LinuxQuestions.org
Page 2 of 4 1 2 34
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   apache tomcat webserver (https://www.linuxquestions.org/questions/linux-server-73/apache-tomcat-webserver-4175736126/)

murugesandins 04-24-2024 09:45 AM
1. Always take server.xml backup
2. Sharing my comments at server.xml related to 443 at my localhost:
Code:
<Connector port="7777" protocol="HTTP/1.1"
            connectionTimeout="20000"
            redirectPort="443" />
<Connector port="80" protocol="HTTP/1.1"
          connectionTimeout="20000"
          redirectPort="443" />
    <Connector
                connectionTimeout="20000"
                acceptCount="100"
                scheme="https"
                secure="true"
                clientAuth="false"
                sslProtocol="TLS"
                port="443"
                maxThreads="150"
                protocol="org.apache.coyote.http11.Http11NioProtocol"
                keystoreFile="PATH_TO_KEY_STORE"
                keystorePass="KEY_STORE_PASS"
                keyAlias="KEY_STORE_ALIAS"
                SSLEnabled="true">
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
                <Certificate certificateKeyFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/privkey.pem"
                        certificateFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/cert.pem"
                        certificateChainFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/chain.pem"
                type="RSA" />
        </SSLHostConfig>
    </Connector>
sample code at createcert.sh
Code:
#!/bin/bash
if [[ ! -f localhost-rsa.jks ]]
then
        echo Openssl@123
        /cygdrive/c/PROGRA~2/Jdk17/bin/keytool -genkey -noprompt -alias tomcat-localhost -keyalg RSA -keystore localhost-rsa.jks -keypass Openssl@123 -storepass Openssl@123 -dname "CN=tomcat-cert, OU=GIS, O=GIS, L=Bangalore, ST=Karnataka, C=IN"
fi
/usr/bin/file localhost-rsa.jks
if [[ ! -f privkey.pem.rsa.key ]]
then
        echo Openssl@123
        echo Openssl@123
        /usr/bin/openssl rsa -in privkey.pem -out privkey.pem.rsa.key
fi
/usr/bin/file privkey.pem.rsa.key
if [[ ! -f privkey.pkcs1.pem ]]
then
        echo Openssl@123
        /usr/bin/openssl rsa -in privkey.pem -out privkey.pkcs1.pem
fi
/usr/bin/file privkey.pkcs1.pem
if [[ ! -f cert.pem ]]
then
        echo IN
        echo Bangalore
        echo Karnataka
        echo GIS
        echo GIS
        echo 127.0.0.1
        echo murugesangct@gmail.com
        /usr/bin/openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout privkey.pem -out cert.pem
fi
/usr/bin/file cert.pem
if [[ ! -f cert.pem ]]
then
        echo Openssl@123
        /usr/bin/openssl crl2pkcs7 -nocrl -certfile cert.pem
fi
/usr/bin/file cert.pem
Sample code I am using for wget at my localhost:
Code:
$ type wget
wget is aliased to `/home/murugesandins/MyWget'
$ cat /home/murugesandins/MyWget
#!/bin/bash
LOGNAME=$USERNAME
if [[ ! -f /usr/bin/wget ]]
then
        /cygdrive/c/WINDOWS/system32/tasklist.exe 2>&1 |\
        /usr/bin/tr -d "\r" 2>&1 |\
        /usr/bin/grep setup-x86_64.exe
        Ret=$?
        if [ 0 -ne $REt ]
        then
                echo "Install wget using"
                echo "~/setup-x86_64.exe --no-admin >/dev/null 2>&1 &"
        else
                echo "wait for"
                echo "setup-x86_64.exe to complete installation"
        fi
else
        unalias HandleWget >/dev/null 2>&1
        unset -f HandleWget
        HandleWget ()
        {
                if [ "xterm" = "$TERM" ]
                then
                        echo -ne "\033[H\033[J"
                fi
                PREVDIR="$PWD"
                echo "cd /cygdrive/c/Users/$LOGNAME/Downloads"
                cd /cygdrive/c/Users/$LOGNAME/Downloads
                if [[ 0 -ne $# ]]
                then
                        if [[ 3 -eq $# ]]
                        then
                                echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget -c --no-check-certificate \"$1\" $2 \"$3\"\n"
                                /usr/bin/wget -c --no-check-certificate "$1" "$2" "$3"
                        elif [[ 2 -eq $# ]]
                        then
                                echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget -c --no-check-certificate \"$1\" \"$2\"\n"
                                /usr/bin/wget -c --no-check-certificate "$1" $2
                        else
                                echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget -c --no-check-certificate \"$1\"\n"
                                cd /cygdrive/c/Users/$LOGNAME/Downloads
                                /usr/bin/wget -c --no-check-certificate "$1"
                        fi
                else
                        echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget\n"
                        /usr/bin/wget
                fi
                cd "$PREVDIR"
                Ret=$?
                return $Ret
        }
        if [ 0 -eq $# ]
        then
                HandleWget
        else
                HandleWget $@
        fi
fi
Related to
Quote:
8443 and 443 are two different ports.
I have shared my way of using different ports at https.
You can try the same way at your system(after taking the backup of server.xml.
I have tried following way at windows:
Code:
C:\>set misint=http://127.0.0.1/mis_interest_valid_Dates.html
C:\>echo firefox.exe %misint%
firefox.exe http://127.0.0.1/mis_interest_valid_Dates.html
C:\>firefox.exe %misint%
This is opening following url:
https://127.0.0.1/mis_interest_valid_Dates.html
Click Advanced => Click Accept the Risk and Continue to open above url at localhost.
Hence you too can perform same kind of testing by modifying/creating required related crt/pem/... files including the backup of server.xml file.
Always restart the server and check lsof/netstat -nato using related automated script.
I am not using httpd.conf and not apache
I am using:
Code:
$ cd apache-tomcat-11.0.0-M19/
$ ./bin/shutdown.sh >/dev/null 2>&1
$ ./bin/startup.sh >/dev/null 2>&1
$ c;netstat -nato | grep -E "9144|7777|Address|443|8080|8443" | grep -v TIME_WAIT | grep -v CLOSE_WAIT | grep -v ESTABLISHED
  Proto  Local Address          Foreign Address        State          PID      Offload State
  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING      2100    InHost
  TCP    0.0.0.0:7777          0.0.0.0:0              LISTENING      2100    InHost
  TCP    [::]:443              [::]:0                LISTENING      2100    InHost
  TCP    [::]:7777              [::]:0                LISTENING      2100    InHost
$ lsof -i:443
java.exe        2100          Services 0 181096 K PORT: 443  7777  80  9090
java.exe        2100          Services 0 181096 K PORT: 443  7777  80  9090
$ lsof -i:7777
java.exe        2100          Services 0 181096 K PORT: 443  7777  80  9090
java.exe        2100          Services 0 181096 K PORT: 443  7777  80  9090
$ grep "redirectPort=\"443\"" conf/server.xml
                redirectPort="443" />
              redirectPort="443" />
$ grep "7777" conf/server.xml
        Define a non-SSL/TLS HTTP/1.1 Connector on port 7777
    <Connector port="7777" protocol="HTTP/1.1"

