i have a server with TOMCAT and i want to configure multiple sites,
i can configure one site on https and others sites on http
thank
Good for you.
Do you also have a question ?
excuse me!
i have a server with TOMCAT and i want to configure multiple sites,
i can configure one site on https and others sites on http?
thank
Forgive me if I'm wrong, but it sounds like you meant "Can I configure one site on https and the others on http?"
The simple answer is yes. Simplest is to configure two connectors -- one http and one https. Of course all the apps will be available on all connectors. Don't know if you wanted specific apps on specific IPs/protocols. I'm sure that's possible but the config is more complicated.
-- David
From: mchirivi.ict*******] On Behalf Of Massimo Chirivì - Ict Consultant
Subject: Re: TOMCAT with multiple sites (one on https, others on http)
i have a server with TOMCAT and i want to configure multiple sites,
i can configure one site on https and others sites on http?
1) Read the servlet spec, especially section 13, security.
2) Read the Tomcat doc for SSL and <Connector>:
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html
3) Read the Wiki for virtual hosts:
http://wiki.apache.org/tomcat/HowTo#How_do_I_set_up_Tomcat_v[..]
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
*this is my server.xml, *
*the sites on the http is ok, but the site on the https is not ok?*
*thank you for help*
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
/>
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
<Host name="www.site1.it" debug="0" unpackWARs="true">
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="virtual_log1." suffix=".txt"
timestamp="true"/>
<Context path="" docBase="/webapps/site1" debug="0"
reloadable="true"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="virtual_log." suffix=".txt"
pattern="common"/>
</Host>
<Host name="www.site2.net" debug="0" unpackWARs="true" >
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="virtual_log29." suffix=".txt"
timestamp="true"/>
<Context path="" docBase="/webapps/site2" debug="0"
reloadable="true"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="virtual_log." suffix=".txt"
pattern="common"/>
</Host>
</Engine>
</Service>
<Service name="Catalinassl">
<Engine name="Catalinassl" defaultHost="localhost">
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150"
minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="bancomed"
keystoreFile="C:\Program Files\Java\jre1.5.0_15\bin\site3.jks"
keypass="xxxx" />
<Host name="www.site3.net" debug="0" unpackWARs="true">
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="virtual_log29." suffix=".txt"
timestamp="true"/>
<Context path="" docBase="/webapps/site3" debug="0"
reloadable="true"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="virtual_log." suffix=".txt"
pattern="common"/>
</Host>
</Engine>
</Service>
</Server>
Massimo Chirivì
Are you just repeating the same question over & over?
Have you read the documents provided previously?
What version of Tomcat are you using?
What *exactly* does 'not ok' mean?
Are there any errors in the log files?
Can you describe the symptoms of the error?
Have you ever read & comprehended:
http://www.catb.org/esr/faqs/smart-questions.html
p
Context definitions in server.xml is very strongly discouraged and
considered poor practice.
There is no logger in Tomcat 7.0.
There is no logger in Tomcat 7.0.
Context definitions in server.xml is very strongly discouraged and
considered poor practice.
--
[key:62590808]
I have configured the server.xml to run a few sites with HTTP and HTTPS,
HTTP sites work correctly, that HTTPS is not responding, can not display
the page
Massimo Chirivì
--------------------------------------------------------------------------------------------------------
Pid's reply was asking you to answer some specific questions. You appear to
have only answered the first one of them by irony only.
The people on the list will need all of these specific questions answered
in order to help you any further. Here is the list once again in case you
have lost the previous email
Chris
6.0.16
The https site is not responding
NO, I have Stop and Start TOMCAT, the log files Catalina.2012-08-07.txt is
attach
When i submit http://www.sito1.net or http://www.site2.net is work
correctly
when i submit https://www.sito3.net is not responding.
the configuration in the server.xml is correctly?
6.0.16
The https site is not responding
NO, I have Stop and Start TOMCAT, the log files Catalina.2012-08-07.txt is
attach
When i submit http://www.sito1.net or http://www.site2.net is work
correctly
when i submit https://www.sito3.net is not responding.
the configuration in the server.xml is correctly?
Hi, Massimo-
Is it valid to nest a <Connector> element inside an <Engine> element?
-Terence Bandoian
i HAVE CORRECT THIS ERROR, <CONNECTOR> NOW IS OUT THE <ENGINE>
now the log files write:
7-ago-2012 18.42.52 org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.10.
7-ago-2012 18.42.52 org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [false], sendfile [true], accept filters
[false], random [true].
