I installed Tomcat 6 in Windows Server 2008.
From the time it was installed in 2012, there have been 9 times where Tomcat services was stopped unexpectedly. All of the times happened after 3 log messages/entries, for example:
Jul 17, 2015 10:08:39 AM org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message recieved with signature 18245
Jul 17, 2015 10:08:44 AM org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message recieved with signature 18245
Jul 17, 2015 10:09:51 AM org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message recieved with signature 18245
Here is what I have in the server.xml:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
The old thread Ajp invalid message received with signature provided some suggestions but I am not sure it is applicable for me as the old thread did not mention that Tomcat service was stopped then.
Do you know if the existence of the AJP connector in the server.xml might cause the invalid message and then Tomcat is stopped? Or the Tomcat crash issues come from another reason?
I found the soluction below in Ajp invalid message received with signature
Default:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
Custom:
<Connector port="8009" protocol="HTTP/1.1" redirectPort="8443"/>
Not working. Any soluction different?
Related
I am trying to configure ssl into my web app. Generated the .jks file from .cer file using java keytool and configured it in server.xml
But Tomcat refuses to start in port 443 or port 8443 after this configuration.
server.xml
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" connectionTimeout="20000" SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="/home/file.jks" keystorePass="****" />
and
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" connectionTimeout="20000" SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="/home/file.jks" keystorePass="****" />
URL used in browser:
https://10.111.77.66/MY-APP
and https://10.111.77.66:8443/MY-APP
Both URL not working.
Error message in Browser:
This site can’t provide a secure connection
10.111.77.66 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Before SSL configuration, Application was running fine in port 8082. ( http://10.111.77.66:8082/MY-APP )
What is wrong here? Stuck up badly. Please help.
Server is Linux.
Tomcat Logs:
java.net.SocketException: Permission denied
at java.base/sun.nio.ch.Net.bind0(Native Method)
at java.base/sun.nio.ch.Net.bind(Net.java:455)
at java.base/sun.nio.ch.Net.bind(Net.java:447)
org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
Hello I am trying to deploy my app on a remote tomcat server (8.5.30). In order for my app to run I need to add these lines on /conf/server.xml
<Connector SSLEnabled="true"
clientAuth="false" keystoreFile="blc-example.keystore" keystorePass="xx"
keyPass="xx" maxThreads="150"
scheme="https" secure="true" sslProtocol="TLS" />
This works perfectly fine on my local machine. However on the remote server for some reason I am getting this error on the startup
02-Jan-2019 16:19:37.783 SEVERE [main] org.apache.catalina.core.StandardService.startInternal Failed to start connector [Connector[HTTP/1.1-auto-1]]
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-auto-1]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:440)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:793)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.startup.Catalina.start(Catalina.java:681)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:353)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:493)
Caused by: org.apache.catalina.LifecycleException: The connector cannot start since the specified port value of [-1] is invalid
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1011)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 11 more
I am pretty sure that tomcat can see the keystoreFile because otherwise I am getting a file not found error.
All the settings are the same with my local machine so it is highly confusing to me why this is happening. Any tips?
Set a port on your connector, it does say in the error it is defaulting to an invalid port with none present:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
clientAuth="false" keystoreFile="blc-example.keystore" keystorePass="xx"
keyPass="xx" maxThreads="150"
scheme="https" secure="true" sslProtocol="TLS" />
That's because of the missing port in your connector configuration.
When you don't set a port in Connector, tomcat will choose a random port from available free ports in the system.
As in your case, there might be a restriction (due to security reasons) on your remote server for the tomcat to use a random available port, that's why it's automatically defaulting to -1, which is an invalid port. And it's working locally because there are no restrictions regarding random ports on your local machine.
So, in your config, you should explicitly set the port permitted by your server platform.
Problem summary:
I am trying to run symmetric ds on tomcat with ssl. Setup details
1). MasterNode M1: running on tomcat.
2). Cleint node C1: running on tomcat.
I am able to run symmetricds on tomcat without ssl. This setup works fine all sync happens.