sag2662 04-25-2024 08:44 AM
Quote:
Originally Posted by murugesandins (Post 6498064)
1. Always take server.xml backup
2. Sharing my comments at server.xml related to 443 at my localhost:
Code:
<Connector port="7777" protocol="HTTP/1.1"
            connectionTimeout="20000"
            redirectPort="443" />
<Connector port="80" protocol="HTTP/1.1"
          connectionTimeout="20000"
          redirectPort="443" />
    <Connector
                connectionTimeout="20000"
                acceptCount="100"
                scheme="https"
                secure="true"
                clientAuth="false"
                sslProtocol="TLS"
                port="443"
                maxThreads="150"
                protocol="org.apache.coyote.http11.Http11NioProtocol"
                keystoreFile="PATH_TO_KEY_STORE"
                keystorePass="KEY_STORE_PASS"
                keyAlias="KEY_STORE_ALIAS"
                SSLEnabled="true">
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
                <Certificate certificateKeyFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/privkey.pem"
                        certificateFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/cert.pem"
                        certificateChainFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/chain.pem"
                type="RSA" />
        </SSLHostConfig>
    </Connector>
sample code at createcert.sh
Code:
#!/bin/bash
if [[ ! -f localhost-rsa.jks ]]
then
        echo Openssl@123
        /cygdrive/c/PROGRA~2/Jdk17/bin/keytool -genkey -noprompt -alias tomcat-localhost -keyalg RSA -keystore localhost-rsa.jks -keypass Openssl@123 -storepass Openssl@123 -dname "CN=tomcat-cert, OU=GIS, O=GIS, L=Bangalore, ST=Karnataka, C=IN"
fi
/usr/bin/file localhost-rsa.jks
if [[ ! -f privkey.pem.rsa.key ]]
then
        echo Openssl@123
        echo Openssl@123
        /usr/bin/openssl rsa -in privkey.pem -out privkey.pem.rsa.key
fi
/usr/bin/file privkey.pem.rsa.key
if [[ ! -f privkey.pkcs1.pem ]]
then
        echo Openssl@123
        /usr/bin/openssl rsa -in privkey.pem -out privkey.pkcs1.pem
fi
/usr/bin/file privkey.pkcs1.pem
if [[ ! -f cert.pem ]]
then
        echo IN
        echo Bangalore
        echo Karnataka
        echo GIS
        echo GIS
        echo 127.0.0.1
        echo murugesangct@gmail.com
        /usr/bin/openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout privkey.pem -out cert.pem
fi
/usr/bin/file cert.pem
if [[ ! -f cert.pem ]]
then
        echo Openssl@123
        /usr/bin/openssl crl2pkcs7 -nocrl -certfile cert.pem
fi
/usr/bin/file cert.pem
Sample code I am using for wget at my localhost:
Code:
$ type wget
wget is aliased to `/home/murugesandins/MyWget'
$ cat /home/murugesandins/MyWget
#!/bin/bash
LOGNAME=$USERNAME
if [[ ! -f /usr/bin/wget ]]
then
        /cygdrive/c/WINDOWS/system32/tasklist.exe 2>&1 |\
        /usr/bin/tr -d "\r" 2>&1 |\
        /usr/bin/grep setup-x86_64.exe
        Ret=$?
        if [ 0 -ne $REt ]
        then
                echo "Install wget using"
                echo "~/setup-x86_64.exe --no-admin >/dev/null 2>&1 &"
        else
                echo "wait for"
                echo "setup-x86_64.exe to complete installation"
        fi
else
        unalias HandleWget >/dev/null 2>&1
        unset -f HandleWget
        HandleWget ()
        {
                if [ "xterm" = "$TERM" ]
                then
                        echo -ne "\033[H\033[J"
                fi
                PREVDIR="$PWD"
                echo "cd /cygdrive/c/Users/$LOGNAME/Downloads"
                cd /cygdrive/c/Users/$LOGNAME/Downloads
                if [[ 0 -ne $# ]]
                then
                        if [[ 3 -eq $# ]]
                        then
                                echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget -c --no-check-certificate \"$1\" $2 \"$3\"\n"
                                /usr/bin/wget -c --no-check-certificate "$1" "$2" "$3"
                        elif [[ 2 -eq $# ]]
                        then
                                echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget -c --no-check-certificate \"$1\" \"$2\"\n"
                                /usr/bin/wget -c --no-check-certificate "$1" $2
                        else
                                echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget -c --no-check-certificate \"$1\"\n"
                                cd /cygdrive/c/Users/$LOGNAME/Downloads
                                /usr/bin/wget -c --no-check-certificate "$1"
                        fi
                else
                        echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget\n"
                        /usr/bin/wget
                fi
                cd "$PREVDIR"
                Ret=$?
                return $Ret
        }
        if [ 0 -eq $# ]
        then
                HandleWget
        else
                HandleWget $@
        fi
fi
Related to

