Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
#!/bin/bash
if [[ ! -f localhost-rsa.jks ]]
then
echo Openssl@123
/cygdrive/c/PROGRA~2/Jdk17/bin/keytool -genkey -noprompt -alias tomcat-localhost -keyalg RSA -keystore localhost-rsa.jks -keypass Openssl@123 -storepass Openssl@123 -dname "CN=tomcat-cert, OU=GIS, O=GIS, L=Bangalore, ST=Karnataka, C=IN"
fi
/usr/bin/file localhost-rsa.jks
if [[ ! -f privkey.pem.rsa.key ]]
then
echo Openssl@123
echo Openssl@123
/usr/bin/openssl rsa -in privkey.pem -out privkey.pem.rsa.key
fi
/usr/bin/file privkey.pem.rsa.key
if [[ ! -f privkey.pkcs1.pem ]]
then
echo Openssl@123
/usr/bin/openssl rsa -in privkey.pem -out privkey.pkcs1.pem
fi
/usr/bin/file privkey.pkcs1.pem
if [[ ! -f cert.pem ]]
then
echo IN
echo Bangalore
echo Karnataka
echo GIS
echo GIS
echo 127.0.0.1
echo murugesangct@gmail.com
/usr/bin/openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout privkey.pem -out cert.pem
fi
/usr/bin/file cert.pem
if [[ ! -f cert.pem ]]
then
echo Openssl@123
/usr/bin/openssl crl2pkcs7 -nocrl -certfile cert.pem
fi
/usr/bin/file cert.pem
Sample code I am using for wget at my localhost:
Code:
$ type wget
wget is aliased to `/home/murugesandins/MyWget'
$ cat /home/murugesandins/MyWget
#!/bin/bash
LOGNAME=$USERNAME
if [[ ! -f /usr/bin/wget ]]
then
/cygdrive/c/WINDOWS/system32/tasklist.exe 2>&1 |\
/usr/bin/tr -d "\r" 2>&1 |\
/usr/bin/grep setup-x86_64.exe
Ret=$?
if [ 0 -ne $REt ]
then
echo "Install wget using"
echo "~/setup-x86_64.exe --no-admin >/dev/null 2>&1 &"
else
echo "wait for"
echo "setup-x86_64.exe to complete installation"
fi
else
unalias HandleWget >/dev/null 2>&1
unset -f HandleWget
HandleWget ()
{
if [ "xterm" = "$TERM" ]
then
echo -ne "\033[H\033[J"
fi
PREVDIR="$PWD"
echo "cd /cygdrive/c/Users/$LOGNAME/Downloads"
cd /cygdrive/c/Users/$LOGNAME/Downloads
if [[ 0 -ne $# ]]
then
if [[ 3 -eq $# ]]
then
echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget -c --no-check-certificate \"$1\" $2 \"$3\"\n"
/usr/bin/wget -c --no-check-certificate "$1" "$2" "$3"
elif [[ 2 -eq $# ]]
then
echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget -c --no-check-certificate \"$1\" \"$2\"\n"
/usr/bin/wget -c --no-check-certificate "$1" $2
else
echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget -c --no-check-certificate \"$1\"\n"
cd /cygdrive/c/Users/$LOGNAME/Downloads
/usr/bin/wget -c --no-check-certificate "$1"
fi
else
echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget\n"
/usr/bin/wget
fi
cd "$PREVDIR"
Ret=$?
return $Ret
}
if [ 0 -eq $# ]
then
HandleWget
else
HandleWget $@
fi
fi
Related to
Quote:
8443 and 443 are two different ports.
I have shared my way of using different ports at https.
You can try the same way at your system(after taking the backup of server.xml.
I have tried following way at windows:
This is opening following url: https://127.0.0.1/mis_interest_valid_Dates.html
Click Advanced => Click Accept the Risk and Continue to open above url at localhost.
