Rainer, Thanks again for being patient with me. I've seen some different behavior this morning. When I am trying to access my page, I get "Service Temporary Unavailable", which is better than what I was receiving.
[Thu Aug 05 09:12:49.655 2010] [10216:8452] [debug] jk_uri_worker_map.c (1036): Attempting to map URI '/geoweb1b.eims.local/geoportal' from 2 maps [Thu Aug 05 09:12:49.686 2010] [10216:8452] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/geoportal/*=worker1' source 'uriworkermap' [Thu Aug 05 09:12:49.702 2010] [10216:8452] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/geoportal=worker1' source 'uriworkermap' [Thu Aug 05 09:12:49.733 2010] [10216:8452] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/geoportal/*=worker1' source 'uriworkermap' [Thu Aug 05 09:12:49.749 2010] [10216:8452] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/geoportal=worker1' source 'uriworkermap' [Thu Aug 05 09:12:49.764 2010] [10216:8452] [debug] jk_uri_worker_map.c (873): Found an exact match '/geoportal=worker1' [Thu Aug 05 09:12:49.780 2010] [10216:8452] [debug] jk_isapi_plugin.c (1916): check if [/geoportal] points to the web-inf directory [Thu Aug 05 09:12:49.795 2010] [10216:8452] [debug] jk_isapi_plugin.c (1932): [/geoportal] is a servlet url - should redirect to worker1 [Thu Aug 05 09:12:49.811 2010] [10216:8452] [debug] jk_isapi_plugin.c (1972): fowarding escaped URI [/geoportal] [Thu Aug 05 09:12:49.827 2010] [10216:8452] [debug] jk_worker.c (339): Maintaining worker worker1 [Thu Aug 05 09:12:49.842 2010] [10216:8452] [debug] jk_isapi_plugin.c (2792): Reading extension header HTTP_TOMCATWORKER6A6B0000: worker1 [Thu Aug 05 09:12:49.858 2010] [10216:8452] [debug] jk_isapi_plugin.c (2793): Reading extension header HTTP_TOMCATWORKERIDX6A6B0000: 1 [Thu Aug 05 09:12:49.889 2010] [10216:8452] [debug] jk_isapi_plugin.c (2794): Reading extension header HTTP_TOMCATURI6A6B0000: /geoportal [Thu Aug 05 09:12:49.905 2010] [10216:8452] [debug] jk_isapi_plugin.c (2795): Reading extension header HTTP_TOMCATQUERY6A6B0000: (null) [Thu Aug 05 09:12:49.920 2010] [10216:8452] [debug] jk_isapi_plugin.c (2850): Applying service extensions [Thu Aug 05 09:12:49.936 2010] [10216:8452] [debug] jk_isapi_plugin.c (2930): Client Certificate encoding:1 sz:1022 flags:1 [Thu Aug 05 09:12:49.952 2010] [10216:8452] [debug] jk_isapi_plugin.c (3108): Service protocol=HTTP/1.1 method=GET host=150.xxx.xx.xx addr=150.xxx.xx.xx name=myserver.server.local port=443 auth=SSL/PCT user=EIMS\john.doe uri=/geoportal [Thu Aug 05 09:12:49.967 2010] [10216:8452] [debug] jk_isapi_plugin.c (3120): Service request headers=8 attributes=9 chunked=no content-length=0 available=0 [Thu Aug 05 09:12:49.983 2010] [10216:8452] [debug] jk_worker.c (116): found a worker worker1 [Thu Aug 05 09:12:49.999 2010] [10216:8452] [debug] jk_isapi_plugin.c (2162): got a worker for name worker1 [Thu Aug 05 09:12:50.030 2010] [10216:8452] [debug] jk_ajp_common.c (3093): acquired connection pool slot=0 after 0 retries [Thu Aug 05 09:12:50.045 2010] [10216:8452] [debug] jk_ajp_common.c (605): ajp marshaling done [Thu Aug 05 09:12:50.061 2010] [10216:8452] [debug] jk_ajp_common.c (2376): processing worker1 with 2 retries [Thu Aug 05 09:12:50.077 2010] [10216:8452] [debug] jk_ajp_common.c (1579): (worker1) all endpoints are disconnected. [Thu Aug 05 09:12:50.092 2010] [10216:8452] [debug] jk_connect.c (480): socket TCP_NODELAY set to On [Thu Aug 05 09:12:50.108 2010] [10216:8452] [debug] jk_connect.c (604): trying to connect socket 712 to 127.0.0.1:8009 [Thu Aug 05 09:12:51.061 2010] [10216:8452] [info] jk_connect.c (622): connect to 127.0.0.1:8009 failed (errno=61) [Thu Aug 05 09:12:51.061 2010] [10216:8452] [info] jk_ajp_common.c (959): Failed opening socket to (127.0.0.1:8009) (errno=61) [Thu Aug 05 09:12:51.092 2010] [10216:8452] [error] jk_ajp_common.c (1585): (worker1) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=61) [Thu Aug 05 09:12:51.108 2010] [10216:8452] [info] jk_ajp_common.c (2540): (worker1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1) [Thu Aug 05 09:12:51.124 2010] [10216:8452] [debug] jk_ajp_common.c (2397): retry 1, sleeping for 100 ms before retrying [Thu Aug 05 09:12:51.249 2010] [10216:8452] [debug] jk_ajp_common.c (1579): (worker1) all endpoints are disconnected. [Thu Aug 05 09:12:51.249 2010] [10216:8452] [debug] jk_connect.c (480): socket TCP_NODELAY set to On [Thu Aug 05 09:12:51.280 2010] [10216:8452] [debug] jk_connect.c (604): trying to connect socket 712 to 127.0.0.1:8009 [Thu Aug 05 09:12:52.264 2010] [10216:8452] [info] jk_connect.c (622): connect to 127.0.0.1:8009 