I have shared my way of using different ports at https.
You can try the same way at your system(after taking the backup of server.xml.
I have tried following way at windows:
Code:
C:\>set misint=http://127.0.0.1/mis_interest_valid_Dates.html
C:\>echo firefox.exe %misint%
firefox.exe http://127.0.0.1/mis_interest_valid_Dates.html
C:\>firefox.exe %misint%
This is opening following url:
https://127.0.0.1/mis_interest_valid_Dates.html
Click Advanced => Click Accept the Risk and Continue to open above url at localhost.
Hence you too can perform same kind of testing by modifying/creating required related crt/pem/... files including the backup of server.xml file.
Always restart the server and check lsof/netstat -nato using related automated script.
I am not using httpd.conf and not apache
I am using:
Code:
$ cd apache-tomcat-11.0.0-M19/
$ ./bin/shutdown.sh >/dev/null 2>&1
$ ./bin/startup.sh >/dev/null 2>&1
$ c;netstat -nato | grep -E "9144|7777|Address|443|8080|8443" | grep -v TIME_WAIT | grep -v CLOSE_WAIT | grep -v ESTABLISHED
  Proto  Local Address          Foreign Address        State          PID      Offload State
  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING      2100    InHost
  TCP    0.0.0.0:7777          0.0.0.0:0              LISTENING      2100    InHost
  TCP    [::]:443              [::]:0                LISTENING      2100    InHost
  TCP    [::]:7777              [::]:0                LISTENING      2100    InHost
$ lsof -i:443
java.exe        2100          Services 0 181096 K PORT: 443  7777  80  9090
java.exe        2100          Services 0 181096 K PORT: 443  7777  80  9090
$ lsof -i:7777
java.exe        2100          Services 0 181096 K PORT: 443  7777  80  9090
java.exe        2100          Services 0 181096 K PORT: 443  7777  80  9090
$ grep "redirectPort=\"443\"" conf/server.xml
                redirectPort="443" />
              redirectPort="443" />
$ grep "7777" conf/server.xml
        Define a non-SSL/TLS HTTP/1.1 Connector on port 7777
    <Connector port="7777" protocol="HTTP/1.1"