7-ago-2012 18.42.53 org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-80
7-ago-2012 18.42.53 org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
7-ago-2012 18.42.53 org.apache.coyote.http11.Http11AprProtocol init
GRAVE: Error initializing endpoint
java.lang.Exception: No Certificate file specified
at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:684)
at
org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1058)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:530)
at org.apache.catalina.startup.Catalina.load(Catalina.java:550)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
7-ago-2012 18.42.53 org.apache.catalina.startup.Catalina load
GRAVE: Catalina.start
LifecycleException: Protocol handler initialization failed:
java.lang.Exception: No Certificate file specified
at org.apache.catalina.connector.Connector.initialize(Connector.java:1060)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:530)
at org.apache.catalina.startup.Catalina.load(Catalina.java:550)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
7-ago-2012 18.42.53 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2236 ms
7-ago-2012 18.42.53 org.apache.catalina.realm.JAASRealm setContainer
INFO: Set JAAS app name Catalinassl
7-ago-2012 18.42.53 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
7-ago-2012 18.42.53 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.16
<snip>INFO: Initializing Coyote AJP/1.3 on ajp-8009
</snip> client request on Port 8009 wont pass through *until* you get the Certificate from the site administrator
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Comments inline - see ==== COMMENT ====
==== COMMENT ====
You're using the APR (native libraries). You are trying to configure
your connector with the Java SSL configuration. This won't work.
See the following:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Confi[..]
In particular:
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
clientAuth="optional" SSLProtocol="TLSv1"/>
Note that the format for the certificate (and key) is different for the
two connectors.
==== COMMENT ====
==== COMMENT ====
I'm not going to try and inject my comments concerning the server.xml
issues. Instead, I'll make a few general comments (amplifying other
comments) and then point you to the Wiki article that exists on the
Tomcat site.
1. There is no such thing as a Logger element
2. Do not put <Context> elements in your server.xml
3. For the default context, name your war file ROOT.war
a. do not use a null path - in general the path attribute is wrong
b. case IS important, even on Windows
4. Do NOT overlap appBase directories for virtual hosts
a. You will get multiple deployments
b. You will have memory issues
Please read and follow the Wiki document below for setting up virtual
hosts. I know it says development, but this same structure works well
for production. I use it to run a large number of production sites.
Coupled with CATALINA_HOME / CATALINA_BASE and some custom Ant scripts,
I have complete flexibility, and I can provision environments in about 5
minutes. I'm working on reducing that time.
Here's the link (again) :
http://wiki.apache.org/tomcat/TomcatDevelopmentVirtualHosts
Also, please tell me you are not using the following JRE:
C:\Program Files\Java\jre1.5.0_15
This is ancient, unsupported, has lots of security issues, and is in
general asking for trouble.
Upgrade at least to the latest 1.6.0 release.
==== COMMENT ====
Sorry for being lazy and not cleaning up the rest of this post. However,
I'm not terribly motivated when I don't see commensurate effort from the
original poster.
. . . . just my 2 cents.
/mde/
Massimo,
...and there is the problem: you need to use APR configuration and not
JSSE configuration in your <Connector>.
Specifically, don't use keystoreFile, etc. Instead, use
SSLCertificateFile, etc. See
http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS for reference.
Unfortunately, you have (likely) gone through the grueling procedure
of dealing with Java keystores and now you can use the much simpler
PEM files that OpenSSL (via APR) use.
- -chris
Martin,
It appears that the OP is not using AJP at all, so your response does
not help.
- -chris
i have correct the server.xml, but into the folder catalinassl there is
www.site3.net, but all child folders are empty,
- with netstat the https is up
----------------------------------------------------------------------------------
<Service name="Catalinassl">
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="8192" maxThreads="150" enableLookups="false"
disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false" sslProtocol="TLS"
keystoreFile="/conf/site3" keypass="qwertyuiop" />
<Engine name="Catalinassl" defaultHost="localhost">
<Host name="www.site3.net" debug="1" unpackWARs="true">
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="virtual_log29." suffix=".txt"
timestamp="true"/>
<Context path="" docBase="/webapps/site3" debug="0"
reloadable="true"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="virtual_log." suffix=".txt"
pattern="common"/>
</Host>
</Engine>
</Service>
</Server>
----------------------------------------------------------------------------------
ml-node+s10n4984981h29*******>
See comment inline.
No, you have not corrected your server.xml. You are ignoring everyone's
recommendations and the Wiki document which lays out in great detail how
to set up virtual hosts.
Please read and follow this Wiki document.
http://wiki.apache.org/tomcat/TomcatDevelopmentVirtualHosts
Your paths (/webapps/site3, etc.) make absolutely NO sense unless you
have a directory at the ROOT of your file system called /webapps/site3.
