Forgive me if this question has been asked before, but searching for this issue hasn't turned up anything I can use. Most of the discussions are about enabling the port while I want to be able to disable it.
I have several legacy servers that are running Linux RHE 7 with Apache Mule 3.8 installed. Security insists that port 1099 be closed, which I gather is used by JMX. 3.8 is actually out of support now, but we still have it running on a number servers and they are reluctant to upgrade since they would have to make many changes to their own software.
Any suggestions would be appreciated.
PS. I don't actually work with Mule normally so my knowledge of it is limited to what I have picked up from having to upgrade the servers from time to time.
What I have found from searching around is that you can disable this in 3.9, with the following.
wrapper.java.additional.15=Xnoagent
wrapper.java.additional.16=-Dmule.agent.enabled=false
And this works fine on Mule 3.9 instances we have installed. However this doesn't work on Mule 3.8. I have tried a few other variations on this but nothing has worked yet.
That's not accurate. Mule doesn't activate port 1099 nor JMX by default. The configuration you mentioned works for all Mule 3.x releases. However it is for the Mule Management Console agent. Unless it's port has been set to something different in the file wrapper.conf the default port it uses is 7777. If it was changed to something else it should be in the wrapper.conf file.
If the port 1099 is actually used for JMX it has been configured in wrapper.conf using Java arguments. Review that file to find if there are any such Java parameters in there.
Another alternative is that some application is actually opening that port for something, like listening to inbound HTTP request. You would need to review each Mule application deployed in that Mule 3.8 server to understand that.
Related
Backstory: A couple of years ago my group changed the server on which coldfusion runs to Apache instead of IIS. I changed my dev environment to run CF on Apache httpd and everything was fine. Later we changed the session variables to j2ee, but I have never been able to get j2ee to work on dev so I am still using regular session variables on dev. Lately I am getting session persistence failure on test but I can't reproduce on dev. In looking for differences in CF server settings between test and dev I discovered that test is running on Tomcat while dev is running on Apache httpd.
My problem real problem is how to get j2ee session vars to work on dev. My question right now is how do I change my server from Apache httpd to the Tomcat that is built in with CF 10? Is there a way to do this without starting over with a fresh install of CF 10 as those are the only instructions I can find?
System: Windows 7
IIS and Apache are not (for Coldfusion, anyway) application servers. They are your front-end web servers. Your 'application server' in this setup is the software running the "application" of Coldfusion via servlets, and that's Tomcat.
While it is possible to use CF's builtin Tomcat server as your front-end web server, it isn't advisable, and it's almost certainly got nothing to do with your problem. Apache is more than capable of doing what you need and a problem with J2EE session variables is going to be related either to your JVM (are you using more-or-less the same version as your production server?) or to Tomcat itself.
Think about how J2EE sessions work. A request comes in and hits your front-end server (httpd), which, presumabl through mod_proxy or mod_jk, hands that connection over to Tomcat. Until this happens, that your system is even running a JVM isn't relevant -- neither Apache nor IIS care about Java. I wouldn't go so far as to say that it's impossible for an Apache problem to be monkeying with your session variables, but it would be pretty low on my list of suspects.
Once Tomcat (and then CF) get involved, then your JVM is doing all the work, so that's where I'd look. I'd also have a look at CF logs and Tomcat logs.
To properly answer your question, though, if you want to remove Apache from the loop, you're looking at Tomcat's server.xml and web.xml in /cfusion/runtime/conf - you'd need it running on port 80 (or else reconfigure Apache to just pass all requests to Tomcat instead of only CFML, but that doesn't really do what you asked about since Apache is still involved). You'd also have to reproduce your entire Apache configuration in Tomcat, which I've never done and wouldn't recommend, but that's the direction you'd need to investigate.
Much better to work on solving your session problem. Killing Apache is just collateral damage here.
I am trying to configure a HTTPS Outbound connector that uses TLS v1.1 or v1.2. Not sure how to achieve that. I am running Mule Studio plugin within STS. Mule runtime is 3.6.2 EE.
I tried putting the tls-default.conf in resources folder, but get exception saying something like "Unsupported Cipher".
