i enabled both non-ssl(8440) connector and ssl(8445) connector in server.xml, when ever i started the server it redirects me to "http://localhost:8445/" but i given this port in ssl connector.
When i am trying to access http://localhost:8440 , it allows me to enter application ( it must redirect to the ssl port as i given redirect port)
every thing working fine , if i removed non-ssl connector.
tomcat version : tomcat 5.0.28
-thanks in advance
My server.xml entries
<Connector port="8440" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8445" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
connectionTimeout="20000" debug="0" disableUploadTimeout="true"
emptySessionPath="true" enableLookups="false" maxThreads="150"
minSpareThreads="25" name="SSL" port="8445" scheme="https"
secure="true" sslProtocol="TLS"/>
server.xml file
<!-- Test entry for demonstration purposes -->
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<Resource auth="Container" description="User database that can be updated and saved" name="UserDatabase" type="org.apache.catalina.UserDatabase">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
<Connector acceptCount="100" connectionTimeout="20000" debug="3" disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="WebServer" port="8440" redirectPort="8445"/>
<Engine debug="0" defaultHost="localhost" name="Catalina">
<Realm allRolesMode="strictAuthOnly" appName="myapp" className="com.authentication.CustomJAASRealm" roleClassNames="com.authentication.RolePrincipal" userClassNames="com.authentication.UserPrincipal">
</Realm>
<Host appBase="webapps" autoDeploy="false" debug="0" name="localhost" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false">
<Valve className="org.apache.catalina.authenticator.SingleSignOn" debug="0"/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%u %U %S "%{Referer}i" %a %A %m %t %D %b %s "%{User-Agent}i"" prefix="access_log." resolveHosts="false" rotatable="false" suffix="txt"/>
<Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true"/>
<Context debug="0" docBase="${home}/webapps" path=""/>
<Context appBase="webapps" debug="0" docBase="${home}/help/" path="/help" reloadable="true"/>
</Host>
</Engine>
Please always read the documentation that help you to learn. You can check it HERE.
Go to your $TOMCAT_HOME/conf/server.xml and change redirect port:
<Connector port="8080"
enableLookups="false"
redirectPort="8440" />
<Connector port="8440" protocol="HTTP/
enableLookups="false"
redirectPort="8445" />
Cheers!!
Related
I have multiple services defined in server.xml and below is the one which i need to restart(stop and start again) using tomcat manager application/api.
<Service name="myService">
<Executor name="myExecutorPool" namePrefix="my-http-pool"
maxThreads="10" minSpareThreads="1"/>
<Connector
port="8701" protocol="org.apache.coyote.http11.Http11Nio2Protocol" SSLEnabled="true"
executor="myExecutorPool"
maxSavePostSize="-1"
scheme="https" secure="true"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100"
sslEnabledProtocols="${sslEnabledProtocolsMediumSecurity}" server=" "
allowUnsafeLegacyRenegotiation="false"
clientAuth="want"
bindOnInit="false"
URIEncoding="UTF-8"
useBodyEncodingForURI="true"
keystoreType="PKCS11"
keyAlias="server"
trustManagerClassName="com.example.com.myproj.cert.RestTrustManager"
sendReasonPhrase="true"
sslImplementationName="com.example.com.myproj.cert.MyProjImplementation"
ciphers="${tls.ciphers}"
/>
<Engine name="myEngine" defaultHost="localhost">
<Valve className="org.apache.catalina.valves.MethodsValve" methodsSupported="GET,POST,PUT,DELETE,HEAD" />
<Host name="localhost" appBase="mywebapp"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="../webapps/ROOT" >
<Valve className="org.apache.catalina.valves.RedirectValve" sendToApp="/myapp/" />
</Context>
</Host>
</Engine>
</Service>
When i do curl -username:password http://localhost:8080/manager/text/list , i don't see this above service listed. It means i assume that, this service is not running as a separate service but contained inside appserver.
So i won't be able to do something like http://localhost:8080/manager/text/reload?path=/myService.
Can you please help here, how do i stop/start (restart) this particular service using tomcat manager app?
If JMX can be used here, can you please provide any links/resources for the same mentioning how to do that?
My application use ssl in tomcat, and run fine when I use port 8080, when I access http://localhost:8080, it redirect to https://localhost:8443.
But when I use a non 8080 port (8081,8082, etc) and I access http://localhost:8081 (or http://localhost:8082, etc), it does a infinite redirect loop to http://localhost:8081 (or http://localhost:8082, etc)
here my server.xml with 8080
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector SSLEnabled="true" clientAuth="false" keyAlias="key" keystoreFile="webapps/ROOT/META-INF/my.keystore" keystorePass="pass" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
</Server>
and here my server.xml with 8081
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector SSLEnabled="true" clientAuth="false" keyAlias="key" keystoreFile="webapps/ROOT/META-INF/my.keystore" keystorePass="pass" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
</Server>
Can anyone help me?