/mde/
Attached file is my server.xml, the service catalina with all virtual host
work correctly, the service catalinassl is not working
the subfolders of the folder /catalinassl/site3 are empty.
you kindly tell me the changes to make in server.xml
I'm not understanding
thank
Massimo Chirivì
--------------------------------------------------------------------------------------------------------
Massimo,
I'm not sure if this is a language problem or some other problem. I
don't speak Italian, but maybe someone else on the list does.
I can empathize with language barriers (I've had to struggle with
documentation written in Bahasa - which i know zero about). Maybe you
have a team mate that can help translate the Tomcat documentation and
Wiki article into Italian?
A point of clarification about path names.
File path names beginning with / are absolute path names. This means
that when you write /webapps/site1, you are referring to a directory
from the root of the file system - ie., /webapps/site1.
File path names not beginning with a / are relative path names. This
means that the path names are relative to some base path.
In Tomcat, the base path starts at $CATALINA_BASE. This is where Tomcat
is run from (gets a bit more complicated with distribution repackaging).
For example, if I install and run Tomcat from:
/home/mdeggers/Apache/apache-tomcat-6.0.35
Then $CATALINA_BASE becomes
/home/mdeggers/Apache/apache-tomcat-6.0.35
A relative path name of "webapps" then becomes:
/home/mdeggers/Apache/apache-tomcat-6.0.35/webapps
as an absolute path name in this particular sense.
So in your case, you need to have directories /webapps/site1,
/webapps/site2, and /conf/site3 at the root of your file system. This is
not a good thing.
1) The documentation
2) The cited Wiki article
3) Several patient people on the mailing list
For your particular question, please note the following Context elements
(again, this is very bad practice).
A. In Service Catalina
Host element with name="site1"
<Context path="" docBase="/webapps/site1" debug="0" reloadable="true"/>
Host element with name="site2"
<Context path="" docBase="/webapps/site2" debug="0" reloadable="true"/>
B. In Service Catalinassl
Host element with name="site1"
<Context path="" docBase="/webapps/site1" debug="0" reloadable="true"/>
As you can see, there is NO site3 Host element in any part of your
server.xml. Therefore, there should be nothing in
CATALINA_BASE/conf/Catalinassl/site3. There should also be nothing in
CATALINA_BASE/work/Catalinassl/site3.
/Catalinassl/site3 makes no sense as a path.
The path to the keystore file has nothing to do with where the appBase
is (or docBase).
You are still using the wrong connector configuration for SSL. If you
are loading the APR native libraries (and the logs you posted indicated
that you are), you need to use the appropriate OpenSSL-style connector
configuration (and certificate files).
I've posted the relevant portion of the server.xml for SSL from the
online documentation in this thread before.
. . . . fresh out of cents (or sense)
/mde/
i attach the correct file, but on the server tomcat the file was corrected
but the problem remains.
This file has numerous problems.
You have been pointed at the documentation.
You have had several people point out the problems.
You have not incorporated any of the fixes that several people have
recommended that you implement.
1. Your Host setup is at best not in keeping with good practices
http://wiki.apache.org/tomcat/TomcatDevelopmentVirtualHosts
2. You have Context elements in your server.xml
Again, this is not a good practice
3. You are using the wrong SSL Connector configuration
From other logs, you are loading the APR native libraries. See
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Confi[..]
4. You have deleted a lot of the Listeners from the stock server.xml
Here's what you should do.
1. Start with a clean server.xml from tomcat.apache.org
2. Follow this document to set up virtual hosts
http://wiki.apache.org/tomcat/TomcatDevelopmentVirtualHosts
3. Add a second Service by copying the first Service and changing the
name
4. In the second service:
a. Delete the AJP Connector
b. Delete the HTTP 1.1 Connector
c. Add the SSL Connector following
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Confi[..]
5. Do NOT add any Context elements in server.xml
6. Use ROOT.war for each virtual host default application
a. Package your default application into a war file
b. Name it ROOT.war (case is important)
c. Place it in the appBase for the targeted virtual host
7. Do not add Logger elements, or other "stuff" you think is necessary
Do these steps, and post the resulting server.xml file (without
comments), inline (no attachments). The list normally strips attachments.
Your current server.xml file basically needs a complete rewrite.
/mde/
Mark,
To be fair, he did (claim to) switch to the HttpNioConnector at some
point, which will use the JSSE configuration.
All your other comments are spot on.
Massimo, aiuda noi aiudiamote.
- -chris
Yep, I see that in the Connector configuration now.
I apologize for that Massimo . . . I need to read things a bit more slowly.
/mde/
Related Topics
Post a Comment
