Re: Setting up tomcat to run on port 443 on ubuntu system

[Igor Cicimov]

If installed from package open /etc/default/tomcat7, uncomment thr last
line and make it
AUTHBIND=yes
and then youll be able to bind tomcat to port 80 and/or 443
 On 30/03/2013 1:22 AM, "Shyam Yadav"  wrote:

> Hi Ognjen,
>
> I did all the setting you have mentioned for Unix Daemon for Tomcat, but
> still i am getting the same problem.
> i.e.  Permission Denied.
>
> Thank you very much sir for helping me out but still its not working.
> This may be my mistake.
>
> Thanks & Regards,
> Shyam Yadav
>

Re: Setting up tomcat to run on port 443 on ubuntu system

[Darryl Lewis]

Did you read and follow:
http://commons.apache.org/proper/commons-daemon/jsvc.html


On 30/03/13 12:54 AM, "Shyam Yadav"  wrote:

>Hi Ognjen,
>
>I did all the setting you have mentioned for Unix Daemon for Tomcat, but
>still i am getting the same problem.
>i.e.  Permission Denied.
>
>Thank you very much sir for helping me out but still its not working.
>This may be my mistake.
>
>Thanks & Regards,
>Shyam Yadav


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Accessing Tomcat Issue

[Rainer Jung]

On 29.03.2013 18:02, Chris Arnold wrote:
> This thread is getting kinda messy so i am going to snip a bunch of stuff and 
> answer your latest info.

Good.

>> So mod_proxy is loaded but you don't want to use it to access alfresco,
>> instead just mod_jk, right? Then don't use any ReWriteRule with the [P}
>> flag or any Proxy... directive.
> 
> No, if this can be done with mod_proxy, i would prefer to do that. I have 
> been unable to get mod_proxy working so users type http://share.domain.com 
> and get the required results (which is http://share.domain.com/share)

Let's stick to mod_jk for the moment. I think you are close.

> Here is the modified virtualhost file:
> 
> ServerName share.domain.com
> 
> #RewriteEngine On
> #RewriteCond %{REQUEST_URI} !^/share/
> #RewriteCond %{HTTPS} on
> #RewriteRule ^/. http://share.domain.com/share/ [P]
> JkMount /share|/* worker1
> RedirectMatch ^/$ http://share.domain.com/share/
> 
> 
> 
> # The following line makes apache aware of the location of
> # the /jsp-examples context
> #Alias /share "/opt/alfresco/tomcat/webapps/share"
> #
>   #Options Indexes FollowSymLinks
>   #allow from all
> #
> 
> # The following line mounts all JSP files and the /servlet/ uri to tomcat
> #JkMount /servlets-examples/servlet/* ajp13
> #JkMount /share/*.jsp ajp13
> 
> # The following line prohibits users from directly accessing WEB-INF
> #
>   #AllowOverride None
>   #deny from all
> #
> 
> # if not specified, the global error log is used
> ErrorLog /var/log/apache2/domain.com-error_log
> CustomLog /var/log/apache2/domain.com-access_log combined
> 
> 
> 
> 

Looks good to me, you can remove the IfModule tags. They don't contain
anything mod_jk specific any more and in fact if mod_jk is not loaded
you'd want the whole thing to bomb at startup and not just ignore mod_jk
config.

You've chosen the worker name worker1. Fine.

>> At this step:
> 
>> - do not try to serve static content from Apache, first get this to work
>> before adding the additional complexity.
> 
>> - do not try to make the webapp /share/ directly available under the top
>> level directory. It is OK to redirect the a request for
>> http://share.domain.com/ to http://share.domain.com/share/ and proceed
>>from there as above, but it is harder to remove the "share" URI path
>> component from each request. If you really need to do this, then use
>> mod_proxy, not mod_jk.
> 
> Doing the above, does that take care of what you stated here?

Looks good to me.

