I'm trying to create windows service for glassfish and I've had no problems creating one for the default domain, but when it comes to a domain I created my self, I seem to struggle.
the command I'm using is:
asadmin>create-service --domaindir C:\Program Files\glassfish-4.1.1\glassfish\domains\testdomain
I only get a filenotfound exception. I don't seem to understand glassfish's directory for its domains
aside from this, one of my other problems in the service I created for the default domain is that everytime I try to start it, it just stops immediately
The domain1 GlassFish Server on Local Computer started and then stopped. Some services stop automatically...
it gives me that kind of popup
The --domaindir option should point to the directory where all your domain directories are located, not the actual domain directory itself.
You also need to specify the name of the domain you want to create a service with.
In practice, this means you simply need to replace the final backslash in the command above with a space, like so:
asadmin> create-service --domaindir C:\Program Files\glassfish-4.1.1\glassfish\domains testdomain
It's a slightly confusingly named option (--domainsdir may have been a better name), but it effectively gives you the option of storing all of your user configuration away from the GlassFish binaries.
The path you've supplied in your example is actually the default directory, so doesn't need to be specified, you should just be able to name the domain you want to create a service from and GlassFish will automatically look in that directory to check if a domain is there, as follows:
asadmin> create-service testdomain
Related
I am running into some sort of issue when trying to access my local website:
Forbidden
You don't have permission to access /index.html on this server.
Apache Server at ffghost.local Port 34580
I'm using macOS X Server 5.2 with Apache 2.4.18. OS X Server automatically creates two default websites (one on port 80 and one on port 443). I created a new website. It was my understanding that Apache would redirect from the default site to the created site automatically once created. This didn't happen. So, in an attempt to begin de-conflicting I replaced the files where the default site was located with the new website files and all of the sudden am getting the above 404 message.
I have read a lot of possibilities as to why this may be happening. I've run a syntax checker for Apache in terminal and terminal says syntax is ok. So from there I was going to check into the config files, but there are several, and I just want to know the gist behind them.
There seem to be about 4 file extension types. I don't know what they all mean or if they are active.
.config (I'm assuming this is the active file)
.config.prev (I'm assuming this is a previous version or copy of an active config file and is no longer active)
.config.orig (original file? and is no longer active)
.config.default (???)
Also, OS X Server and Apache seem to have the same files in two different places and I'm a little confused on which one to change. If I change one of them will it be reflected in the other? Do I need to change both of them? Additionally, I don't have DNS set up and am unsure if that was the original issue of not pulling up the new website over the default site.
You are mixing several aspects in your question which makes it complicated to give a helpful answer. For example, you say you get Forbidden when accessing your site, but later you mention a status 404. The former might be due to configuring a user group being allowed to access the site, while the latter just means Not found.
As to your actual question about the config files:
The file just ending in .conf is the one that is being used.
However, the Server app uses a lot of of different config files which might be relevant:
Path /Library/Server/Web/Config/apache2 contains the general config files
httpd.conf - general Apache configuration
httpd_server_app.conf - more general configuration
the other files contain configurations for specific applications or webapps (the latter being defined in plist files in /Library/Server/Web/Config/apache2/webapps)
Path /Library/Server/Web/Config/apache2/sites contains config files specific to your websites. They are named something like 0000_127.0.0.1_34543_your.domain.name.conf where 34543 is the configuration for the https (SSL) port, while 35480 would indicate the http port. There is also a file like 0000_127.0.0.1_34543_.conf (no domain name in the file name) which defines the default site.
In addition to these, there are two more configuration file in /Library/Server/Web/Config/proxy which configure the proxy services.
It is not recommended to manually adjust the config files, except for those in the sites subdirectory, because they may get overwritten by the Server app or when updating the Server app.
Important: If you change the files manually, you must re-start the Apache server in order to make the changes effective. Use sudo serveradmin stop/start web to do so.
However, I do not know of a detailed documentation of of all these files, so I try to stay on the safe side and possibly not edit the general config files (only those in sites). I also recommend to write down any manual changes, so they can be reapplied if necessary.
Without exactly knowing what you configured in the Server app and which files you changed how, I'm afraid it is impossible to say what might have gone wrong. I recommend to start all over by removing and re-adding the web sites.
We are using Apache Tomcat 7 for my web applications and we have decided to go on production stage.
So now is the time to think about how to secure the Tomcat and the machine. After reading "Apache tomcat security considerations" we decided to go on run tomcat process on dedicated user with minimum scenario.
From what I understand the best option is to configure it in a way that the running tomcat process has only read privilege to all the tomcat files.
I figured I would do it in this way:
I would create 2 users:
-tomcat_process - only for running tomcat
-admin - this is the one all the files belong to
tomcat_process will have access to conf directory, and also will be able to run scripts from tomcat/bin/
My main problem is that Tomcat needs to write to some files in $CATALINA_HOME/$CATALINA_BASE. I know I can change the location of logs and work directory and I thought I would point them to tomcat_process home dir (is this even a good idea?).
But I can't find any information if I can change the path to /conf/Catalina dir. Is it possible?
