from:"achana"

howto hold transient record data in a Java applet?

2004-02-27 Thread achana

Hi all.
I've a Java applet question, which is slightly out of context here. For
that I apologize.
I want to create a class containing a record structure to hold transient
data from other applets on same browser and from same codeBase().
In other words, several other applets in same browser will send record
data to it, these transient record data are kept there until they are
flushed to database behind Tomcat. I don't want them to request a db
connection and send a record one by one.
Can some please give me pointers on how to implement such a class so
that other applets can write record data to it? 
TIA :-)

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [OT] Apache and Tomcat together

2004-01-14 Thread achana

Security!
Many-to-many configuration!


Graham Reeds wrote:
> 
> Something that has puzzled me for a few weeks now, and that is why use
> Tomcat and Apache together?  Tomcat serves up HTML pages as well JSP so
> where is the benefit in running both?  Even if Apache was faster at serving
> regular html pages than Tomcat surely the milliseconds gained would be eaten
> away by the latency of the connection speed?
> 
> --
> 
> Graham Reeds,
> [EMAIL PROTECTED] | http://omnieng.co.uk
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Happy New Year and Where is John Turner?

2003-12-31 Thread achana

Happy New Year to all, especially to those who contributed so much and
helped so many.
I hope Tomcat will grow and grow, along with java and any form of linux
and bsd-unix.
Does anyone know where John Turner is?
Haven't seen him on the list for ages...

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Pls ignore emails which do not interest you!

2003-12-07 Thread achana

Thank-you for your suggestion.
Please do not contribute to SPAM, do ignore emails which do not interest
you.
***

r h wrote:
> 
> is there any way to get the mails which someone is
> only interested in? :) no offence just joking...
> 
> --- Kwok Peng Tuck <[EMAIL PROTECTED]> wrote:
> > So his 'Out of topic' is in fact out of topic  ? :)
> >
> > Achana, maybe you can have a look at many of the
> > linux mailling list out
> > there ?
> > Might be better help than the tomcat list.
> >
> > Oscar Carrillo wrote:
> >
> > >You are waay off topic here.
> > >
> > >A google search is the way to go here.
> > >
> > >Regards,
> > >Oscar
> > >
> > >On Mon, 8 Dec 2003 [EMAIL PROTECTED] wrote:
> > >
> > >
> > >
> > >>Hi, apologies for being out of topic.
> > >>I've installed a new scsi cd-rw, a cursory
> > "cdrecord -scanbus" shows
> > >>that it is recognised as a scsi device (which is
> > fine) but displayed as
> > >>CD-ROM.
> > >>Does anyone have a more concise and readable
> > "howto" for Joerg
> > >>Schilling's "smake" and "cdrecord" tools?
> > >>Apologies again for being out of topic...
> > >>TIA :-)
> > >>
> > >>
> > >>
> > >
> > >
> >
> >-
> > >To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > >For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> -
> > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> >
> 
> __
> Do you Yahoo!?
> New Yahoo! Photos - easier uploading and sharing.
> http://photos.yahoo.com/
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Not even close to on topic: smake n cdrecord for linux

2003-12-07 Thread achana

Thank-you for your suggestion.


Kwok Peng Tuck wrote:
> 
> So his 'Out of topic' is in fact out of topic  ? :)
> 
> Achana, maybe you can have a look at many of the linux mailling list out
> there ?
> Might be better help than the tomcat list.
> 
> Oscar Carrillo wrote:
> 
> >You are waay off topic here.
> >
> >A google search is the way to go here.
> >
> >Regards,
> >Oscar
> >
> >On Mon, 8 Dec 2003 [EMAIL PROTECTED] wrote:
> >
> >
> >
> >>Hi, apologies for being out of topic.
> >>I've installed a new scsi cd-rw, a cursory "cdrecord -scanbus" shows
> >>that it is recognised as a scsi device (which is fine) but displayed as
> >>CD-ROM.
> >>Does anyone have a more concise and readable "howto" for Joerg
> >>Schilling's "smake" and "cdrecord" tools?
> >>Apologies again for being out of topic...
> >>TIA :-)
> >>
> >>
> >>
> >
> >
> >-
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
> >
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Not even close to on topic: smake n cdrecord for linux

2003-12-07 Thread achana

Thank-you for your suggestion.
**

Oscar Carrillo wrote:
> 
> You are waay off topic here.
> 
> A google search is the way to go here.
> 
> Regards,
> Oscar
> 
> On Mon, 8 Dec 2003 [EMAIL PROTECTED] wrote:
> 
> > Hi, apologies for being out of topic.
> > I've installed a new scsi cd-rw, a cursory "cdrecord -scanbus" shows
> > that it is recognised as a scsi device (which is fine) but displayed as
> > CD-ROM.
> > Does anyone have a more concise and readable "howto" for Joerg
> > Schilling's "smake" and "cdrecord" tools?
> > Apologies again for being out of topic...
> > TIA :-)
> >
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Out of topic: smake n cdrecord for linux

2003-12-07 Thread achana

Hi, apologies for being out of topic.
I've installed a new scsi cd-rw, a cursory "cdrecord -scanbus" shows
that it is recognised as a scsi device (which is fine) but displayed as
CD-ROM.
Does anyone have a more concise and readable "howto" for Joerg
Schilling's "smake" and "cdrecord" tools?
Apologies again for being out of topic...
TIA :-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Bit off topic : What happened to RedHat?

2003-11-18 Thread achana


> I have never had a problem with 3Com or Linksys hardware. Excuse my
> ignorance, but what do you mean by 'WLAN'? IS this hardware different
> from standard 100baseT etnernet?

Wireless LAN IEEE802.11b/g operating at 2.4GHz spectrum and effective up
to a distance of 100meters @ 54mbps, in this instance, it is the only
solution. I'm not sure about attenuation.
Think of total isolation and insulation.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Bit off topic : What happened to RedHat?

2003-11-18 Thread achana




Thanks. Since they are servers (Apache + TC4 + database setup) , most
are custom installs without the bloat ware. 
In any case, BSD-Unix is *my* only other acceptable choice, so there's
no flame war ;-)
I've not come across anyone willing to stick his neck out on NT/W2000
$erver running Apache and TC4.
Think I might just splurge and *buy* a copy of RH9.

And now this is very strange indeed: I was asked to implement a WLAN,
and after some research, I found that 3Com does *not support*
Linux/Unix, I got it from the local-presales. On the other hand Linksys
is very proud of the ease with which people can integrate their wireless
routers with Linux...
Is this your experience ?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Bit off topic : What happened to RedHat?

2003-11-18 Thread achana

Hi, does anyone know what happened to RedHat, its mailing list and
forum?
Haven't used it for a while and it seems they are no more.
Also, I run JVM and TC4 on RH7.1 kernel 2.4.2 and thinking about RH9,
but someone said that's the last version and there won't be a
*stability* version coming out after that.
Also, rumour has it RH8 is full of bugs ? Can someone share their
experience please ?
can anyone shed some light please.
TIA:-)

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Design advice needed.

2003-11-03 Thread achana

Ummm, didn't want to butt in, but why r u multi-threading a read, then
write to Oracle?
Without using roll locking, wouldn't it be the right thing to do using
synchronized thread e.g. like this
import java.io.*;
public class ModifyAccountBalance
{
  DespositThread Deposit1, Deposit2;
  Deposit1 = new DepositThread(account, 1234);
  Deposit2 = new DepositThread(account, 4321);
  // strut yourstuff here
}
synchronized void Deposit (int depositAmt, String accountName)
{
  // codes for updating the account balance
}
class DepositThread extends Thread
{
  // more codes
   DepositThread
(...)
   { // you might like to set the amounts etc here
   }
   public void run()
   {
 account.Deposit(depositAmt, accountName);
   }
}

John Zukowski's books explain that in detail. 
Using synchronization, the first deposit will write and update Oracle
before the second deposit kicks in.
What I would like to know is if I have multile JVMs, would this model
hold true ?? It should since TC starts up one instance and
multi-thread it, but we have programmatically forced it to be singled
threaded.
Like to hear back n this one.

Johan Kok wrote:
> 
> Wish I could, it's been eight years since I was did any DBA/DB development
> work. Either go to the manual, or contact a oracle list.
> 
> > -Original Message-
> > From: Antony Paul [mailto:[EMAIL PROTECTED]
> > Sent: 03 November 2003 09:10
> > To: Tomcat Users List; [EMAIL PROTECTED]
> > Subject: Re: Design advice needed.
> >
> >
> > Can u pls mention what is that Oracle feature ?. Reading the
> > data again is
> > time consuming.
> > - Original Message -
> > From: "Johan Kok" <[EMAIL PROTECTED]>
> > To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
> > Sent: Monday, November 03, 2003 12:17 PM
> > Subject: RE: Design advice needed.
> >
> >
> > > Anthony,
> > >
> > > Did you consider reading the record without locks, and when
> > an updated are
> > > made, to take a write-lock, check that the original record
> > are still the
> > > same and then apply, otherwise fail.
> > >
> > > Your intentions might not work unless all writes are passed
> > through the
> > > container, as Oracle will not have any control, until a
> > write occurs, i.e.
> > > you will have to open with read only, and only take out a
> > lock when you
> > are
> > > going to write, as described above. for safety sake your
> > container will
> > have
> > > to re-read the data in any case, before commiting,
> > otherwise it may update
> > > changed data, e.g. updates that are made through other
> > processes or even
> > > triggers.
> > >
> > > If my memory serves me right, that is something you can do
> > easily with
> > > Oracle (i.e. there's a standard feature implemented), even
> > with Oracle
> > 6/7.
> > >
> > >
> > >
> > >
> > > > -Original Message-
> > > > From: Antony Paul [mailto:[EMAIL PROTECTED]
> > > > Sent: 03 November 2003 08:36
> > > > To: Tomcat Users List
> > > > Subject: Design advice needed.
> > > >
> > > >
> > > > Hi all,
> > > > I need a replacement for row level locking in database.
> > > > The requirement
> > > > is if two users are updating the same row of a table only
> > the user who
> > > > updates first will be made to database second user must
> > get a failed
> > > > message. This can be done using row level locking. But it
> > > > allows only one
> > > > user to open page for editing at same time. If another user
> > > > has locked the
> > > > row then second user cannot lock the same row or update it.
> > > > So I want to
> > > > implement locking in Container. Is there any design patterns
> > > > available for
> > > > this. Or have anyone implemented this. I am using Tomcat
> > > > 4.1,Servlets JSP
> > > > and Oracle 8i. The application is using  MVC pattern but do
> > > > not use Struts.
> > > >
> > > > Antony Paul
> > > >
> > > >
> > -
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> > >
> > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Http and https

2003-10-13 Thread achana

Hi.
Assuming you have one fix IP address, you can use name based virtual
hosts in httpd.conf.
The first vhost is the HTTPS. The second vhost is the HTTP. 
Hope that helps.

Damnish wrote:
> 
> Hello
> I am using Tomcat 4.1.24 with Apache 2.
> I want to run two context on the server so that one can be accessed by
> http or by https.
> And one should get accessed only by HTTPS.
> Can some one tell me where should i configure this.
> Thanks in Advance
> Damnish

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: vertial host apache/tomcat

2003-09-18 Thread achana

What's the question?


Johan Louwers wrote:
> 
> Luke,
> I placed my httpd.conf in this mail. Hope you (or someone else) knows
> the answer.
> 
> # --BEGIN HTTPD.CONF--
> #
> # Based upon the NCSA server configuration files originally by Rob McCool.
> #
> # This is the main Apache server configuration file.  It contains the
> # configuration directives that give the server its instructions.
> # See http://httpd.apache.org/docs-2.0/> for detailed information about
> # the directives.
> #
> # Do NOT simply read the instructions in here without understanding
> # what they do.  They're here only as hints or reminders.  If you are unsure
> # consult the online docs. You have been warned.
> #
> # The configuration directives are grouped into three basic sections:
> #  1. Directives that control the operation of the Apache server process as
> a
> # whole (the 'global environment').
> #  2. Directives that define the parameters of the 'main' or 'default'
> server,
> # which responds to requests that aren't handled by a virtual host.
> # These directives also provide default values for the settings
> # of all virtual hosts.
> #  3. Settings for virtual hosts, which allow Web requests to be sent to
> # different IP addresses or hostnames and have them handled by the
> # same Apache server process.
> #
> # Configuration and logfile names: If the filenames you specify for many
> # of the server's control files begin with "/" (or "drive:/" for Win32), the
> # server will use that explicit path.  If the filenames do *not* begin
> # with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
> # with ServerRoot set to "/usr/local/apache" will be interpreted by the
> # server as "/usr/local/apache/logs/foo.log".
> #
> 
> ### Section 1: Global Environment
> #
> # The directives in this section affect the overall operation of Apache,
> # such as the number of concurrent requests it can handle or where it
> # can find its configuration files.
> #
> 
> #
> # ServerRoot: The top of the directory tree under which the server's
> # configuration, error, and log files are kept.
> #
> # NOTE!  If you intend to place this on an NFS (or otherwise network)
> # mounted filesystem then please read the LockFile documentation (available
> # at http://httpd.apache.org/docs-2.0/mod/mpm_common.html#lockfile>);
> # you will save yourself a lot of trouble.
> #
> # Do NOT add a slash at the end of the directory path.
> #
> ServerRoot "/usr/local/apache"
> 
> #
> # The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
> #
> 
> 
> #LockFile logs/accept.lock
> 
> 
> 
> #
> # ScoreBoardFile: File used to store internal server process information.
> # If unspecified (the default), the scoreboard will be stored in an
> # anonymous shared memory segment, and will be unavailable to third-party
> # applications.
> # If specified, ensure that no two invocations of Apache share the same
> # scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK.
> #
> 
> 
> #ScoreBoardFile logs/apache_runtime_status
> 
> 
> 
> #
> # PidFile: The file in which the server should record its process
> # identification number when it starts.
> #
> 
> PidFile logs/httpd.pid
> 
> 
> #
> # Timeout: The number of seconds before receives and sends time out.
> #
> Timeout 300
> 
> #
> # KeepAlive: Whether or not to allow persistent connections (more than
> # one request per connection). Set to "Off" to deactivate.
> #
> KeepAlive On
> 
> #
> # MaxKeepAliveRequests: The maximum number of requests to allow
> # during a persistent connection. Set to 0 to allow an unlimited amount.
> # We recommend you leave this number high, for maximum performance.
> #
> MaxKeepAliveRequests 100
> 
> #
> # KeepAliveTimeout: Number of seconds to wait for the next request from the
> # same client on the same connection.
> #
> KeepAliveTimeout 15
> 
> ##
> ## Server-Pool Size Regulation (MPM specific)
> ##
> 
> # prefork MPM
> # StartServers: number of server processes to start
> # MinSpareServers: minimum number of server processes which are kept spare
> # MaxSpareServers: maximum number of server processes which are kept spare
> # MaxClients: maximum number of server processes allowed to start
> # MaxRequestsPerChild: maximum number of requests a server process serves
> 
> StartServers 5
> MinSpareServers  5
> MaxSpareServers 10
> MaxClients 150
> MaxRequestsPerChild  0
> 
> 
> # worker MPM
> # StartServers: initial number of server processes to start
> # MaxClients: maximum number of simultaneous client connections
> # MinSpareThreads: minimum number of worker threads which are kept spare
> # MaxSpareThreads: maximum number of worker threads which are kept spare
> # ThreadsPerChild: constant number of worker threads in each server process
> # MaxRequestsPerChild: maximum number of requests a server process serves
> 
> StartServers 2
> MaxClients 150
> MinSpareThreads

open HTTP connection failed

2003-09-14 Thread achana

Hi all.
My environment is j2sdk4 and TC404. I am trying to implement SUN/Marty
hall's WebClient for administering host, port and requests. The code
uses java.net's SocketUtil. e.g.
(NetworkClient.java)
Socket client = new Socket(host, port);
handleConnection(client);
...
protected void handleConnection(Socket client){
PrintWriter out = SocketUtil.getWriter(client);
BufferedReader in = SocketUtil.getReader(client);
...
etc
...
I'm not sure whether this is TC4 or a java related problem, but all java
code compiles to class file okay.
My path is $CATALINA_HOME/webapps/examples/
In the server.xml I've uncommented the example Context, like this:
(server.xml)



   
   
   
  
  
   
   
...
In my TC log, I've this error:
"GET /examples/com/omh/utilities/WebClient.class HTTP/1.1" 404 675
.
On the java console, I have these errors (they tend to be very long and
tedious):
load: class com.omh.utilities.WebClient not
found.java.lang.ClassNotFoundException: com.omh.utilities.WebClient at
sun.applet.AppletClassLoader.findClass(Unknown Source)  at
sun.plugin.security.PluginClassLoader.findClass(Unknown Source)
...etc...Caused by: java.io.IOException: open HTTP connection failed.   at
sun.applet.AppletClassLoader.getBytes(Unknown Source)   at
sun.applet.AppletClassLoader.access$100(Unknown Source)
...etc...