> Here is the new workers.properties file:
> ..
> # the final value for y will be value\something
> 
> # Define two status worker:
> # - jk-status for read-only use
> # - jk-manager for read/write use
> worker.list=jk-status
> worker.jk-status.type=status
> worker.jk-status.read_only=true
> 
> worker.list=jk-manager
> worker.jk-manager.type=status
> 
> # We define a load balancer worker
> # with name "balancer"
> worker.list=balancer
> worker.balancer.type=lb
> # error_escalation_time: seconds, default = recover_time/2 (=30)
> # Determines, how fast a detected error should switch from
> # local error state to global error state
> # Since: 1.2.28
> worker.balancer.error_escalation_time=0
> 
> # - max_reply_timeouts: number, default=0
> #   If there are to many reply timeouts, a worker
> #   is put into the error state, i.e. it will become
> #   unavailable for all sessions residing on the respective
> #   Tomcat. The number of tolerated reply timeouts is
> #   configured with max_reply_timeouts. The number of
> #   timeouts occuring is divided by 2 once a minute and the
> #   resulting counter is compared against max_reply_timeouts.
> #   If you set max_reply_timeouts to N and the errors are
> #   occuring equally distributed over time, you will
> #   tolerate N/2 errors per minute. If they occur in a burst
> #   you will tolerate N errors.
> #   Since: 1.2.24
> worker.balancer.max_reply_timeouts=10
> 
> 
> 
> # Now we add members to the load balancer
> # First member is "node1", most
> # attributes are inherited from the
> # template "worker.template".
> worker.balancer.balance_workers=worker1
> worker.worker1.reference=worker.template
> worker.worker1.host=localhost
> worker.worker1.port=8080
> # Activation allows to configure
> # whether this node should actually be used
> # A: active (use node fully)
> # D: disabled (only use, if sticky session needs this node)
> # S: stopped (do not use)
> #   Since: 1.2.19
> worker.worker1.activation=A
> 
> # Second member is "node2", most
> # attributes are inherited from the
> # template "worker.template".
> #worker.balancer.balance_workers=node2
> #worker.node2.reference=worker.template
> #worker.node2.host=localhost
> #worker.node2.port=8209
> # Activation allows to configure
> # whether this node should actually be used
> # A: active (use node fully)
> # D: disabled (only use, if sticky session needs this node)
> # S: stopp

Re: Apache Accessing Tomcat Issue

[Chris Arnold]

This thread is getting kinda messy so i am going to snip a bunch of stuff and 
answer your latest info.


>So mod_proxy is loaded but you don't want to use it to access alfresco,
>instead just mod_jk, right? Then don't use any ReWriteRule with the [P}
>flag or any Proxy... directive.

No, if this can be done with mod_proxy, i would prefer to do that. I have been 
unable to get mod_proxy working so users type http://share.domain.com and get 
the required results (which is http://share.domain.com/share)


>Assume all static images, css, js are in some /path/to/my/folder/static
>and there's nothing else underneath it, that folder would be a place to
>publish directly via Alias in Apache.

OK

>I'm guessing here: what you want is that the request for
>http://share.domain.com should be forwarded to the Tomcat web
>application names "share".

Exactly

>For that I would put the following directives into the Apache
>VirtualHost that actually serves the request.

>- Add a redirect for the URI / to /share/ to the Apache config:

>RedirectMatch ^/$ http://share.domain.com/share/

>- Forward all requests that point below /share to Tomcat and let them be
>served by the webapp:

>JkMount /share|/* myworker

>- Remove other JkMount, Alias etc.

Here is the modified virtualhost file:

ServerName share.domain.com

#RewriteEngine On
#RewriteCond %{REQUEST_URI} !^/share/
#RewriteCond %{HTTPS} on
#RewriteRule ^/. http://share.domain.com/share/ [P]
JkMount /share|/* worker1
RedirectMatch ^/$ http://share.domain.com/share/



# The following line makes apache aware of the location of
# the /jsp-examples context
#Alias /share "/opt/alfresco/tomcat/webapps/share"
#
#Options Indexes FollowSymLinks
#allow from all
#

# The following line mounts all JSP files and the /servlet/ uri to tomcat
#JkMount /servlets-examples/servlet/* ajp13
#JkMount /share/*.jsp ajp13

# The following line prohibits users from directly accessing WEB-INF
#
#AllowOverride None
#deny from all
#

# if not specified, the global error log is used
ErrorLog /var/log/apache2/domain.com-error_log
CustomLog /var/log/apache2/domain.com-access_log combined





>At this step:

>- do not try to serve static content from Apache, first get this to work
>before adding the additional complexity.

>- do not try to make the webapp /share/ directly available under the top
>level directory. It is OK to redirect the a request for
>http://share.domain.com/ to http://share.domain.com/share/ and proceed
>from there as above, but it is harder to remove the "share" URI path
>component from each request. If you really need to do this, then use
>mod_proxy, not mod_jk.

Doing the above, does that take care of what you stated here?

>Don't use this configuration. It is garbage.

