RE: security headers

2017-11-02 Thread Cheltenham, Chris
Mr. Shultz, I really appreciate your detailed answers. Helps me out a lot. I am now thinking big picture because my application does not require APR. May I ask this , what exactly does APR give me for apache-tomcat? I am thinking to scrap the whole APR install. The reason I am trying to

RE: security headers

2017-11-02 Thread Cheltenham, Chris
: Thursday, November 2, 2017 9:36 AM To: users@tomcat.apache.org Subject: Re: security headers You seem to be responding on the wrong thread, but here are some answers anyway (will save Christopher some typing) On 02.11.2017 13:55, Cheltenham, Chris wrote: > Mr. Shultz, > > I really apprec

RE: apr

2017-10-31 Thread Cheltenham, Chris
e: apr On 31/10/17 12:19, Cheltenham, Chris wrote: > Mark, > > I am not sure what you are saying. > > I tried apr 1.4.8 through 1.6.2 > With > Tnative 1.1.16 through 1.2.14 > > I get the same openssl error every time. > > I am using CentOS's install and its 1.0.2k FIPS

RE: apr

2017-10-31 Thread Cheltenham, Chris
Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Tuesday, October 31, 2017 12:47 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: apr On 31/10/17 14:41, Cheltenham, Chris wrote: > Thanks Mark ,

RE: apr

2017-10-31 Thread Cheltenham, Chris
# 215-301-6571 -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, October 31, 2017 11:48 AM To: users@tomcat.apache.org Subject: Re: apr -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 10/31/17 10:41 AM, Cheltenham, Chris wrote

RE: apr

2017-10-31 Thread Cheltenham, Chris
, On 10/31/17 10:41 AM, Cheltenham, Chris wrote: > Thanks Mark , but where in the error logs do you see I am building > against 1.0.1? > > 31-Oct-2017 10:40:15.243 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded > APR based Apache Tomcat Native libr

RE: apr

2017-10-31 Thread Cheltenham, Chris
ers@tomcat.apache.org> Subject: Re: apr On 30/10/2017 17:49, Cheltenham, Chris wrote: > Hello Everyone, > > Using OpenSSL 1.0.2k-fips > > I am trying to install the apr. > > I used several different versions of APR 1.4 through 1.6 > > Then I compiled tnative 1.1.16, 1.2.x The

apr

2017-10-30 Thread Cheltenham, Chris
Hello Everyone, Using OpenSSL 1.0.2k-fips I am trying to install the apr. I used several different versions of APR 1.4 through 1.6 Then I compiled tnative 1.1.16, 1.2.x When I start tomcat I get the same message each time. 30-Oct-2017 12:51:14.602 INFO [main]

RE: apr

2017-10-30 Thread Cheltenham, Chris
, 2017 3:17 PM To: users@tomcat.apache.org Subject: Re: apr Hi Chris, Did you recompile APR with FIPS? You must completely compile tcnative.dll. Marcus From: Cheltenham, Chris <ccheltenham-...@philasd.org> Sent: Monday, October 30, 2017 1:49 PM To:

log4j

2018-05-18 Thread Cheltenham, Chris
Hello, How do I configure Tomcat 8.5.x to use log4j? Is there a good document to follow? I am not very familiar with java but it looks like you configure to logs to accept java logging for Tomcat. === Thank You; Chris Cheltenham Technology Services

Running as user tomcat

2018-02-23 Thread Cheltenham, Chris
Hello All, I am trying to run tomcat as a non root user. It will start as the tomcat user but it will not bind to connector 443 unless it starts as root. Does anyone know why? 23-Feb-2018 09:14:59.140 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to

RE: Running as user tomcat

2018-02-23 Thread Cheltenham, Chris
, February 23, 2018 12:53 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Running as user tomcat Hi Chris, > Am 23.02.2018 um 18:36 schrieb Cheltenham, Chris > <ccheltenham-...@philasd.org>: > > Hello All, > > I am trying to run tomcat as a no

RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?

2017-12-22 Thread Cheltenham, Chris
Eric, If you have upgraded java along with tomcat then yes that it is very probable. You can restrict how much memory java can use however, if it is consuming too much memory. -Xmx and –Xms startup parameters. However, you may be jeopardizing performance. In this case you can only add

RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?

