tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <its_toas...@yahoo.com>
Subject Re: TOMCAT with multiple sites (one on https, others on http)
Date Tue, 07 Aug 2012 18:02:08 GMT
Comments inline - see ==== COMMENT ====

On 8/7/2012 9:52 AM, Massimo Chirivì - Ict Consultant wrote:
> i HAVE CORRECT THIS ERROR, <CONNECTOR> NOW IS OUT THE <ENGINE>
>
> now the log files write:
> 7-ago-2012 18.42.52 org.apache.catalina.core.AprLifecycleListener init
> INFO: Loaded APR based Apache Tomcat Native library 1.1.10.
> 7-ago-2012 18.42.52 org.apache.catalina.core.AprLifecycleListener init
> INFO: APR capabilities: IPv6 [false], sendfile [true], accept filters
> [false], random [true].

==== COMMENT ====

You're using the APR (native libraries). You are trying to configure 
your connector with the Java SSL configuration. This won't work.

See the following:

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Configuration

In particular:

<Connector
            port="8443" maxThreads="200"
            scheme="https" secure="true" SSLEnabled="true"
            SSLCertificateFile="/usr/local/ssl/server.crt"
            SSLCertificateKeyFile="/usr/local/ssl/server.pem"
            clientAuth="optional" SSLProtocol="TLSv1"/>

Note that the format for the certificate (and key) is different for the 
two connectors.

==== COMMENT ====

> 7-ago-2012 18.42.53 org.apache.coyote.http11.Http11AprProtocol init
> INFO: Initializing Coyote HTTP/1.1 on http-80
> 7-ago-2012 18.42.53 org.apache.coyote.ajp.AjpAprProtocol init
> INFO: Initializing Coyote AJP/1.3 on ajp-8009
> 7-ago-2012 18.42.53 org.apache.coyote.http11.Http11AprProtocol init
> GRAVE: Error initializing endpoint
> java.lang.Exception: No Certificate file specified
> at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
> at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:684)
> at
> org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107)
> at org.apache.catalina.connector.Connector.initialize(Connector.java:1058)
> at
> org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
> at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:530)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:550)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
> 7-ago-2012 18.42.53 org.apache.catalina.startup.Catalina load
> GRAVE: Catalina.start
> LifecycleException:  Protocol handler initialization failed:
> java.lang.Exception: No Certificate file specified
> at org.apache.catalina.connector.Connector.initialize(Connector.java:1060)
> at
> org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
> at
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:530)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:550)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
> 7-ago-2012 18.42.53 org.apache.catalina.startup.Catalina load
> INFO: Initialization processed in 2236 ms
> 7-ago-2012 18.42.53 org.apache.catalina.realm.JAASRealm setContainer
> INFO: Set JAAS app name Catalinassl
> 7-ago-2012 18.42.53 org.apache.catalina.core.StandardService start
> INFO: Starting service Catalina
> 7-ago-2012 18.42.53 org.apache.catalina.core.StandardEngine start
> INFO: Starting Servlet Engine: Apache Tomcat/6.0.16
>
>
>
> 2012/8/7 Terence M. Bandoian <terence@tmbsw.com>
>
>>   On 1:59 PM, Massimo Chirivě - Ict Consultant wrote:
>>
>>> What version of Tomcat are you using?
>>>>
>>> 6.0.16
>>>
>>>   What *exactly* does 'not ok' mean?
>>>>
>>> The https site is not responding
>>>
>>>> Are there any errors in the log files?
>>>>
>>> NO, I have Stop and Start TOMCAT, the log files Catalina.2012-08-07.txt is
>>> attach
>>>
>>>> Can you describe the symptoms of the error?
>>>>
>>> When i submit http://www.sito1.net or http://www.site2.net is work
>>> correctly
>>> when i submit https://www.sito3.net is not responding.
>>>
>>> the configuration in the server.xml is correctly?
>>>
>>>
>>> 2012/8/7 Pid<pid@pidster.com>
>>>
>>>   On 03/08/2012 17:35, Massimo Chirivě - Ict Consultant wrote:
>>>>
>>>>> *this is my server.xml, *
>>>>> *the sites on the http is ok, but the site on the https is not ok?*
>>>>> *thank you for help*
>>>>>
>>>> Are you just repeating the same question over&  over?
>>>>
>>>>
>>>> Have you read the documents provided previously?
>>>>
>>>> What version of Tomcat are you using?
>>>>
>>>> What *exactly* does 'not ok' mean?
>>>>
>>>> Are there any errors in the log files?
>>>>
>>>> Can you describe the symptoms of the error?
>>>>
>>>> Have you ever read&  comprehended:
>>>>
>>>>
>>>>    http://www.catb.org/esr/faqs/**smart-questions.html<http://www.catb.org/esr/faqs/smart-questions.html>
>>>>
>>>>
>>>> p
>>>>
>>>>

==== COMMENT ====

I'm not going to try and inject my comments concerning the server.xml 
issues. Instead, I'll make a few general comments (amplifying other 
comments) and then point you to the Wiki article that exists on the 
Tomcat site.