>Download a mod_jk source distribution (recent is version 1.2.37) which
>contains a nive default workers.properties file. You can also get it here:

>http://svn.apache.org/viewvc/tomcat/jk/trunk/conf/workers.properties?view=co

>In that file, remove all lines referring to "node2" and replace "node1"
>by whatever worker name you have chosen in JkMount (myworker or whatever).

>Finally set "host" and "port" of that worker to whatever port and server
>name your Tomcat listens to.

Here is the new workers.properties file:
..
# the final value for y will be value\something

# Define two status worker:
# - jk-status for read-only use
# - jk-manager for read/write use
worker.list=jk-status
worker.jk-status.type=status
worker.jk-status.read_only=true

worker.list=jk-manager
worker.jk-manager.type=status

# We define a load balancer worker
# with name "balancer"
worker.list=balancer
worker.balancer.type=lb
# error_escalation_time: seconds, default = recover_time/2 (=30)
# Determines, how fast a detected error should switch from
# local error state to global error state
# Since: 1.2.28
worker.balancer.error_escalation_time=0

# - max_reply_timeouts: number, default=0
#   If there are to many reply timeouts, a worker
#   is put into the error state, i.e. it will become
#   unavailable for all sessions residing on the respective
#   Tomcat. The number of tolerated reply timeouts is
#   configured with max_reply_timeouts. The number of
#   timeouts occuring is divided by 2 once a minute and the
#   resulting counter is compared against max_reply_timeouts.
#   If you set max_reply_timeouts to N and the errors are
#   occuring equally distributed over time, you will
#   tolerate N/2 errors per minute. If they occur in a burst
#   you will tolerate N errors.
#   Since: 1.2.24
worker.balancer.max_reply_timeouts=10



# Now we add members to the load balancer
# First member is "node1", most
# attributes are inherited from the
# template "worker.template".
worker.balancer.balance_workers=worker1
worker.worker1.reference=worker.template
worker.worker1.host=localhost
worker.worker1.port=8080
# Activation allows 

Re: Apache Accessing Tomcat Issue

[Rainer Jung]

On 29.03.2013 13:10, Chris Arnold wrote:
> On 29.03.2013 00:24, Chris Arnold wrote:
>>
>> # The following line mounts all JSP files and the /servlet/ uri to tomcat
>> #JkMount /servlets-examples/servlet/* ajp13
>> JkMount /share/*.jsp ajp13
> 
>>> Note that you only forward JSP-Requests here. might be OK, depending on
>>> the application.
> 
> The application, just for reference, is alfresco
> 
>> #RewriteEngine On
>> #RewriteCond %{REQUEST_URI} !^/share/
>> #RewriteCond %{HTTPS} on
>> #RewriteRule ^/. http://share.paradixent.com/share/ [P]
>> #JkMount /share/* worker1
> 
>>> Although the proxy rewrite rules are commented out here, later down the
>>> log indicates you are still somewhere using mod_proxy instead of mod_jk.
> 
> mod_proxy is used on this installation of apache. I am told i need to use 
> mod_jk in this instance. I need users to access this application like so: 
> http://share.domain.com and using mod_jk is the easiest way to do this (thats 
> what i am told)

So mod_proxy is loaded but you don't want to use it to access alfresco,
instead just mod_jk, right? Then don't use any ReWriteRule with the [P}
flag or any Proxy... directive.

OK as above, since commented, so not active.

>> 
>>
>>
>> # The following line makes apache aware of the location of
>> # the /jsp-examples context
>> Alias /share "/opt/alfresco/tomcat/webapps/share"
>> 
>> Options Indexes FollowSymLinks
>> allow from all
>> 
> 
>>> You can let Apache serve static content directly from an exploded
>>> webapp, but it is generally not recommended, because you then also open
>>> up stuff that's not expected to be made public to requests from outside.
> 
> I understand this
> 
>>> If below "share" there's anything that's not meant to be served by
>>> Apache, then it would be beter to copy the stuff that Apache should
>> serve to a separate directory, which would then be the one to put into
>>> the Alias.
> 
> but wouldn't this still have stuff below /share open?

Assume all static images, css, js are in some /path/to/my/folder/static
and there's nothing else underneath it, that folder would be a place to
publish directly via Alias in Apache.