I tried changing server.xml with your setup but now none of the urls are working.

murugesandins 04-25-2024 07:38 PM
Copying my server.xml wont work at your environment.
Reason:
Code:
$ grep C: server.xml
                <Certificate certificateKeyFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/privkey.pem"
                        certificateFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/cert.pem"
                        certificateChainFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/chain.pem"
$ grep css server.xml
  <url-pattern>/css/*</url-pattern>
$ grep -i port server.xml  | grep -v -E "<!"
<Server port="9090" shutdown="SHUTDOWN">
        Define a non-SSL/TLS HTTP/1.1 Connector on port 7777
    <Connector port="7777" protocol="HTTP/1.1"
                redirectPort="443" />
    <Connector port="80" protocol="HTTP/1.1"
              redirectPort="443" />
              port="1234" protocol="HTTP/1.1"
              redirectPort="8443" />
                port="443"
              port="8009"
              redirectPort="8443" />
$ type grep
grep is aliased to `/usr/bin/egrep -E'
I have created pem/crt/jks files using my own createcert.sh file which was given earlier.
You reset your server.xml to your original server.xml file
Send me output of:
Code:
$ cat server.xml
$# full content for me to try the same here at windows. Today I need to provide my vote. Hence today I am BUSY (BelahBath_Food and travel).
$ lsof -i:YourPortNumber
Assume that the process id of your port number which is there at listening mode is:
abcd
Code:
$ lsof -p abcd
After obtaining your file, I need to modify your file based on my localhost files
I will try the same tomorrow at my cygwin at localhost.
If that is working here I will inform you diff your_server.xml and my_server.xml files.

