I got Apache Tomcat running some app on RedHat server, now listening on port 8081. I want the app to listen to port 80, but not working. My RedHat server not using firewall so iptables has no relavance. How can i make it work? Here is my server.xml:
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="84431" />
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="80431"/>
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
Ports below 1024 can only be opened by a root user. So If you want tomcat to listen on port 80 you will need to start it as the root user.
Or else you can configure an Apache proxy to redirect traffic o port 80 to port 8081 on which tomcat will be listening on
Related
I've switched MDS access from HTTP into HTTPS.
Web interface works ok
Excel add-in generates an error during a connection attempt
The HTTP request was forbidden with client authentication scheme 'Negotiate'.
The remote server returned an error: (403)Forbidden. (System)
What should be done to work with excel using HTTPS?
The Web Application will continue to work after switching to SSL but the Excel add in will not. To resolve this you must edit the web.config of the Master Data Services web application. See below link for full details, I believe you would start at step 10 given context.
https://learn.microsoft.com/en-us/sql/master-data-services/install-windows/secure-a-master-data-manager-web-application?view=sql-server-ver15
In my experience the portion needed to make SSL work is already in the web.config but commented out, you just need to uncomment it out and comment out the section that is for Non SSL. Note there are two different sections.
This is what my bindings section in the web.config looks like after configuring for SSL.
<bindings>
<wsHttpBinding>
<binding name="mdsWsHttpBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
<!--Non-SSL implementations.-->
<!-- <security mode="Message"> -->
<!-- <message clientCredentialType="Windows" /> -->
<!-- </security> -->
<!--SSL implementations-->
<security mode="Transport">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
<basicHttpBinding>
<binding name="mdsBasicHttpBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
<!-- Non-SSL implementations.-->
<!-- <security mode="TransportCredentialOnly"> -->
<!-- <transport clientCredentialType="Windows" /> -->
<!-- </security> -->
<!-- SSL implementations -->
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
I am using Log4j Http appender to send data to Splunk using mule cloudhub. During the build it thorws the error:
ERROR Appenders contains an invalid element or attribute Http
and I am not seeing the data in Splunk.
The error happens with Log4j Configuration:
<Http name="Splunktest" url="myurl" token="mytoken"
disableCertificateValidation="true"></Http>
During the maven build it is throwing the mentioned error. Mule runtime version 3.8.4
Did anyone else face the same error?
Entire Log4j for reference
<!--These are some of the loggers you can enable.
There are several more you can find in the documentation.
Besides this log4j configuration, you can also use Java VM environment variables
to enable other logs like network (-Djavax.net.debug=ssl or all) and
Garbage Collector (-XX:+PrintGC). These will be append to the console, so you will
see them in the mule_ee.log file. -->
<Appenders>
<RollingFile name="file" fileName="${sys:mule.home}${sys:file.separator}logs${sys:file.separator}splunk.log"
filePattern="${sys:mule.home}${sys:file.separator}logs${sys:file.separator}splunk-%i.log">
<PatternLayout pattern="%d [%t] %-5p %c - %m%n" />
<SizeBasedTriggeringPolicy size="10 MB" />
<DefaultRolloverStrategy max="10"/>
</RollingFile>
<Http name="Splunktest" url="myurl" token="mytoken" disableCertificateValidation="true"></Http>
</Appenders>
<Loggers>
<!-- Http Logger shows wire traffic on DEBUG -->
<AsyncLogger name="org.mule.module.http.internal.HttpMessageLogger" level="WARN"/>
<!-- JDBC Logger shows queries and parameters values on DEBUG -->
<AsyncLogger name="com.mulesoft.mule.transport.jdbc" level="WARN"/>
<!-- CXF is used heavily by Mule for web services -->
<AsyncLogger name="org.apache.cxf" level="WARN"/>
<!-- Apache Commons tend to make a lot of noise which can clutter the log-->
<AsyncLogger name="org.apache" level="WARN"/>
<!-- Reduce startup noise -->
<AsyncLogger name="org.springframework.beans.factory" level="WARN"/>
<!-- Mule classes -->
<AsyncLogger name="org.mule" level="INFO"/>
<AsyncLogger name="com.mulesoft" level="INFO"/>
<!-- Reduce DM verbosity -->
<AsyncLogger name="org.jetel" level="WARN"/>
<AsyncLogger name="Tracking" level="WARN"/>
<AsyncRoot level="INFO">
<AppenderRef ref="file" />
</AsyncRoot>
<AsyncLogger name="splunk.logger" level="INFO" >
<AppenderRef ref="Splunktest" />
</AsyncLogger>
</Loggers>
The Http appender is not included in the log4j2 version used by the mule runtime 3.8.4.