>> # The following line mounts all JSP files and the /servlet/ uri to tomcat
>> #JkMount /servlets-examples/servlet/* ajp13
>> JkMount /share/*.jsp ajp13
>>
>> # The following line prohibits users from directly accessing WEB-INF
>> 
>> #AllowOverride None
>> deny from all
>> 
> 
>>> That's one exampe for stuff you don't want to be served, META-INF as
>>> well (if existing), there could be other stuff as well.
> 
> 
>> # if not specified, the global error log is used
>> ErrorLog /var/log/apache2domain.com-error_log
>> CustomLog /var/log/apache2/domain.com-access_log combined
>>
>> 
>>
>> 
>>
>>
>> httpd.conf-
>>
>> # mod_jk
>> Include /opt/alfresco/tomcat/conf/jk.conf
>>
>>
>> Mod_jk is loaded:
>>
>> web:~ # /usr/sbin/httpd2 -M
>> Loaded Modules:
>> ...
>> jk_module (shared)
>>  perl_module (shared)
>>  php5_module (shared)
>> Syntax OK
>>
>>
>>
>>
>> Here is the log from apache:
>>
>> [Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading from 
>> remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
>> [Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout 
>> specified has expired: proxy: error reading status line from remote server 
>> share.paradixent.com
>> [Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading from 
>> remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
> 
>>> What's the request you send?
> i assume you are asking for the link? Which is http://share.domain.com

I'm guessing here: what you want is that the request for
http://share.domain.com should be forwarded to the Tomcat web
application names "share".

For that I would put the following directives into the Apache
VirtualHost that actually serves the request.

- Add a redirect for the URI / to /share/ to the Apache config:

RedirectMatch ^/$ http://share.domain.com/share/

- Forward all requests that point below /share to Tomcat and let them be
served by the webapp:

JkMount /share|/* myworker

You can choose any name for "myworker", but see below for
workers.properties.

- Remove other JkMount, Alias etc.

At this step:

- do not try to serve static content from Apache, first get this to work
before adding the additional complexity.

- do not try to make the webapp /share/ directly available under the top
level directory. It is OK to redirect the a request for
http://share.domain.com/ to http://share.domain.com/share/ and proceed
from there as above, but it is harder to remove the "share" URI path
component from each request. If you really need to do this, then use
mod_proxy, not mod_jk.

>>> What's the expected response
> a login page
> 
>>> and what's the actual response?
> depending on whether i have the rewrite rules

Re: Setting up tomcat to run on port 443 on ubuntu system

[Shyam Yadav]

Hi Ognjen,

I did all the setting you have mentioned for Unix Daemon for Tomcat, but
still i am getting the same problem.
i.e.  Permission Denied.

Thank you very much sir for helping me out but still its not working.
This may be my mistake.

Thanks & Regards,
Shyam Yadav

Re: Setting up tomcat to run on port 443 on ubuntu system

[Ognjen Blagojevic]

Shyam,

On 29.3.2013 13:36, Shyam Yadav wrote:

You are right. I am not running tomcat from root user.
But I have an requirement where tomcat should be running from normal user.
Is it possible anyway?


It is possible, and recommended. Using jsvc for instance, as I explained 
in previos post.




and is it going to affect system and performance??


No, it won't.


-Ognjen

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Setting up tomcat to run on port 443 on ubuntu system

[Caldarale, Charles R]

> From: Shyam Yadav [mailto:shyam.ya...@mobicule.com] 
> Subject: Re: Setting up tomcat to run on port 443 on ubuntu system

> Hi Ognjen,

Don't top-post; it's extremely difficult to figure out exactly what you're 
replying to when you do so.

> But I have an requirement where tomcat should be running from normal user.

This is in the FAQ:
http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F

Ignore the bit about front-ending Tomcat with  httpd; that's overhead-inducing 
massive overkill.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Setting up tomcat to run on port 443 on ubuntu system

[Shyam Yadav]

Hi Ognjen,

You are right. I am not running tomcat from root user.
But I have an requirement where tomcat should be running from normal user.
Is it possible anyway?
and is it going to affect system and performance??