sag2662 04-26-2024 04:12 AM
Here is my server.xml file
Code:
<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- Note:  A "Server" is not itself a "Container", so you may not
    define subcomponents such as "Valves" at this level.
    Documentation at /docs/config/server.html
 -->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!-- APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <!-- Global JNDI resources
      Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
        UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <!-- A "Service" is a collection of one or more "Connectors" that share
      a single "Container" Note:  A "Service" is not itself a "Container",
      so you may not define subcomponents such as "Valves" at this level.
      Documentation at /docs/config/service.html
  -->
  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->


    <!-- A "Connector" represents an endpoint by which requests are received
        and responses are returned. Documentation at :
        HTTP Connector: /docs/config/http.html
        AJP  Connector: /docs/config/ajp.html
        Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
    -->
    <Connector port="8080" protocol="HTTP/1.1"
              connectionTimeout="20000"
              redirectPort="8443"
              maxParameterCount="1000"
              />
    -->
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
              port="8080" protocol="HTTP/1.1"
              connectionTimeout="20000"
              redirectPort="8443"
              maxParameterCount="1000"
              />
    -->
    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
        This connector uses the NIO implementation. The default
        SSLImplementation will depend on the presence of the APR/native
        library and the useOpenSSL attribute of the AprLifecycleListener.
        Either JSSE or OpenSSL style configuration may be used regardless of
        the SSLImplementation selected. JSSE style configuration is used below.
    -->

    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
              maxThreads="150" SSLEnabled="true"
              maxParameterCount="1000"
              >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
                <Certificate
                        certificateKeystoreFile="/path/to/cert"
                        certificateKeystorePassword="passwd"
                        type="RSA"
                />
        </SSLHostConfig>
    </Connector>

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--
    <Connector protocol="AJP/1.3"
              address="::1"
              port="8009"
              redirectPort="8443"
              maxParameterCount="1000"
              />
    -->

    <!-- An Engine represents the entry point (within Catalina) that processes
        every request.  The Engine implementation for Tomcat stand alone
        analyzes the HTTP headers included with the request, and passes them
        on to the appropriate Host (virtual host).
        Documentation at /docs/config/engine.html -->

    <!-- You should set jvmRoute to support load-balancing via AJP ie :
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
    -->
    <Engine name="Catalina" defaultHost="localhost">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
          via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
            resources under the key "UserDatabase".  Any edits
            that are performed against this UserDatabase are immediately
            available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
              resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
            Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
            Documentation at: /docs/config/valve.html
            Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
              prefix="localhost_access_log" suffix=".txt"
              pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>
Code:
lsof -p 443
COMMAND  PID USER  FD      TYPE DEVICE SIZE/OFF NODE NAME
ksoftd 443 root  cwd      DIR  253,0    4096    2 /
ksoftd 443 root  rtd      DIR  253,0    4096    2 /
ksoftd 443 root  txt  unknown                      /proc/443/exe
Thanks for your time. Hopefully we find a solution