Other demo and example servlets and jsp that come with the standard
install work find. Other stuff I put in examples work find as well.
Is this a TC setup error on my part???
TIA

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Puzzling SAXParseException error

2003-09-11 Thread achana

Thanks for taking time to look at the problem.

Tim Funk wrote:
> 
> With the amount of info and config available, I am at a loss. At this point,
> I would start from a virgin install, make sure that works ok. Then start
> making incremental changes and wait for things to error.
> 
> -Tim
> 
> [EMAIL PROTECTED] wrote:
> 
> > Hiya.
> > Yes, that's what I did before all these troubles started.
> > I've tried removing all the enties that I've made relating to manager
> > and then re-instating them, same error message in catalina.out.
> > Yet TC404 keeps on working.
> > server.xml has not got a DTD, but that's not required.
> >
> >
> > Tim Funk wrote:
> >
> >>The manager webapp is in catalina.jar. In 4.0.4, you declaration for the
> >>manager should look like this:
> >>
> >>Then there should be manager dir in the webapps directory from the default
> >>tomcat install.
> >>
> >>-Tim
> >>
> >>[EMAIL PROTECTED] wrote:
> >>
> >>
> >>>Hi Tim.
> >>>Thx for the tip.
> >>>I think it is complaining about not finding
> >>>org.apache.catalina.servlets.ManagerServlet, which is in
> >>>path/to/manager/WEB-INF/web.xml
> >>>In the meantime I've commented out the path and docBase for manager in
> >>>server.xml, but the error persists without affecting any other apps.
> >>>Opening the web.xml with Mozilla simply shows a long, unbroken,
> >>>hard-to-read string of code.
> >>>Do you know where I can get a copy of
> >>>org.apache.catalina.servlets.ManagerServlet for 4.0.4 ?
> >>>Arthur :-)
> >>>
> >>>Tim Funk wrote:
> >>>
> >>>
> Make sure your web.xml file(s) (and maybe server.xml) are all valid XML
> documents.
> 
> An easy way to do that is to open them in IE or mozilla.
> 
> For web.xml - also make sure it is valid against its dtd.
> 
> -Tim
> 
> [EMAIL PROTECTED] wrote:
> 
> 
> 
> >Hiya all.
> >I'am on Apache2/TC404, I was trying to make the Manager Application work
> >on 404.
> >I modified the context path in defaultHost="localhost" and a couple of
> >vosts to include path="/manager" and docbase="manager".
> >Then I found out I am missing altogether
> >/path/to/webaps/manager/WEB-INF/
> >"org.apache.catalina.serv;lets.ManagerServlet"
> >Nothing I could do, so Ibacked out the changes, but I get this error n
> >catalina.out on startup and shutdown:
> >
> >(catalina.out)
> >Starting service Tomcat-Apache
> >Apache Tomcat/4.0.4
> >PARSE error at line 14 column 13
> >org.xml.sax.SAXParseException: The content of element type "servlet"
> >must match
> >"(icon?,servlet-name,display-name?,description?,(servlet-class|jsp-file),init-param*,load-on-startup?,run-as?,security-role-ref*)".
> >Stopping service Tomcat-Apache
> >
> >Nothwithstanding, everything else under /path/to/webapps/private-stuff
> >work find - dog's bollock if ever there was one.
> >So how do I get rid of this spurious SAXParseException error message ?
> >
> >TIA :-)
> >
> >-
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>>
> >>>-
> >>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>>For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>>
> >>
> >>-
> >>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Puzzling SAXParseException error

2003-09-09 Thread achana

Hiya.
Yes, that's what I did before all these troubles started.
I've tried removing all the enties that I've made relating to manager
and then re-instating them, same error message in catalina.out.
Yet TC404 keeps on working.
server.xml has not got a DTD, but that's not required.


Tim Funk wrote:
> 
> The manager webapp is in catalina.jar. In 4.0.4, you declaration for the
> manager should look like this:
> 
> Then there should be manager dir in the webapps directory from the default
> tomcat install.
> 
> -Tim
> 
> [EMAIL PROTECTED] wrote:
> 
> > Hi Tim.
> > Thx for the tip.
> > I think it is complaining about not finding
> > org.apache.catalina.servlets.ManagerServlet, which is in
> > path/to/manager/WEB-INF/web.xml
> > In the meantime I've commented out the path and docBase for manager in
> > server.xml, but the error persists without affecting any other apps.
> > Opening the web.xml with Mozilla simply shows a long, unbroken,
> > hard-to-read string of code.
> > Do you know where I can get a copy of
> > org.apache.catalina.servlets.ManagerServlet for 4.0.4 ?
> > Arthur :-)
> >
> > Tim Funk wrote:
> >
> >>Make sure your web.xml file(s) (and maybe server.xml) are all valid XML
> >>documents.
> >>
> >>An easy way to do that is to open them in IE or mozilla.
> >>
> >>For web.xml - also make sure it is valid against its dtd.
> >>
> >>-Tim
> >>
> >>[EMAIL PROTECTED] wrote:
> >>
> >>
> >>>Hiya all.
> >>>I'am on Apache2/TC404, I was trying to make the Manager Application work
> >>>on 404.
> >>>I modified the context path in defaultHost="localhost" and a couple of
> >>>vosts to include path="/manager" and docbase="manager".
> >>>Then I found out I am missing altogether
> >>>/path/to/webaps/manager/WEB-INF/
> >>>"org.apache.catalina.serv;lets.ManagerServlet"
> >>>Nothing I could do, so Ibacked out the changes, but I get this error n
> >>>catalina.out on startup and shutdown:
> >>>
> >>>(catalina.out)
> >>>Starting service Tomcat-Apache
> >>>Apache Tomcat/4.0.4
> >>>PARSE error at line 14 column 13
> >>>org.xml.sax.SAXParseException: The content of element type "servlet"
> >>>must match
> >>>"(icon?,servlet-name,display-name?,description?,(servlet-class|jsp-file),init-param*,load-on-startup?,run-as?,security-role-ref*)".
> >>>Stopping service Tomcat-Apache
> >>>
> >>>Nothwithstanding, everything else under /path/to/webapps/private-stuff
> >>>work find - dog's bollock if ever there was one.
> >>>So how do I get rid of this spurious SAXParseException error message ?
> >>>
> >>>TIA :-)
> >>>
> >>>-
> >>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>>For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>>
> >>
> >>-
> >>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Puzzling SAXParseException error

2003-09-08 Thread achana

Hi Tim.
Thx for the tip.
I think it is complaining about not finding
org.apache.catalina.servlets.ManagerServlet, which is in
path/to/manager/WEB-INF/web.xml
In the meantime I've commented out the path and docBase for manager in
server.xml, but the error persists without affecting any other apps.
Opening the web.xml with Mozilla simply shows a long, unbroken,
hard-to-read string of code.
Do you know where I can get a copy of
org.apache.catalina.servlets.ManagerServlet for 4.0.4 ?
Arthur :-)

Tim Funk wrote:
> 
> Make sure your web.xml file(s) (and maybe server.xml) are all valid XML
> documents.
> 
> An easy way to do that is to open them in IE or mozilla.
> 
> For web.xml - also make sure it is valid against its dtd.
> 
> -Tim
> 
> [EMAIL PROTECTED] wrote:
> 
> > Hiya all.
> > I'am on Apache2/TC404, I was trying to make the Manager Application work
> > on 404.
> > I modified the context path in defaultHost="localhost" and a couple of
> > vosts to include path="/manager" and docbase="manager".
> > Then I found out I am missing altogether
> > /path/to/webaps/manager/WEB-INF/
> > "org.apache.catalina.serv;lets.ManagerServlet"
> > Nothing I could do, so Ibacked out the changes, but I get this error n
> > catalina.out on startup and shutdown:
> >
> > (catalina.out)
> > Starting service Tomcat-Apache
> > Apache Tomcat/4.0.4
> > PARSE error at line 14 column 13
> > org.xml.sax.SAXParseException: The content of element type "servlet"
> > must match
> > "(icon?,servlet-name,display-name?,description?,(servlet-class|jsp-file),init-param*,load-on-startup?,run-as?,security-role-ref*)".
> > Stopping service Tomcat-Apache
> >
> > Nothwithstanding, everything else under /path/to/webapps/private-stuff
> > work find - dog's bollock if ever there was one.
> > So how do I get rid of this spurious SAXParseException error message ?
> >
> > TIA :-)
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Puzzling SAXParseException error

2003-09-08 Thread achana

Hiya all.
I'am on Apache2/TC404, I was trying to make the Manager Application work
on 404.
I modified the context path in defaultHost="localhost" and a couple of
vosts to include path="/manager" and docbase="manager".
Then I found out I am missing altogether
/path/to/webaps/manager/WEB-INF/
"org.apache.catalina.serv;lets.ManagerServlet"
Nothing I could do, so Ibacked out the changes, but I get this error n
catalina.out on startup and shutdown:

(catalina.out)
Starting service Tomcat-Apache
Apache Tomcat/4.0.4
PARSE error at line 14 column 13
org.xml.sax.SAXParseException: The content of element type "servlet"
must match
"(icon?,servlet-name,display-name?,description?,(servlet-class|jsp-file),init-param*,load-on-startup?,run-as?,security-role-ref*)".
Stopping service Tomcat-Apache

Nothwithstanding, everything else under /path/to/webapps/private-stuff
work find - dog's bollock if ever there was one.
So how do I get rid of this spurious SAXParseException error message ?

TIA :-)

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Bit confused: Admin Tool vs Manager Application

2003-09-07 Thread achana

Hi.
Is it a simple mater of downloading some java code from
jakarta.apache.org and putting it in the proper folder ?
Does it require an upgrade from 404 to get the full functionalities?
TIA
:-)

Bill Barker wrote:
> 
> Tomcat 4.0.4 only has the 'manager' (which is similar to the 4.1.x 'manager'
> (but with fewer features), and the 3.3.x 'admin').
> 
> <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
> > THX, but where does 404 fit in.
> > It's neither 3.3+ or 4.1+
> > TIA
> >
> >
> > Bill Barker wrote:
> > >
> > > The 'admin' Context in 3.3.x is similar tothe 'manager' Context in
> 4.1.x.
> > > There are big difference when you get down to the specifics (e.g. 3.3
> > > doesn't include Ant tasks), but in "Big Picture" terms, they do much the
> > > same thing from the HTML interface.
> > >
> > > <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > > >
> > > > Hi All.
> > > > I'm on TC404, looking at manager configuration.
> > > > Is Administration Tool only available in TC3.x?
> > > > Is the Manager Applicatio only available in TC4.1+?
> > > > Seems like TC404 is somewhere in between.
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Bit confused: Admin Tool vs Manager Application

2003-09-07 Thread achana

THX, but where does 404 fit in.
It's neither 3.3+ or 4.1+
TIA


Bill Barker wrote:
> 
> The 'admin' Context in 3.3.x is similar tothe 'manager' Context in 4.1.x.
> There are big difference when you get down to the specifics (e.g. 3.3
> doesn't include Ant tasks), but in "Big Picture" terms, they do much the
> same thing from the HTML interface.
> 
> <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
> >
> > Hi All.
> > I'm on TC404, looking at manager configuration.
> > Is Administration Tool only available in TC3.x?
> > Is the Manager Applicatio only available in TC4.1+?
> > Seems like TC404 is somewhere in between.
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Bit confused: Admin Tool vs Manager Application

2003-09-06 Thread achana

 
Hi All.
I'm on TC404, looking at manager configuration.
Is Administration Tool only available in TC3.x?
Is the Manager Applicatio only available in TC4.1+?
Seems like TC404 is somewhere in between.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Missing ManagerServlet

2003-09-06 Thread achana

Hi All.
I'm on TC404
Its seems someone has walked off with my
"org.apache.catalina.servlets.ManagerServlet".
Where can I find a copy that I can javac in the hope that finally, the
manager would work.
Cheers :-)

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat and multiple processors

2003-09-04 Thread achana

(1) Install TC as many times as you need JVM instances;
(2) for each instance, rename home before proceeding with another
installation eg. 
CATALINA_HOME_tc1=/path/to/tc1
CATALINA_HOME_tc2=/path/to/tc2
etc
(3) for each inctance rename respective startup scripts eg
startup_tc1.sh or catalina_tc1.sh
startup_tc2.sh 
etc
(4) modify workers.properties to include the loadbalancer worker eg
worker.loadbalancer.type=lb
worker.loadbalancer.balanced_worker=myTC1, myTC2, myTC3,...
etc
(5) go through your configuratioo fles to ensure consisency in re-naming
worker to "loadbalancer"
(6) should you need to tie a vhost to a specific JVM or box then instead
of "loadbalancer", use a worker eg "myTC1"
eg.
(httpd.conf)

  ServerName dodgy.programmer.com.hk
  ...
  JkMount /goodClass loadbalancer
  JkMount /goodClass/* loadbalancer
  JkMount /dodgyClass myTC1
  JkMount /DodgyClass/* myTC1 

(7) In server.xml, ensure you have the corresponding virtual host and
docbase
(8) In web.xml, likewise ensure you have the corresponding mappings.

Yoav, John, tomcat-people, if this is correct, do you need someone to
write a "howto" ?