Hence you too can perform same kind of testing by modifying/creating required related crt/pem/... files including the backup of server.xml file.
Always restart the server and check lsof/netstat -nato using related automated script.
I am not using httpd.conf and not apache
I am using:
#!/bin/bash
if [[ ! -f localhost-rsa.jks ]]
then
echo Openssl@123
/cygdrive/c/PROGRA~2/Jdk17/bin/keytool -genkey -noprompt -alias tomcat-localhost -keyalg RSA -keystore localhost-rsa.jks -keypass Openssl@123 -storepass Openssl@123 -dname "CN=tomcat-cert, OU=GIS, O=GIS, L=Bangalore, ST=Karnataka, C=IN"
fi
/usr/bin/file localhost-rsa.jks
if [[ ! -f privkey.pem.rsa.key ]]
then
echo Openssl@123
echo Openssl@123
/usr/bin/openssl rsa -in privkey.pem -out privkey.pem.rsa.key
fi
/usr/bin/file privkey.pem.rsa.key
if [[ ! -f privkey.pkcs1.pem ]]
then
echo Openssl@123
/usr/bin/openssl rsa -in privkey.pem -out privkey.pkcs1.pem
fi
/usr/bin/file privkey.pkcs1.pem
if [[ ! -f cert.pem ]]
then
echo IN
echo Bangalore
echo Karnataka
echo GIS
echo GIS
echo 127.0.0.1
echo murugesangct@gmail.com
/usr/bin/openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout privkey.pem -out cert.pem
fi
/usr/bin/file cert.pem
if [[ ! -f cert.pem ]]
then
echo Openssl@123
/usr/bin/openssl crl2pkcs7 -nocrl -certfile cert.pem
fi
/usr/bin/file cert.pem
Sample code I am using for wget at my localhost:
Code:
$ type wget
wget is aliased to `/home/murugesandins/MyWget'
$ cat /home/murugesandins/MyWget
#!/bin/bash
LOGNAME=$USERNAME
if [[ ! -f /usr/bin/wget ]]
then
/cygdrive/c/WINDOWS/system32/tasklist.exe 2>&1 |\
/usr/bin/tr -d "\r" 2>&1 |\
/usr/bin/grep setup-x86_64.exe
Ret=$?
if [ 0 -ne $REt ]
then
echo "Install wget using"
echo "~/setup-x86_64.exe --no-admin >/dev/null 2>&1 &"
else
echo "wait for"
echo "setup-x86_64.exe to complete installation"
fi
else
unalias HandleWget >/dev/null 2>&1
unset -f HandleWget
HandleWget ()
{
if [ "xterm" = "$TERM" ]
then
echo -ne "\033[H\033[J"
fi
PREVDIR="$PWD"
echo "cd /cygdrive/c/Users/$LOGNAME/Downloads"
cd /cygdrive/c/Users/$LOGNAME/Downloads
if [[ 0 -ne $# ]]
then
if [[ 3 -eq $# ]]
then
echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget -c --no-check-certificate \"$1\" $2 \"$3\"\n"
/usr/bin/wget -c --no-check-certificate "$1" "$2" "$3"
elif [[ 2 -eq $# ]]
then
echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget -c --no-check-certificate \"$1\" \"$2\"\n"
/usr/bin/wget -c --no-check-certificate "$1" $2
else
echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget -c --no-check-certificate \"$1\"\n"
cd /cygdrive/c/Users/$LOGNAME/Downloads
/usr/bin/wget -c --no-check-certificate "$1"
fi
else
echo -ne "\033[33m$LOGNAME@$IPv4 \033[32m$PWD \033[0m[ $? ]\n$ /usr/bin/wget\n"
/usr/bin/wget
fi
cd "$PREVDIR"
Ret=$?
return $Ret
}
if [ 0 -eq $# ]
then
HandleWget
else
HandleWget $@
fi
fi
Related to
I have shared my way of using different ports at https.
