testing server uses centos 7 and tomcat 9
originally, testing server tomcat use http, this tomcat contains 4 web apps: a.war, b.war, c.war and d.war, it works fine and its server.xml looks like:
<Connector
port="80"
protocol="HTTP/1.1"
connectionTimeout="60000"
keepAliveTimeout="15000"
maxKeepAliveRequests="-1"
maxThreads="1000"
minSpareThreads="200"
maxSpareThreads="300"
minProcessors="100"
maxProcessors="900"
acceptCount="1000"
enableLookups="false"
executor="tomcatThreadPool"
maxPostSize="-1"
compression="on"
compressionMinSize="1024"
redirectPort="443" />
then i tried to use https with self signed ssl via keytool:
<Connector
port="443"
protocol="HTTP/1.1"
minSpareThreads="5"
maxSpareThreads="75"
enableLookups="true"
disableUploadTimeout="true"
acceptCount="100"
maxThreads="200"
maxPostSize="-1"
scheme="https"
secure="true"
SSLEnabled="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="/opt/test.keystore"
keystorePass="123456"/>
however, after login, my webapp always shows loading:
I checked the log and found that there was an exception nullpointerexception because request.getParameter('key') returns null(actually both request.getParameterMap() and request.getParameterNames() return empty), but from the browser network, this parameter has been sent.
sometimes there is no any error in the log, but my webapp still always shows loading.
for #1 above, when login success, a.war will send requests to b.war, c.war and d.war, the request parameters includes an array(has 85 items and each item contains 7 fields) and key.
if i remove the array from the request parameter, only keep the request parameter key, then there is no always shows loading in https.
after checked the tomcat documents, i tried to change protocol for https connector.
If i changed the protocol from HTTP/1.1 to org.apache.coyote.http11.Http11Nio2Protocol, then there is no any problem in https, and i can send the request parameter array too.
so i don't understand:
send request parameter array(has 85 items and each item contains 7 fields) and key in https with protocol HTTP/1.1 sometimes will cause request.getParameterMap(), request.getParameterNames() return empty and request.getParameter('key') return null
why if i remove request parameter array in https with protocol HTTP/1.1, then it works fine.
why there is no any problem in http with protocol HTTP/1.1
why using org.apache.coyote.http11.Http11Nio2Protocol in https can solve my problems.
Related
I have an application which is hosted on AWS instance and we used elastic load balancer with AWS SSL certificate. We used tomcat server. As we used AWS SSL certificate we have not configured 443 port on tomcat. Now we want to implement two way SSL certificate. I have searched for the same but most of the information is saying use SSLEnable=true in tomcat's server.xml but this will not work in my case. Can someone please help me in this situation to implement Two way SSL.
This is how i've setup it,
(server.xml)
<Connector
port="8081"
protocol="HTTP/1.1"
proxyPort="443"
scheme="https"
secure="true"
proxyName="mydomain.com"
connectionTimeout="50000"
URIEncoding="UTF-8"
redirectPort="8443" />
I bound my tomcat server to a specific address of a VM it's running on in order to open it up to HTTP requests on port 8443 like thus.
<Connector port="8443" protocol="HTTP/1.1"
address="192.168.122.15"
connectionTimeout="20000"
redirectPort="8443" />
Now the server times out even if I set the start timeout timer to 600 seconds (10 minutes)
I tried the following:
https://jfrog.com/knowledge-base/tomcat-takes-forever-to-start-what-can-i-do/
Tomcat 7 times out during start up
Neither of these solutions work.
Please check connection port and redirection one, as you are trying to redirect to the same port you are binding:
<Connector port="8443" [....] redirectPort="8443" />
Regards.
I have been trying to run my java spring project in HTTPS mode in my localhost.
The project works perfectly in HTTP but form some features, i need it to run in HTTPS
i have changed the default port to 8443 in the server.xml in tomcat. When i run the spring project, its URL shows https://localhost:8443 instead of localhost:8080 but the page does not load. It says page not found.
Please help me resolve this issue.
You need to set up a Connector that listens on port 8443 and a SSL certificate (keystore file in the example below, set the location as you see fit):
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${user.home}/keystore" keystorePass="tomcat" keyAlias="tomcat"/>
You can buy a SSL certificate or locally sign it yourself (although you’ll get a browser exception that will ask manual confirmation to accept it). To do the latter you can use Java’s keytool.
I want to enable gzip compression on tomcat6 for files larger than 2048 bytes. I therefore set the Connector:
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
compression="on"
compressionMinSize="2048"
compressableMimeType="text/html,text/xml,text/css,application/javascript,application/json"
/>
However, the compressionMinSize parameter does not seem to work. In the Response Header I always get:
Content-Encoding:gzip
even for small responses (e.g. request size 376B, content size 213B)
Am I missing something?
The compressionMinSize option is only present in Tomcat 7.0 and up. For Tomcat 6.0 you should use compression="2048" to achieve the same effect.
Hi i have configured SSL in tomcat 5.5, server.xml entry is as below.
**
<Connector port="6922" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="/home/mrsx/cert/keystore.keystore"
keystorePass="XXXX"
truststoreFile="/home/mrsx/cert/keystore.keystore"
truststorePass="XXXXX" clientAuth="true" sslProtocol="TLS" />
**
When CLient is trying to access application, application is throwing exception because of "javax.servlet.request.X509Certificate" parameter in request is NULL.
i have created a keystore and imported CA certs to the keystore.. Can any one please tell me why i am Getting NULL certificates. I have not imported any client certificates in keystore.
Based on what you have given above, the SSLEnabled="true" statement is missing.
If that does not help, try adding ssl debugging on the client side and you should be able to obtain some more details.
As #Krroae27 pointed out, you have enabled two way SSL/TLS:
clientAuth="true"
Only do this if you expect clients to provide credentials using certificates. If you are going to do this you usually need to setup a Realm configuration like tomcat-users.xml that will map client certificates to a local principal.