2017-12-22 Thread Cheltenham, Chris
Eric, Just curious how much ram do you have in the server and cpu resources. #free -m and # cat /proc/cpuinfo | egrep 'cores|processor' (Not to insult your intelligence , I am just specifying what I was curious to see) And it's always easier to copy/paste than to think. I see in another

RE: Binding a non root user to port 443

2018-03-13 Thread Cheltenham, Chris
inding a non root user to port 443 On Tue, Mar 13, 2018 at 11:18 AM, Cheltenham, Chris <ccheltenham-...@philasd.org> wrote: > I may lobby for iptables but the admins are pushing back. "pushing back" because of laziness or actual reasons? -- Hassan Schroeder -

RE: Binding a non root user to port 443

2018-03-13 Thread Cheltenham, Chris
IN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 3/13/18 1:26 PM, Cheltenham, Chris wrote: > Is there a way to redirect ports 80 and 443 to 8443. > > I have a non root user but I cannot use CentOS firewalld nor iptables. How about authbind? > I have tried these things. > >

RE: Binding a non root user to port 443

2018-03-13 Thread Cheltenham, Chris
-Original Message- From: Hassan Schroeder [mailto:hassan.schroe...@gmail.com] Sent: Tuesday, March 13, 2018 2:40 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Binding a non root user to port 443 On Tue, Mar 13, 2018 at 11:18 AM, Cheltenham, Chris <cc

RE: Binding a non root user to port 443

2018-03-13 Thread Cheltenham, Chris
...@christopherschultz.net] Sent: Tuesday, March 13, 2018 2:03 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Binding a non root user to port 443 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 3/13/18 1:26 PM, Cheltenham, Chris wrote: > Is there a way to redirect

Binding a non root user to port 443

2018-03-13 Thread Cheltenham, Chris
Hello Everyone, Is there a way to redirect ports 80 and 443 to 8443. I have a non root user but I cannot use CentOS firewalld nor iptables. I have tried these things. But it still fails. === Thank You; Chris Cheltenham Technology Services The School

RE: Binding a non root user to port 443

2018-03-13 Thread Cheltenham, Chris
Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, March 13, 2018 2:03 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Binding a non root user to port 443 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 3/13/18 1:26 PM, Chel

RE: Binding a non root user to port 443

2018-03-14 Thread Cheltenham, Chris
Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Olaf Kock [mailto:tom...@olafkock.de] Sent: Wednesday, March 14, 2018 11:59 AM To: users@tomcat.apache.org Subject: Re: Binding a non root user to port 443 On 14.03.2018 16:02, Cheltenham, Chris wrote: > Chris, > >

RE: Binding a non root user to port 443

2018-03-15 Thread Cheltenham, Chris
# 215-301-6571 -Original Message- From: André Warnier (tomcat) [mailto:a...@ice-sa.com] Sent: Wednesday, March 14, 2018 6:45 PM To: users@tomcat.apache.org Subject: Re: Binding a non root user to port 443 Hi. On 14.03.2018 18:21, Cheltenham, Chris wrote: > Ok , I thank you guys for be

RE: Binding a non root user to port 443

2018-03-14 Thread Cheltenham, Chris
Coty, Oh this thread was long ago and answered by someone else. Thanks === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Cheltenham, Chris

RE: Binding a non root user to port 443

2018-03-14 Thread Cheltenham, Chris
Hello Coty, I am not sure what you mean? === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent:

RE: Binding a non root user to port 443

2018-03-14 Thread Cheltenham, Chris
- Hash: SHA256 Chris, On 3/14/18 10:02 AM, Cheltenham, Chris wrote: > Oh this thread was long ago and answered by someone else. You asked the same question on 2018-03-02, and got many replies including the ones I gave in this thread. Actually, I replied as well. Previous thread: https://markmail.

tomcat

2018-04-05 Thread Cheltenham, Chris
There is a behavior I see in tomcat at times which is puzzling to me. Sometimes when I start up tomcat it doesn't log anything. Maybe I am restarting ti to fast? I don't have any other symptoms to report other than . sometimes when a start tomcat it does not log anything. Does

RE: tomcat

2018-04-05 Thread Cheltenham, Chris
:08 AM, Cheltenham, Chris wrote: > There is a behavior I see in tomcat at times which is puzzling to me. > > Sometimes when I start up tomcat it doesn’t log anything. To which files? Any of them? > Maybe I am restarting it too fast? Possibly. How are you restarting it? > I don’t ha

RE: tomcat

2018-04-05 Thread Cheltenham, Chris
-Original Message- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Thursday, April 5, 2018 12:45 PM To: users@tomcat.apache.org Subject: Re: tomcat -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 4/5/18 11:13 AM, Cheltenham, Chris wrote: > Thanks for

setupenv.sh

2018-04-20 Thread Cheltenham, Chris
Hello, I have been trying to find out what this meand starting up Tomcat to no avail. Please help. I mean -d64 that is. JAVA_OPTS="-d64" === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell #

RE: setupenv.sh

2018-04-20 Thread Cheltenham, Chris
r 64-bit env, this is valid only certain unix(solaris) env, windows and linux have their own 32-bit or 64-bit java installations. On Fri, Apr 20, 2018 at 8:32 AM, Cheltenham, Chris < ccheltenham-...@philasd.org> wrote: > Hello, > > > > I have been trying to find out what this meand

RE: setupenv.sh

2018-04-20 Thread Cheltenham, Chris
hen an error will be reported. By default, the application is run in a 32-bit environment unless a 64-bit system is used. Thanks, Robert From: Cheltenham, Chris <ccheltenham-...@philasd.org> Sent: Friday, April 20, 2018 6:32 AM To: 'Tomcat Users List' <users@tomcat.apache.org&

