Sharat, On 3/29/2017 9:23 AM, Sharat Jagannath wrote: > I get a 404 error when I call my server endpoint with wss. > I'm using tomcat 9 which sits behind ngnix. Does that make a difference? > here's how my server.xml looks like- > > > <?xml version='1.0' encoding='utf-8'?> > <!-- > Licensed to the Apache Software Foundation (ASF) under one or more > contributor license agreements. See the NOTICE file distributed with > this work for additional information regarding copyright ownership. > The ASF licenses this file to You under the Apache License, Version 2.0 > (the "License"); you may not use this file except in compliance with > the License. You may obtain a copy of the License at > > http://www.apache.org/licenses/LICENSE-2.0 > > Unless required by applicable law or agreed to in writing, software > distributed under the License is distributed on an "AS IS" BASIS, > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > See the License for the specific language governing permissions and > limitations under the License. > --> > <!-- Note: A "Server" is not itself a "Container", so you may not > define subcomponents such as "Valves" at this level. > Documentation at /docs/config/server.html > --> > <Server port="8005" shutdown="SHUTDOWN"> > <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> > <!-- Security listener. Documentation at /docs/config/listeners.html > <Listener className="org.apache.catalina.security.SecurityListener" /> > --> > <!--APR library loader. Documentation at /docs/apr.html --> > <Listener className="org.apache.catalina.core.AprLifecycleListener" > SSLEngine="on" /> > <!-- Prevent memory leaks due to use of particular java/javax APIs--> > <Listener > className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> > <Listener > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> > <Listener > className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> > > > <!-- Global JNDI resources > Documentation at /docs/jndi-resources-howto.html > --> > <GlobalNamingResources> > <!-- Editable user database that can also be used by > UserDatabaseRealm to authenticate users > --> > <Resource name="UserDatabase" auth="Container" > type="org.apache.catalina.UserDatabase" > description="User database that can be updated and saved" > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > pathname="conf/tomcat-users.xml" /> > </GlobalNamingResources> > > <!-- A "Service" is a collection of one or more "Connectors" that share > a single "Container" Note: A "Service" is not itself a "Container", > so you may not define subcomponents such as "Valves" at this level. > Documentation at /docs/config/service.html > --> > <Service name="Catalina"> > > <!--The connectors can use a shared executor, you can define one or > more named thread pools--> > <!-- > <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" > maxThreads="150" minSpareThreads="4"/> > --> > > > <!-- A "Connector" represents an endpoint by which requests are received > and responses are returned. Documentation at : > Java HTTP Connector: /docs/config/http.html > Java AJP Connector: /docs/config/ajp.html > APR (HTTP/AJP) Connector: /docs/apr.html > Define a non-SSL/TLS HTTP/1.1 Connector on port 80 > --> > > > <Connector port="80" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" URIEncoding="UTF-8" > useBodyEncodingForURI="true" compression="on" compressionMinSize="2048" > noCompressionUserAgents="gozilla, traviata" > compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript" > /> > > > <!-- A "Connector" using the shared thread pool--> > <!-- > <Connector executor="tomcatThreadPool" > port="8080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" /> > --> > <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 > This connector uses the NIO implementation with the JSSE engine. > When > using the JSSE engine, the JSSE configuration attributes must be > used. > --> > <!-- > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > maxThreads="150" SSLEnabled="true"> > <SSLHostConfig> > <Certificate certificateKeystoreFile="conf/keystore-rsa.pem" > type="RSA" /> > </SSLHostConfig> > </Connector> > --> > <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 > This connector uses the APR/native implementation. When using the > APR/native implementation or the OpenSSL engine with NIO or NIO2 > then > the OpenSSL configuration attributes must be used. > --> > <!-- > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11AprProtocol" > maxThreads="150" SSLEnabled="true" > > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" > /> > <SSLHostConfig honorCipherOrder="false" > > <Certificate certificateKeyFile="conf/localhost-rsa-key.pem" > certificateFile="conf/localhost-rsa-cert.pem" > certificateChainFile="conf/localhost-rsa-chain.pem" > type="RSA" /> > </SSLHostConfig> > </Connector> > --> > > <!-- Define an AJP 1.3 Connector on port 8009 --> > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> > > > <!-- An Engine represents the entry point (within Catalina) that > processes > every request. The Engine implementation for Tomcat stand alone > analyzes the HTTP headers included with the request, and passes > them > on to the appropriate Host (virtual host). > Documentation at /docs/config/engine.html --> > > <!-- You should set jvmRoute to support load-balancing via AJP ie : > <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> > --> > <Engine name="Catalina" defaultHost="localhost" jvmRoute="dev02"> > > > <!--For clustering, please take a look at documentation at: > /docs/cluster-howto.html (simple how to) > /docs/config/cluster.html (reference documentation) --> > <!-- > <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> > --> > > <!-- Use the LockOutRealm to prevent attempts to guess user passwords > via a brute-force attack --> > <Realm className="org.apache.catalina.realm.LockOutRealm"> > <!-- This Realm uses the UserDatabase configured in the global JNDI > resources under the key "UserDatabase". Any edits > that are performed against this UserDatabase are immediately > available for use by the Realm. --> > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > resourceName="UserDatabase"/> > </Realm> > > <Host name="localhost" appBase="webapps" > unpackWARs="true" autoDeploy="true"> > > <!-- SingleSignOn valve, share authentication between web > applications > Documentation at: /docs/config/valve.html --> > <!-- > <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> > --> > > <!-- Access log processes all example. > Documentation at: /docs/config/valve.html > Note: The pattern used is equivalent to using pattern="common" > --> > <Valve className="org.apache.catalina.valves.AccessLogValve" > directory="logs" > prefix="localHost_access_log" suffix=".txt" > pattern="%h %l %u %t "%r" %s %b" /> > > </Host> > </Engine> > </Service> > </Server> > > > > On Mar 29, 2017 6:24 AM, "calder" <calder....@gmail.com> wrote: > >> On Tuesday, March 28, 2017, Sharat Jagannath <sharsm...@gmail.com> wrote: >> >>> how do i setup websocket on server side for using wss with tomcat config? >>> is there any config i need to do with tomcat? any certification to setup? >> >> >>> >> >> Read up using the How-to: >> >> https://tomcat.apache.org/tomcat-8.0-doc/web-socket-howto.html >> >> >> http://tomcat-configure.blogspot.com/2014/05/tomcat-websock >> et-example.html >> >
Two things to try: 1. Have you tried to connect without using NGINX as a front end proxy? 2. Have you configured your NGINX server appropriately? See the following for configuring NGINX to act as a websocket proxy: http://nginx.org/en/docs/http/websocket.html https://www.nginx.com/blog/websocket-nginx/ Also, see the following: http://tomcat.apache.org/tomcat-9.0-doc/web-socket-howto.html and follow the links to look at both the server and client side code. Please note that I've not done any of this, since I have Tomcat sitting behind Apache HTTPD 2.2. I have not ported the proxy_wstunnel module from Apache HTTPD 2.4 to 2.2. . . . just my two cents /mde/ Please note that I've not done any of this.
signature.asc
Description: OpenPGP digital signature