failed (errno=61) [Thu Aug 05 09:12:52.280 2010] [10216:8452] [info] jk_ajp_common.c (959): Failed opening socket to (127.0.0.1:8009) (errno=61) [Thu Aug 05 09:12:52.295 2010] [10216:8452] [error] jk_ajp_common.c (1585): (worker1) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=61) [Thu Aug 05 09:12:52.311 2010] [10216:8452] [info] jk_ajp_common.c (2540): (worker1) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2) [Thu Aug 05 09:12:52.327 2010] [10216:8452] [error] jk_ajp_common.c (2559): (worker1) connecting to tomcat failed. [Thu Aug 05 09:12:52.342 2010] [10216:8452] [error] jk_isapi_plugin.c (2195): service() failed with http error 503 [Thu Aug 05 09:12:52.374 2010] [10216:8452] [debug] jk_ajp_common.c (757): (worker1) resetting endpoint with sd = 4294967295 (socket shutdown) [Thu Aug 05 09:12:52.389 2010] [10216:8452] [debug] jk_ajp_common.c (3010): recycling connection pool slot=0 for worker worker1 -----Original Message----- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Thursday, August 05, 2010 4:13 AM To: Tomcat Users List Subject: Re: Tomcat 6.0.18/ IIS 6.0 /SSL See below On 04.08.2010 22:17, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00 wrote: > Rainer, > Do you have a suggestion? Do I need to change my worker.properties? > Sorry, I'm new to Tomcat, I appreciate your help. > > -----Original Message----- > From: Rainer Jung [mailto:rainer.j...@kippdata.de] > Sent: Wednesday, August 04, 2010 4:09 PM > To: Tomcat Users List > Subject: Re: Tomcat 6.0.18/ IIS 6.0 /SSL > > On 04.08.2010 21:50, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00 wrote: >> I did read your post and I changed the Port Number. >> >> "<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> >> This connector should be used depending on your redirector config >> which we haven't seen yet >> >> Here is my workers.properties: >> >> worker.list=worker1 >> worker.worker1.type=ajp13 >> worker.worker1.host=127.0.0.1 >> worker.worker1.port=8009 >> >> Here is my uriworkermap.properties: >> >> /geoportal|/*=worker1 > > This didn't work, since the log snippet said it tried to use a worker > named "ajp13", not "worker1". "This" = uriworkermap.properties. So what did you do to let IIS find your uriworkermap.properties? Can we be sure that works? Does your redirector debug log file indicate - that it finds and reads the right uriworkermap.properties file - that it finds the right map in there and thus tries to use a worker named "worker1" - is your request URL actually starting with "/geoportal/" or equal to "geoportal"? What is the URL you are testing with? Regards, Rainer >> -----Original Message----- >> From: Rainer Jung [mailto:rainer.j...@kippdata.de] >> Sent: Wednesday, August 04, 2010 3:40 PM >> To: Tomcat Users List >> Subject: Re: Tomcat 6.0.18/ IIS 6.0 /SSL >> >> On 04.08.2010 20:58, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00 > wrote: >>> Jung, >>> I'm still getting the errors. >> >> Why shouldn't you? >> Did you actually read my post? >> Which parts didn't you understand? >> >>> <Connector port="8080" protocol="Java HTTP" ----What protocol should I >> use >>> here (do not want to expose) >>> connectionTimeout="20000" >>> redirectPort="80" /> >> >> This connector is *not* involved when using >> >> Browser -> IIS/Redirector -> Tomcat >> >>> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" >>> -------------Does this look right? >>> maxThreads="150" scheme="https" secure="true" >>> clientAuth="false" sslProtocol="TLSv1" >>> keystoreFile="C:\Program Files (x86)\Apache > Software >>> Foundation\Tomcat 6.0\conf\cert.pfx" >>> keystorePass="password" >>> keystoreType="pkcs12" /> >> >> This one neither. >> >>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> >>> -----------------Is this where my actual authentication is taking place? >> This connector should be used depending on your redirector config >> which we haven't seen yet. >> >> The error message you provided doesn't have to do with authentication. >> Authentication problems might show up after you solved your worker >> configuration problem. Until now your IIS doesn't even talk to Tomcat. >> >> Regards, >> >> Rainer >> >>> >>> -----Original Message----- >>> From: Rainer Jung [mailto:rainer.j...