"Pitre, Russell" wrote:
> 
> Hey people..
> 
> Where can i find more information on the web about this subject,
> specifically setting up multiple jvm's tied to it's respective tomcat
> installation?  Doesn't have to include multiple processors
> 
> I'm very interested in this subject, basically, just curious as to how
> it all works  :)
> 
> Thanx in advance!
> Russ
> 
> -Original Message-
> From: John Turner [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 04, 2003 4:16 PM
> To: Tomcat Users List
> Subject: Re: Tomcat and multiple processors
> 
> Matt Raible wrote:
> 
> > 1.  Does it support multiple processors?  We have a Tomcat instance in
> 
> > production on a NT box with 4 processors, but Tomcat only seems to use
> 
> > one. Does the 1.4.2 JVM support MP?
> 
> Yes, at least on Sun hardware with Solaris 8, and Intel hardware with RH
> Linux 7.x (duals only...we don't have quads).  Don't know about Windows.
> 
> > 2.  We have IIS on the front end, and we are currently not able to
> > migrate to Apache.  We'd like to use the connectors (jk or jk2) to do
> > load-balancing and failover.  Do these connectors provide the support
> > we need?  Should be use a clustering architecture like JavaSpaces
> > (http://www.onjava.com/lpt/a/2422) instead?
> 
> The connectors can load balance, but unfortunately the IIS versions are
> sort of a crapshoot in my mind.
> 
> > 3.  We plan on deploying 42+ applications to a number of Tomcat
> > servers. Since each application will support 1 customer - I think it's
> 
> > a good idea to have 1 app -> 1 tomcat - so if Tomcat crashes, it only
> > affects that customer
> > - rather than all customers.  I've heard of setting up a CATALINA_BASE
> to
> > share Tomcat's core files, and then setup webapps directories for each
> > customer.  Does this sound reasonable?  Have have others done
> something like
> > this?
> 
> I agree with Yoav. All the way back with Tomcat 3.1 we had ours setup
> this way:
> 
> 1 virtual host = 1 Tomcat instance = 1 VM = 1 application
> 
> We've had a couple dozen set up like this for a long time, works like a
> charm.  I prefer this over using CATALINA_BASE, as I can treat each
> virtual host separately from any other, including giving each different
> JVM memory settings, etc.  Admittedly, we're an ASP, so we can dictate
> how many web apps go with each virtual host, but I would think having
> completely separate Tomcat instances would make sense in most real
> production environments.  The only thing you "lose" with multiple Tomcat
> instances is disk space, and disk is cheap.
> 
> John
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 5 book

2003-09-04 Thread achana

O'Reilly ?



John Turner wrote:
> 
> Yes.  I know for sure one is due early Q1 2004.  It is being written
> from scratch for Tomcat 5, it will not be a Tomcat 4 book "refreshed" or
> "tweaked" to support Tomcat 5.
> 
> John
> 
> Marco Tedone wrote:
> > Hi, is there in prevision any book about Tomcat 5?
> >
> > Marco
> >
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: starting tomcat as non-root

2003-09-03 Thread achana


> To get such a beast to appear on port 80 I'm using iptables on linux to
> forward from port 80 to port 8080 as described at
> http://www.klawitter.de/tomcat80.html

May the All Blacks thump the Rose ;-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: starting tomcat as non-root

2003-09-03 Thread achana

Tom Parker wrote:
>
> To get such a beast to appear on port 80 I'm using iptables on linux to
> forward from port 80 to port 8080 as described at
> http://www.klawitter.de/tomcat80.html
> 
Thanks :-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

starting tomcat as non-root

2003-09-03 Thread achana

Hi all.
I'm o TC4.0.4
I know this subject has been discussed many times before.
Are we getting any close to starting tomcat with user "nobody" or
"tomcat" or anything like that on 8080?
Sorry for the repetitiveness
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Any contractors from HK, S.E.Asia or India in this forum ?

2003-09-02 Thread achana

Beacuse I'm trying t put together a dedicated team in HK

Santos Jha wrote:
> 
> dude/dudess
> Why are u asking this question. Yes I am from SE Asia
> .so?
> 
> [EMAIL PROTECTED] wrote:
> 
> >C'mon
> >There are 7+ million people in HK, x-number of multi-nationals from
> >y-number of industry sectors.
> >I can't believe no HK person is contributing to or listening in on this
> >forum.
> >Don't be shy.
> >
> >[EMAIL PROTECTED] wrote:
> >
> >
> >>Hiya, all.
> >>Any contractors in this forum specializing in java applet/servlet, a2s,
> >>jndi in an apache2/tc4 environment and are from HK/China, S.E.Asia or
> >>India ? Got a website?
> >>TIA :-)
> >>
> >>  
> >>-
> >>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >>
> >>
> >>-
> >>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>For additional commands, e-mail: [EMAIL PROTECTED]
> >>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

howto: multiple TC's on one machine

2003-09-02 Thread achana

Hiya.
In order to have two TC instances on one machine, am I right I need only
install TC twice e.g.
CATALINA_HOME_tc1 = /path/to/tomcat4_tc1/conf
CATALINA_HOME_tc2 = /path/to/tomcat4_tc2/conf
and then rename /path/to/tomcat4_tc1/conf/catalina.sh to catalina_tc1.sh
, ditto for tc2 e.g. 
[tomcat]#catalina_tc1.sh start
*
I am doing this for "robustness" rather than performance. I assume that
normally one TC performs better than 2 TC's o one box
Is it okay to allocate different amount of memory to each virtual TC in
web.xml?
*
TIA :-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

about worker.list - non comprendo

2003-09-01 Thread achana

It works like this, but it is not making sense to me at the moment.
In httpd.conf, for each vhost, I changed the lines to read :

...ellided...
  JkMount /path diehard1
  JkMount /path/* diehard1
...other contexts...

Does this mean I must allocate one specific TC server for a given vhost
? 
I was under the impresson that the vhost could use any available TC
servers in a load sharing env. ?!?
Am I missing something here, this is not how I envisage it.
And that thing about Listener's jkWorker defaulting to "ajp13" is not
famous either. Switch off "Listener".
Eeek, ahhh, ohh. 

[EMAIL PROTECTED] wrote:
> 
> Hiya all.
> I'm using Apache2.0.40/TC4.0.4
> Currently, on my web server's worker.properties, I've
> "worker.list=ajp13", which works fine.
> In preparation for a second tomcat, I am modifying the worker.list
> As a test, I changed it to "worker.list=diehard1"  and ditto for all
> subsequent references to this name, then restarted apache and tomcat.
> My java console reports this error :
> java.io.FileNotFoundException:https://path/to/class_file
> ..etc...
> ..etc...
> 
> Change the worker name from "diehard1" back to "ajp13" and it works
> again!
> I am ploughing through "Chapt 13 The AJP Connector" in the book
> "Professional Apache Tomcat" - I seem to have done all the right things.
> Except, it won't work if I change the name, but what's in a name?
> Enlightenment please?
> 
>   
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

about worker.list - non comprendo

2003-09-01 Thread achana

Hiya all.
I'm using Apache2.0.40/TC4.0.4
Currently, on my web server's worker.properties, I've
"worker.list=ajp13", which works fine.
In preparation for a second tomcat, I am modifying the worker.list
As a test, I changed it to "worker.list=diehard1"  and ditto for all
subsequent references to this name, then restarted apache and tomcat.
My java console reports this error : 
java.io.FileNotFoundException:https://path/to/class_file
..etc...
..etc...

Change the worker name from "diehard1" back to "ajp13" and it works
again!
I am ploughing through "Chapt 13 The AJP Connector" in the book
"Professional Apache Tomcat" - I seem to have done all the right things.
Except, it won't work if I change the name, but what's in a name?
Enlightenment please?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Any contractors from HK, S.E.Asia or India in this forum ?

2003-08-27 Thread achana

C'mon
There are 7+ million people in HK, x-number of multi-nationals from
y-number of industry sectors.
I can't believe no HK person is contributing to or listening in on this
forum.
Don't be shy.

[EMAIL PROTECTED] wrote:
> 
> Hiya, all.
> Any contractors in this forum specializing in java applet/servlet, a2s,
> jndi in an apache2/tc4 environment and are from HK/China, S.E.Asia or
> India ? Got a website?
> TIA :-)
> 
>   
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Opposite of Persistent manager

2003-08-27 Thread achana

Hi all.
Currently I am using session timeout on web.xml
Ideally if a user walks away from the terminal, even for a short while,
the session dies and the display is cleared.
I guess that has to be handled programmaticaly rather than through TC4.
???
TIA :-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: No need for catalina.policy?

2003-08-27 Thread achana

 
How does a malicious foreign applet come to be on my linux/apache2
web-server where only two ports are listening and most services disabled
?
The only way the applets can communicate with the servlets is through an
a2s http-tunnel!
Does this relate a "threat mode" where the threat comes from within the
rank and file ?
Assuming single sign-on is available on TC4.0.x (I haven't looked yet),
that's two sign-on's that a user needs to get to the goodies, and that
is excluding the network sign on.
:-o


"Shapira, Yoav" wrote:
> 
> Howdy,
> No, you're not right.  The two provide different views of security.
> Httpd.conf controls apache, not tomcat, and does nothing to prevent, for
> example, the execution of malicious applets.  Catalina.policy or
> whatever you want to call the policy file is used by the JVM security
> manager to enforce its policies, including for example applet
> sandboxing.  If you're not clear what the security manager does, read up
> the JDK documentation for it.
> 
> If should use them both if you're concerned about security.
> 
> Yoav Shapira
> Millennium ChemInformatics
> 
> >-Original Message-
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> >Sent: Tuesday, August 26, 2003 12:14 AM
> >To: [EMAIL PROTECTED]
> >Subject: No need for catalina.policy?
> >
> >Hi
> >Please tell me once more.
> >Am I right in assumng that I don't really need catalina.policy if I use
> >httpd.conf to control access ?
> >If t, how do they interact ?
> >TIA :-)
> 
> This e-mail, including any attachments, is a confidential business communication, 
> and may contain information that is confidential, proprietary and/or privileged.  
> This e-mail is intended only for the individual(s) to whom it is addressed, and may 
> not be saved, copied, printed, disclosed or used by anyone else.  If you are not 
> the(an) intended recipient, please immediately delete this e-mail from your computer 
> system and notify the sender.  Thank you.
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Manager Application and catalina.policy?

2003-08-27 Thread achana

H
Does HttpConnector have to be enabled on some port e.g. 8080 to use
Manager Application ? I am happy with just Ajp at the moment.
I am on TC4.0.x and it is not possible to upgrade to TC4.1.x at the
moment.
Cheers :-)



"Shapira, Yoav" wrote:
> 
> Howdy,
> No, you're not right.  The two provide different views of security.
> Httpd.conf controls apache, not tomcat, and does nothing to prevent, for
> example, the execution of malicious applets.  Catalina.policy or
> whatever you want to call the policy file is used by the JVM security
> manager to enforce its policies, including for example applet
> sandboxing.  If you're not clear what the security manager does, read up
> the JDK documentation for it.
> 
> If should use them both if you're concerned about security.
> 
> Yoav Shapira
> Millennium ChemInformatics
> 
> >-Original Message-
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> >Sent: Tuesday, August 26, 2003 12:14 AM
> >To: [EMAIL PROTECTED]
> >Subject: No need for catalina.policy?
> >
> >Hi
> >Please tell me once more.
> >Am I right in assumng that I don't really need catalina.policy if I use
> >httpd.conf to control access ?
> >If t, how do they interact ?
> >TIA :-)
> 
> This e-mail, including any attachments, is a confidential business communication, 
> and may contain information that is confidential, proprietary and/or privileged.  
> This e-mail is intended only for the individual(s) to whom it is addressed, and may 
> not be saved, copied, printed, disclosed or used by anyone else.  If you are not 
> the(an) intended recipient, please immediately delete this e-mail from your computer 
> system and notify the sender.  Thank you.
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

No need for catalina.policy?

2003-08-26 Thread achana

Hi
Please tell me once more.
Am I right in assumng that I don't really need catalina.policy if I use
httpd.conf to control access ?
If t, how do they interact ?
TIA :-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Any contractors from HK, S.E.Asia or India in this forum ?

2003-08-26 Thread achana

Hiya, all.
Any contractors in this forum specializing in java applet/servlet, a2s,
jndi in an apache2/tc4 environment and are from HK/China, S.E.Asia or
India ? Got a website?
TIA :-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

at engine or vhost level ?

2003-08-24 Thread achana

Hi all.
Performance-wise, should AccessLogValve be moved to engine level rather
than have one valve per vhost ???
TIA :-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: maxProcessors problem

2003-08-21 Thread achana


> >It seems that TC4 has some algorithm which tags objects (read
> >HttpRequests) as long- or short-lived.
> 
> Please do tell where you got that impression?  ;)
> 
Actually I got that out of the book "Professional Apache Tomcat".
Better than reading through reams of JAVA codes :-))
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: maxProcessors problem

2003-08-20 Thread achana


> Not true.  They will be reclaimed when possible according to the
> selected GC algorithm
> 
Aha, are there actually different reclamation algorithms that I can
select from ??
I mean, like some parameter in catalina.sh ??
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: maxProcessors problem

2003-08-20 Thread achana

Hi all.
It seems that TC4 has some algorithm which tags objects (read
HttpRequests) as long- or short-lived.
At 70+ connections per second, I guess most of your HttpRequests would
be short lived, which means the gc will reclaim them first, but not
until the heap is exhausted.
So it might help to allocate more to the short lived requests to force
gc to reclaim more often, like this:

-XX:NewSize=448m -XX:MaxNewSize=448m

This should force the allocation of half the memory to short-lived
requests and make gc reclaim more often.
You might like to tweak it some more to achieve optimum results ?
Please keep us posted on this.
Hope that helps.
Arthur ;-)




Mike Cherichetti (Renegade Internet)" wrote:
> 
> The server has 2 GB physical memory and 4 GB swap file.  During peak times
> I'm hitting between 60 and 75 requests per second and it is using pretty
> close to all of the memory.  I've seen the JVM using ~ 830 MB watching top.
> 
> Thanks,
> Mike
> 
> -Original Message-
> From: Kwok Peng Tuck [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 19, 2003 9:24 PM
> To: Tomcat Users List
> Subject: Re: maxProcessors problem
> 
> If I may ask how much physical memory do you have in the first place ?
> Do you really have that much to give to the for the max heap size ?
> 
> Mike Cherichetti (Renegade Internet) wrote:
> 
> >I've set CATALINA_OPTS to use -Xmx896m and -Xms384m.  That works fine with
> >maxProcessors set to 384.  Problem is, if I set -Xmx higher or
> maxProcessors
> >higher, I get he OutOfMemoryError.
> >
> >Thanks,
> >Mike
> >
> >-Original Message-
> >From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
> >Sent: Tuesday, August 19, 2003 9:12 AM
> >To: Tomcat Users List; [EMAIL PROTECTED]
> >Subject: RE: maxProcessors problem
> >
> >
> >
> >Howdy,
> >What's your -Xmx setting to the JVM?
> >
> >Yoav Shapira
> >Millennium ChemInformatics
> >
> >
> >
> >
> >>-Original Message-
> >>From: Mike Cherichetti (Renegade Internet)
> >>[mailto:[EMAIL PROTECTED]
> >>Sent: Monday, August 18, 2003 4:42 PM
> >>To: Tomcat Users
> >>Subject: maxProcessors problem
> >>
> >>First off, I'm using RedHat Linux 7.3, IBM JDK 1.4.1, and Tomcat 4.1.24
> >>
> >>
> >on
> >
> >
> >>an IBM xSeries with Dual Xeon 2 GHz processors, 2 GB RAM, and SCSI
> >>
> >>
> >disks.
> >
> >
> >>I'm trying to get Tomcat to handle a lot of traffic (4-5 million hits
> >>
> >>
> >per
> >
> >
> >>day) and bumping up against a problem I for life of me can't figure
> >>
> >>
> >out.
> >
> >
> >>So, I'm hoping someone else on this list has run into this problem and
> >>
> >>
> >can
> >
> >
> >>help me out!
> >>
> >>Basically, I can't set maxProcessors higher than 384.  If I do, Tomcat
> >>
> >>
> >ends
> >
> >
> >>up choking (it doesn't crash, it just stops creating more request
> >>processors) and I get the following in catalina.out:
> >>
> >>Aug 18, 2003 5:05:02 AM org.apache.coyote.http11.Http11Protocol start
> >>INFO: Starting Coyote HTTP/1.1 on port 80
> >>Aug 18, 2003 5:05:05 AM
> >>org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run
> >>SEVERE: Caught exception executing
> >>[EMAIL PROTECTED], terminating thread
> >>java.lang.OutOfMemoryError: JVMCI015:OutOfMemoryError, cannot create
> >>anymore
> >>threads due to memory or resource constraints
> >>   at java.lang.Thread.start(Native Method)
> >>   at
> >>org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.(Thread
> >>
> >>
> >Pool
> >
> >
> >>.
> >>java:582)
> >>   at
> >>org.apache.tomcat.util.threads.ThreadPool.openThreads(ThreadPool.java:4
> >>
> >>
> >60)
> >
> >
> >>   at
> >>org.apache.tomcat.util.threads.ThreadPool.runIt(ThreadPool.java:293)
> >>   at
> >>org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:5
> >>
> >>
> >36)
> >
> >
> >>   at
> >>org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPoo
> >>
> >>
> >l.ja
> >
> >
> >>v
> >>a:619)
> >>   at java.lang.Thread.run(Thread.java:568)
> >>
> >>Now, I know that the JVM has plenty of memory left that it can be
> >>
> >>
> >allocated
> >
> >
> >>and the system has plenty of free memory, so I'm not sure it's really a
> >>memory issue.  As I said, Tomcat still runs and the memory allocated to
> >>
> >>
> >the
> >
> >
> >>JVM increases, it just doesn't have nearly enough request processors
> >>created
> >>at the point this error happens to deal with all of the traffic.  I've
> >>tried
> >>playing around with ulimit settings, but those didn't have any impact.
> >>I've
> >>also tried the Sun JVM and it did the same thing.
> >>
> >>Has anyone run into this problem or something like it before?
> >>
> >>Any help would be greatly appreciated!
> >>
> >>Thanks,
> >>Mike
> >>
> >>
> >>
> >>
> >>-
> >>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >
> >
> >
> >
> >This e-mail, including any attachments, is a confidential business

About heap size, gc and newsize

2003-08-19 Thread achana

Hi all.
I am trying to get gc to reclaim more regularly by clearing short live
HttpRequest. Is this syntax corrrect, doesn't seem to do much whichever
way I tweak it :
(catalina.sh)
...
JAVA_OPTS="-Xms256m -Xmx256m -XX:NewSize=128m -XX:MaxNewSize=128m"

TIA :-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

writing to catalina.log

2003-08-18 Thread achana

Hi, all.
Currently, our output to catalina.log is programmatically controlled,
when we want to change the logged events and content, we have to modify
the java code and javac it again.
Is there anyway to work around this, not having to recompile?
TIA :-)

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [OT] how to pronounce Apache ?