Thanks & Regards,
Shyam Yadav


On Fri, Mar 29, 2013 at 4:35 PM, Ognjen Blagojevic <
ognjen.d.blagoje...@gmail.com> wrote:

> Shyam,
>
>
> On 29.3.2013 11:16, Shyam Yadav wrote:
>
>> I am getting this following exception and the tomcat doesn't start.
>> java.net.BindException: Permission denied :443
>>
>> I am really stuck with it. Please help me out with it.
>>
>
> How do you start tomcat? Which user runs the Tomcat process?
>
> It is recommended that you run Tomcat with unprivileged user (e.g.
> 'tomcat'). If you do it like that, process started by unprivileged user may
> not bind to port under 1024 (443 included). Maybe this is the source for
> the exception you get?
>
> If my assumption is correct, you may try to use jsvc from commons-daemon
> to run tomcat. More details here:
>
>   
> http://tomcat.apache.org/**tomcat-7.0-doc/setup.html#**Unix_daemon
>
>
> -Ognjen
>
>
>
> --**--**-
> To unsubscribe, e-mail: 
> users-unsubscribe@tomcat.**apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Apache Accessing Tomcat Issue

[Chris Arnold]

>>What's the request you send?
i assume you are asking for the link? Which is http://share.domain.com

>>What's the expected response
a login page

>>and what's the actual response?
Now, it is a 403:
[Fri Mar 29 08:15:24 2013] [error] [client pub ip] Directory index forbidden by 
Options directive: /srv/www/htdocs/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Accessing Tomcat Issue

[Chris Arnold]

On 29.03.2013 00:24, Chris Arnold wrote:
> 
> # The following line mounts all JSP files and the /servlet/ uri to tomcat
> #JkMount /servlets-examples/servlet/* ajp13
> JkMount /share/*.jsp ajp13

>>Note that you only forward JSP-Requests here. might be OK, depending on
>>the application.

The application, just for reference, is alfresco

> #RewriteEngine On
> #RewriteCond %{REQUEST_URI} !^/share/
> #RewriteCond %{HTTPS} on
> #RewriteRule ^/. http://share.paradixent.com/share/ [P]
> #JkMount /share/* worker1

>>Although the proxy rewrite rules are commented out here, later down the
>>log indicates you are still somewhere using mod_proxy instead of mod_jk.

mod_proxy is used on this installation of apache. I am told i need to use 
mod_jk in this instance. I need users to access this application like so: 
http://share.domain.com and using mod_jk is the easiest way to do this (thats 
what i am told)

> 
> 
> 
> # The following line makes apache aware of the location of
> # the /jsp-examples context
> Alias /share "/opt/alfresco/tomcat/webapps/share"
> 
> Options Indexes FollowSymLinks
> allow from all
> 

>>You can let Apache serve static content directly from an exploded
>>webapp, but it is generally not recommended, because you then also open
>>up stuff that's not expected to be made public to requests from outside.

I understand this

>>If below "share" there's anything that's not meant to be served by
>>Apache, then it would be beter to copy the stuff that Apache should
>serve to a separate directory, which would then be the one to put into
>>the Alias.

but wouldn't this still have stuff below /share open?

> # The following line mounts all JSP files and the /servlet/ uri to tomcat
> #JkMount /servlets-examples/servlet/* ajp13
> JkMount /share/*.jsp ajp13
> 
> # The following line prohibits users from directly accessing WEB-INF
> 
> #AllowOverride None
> deny from all
> 

>>That's one exampe for stuff you don't want to be served, META-INF as
>>well (if existing), there could be other stuff as well.


> # if not specified, the global error log is used
> ErrorLog /var/log/apache2domain.com-error_log
> CustomLog /var/log/apache2/domain.com-access_log combined
> 
> 
> 
> 
> 
> 
> httpd.conf-
> 
> # mod_jk
> Include /opt/alfresco/tomcat/conf/jk.conf
> 
> 
> Mod_jk is loaded:
> 
> web:~ # /usr/sbin/httpd2 -M
> Loaded Modules:
> ...
> jk_module (shared)
>  perl_module (shared)
>  php5_module (shared)
> Syntax OK
> 
> 
> 
> 
> Here is the log from apache:
> 
> [Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading from 
> remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
> [Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout 
> specified has expired: proxy: error reading status line from remote server 
> share.paradixent.com
> [Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading from 
> remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var

>>What's the request you send?
i assume you are asking for the link? Which is http://share.domain.com

>>What's the expected response
a login page

>>and what's the actual response?
depending on whether i have the rewrite rules commented out or not, uncommented 
is a directory listing. Commented out is eventually a 503 Bad Gateway.

>>The above log snippet tells us that somewhere in your config you have
>>mod_proxy active, which is an alternative way to connect to a backend.
>>You should get your idea straight, for which URLs you are using
>>mod_proxy and for which mod_jk. I would suggest to stick with one.

