We have a hybris server behind an apache web server that are linked with ajp connectors. This is working perfectly however for some reason after updating to hybris 5.3 (and tomcat 7) the secure ajp connector is not rendering.
In the hybris tomcat config folder we have this in the server.xml:
${tomcat.connectors.ajp.plain}
which renders on ant clean all to this in the platform server.xml
<Connector protocol="AJP/1.3" port="8009" proxyPort="80" redirectPort="443" />
this works for non secure connections however we need to also render the secure connector:
<Connector protocol="AJP/1.3" port="8010" proxyPort="443" scheme="https" secure="true" />
I could just hard code this into the server.xml but that doesn't seem like the best way to do it. and I can't find where ${tomcat.connectors.ajp.plain} is actually rendered. Is there a similar property somewhere that will render the secure connector using the ports defined in the local.properties?
I'm afraid you have to declare it manually in your server.xml template in the configuration directory.
In actual fact, I prefer to do this for both AJP connectors as the templated one injected by the variable you mention is not very well configured and I have seen significant performance issues as a result. For example the number of threads is not specified and it is not associated with an executor. This means that when under large load, the number of active threads can grow to a silly number and cause the whole thing to fall over.
In fact, below is a snippet of the config/tomcat/conf/server.xml I use, which I have developed over 7 years of working exclusively on Hybris. Not only does it have sensible configurations, it also uses the more performant non-blocking IO protocols.
Hope this helps.
<Executor name="hybrisExecutor"
namePrefix="hybrisHTTP"
maxThreads="${tomcat.maxthreads}"
minSpareThreads="${tomcat.minsparethreads}"
maxIdleTime="${tomcat.maxidletime}"/>
<Connector port="${tomcat.http.port}"
maxHttpHeaderSize="8192"
maxThreads="${tomcat.maxthreads}"
protocol="org.apache.coyote.http11.Http11NioProtocol"
executor="hybrisExecutor"
enableLookups="false"
acceptCount="${tomcat.acceptcount}"
connectionTimeout="20000"
URIEncoding="UTF-8"
disableUploadTimeout="true" />
<Connector port="${tomcat.ssl.port}"
maxHttpHeaderSize="8192"
maxThreads="${tomcat.maxthreads}"
protocol="org.apache.coyote.http11.Http11NioProtocol"
executor="hybrisExecutor"
enableLookups="false"
acceptCount="${tomcat.acceptcount}"
connectionTimeout="20000"
disableUploadTimeout="true"
URIEncoding="UTF-8"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="${catalina.home}/lib/keystore"
keystorePass="123456" />
<!--
We explicitly declare the AJP connectors as we want to separate HTTP and SSL traffic and the default connector setting Hybris provides is not good enough.
-->
<Connector protocol="org.apache.coyote.ajp.AjpNioProtocol"
executor="hybrisExecutor"
enableLookups="false"
acceptCount="${tomcat.acceptcount}"
connectionTimeout="120000"
maxThreads="${tomcat.maxthreads}"
port="${tomcat.ajp.port}"
proxyPort="${proxy.http.port}"
redirectPort="${proxy.ssl.port}"
URIEncoding="UTF-8"
useIPVHosts="${tomcat.ajp.useipv}" />
<Connector protocol="org.apache.coyote.ajp.AjpNioProtocol"
executor="hybrisExecutor"
enableLookups="false"
acceptCount="${tomcat.acceptcount}"
connectionTimeout="120000"
maxThreads="${tomcat.maxthreads}"
port="${tomcat.ajp.secureport}"
proxyPort="${proxy.ssl.port}"
redirectPort="${proxy.http.port}"
scheme="https"
secure="true"
URIEncoding="UTF-8"
useIPVHosts="${tomcat.ajp.useipv}" />
The variables are just properties you declare in local.properties. They are substituted at build time by the ant deploy task when it builds the actual server.xml in the platform tomcat directory.
I think you should try with:
<Connector
protocol="AJP/1.3"
port="8010"
connectionTimeout="20000"
scheme="https"
SSLEnabled="true"
secure="true"
maxThreads="200"
proxyPort="443"/>
Related
I've got a problem setting up my tomcat on linux for secure connection. My servlets work fine for normal http requests, but when changing the server.xml file to https configuration, the servlet is only addressable through the intern IP. I created a .keystore file in my home directory. The fact, that the https connection(after accepting the certificate) works within the intern network makes me believe it is a router related problem (I opend and forwarded port 8443 on my router).
Thanks for any help!
Server.xml:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443"/>
...
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/user/.keystore"
keystorePass="password" />
I am using Tomcat 5.5 & JDK 1.5.0_21. Tomcat 5.5 is successful started. I need to access tomcat in secure mode, but not able to access the application using 'https:localhost' but able to access as 'http:localhost:portno.'.
The SSL settings is as below :
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8080" redirectPort="443"/>
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector URIEncoding="UTF-8" acceptCount="100" clientAuth="false" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile=".keystore" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="443" scheme="https" secure="true" sslProtocol="TLS"/>
Would there be any other server setting issue or browser settings i need to check for ? Please suggest
Thanks in Advance
You have a typo in the SSL configuration.
port="443"
Change it to port="8443"
I have an application that runs on secure channel, I want to configure a secure port. I am adding following connector into my tomcat server.xml file
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" secure="true"
clientAuth="false" />
It connects to server when I hit
https://localhost.com:8443
in browser, but I never get response back, it connects to server forever.
I would really appreciate any help on this.
Thanks.
It is because you configuration is not complete. Take a look at this tutorial:
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
It has to look more like this:
<Connector
protocol="HTTP/1.1"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
Without SSLEnabled="true" there will be no encryption.
I found the issue was due to a webservice was down that my application is depend upon, that is why request were stuck forever.
However the above configuration for configuring fake secure port worked for me.
I have a Tomcat application, I need two different servlets or the same one to respond in parallel to my requests. The case is I have a first request asking to download medical imaging and I have another AJAX client request fetching images before the first request is completely done. But for some reason, the server does not respond to my second request until the first one is over.
What has to be changed in order to achieve concurrent servlets execution? We have a pretty good server with multiple drives, multiple cores. I'm using Tomcat 6. Any ideas to explore would be great.
If that happens it's not about Tomcat. Probably you're using synchronization (implicitly or explicitly) somewhere.
However you can manage thread-pooling expicitly:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
or
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
I.e. you can either specify the number of max threads or use a thread-pool. More information here http://tomcat.apache.org/tomcat-5.5-doc/config/http.html
Can I set timeouts for JSP pages in tomcat either on a per page or server level?
In the Tomcat server.xml file, the Connector element also has a connectionTimeout attribute in milliseconds.
Example:
<Connector
URIEncoding="UTF-8"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxSpareThreads="75"
maxThreads="150"
minSpareThreads="25"
port="7777"
redirectPort="8443" />
For server level, you can try this.
you have to change catalina.bat / catalina.sh file
jvm OPTIONS : -Dsun.net.client.defaultConnectTimeout=60000 -Dsun.net.client.defaultReadTimeout=60000