As far as I know the latest version used in runtime 3.X.X is log4j2 2.8.2
and as you can see from the code here it doesn't define any Http appender.
The Http appender has been introduced in log4j2 2.10.0 ( code here) so you have 2 options:
bundle in you application the log4j2 version 2.10.0 and try to configure the classloader override as explained here
extract the Http appender class and it's dependencies from the version 2.10.0, package as a jar and import in your project, see picture below:
Hope this helps ...
I was trying to use new jclouds based discovery mechanism in Hazelcast 3.6 EA. However, couldn't make it work using exactly same credentials as for native AWS discovery. Here are two configs:
Native AWS (works):
<network>
<join>
<multicast enabled="false" />
<tcp-ip enabled="false" />
<aws enabled="true">
<access-key>AKIAXXXXXXXXXXXXX</access-key>
<secret-key>YYYYYYYYYYYYYYYYY</secret-key>
<region>eu-west-1</region>
<host-header>ec2.amazonaws.com</host-header>
</aws>
</join>
</network>
jclouds (doesn't work):
<properties>
<property name="hazelcast.discovery.enabled">true</property>
</properties>
<network>
<join>
<multicast enabled="false" />
<tcp-ip enabled="false" />
<aws enabled="false" />
<discovery-strategies>
<discovery-strategy class="com.hazelcast.jclouds.JCloudsDiscoveryStrategy" enabled="true">
<properties>
<property name="provider">aws-ec2</property>
<property name="identity">AKIAXXXXXXXXXXXXX</property>
<property name="credential">YYYYYYYYYYYYYYYYY</property>
<property name="regions">eu-west-1</property>
</properties>
</discovery-strategy>
</discovery-strategies>
</join>
</network>
More about setup: 2 instances which are part of the same Elastic Beanstalk application. Port 5701 is open publicly (for testing). DEBUG log level enabled for Hazelcast. AWS user has permission to perform ec2:describe*
With jclouds discovery enabled, each node only see itself:
DEBUG: Log4jFactory.java:93 [172.31.5.117]:5701 [dev] [3.6-EA] This node will assume master role since no possible member where connected to.
DEBUG: Log4jFactory.java:93 [172.31.5.117]:5701 [dev] [3.6-EA] This node is being set as the master
DEBUG: Log4jFactory.java:93 [172.31.5.117]:5701 [dev] [3.6-EA] PostJoin master: Address[172.31.5.117]:5701, isMaster: true
INFO : Log4jFactory.java:99 [172.31.5.117]:5701 [dev] [3.6-EA]
Members [1] {
Member [172.31.5.117]:5701 this
}
I see Hazelcast 3.6-EA release has issues with JClouds Integration and here is the fix for it.
https://github.com/hazelcast/hazelcast/pull/6651
Today I started to implement SSL in my Java EE project. Everything worked fine until I tried to directly access a protected area with an logged out customer. Instead of being redirected to the log in page, a single question mark appeared.
This behavior only produces FireFox, IE works fine
Without SSL, also FireFox works fine.
I'm using Tomcat 7.0 and JSF 2.1
The protected pages are:
Everything within SubDir /admin needs role ADMIN to be accessible
Everything within SubDir /customer needs role CUST to be accessible
The strange thing is that this question mark is displayed only by accessing some of the pages in SubDir /customer ! By trying to access all others (including those in /admin) the Login page is displayed correctly (All pages are structured in the same way).