If it possible to use mod_proxy and have users access http://share.domain.com, 
thats what i would like to do. I have been unable to accomplish this result and 
therefore have tried mod_jk.

>>You didn't show us your worker.properties file.
workers.properties-
# OPTIONS ( very important for jni mode ) 

#
# workers.tomcat_home should point to the location where you
# installed tomcat. This is where you have your conf, webapps and lib
# directories.
#
workers.tomcat_home=/opt/alfresco/tomcat

#
# workers.java_home should point to your Java installation. Normally
# you should have a bin and lib directories beneath it.
#
workers.java_home=/opt/IBMJava2-13

#
# You should configure your environment slash... ps=\ on NT and / on UNIX
# and maybe something different elsewhere.
#
ps=/

#
#-- ADVANCED MODE 
#-
#

#
#-- DEFAULT worker list --
#-
#
#
# The workers that your plugins should create and work with
#
# Add 'inprocess' if you want JNI connector 
worker.list=ajp12, ajp13
# , inprocess


#
#-- DEFAULT ajp12 WORKER DEFINITION 

Re: Setting up tomcat to run on port 443 on ubuntu system

[Ognjen Blagojevic]

Shyam,

On 29.3.2013 11:16, Shyam Yadav wrote:

I am getting this following exception and the tomcat doesn't start.
java.net.BindException: Permission denied :443

I am really stuck with it. Please help me out with it.


How do you start tomcat? Which user runs the Tomcat process?

It is recommended that you run Tomcat with unprivileged user (e.g. 
'tomcat'). If you do it like that, process started by unprivileged user 
may not bind to port under 1024 (443 included). Maybe this is the source 
for the exception you get?


If my assumption is correct, you may try to use jsvc from commons-daemon 
to run tomcat. More details here:


  http://tomcat.apache.org/tomcat-7.0-doc/setup.html#Unix_daemon


-Ognjen


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Setting up tomcat to run on port 443 on ubuntu system

[Michael-O]

Am 2013-03-29 09:38, schrieb Shyam Yadav:

Hi,

I want to run my tomcat on port 443 with https on an Ubuntu machine.
what are the required steps i should take, please guide me through it.
I search Internet but did not get any proper solution that is why i am here
sending you this mail.


Hi Shyam,

a few things you need to consider:

1. You have Tomcat already prepackaged on Ubuntu which works very well.
2. Only root is allowed bind ports below 1024.

Regarding 1: This is solved by the Ubuntu package
Regarding 2: Root must start the binary and perform a so called downgrade

Now, you have following options:

1. Use Ubuntu's start-stop-daemon
2. do $ su - tomcat -c startup.sh
3. Evaluate Commons Daemon which will perform that aforementioned 
downgrade in plain C.


Ubuntu actually does that with 1 and 3. HAve a look at Ubuntu's tomcat6 
startup script.


Michael


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Setting up tomcat to run on port 443 on ubuntu system

[Shyam Yadav]

Hi Ognjen,

Its really very nice that you replied so soon. Thank you for your
involvement.

I am getting this following exception and the tomcat doesn't start.
   java.net.BindException: Permission denied :443

I am really stuck with it. Please help me out with it.

Thanks & Regards,
Shyam Yadav


On Fri, Mar 29, 2013 at 2:55 PM, Ognjen Blagojevic <
ognjen.d.blagoje...@gmail.com> wrote:

> Shyam,
>
>
> On 29.3.2013 9:38, Shyam Yadav wrote:
>
>> I want to run my tomcat on port 443 with https on an Ubuntu machine.
>> what are the required steps i should take, please guide me through it.
>> I search Internet but did not get any proper solution that is why i am
>> here
>> sending you this mail.
>>
>> Please help me. this will be really appreciating.
>>
>
>
> 1. Read about connectors and choose whether you are going to use APR, NIO
> or BIO:
>
>
> http://people.apache.org/~**markt/presentations/2009-04-**
> 01-TomcatTuning.pdf(starting
>  form slide 15)
>
>   
> http://tomcat.apache.org/**tomcat-7.0-doc/config/http.**html
>
>
> 2. Read how to generate certificate:
>
>   
> http://tomcat.apache.org/**tomcat-7.0-doc/ssl-howto.html
>
> Note that if you use APR connector you should generate certificates using
> openssl, and if you use NIO/BIO connectors you should use Java keytool.*
>
> You may start with generating self-signed certificate, but later you may
> want to use CA-signed certificate.
>
>
> 3. Configure https connector to use certificates. Again APR uses one set
> of connector parameters, while NIO/BIO uses the other. Read the connector
> documentation carefully.
>
> -Ognjen
>
>
> * There are other possibilities but using tool that matches the connector
> is the easiest to start with.
>
> --**--**-
> To unsubscribe, e-mail: 
> users-unsubscribe@tomcat.**apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Apache Accessing Tomcat Issue