You can try the same way at your system(after taking the backup of server.xml.
I have tried following way at windows:
This is opening following url: https://127.0.0.1/mis_interest_valid_Dates.html
Click Advanced => Click Accept the Risk and Continue to open above url at localhost.
Hence you too can perform same kind of testing by modifying/creating required related crt/pem/... files including the backup of server.xml file.
Always restart the server and check lsof/netstat -nato using related automated script.
I am not using httpd.conf and not apache
I am using:
Copying my server.xml wont work at your environment.
Reason:
Code:
$ grep C: server.xml
<Certificate certificateKeyFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/privkey.pem"
certificateFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/cert.pem"
certificateChainFile="C:/Users/murugesandins/cygwin/home/murugesandins/apache-tomcat-11.0.0-M19/conf/chain.pem"
$ grep css server.xml
<url-pattern>/css/*</url-pattern>
$ grep -i port server.xml | grep -v -E "<!"
<Server port="9090" shutdown="SHUTDOWN">
Define a non-SSL/TLS HTTP/1.1 Connector on port 7777
<Connector port="7777" protocol="HTTP/1.1"
redirectPort="443" />
<Connector port="80" protocol="HTTP/1.1"
redirectPort="443" />
port="1234" protocol="HTTP/1.1"
redirectPort="8443" />
port="443"
port="8009"
redirectPort="8443" />
$ type grep
grep is aliased to `/usr/bin/egrep -E'
I have created pem/crt/jks files using my own createcert.sh file which was given earlier.
You reset your server.xml to your original server.xml file
Send me output of:
Code:
$ cat server.xml
$# full content for me to try the same here at windows. Today I need to provide my vote. Hence today I am BUSY (BelahBath_Food and travel).
$ lsof -i:YourPortNumber
Assume that the process id of your port number which is there at listening mode is:
abcd
Code:
$ lsof -p abcd
After obtaining your file, I need to modify your file based on my localhost files
I will try the same tomorrow at my cygwin at localhost.
If that is working here I will inform you diff your_server.xml and my_server.xml files.
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!-- APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
HTTP Connector: /docs/config/http.html
AJP Connector: /docs/config/ajp.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxParameterCount="1000"
/>
-->
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxParameterCount="1000"
/>
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
maxParameterCount="1000"
>
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate
certificateKeystoreFile="/path/to/cert"
certificateKeystorePassword="passwd"
type="RSA"
/>
</SSLHostConfig>
</Connector>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="8443"
maxParameterCount="1000"
/>
-->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
Code:
lsof -p 443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ksoftd 443 root cwd DIR 253,0 4096 2 /
ksoftd 443 root rtd DIR 253,0 4096 2 /
ksoftd 443 root txt unknown /proc/443/exe
Thanks for your time. Hopefully we find a solution
I have performed following steps:
1. Copied your server.xml file and made following changes to your file and MY FILE:
a. Remove all blank lines.
b. Remove all commented lines.
2. I modified following lines to your file:
Replace:
After this I am able to access my localhost.
Test results:
Code:
Assume that my hostname is MURUGESAN_OPENSSL
http://127.0.0.1:80 => automatically redirecting to https://127.0.0.1
https://127.0.0.1:443 => automatically redirecting to https://127.0.0.1
https://MURUGESAN_OPENSSL => automatically redirecting to https://murugesan_openssl
https://MURUGESAN_OPENSSL:443 => automatically redirecting to https://murugesan_openssl
a. Hence you need to change missing --> tag
b. Validate the path /path/to/cert
c. Validate related password you have given for certificateKeystorePassword
Code:
$ ../bin/shutdown.sh >/dev/null 2>&1
$ ../bin/startup.sh >/dev/null 2>&1
$ lsof -i:443
java.exe 6920 Services 0 126868 K PORT: 443 80 8005 8080
java.exe 6920 Services 0 126868 K PORT: 443 80 8005 8080
$ # CYGWIN_NT do not have lsof hence I am using /cygdrive/c/Windows/System32/netstat.exe and /cygdrive/c/Windows/System32/tasklist.exe at windows.
