Fri, Jun 17, 2016 at 3:39 PM, André Warnier (tomcat) <a...@ice-sa.com>
> wrote:
>
> > Hi.
> > Another tip : on his list,mit is preferred if you respond in or below
> > the previous text.
> > That's why I moved your previous answer.
> > It makes it easier to follow the conversation without having to scroll
> > back and forth all the time.
> >
> > >
> >
> >>
> >> On Fri, Jun 17, 2016 at 12:03 PM, André Warnier (tomcat)
> >> <a...@ice-sa.com>
> >> wrote:
> >>
> >> On 17.06.2016 17:03, Sean Son wrote:
> >>>
> >>> Hello all
> >>>>
> >>>> I am new to the list. This is what i am trying to do but need help on:
> >>>>
> >>>>
> >>>> I have a webapp running on tomcat 8:
> >>>> https://myapp.example.com:8443/myapp
> >>>>
> >>>> I am going to set up a DNS record myapp.example.com which will
> >>>> point to the IP address of the tomcat server that hosts the
> >>>> webapp.. I want this new DNS record myapp.example.com to redirect
> >>>> to https://myapp.example.com:8443/myapp.
> >>>> In other words, I want the URL to redirect port 80 to the URL for
> >>>> the webapp automatically so the users will not have to enter in the
> >>>> port number whenever they want to browse to the webapp. I tried
> >>>> doing research on google and I was not able to find a straight
> >>>> forward way of doing this.
> >>>> Any
> >>>> help is greatly appreciated!
> >>>>
> >>>>
> >>>>
> >>>> The first thing you would have to check, is whether port 80 is
> >>>> still
> >>> free
> >>> on that server, or if there is already another webserver (e.g.
> >>> Apache
> >>> httpd) using it.
> >>>
> >>> The second thing to clarify is whether, apart from "myapp", there
> >>> are other web applications (not called "myapp") which you are
> >>> running or would want to run under Tomcat on that server.
> >>> If not, then you might want to run your application as the *default*
> >>> application, so that users would get to it with the URL "
> >>> https://myapp.example.com:8443/;, instead of "
> >>> https://myapp.example.com:8443/myapp;.
> >>> To do this first, have a look at :
> >>>   http://wiki.apache.org/tomcat/HowTo
> >>> and look at #17 : How do I make my web application be the tomcat
> >>> default application
> >>>
> >>> It will just be easier if you clear up the above points first,
> >>> because there are multiple possibilities, and it narrows down the
> >>> scope of the tips we can provide.
> >>>
> >>>
> > On 17.06.2016 18:43, Sean Son wrote:
> >
> >> Hello Andre
> >>
> >> thank you for your response.
> >>
> >> There are no other webservers running on this machine. There are
> >> other web apps as well, but the only way to access them is through
> >> myapp. So should I deploy myapp as the default app ?
> >>
> >>
> > Yes, I think that it will make the rest easier.
> > So do that, as per the instructions above, and then we will continue.
> >
> >
> >
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
> Thank you for the tidbit about how to reply :) So I used number 17 from
> the website and i deployed the war file as the ROOT.war file.  What should
> the next steps be?
>
>
> I thank you again for all of your help!
>


Thank you Steve for the suggestion. Will this work with out using a reverse
proxy? My management told me not to use a reverse proxy

Thanks

Re: Need help with URL redirecting

[Sean Son]

On Fri, Jun 17, 2016 at 3:39 PM, André Warnier (tomcat) <a...@ice-sa.com>
wrote:

> Hi.
> Another tip : on his list,mit is preferred if you respond in or below the
> previous text.
> That's why I moved your previous answer.
> It makes it easier to follow the conversation without having to scroll
> back and forth all the time.
>
> >
>
>>
>> On Fri, Jun 17, 2016 at 12:03 PM, André Warnier (tomcat) <a...@ice-sa.com>
>> wrote:
>>
>> On 17.06.2016 17:03, Sean Son wrote:
>>>
>>> Hello all
>>>>
>>>> I am new to the list. This is what i am trying to do but need help on:
>>>>
>>>>
>>>> I have a webapp running on tomcat 8:
>>>> https://myapp.example.com:8443/myapp
>>>>
>>>> I am going to set up a DNS record myapp.example.com which will point to
>>>> the
>>>> IP address of the tomcat server that hosts the webapp.. I want this new
>>>> DNS
>>>> record myapp.example.com to redirect to
>>>> https://myapp.example.com:8443/myapp.
>>>> In other words, I want the URL to redirect port 80 to the URL for the
>>>> webapp automatically so the users will not have to enter in the port
>>>> number
>>>> whenever they want to browse to the webapp. I tried doing research on
>>>> google and I was not able to find a straight forward way of doing this.
>>>> Any
>>>> help is greatly appreciated!
>>>>
>>>>
>>>>
>>>> The first thing you would have to check, is whether port 80 is still
>>> free
>>> on that server, or if there is already another webserver (e.g. Apache
>>> httpd) using it.
>>>
>>> The second thing to clarify is whether, apart from "myapp", there are
>>> other web applications (not called "myapp") which you are running or
>>> would
>>> want to run under Tomcat on that server.
>>> If not, then you might want to run your application as the *default*
>>> application, so that users would get to it with the URL "
>>> https://myapp.example.com:8443/;, instead of "
>>> https://myapp.example.com:8443/myapp;.
>>> To do this first, have a look at :
>>>   http://wiki.apache.org/tomcat/HowTo
>>> and look at #17 : How do I make my web application be the tomcat default
>>> application
>>>
>>> It will just be easier if you clear up the above points first, because
>>> there are multiple possibilities, and it narrows down the scope of the
>>> tips
>>> we can provide.
>>>
>>>
> On 17.06.2016 18:43, Sean Son wrote:
>
>> Hello Andre
>>
>> thank you for your response.
>>
>> There are no other webservers running on this machine. There are other web
>> apps as well, but the only way to access them is through myapp. So should
>> I
>> deploy myapp as the default app ?
>>
>>
> Yes, I think that it will make the rest easier.
> So do that, as per the instructions above, and then we will continue.
>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
Thank you for the tidbit about how to reply :) So I used number 17 from the
website and i deployed the war file as the ROOT.war file.  What should the
next steps be?


I thank you again for all of your help!

Re: Need help with URL redirecting

[Sean Son]

Hello Andre

thank you for your response.

There are no other webservers running on this machine. There are other web
apps as well, but the only way to access them is through myapp. So should I
deploy myapp as the default app ?

Thanks



On Fri, Jun 17, 2016 at 12:03 PM, André Warnier (tomcat) <a...@ice-sa.com>
wrote:

> On 17.06.2016 17:03, Sean Son wrote:
>
>> Hello all
>>
>> I am new to the list. This is what i am trying to do but need help on:
>>
>>
>> I have a webapp running on tomcat 8:
>> https://myapp.example.com:8443/myapp
>>
>> I am going to set up a DNS record myapp.example.com which will point to
>> the
>> IP address of the tomcat server that hosts the webapp.. I want this new
>> DNS
>> record myapp.example.com to redirect to
>> https://myapp.example.com:8443/myapp.
>> In other words, I want the URL to redirect port 80 to the URL for the
>> webapp automatically so the users will not have to enter in the port
>> number
>> whenever they want to browse to the webapp. I tried doing research on
>> google and I was not able to find a straight forward way of doing this.
>> Any
>> help is greatly appreciated!
>>
>>
>>
> The first thing you would have to check, is whether port 80 is still free
> on that server, or if there is already another webserver (e.g. Apache
> httpd) using it.
>
> The second thing to clarify is whether, apart from "myapp", there are
> other web applications (not called "myapp") which you are running or would
> want to run under Tomcat on that server.
> If not, then you might want to run your application as the *default*
> application, so that users would get to it with the URL "
> https://myapp.example.com:8443/;, instead of "
> https://myapp.example.com:8443/myapp;.
> To do this first, have a look at :
>  http://wiki.apache.org/tomcat/HowTo
> and look at #17 : How do I make my web application be the tomcat default
> application
>
> It will just be easier if you clear up the above points first, because
> there are multiple possibilities, and it narrows down the scope of the tips
> we can provide.
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Need help with URL redirecting

[Sean Son]

Hello all

I am new to the list. This is what i am trying to do but need help on:


I have a webapp running on tomcat 8:  https://myapp.example.com:8443/myapp

I am going to set up a DNS record myapp.example.com which will point to the
IP address of the tomcat server that hosts the webapp.. I want this new DNS
record myapp.example.com to redirect to https://myapp.example.com:8443/myapp.
In other words, I want the URL to redirect port 80 to the URL for the
webapp automatically so the users will not have to enter in the port number
whenever they want to browse to the webapp. I tried doing research on
google and I was not able to find a straight forward way of doing this. Any
help is greatly appreciated!


Thank you

Sean