murugesandins 04-27-2024 08:21 AM
I have performed following steps:
1. Copied your server.xml file and made following changes to your file and MY FILE:
a. Remove all blank lines.
b. Remove all commented lines.
2. I modified following lines to your file:
Replace:
Code:
...
    -->
    <Connector port="8080" protocol="HTTP/1.1"
              connectionTimeout="20000"
              redirectPort="8443"
              maxParameterCount="1000"
              />
    -->
With:
Code:
...
    -->
    <Connector port="8080" protocol="HTTP/1.1"
              connectionTimeout="20000"
              redirectPort="8443"
              maxParameterCount="1000"
              />
<!--
murugesandins
    -->
3. Next change:
Replace:
Code:
                <Certificate
                        certificateKeystoreFile="/path/to/cert"
                        certificateKeystorePassword="passwd"
                        type="RSA"
                />
With:
Code:
        <!--
                <Certificate
                        certificateKeystoreFile="/path/to/cert"
                        certificateKeystorePassword="passwd"
                        type="RSA"
                />
        -->
                <Certificate certificateKeyFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/privkey.pem"
                        certificateFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/cert.pem"
                        certificateChainFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/chain.pem"
                        type="RSA" />
After this I am able to access my localhost.
Test results:
Code:
Assume that my hostname is MURUGESAN_OPENSSL
        http://127.0.0.1:80                        => automatically redirecting to https://127.0.0.1
        https://127.0.0.1:443                => automatically redirecting to https://127.0.0.1
        https://MURUGESAN_OPENSSL                => automatically redirecting to https://murugesan_openssl
        https://MURUGESAN_OPENSSL:443        => automatically redirecting to https://murugesan_openssl
a. Hence you need to change missing --> tag
b. Validate the path /path/to/cert
c. Validate related password you have given for certificateKeystorePassword
Code:
$ ../bin/shutdown.sh >/dev/null 2>&1
$ ../bin/startup.sh >/dev/null 2>&1
$ lsof -i:443
java.exe        6920          Services 0 126868 K PORT: 443  80  8005  8080
java.exe        6920          Services 0 126868 K PORT: 443  80  8005  8080
$ # CYGWIN_NT do not have lsof hence I am using /cygdrive/c/Windows/System32/netstat.exe and /cygdrive/c/Windows/System32/tasklist.exe at windows.
$ type lsof
lsof is hashed (/home/murugesandins/lsof)
I have given sample createcert.sh file earlier.

sag2662 04-27-2024 04:06 PM
Quote:
Originally Posted by murugesandins (Post 6498524)
I have performed following steps:
1. Copied your server.xml file and made following changes to your file and MY FILE:
a. Remove all blank lines.
b. Remove all commented lines.
2. I modified following lines to your file:
Replace:
Code:
...
    -->
    <Connector port="8080" protocol="HTTP/1.1"
              connectionTimeout="20000"
              redirectPort="8443"
              maxParameterCount="1000"
              />
    -->
With:
Code:
...
    -->
    <Connector port="8080" protocol="HTTP/1.1"
              connectionTimeout="20000"
              redirectPort="8443"
              maxParameterCount="1000"
              />
<!--
murugesandins
    -->
3. Next change:
Replace:
Code:
                <Certificate
                        certificateKeystoreFile="/path/to/cert"
                        certificateKeystorePassword="passwd"
                        type="RSA"
                />
With:
Code:
        <!--
                <Certificate
                        certificateKeystoreFile="/path/to/cert"
                        certificateKeystorePassword="passwd"
                        type="RSA"
                />
        -->
                <Certificate certificateKeyFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/privkey.pem"
                        certificateFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/cert.pem"
                        certificateChainFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/chain.pem"
                        type="RSA" />
After this I am able to access my localhost.
Test results:
Code:
Assume that my hostname is MURUGESAN_OPENSSL
        http://127.0.0.1:80                        => automatically redirecting to https://127.0.0.1
        https://127.0.0.1:443                => automatically redirecting to https://127.0.0.1
        https://MURUGESAN_OPENSSL                => automatically redirecting to https://murugesan_openssl
        https://MURUGESAN_OPENSSL:443        => automatically redirecting to https://murugesan_openssl
a. Hence you need to change missing --> tag
b. Validate the path /path/to/cert
c. Validate related password you have given for certificateKeystorePassword
Code:
$ ../bin/shutdown.sh >/dev/null 2>&1
$ ../bin/startup.sh >/dev/null 2>&1
$ lsof -i:443
java.exe        6920          Services 0 126868 K PORT: 443  80  8005  8080
java.exe        6920          Services 0 126868 K PORT: 443  80  8005  8080
$ # CYGWIN_NT do not have lsof hence I am using /cygdrive/c/Windows/System32/netstat.exe and /cygdrive/c/Windows/System32/tasklist.exe at windows.
$ type lsof
lsof is hashed (/home/murugesandins/lsof)
I have given sample createcert.sh file earlier.
I am using internal certificate and not using any scripts here. Also, lsof -i:443doesnlt list anything on my server

murugesandins 04-28-2024 03:57 AM
I need to know your comment on:
1)
Any comment starts using:
<!-- ... -->
or
<!-- ...
-->
Have you verified all open tags <!-- having related valid --> closing tag ?
Have you verified all close tags --> having related valid <!-- opening tag ?
2)
I need to know output of:
ls -ltrd /path/to/cert /path/to/cert/* 2>/dev/null
3)
your file was having:
>> certificateKeystorePassword="passwd"
is it valid password ?
have you verified that password if valid or not ?
4)
Have you made the changes like the way I performed changes in your file and I performed test at my localhost which was working fine.