Re: Binding a non root user to port 443

2018-03-16 Thread Cheltenham, Chris
mcat.apache.org> Sent: Friday, March 16, 2018 7:21:26 AM Subject: Re: Binding a non root user to port 443 Chris, On 15.03.2018 13:34, Cheltenham, Chris wrote: > Andre, > > You probably missed where I had mentioned the infrastructure group poo poo'd > altering iptables for whatev

RE: Running Tomcat 9 using OpenJDK 10

2018-03-02 Thread Cheltenham, Chris
Yes , I was able to start up tomcat 9.0.4 with the corresponding java. One thing that was annoying was that $JAVA_HOME/jre/lib/security dorectory has changes to $JAVA_HOME/lib/security. Not a big deal but if you are using certs it is. Now, the applications is used did not like java 9 , so I

RE: tomcat 8.5.28

2018-03-02 Thread Cheltenham, Chris
...@christopherschultz.net] Sent: Friday, March 2, 2018 11:55 AM To: users@tomcat.apache.org Subject: Re: tomcat 8.5.28 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Olaf, On 3/2/18 9:30 AM, Olaf Kock wrote: > On 02.03.2018 15:22, Cheltenham, Chris wrote: >> From: Cheltenham, Chris [mailto:cc

RE: Security of AJP

2018-02-28 Thread Cheltenham, Chris
Since AJP is not really needed by Tomcat; If I comment out the AJP startup line in server.xml will that affect anything. I still don’t even understand what its for. I have read the apache docs but it doesn’t mean anything to me.. Apache's description doesn't tell me anything. The AJP Connector

RE: Security of AJP

2018-02-28 Thread Cheltenham, Chris
s done in the front system and if necessary it is proxied to Tomcat via AJP. You take HTTP request from that system, put it in an AJP record and send it over TCPIP to Tomcat's AJP connector. Is it more clear now? -Original Message- From: Cheltenham, Chris [mailto:ccheltenham-...@phila

RE: Security of AJP

2018-02-28 Thread Cheltenham, Chris
Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, February 28, 2018 9:26 AM To: users@tomcat.apache.org Subject: Re: Security of AJP -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 2/28/18 8:40 AM, Cheltenham, Chris wrote: > Since AJP is not really needed by Tomcat; If I comm

RE: [OT] Security of AJP

2018-02-28 Thread Cheltenham, Chris
In this case are you tunneling into tomcat via 8009 AJP connector? === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Christopher Schultz

RE: tomcat 8.5.28

2018-03-02 Thread Cheltenham, Chris
[mailto:ma...@apache.org] Sent: Friday, March 2, 2018 9:39 AM To: Tomcat Users List <users@tomcat.apache.org>; Olaf Kock <tom...@olafkock.de> Subject: Re: tomcat 8.5.28 On 02/03/18 14:30, Olaf Kock wrote: > > > On 02.03.2018 15:22, Cheltenham, Chris wrote: >> What

RE: Security of AJP

2018-03-02 Thread Cheltenham, Chris
--- >> Hash: SHA256 >> >> Chris, >> >> On 2/28/18 8:40 AM, Cheltenham, Chris wrote: >>> Since AJP is not really needed by Tomcat; If I comment out the AJP >>> startup line in server.xml will that affect anything. >>> >>> I still don't

tomcat 8.5.28

2018-03-02 Thread Cheltenham, Chris
Hello, Has anyone set up tomcat as a non-root use? I have set it up successfully however, I have to bound the non-root user to port 8443. What is the best way to reroute 8443 through 443? There are several options. Everything is set up at send to port 443 so I need to reroute 8443

RE: tomcat 8.5.28

2018-03-02 Thread Cheltenham, Chris
ftware specialist. From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] Sent: Friday, March 02, 2018 9:08 AM To: 'Tomcat Users List' <users@tomcat.apache.org> Subject: tomcat 8.5.28 Hello, Has anyone set up tomcat as a non-root use? I have set it up successfully however, I have to b

RE: tomcat 8.5.28

2018-03-02 Thread Cheltenham, Chris
] Sent: Friday, March 2, 2018 9:49 AM To: users@tomcat.apache.org Subject: Re: tomcat 8.5.28 On 02.03.2018 15:41, Cheltenham, Chris wrote: > Mark, > > Can you elaborate on what is going on there? > What trolls? > I don’t know what that means. See : https://en.wikipedia.org/wiki

RE: tomcat 8.5.28

2018-03-02 Thread Cheltenham, Chris
ervice iptables save On 2 March 2018 at 15:08, Cheltenham, Chris <ccheltenham-...@philasd.org> wrote: > Hello, > > > > Has anyone set up tomcat as a non-root use? > > > > I have set it up successfully however, I have to bound the non-root > user to port 8443. &g

RE: tomcat 8.5.28

2018-03-02 Thread Cheltenham, Chris
All, I am not sure is this out of scope with Tomcat's policies? === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Cheltenham, Chris [mailto:ccheltenham