I have debug enabled and can see that the Handshake is using TLS V1
How can I make it use TLS v1.1 or v1.2?
You need to configure it at the connector level:
<https:connector name="https">
<spring:property name="sslType" value="TLSv1.2" />
</https:connector>
And reference the connector from you http outbound endpoint using connector-ref
Already answered in https://forums.mulesoft.com/questions/41012/getting-error-when-hitting-a-rest-api-via-https.html#answer-43960
Below is the answer I posted.
I resolved it in my system.
When it is not working in the Runtime that is attached in the Anypoint
studio then follow the below steps.
Navigate to the Anypoint studio installation directory
Search for "tls-default.conf" in the folder. This will show you all the files for all the Runtimes that you have installed.
there will be a property "enabledProtocols" make sure that it contains the TLSv1 in it as below
enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
This above should apply to Cloud hub (Most of the times it is already
enabled) or on-premise systems.
It seems you might be affected by this issue. To check this, you can try using 3.6.4 EE which has the fix. You could also try using the HTTP module instead of the transport which is not affected by the issue.
Keep in mind that Studio had a bug where they launched the runtime without taking the tls-default.conf into account, so you will need to add the file in Studio to verify it there.
Another workaround could be adding the following system property -Dhttps.protocols=TLSv1.1,TLSv1.2. Both this and the tls configuration edit will affect all connections in a runtime.
I want to write a small back-end REST server using Play! Framework 2.1.3. This server will only serve WS requests, and all communication to it must be made over SSL. For this reason, I don't want to have an HTTP port open for this server at all.
I've seen this question regarding SSL on various Play! branches, and according to the linked discussion, the only way to open SSL port (which worked for me) is to add JAVA_OPTS before running the server, like so:
JAVA_OPTS=-Dhttps.port=9443 play run
This setting opens both HTTP and HTTPS ports for communication.
My questions are:
Is it possible to open the server only for SSL communication? How?
Is there a configuration file where I put this setting?
Thanks!
This is super easy with Play 2.2, not sure it works on 2.1.3, I didn't see it in the 2.1.x docs...but was in the 2.2.x docs...so give it a shot, it might be implemented.
Throw this in your configuration file :
http.port=disabled
Or you could run it with the command line option :
-Dhttp.port=disabled
http://www.playframework.com/documentation/2.2.x/ConfiguringHttps
I have installed YouTrack as a windows service, on the same box as TeamCity. TeamCity works fine, but the YouTrack windows service stops as soon as it is started.
Can anyone point me towards log files for youTrack, or has anyone expreienced this before? I have been unable to find anything on google.
I set up YouTrack using this article:
http://blog.endjin.com/2010/11/a-step-by-step-guide-to-hosting-youtrack-in-iis-7/
though I have not even got to the IIS part. I have tried both the stable release and the latest EAP build.
Thanks in advance
Most likely the port you've chosen is already used by some other application, check YouTrack logs for more details, they are located under the installation directory, for example:
c:\Program Files (x86)\YouTrack\logs
Note that if you run TeamCity on the same machine, at least one more port (except the default HTTP port) could conflict, edit conf\server.xml:
<Server port="8005" shutdown="SHUTDOWN">
TeamCity Tomcat is most likely using the same shutdown port, so you need to change it. Change other conflicting ports if you find them reported in the logs.
We are running Weblogic 7sp6. We have a working single node cluster with an Admin and two Managed servers. We are re-creating a 2nd standalone cluster on a 2nd server. We reinstalled Weblogic and have copied over all the configuration files to make thing. Its the same on both clusters. We changed all the references to IP and hostnames. We have used this method before without problems.
In the current case I can startup the Admin which listens on port 7001,7002. But when I try and startup either of the Managed servers it tells me that myserver1/2 is already up. (Managed Servers). I confirmed that myserver is configured to use port 7012,7013 and I cannot find any port conflicts especially because these exact ports worked on the first cluster. Any ideas of what else to look at? I have logged in the admin console and can see the ports are all unique. Thanks
The current version of WebLogic is 10.3. I'd strongly urge you to upgrade your WebLogic as soon as possible, especially if you're still using the version of JDK that it was certified for. If you're running JDK 1.4, you're crazy.