Hi Mark,
I want to use 3 Tomcat on the Linux Server .
For each Ip (DNS ALIAS) one Tomcat.
I use this configuration with Tomcat 9.x and it works fine.
Now I start following sever.xml but the Problem is the Same.
Rgds
correct Domian Name and IP (sorry for the confusion)
10.100.142.30 = one.domain.loc
10.100.142.32 = two.domain.loc
10.100.142.31 = three.domain.loc
Server.xml
<Connector executor="tomcatThreadPool"
address="10.100.142.32"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector
address="10.100.142.32"
port="8443"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
maxThreads="150"
scheme="https"
enableLookups="false"
SSLEnabled="true" defaultSSLHostConfigName="two.domain.loc" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig hostName="two.domain.loc"
protocols="TLSv1.2,+TLSv1.1,+TLSv1">
<Certificate
certificateKeystoreFile="/apps/vr_apps/keystore/jlib.jks.2020.11"
certificateKeystorePassword="changeit"
type="RSA" />
</SSLHostConfig>
</Connector>
catalina.out
21-Jan-2022 11:22:23.033 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djava.util.logging.config.file=/apps/vr_apps/logfiles/tomcat/conf/logging.properties
21-Jan-2022 11:22:23.033 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
21-Jan-2022 11:22:23.033 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Xms128M
21-Jan-2022 11:22:23.034 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Xmx4096m
21-Jan-2022 11:22:23.034 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-XX:+UseParallelGC
21-Jan-2022 11:22:23.034 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Dfile.encoding=UTF-8
21-Jan-2022 11:22:23.034 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-XX:+HeapDumpOnOutOfMemoryError
21-Jan-2022 11:22:23.034 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-XX:HeapDumpPath=/apps/vr_apps/logfiles/tomcat/temp
21-Jan-2022 11:22:23.034 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djdk.tls.ephemeralDHKeySize=2048
21-Jan-2022 11:22:23.034 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources
21-Jan-2022 11:22:23.034 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Dorg.apache.catalina.security.SecurityListener.UMASK=0027
21-Jan-2022 11:22:23.035 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Dignore.endorsed.dirs=
21-Jan-2022 11:22:23.035 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Dcatalina.base=/apps/vr_apps/logfiles/tomcat
21-Jan-2022 11:22:23.035 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Dcatalina.home=/apps/vr_apps/logfiles/tomcat
21-Jan-2022 11:22:23.035 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djava.io.tmpdir=/apps/vr_apps/logfiles/tomcat/temp
21-Jan-2022 11:22:23.036 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The Apache Tomcat
Native library which allows using OpenSSL was not found on the
java.library.path: [/usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib]
21-Jan-2022 11:22:23.274 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["http-nio-10.100.142.32-8080"]
21-Jan-2022 11:22:23.311 INFO [main]
org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The
["https-jsse-nio2-10.100.142.32-8443"] connector has been configured to support
negotiation to [h2] via ALPN
21-Jan-2022 11:22:23.311 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["https-jsse-nio2-10.100.142.32-8443"]
21-Jan-2022 11:22:23.477 INFO [main] org.apache.catalina.startup.Catalina.load
Server initialization in [621] milliseconds
21-Jan-2022 11:22:23.516 INFO [main]
org.apache.catalina.core.StandardService.startInternal Starting service
[Catalina]
21-Jan-2022 11:22:23.516 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine:
[Apache Tomcat/10.0.14]
21-Jan-2022 11:22:23.528 INFO [main]
org.apache.catalina.startup.HostConfig.deployWAR Deploying web application
archive [/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/vrrplistlog.war]
21-Jan-2022 11:22:23.700 INFO [main]
org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application
archive [/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/vrrplistlog.war]
has finished in [172] ms
21-Jan-2022 11:22:23.701 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory
[/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/ROOT]
21-Jan-2022 11:22:23.713 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory
[/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/ROOT] has finished in
[12] ms
21-Jan-2022 11:22:23.714 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory
[/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/fxrates]
21-Jan-2022 11:22:23.725 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory
[/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/fxrates] has finished in
[12] ms
21-Jan-2022 11:22:23.725 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory
[/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/docs]
21-Jan-2022 11:22:23.737 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory
[/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/docs] has finished in
[11] ms
21-Jan-2022 11:22:23.737 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory
[/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/host-manager]
21-Jan-2022 11:22:23.758 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory
[/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/host-manager] has
finished in [20] ms
21-Jan-2022 11:22:23.758 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory
[/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/examples]
21-Jan-2022 11:22:23.892 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory
[/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/examples] has finished in
[134] ms
21-Jan-2022 11:22:23.893 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory
[/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/manager]
21-Jan-2022 11:22:23.908 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory
[/apps/vr_apps/logfiles/apache-tomcat-10.0.14/webapps/manager] has finished in
[15] ms
21-Jan-2022 11:22:23.911 INFO [main] org.apache.coyote.AbstractProtocol.start
Starting ProtocolHandler ["http-nio-10.100.142.32-8080"]
21-Jan-2022 11:22:23.915 INFO [main] org.apache.coyote.AbstractProtocol.start
Starting ProtocolHandler ["https-jsse-nio2-10.100.142.32-8443"]
21-Jan-2022 11:22:23.916 INFO [main] org.apache.catalina.startup.Catalina.start
Server startup in [439] milliseconds
Jaebo Nah
Deutsche Pfandbriefbank AG
Information Technology
Application Management Front Office
Ludwig-Erhard-Strasse 14
65760 Eschborn, Germany
T: +49 6196 9727-209
[email protected]
http://www.pfandbriefbank.com
Bitte denken Sie an die Umwelt und verzichten möglichst auf den Ausdruck von
E-Mails.