[Rainer Jung]

On 29.03.2013 00:24, Chris Arnold wrote:
> Apache Tomcat/7.0.30 on SLES11 SP2. I am trying to configure access to a 
> webapp using http://share.domain.com. This webapp uses port 8080 and works 
> fine from inside the LAN. However, we have an apache2 server acting as a 
> proxy and we want users to not have to type in a port number.
> 
> Now when accessing http://share.domain.com, the result is directories and 
> files are listed, the jsp files are not running. Here is my complete setup:
> 
> jk.conf-
> 
> # simple configuration for apache (for AJP connector, modul mod_jk.so)
> 
> 
> 
> JkWorkersFile /opt/alfresco/tomcat/workers.properties
> JkLogFile /var/log/alfresco/mod_jk.log
> JkShmFile /var/log/alfresco/shm
> 
> # Log level to be used by mod_jk
> JkLogLevel error
> 
> # The following line mounts all JSP files and the /servlet/ uri to tomcat
> #JkMount /servlets-examples/servlet/* ajp13
> JkMount /share/*.jsp ajp13

Note that you only forward JSP-Requests here. might be OK, depending on
the application.

> 
> 
> 
> virtualhost-
> 
> 
> ServerName share.domain.com
> 
> #RewriteEngine On
> #RewriteCond %{REQUEST_URI} !^/share/
> #RewriteCond %{HTTPS} on
> #RewriteRule ^/. http://share.paradixent.com/share/ [P]
> #JkMount /share/* worker1

Although the proxy rewrite rules are commented out here, later down the
log indicates you are still somewhere using mod_proxy instead of mod_jk.

> 
> 
> 
> # The following line makes apache aware of the location of
> # the /jsp-examples context
> Alias /share "/opt/alfresco/tomcat/webapps/share"
> 
> Options Indexes FollowSymLinks
> allow from all
> 

You can let Apache serve static content directly from an exploded
webapp, but it is generally not recommended, because you then also open
up stuff that's not expected to be made public to requests from outside.

If below "share" there's anything that's not meant to be served by
Apache, then it would be beter to copy the stuff that Apache should
serve to a separate directory, which would then be the one to put into
the Alias.

> # The following line mounts all JSP files and the /servlet/ uri to tomcat
> #JkMount /servlets-examples/servlet/* ajp13
> JkMount /share/*.jsp ajp13
> 
> # The following line prohibits users from directly accessing WEB-INF
> 
> #AllowOverride None
> deny from all
> 

That's one exampe for stuff you don't want to be served, META-INF as
well (if existing), there could be other stuff as well.

> # if not specified, the global error log is used
> ErrorLog /var/log/apache2domain.com-error_log
> CustomLog /var/log/apache2/domain.com-access_log combined
> 
> 
> 
> 
> 
> 
> httpd.conf-
> 
> # mod_jk
> Include /opt/alfresco/tomcat/conf/jk.conf
> 
> 
> Mod_jk is loaded:
> 
> web:~ # /usr/sbin/httpd2 -M
> Loaded Modules:
> ...
> jk_module (shared)
>  perl_module (shared)
>  php5_module (shared)
> Syntax OK
> 
> 
> 
> 
> Here is the log from apache:
> 
> [Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading from 
> remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
> [Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout 
> specified has expired: proxy: error reading status line from remote server 
> share.paradixent.com
> [Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading from 
> remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var

What's the request you send? What's the expected response and what's the
actual response?

The above log snippet tells us that somewhere in your config you have
mod_proxy active, which is an alternative way to connect to a backend.
You should get your idea straight, for which URLs you are using
mod_proxy and for which mod_jk. I would suggest to stick with one.

You didn't show us your worker.properties file.

You didn't show us your mod_jk log file.

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Setting up tomcat to run on port 443 on ubuntu system

[Ognjen Blagojevic]

Shyam,

On 29.3.2013 9:38, Shyam Yadav wrote:

I want to run my tomcat on port 443 with https on an Ubuntu machine.
what are the required steps i should take, please guide me through it.
I search Internet but did not get any proper solution that is why i am here
sending you this mail.