2003-08-14 Thread achana

Apache has NOTHING to do with indigenous American people.
It stands for "a patchy" software.


Eugene Lee wrote:
> 
> On Mon, Aug 11, 2003 at 02:49:52PM +0530, Antony paul wrote:
> :
> : I would like to know how to pronoune Apache in US English. I found two
> : pronounciations at http://dictionary.reference.com/search?q=apache which one
> : is right ?. Or any other forms ?
> 
> If we're talking about the web server, look at the pronunciation given
> for the definition of "A Native American people".
> 
> --
> Eugene Lee
> http://www.coxar.pwp.blueyonder.co.uk/
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Off topic : any tools for testing mod_ssl/OpenSSL ???

2003-08-14 Thread achana

Hi All.
I have got my Apache mod_ssl/OpenSSL talking with Tomcat nicely using
MSIE5, Netscape 6.2 and Mozilla.
On Netscape 7.1, it says I am transmiting in clear text for all to see
AFTER logging in and accepting the certificate !?! SOmehow I doubt that,
I think it is telling me fips.
Are there any tools to tes whether the transmission is in clear text ?
TIA :-)

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

OFF TOPIC: OpenSSL httpd.conf and Netscape...

2003-08-14 Thread achana

Such silence... :
For those interested, the vhosts work fine on one IP, as described
earlier, and after downloading and patching Netscape 6.2, it is working
the way it should. So now, with the afore-mentioned setup in httpd.conf,
I have three browsers working :
*  MSIE5
(just fine...)
*  Netscape 6.2 (works fine after patching it, costing about 2 days of
effort so far)
*  Mozilla (just fine...)
Apache2 talks with Tomcat servlets, access Oracle and deliver the data
back to the applets, displayed on the browsers.


Netscape 7.1 -DOES NOT WORK - BUM!
Here's what happened :
** connect to home page http://my.first.com
** from home page, I click on a secure link, which takes me to my ugly
splash screen
and https://my.secure.dom
** click to continue and certificate presents itself, then sign in
** normally Netscape's little lock (bottom right) is closed by now, but
not in 7.1
** continue locking in and getting the data from database via Tomcat
** Netscape 7.1 says no certificate and transmission is in clear text
for all to read, yet from my end I have the transmission all encrypted.
MSIE5, Mozilla, and now even Netscape6.2 shows that the tranmission is
encrypted.
** But Netscape 7.1 disagrees with Netscape 6.2, MSIE5 and Mozilla
and if Netscape 7.1 is genuine, than it has broken OpenSSL and mod_ssl.
Hmmm..

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

testing ezmlm - do not reply

2003-08-11 Thread achana

tesing email manager ezmlm
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Client SSL certificates signed by Windows Certificate Server

2003-08-11 Thread achana

Bill Barker wrote:
> 
> "Martin Jericho" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > - Original Message -
> > From: "Bill Barker" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, August 11, 2003 2:03 PM
> > Subject: Re: Client SSL certificates signed by Windows Certificate Server
> >
> >
> > >
> > > "Martin Jericho" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]
> > > > I am trying to use Windows Certificate Server to sign my client
> > > > certificates.
> > > >
> > > > First I tried to use a certificate that was generated in IE, but that
> > > didn't
> > > > seem to work (has anyone gotten this to work before?), so now I am
> > trying
> > > > certificates generated by IBM's keyman program.
> > > >
> > > > These are the steps I take:
> > > >
> > > > 1.  In keyman, generate a key pair in a PKCS#12 file.
> > > > 2.  Create a certificate request based on this key pair
> > > > 3.  In Microsoft Certificate Server's certsrv webpage, select the
> > > following
> > > > options:
> > > > - "Request a certificate"
> > > > - "Advanced Request"
> > > > - "Submit a certificate request using a base64 encoded PKCS #10
> file
> > > or
> > > > a renewal request using a base64 encoded PKCS #7 file"
> > > > 4.  Paste the certificate request into the window
> > > > 5.  Issue the certificate request on the server
> > > > 6.  In Microsoft Certificate Server's certsrv webpage, select "Check
> on
> > a
> > > > pending certificate" and select the saved-request certificate
> > > > 7.  Click on the "Download CA Certification Path" link, and save the
> > > > certnew.p7b file to disk
> > > > 8.  In keyman, import the .p7b file.  This attaches itself to the
> > original
> > > > key pair.
> > > > 9.  Save the keystore as a .p12 file
> > > > 10.  Import this .p12 file into IE
> > > > 11.  Export the signing certificate from IE into a file called
> MyCA.cer
> > > > 12.  Import this cer file into Java's cacerts keystore
> > > > 13.  Restart tomcat
> > > >
> > > > At this stage everything should work, but it doesn't.  I can only get
> it
> > > to
> > > > work by exporting the new certificate itself into a .cer file and
> > > importing
> > > > that into the cacerts file.  For some reason, tomcat doesn't trust
> > Windows
> > > > Certificate Server's root certificate, or at least doesn't trust any
> > > > certificates signed by it, even after I have imported it into the
> > cacerts
> > > > file.
> > > >
> > > > Has anyone done this before?
> > >
> > > Yup, it should work as you've described.  I don't know anything about
> WCS
> > > (or care to know :), but does it sign with an intermediate cert?  If so,
> > > they you'll probably have to import the intermediate cert as well (so
> that
> > > Tomcat can verify BasicConstraints etc.).

> Of course it checks the entire cert chain.  It would be a security hole if
> it didn't (e.g. anyone could simply issue themselves a cert, and login).
> All that should be required is that you have the root cert in cacerts, and
> then Tomcat should validate your client-certs (w/o requiring that they be
> imported).
 
Sorry to bud into this thread...
I use Apache + mod_ssl to talk with OpenSSL with Tomcat behind that.
I have signed my own certificate. 
How do I know Apache is checking the imported certificate ?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Apache's SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt:460

2003-08-09 Thread achana

A bit off topic again.
I have apache 2.0.40 + mod_ssl talking with OpenSSL. 
Things seem to be working, client browsers present certificate and
log-on, tells me its "high grade encryption" etc.
But when I do
[ssl]# openssl s_client localhost:443 -state -debug
I still get this error message :
SSL_connect:SSLv2/v3 write client hello A
read from 0809D018 [080A25C0] (7 bytes => 7 (0x7))
 - 3c 21 44 4f 43 54 59  -
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Off topic : frightening test for mod_ssl/OpenSSL ???

2003-08-06 Thread achana

I forgot to add the frightening result of following test (like doctor
telling you that you've leukemia) :
[ssl]# openssl s_client -connect localhost:443 -state -debug
CONNECTED(0003)
SSL_connect:before/connect initialization
write to 0809D018 [0809D060] (124 bytes => 124 (0x7C))
 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .zQ...
.
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04  
.f..
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00  
...e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00  
.c..b..a..`.
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08  
[EMAIL PROTECTED]
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 c9 59 35 e7  
.Y5.
0060 - c1 f3 05 15 5b ba 68 1d-76 e1 b5 a0 bf 82 f8 36  
[.h.v..6
0070 - d9 3c 79 71 a6 5f e1 11-b6 32 ea c8   . 7 (0x7))
 - 3c 21 44 4f 43 54 59   
> Hi All.
> TCPDUMP-ing the login for NYTimes.com as a control group I can certainly
> see USERID and PASSWORD (and other things) eg.
> ...
> Referer: http://www.nytimes.com/auth/login
> Accept-Language: en-us
> Content-Type: application/x-www-form-urlencoded
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
> Host: www.nytimes.com
> Content-Length: 84
> Connection: Keep-Alive
> Cache-Control: no-cache
> Cookie: RMID; tpopunder_orbitz23a-nyt4; NYT-S; nyt-d;
> tpopunder_orbitz23-nyt4; spopunder;
> NYT_GR=3f3069f9-eD5iDGvcR1EwqdL/n8+qGA
> is_continue=true&URI=&OQ=&USERID=niemand&PASSWORD=geheimnis&log=Log+In&SAVEOPTION=YES÷
> 1?&(r)
> ...
> After enabling httpd with mod_ssl, the TCPDUMP from the following client
> browsers are mostly NOT human-readable :
> * Mozilla
> * MSIE5
> * Nescape 6.2
> * Netspcae 7.1 (which is the bee in the bonnet)
> They all present the login dialogue box and the "untrusted self-signed
> certificate" screen.
> Therefore it might be a bug with 7.1, which seemingly does not report an
> embedded secure link from an unsecured page as such eg. from
> http:/my.first.do which as a link to https://my.secure.dom
> However,in 7.1, if I key in the URL https://my.secure.dom (ie without
> going through http://my.first.dom), the lock closes and one can view the
> certificate info by clicking on it.
> 
> I assume this is how it works :
> Step 1: certificate presented, accepts and ecrypt input from client
> browser
> Step 2: transmit to mod_ssl enabled Apache2 server
> Step 3: Off to Tomcat courtesy of following bits of code :
> ...
> 
> ServerName my.dom.com
> ServerAdmin [EMAIL PROTECTED]
> DocumentRoot /home/king/public_html
> ErrorLog /usr/local/apache2/logs/king_error.log
> CustomLog /usr/local/apache2/logs/king_access.log common
> 
>SSLEngine on
>SSLCipherSuite
> ALL:!ADH:!EPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>SSLCertificateFile /path/to/ssl/server.crt
>SSLCertificateKeyFile /path/to/server.key
> 
> JkExtractSSL on
> JkHTTPSIndicator HTTPS
> JkSESSIONIndicator SSL_SESSION_ID
> JkCIPHERIndicator SSL_CIPHER
> JkCERTSIndicator SSL_CLIENT_CERT
> JkMount /dom ajp13
> JkMount /dom/* ajp13
> 
> ...
> Step 4 : FIX ME - does Apache2 unecrypt content before passing on to
> Tomcat ???
> Step 5 : FIX ME - does Tomcat pass db data back to Apache2 and the data
> get encrypted there ???
> 
> If anyone out there has similar or diff experience, please share it.
> 
> Ralph Einfeldt wrote:
> >
> > One way to verify this, is to use a packet sniffer
> > and watch the pakets that are exchanged bewenn server
> > and browser.
> >
> > Under linux you can use tcpdump.
> >   http://www.tcpdump.org/
> >
> >
> > tcpdump has also a windows brother (or sister):
> >   http://windump.polito.it/
> >
> > Under linux and windows you can use ethereal:
> >   http://www.ethereal.com/
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > > Sent: Tuesday, August 05, 2003 9:17 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Off topic : any tools for testing mod_ssl/OpenSSL ???
> > >
> > >
> > > Hi All.
> > > I have got my Apache mod_ssl/OpenSSL talking with Tomcat nicely using
> > > MSIE5, Netscape 6.2 and Mozilla.
> > > On Netscape 7.1, it says I am transmiting in clear text for all to see
> > > AFTER logging in and accepting the certificate !?! SOmehow I
> > > doubt that,
> > > I think it is telling me fips.
> > > Are there any tools to tes whether the transmission is in clear text ?
> > > TIA :-)
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> > >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> 
> -

Off topic : tools for testing mod_ssl/OpenSSL ???

2003-08-05 Thread achana

Hi All.
TCPDUMP-ing the login for NYTimes.com as a control group I can certainly
see USERID and PASSWORD (and other things) eg.  
...
Referer: http://www.nytimes.com/auth/login
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Host: www.nytimes.com
Content-Length: 84
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: RMID; tpopunder_orbitz23a-nyt4; NYT-S; nyt-d;
tpopunder_orbitz23-nyt4; spopunder;
NYT_GR=3f3069f9-eD5iDGvcR1EwqdL/n8+qGA
is_continue=true&URI=&OQ=&USERID=niemand&PASSWORD=geheimnis&log=Log+In&SAVEOPTION=YES÷
1?&(r)
...
After enabling httpd with mod_ssl, the TCPDUMP from the following client
browsers are mostly NOT human-readable :
* Mozilla
* MSIE5
* Nescape 6.2
* Netspcae 7.1 (which is the bee in the bonnet)
They all present the login dialogue box and the "untrusted self-signed
certificate" screen.
Therefore it might be a bug with 7.1, which seemingly does not report an
embedded secure link from an unsecured page as such eg. from
http:/my.first.do which as a link to https://my.secure.dom
However,in 7.1, if I key in the URL https://my.secure.dom (ie without
going through http://my.first.dom), the lock closes and one can view the
certificate info by clicking on it.

I assume this is how it works :
Step 1: certificate presented, accepts and ecrypt input from client
browser
Step 2: transmit to mod_ssl enabled Apache2 server
Step 3: Off to Tomcat courtesy of following bits of code :
...

ServerName my.dom.com
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/king/public_html
ErrorLog /usr/local/apache2/logs/king_error.log
CustomLog /usr/local/apache2/logs/king_access.log common

   SSLEngine on
   SSLCipherSuite
ALL:!ADH:!EPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
   SSLCertificateFile /path/to/ssl/server.crt
   SSLCertificateKeyFile /path/to/server.key

JkExtractSSL on
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID
JkCIPHERIndicator SSL_CIPHER
JkCERTSIndicator SSL_CLIENT_CERT
JkMount /dom ajp13
JkMount /dom/* ajp13

...
Step 4 : FIX ME - does Apache2 unecrypt content before passing on to
Tomcat ???
Step 5 : FIX ME - does Tomcat pass db data back to Apache2 and the data
get encrypted there ???

If anyone out there has similar or diff experience, please share it.