$ type lsof
lsof is hashed (/home/murugesandins/lsof)
I have performed following steps:
1. Copied your server.xml file and made following changes to your file and MY FILE:
a. Remove all blank lines.
b. Remove all commented lines.
2. I modified following lines to your file:
Replace:
After this I am able to access my localhost.
Test results:
Code:
Assume that my hostname is MURUGESAN_OPENSSL
http://127.0.0.1:80 => automatically redirecting to https://127.0.0.1
https://127.0.0.1:443 => automatically redirecting to https://127.0.0.1
https://MURUGESAN_OPENSSL => automatically redirecting to https://murugesan_openssl
https://MURUGESAN_OPENSSL:443 => automatically redirecting to https://murugesan_openssl
a. Hence you need to change missing --> tag
b. Validate the path /path/to/cert
c. Validate related password you have given for certificateKeystorePassword
Code:
$ ../bin/shutdown.sh >/dev/null 2>&1
$ ../bin/startup.sh >/dev/null 2>&1
$ lsof -i:443
java.exe 6920 Services 0 126868 K PORT: 443 80 8005 8080
java.exe 6920 Services 0 126868 K PORT: 443 80 8005 8080
$ # CYGWIN_NT do not have lsof hence I am using /cygdrive/c/Windows/System32/netstat.exe and /cygdrive/c/Windows/System32/tasklist.exe at windows.
$ type lsof
lsof is hashed (/home/murugesandins/lsof)
I have given sample createcert.sh file earlier.
I am using internal certificate and not using any scripts here. Also, lsof -i:443doesnlt list anything on my server
I need to know your comment on:
1)
Any comment starts using:
<!-- ... -->
or
<!-- ...
-->
Have you verified all open tags <!-- having related valid --> closing tag ?
Have you verified all close tags --> having related valid <!-- opening tag ?
2)
I need to know output of:
ls -ltrd /path/to/cert /path/to/cert/* 2>/dev/null
3)
your file was having:
>> certificateKeystorePassword="passwd"
is it valid password ?
have you verified that password if valid or not ?
4)
Have you made the changes like the way I performed changes in your file and I performed test at my localhost which was working fine.
>> I am not writing these statements like a supervisor comment.
I am writing these comments using a smile way
>> you can under stand my comments based on my last statement here )
Last edited by murugesandins; 04-28-2024 at 04:08 AM.
Reason: my comments was like sharing smile comments
Have you verified all <!-- ...
comments
ending with -->
?
Hi, Thanks for your time. After changing the file with <!-- ...
comments
ending with -->
I am unable to restart the tomcat service, it got stuck. I rolled back to original file
The password to the certificate seems to be valid.
Also I can clearly see from lsof -i:8080 --> the hostname is listening and hence redirection from 8080 -->8443 is working. But 443 is not listening
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 114822 towl 44u IPv6 3087432 0t0 TCP hostname:webcache (LISTEN)
After changing the file with <!-- ...
comments
ending with -->
sorry for asking => for my fun
I need to validate your updated server.xml file.
can you cat updated xml file for me to validate <!-- ... -->
Example usage of my cat.exe command and pasting at linuxquestions.org:
1. Open textpad.exe
2. Open murugesandins@127.0.0.1 using putty.exe
(one way)
after logon Using putty.exe => Change settings => Session => Logging => Enable all session output
Log file name => C:\Users\murugesandins\cygwin\home\murugesandins\&H_&M_&Y_&T.txt
3)
inside putty.exe
/usr/bin/cat.exe server.xml
4)
disable(None) logging at change settings of putty.exe
5)
copy log file content and I have saved that content as delete.txt
Hence I need the similar way of the content of your server.xml file.