Now when I am trying to run tomcat with following setting for ssl, it gives bad_certificate error on client node:
connection setting on Master node:
<Connector SSLEnabled="true" acceptCount="10"
algorithm="PKIX" allowTrace="false"
ciphers=""
clientAuth="true"
enableLookups="true"
keystoreFile="/root/symmetric-server-3.8.28/security/keystore.p12"
keystorePass="changeit#1"
keystoreType="pkcs12"
port="31415"
redirectPort="-1"
scheme="https"
secure="true"
sslEnabledProtocols="TLSv1.2"
sslProtocol="TLSv1.2"
truststoreFile="/root/symmetric-server-3.8.28/security/keystore.p12"
truststorePass="changeit#1"
truststoreType="pkcs12"/>
connector setting on Client node:
<Connector SSLEnabled="true" acceptCount="10"
algorithm="PKIX" allowTrace="false"
ciphers=""
clientAuth="true"
enableLookups="true"
keystoreFile="/root/symmetric-server-3.8.28/security/keystore2.p12"
keystorePass="changeit#1"
keystoreType="pkcs12"
port="31415"
redirectPort="-1"
scheme="https"
secure="true"
sslEnabledProtocols="TLSv1.2"
sslProtocol="TLSv1.2"
truststoreFile="/root/symmetric-server-3.8.28/security/keystore2.p12"
truststorePass="changeit#1"
truststoreType="pkcs12"/>
Note: If I run Master node tomcat with clientAuth=false then everything works fine. On further debugging I found that client is not providing its certificate during TLS handshake. Following is error: Experts please help what config I need to do so that client provide certificate:
Error:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
Upgrade to SymmetricDS 3.8.31. There was an issue that was fixed that allows for client TLS authentication now:
http://www.symmetricds.org/issues/view.php?id=2886
I have 2 different java applications running in two Tomcat instances (Ubuntu OS, Tomcat 7.0.57). For my Tomcat configuration, I follow instructions provided by this video, but as far as I saw, it is a very standard way to do it.
Running each application separately is working fine, but as soon as I try to run both at same time, the first started one becomes unavailable (HTTP 503 error). Tomcat instance logs do not provide any information about any kind of shutdown, keeping the last "INFO: Server startup in xxx ms". It seems the first tomcat process is simply killed. If I re-start that first application, then the same scenario applies to the second app.
All troubleshooting information I could find talk about port issues. I double checked my port numbers, they are different:
app-1: conf/server.xml:
<Server port="8105" shutdown="SHUTDOWN">
<Connector port="8180" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8143" />
<Connector port="8109" protocol="AJP/1.3" redirectPort="8143" />
...
</Server>
app-2: conf/server.xml:
<Server port="8205" shutdown="SHUTDOWN">
<Connector port="8280" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8243" />
<Connector port="8209" protocol="AJP/1.3" redirectPort="8243" />
...
</Server>
app1.sh
export CATALINA_HOME=/home/tomcat/apache-tomcat-7
export CATALINA_BASE=/home/tomcat/app-1
cd $CATALINA_HOME/bin
./startup.sh
app2.sh
export CATALINA_HOME=/home/tomcat/apache-tomcat-7
export CATALINA_BASE=/home/tomcat/app-2
cd $CATALINA_HOME/bin
./startup.sh
Any idea on what can happen, or how I can get any logs to dig this?
My server was hosted on a EC2 t1.micro instance, with 600MB memory.
I finally decide to update it to an instance with more memory and the problem disappear.
24-Oct-2013 21:53:05.288 INFO [http-apr-8443-exec-3] org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
24-Oct-2013 21:53:05.288 INFO [http-apr-8443-exec-4] org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
I am getting the above error when using HTTPS configuration in Tomcat 8.0 0r Tomcat 7.
Please help. My tomcat HTTPS configuration goes like this.....
<Connector
className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443"
enableLookups="false"
acceptCount="10"
connectionTimeout="60000"
scheme="https" secure="true" >
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS"
keystoreFile="D:\Samplekey.key" keystorePass="PASSWORD" />
</Connector>
Your configuration is from Tomcat 4 but the error message has to be from at least Tomcat 7. The chances of Tomcat 4 SSL configuration working in Tomcat 7 are zero. Follow the Tomcat docs and correctly configure SSL for which ever version of Tomcat you are using.