Ralph Einfeldt wrote:
> 
> One way to verify this, is to use a packet sniffer
> and watch the pakets that are exchanged bewenn server
> and browser.
> 
> Under linux you can use tcpdump.
>   http://www.tcpdump.org/
> 
> 
> tcpdump has also a windows brother (or sister):
>   http://windump.polito.it/
> 
> Under linux and windows you can use ethereal:
>   http://www.ethereal.com/
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, August 05, 2003 9:17 AM
> > To: [EMAIL PROTECTED]
> > Subject: Off topic : any tools for testing mod_ssl/OpenSSL ???
> >
> >
> > Hi All.
> > I have got my Apache mod_ssl/OpenSSL talking with Tomcat nicely using
> > MSIE5, Netscape 6.2 and Mozilla.
> > On Netscape 7.1, it says I am transmiting in clear text for all to see
> > AFTER logging in and accepting the certificate !?! SOmehow I
> > doubt that,
> > I think it is telling me fips.
> > Are there any tools to tes whether the transmission is in clear text ?
> > TIA :-)
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Is this an OpenSSL or httpd problem ???

2003-08-04 Thread achana

Hi All.
Problem : Netscape 6.2 would not "redirect"from http://my.first.com to
https://my.secure.dom
I have two vhost entries, first one listens on port 80 and secure one on
443.
My bjective : from the first web-site, creae a link to a secure one in
index.html using an anchor e.g. http://my
secure.dom">ClickMe
In tmy http.conf, I have this setup :
...
(http.conf)
Listen 192.168.100.1:80
Listen 443
NameVirtualHost 192.168.100.1

ServerName my.first.dom
...

# I added the following 4 lines just for Netscape6.2

ServerName my.secure.dom
Redirect /index.html https://my.secure.dom/index.html

# as far as MSIE5 or Linux/Mozilla are concerned, following lines are
all that's needed to make it work...

ServerName my.secure.com
...
 ...blabla
...


Works fine with MSIE5 and Lnux/Mozilla, just not Netscape6.2
In netscape, the unsecure site presents itself again when I click on the
link the my.secure.dom, as if it culdn't reslve the URL and defaults to
my.first.dom.

Error log tells me that SSLSessonCache is not configured.
Doesn't seem related.
What do need to do to get Netscape6.2 working ???

TIA :-(

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

OFF-TOPIC: using .htpasswd and OpenSSL

2003-08-03 Thread achana

Hi All.
I use .htpasswd to protect some directories/vhosts which are
OpenSSL-enabled.
Ideally I would like to use MD5 rather than Basic for logging on.
How does this work togethr with the OpenSSL encryption ? 
This odd idea lingers in the back of my mind that OpenSSL might encrypt
the encrypted password again, which is silly.
TIA :-)

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [OFF TOPIC ] Openssl..error creating server.crt ???

2003-07-30 Thread achana

I should add that openssl.cnf is  same RH default directory and I have
edited it a tiny bit.

[EMAIL PROTECTED] wrote:
> 
> >> I had some, for me, un-decipherable error messages when trying to sign
> >> my own certificate.
> >> First I created  my private key and certificate signing request :
> >> [ssl]# openssl genrsa -des3 -out sever.key 1024
> >> [ssl]# openssl req -new -key server.key -out server.csr
> >> Then I created my own certificate authority:
> >> [ssl]# openssl genrsa -des3 -out ca.key 1024
> >> Next, I created a self-signed CA certificate with my rsa key:
> >> [ssl]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
> >> Finally, I attempted to sign the ca.crt
> >> [ssl]# ./sign.sh private/server.csr
> 
> These seem to be very much like the ones listed in the mod_ssl faq.
> http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29
> 
> >> 2117:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
> >> type is not 01:rsa_pk1.c:100:
> 
> Just out of curiosity, when sign.sh run the commands
> 
>   openssl ca -config ...
> 
> what is the argument to -config?  Is the CA_Authority section in that
> configuration file referencing your CA?
> 
> --
> Steve
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[OFF TOPIC ] Openssl..error creating server.crt ???

2003-07-30 Thread achana

Hi Steve.
Well actually, nothing !
...
CA signing: private/server.csr -> private/server.crt:
Using configuration from ca.config
Enter PEM pass phrase:
...
and so forth. But it doesn't tell me what are the configuration
parameters.
I tried this a few times, always the same error messages but it builds
the requisite server.crt at the end.
Is ca.config some file I am suposed t have, t is very hard to find
anything in RedHat.
TIA

[EMAIL PROTECTED] wrote:
> 
> >> I had some, for me, un-decipherable error messages when trying to sign
> >> my own certificate.
> >> First I created  my private key and certificate signing request :
> >> [ssl]# openssl genrsa -des3 -out sever.key 1024
> >> [ssl]# openssl req -new -key server.key -out server.csr
> >> Then I created my own certificate authority:
> >> [ssl]# openssl genrsa -des3 -out ca.key 1024
> >> Next, I created a self-signed CA certificate with my rsa key:
> >> [ssl]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
> >> Finally, I attempted to sign the ca.crt
> >> [ssl]# ./sign.sh private/server.csr
> 
> These seem to be very much like the ones listed in the mod_ssl faq.
> http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29
> 
> >> 2117:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
> >> type is not 01:rsa_pk1.c:100:
> 
> Just out of curiosity, when sign.sh run the commands
> 
>   openssl ca -config ...
> 
> what is the argument to -config?  Is the CA_Authority section in that
> configuration file referencing your CA?
> 
> --
> Steve
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [OFF TOPIC ] Openssl..error creating server.crt ???

2003-07-29 Thread achana

Oh, I should mention that I
[ssl] # apachectl startssl
will start apache wil ssl support (other than the error about virtual
hosts)
but how can I trust that with the error messages I got, which seem to
relate to the encryption routine ???


[EMAIL PROTECTED] wrote:
> 
> Hi. Sorry about being off-topic.
> I had some, for me, un-decipherable error messages when trying to sign
> my own certificate.
> First I created  my private key and certificate signing request :
> [ssl]# openssl genrsa -des3 -out sever.key 1024
> [ssl]# openssl req -new -key server.key -out server.csr
> Then I created my own certificate authority:
> [ssl]# openssl genrsa -des3 -out ca.key 1024
> Next, I created a self-signed CA certificate with my rsa key:
> [ssl]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
> Finally, I attempted to sign the ca.crt
> [ssl]# ./sign.sh private/server.csr
> 
> Here is the tail-end of the output :
> ...
> Certificate is to be certified until Jul 29 16:00:25 2004 GMT (365 days)
> Sign the certificate? [y/n]:y
> 
> 1 out of 1 certificate requests certified, commit? [y/n]y
> Write out database with 1 new entries
> Data Base Updated
> CA verifying: private/server.crt <-> CA cert
> private/server.crt: /C=HK/ST=HK/O=SAYS I.T. Co.
> Ltd./CN=www.saysit.com.hk/[EMAIL PROTECTED]
> error 18 at 0 depth lookup:self signed certificate
> /C=HK/ST=HK/O=SAYS I.T. Co.
> Ltd./CN=www.saysit.com.hk/[EMAIL PROTECTED]
> error 7 at 0 depth lookup:certificate signature failure
> 2117:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
> type is not 01:rsa_pk1.c:100:
> 2117:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
> failed:rsa_eay.c:396:
> 2117:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1
> object call:a_verify.c:109:
> [ssl]#
> 
> OpenSSL went and created the certificates "server.crt as in httpd.conf's
> "SSLCertificateFile /path/to/this/server.crt"
> I hesitate to use it because of these error messages.
> Can someone see where I might have gone wrong and how to rectify that
> ???
> TIA :(
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[OFF TOPIC ] Openssl..error creating server.crt ???

2003-07-29 Thread achana

Hi. Sorry about being off-topic.
I had some, for me, un-decipherable error messages when trying to sign
my own certificate.
First I created  my private key and certificate signing request :
[ssl]# openssl genrsa -des3 -out sever.key 1024
[ssl]# openssl req -new -key server.key -out server.csr
Then I created my own certificate authority:
[ssl]# openssl genrsa -des3 -out ca.key 1024
Next, I created a self-signed CA certificate with my rsa key:
[ssl]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Finally, I attempted to sign the ca.crt
[ssl]# ./sign.sh private/server.csr

Here is the tail-end of the output :
...
Certificate is to be certified until Jul 29 16:00:25 2004 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: private/server.crt <-> CA cert
private/server.crt: /C=HK/ST=HK/O=SAYS I.T. Co.
Ltd./CN=www.saysit.com.hk/[EMAIL PROTECTED]
error 18 at 0 depth lookup:self signed certificate
/C=HK/ST=HK/O=SAYS I.T. Co.
Ltd./CN=www.saysit.com.hk/[EMAIL PROTECTED]
error 7 at 0 depth lookup:certificate signature failure
2117:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
type is not 01:rsa_pk1.c:100:
2117:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:rsa_eay.c:396:
2117:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1
object call:a_verify.c:109:
[ssl]#

OpenSSL went and created the certificates "server.crt as in httpd.conf's
"SSLCertificateFile /path/to/this/server.crt"
I hesitate to use it because of these error messages.
Can someone see where I might have gone wrong and how to rectify that
???
TIA :(

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

OpenSSL : sign CA with sign.sh

2003-07-28 Thread achana

Hi.
My saga to sign my own CA with sign.sh continues, but I encountered this
error :
...
# ./sign.sh server.csr > sign.log
Using configuration from ca.config
unable to load CA private key
2124:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:662:Expecting: ANY PRIVATE KEY
server.crt: No such file or directory
2125:error:02001002:system library:fopen:No such file or
directory:bss_file.c:245:fopen('server.crt','r')
2125:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:247:
...
Okay, so people say borrow a tuppence from uncle scrooge and buy one
from Verisign...
But, gee, it would be nice if I could test the signing of my own
certificates.
Quo vadis ?
TIA :{

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

apachectl startssl complains about _default_443 (amongst other things...)

2003-07-27 Thread achana

Hi.
I compiled mod_ssl into my apache2 and got openssl to generate
server.key into .../conf/server.key and server.crt into
.../conf/server.crt

Then I modified httpd.conf

   Include /path/to/ssl.conf

Also, I commented out all the explicitly named virtual hosts in
 ...  because I expect troubles there.

In ssl.conf, I modified the following lines so they have the same
parameter values as in httpd.conf :


DocumentRoot "/path/to/html"
ServerName www.my.domain.com:80 ... In httpd.conf I used the BIOS name
e.g. ServerName BIOSNAME:80
...
SSLEngine on
...
SSLCertificateFile /path/to/conf/ssl.crt/server.crt
SSLCertificateFile /path/to/conf/ssl.key/server.key
...
When I start apache again with 
# apachectl startssl
I got the following messages :

[error] VirtualHost_default_:443 -- mixing * port and non-* ports with a
NameVirtualHost address is not supported: proceeding with unidentified
results.
Apache/2.0.40 mod_ssl/2.0.40 (Pass Phrase Dialog)
...

Can some kind souls tell me wha I have done wrong now. I didn't use
RedHat's default directories in /etc/httpd/conf, but that's hardly a mea
culpa.

Arrgh

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

error with "make testcert"

2003-07-27 Thread achana

Hi, all.
I am trying to create a self signed certificate for a test before buying
one.
Some time back, I downloaded and created ../libtool-1.4.2, not in any
PATH for obvious reasons.
In order to create certificate :
# make testcert
I got following error :
make : *** no rule to make target *** 'testcert'. Stop.
What have I done wrong now ???

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: where are sign.sh and openssl.conf ?

2003-07-25 Thread achana

Hi.
No John, please don't delete RH's /etc/bi/openssl from the default
install. RH did something "weird", there are dependencies there and they
look for RH's version of openssl. The best you can hope for is to
install a parallel version of OpenSSL. I brought this up with Simon a
few emails ago but he uses Suse


John Turner wrote:
> 
> Reason #942 not to just take "defaults" when installing Red Hat Linux.
> You're better off deleting all of their "auto" crap and then installing
> what you need from scratch.  At least then you know exactly where
> everything is.
> 
> John
> 
> [EMAIL PROTECTED] wrote:
> 
> > Hi.
> > Unbelievable, I searched all the servers for openssl.conf and found
> > nothing. Some of these are stock standard default installatio sraight
> > from the distro CDs from RH.
> > I am going to install OpenSSL from sratch this weekend and ditch RH's
> > distro copy.
> > find /usr openssl.conf -type f
> > find /usr -name openssl.conf
> > etc...
> > Nope.
> > I mean, when you configure these things, the sey parametric values have
> > to go somewhere, right ?
> > That does it, download, compile, install OpenSSL this weekend. Ouch!
> >
> >
> >
> > Simon Pabst wrote:
> >
> >>I don't know about Redhat's openssl installation,
> >>but propably it spreads over several directories.
> >>
> >>However there should be an openssl.conf somewhere,
> >>maybe its in /etc/openssl.conf or /usr/local/openssl/openssl.conf
> >>
> >>If you can't find it, this might help:
> >>find /etc -name openssl.conf
> >>or
> >>find /usr -name openssl.conf
> >>
> >>Installing openssl from source would also help getting a
> >>clean (and more secure) openssl installation with everything in one directory.
> >>
> >>And don't mix up Apache2 ssl.conf with openssl.conf, they've got nothing to
> >>do with each other.
> >>In Apache 1 all the SSL stuff was in httpd.conf, in Apache 2 they just put
> >>that into conf/ssl.conf.
> >>
> >>At 19:22 25.07.2003 +1000, you wrote:
> >>
> >>>Hi.
> >>>Thanks, I got EngelSchall's sign.sh. I am going through exactly those
> >>>doco as we "speak", I think the problem with the documentation is that
> >>>they refer to dfferent versions than mine.
> >>>On my default RH7.1 Linux installation, I do not have /usr/local/ssl or
> >>>/etc/ssl/openssl.conf, yet it comes well equipped with
> >>>/etc/httpd/conf/ssl.crt ad /etc/httpd/conf/ssl.key.
> >>>On the other hand, the Apache2 httpd.conf uses an Include conf/ssl.conf
> >>>which doesn't look like the instructions on the documentation. I am so
> >>>confused, I need a beer.
> >>>S, I won't be finishing the task this week.
> >>>
> >>>
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: where are sign.sh and openssl.conf ?

2003-07-25 Thread achana

Hi.
Unbelievable, I searched all the servers for openssl.conf and found
nothing. Some of these are stock standard default installatio sraight
from the distro CDs from RH.
I am going to install OpenSSL from sratch this weekend and ditch RH's
distro copy.
find /usr openssl.conf -type f
find /usr -name openssl.conf
etc...
Nope.
I mean, when you configure these things, the sey parametric values have
to go somewhere, right ?
That does it, download, compile, install OpenSSL this weekend. Ouch!