Please think about the environment before printing the email.
Management Board: Andreas Arndt (CEO), Thomas Köntgen (Deputy CEO), Andreas
Schenk, Marcus Schulte; Chairman of the Supervisory Board: Dr. Günther Bräunig;
Registered office: Munich; Legal form: Aktiengesellschaft; Commercial register:
Local Court Munich, HRB 41054
The information contained in this message is confidential or protected by law.
If you are not the intended recipient, please contact the sender and delete
this message. Any unauthorized copying of this message or unauthorized
distribution of the information contained herein is prohibited.
Unsere aktuell gültigen Datenschutzhinweise finden Sie unter
https://www.pfandbriefbank.com/datenschutz/europaeische-datenschutz-grundverordnung-eu-dsgvo.html
The currently valid data protection information can be found at
https://www.pfandbriefbank.com/en/privacy/translate-to-english-europaeische-datenschutz-grundvero.html
-----Original Message-----
From: Mark Thomas <[email protected]>
Sent: Friday, January 21, 2022 10:49 AM
To: [email protected]
Subject: Re: tomcat-10.0.x Problem https multiple IP
On 21/01/2022 09:29, Jaebo Nah wrote:
> Dear all,
>
> I want to use a Tomcat apache-tomcat-10.0.14 with https .
>
> The Linux Server have multiple ip Address with different Domain Names
>
> 10.100.142.30 = one.domain.loc
>
> 10.100.142.31 = two.domain.loc
>
> 10.100.142.32 = three.domain.loc
>
> When I try to connect to the Tomcat with https://two.domain.loc:8443
> <https://two.domain.loc:8443>
>
> I get the following Error
>
> NET::ERR_CERT_COMMON_NAME_INVALID
>
> This server could not prove that it is two.domain.loc. Its security
> certificate is from three.domain.loc. Possible reasons are a
> misconfiguration or an attacker intercepting your connection.
>
> The connection to one.domain.loc is similar as two.domain.loc .
>
> Only the connection to three.domain.loc is working.
>
> Thx for your answer
What do the logs show for this connector when Tomcat starts?
> server.xml
>
> <Connector
>
> address=" two.domain.loc"
That looks wrong. address should be an IP address. I suspect this is being
ignored and the connector is listening on all IP addresses. If that is what you
want, just remove this setting
> port="8443"
>
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> maxThreads="150"
>
> scheme="https"
>
> enableLookups="false"
>
> SSLEnabled="true" defaultSSLHostConfigName="10.100.142.32" >
You want to use host names here, not IP addresses.
> <UpgradeProtocol
> className="org.apache.coyote.http2.Http2Protocol" />
>
> <SSLHostConfig hostName="10.100.142.32"
Same here. Host name, not IP address.
> protocols="TLSv1.2,+TLSv1.1,+TLSv1">
>
> <Certificate
>
> certificateKeystoreFile="/apps/vr_apps/keystore/jlib.jks.2020.11"
>
> certificateKeystorePassword="changeit"
>
> type="RSA" />
>
> </SSLHostConfig>
You have only configured one SSLHost so all requests will go to that host and
use that certificate.
You need 2 more HostConfig sections. 5 more if you want Tomcat to respond to
requests that use hostnames and requests that use IP addresses.
>
> </Connector>
If you want Tomcat to respond to requests that use hostnames and
requests that use IP addresses you'd be better off with 3 Connectors
each with address set for the IP and an SSLHostConfig section that
configured the appropriate certificate.
If you wanted to share a thread pool across those connectors then you
could use an Executor.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