After obtaining your server.xml file I can provide updated server.xml file to test at your system.
Last edited by murugesandins; 04-29-2024 at 08:10 AM.
Reason: I need exact content of server.xml file.
Hi, this chain is getting more and more pages and I have been posting server.xml repeatedly and ofcourse yours too with solutions and suggesetions, Is there anyotherway to connect
Code:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!-- APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxParameterCount="1000"
/>
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
scheme="https" secure="true"
maxParameterCount="1000"
>
<SSLHostConfig>
<!--
<Certificate
certificateKeystoreFile="/path/to/cert"
certificateKeystorePassword="passwd"
type="RSA"
/>
-->
</SSLHostConfig>
</Connector>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
</Host>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
Also when i try to shutdown I had the below error.
Code:
Using CATALINA_OPTS: --add-exports java.base/jdk.internal.ref=ALL-UNNAMED --add-exports java.base/jdk.internal.misc=ALL-UNNAMED --add-exports java.base/sun.nio.ch=ALL-UNNAMED
Apr 29, 2024 4:58:43 PM org.apache.catalina.startup.Catalina stopServer
SEVERE: Could not contact [localhost:8005] (base port [8005] and offset [0]). Tomcat may not be running.
Apr 29, 2024 4:58:43 PM org.apache.catalina.startup.Catalina stopServer
SEVERE: Error stopping Catalina
java.net.ConnectException: Connection refused
a) I always use vim instead of using vi
b) content of ~/.vimrc file:
Code:
$ /usr/bin/cat.exe ~/.vimrc
set nu
syntax on
You also use vim to view any exception inside server.xml file.
Your fifth tag is missing close tag
OR
fifth starting tag added by mistake.
Code:
<!--
START TAG 01
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
scheme="https" secure="true"
maxParameterCount="1000"
>
<SSLHostConfig>
<!--
START TAG 02
<Certificate
certificateKeystoreFile="/path/to/cert"
certificateKeystorePassword="passwd"
type="RSA"
/>
CLOSE TAG 02
-->
</SSLHostConfig>
</Connector>
...where is CLOSE TAG 01 ?
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!-- APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<!-- murugesandins missing start tag here
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxParameterCount="1000"
/>
<!-- murugesandins REMOVE THIS CLOSE TAG -->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
scheme="https" secure="true"
maxParameterCount="1000"
>
<SSLHostConfig>
<!--
<Certificate
certificateKeystoreFile="/path/to/cert"
certificateKeystorePassword="passwd"
type="RSA"
/>
-->
</SSLHostConfig>
</Connector>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
</Host>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
OR
search murugesandins inside server.xml
Valid02 content of server.xml
<!-- count = six
--> count = six
Code:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!-- APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<!-- murugesandins added missing start tag -->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxParameterCount="1000"
/>
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
scheme="https" secure="true"
maxParameterCount="1000"
>
<SSLHostConfig>
murugesandins removed intermediate start tag here
<Certificate
certificateKeystoreFile="/path/to/cert"
certificateKeystorePassword="passwd"
type="RSA"
/>
-->
</SSLHostConfig>
</Connector>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
</Host>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
Hence I have informed to use valid count of opening and closing tags.
<!-- open tag
--> close tag
Quote:
Tomcat may not be running....
These kind of errors happens when doing following mistake:
I have
a) started tomcat server
b) taken backup of server.xml
c) modified server.xml for testing
d) performed shutdown using modified server.xml
Hence start and shutdown need to use same server.xml file
Last edited by murugesandins; 04-29-2024 at 07:26 PM.
Reason: Hence start and shutdown need to use same server.xml file
Hi I took the valid xml files provided by you and restarted tomcat server, Now lost connections to both the urls https://server:8443/https://example.com:8443/.
As i mentioned in my previous ports it just not work with out port which is 443 may be? I will check whats the problem with the port
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.