Simon Pabst wrote:
> 
> I don't know about Redhat's openssl installation,
> but propably it spreads over several directories.
> 
> However there should be an openssl.conf somewhere,
> maybe its in /etc/openssl.conf or /usr/local/openssl/openssl.conf
> 
> If you can't find it, this might help:
> find /etc -name openssl.conf
> or
> find /usr -name openssl.conf
> 
> Installing openssl from source would also help getting a
> clean (and more secure) openssl installation with everything in one directory.
> 
> And don't mix up Apache2 ssl.conf with openssl.conf, they've got nothing to
> do with each other.
> In Apache 1 all the SSL stuff was in httpd.conf, in Apache 2 they just put
> that into conf/ssl.conf.
> 
> At 19:22 25.07.2003 +1000, you wrote:
> >Hi.
> >Thanks, I got EngelSchall's sign.sh. I am going through exactly those
> >doco as we "speak", I think the problem with the documentation is that
> >they refer to dfferent versions than mine.
> >On my default RH7.1 Linux installation, I do not have /usr/local/ssl or
> >/etc/ssl/openssl.conf, yet it comes well equipped with
> >/etc/httpd/conf/ssl.crt ad /etc/httpd/conf/ssl.key.
> >On the other hand, the Apache2 httpd.conf uses an Include conf/ssl.conf
> >which doesn't look like the instructions on the documentation. I am so
> >confused, I need a beer.
> >S, I won't be finishing the task this week.
> >
> >
> >Simon Pabst wrote:
> > >
> > > A good HOWTO about Certificate Management and creating your own CA
> > > is on http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/c118.html
> > >
> > > Another one is here: http://www.corserv.com/freebsd/apache-ssl-howto.html
> > > (not so detailed, but not that good either)
> > >
> > > At 15:28 25.07.2003 +1000, you wrote:
> > > >Hi!
> > > >I am going throug a couple of books (O'Reilly OpenSSL" and SAM "Maxum
> > > >Apache Security") and HOWTOs, I haven't come across instructions to set
> > > >up a CA yet. Can you please oint me in the right direction ?
> > > >TIA :(
> > > >
> > > >Bill Barker wrote:
> > > > >
> > > > > It seems that it is only distributed with the Apache-1.3.x version of
> > > > > mod_ssl.
> > > > >
> > > > > In my experience, it is usually worth the trouble in the long run
> > to do a
> > > > > full setup for a CA (i.e. what 'openssl ca ...' expects) if you need to
> > > > > issue your own certs.
> > > > >
> > > > > <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> > > > > > Hi.
> > > > > > The HOWTO instructions on
> > > > > > http://httpd.apache.org/docs-2.0/ssl/ssl_fag.html said I need a
> > > > > > "sign.sh" script for signing server.csr. It is supposed to be
> > > > > > distributed with mod_ssl.
> > > > > > Mabe I should download and unpack the latest mod_ssl and look for it
> > > > > > again...
> > > > >
> > > > > -
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >-
> > > >To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > >For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >-
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: where is sign.sh from mod_ssl ???

2003-07-25 Thread achana

Hi.
Thanks, I got EngelSchall's sign.sh. I am going through exactly those
doco as we "speak", I think the problem with the documentation is that
they refer to dfferent versions than mine. 
On my default RH7.1 Linux installation, I do not have /usr/local/ssl or
/etc/ssl/openssl.conf, yet it comes well equipped with
/etc/httpd/conf/ssl.crt ad /etc/httpd/conf/ssl.key. 
On the other hand, the Apache2 httpd.conf uses an Include conf/ssl.conf
which doesn't look like the instructions on the documentation. I am so
confused, I need a beer.
S, I won't be finishing the task this week.


Simon Pabst wrote:
> 
> A good HOWTO about Certificate Management and creating your own CA
> is on http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/c118.html
> 
> Another one is here: http://www.corserv.com/freebsd/apache-ssl-howto.html
> (not so detailed, but not that good either)
> 
> At 15:28 25.07.2003 +1000, you wrote:
> >Hi!
> >I am going throug a couple of books (O'Reilly OpenSSL" and SAM "Maxum
> >Apache Security") and HOWTOs, I haven't come across instructions to set
> >up a CA yet. Can you please oint me in the right direction ?
> >TIA :(
> >
> >Bill Barker wrote:
> > >
> > > It seems that it is only distributed with the Apache-1.3.x version of
> > > mod_ssl.
> > >
> > > In my experience, it is usually worth the trouble in the long run to do a
> > > full setup for a CA (i.e. what 'openssl ca ...' expects) if you need to
> > > issue your own certs.
> > >
> > > <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
> > > > Hi.
> > > > The HOWTO instructions on
> > > > http://httpd.apache.org/docs-2.0/ssl/ssl_fag.html said I need a
> > > > "sign.sh" script for signing server.csr. It is supposed to be
> > > > distributed with mod_ssl.
> > > > Mabe I should download and unpack the latest mod_ssl and look for it
> > > > again...
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >-
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: how to get the ca from client by servlet

2003-07-25 Thread achana

Hi.
We are in the same boat ! See Zhangwei's email.
It seems to be a bug, to be fixed by the next release , coming out this
month.


errise wrote:
> 
> I had finished the configuration of apache + tomcat + ssl.but i found i can't get  
> client's ca in this environment by servlet.
> I successfully  get  client's ca in  the tomcat + ssl,by code 
> 'request.getHeader()'.but in  apache i can't get it.
> 
> I don't know what is error in the apache + ssl + tomcat.
> How to get the clients ca in the apache + ssl + tomcat?
> 
> thanks
> errise

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: where is sign.sh from mod_ssl ???

2003-07-25 Thread achana

Hi!
I am going throug a couple of books (O'Reilly OpenSSL" and SAM "Maxum
Apache Security") and HOWTOs, I haven't come across instructions to set
up a CA yet. Can you please oint me in the right direction ?
TIA :(

Bill Barker wrote:
> 
> It seems that it is only distributed with the Apache-1.3.x version of
> mod_ssl.
> 
> In my experience, it is usually worth the trouble in the long run to do a
> full setup for a CA (i.e. what 'openssl ca ...' expects) if you need to
> issue your own certs.
> 
> <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
> > Hi.
> > The HOWTO instructions on
> > http://httpd.apache.org/docs-2.0/ssl/ssl_fag.html said I need a
> > "sign.sh" script for signing server.csr. It is supposed to be
> > distributed with mod_ssl.
> > Mabe I should download and unpack the latest mod_ssl and look for it
> > again...
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

where is sign.sh from mod_ssl ???

2003-07-24 Thread achana

Hi.
The HOWTO instructions on
http://httpd.apache.org/docs-2.0/ssl/ssl_fag.html said I need a
"sign.sh" script for signing server.csr. It is supposed to be
distributed with mod_ssl.
Mabe I should download and unpack the latest mod_ssl and look for it
again...

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Solved: Installing mod_ssl on Apache2+Tomcat+mod_jk setup...

2003-07-24 Thread achana

Hi Simon
That worked, I got mod_ssl.
Thanks for the tips, much appreciated.


Simon Pabst wrote:
> 
> Jeez,
> obviously $APACHE_HOME points to an apache installation directory and not
> source, so no wonder your previous make didn't work.
> 
> You don't need the source directory /usr/local/httpd-2.0.40 anymore, so you
> can delete it (or move somewhere else as backup).
> 
> As for your previous configuration in the installation directory
> /usr/local/apache, i'd suggest you copy the relevant lines into the new
> apache config files
> and delete /usr/local/apache (or move somewhere else as backup).
> 
> Besides i suggest posting any more Apache only problems to the related
> mailing list (To subscribe, send an empty message to
> [EMAIL PROTECTED] )
> 
> At 00:36 25.07.2003 +1000, you wrote:
> >I actually downloaded and installed Apache2 recently, it is not the old
> >version delivered in the distro.
> >Before the make and make install, there were 2 directories :
> >/usr/local/apache
> >/usr/local/httpd-2.0.40
> >$APACHE_HOME points to /usr/local/apache
> >I edit the files in $APACHE_HOME/conf and apache worked well like that.
> >Then after running configure, make and make install from inside
> >/usr/local/httpd-2.0.40, I ended up with 3 directories !?!, They are :
> >/usr/local/apache
> >/usr/local/apache2
> >/usr/local/httpd-2.0.40
> >The make install actually created and installed another apache for me,
> >but since I have done a lot of work on the old i.e. /usr/local/apache
> >aready, I must use that copy.
> >So when you say the "make" should be done in the source directory, which
> >one do you mean ???
> >I am very confused at the moment.
> >Perhaps I should do it like this :
> >./configure
> >--enable-ssl
> >--with-ssl=/usr/bin
> >--prefix=/usr/local/apache
> >
> >TIA :(
> >
> >
> >
> >Simon Pabst wrote:
> > >
> > > Hmm i guess $APACHE_HOME points to Redhats Apache Home or where?
> > > The make should be done in the source directory, not in the Apache
> > > installation home.
> > > Just forget about the Redhat Apache and build apache completely from
> > source,
> > > here's a step by step list (YMMV):
> > > =
> > >
> > > # Download the latest source (httpd-2.0.47.tar.gz) from
> > > http://httpd.apache.org/download.cgi
> > > tar -zxf httpd-2.0.47.tar.gz
> > > cd httpd-2.0.47
> > >
> > > "./configure" \
> > > "--prefix=/opt/apache2" \
> > > "--with-mpm=worker" \
> > > "--enable-so" \
> > > "--enable-rewrite" \
> > > "--enable-ssl" \
> > > "--with-ssl=/path/to/latest/openssl" \
> > > "--enable-proxy"
> > >
> > > # prefix sets the installation directory
> > > # mpm=worker compiles apache with multithreading support, needed for
> > > current mod_jk1/2 load balancing round robin to work properly
> > > # mod_so is needed for DSO support (so you can install other modules later
> > > without rebuilding the whole thing, recommended for mod_jk(2)
> > > # mod_rewrite is the swiss army knife for URL manipulation and always handy
> > > # mod_proxy is not really needed, but a possible alternative to connect to
> > > Tomcat
> > > # See http://httpd.apache.org/docs-2.0/mod/
> > >
> > > make
> > > make install
> > >
> > > =
> > >
> > > And that openssl version problem,
> > > i'd suggest you try upgrading with a more recent openssl rpm if there
> > is any,
> > > or you build and install the latest openssl yourself:
> > >
> > > # Download http://www.openssl.org/source/openssl-0.9.7b.tar.gz
> > > gtar -zxf openssl-0.9.7b.tar.gz
> > > cd openssl-0.9.7b
> > > ./configure --prefix=/path/to/somewhere/else/than/redhat_ssl
> > > make
> > > make install
> > >
> > > If you happen to run into any compilation problems,
> > > you propably have to upgrade some other system libraries as well.
> > >
> > > At 12:38 24.07.2003 +1000, you wrote:
> > > >Well yes, I did that and configure ran "normally" after a "make
> > > >distclean" (I think I maight have left some junk there from last
> > > >time)...
> > > >Then I tried doing this :
> > > ># cd $APACHE_HOME
> > > ># make
> > > ># make certificate
> > > ># make install
> > > >"make" didn't work and complained "No targets specified and no Makefile
> > > >found. Stop"
> > > >I can clearly see makefile there !
> > > >Then I checked Apache, like this :
> > > ># apachectl -l
> > > >I do not see mod_ssl compiled into it.
> > > >Having said all that, I still have another major concern about
> > > >openssl-0.9.6-3 vulnerability. It seems that I am going through a lot of
> > > >trouble installing a faulted version. All the research I have done sofar
> > > >recommends installing a second openssl-0.9.7 alongside 0.9.6-3 because
> > > >redHat7.1 has dependency problems otherside.
> > > >This is very irritating !
> > > >TIA (DIV=danke im voraus?)
> > > >:(
> > > >
> > > >Simon Pabst wrote:
> > > > >
> > > > > That configure of yours is not quite right:
> > > > >
> > > > >

Re: Installing mod_ssl on Apache2+Tomcat+mod_jk setup...

2003-07-24 Thread achana

I actually downloaded and installed Apache2 recently, it is not the old
version delivered in the distro.
Before the make and make install, there were 2 directories :
/usr/local/apache
/usr/local/httpd-2.0.40
$APACHE_HOME points to /usr/local/apache
I edit the files in $APACHE_HOME/conf and apache worked well like that.
Then after running configure, make and make install from inside
/usr/local/httpd-2.0.40, I ended up with 3 directories !?!, They are :
/usr/local/apache
/usr/local/apache2
/usr/local/httpd-2.0.40
The make install actually created and installed another apache for me,
but since I have done a lot of work on the old i.e. /usr/local/apache
aready, I must use that copy.
So when you say the "make" should be done in the source directory, which
one do you mean ???
I am very confused at the moment.
Perhaps I should do it like this :
./configure
   --enable-ssl
   --with-ssl=/usr/bin
   --prefix=/usr/local/apache 
   
TIA :(



Simon Pabst wrote:
> 
> Hmm i guess $APACHE_HOME points to Redhats Apache Home or where?
> The make should be done in the source directory, not in the Apache
> installation home.
> Just forget about the Redhat Apache and build apache completely from source,
> here's a step by step list (YMMV):
> =
> 
> # Download the latest source (httpd-2.0.47.tar.gz) from
> http://httpd.apache.org/download.cgi
> tar -zxf httpd-2.0.47.tar.gz
> cd httpd-2.0.47
> 
> "./configure" \
> "--prefix=/opt/apache2" \
> "--with-mpm=worker" \
> "--enable-so" \
> "--enable-rewrite" \
> "--enable-ssl" \
> "--with-ssl=/path/to/latest/openssl" \
> "--enable-proxy"
> 
> # prefix sets the installation directory
> # mpm=worker compiles apache with multithreading support, needed for
> current mod_jk1/2 load balancing round robin to work properly
> # mod_so is needed for DSO support (so you can install other modules later
> without rebuilding the whole thing, recommended for mod_jk(2)
> # mod_rewrite is the swiss army knife for URL manipulation and always handy
> # mod_proxy is not really needed, but a possible alternative to connect to
> Tomcat
> # See http://httpd.apache.org/docs-2.0/mod/
> 
> make
> make install
> 
> =
> 
> And that openssl version problem,
> i'd suggest you try upgrading with a more recent openssl rpm if there is any,
> or you build and install the latest openssl yourself:
> 
> # Download http://www.openssl.org/source/openssl-0.9.7b.tar.gz
> gtar -zxf openssl-0.9.7b.tar.gz
> cd openssl-0.9.7b
> ./configure --prefix=/path/to/somewhere/else/than/redhat_ssl
> make
> make install
> 
> If you happen to run into any compilation problems,
> you propably have to upgrade some other system libraries as well.
> 
> At 12:38 24.07.2003 +1000, you wrote:
> >Well yes, I did that and configure ran "normally" after a "make
> >distclean" (I think I maight have left some junk there from last
> >time)...
> >Then I tried doing this :
> ># cd $APACHE_HOME
> ># make
> ># make certificate
> ># make install
> >"make" didn't work and complained "No targets specified and no Makefile
> >found. Stop"
> >I can clearly see makefile there !
> >Then I checked Apache, like this :
> ># apachectl -l
> >I do not see mod_ssl compiled into it.
> >Having said all that, I still have another major concern about
> >openssl-0.9.6-3 vulnerability. It seems that I am going through a lot of
> >trouble installing a faulted version. All the research I have done sofar
> >recommends installing a second openssl-0.9.7 alongside 0.9.6-3 because
> >redHat7.1 has dependency problems otherside.
> >This is very irritating !
> >TIA (DIV=danke im voraus?)
> >:(
> >
> >Simon Pabst wrote:
> > >
> > > That configure of yours is not quite right:
> > >
> > > the following is required for Apache with SSL/HTTPS Support (still called
> > > mod_ssl):
> > > --enable-ssl
> > >
> > > this is only required if the auto detection of apache can't fint the
> > > installed open ssl:
> > > --with-ssl=/path/to/openssl
> > >
> > > At 17:49 23.07.2003 +1000, you wrote:
> > > >Hiya, thanks for the tip.
> > > >When I ran ./configure --help, the option --enable-ssl is missing.
> > > >So I tried this :
> > > >./configure
> > > >   --with-apache=
> > > >   --with-ssl=
> > > >   --prefix=
> > > >So komme ich auch nicht weiter !
> > > >Those options are not available in configure !?!
> > > >TIA :(
> > > >
> > > >Simon Pabst wrote:
> > > > >
> > > > > This should go to Apache Mailing List propably.
> > > > >
> > > > > Apache 2 has its own mod_ssl included.
> > > > > You still need an installed OpenSSL to use mod_ssl,
> > > > > as how to configure:
> > > > >
> > > > > httpd-2.0.45 # ./configure --help|grep -i ssl
> > > > >   --enable-sslSSL/TLS support (mod_ssl)
> > > > >   --with-ssl=DIR  SSL/TLS toolkit (OpenSSL)
> > > > >
> > > > > "Tomcat Users List" <[EMAIL PROTECTED]> schrieb am
> > > > 14.07.03 09:56:52:
> > > > > >
> > > > > > Apache2.0.4

Diff betw ssh and my OpenSSL server.key and ca.key ?