I'm using tomcat 6
Another thing to try is to forcibly enable HTTPS for all the apps, in the default web.xml (it should be in tomcat/conf folder next to server.xml),
by adding the following to it:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Note: The below applies to the Tomcat instances with ARP enabled (i.e. most Linux-based installations), but as OP is running a windows-based Tomcat, with the ARP connector already disabled (or not available), it does not apply to him.
Not sure on why do you get a redirect loop, but an apparent problem with your configuration is that you have the APR (native) SSL connector enabled, which does not really work with "keystoreFile", so you should be getting error messages like that in your logs:
java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR
and SSL should not function for you at all, regardless of a port number used.
And easiest way to defeat it, is to comment out the APR listener:
<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> -->
to make Tomcat use JSSE connector implementation instead.
I created a RESTful web service using auto generated entity classes with netbeans. I also used maven. I deployed this in tomcat 8 as localhost. I do see the index page, but I cannot access any endpoints. I initially ran this locally on Glassfish server and it worked fine.
I tried test resource uri in netbeans but it says,
Unable to open resource URL : localhost:8080//api/activity
Here is my server.xml file from apache tomcat.
<?xml version="1.0" encoding="UTF-8"?>
--><Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<GlobalNamingResources>
<Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>
<Service name="Catalina">
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
<Engine defaultHost="localhost" name="Catalina">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log" suffix=".txt"/>
<Context antiJARLocking="true" docBase="C:\xxx\yyyy\apache-tomcat-8.0.36\apache-tomcat-8.0.36\wtpwebapps\xxDBWithMaven" path="/VoyateDBWithMaven" reloadable="true" source="org.eclipse.jst.jee.server:VoyateDBWithMaven"/></Host>
</Engine>
</Service>
</Server>
Is there anyway I can fix this so the resources can be accessed? It's confusing because the application gets deployed and the index file is displayed.
Unable to open resource URL : localhost:8080//api/activity
You have two slashes between "localhost:8080" and "api/activity". Remove one in the configuration where you specify the path: api/activity instead of /api/activity.
I've followed this guide so as to setup my Tomcat 8 instance with SSL layer, producing a client and server keystores and a public client certificate autosigned.
The issue is, I guess, that I don't really know how to configure Tomcat's Connector...
Here you are my current server.xml file (removed unnecessary comments):
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<GlobalNamingResources>
<Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>
<Service name="Catalina">
<Connector connectionTimeout="40000" port="9090" protocol="HTTP/1.1" redirectPort="8443"/>
<!-- I've also tried using these ones: -->
<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" /> -->
<!--<Connector clientAuth="true" port="8443" minSpareThreads="5"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys/server.jks" keystoreType="JKS" keystorePass="triple1327"
truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys/server.jks" truststoreType="JKS" truststorePass="triple1327"
sslProtocol="TLS" />-->
<!-- Don't work on tomcat8:
maxSpareThreads="75"
SSLVerifyClient="require"
SSLEngine="on"
SSLVerifyDepth="2"
-->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys\server.jks" keystoreType="JKS" keystorePass="triple1327"
truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys\server.jks" truststoreType="JKS" truststorePass="triple1327"
/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine defaultHost="localhost" name="Catalina">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log" suffix=".txt"/>
<Context path="/rutas" docBase="C:\Users\IN006\cavwebapp" reloadable="true" crossContext="false">
</Context>
</Host>
</Engine>
</Service>
</Server>
Using this, I've tried to access to the tomcat welcome page:
localhost:8443
https://localhost
https://localhost:8443
But none of them worked...
Any tip?
Thank you!
EDIT
Solution:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/tomcat7/server.jks"
keystorePass="changeit" />
I've been able to access to it through https://localhost:8443
You question lacks important details such as tomcat's log and the structure of your keystore. For example, key placed in the keystore can be password protected itself. The port you want to use can be already occupied, etc, etc. There are many things that can go wrong.
In common, I can advise you to keep things as simple as you can.
Try this snippet:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/tomcat7/server.jks"
keystorePass="changeit" />
This question already has answers here:
Deploying my application at the root in Tomcat
(10 answers)
Closed 8 years ago.
I tried to deploy my application file to Tomcat 7. I have successfully deployed them, but I can see my files only under http://example.com:8080/myproject/index. (Assume that my project folder is myproject and my domain is example.com.)
I would like to to access to my domain like this: http://example.com/index.
How can I do that?
ok
I have solved the problem.
in the default server.xml file tag like this,
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
but I have removed that and changed like these
<Host appBase="webapps" name="example.com" unPackWars="true" autoDeploy="true">
<Context path="" docBase="myproject" debug="0" reloadable="true"/>
</Host>
<Host appBase="webapps" name="www.example.com" unPackWars="true" autoDeploy="true">
<Context path="" docBase="myproject" debug="0" reloadable="true"/>
</Host>
and than I have changed
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
like this
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
now it works:)