>> I am not writing these statements like a supervisor comment.
I am writing these comments using a smile way :)
>> you can under stand my comments based on my last statement here :))

murugesandins 04-28-2024 04:01 AM
if you need help online, you can use
https://teams.microsoft.com
I am busy at other work today.

murugesandins 04-29-2024 05:50 AM
Have you verified all <!-- ...
comments
ending with -->
?

sag2662 04-29-2024 06:16 AM
Quote:
Originally Posted by murugesandins (Post 6498832)
Have you verified all <!-- ...
comments
ending with -->
?
Hi, Thanks for your time. After changing the file with <!-- ...
comments
ending with -->
I am unable to restart the tomcat service, it got stuck. I rolled back to original file
The password to the certificate seems to be valid.

Also I can clearly see from lsof -i:8080 --> the hostname is listening and hence redirection from 8080 -->8443 is working. But 443 is not listening

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 114822 towl 44u IPv6 3087432 0t0 TCP hostname:webcache (LISTEN)

murugesandins 04-29-2024 08:00 AM
Quote:
After changing the file with <!-- ...
comments
ending with -->
sorry for asking :( :) => for my fun
I need to validate your updated server.xml file.
can you cat updated xml file for me to validate <!-- ... -->
Example usage of my cat.exe command and pasting at linuxquestions.org:
1. Open textpad.exe
2. Open murugesandins@127.0.0.1 using putty.exe
(one way)
after logon Using putty.exe => Change settings => Session => Logging => Enable all session output
Log file name => C:\Users\murugesandins\cygwin\home\murugesandins\&H_&M_&Y_&T.txt
3)
inside putty.exe
/usr/bin/cat.exe server.xml
4)
disable(None) logging at change settings of putty.exe
5)
copy log file content and I have saved that content as delete.txt
Code:
$ /usr/bin/diff.exe server.xml delete.txt;echo $?
0
Hence I need the similar way of the content of your server.xml file.
After obtaining your server.xml file I can provide updated server.xml file to test at your system.

sag2662 04-29-2024 10:12 AM
Hi, this chain is getting more and more pages and I have been posting server.xml repeatedly and ofcourse yours too with solutions and suggesetions, Is there anyotherway to connect

Code:
<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!-- APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">

    -->
    <Connector port="8080" protocol="HTTP/1.1"
              connectionTimeout="20000"
              redirectPort="8443"
              maxParameterCount="1000"
              />
    <!--
   
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
              maxThreads="150" SSLEnabled="true"
              scheme="https" secure="true"
              maxParameterCount="1000"
              >
        <SSLHostConfig>
        <!--
                <Certificate
                        certificateKeystoreFile="/path/to/cert"
                        certificateKeystorePassword="passwd"
                        type="RSA"
                />
        -->
        </SSLHostConfig>
    </Connector>

    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
              resourceName="UserDatabase"/>
      </Realm>

      </Host>
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
              prefix="localhost_access_log" suffix=".txt"
              pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>
Also when i try to shutdown I had the below error.