Finally, I brought the web site up and running correctly by using the TCP port 443 instead of 8443. Now both browsers correctly display the login page before someone is able to access a protected page.
So my question. Does anyone have any idea why this behavior occurs if port 8443 is used? And is there a way that port 8443 can still be used?
Below you can find the tomcats server.xml file.
Thanks in advance!
<?xml version="1.0" encoding="UTF-8"?>
<Server
port="8005"
shutdown="SHUTDOWN" >
<Listener
SSLEngine="on"
className="org.apache.catalina.core.AprLifecycleListener" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource
name="UserDatabase"
auth="Container"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml"
type="org.apache.catalina.UserDatabase" />
</GlobalNamingResources>
<Service name="Catalina" >
<Connector
connectionTimeout="20000"
port="8080"
protocol="HTTP/1.1"
redirectPort="443" />
<Connector
SSLEnabled="true"
clientAuth="false"
keystoreFile="C:\Program Files (x86)\apache-tomcat-7.0.30\conf\BookStore.keystore"
keystorePass="myPwd"
maxThreads="200"
port="443"
protocol="HTTP/1.1"
scheme="https"
secure="true"
sslProtocol="TLS" />
<Connector
port="8009"
protocol="AJP/1.3"
redirectPort="443" />
<Engine
name="Catalina"
defaultHost="localhost" >
<Realm className="org.apache.catalina.realm.LockOutRealm" >
<Realm
className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />
</Realm>
<Realm
className="org.apache.catalina.realm.JDBCRealm"
connectionURL="jdbc:mysql://localhost/bookstore?user=bookstore&password=book$tore"
driverName="org.gjt.mm.mysql.Driver"
roleNameCol="role"
userCredCol="pwd"
userNameCol="eMail"
userRoleTable="roles"
userTable="customer" />
<Host
name="localhost"
appBase="webapps"
autoDeploy="true"
unpackWARs="true" >
<Valve
className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
pattern="%h %l %u %t "%r" %s %b"
prefix="localhost_access_log."
suffix=".txt" />
<Context
docBase="BookStore"
path="/BookStore"
reloadable="true"
source="org.eclipse.jst.jee.server:BookStore" />
</Host>
</Engine>
</Service>
</Server>
That question mark appears when you're trying to use http on a https connection. You can't see what protocol you are using because the default settings within FF hide the protocol.
Enter about:config within the browser url and look for browser.urlbar.trimURLs, and set it to false. Now you'll see the http:// in front of your browser url. Switch it to httpS and the question mark will disappear.
Edit: The url you are trying to access is shown in the tab, it's http instead of https.
I have the following settings:
1. Tomcat server.xml
<Server port="8005" shutdown="SHUTDOWN">
<Service name="Catalina">
<Connector port="8080"
maxHttpHeaderSize="8192" maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"
useBodyEncodingForURI="true" enableLookups="false"
redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<Connector port="8009"
enableLookups="false" redirectPort="8443"
protocol="AJP/1.3" />
2. worker.properties
[channel.socket:localhost:8009]
info=Ajp13 worker, connects to tomcat instance using AJP 1.3 protocol
tomcatId=localhost:8009
3. IIS
Has a website with port 80 that have isapiredirect filter enabled.
My initial guest is
"port HTTP80->HTTP8009->HTTPS8443"
"port HTTP8080->HTTP8443"
Your AJP Connector (8009) is not HTTP, it uses the AJP protocol
If a clients connects via IIS, the flow will be
IIS Http80 -> Tomcat AJP 8009
or via Https
IIS Https443 -> Tomcat AJP 8009
As far as I know the AJP13 protocol does not support encryption of the data involed in IIS to Tomcat communications, but you can set a parameter to let tomcat know that the front webserver is HTTPS so that request.isSecure() returns true.
Your connectors on pour 8080/8443 on tomcat will only be used if you connect directly to tomcat.