I would like to avoid adding write access to conf directory, as the whole configurations sits in there.
Or do you think that I should live those directories where their are and just add write privileges to them for tomcat_process?
I was wondering if you could please tell me if this is a correct approach or can I do it better?
I'm so confused with all those security guides which are telling me to restrict privileges but not telling how to do it :(
Keeping it simple I think is the key:
Create a new tomcat for each (set of) web application(s) with their own user.
Limit the tomcat resources to only the tomcat user. In linux you can use the chmod/chown command for this.
Place the tomcat behind a reverse proxy: Internet (https) <- external Firewall -> Apache Reverse Proxy <- Internal Firewall (block all unless whitelisted) --> Tomcat
Delete all standard webapps 'manager', 'root', 'docs'
Disable the shutdown command in server.xml
As for java web applications try to contain them in their own sandbox, meaning own database, own users.
To safe maintenance effort, you could run multiple instances using one tomcat binary and a single tomcat user.
http://www.openlogic.com/wazi/bid/188102/How-to-Run-Multiple-Instances-of-Tomcat-on-a-Single-Server
I am running Python under WSGI on an Apache server using CentOS 6. The python script uses a wrapper for the NCAR library called PyNGL. The purpose of this library is to generate graphics from supplied data.
I am attempting to use my python script as a web service by hooking it up to web.py, but it has an entry point for direct execution as well.
Here is the weird thing:
When I run the script directly it works as intended and produces an output image in the directory of the script. However, when I attempt to invoke it through the web.py controller (with the exact same parameters) it fails.
My apache error log contains this:
warning:GKS:GCLRWK: -- cairo driver error: error opening output file
I'm guessing that this is probably a permissions problem, but I haven't the slightest idea where its trying to output.
Edit: I think I have confirmed that it is indeed a permissions error.
I attempted to create file using relative paths and got a similar error:
<type 'exceptions.IOError'> at /plot
[Errno 13] Permission denied: 'Output.txt'
This error refers to this line here:
with open("Output.txt", "w") as text_file:
text_file.write(str(self.__dict__))
Now of course I can specify an absolute path for that text file, but not for the graphical output from PyNGL. Is there a way to determine where it is trying to output, or to change the default output directory?
Usually your application would be running with the current working directory as '/'. The Apache user will not be able to write to that directory.
In any web application you should in general never rely on it being run in a specific directory as different web servers behave differently as to what the current working directory would be. If you assume it always runs in a specific directory, your application would be inherently unportable. Changing the working directory of an application to get around this is also in general bad practice because in a hosting mechanism that allows multiple application to run in the same process, they would all interfere with each other if they each tried to set their own working directory.
What you should do is always use absolute paths when reading and write files and not use relative paths. Why do you say you can't use absolute paths?
Also be aware that your application will run as a special user which would not have access to directories to create files. You would therefore need to open up access to the Apache user. Best practice would be to limit though what the Apache user can write to.
Now since you are using mod_wsgi, one viable option is to make sure you are using mod_wsgi daemon mode and when using the WSGIDaemonProcess directive set the 'home' option to override the current working directory for the single WSGI application delegated to that process. You can also set 'user' and 'group' options to have the process run as a different user that does have access to the directory.
I am currently setting up a new dev environment, and have come to the final stage where I am trying to run a build.
However, one of the ANT targets is trying to create a directory, which is currently set to "C:\workspace\domains\Online" however for security reasons (they say anyway...) we do not have full access to the C: drive, so I have my domain setup in an alternate location. Where is this Domain Home/Root variable kept?
Well in my own domain there is in file <domain>/bin/setDomainEnv.bat the following line:
set DOMAIN_HOME=D:\Oracle\Middleware\user_projects\domains\domain_name
However since you are using some Ant build file to create your domain, maybe something is hardcoded in them or is one of the properties passed to this file.
An ANT build file that had been supplied by somebody else had been hardcoded! Not sure why they couldn't follow the convention! It just so happened that the location that had been hardcoded was the same as my old workspace, thus the confusion.
Thanks all.
I developed a website and got a Tomcat account on Dailyrazor. My website runs fine when I start Tomcat from the command line and stick my war file in Apache's webapps folder. I access it by http://localhost:8080/dkashtanartportfolio/.
Now should it be as easy as dropping the war in my webapps folder on my DailyRazor Tomcat server? I expect to be able to access my website via http://www.<domain-name>.com/<war-file-name>/, which should look like http://www.dkartportfolio.com/dkashtanartportfolio/
I get a 404 error and I do not know why? Can anybody help?
Some of the DailyRazor accounts don't allow automatic deploy. So after uploading war you need to restart Tomcat. I use shell to execute tomcat_manage stop, followed by tomcat_manage start.
You may also be able to request restart by opening a help ticket.
For some reason, my accounts expect war's to be in public_html and not webapps. I have an old account so they may have changed the way new accounts work.
You need to look carefully into tomcat/conf/server.xml and make sure that you've specified correct path to app folder. Also you need to keep in mind that if you have shared tomcat you need to unpack your war file before requesting tomcat restart - it won't unpack automatically.