Please help me. this will be really appreciating.



1. Read about connectors and choose whether you are going to use APR, 
NIO or BIO:



http://people.apache.org/~markt/presentations/2009-04-01-TomcatTuning.pdf (starting 
form slide 15)


  http://tomcat.apache.org/tomcat-7.0-doc/config/http.html


2. Read how to generate certificate:

  http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

Note that if you use APR connector you should generate certificates 
using openssl, and if you use NIO/BIO connectors you should use Java 
keytool.*


You may start with generating self-signed certificate, but later you may 
want to use CA-signed certificate.



3. Configure https connector to use certificates. Again APR uses one set 
of connector parameters, while NIO/BIO uses the other. Read the 
connector documentation carefully.


-Ognjen


* There are other possibilities but using tool that matches the 
connector is the easiest to start with.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Setting up tomcat to run on port 443 on ubuntu system

[Shyam Yadav]

Hi,

I want to run my tomcat on port 443 with https on an Ubuntu machine.
what are the required steps i should take, please guide me through it.
I search Internet but did not get any proper solution that is why i am here
sending you this mail.

Please help me. this will be really appreciating.

Thanks & Regards,
Shyam Yadav

Re: Apache Accessing Tomcat Issue

[Igor Cicimov]

On 29/03/2013 10:29 AM, "Chris Arnold"  wrote:
>
> Apache Tomcat/7.0.30 on SLES11 SP2. I am trying to configure access to a
webapp using http://share.domain.com. This webapp uses port 8080 and works
fine from inside the LAN. However, we have an apache2 server acting as a
proxy and we want users to not have to type in a port number.
>
> Now when accessing http://share.domain.com, the result is directories and
files are listed, the jsp files are not running. Here is my complete setup:
>
You cant overlap apache and tomcat file system

> jk.conf-
>
> # simple configuration for apache (for AJP connector, modul mod_jk.so)
>
> 
>
> JkWorkersFile /opt/alfresco/tomcat/workers.properties
> JkLogFile /var/log/alfresco/mod_jk.log
> JkShmFile /var/log/alfresco/shm
>
> # Log level to be used by mod_jk
> JkLogLevel error
>
> # The following line mounts all JSP files and the /servlet/ uri to
tomcat
> #JkMount /servlets-examples/servlet/* ajp13
> JkMount /share/*.jsp ajp13
>
> 
>
>
> virtualhost-
>
> 
> ServerName share.domain.com
>
> #RewriteEngine On
> #RewriteCond %{REQUEST_URI} !^/share/
> #RewriteCond %{HTTPS} on
> #RewriteRule ^/. http://share.paradixent.com/share/ [P]
> #JkMount /share/* worker1
>
> 
>
>
> # The following line makes apache aware of the location of
> # the /jsp-examples context
> Alias /share "/opt/alfresco/tomcat/webapps/share"
> 
> Options Indexes FollowSymLinks
> allow from all
> 
>
> # The following line mounts all JSP files and the /servlet/ uri to
tomcat
> #JkMount /servlets-examples/servlet/* ajp13
> JkMount /share/*.jsp ajp13
>
> # The following line prohibits users from directly accessing WEB-INF
> 
> #AllowOverride None
> deny from all
> 
>
> # if not specified, the global error log is used
> ErrorLog /var/log/apache2domain.com-error_log
> CustomLog /var/log/apache2/domain.com-access_log combined
>
> 
>
> 
>
>
> httpd.conf-
>
> # mod_jk
> Include /opt/alfresco/tomcat/conf/jk.conf
>
>
> Mod_jk is loaded:
>
> web:~ # /usr/sbin/httpd2 -M
> Loaded Modules:
> ...
> jk_module (shared)
>  perl_module (shared)
>  php5_module (shared)
> Syntax OK
>
>
>
>
> Here is the log from apache:
>
> [Thu Mar 28 18:40:14 2013] [error] [client pub ip] proxy: Error reading
from remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
> [Thu Mar 28 18:40:28 2013] [error] [client pub ip] (70007)The timeout
specified has expired: proxy: error reading status line from remote server
share.paradixent.com
> [Thu Mar 28 18:40:28 2013] [error] [client pub ip] proxy: Error reading
from remote server returned by /error/HTTP_INTERNAL_SERVER_ERROR.html.var
>
>
> Any ideas why the folder and files are being listed instead of running?
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>