2003-07-24 Thread achana

In RH7.1 under /etc/ssh there are several ssh_host_*  keys and config
files. 
They seem to be for remote client logins.
Would my newly generated OpenSSL keys and certificate conflict with them
???
What's the difference between the two ???
Sorry for the newbie questions...

Simon Pabst wrote:
> 
> 1. Generate a private key:
> openssl genrsa -des3 -out privkey.pem 2048
> (this should prompt you for a
> passphrase)http://www.openssl.org/docs/HOWTO/keys.txt
> 
> 2. a) Generate a self-signed test certificate:
> openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
> 
> 2. b) If you want to use a Trust-Center signed SSL certificate,
> you need to create a certificate signing request (CSR) and submit it to a
> Certificate Authority (CA):
> openssl req -new -key privkey.pem -out cert.csr
> 
> http://www.openssl.org/docs/HOWTO/certificates.txt
> 
> Some Certificate Authorities:
> http://www.verisign.com/
> http://www.thawte.com/
> http://www.instantssl.com/
> 
> At 17:27 24.07.2003 +1000, you wrote:
> >Hi. My quixotic tilt at mod_ssl continues...
> >I am into my second book on this subject matter. Okay, let's put that in
> >that "too-hard" basket for the moment.
> >Let's make OpenSSL work first. It does.
> >It asks me whether I want to DER or PEM. I take PEM.
> >Then it tells me not enough random data. So I did this:
> ># openssl -rand  -des3 -out server.key 1024
> >That skipped the PEM bit, BUT how do I get it to challenge with a pass
> >phrase dialogue ?
> >Do all of you use PEM ?
> >
> >Regards,
> >Discombobulated...
> >Perplexed in search of perspicacity is the first sign of neurosis.
> >
> >-
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

To PEM or not to PEM in OpenSSL ???

2003-07-24 Thread achana

Hi. My quixotic tilt at mod_ssl continues...
I am into my second book on this subject matter. Okay, let's put that in
that "too-hard" basket for the moment.
Let's make OpenSSL work first. It does.
It asks me whether I want to DER or PEM. I take PEM.
Then it tells me not enough random data. So I did this:
# openssl -rand  -des3 -out server.key 1024
That skipped the PEM bit, BUT how do I get it to challenge with a pass
phrase dialogue ?
Do all of you use PEM ?

Regards,
Discombobulated...
Perplexed in search of perspicacity is the first sign of neurosis.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Installing mod_ssl on Apache2+Tomcat+mod_jk setup...

2003-07-23 Thread achana

Well yes, I did that and configure ran "normally" after a "make
distclean" (I think I maight have left some junk there from last
time)...
Then I tried doing this :
# cd $APACHE_HOME
# make 
# make certificate
# make install
"make" didn't work and complained "No targets specified and no Makefile
found. Stop"
I can clearly see makefile there !
Then I checked Apache, like this :
# apachectl -l
I do not see mod_ssl compiled into it.
Having said all that, I still have another major concern about
openssl-0.9.6-3 vulnerability. It seems that I am going through a lot of
trouble installing a faulted version. All the research I have done sofar
recommends installing a second openssl-0.9.7 alongside 0.9.6-3 because
redHat7.1 has dependency problems otherside.
This is very irritating !
TIA (DIV=danke im voraus?)
:(

Simon Pabst wrote:
> 
> That configure of yours is not quite right:
> 
> the following is required for Apache with SSL/HTTPS Support (still called
> mod_ssl):
> --enable-ssl
> 
> this is only required if the auto detection of apache can't fint the
> installed open ssl:
> --with-ssl=/path/to/openssl
> 
> At 17:49 23.07.2003 +1000, you wrote:
> >Hiya, thanks for the tip.
> >When I ran ./configure --help, the option --enable-ssl is missing.
> >So I tried this :
> >./configure
> >   --with-apache=
> >   --with-ssl=
> >   --prefix=
> >So komme ich auch nicht weiter !
> >Those options are not available in configure !?!
> >TIA :(
> >
> >Simon Pabst wrote:
> > >
> > > This should go to Apache Mailing List propably.
> > >
> > > Apache 2 has its own mod_ssl included.
> > > You still need an installed OpenSSL to use mod_ssl,
> > > as how to configure:
> > >
> > > httpd-2.0.45 # ./configure --help|grep -i ssl
> > >   --enable-sslSSL/TLS support (mod_ssl)
> > >   --with-ssl=DIR  SSL/TLS toolkit (OpenSSL)
> > >
> > > "Tomcat Users List" <[EMAIL PROTECTED]> schrieb am
> > 14.07.03 09:56:52:
> > > >
> > > > Apache2.0.40 seems to ship with mod_ssl in the directory
> > > > .../httpd-2.0.40/modules/ssl.
> > > > But no mention of OpenSSL, although both ssl_util_ssl.c and
> > > > ssl_util_ssl.h refer to OpenSSL.
> > > > I ftp-ed openssl-0.9.76b.tar.gz , but they only tralk about Apache
> > > > 1.3.24 as in :
> > > > # configure with-apache=../apache_1.3.24 with-ssl=./open22l-0.9.6c  etc
> > > > Am I to understand there is no mod_ssl for Apache2+  ???
> > > >
> > > > 
> > > > -
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > > --
> > > Simon Pabst
> > >
> > > E-Mail: [EMAIL PROTECTED]
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >-
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Installing mod_ssl on Apache2+Tomcat+mod_jk setup...

2003-07-23 Thread achana

Hiya, thanks for the tip.
When I ran ./configure --help, the option --enable-ssl is missing.
So I tried this :
./configure 
  --with-apache=
  --with-ssl=
  --prefix=
So komme ich auch nicht weiter !
Those options are not available in configure !?!
TIA :(

Simon Pabst wrote:
> 
> This should go to Apache Mailing List propably.
> 
> Apache 2 has its own mod_ssl included.
> You still need an installed OpenSSL to use mod_ssl,
> as how to configure:
> 
> httpd-2.0.45 # ./configure --help|grep -i ssl
>   --enable-sslSSL/TLS support (mod_ssl)
>   --with-ssl=DIR  SSL/TLS toolkit (OpenSSL)
> 
> "Tomcat Users List" <[EMAIL PROTECTED]> schrieb am 14.07.03 09:56:52:
> >
> > Apache2.0.40 seems to ship with mod_ssl in the directory
> > .../httpd-2.0.40/modules/ssl.
> > But no mention of OpenSSL, although both ssl_util_ssl.c and
> > ssl_util_ssl.h refer to OpenSSL.
> > I ftp-ed openssl-0.9.76b.tar.gz , but they only tralk about Apache
> > 1.3.24 as in :
> > # configure with-apache=../apache_1.3.24 with-ssl=./open22l-0.9.6c  etc
> > Am I to understand there is no mod_ssl for Apache2+  ???
> >
> > 
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> 
> --
> Simon Pabst
> 
> E-Mail: [EMAIL PROTECTED]
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Can an lb-worker be an ajp13 worker as well ?

2003-07-22 Thread achana

Hi all.
Can an lb worker be an ajp13 worker as well ?
I mean, you don't really need to allocate a whole box just for load
balancing, or do you ? Wouldn't it be nice to have 3 Tomcats all ajp13
as well as lb workers ?
Switch off the power supply on one and see what happens. Anyone tried
that ?
Also, on my Tomcat box, I don't really to write a new mod_jk.conf every
time I start up, can't we just switch off the Listerner in server.xml ?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: for my mod_jk : WARP vs AJP13 ???

2003-07-22 Thread achana

Yes in the end I typed the lot into httpd.conf rather than use
server.xml cause I couldn't get it to automagically auto-generate
mod_jk.conf correctly for me. Works fine using Glenn Nielsen's doco,
nothing like vi-ing around, brings tears to one's eyes. Now lets see
whether I can switch on MD5 authentication for some of the virtual
hosts. 
Oh yea, just in case anyone's stll interested in this thread, ajp
supports SSL and I think it has the facility to get info about
encryption and certificates. Don't know about WARP-ing betw Tomcat and
Apache.
Thanks again, John.


John Turner wrote:
> 
> Just the opposite: AJP is most definitely preferred over WARP.
> 
> Use WARP if you want, but it is currently not actively developed or
> supported, and there is no support for it at all planned for Tomcat 5.
> 
> Don't get caught up in the auto-generation.  Take it from me, please: if
> you have more than one virtual host, you will be better off making the
> changes to httpd.conf manually and ignoring the auto-configuration.
> 
> The auto-configuration is a convenience, not a requirement.  It isn't
> needed for a stable working environment, and once you understand that
> changes that are needed, you can make the changes yourself in httpd.conf
> faster anyway.
> 
> John
> 
> On Mon, 21 Jul 2003 18:40:08 +1000, <[EMAIL PROTECTED]> wrote:
> 
> > Hi.
> > I'm struggling a bit trying to coax server.xml to auto-generate an
> > acceptable copy of mod_jk.conf for me after modifying my
> > workers.properties and adding some virtual hosts.
> > AS I understand it, WARP is the alternative connector-protocol which I
> > can use instead of AJP13. Are there any reasons to prefer WARP over AJP
> > ???
> > TIA :(
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> 
> --
> Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

for my mod_jk : WARP vs AJP13 ???

2003-07-21 Thread achana

Hi.
I'm struggling a bit trying to coax server.xml to auto-generate an
acceptable copy of mod_jk.conf for me after modifying my
workers.properties and adding some virtual hosts.
AS I understand it, WARP is the alternative connector-protocol which I
can use instead of AJP13. 
Are there any reasons to prefer WARP over AJP ???
TIA :(

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Redirect to home page on logon

2003-07-20 Thread achana

Hi, this is what I do smetimes (nly to look at my own things, of
course...):
$ telnet 192.168.1.200 80
...
It might respose by telling me :
..
Trying 192.16.1.200.. 
Connected to 12.168.1.200
...
Then you type in something like this :
GET /help.txt HTTP/1.0
...
It will probably give you a log winded response like this :
HTTP/1.1 20 OK
Date: balbla
Server: Apache/1.3.26 (Unix) blbla
Conetent -Type: text/plain
..
You ca a lot of info from it. You look at your own things of course.
And so forth. Hope that helps.

"Tarek M. Nabil" wrote:
> 
> Thanks Tim. Could you please elaborate more on how to use telnet to do this.
> 
> -Original Message-
> From: Tim Funk [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 17, 2003 10:49 PM
> To: Tomcat Users List
> Subject: Re: Redirect to home page on logon
> 
> I recommend posting to the struts list and hope they don't respond by saying
> "please post to the tomcat list"
> 
> Also telnet is nice for debugging requests too so you can see the headers
> begin returned in case some wacky redirect logic is being invoked that you
> might not be detecting.
> 
> -Tim
> 
> Tarek M. Nabil wrote:
> > Tim, the Filter thing is a great idea, and it worked just fine. Thanks a million.
> >
> > Now, I have another problem that I just can't figure out. After the session 
> > expires and the user makes a request, he's sent to the login page by Tomcat. After 
> > he logs in, he's still sent to the error page. Of course the filter intercepts 
> > this and redirects to the home page.
> >
> > I still can't figure out, though, why the request is sent to the error page. It 
> > really doesn't make sense.
> >
> > I have my error pages configured as follows:
> >
> > 
> > 
> >   500
> >   /error.do
> > 
> > 
> >   404
> >   /error.do
> > 
> > 
> >   java.lang.Exception
> >   /error.do
> > 
> >
> > In error.do I do some logging, then forward to error.jsp. What's really driving me 
> > crazy, is that in the case I was just describing, the request is sent directly to 
> > error.jsp and it doesn't even go to error.do. I tried adding some debugging info 
> > in error.jsp to see what error is happening, but, although the "isErrorPage" is 
> > set to true, there's no exception object.
> >
> > I went into the Tomcat server.xml and raised the debug level to 4 for both the 
> > host and the engine, and still the Tomcat logs does not mention anything about the 
> > error that causes the forwarding to error.jsp. I even checked stdout and stderr, 
> > nothing.
> >
> > What I can't understand is how the container knows about error.jsp, it's not 
> > mentioned anywhere in my web.xml. The only place it's mentioned in is in the 
> > struts-config.xml file. I even changed it's name to something else, thinking that 
> > maybe error.jsp is some default value or something like index.jsp, but it didn't 
> > help.
> >
> > Please, someone help me out here.
> >
> > -Original Message-
> > From: Tim Funk [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, July 16, 2003 8:24 PM
> > To: Tomcat Users List
> > Subject: Re: Redirect to home page on logon
> >
> >
> > Use a filter. Its container independent.
> >
> > The filter runs on the appropriate (or all) requests and would check if the
> > beans are in the session. If not - redirect.
> >
> > OR
> >
> > If all the pages set an error condition - you might be able to use an error
> > mapping directive in web.xml
> >
> > -Tim
> >
> > Tarek M. Nabil wrote:
> >
> >>Hi everyone,
> >>
> >>I have an application that uses beans stored in the session context. If the user's 
> >>session times out, he's asked to re-login on his next request. For this, I'm using 
> >>J2EE security; I'm not doing it myself.
> >>After the user is finished with the re-login, he's supposed to complete his 
> >>request, but the fact that the beans are not in the session anymore produces an 
> >>error.
> >>Unfortunately, those beans are specific to the last request the user made, so I 
> >>cannot re-initialize them in a listener for session creation.
> >>
> >>I was wondering if there's a way to configure security so that after the user logs 
> >>in he's redirected to a certain page instead of being able to continue his last 
> >>request.
> >>
> >>I know this can be done manually, but I would have to do it in every web component 
> >>I have which is really tiresome. Any quick solutions?
> >>
> >>Any help is appreciated.
> >>
> >>I'm sorry that this question is not Tomcat specific, but I tried the 
> >>servlet-interest list and got no responses.
> >>
> >>Thanks,
> >>Tarek M. Nabil
> >
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---

And another thing about auto-generating mod_jk.conf

2003-07-20 Thread achana

[EMAIL PROTECTED] wrote:
> 
> I modified workers.properties :
> from "worker.list=ajp13"
> to "worker.list=ajax, helen"
> following is an excerpt from the new workers.properties :
> ...
> # listing workers by names e.g. worker.list=asterix, obelix,
> loadbalancer etc
> ps=/
> worker.list=ajax, troy
> # -
> # First Tomcat server : ajax
> # -
> worker.ajax.port=8009
> worker.ajax.host=tomcat.mydom.com
> worker.ajax.type=ajp13
> # Specify the size of the open connection cache
> # worker.ajax.cachesize
> # Specify the loadbalancing factor when used with a load-balancing
> worker
> # ...lbfactor must be > 0
> # ...a low lbfactor means less work done by this worker
> worker.ajax.lbfactor=100
> # --
> # Second Tomcat server : troy
> # --
> worker.troy.port=8009
> worker.troy.host=tomcat2.mydom.com
> worker.troy.type=ajp13
> ...etc...
> 
> This didn't work, java console reports a "Class File Not Found" error.
> Yet if I change the name "ajax" back to "ajp13", all okay again. I mean
> a name is nothing more than a plave-holder only, right ???
> Hope I get some answers.
> TIA :{
> Kind Regards,
> ACDC
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

auto-generating mod_jk.conf ???

