-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 8/4/20 20:20, James H. H. Lampert wrote:
> I am once again attempting to get our development AWS box switched
> over to Let's Encrypt.
>
> This time, I've managed to get the httpd server working with the
> Let's Encrypt cert.
This is far easier than doing it with Tomcat (unfortunately for us).
Before you go too much farther: why not just use httpd and be done
with it?
And if you are going to AWS, you could use an AWS application load
balancer and free auto-renewing certificates from AWS. If you don't
trust AWS's networking to isolate your traffic from lb -> worker
nodes, you can use self-signed certificates with large expiration
dates or something like that.
Just an option for you.
> And this time, I've even managed to get Tomcat 8.5 to use it
> without crashing on takeoff. It's not yet on speaking terms with
> Chrome, but Firefox can access it just fine. And that's when I
> noticed the weirdness:
>
> The mere act of spinning up a spot instance from last night's
> backup caused Tomcat to update itself to the latest version (from
> 8.5.40 to 8.5.57).
That's ... unusual. I can assure you that neither Tomcat nor any Linux
distro I know would auto-upgrade anything like that. Sure you don't
have anything like that installed after-market?
> This would not be a bad thing in and of itself, except for two
> side effects: First, the default ROOT context was overlaid onto our
> ROOT context!
Wah wah.
> Second, Manager was disabled!
Wah wah.
Are you using "split" CATALINA_HOME and CATALINA_BASE?
> I spun up a new spot instance, the same way I did the one I'm using
> for my experiments, and sure enough, the ROOT context was changed:
> eleven files were added, and an undetermined number were changed.
>
> The other contexts appear to all be there, but the "examples"
> context, which we remove from all our working Tomcat installations,
> was added back in.
>
> But our server.xml appears to be completely intact, and so does
> our tomcat-users.xml.
>
> Yet, as I said, Manager is disabled.
>
> Can anybody shed any light on what happened?
Try this:
1. Get your server into a state with the "old" version of Tomcat.
2. Take a snapshot so you can get back here (or prepare to trash the nod
e)
3. Do a "chown -R root:root /path/to/tomcat"
4. Do a "chmod -R a= /path/to/tomcat5
5. Relaunch the instance and look for errors
That might still not do anything if whatever process is upgrading
Tomcat is running as root and "fixes" everything.
You could also look in /etc/init.d/* for interesting things, or
/etc/rc.local, or anything in /etc/systemd depending upon what flavor
of Linux you are running. Those places have scripty-like things which
usually get run on startup. Maybe:
$ grep -i tomcat $( find /etc -type f )
?
Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8sHxgACgkQHPApP6U8
pFhHJQ//WErtFN1kVlMbSQqtNjyYbhfsv7V8CKCYXpsAJ6wAOjIflE2sf3t391s1
0L4uIgFZZWsnPyB96bdzr6lOf4swfPWCwK+thzqcm+vrzPdgFPiwxwL/rhVn99Zf
RxQcC8kgjfI6L9GfDS/m3qJYLMYH+w8+bUn3mlZYCX7GODvmQ/96YE+HMiados/O
XVuGxkDEQMHXL01mqo8NLGTTG2q3FnrSprEAVaxNYV6P3hoQNbcxBDEBS3rS9SXf
y4hTbFm8RtaA73RS5lllh5NTRrM+k5ed6K1Nj4FGwVzHKyXcBdqV7RIKi0bJH4Z0
I/W8GcVtqv5EBS/Ox++yo3yjSIfSv1doOgnQ1wrDxMSDxmUUjhQITR4XF66/HE7H
riD6rIsyIymXKfpbCEnO+EpsnmNJz1sVtP7oWlMiN9TqIoQDKXNMBexYyjGVBN0I
1Mpsl0DvkzS7AqBCUpsMyFpdJr4qVjCIxfPaqV4b56C0QdOWhWDAnz2TKifyS8Dn
+pgU9iL3tWaTi0NL3i2a3ugQHh0BCrgRmM21FBf6bQVeJHSzZ4lvRkRon6q+di0C
7ECztmifIqaNnp4QlCg2s0TzAAyBUw0m3r+Vr61cPBSeU5G3CsXEn+lT/ZZ9rpQe
QbrzFSG+glTiq/OGUFp0AL6tLYiLLSeUlPjxHOB9aXHHiOgcxSc=
=rd2M
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