Code:
Using CATALINA_OPTS:  --add-exports java.base/jdk.internal.ref=ALL-UNNAMED --add-exports java.base/jdk.internal.misc=ALL-UNNAMED --add-exports java.base/sun.nio.ch=ALL-UNNAMED
Apr 29, 2024 4:58:43 PM org.apache.catalina.startup.Catalina stopServer
SEVERE: Could not contact [localhost:8005] (base port [8005] and offset [0]). Tomcat may not be running.
Apr 29, 2024 4:58:43 PM org.apache.catalina.startup.Catalina stopServer
SEVERE: Error stopping Catalina
java.net.ConnectException: Connection refused

murugesandins 04-29-2024 10:31 AM
a) I always use vim instead of using vi
b) content of ~/.vimrc file:
Code:
$ /usr/bin/cat.exe ~/.vimrc
set nu
syntax on
You also use vim to view any exception inside server.xml file.

Your fifth tag is missing close tag
OR
fifth starting tag added by mistake.
Code:
    <!--
    START TAG 01
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
              maxThreads="150" SSLEnabled="true"
              scheme="https" secure="true"
              maxParameterCount="1000"
              >
        <SSLHostConfig>
        <!--
    START TAG 02
                <Certificate
                        certificateKeystoreFile="/path/to/cert"
                        certificateKeystorePassword="passwd"
                        type="RSA"
                />
    CLOSE TAG 02
        -->
        </SSLHostConfig>
    </Connector>
...where is CLOSE TAG 01 ?
search murugesandins inside server.xml
Valid01 content of server.xml
<!-- count = seven
--> count = seven
Code:
<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!-- APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">
        <!-- murugesandins missing start tag here
    -->
    <Connector port="8080" protocol="HTTP/1.1"
              connectionTimeout="20000"
              redirectPort="8443"
              maxParameterCount="1000"
              />
    <!-- murugesandins REMOVE THIS CLOSE TAG -->
   
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
              maxThreads="150" SSLEnabled="true"
              scheme="https" secure="true"
              maxParameterCount="1000"
              >
        <SSLHostConfig>
        <!--
                <Certificate
                        certificateKeystoreFile="/path/to/cert"
                        certificateKeystorePassword="passwd"
                        type="RSA"
                />
        -->
        </SSLHostConfig>
    </Connector>

    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
              resourceName="UserDatabase"/>
      </Realm>

      </Host>
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
              prefix="localhost_access_log" suffix=".txt"
              pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>
OR
search murugesandins inside server.xml
Valid02 content of server.xml
<!-- count = six
--> count = six
Code:
<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!-- APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">

    <!-- murugesandins added missing start tag -->
    <Connector port="8080" protocol="HTTP/1.1"
              connectionTimeout="20000"
              redirectPort="8443"
              maxParameterCount="1000"
              />
    <!--
   
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
              maxThreads="150" SSLEnabled="true"
              scheme="https" secure="true"
              maxParameterCount="1000"
              >
        <SSLHostConfig>
        murugesandins removed intermediate start tag here
                <Certificate
                        certificateKeystoreFile="/path/to/cert"
                        certificateKeystorePassword="passwd"
                        type="RSA"
                />
        -->
        </SSLHostConfig>
    </Connector>

    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
              resourceName="UserDatabase"/>
      </Realm>

      </Host>
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
              prefix="localhost_access_log" suffix=".txt"
              pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>
Hence I have informed to use valid count of opening and closing tags.
<!-- open tag
--> close tag

Quote:
Tomcat may not be running....
These kind of errors happens when doing following mistake:
I have
a) started tomcat server
b) taken backup of server.xml
c) modified server.xml for testing
d) performed shutdown using modified server.xml

Hence start and shutdown need to use same server.xml file

sag2662 04-30-2024 02:32 AM
Hi I took the valid xml files provided by you and restarted tomcat server, Now lost connections to both the urls https://server:8443/ https://example.com:8443/.
As i mentioned in my previous ports it just not work with out port which is 443 may be? I will check whats the problem with the port

murugesandins 04-30-2024 04:15 AM
other errors error here too on using your file for my testing.
you need to analyze log files
Example:
Code:
$ cd /home/Murugesan/Din_Back/apache-tomcat-11.0.0-M19/conf
$ grep -i error ../logs/catalina.2024-04-30.log


All times are GMT -5. The time now is 11:10 PM.
Page 2 of 4 1 2 34
Show 50 post(s) from this thread on one page