2003-07-20 Thread achana

Hi all. I use Apache2 <-> mod_jk <-> Tomcat4
Been a while since I had to auto-generate mod_jk.conf 
The auto-generated copy is in .../conf/auto whereas the working copy is
in .../conf 
I have some new virtual hosts which I inserted into server.xml. I copied
server.xml to the Apache server, started and stopped Tomcat and got a
new .../conf/auto/mod_jk.conf 
It has all the new virtual hosts, but it doesn't have definitions for
, the LoadModule and AddModule and the entries for the
workers.properties. In other words, incomplete.
I can cut and past the virtual hosts from the new mod_jk.conf to the old
one, but that's hardly the point.
What have I done wrong ???
Maybe  should just add them manually to the old copy ??? 
It works, but I would really like to know why I am not getting the
complete mod_jk.conf ???
TIA :(
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

problem with auto-generating mod_jk

2003-07-19 Thread achana

Hi all. I use Apache2 <-> mod_jk <-> mod_jk
Been a while since I had to auto-generate mod_jk.
I have some new virtual hosts which I inserted into server.xml. I copied
server.xml to the Apache server, started and stopped Tomcat and got a
new .../conf/auto/mod_jk.conf 
It has all the new virtual hosts, but it doesn't have definitions for
, the LoadModule and AddModule and the entries for the
workers.properties. In other words, incomplete.
I can cut and past the virtual hosts from the new mod_jk.conf to the old
one, but that's hardly the point.
What have I done wrong ???
Maybe  should just add them manually to the old copy ???
TIA :(
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Where is ContextXmlReader ???

2003-07-17 Thread achana

Hi. I am in one of those sticky situations where I do not know which
forum is the right one.
I am trying to "sync" my Apache2 with my Tomcat4 by defining virtual
hosts in httpd.conf and server.xml, if that sort of makes sense...
Tomcat4 Questions
===
Where is the directive ? 
In my installation, there isn't a .../conf/vhosts/vhost-.xml! 
Do I have to create this myself? 
If not, how does Tom know what web applications are deployed on this
server ?
Is the following dir structure correct for each domain (aka virtual
host)
$CATALINA_HOME/
domNameAAA.com/
..web/
..webapps/
domNameBBB.org/
..web/
..webapps/
Is it possible for one domain to reference or point to SomeProgram.class
in another domain ?
If I have more than one Tomcat servers, can I copy server.xml from one
Tom to another and can I modify it so that I can force some requests to
be serviced by designated Tomcats ?
Apache2 Questions
=
Do I have to specify JkMount /.. ajp13 and Jkmount /../* ajp13 for all
virtual hosts, repeatedly ?
Encryption
=
Is MD5 supported by IE5 and Netscape6 / Mozilla 1 ?
If not, what plug-ins do I need for them (assuming the plug-ins exist) ?
Finally why r client browser so lackadaisical with implementing
encryption ?
Why is MS telling us now about buffer overflow and embedding escape
characters into long strings, everybody knows that? Don't they know the
real danger lies with the "sniffers", the SAS of the Internet ?
TIA
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

virtual hosts in Tomcat and Apache

2003-07-14 Thread achana

Hi again, Apache2+Tomcat+mod_jk working find until...
I used a virtual host directive in server.xml, that's fine; but
When I start adding virtual hosts in Apache, one for each developer's
directory, I got following error message :

RemoteORAClient: set URL to http://www.myhost.com/myhost/RemoteORAServer
java.io.FileNotFoundException:
http://www.myhost.com/myhost/RemoteORAServer
at sun.net.www.protocol ...bla

As soon as I remove the virtual host directives in APACHE2, all okay
again.
I am beginning to wonder whether I need a corresponding virtual host in
Server.xml for each virtual host in Apache2 ???
Where do I start with this problem, I coded the a2s and I don't remember
hardcoding any FQDN anywhere... ???
But errare humanum est
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Installing mod_ssl on Apache2+Tomcat+mod_jk setup...

2003-07-14 Thread achana

Danke.
Simon Pabst wrote:
> 
> This should go to Apache Mailing List propably.
> 
> Apache 2 has its own mod_ssl included.
> You still need an installed OpenSSL to use mod_ssl,
> as how to configure:
> 
> httpd-2.0.45 # ./configure --help|grep -i ssl
>   --enable-sslSSL/TLS support (mod_ssl)
>   --with-ssl=DIR  SSL/TLS toolkit (OpenSSL)
> 
> "Tomcat Users List" <[EMAIL PROTECTED]> schrieb am 14.07.03 09:56:52:
> >
> > Apache2.0.40 seems to ship with mod_ssl in the directory
> > .../httpd-2.0.40/modules/ssl.
> > But no mention of OpenSSL, although both ssl_util_ssl.c and
> > ssl_util_ssl.h refer to OpenSSL.
> > I ftp-ed openssl-0.9.76b.tar.gz , but they only tralk about Apache
> > 1.3.24 as in :
> > # configure with-apache=../apache_1.3.24 with-ssl=./open22l-0.9.6c  etc
> > Am I to understand there is no mod_ssl for Apache2+  ???
> >
> > 
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> 
> --
> Simon Pabst
> 
> E-Mail: [EMAIL PROTECTED]
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Installing mod_ssl..

2003-07-14 Thread achana

I am really hesitant to install mod_ssl since Apache2+Tomcat+mod_jk are
working so well together.
With every step forward, I cause more damages if smething goes wrong!
Once I install OpenSSL on Apache2, what will happen to the communication
with Tomcat?
All docs and references talk about Apache 1.3
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Installing mod_ssl on Apache2+Tomcat+mod_jk setup...

2003-07-14 Thread achana

Apache2.0.40 seems to ship with mod_ssl in the directory
.../httpd-2.0.40/modules/ssl.
But no mention of OpenSSL, although both ssl_util_ssl.c and
ssl_util_ssl.h refer to OpenSSL.
I ftp-ed openssl-0.9.76b.tar.gz , but they only tralk about Apache
1.3.24 as in :
# configure with-apache=../apache_1.3.24 with-ssl=./open22l-0.9.6c  etc
Am I to understand there is no mod_ssl for Apache2+  ???
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Seeking expression of interest (no agents please)

2003-01-10 Thread achana

Posted : Thursday, 10-Jan-2003
Position : may need 1 to 2 experienced JAVA contractors to help out ! 
Location : New York, NY
Pay : see "Whats on offer"
ReplyTo : [EMAIL][EMAIL PROTECTED][/EMAIL]

No agents please !
I have basic codes in need of major enhancements, you will need to stick
to the basic concept, but it would not throttle your creativity.

[B]What I need :[/B]
*  Coding JAVA applets and servlets in J2SDK  or J2EE ;
*  Coding applet to servlet communication and http-tunnelling  ;
*  Coding a2s in a secure environment e.g. 128 bit encryption; tunnel
through proxies etc ;
*  Solid working knowledge of JSP, SOAP, JNDI, and using .properties
files etc ;
*  Connecting to many databases  ;
*  Multi-threaded applications and database connection-pooling ;
*  Code to functional specifications ;
*  Know yourself - if you say 10 working days effort for completing task
xyz including functional testing, let it be so ! ;
*  Working knowledge of Apache-Tomcat; Sybase and Oracle; networking
over TCP/IP etc;
*  Reference site

[B]Desirable :[/B]
*  SUN certified ;
*  Relevant experience ;
*  Sense of humour, patience and willingness to listen to clients ;
*  Fluent and articulate native English speaker, some telephone support
may be necessary for implementation ;


[B]What's on offer :[/B]
*  1 month contract with possible 2 months extension - USD doAsk (not
much);
*  IF we survive this period, and you enjoy doing this kind of work and
see the possibilities,  then we can discuss again - will consider
sharing with the right people ;
*  Some overseas travelling and posting might be involved later on
(American citizens preferred, please understand).

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: HELP with catalina.policy

2003-01-07 Thread achana

Hi Jeanfrancois Arcand 

> >Is this a firewall problem from their end ???
> >
> Yes, It could be a firewall problem. IMO, It is more a privilege issue
> with NT. Have you try with Administrator privilege? Also, double check
> that your usesr have the proper java.security file with their JRE.
> 
Sounding silly again, but what does the client side (the NT box trying
to run the applet) need to do with java.security ???
THX

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: HELP with catalina.policy

2003-01-07 Thread achana

Hi Jeanfrancois Arcand 

> >Is this a firewall problem from their end ???
> >
> Yes, It could be a firewall problem. IMO, It is more a privilege issue
> with NT. Have you try with Administrator privilege? Also, double check
> that your usesr have the proper java.security file with their JRE.

Sorry to sound silly, I am aware of policy.exe in bin directory, but
waht do I need to do excatly.
Also, is it posible to run the applet on NT without Administrator
privilege. Many users do not have admin priv on their local machines.

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Where is JMeter for Linux/FreeBSD ?

2002-11-20 Thread achana

Ralph Einfeldt wrote:
> 
> Hey, jMeter is pure java. So it runs under any os
> for that there is a jdk.
Opps, besten Dank !  Zuerst genau anschauen dann eine Frage stellen.

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Where is JMeter for Linux/FreeBSD ?

2002-11-20 Thread achana

Hi!
Cannot seem to find a copy of JMeter for Linux, am I looking at the
right place ?
Would like to hear comments and pros and cons...

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Hugo : Serving PDF files on Apache2 + Tomcat4.1

2002-11-18 Thread achana

Hugo Villeneuve wrote:
> 
> I can share the experience I had with IE5, Tomcat 4.1 and serving dynamic
> PDF.
> IE 5 have a problem with the "Cache-Control" parameter in the HTTP 1.1
> header. With Tomcat 4.1, if I just send the pdf on the OutputStream every
> think is working fine. What is your problem exactly?

Where is the "Cache-control" ?

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Serving PDF files on Apache2 + Tomcat4.1

2002-11-18 Thread achana

Hugo Villeneuve wrote:
> 
> I can share the experience I had with IE5, Tomcat 4.1 and serving dynamic
> PDF.
> IE 5 have a problem with the "Cache-Control" parameter in the HTTP 1.1
> header. With Tomcat 4.1, if I just send the pdf on the OutputStream every
> think is working fine. What is your problem exactly?

I have finished functional testing of inserting gif , jpg and tif into
blobs and displaying them on IE. So far okay.
I tried that with pdf, the data part comes back from the db, but adobe
reader won't start and display the document in the browser.
Client side : W98, NT4, IE and Netscape
Server side : Apache2 + Tomcat4.0 + homegrown J2SDK codes + Ora9i

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Serving PDF files on Apache2 + Tomcat4.1

2002-11-16 Thread achana

Hi Hugo !
I have been trying to get .pdf files to display.
I am using IE4 on Apache/Tomcat.
.pdf is an Oracle blob . pdf does not display on IE but gif and jpg all
okay.
Did you get it working ?

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: openSSL - but at what point ???

2002-11-16 Thread achana

Hi Bill 
In other words, the discussion about switching SSL on for Tomcat is
premised upon a stand-alone Tomcat rather a collaborative Apache-Tomcat
scenario ???
TIA

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: System.out.println not working on servlets initialized when Tomcat starts

2002-11-15 Thread achana

Hi Travis 

Can you see them in $CATALINA_HOME/logs/catalina.out ???
That's how I debug my stuff

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

openSSL - but at what point ???

2002-11-15 Thread achana

Hi All.
I know this has been discussed ad nauseum, but I do need some
clarification conceptually.
By the time the web-server applet calls a servlet in Tomcat, the http
request has already gone pass the firewall.
Ideally, I would like to see anything between the web-server and the
browser encoded in SSL.
So my questions are :
(1) Is there a need for openSSL between Tomcat and web-server ?
(2) If I implement openSSL between web-server and browser, how will this
affect Tomcat downstream, if at all ?

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Startup.sh problems with JAVA_OPTS = Xmx ?

2002-11-07 Thread achana

Hi All
I got Xmx working and managed to monitor it with netstat -na
BUT I am puzzled why each user has 4 or more seesions (threads) ???

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: Using -Xmx128m cause BindException Error ???

2002-11-07 Thread achana

Hi All,

Yes, of course, I got a tat over excited.
Thanks, it seems to be working now with the Xmx128m option

Thanks all ! Wish I have a drink with you guys...

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Using -Xmx128m cause BindException Error ???

2002-11-07 Thread achana

Hi all.
I am trying to use JAVA_OPTS="-Xmx128m" and it causes these erros on
starting Tomcat.
If I remove that line, Tomcat starts without errors again.
Can someone tell me where I might have erred please ?


Starting service Default Tomcat-Apache-mod_jk
Apache Tomcat/4.0.4
java.net.BindException: Address already in use
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:321)
at java.net.ServerSocket.bind(ServerSocket.java:308)
at java.net.ServerSocket.bind(ServerSocket.java:266)
at java.net.ServerSocket.(ServerSocket.java:182)
at java.net.ServerSocket.(ServerSocket.java:138)

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Startup.sh problems with JAVA_OPTS = Xmx ?

2002-11-07 Thread achana

Hi.
I had some problems with insufficient memory and added the following
line to catalina.sh (somewhere after the comment# --- execute and
between 2 blocks of if-fi):
JAVA_OPTS="-Xmx128m"
When I startup with startup.sh I get the following errors ...
If I don't use JAVA_OPTS, no errors on startup, but after a short while,
insufficient memory (esp. when the second and subsequent wants to use it
:-(
**
Starting service Default Tomcat-Apache-mod_jk
Apache Tomcat/4.0.4
java.net.BindException: Address already in use
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:321)
at java.net.ServerSocket.bind(ServerSocket.java:308)
at java.net.ServerSocket.bind(ServerSocket.java:266)
at java.net.ServerSocket.(ServerSocket.java:182)
at java.net.ServerSocket.(ServerSocket.java:138)
at
org.apache.catalina.net.DefaultServerSocketFactory.createSocket(DefaultServerSocketFactory.java:118)
at org.apache.ajp.tomcat4.Ajp13Connector.open(Ajp13Connector.java:797)
at
org.apache.ajp.tomcat4.Ajp13Connector.start(Ajp13Connector.java:1013)
at
org.apache.catalina.core.StandardService.start(StandardService.java:395)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:506)
at org.apache.catalina.startup.Catalina.start(Catalina.java:781)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
java.lang.NullPointerException
at org.apache.ajp.tomcat4.Ajp13Connector.run(Ajp13Connector.java:841)
at java.lang.Thread.run(Thread.java:536)
java.lang.IllegalThreadStateException
at java.lang.ThreadGroup.add(ThreadGroup.java:798)
at java.lang.Thread.init(Thread.java:303)
at java.lang.Thread.(Thread.java:440)
at
org.apache.ajp.tomcat4.Ajp13Processor.threadStart(Ajp13Processor.java:576)
at org.apache.ajp.tomcat4.Ajp13Processor.start(Ajp13Processor.java:666)
at
org.apache.ajp.tomcat4.Ajp13Connector.newProcessor(Ajp13Connector.java:769)
at
org.apache.ajp.tomcat4.Ajp13Connector.start(Ajp13Connector.java:1025)
at
org.apache.catalina.core.StandardService.start(StandardService.java:395)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:506)
at org.apache.catalina.startup.Catalina.start(Catalina.java:781)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
**

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Re: USing JAVA_OPTS -Xmx :-)

2002-11-07 Thread achana

"Shapira, Yoav" wrote:

Thanks

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

1 2 >

1 - 100 of 173 matches

Mail list logo