Tag Archives: tomcat

Configure Tomcat 7 to use HTTPS

29 Monday Sep 2014

Posted by in Apache Tomcat, Application Servers, Java, Linux / UNIX

Comments Off on Configure Tomcat 7 to use HTTPS

Tags

, ,

The following steps were used to configure a Tomcat 7 server listening on port 8081 to use https and forward regular http connections on port 80 to the standard https port 443.

Port forwarding:

sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8081
sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
sudo service iptables save
sudo service iptables restart

Standard port 80 connections will be forwarded to Tomcat at port 8081 and it will decide what to do (Tomcat is told to forward that to port 443 later). Standard port 443 connections are forwarded to port 8443, which is a new connector we will configure in Tomcat’s server.xml file.

Create a keystore and CSR to get an SSL certificate:

Note: ran this in the home directory of the tomcat user

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore server_name.jks -dname "CN=fqdn-of-server.domain.com,OU=department-value, O=company-name, L=city, ST=state, C=US" && keytool -certreq -alias server -file server_name.csr -keystore server_name.jks && echo Your certificate signing request is in server_name.csr. Your keystore file is server_name.jks. Thanks for using the DigiCert keytool CSR helper.
sudo chown tomcat: server_name.jk

Be sure to update the ownership of the file so that the tomcat user has access.

Once you have your cert…

Import the certificate:

sudo keytool -import -trustcacerts -alias server -file cert-from-CA.p7b -keystore server_name.jks

Update the Tomcat server.xml file:

Updated the existing connector from:
 <Connector port=”8081″ protocol=”HTTP/1.1″
connectionTimeout=”20000″
redirectPort=”8444″ />

to:

<Connector port=”8081″ protocol=”HTTP/1.1″
connectionTimeout=”20000″
redirectPort=”443″ />

Created a new connector for the ssl connection:

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS”
keystoreFile=”/usr/share/tomcat/servername.jks”
keystorePass=”password-value” />

Update the Tomcat web.xml file:

Add the following before the closing </web-app> tag:

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!– auth-constraint goes here if you requre authentication –>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Restart Tomcat and hope for the best 🙂

Last, but not least, here’s the site I used to help generate the CSR: https://www.digicert.com/csr-creation.htm

Advertisement

org.apache.jk.common.ChannelSocket processConnection WARNING: processCallbacks status 2

09 Tuesday Sep 2014

Posted by in Apache Tomcat, Application Servers, Java, Linux / UNIX

Comments Off on org.apache.jk.common.ChannelSocket processConnection WARNING: processCallbacks status 2

Tags

When you run the following error through Google…

org.apache.jk.common.ChannelSocket processConnection
WARNING: processCallbacks status 2

The first result is totally useless, but does point you to the third result, which states…

When using AJP, this problem is caused by a request coming from the httpd (apache) server
to tomcat, but the apache server is stopped from listening for the response from the tomcat
server. Usually this is caused by a user clicking on a new link before tomcat has a chance
to respond (fully), so apache has moved on - but tomcat doesn't know about it.

It can be safely ignored.

IPTABLES to redirect 80 to 8080 for Tomcat

14 Monday Jul 2014

Posted by in Apache Tomcat, Application Servers, Linux / UNIX

Comments Off on IPTABLES to redirect 80 to 8080 for Tomcat

Tags

,

This is partially noted in some earlier posts, but the full detail is missing…

sudo /sbin/iptables -I INPUT 1 -p tcp –dport 8080 -j ACCEPT
sudo /sbin/iptables -I INPUT 1 -p tcp –dport 80 -j ACCEPT
sudo iptables -t nat -A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 8080
sudo service iptables save
sudo service iptables restart

Dump of ~/.histfile while setting up a Tomcat instance

31 Wednesday Oct 2012

Posted by in Apache Tomcat, Application Servers, Linux / UNIX, Networking, Operating Systems

Comments Off on Dump of ~/.histfile while setting up a Tomcat instance

Tags

Just because I keep having to do this over and over again, here’s a cheat sheet for setting up a tomcat instance…

sudo cp apache-tomcat-6.0.35.tar.gz /usr/local
cd /usr/local
sudo tar -xvzf apache-tomcat-6.0.35.tar.gz
ls
sudo ln -s /usr/local/apache-tomcat-6.0.35 /usr/local/tomcat
sudo groupadd tomcat 
sudo useradd -g tomcat -c "Tomcat User" -d /usr/local/tomcat tomcat
sudo passwd tomcat TomTheCat
sudo chown tomcat:tomcat /usr/local/tomcat
sudo chown -R tomcat:tomcat /usr/local/apache-tomcat-6.0.35
sudo mkdir /usr/local/tomcat_ect
sudo chown tomcat:tomcat /usr/local/tomcat_ect
sudo cp -pr /usr/local/tomcat/* /usr/local/tomcat_ect/
cd /usr/local/tomcat_ect
cd conf
sudo nano server.xml
cd /etc
cd init.d
sudo service httpd stop
sudo chkconfig --del httpd
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables-save
ls /etc/init.d/
sudo nano /etc/init.d/iptables
sudo cp tomcat_ect /etc/init.d/
sudo nano /etc/init.d/tomcat_ect
ls -la /etc/init.d
ls -la /etc/init.d/
sudo chkconfig --add tomcat_ect
sudo chkconfig --level 234 tomcat_ect on          
sudo service tomcat_ect start
cd /usr/local/tomcat_ect/conf
sudo nano tomcat-users.xml
sudo service tomcat_ect stop
sudo service tomcat_ect start
cd /usr/local/tomcat_ect/bin
ls
sudo nano catalina.sh
sudo service tomcat_ect stop
sudo service tomcat_ect start

Validate your JAVA_OPT values in a Tomcat instance

04 Thursday Oct 2012

Posted by in Apache Tomcat, Application Servers, Code Samples, Java, Linux / UNIX

Comments Off on Validate your JAVA_OPT values in a Tomcat instance

Tags

,

Short version (to be edited later) add the code after the jump to a JSP page in your Tomcat instance. I just copied index.jsp in the default ROOT application and added some thing like this (thanks http://threebit.net/mail-archive/tomcat-users/msg09868.html)

Continue reading

Configure Apache Tomcat to use Apache httpd web server

30 Monday Jul 2012

Posted by in Apache Tomcat, Apache Web Server, Application Servers, Linux / UNIX, Networking, Operating Systems

Comments Off on Configure Apache Tomcat to use Apache httpd web server

Tags

,

see this: http://fijiaaron.wordpress.com/2008/07/30/configuring-an-apache-virtualhost-to-use-tomcat/

and here’s a sample from my /etc/httpd/conf/vhosts/a-vhost-config.conf:

ProxyRequests Off

AddDefaultCharset Off
Order deny,allow
Allow from all

ProxyPass / ajp://localhost:8019/
ProxyPassReverse / ajp://localhost:8019/

Created /etc/httpd/conf/workers.properties:

# Define 1 real worker using ajp13
worker.list=worker1
# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8019