Hash: SHA256


On 2/25/20 13:10, Ellen Meiselman wrote:
> No, just that I don't know how to set this particular connector up
> another way. I based this on the instructions on the
> isapi_connector site
> http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
> and on the 2 older servers we have which are working.> I'm sort of
> thinking of suggesting that we get rid of IIS entirely and switch
> to Tomcat. Then we can run the necessary Java application and also
> serve all the HTML items we need to using the same web server.
Tomcat is a perfectly good "plain old" web server. Some security
people get all freaked-out when you suggest that Tomcat be exposed
"directly" but IMHO it can't be any worse than IIS.

But also IMHO there are always reasons to use a reverse proxy:
flexibility and availability. When you are restarting Tomcat for
whatever reason, what will clients see if they try to access your
application? CONNECTION REFUSED? :( With the proxy in the way, that is
much less likely. Also, if you want to serve Java web applications,
python web applications, .NET whatevers, you'll be able to do that
much more flexibly with a reverse-proxy in the mix.

- -chris

> On Tue, Feb 25, 2020 at 1:01 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
> Ellen,
> On 2/25/20 12:55, Ellen Meiselman wrote:
>>>> Sorry - no, the quotes were not there except for a 5 minute
>>>> test of a hopeless theory that they might be needed. Right
>>>> now there is no secret at all in the workers.properties, and
> in the
>>>> ajp connector, i have secretRequired ="false".
>>>> Workers.properties: worker.worker1.type=ajp13
>>>> worker.worker1.host= worker.worker1.port=8009
>>>> Server.xml: <Connector protocol="AJP/1.3"
>>>> address="" port="8009" secretRequired="false"
>>>> redirectPort="8443" />
> Hmm. I think we've all been operating under the assumption that
> the "secret" (by whatever name) was the source of the problem. It
> appears that was incorrect.
> Have a look at Jon's question about file permissions.
> Was this a configuration that had been working until recently, or
> is this a new configuration that you haven't (yet) been able to get
> working ?
> Any reason not to use HTTP(S) for your protocol instead of AJP?
> -chris
>>>> On Tue, Feb 25, 2020 at 12:35 PM Christopher Schultz <
>>>> ch...@christopherschultz.net> wrote:
>>>> Ellen,
>>>> On 2/25/20 12:06, Ellen Meiselman wrote:
>>>>>>> Yes, everything is on the same server.
>>>>>>> workers.properties: # Set properties for worker1
>>>>>>> (ajp13) worker.worker1.type=ajp13
>>>>>>> worker.worker1.host= worker.worker1.port=8009
>>>>>>> worker.worker1.secret="mySecret".
>>>> Just so there is no confusion: your "mySecret" should have
>>>> neither quotes nor the trailing period.
>>>> Are those literally in your ISS config file?
>>>> -chris
>>>>>>> On Tue, Feb 25, 2020 at 11:27 AM
>>>>>>> <jonmcalexan...@wellsfargo.com.invalid> wrote:
>>>>>>>> -----Original Message----- From: Ellen Meiselman
>>>>>>>> <elle...@gmail.com> Sent: Tuesday, February 25, 2020
>>>>>>>> 10:01 AM To: Tomcat Users List
>>>>>>>> <users@tomcat.apache.org> Subject: Re: At wits end:
>>>>>>>> Difficulties with IIS ISAPI connector and Tomcat
>>>>>>>>> Hi,
>>>>>>>>> I've been testing, and so far, there is no change
>>>>>>>>> in the behavior. I am
>>>>>>>> still getting the same tomcat->based 403 error.
>>>>>>>>> Based on what you said above...
>>>>>>>>> secretRequired="true" (which is the default, so it
>>>>>>>>> can be removed) secret="xxxxxxx"
>>>>>>>>> ...I removed secretRequired="true" and left secret.
>>>>>>>>> So the connector
>>>>>>>> definition now looks like this:
>>>>>>>>> <Connector protocol="AJP/1.3" address=""
>>>>>>>>> port="8009" secret="mySecret" redirectPort="8443"
>>>>>>>>> />
>>>>>>>> <SNIP>
>>>>>>>> I'm assuming that your web-front-end is on the same
>>>>>>>> server as your Tomcat instance, based on you having
>>>>>>>> the address set to, correct? What do you
>>>>>>>> have in your workers.properties file?
>>>>> ------------------------------------------------------------------
- ---
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>> For additional commands, e-mail:
>>>>> users-h...@tomcat.apache.org
>> ---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to