1. There is no such thing as a Logger element
2. Do not put <Context> elements in your server.xml
3. For the default context, name your war file ROOT.war
    a. do not use a null path - in general the path attribute is wrong
    b. case IS important, even on Windows
4. Do NOT overlap appBase directories for virtual hosts
    a. You will get multiple deployments
    b. You will have memory issues

Please read and follow the Wiki document below for setting up virtual 
hosts. I know it says development, but this same structure works well 
for production. I use it to run a large number of production sites. 
Coupled with CATALINA_HOME / CATALINA_BASE and some custom Ant scripts, 
I have complete flexibility, and I can provision environments in about 5 
minutes. I'm working on reducing that time.

Here's the link (again) :

http://wiki.apache.org/tomcat/TomcatDevelopmentVirtualHosts

Also, please tell me you are not using the following JRE:

C:\Program Files\Java\jre1.5.0_15

This is ancient, unsupported, has lots of security issues, and is in 
general asking for trouble.

Upgrade at least to the latest 1.6.0 release.

==== COMMENT ====

>>>>   <?xml version='1.0' encoding='utf-8'?>
>>>>>
>>>>> <Server port="8005" shutdown="SHUTDOWN">
>>>>>
>>>>>     <Listener className="org.apache.**catalina.core.**
>>>>> AprLifecycleListener"
>>>>> SSLEngine="on" />
>>>>>     <Listener className="org.apache.**catalina.core.JasperListener"
/>
>>>>>     <Listener
>>>>>
>>>> className="org.apache.**catalina.mbeans.**ServerLifecycleListener"
>>>>
>>>>> />
>>>>>     <Listener
>>>>> className="org.apache.**catalina.mbeans.**
>>>>> GlobalResourcesLifecycleListen**er"
>>>>>
>>>> />
>>>>
>>>>>     <GlobalNamingResources>
>>>>>       <Resource name="UserDatabase" auth="Container"
>>>>>                 type="org.apache.catalina.**UserDatabase"
>>>>>                 description="User database that can be updated and saved"
>>>>>
>>>>>   factory="org.apache.catalina.**users.**MemoryUserDatabaseFactory"
>>>>
>>>>>                 pathname="conf/tomcat-users.**xml" />
>>>>>     </GlobalNamingResources>
>>>>>
>>>>>     <Service name="Catalina">
>>>>>
>>>>>
>>>>>       <Connector port="80" protocol="HTTP/1.1"
>>>>>                  connectionTimeout="20000"
>>>>>                  redirectPort="443" />
>>>>>
>>>>>       <Connector port="8009" protocol="AJP/1.3" redirectPort="443"
/>
>>>>>
>>>>>
>>>>>       <Engine name="Catalina" defaultHost="localhost">
>>>>>
>>>>>         <Realm className="org.apache.**catalina.realm.**
>>>>> UserDatabaseRealm"
>>>>>                resourceName="UserDatabase"/>
>>>>>
>>>>>         <Host name="localhost"  appBase="webapps"
>>>>>               unpackWARs="true" autoDeploy="true"
>>>>>               xmlValidation="false" xmlNamespaceAware="false">
>>>>>         </Host>
>>>>>
>>>>>         <Host name="www.site1.it" debug="0" unpackWARs="true">
>>>>>           <Logger className="org.apache.**catalina.logger.FileLogger"
>>>>>                    directory="logs"  prefix="virtual_log1." suffix=".txt"
>>>>> timestamp="true"/>
>>>>>           <Context path="" docBase="/webapps/site1" debug="0"
>>>>> reloadable="true"/>
>>>>>
>>>> Context definitions in server.xml is very strongly discouraged and
>>>> considered poor practice.
>>>>
>>>>
>>>>            <Valve className="org.apache.**catalina.valves.**
>>>>> AccessLogValve"
>>>>>                    directory="logs"  prefix="virtual_log." suffix=".txt"
>>>>>                    pattern="common"/>
>>>>>         </Host>
>>>>>
>>>>>
>>>>> <Host name="www.site2.net" debug="0" unpackWARs="true">