@kippdata.de] >>> Sent: Wednesday, August 04, 2010 1:38 PM >>> To: Tomcat Users List >>> Subject: Re: Tomcat 6.0.18/ IIS 6.0 /SSL >>> >>> On 04.08.2010 18:07, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, >>> 55E00 >> wrote: >>>> >>>> >>>> I am trying to get Tomcat and IIS configured on my secure web >>>> server >>>> (SSL) so that I can access my deployed web application via https >>>> and NOT over http. Connection to non-SSL works, but I cannot have >>>> that connection due to security. >>>> >>>> I want to run Tomcat through IIS, and I have configured it using >>>> the isapi_redirect.dll (thanks to Electronjockey). However, when I try >>>> and hit my https://site/geoportal<https://site/geoportal> my >>>> credentials do not carry me through to the web application, instead >>>> I receive "Internet Explorer Cannot Display Webpage". Can someone >>>> help me out on how to configure my server.xml and interpretting my >>>> log files >> please? >>>> I have even tried to export my server certificate, and call it >>>> using the keystore:"", still not working. I'm a Tomcat green horn, >>>> any help would be awesome. >>>> >>>> Isapi_redirect.log file: Looks like some sort of authentication is >>>> being passed, then the ajp13 is not found? >>>> >>>> [Wed Aug 04 11:51:15.901 2010] [10712:8360] [debug] >>>> jk_isapi_plugin.c >>>> (3108): Service protocol=HTTP/1.1 method=GET host=150.125.174.70 >>>> addr=150.125.174.70 name=mywebsite port=443 auth=SSL/PCT >>>> user=EIMS\john.doe uri=/jakarta/isapi_redirect.dll >>>> >>>> [Wed Aug 04 11:51:15.916 2010] [10712:8360] [debug] >>>> jk_isapi_plugin.c >>>> (3120): Service request headers=5 attributes=9 chunked=no >>>> content-length=0 available=0 >>>> >>>> [Wed Aug 04 11:51:15.932 2010] [10712:8360] [debug] jk_worker.c (116): >>>> did not find a worker ajp13 >>>> [Wed Aug 04 11:51:15.948 2010] [10712:8360] [debug] >>>> jk_isapi_plugin.c >>>> (2162): could not get a worker for name ajp13 [Wed Aug 04 >>>> 11:51:15.979 2010] [10712:8360] [error] jk_isapi_plugin.c >>>> (2210): could not get a worker for name ajp13 >>> >>> Hard to tell without knowing the version of the isapi redirector, >>> not having your configuration. This looks like: >>> >>> - it is trying to use a worker named ajp13 to connect to Tomcat. >>> Lile y you have configured the redirector to use this worker within >>> your uriworkermap.properties file >>> >>> - the redirector doesn't know how to use this worker. Either you are >>> missing the workers.properties configuration file or there is no >>> definition for a worker named ajp13 in the file. >>> >>> A good starting point for a workers.properties file is the example >>> file contained in the source distribution of version 1.2.30. Please >>> do also use this version of the redirector. >>> >>> Note: from the point of view of Tomcat it doesn't really matter >>> whether you are talking http or https in the browser. This protocol >>> is only used between the browser and IIS. Between IIS and Tomcat >>> when using the isapi redirector the protocol is always AJP13 (it is >>> just coincidence, that this is the same name as the name of the >>> worker in your logs). The protocol is similar to HTTP but binary and >>> it transports the information whether the browser used http or >>> https, so Tomcat is aware of this. This protocol does not use the >>> http or https >> connectors in server.xml, only the AJP13 connector. >>> >>>> Here is the meat of my server.xml (pretty sure it's wrong): >>>> >>>> <!-- A "Connector" represents an endpoint by which requests are >>>> received and responses are returned. Documentation at : >>>> Java HTTP Connector: /docs/config/http.html (blocking& non-blocking) >>>> Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: >>>> /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 >>>> --> >>>> <Connector port="8080" protocol="HTTP/1.1" >>>> connectionTimeout="20000" >>>> redirectPort="80" /> >>>> <!-- A "Connector" using the shared thread pool--> >>>> >>>> <Connector executor="tomcatThreadPool" >>>> port="8009" protocol="HTTP/1.1" >>>> connectionTimeout="20000" >>>> redirectPort="443" /> >>>> >>>> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector >>>> uses the JSSE configuration, when using APR, the connector should >>>> be using the OpenSSL style configuration described in the APR >>>> documentation >>>> --> >>>> >>>> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" >>>> maxThreads="150" scheme="https" secure="true" >>>> clientAuth="false" sslProtocol="TLSv1" >>>> keystoreFile="C:\Program Files (x86)\Apache Software >>>> Foundation\Tomcat 6.0\conf\cert.pfx" >>>> keystorePass="mypassword" >>>> keystoreType="pkcs12" /> >>>> >>>> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector >>>> port="8009" protocol="AJP/1.3" redirectPort="8443" /> >>> >>> Two connectors, both on port 8009, will not work. Use the latter one. >>> >>> Regards, >>> >>> Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
smime.p7s
Description: S/MIME cryptographic signature