>>>>> <Logger className="org.apache.**catalina.logger.FileLogger"
>>>>>                    directory="logs"  prefix="virtual_log29."
>>>>> suffix=".txt"
>>>>> timestamp="true"/>
>>>>>
>>>> There is no logger in Tomcat 7.0.
>>>>
>>>>
>>>>            <Context path="" docBase="/webapps/site2" debug="0"
>>>>> reloadable="true"/>
>>>>>           <Valve className="org.apache.**catalina.valves.**
>>>>> AccessLogValve"
>>>>>                    directory="logs"  prefix="virtual_log." suffix=".txt"
>>>>>                    pattern="common"/>
>>>>> </Host>
>>>>>
>>>>>       </Engine>
>>>>>     </Service>
>>>>>
>>>>>
>>>>>     <Service name="Catalinassl">
>>>>>
>>>>>       <Engine name="Catalinassl" defaultHost="localhost">
>>>>> <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150"
>>>>> minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
>>>>> disableUploadTimeout="true" acceptCount="100" scheme="https"
>>>>>
>>>> secure="true"
>>>>
>>>>> SSLEnabled="true" clientAuth="false" sslProtocol="TLS"
>>>>>
>>>> keyAlias="bancomed"
>>>>
>>>>> keystoreFile="C:\Program Files\Java\jre1.5.0_15\bin\**site3.jks"
>>>>> keypass="xxxx" />
>>>>>
>>>>>     <Host name="www.site3.net" debug="0" unpackWARs="true">
>>>>> <Logger className="org.apache.**catalina.logger.FileLogger"
>>>>>                    directory="logs"  prefix="virtual_log29."
>>>>> suffix=".txt"
>>>>> timestamp="true"/>
>>>>>
>>>> There is no logger in Tomcat 7.0.
>>>>
>>>>            <Context path="" docBase="/webapps/site3" debug="0"
>>>>> reloadable="true"/>
>>>>>
>>>> Context definitions in server.xml is very strongly discouraged and
>>>> considered poor practice.
>>>>
>>>>
>>>>            <Valve className="org.apache.**catalina.valves.**
>>>>> AccessLogValve"
>>>>>                    directory="logs"  prefix="virtual_log." suffix=".txt"
>>>>>                    pattern="common"/>
>>>>> </Host>
>>>>>     </Engine>
>>>>>
>>>>>     </Service>
>>>>>
>>>>>
>>>>>
>>>>> </Server>
>>>>>
>>>>> Massimo Chirivě
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> 2012/2/12 Caldarale, Charles R<Chuck.Caldarale@unisys.com>
>>>>>
>>>>>   From: mchirivi.ict@gmail.com [mailto:mchirivi.ict@gmail.com**] On
>>>>>> Behalf
>>>>>>
>>>>> Of
>>>>
>>>>> Massimo Chirivě - Ict Consultant
>>>>>>
>>>>>> Subject: Re: TOMCAT with multiple sites (one on https, others on
http)
>>>>>>
>>>>>> i have a server with TOMCAT and i want to configure multiple sites,
>>>>>> i can configure one site on https and others sites on http?
>>>>>>
>>>>>> 1) Read the servlet spec, especially section 13, security.
>>>>>>
>>>>>> 2) Read the Tomcat doc for SSL and<Connector>:
>>>>>> http://tomcat.apache.org/**tomcat-7.0-doc/ssl-howto.html<http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html>
>>>>>> http://tomcat.apache.org/**tomcat-7.0-doc/config/http.**html<http://tomcat.apache.org/tomcat-7.0-doc/config/http.html>
>>>>>>
>>>>>> 3) Read the Wiki for virtual hosts:
>>>>>>
>>>>>>
>>>>>>   http://wiki.apache.org/tomcat/**HowTo#How_do_I_set_up_Tomcat_**
>>>> virtual_hosts_in_a_**development_environment.3F<http://wiki.apache.org/tomcat/HowTo#How_do_I_set_up_Tomcat_virtual_hosts_in_a_development_environment.3F>
>>>>
>>>>>    - Chuck
>>>>>>
>>>>>
>>
>> Hi, Massimo-
>>
>> Is it valid to nest a <Connector> element inside an <Engine> element?
>>
>> -Terence Bandoian

Sorry for being lazy and not cleaning up the rest of this post. However, 
I'm not terribly motivated when I don't see commensurate effort from the 
original poster.

. . . . just my 2 cents.
/mde/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message