Hello I have seen a strange behaviour in Apache HTTPD SSL and TomEE (in fact it is a Tomcat so it is exactly the same for Tomcat), I am configuring the typical Apache as frontend and TomEE as backend solution. Currently Apache is configured with SSL and with mod_jk it connects to TomEE using AJP. This works perfectly. The problem is that inside my code I need to get the ssl session id:
String ssl = (String)servletRequest.getAttribute("javax.servlet.request.ssl_session_id");
I don't know why but sometimes this attribute is null and sometimes not. It may return a null at first then stay like 10 requests working and then stop working again during some requests and the get attribute returns null.
It seems that everything is configured correctly since sometimes works. Have you ever found something similar or knows what it can be happening? Do you think that maybe the problem is on client (browser) side?
Everything is dockerized here: https://github.com/lordofthejars/apache-tomee-ssl so you can review configuration files of tomcat and apache or even run it.
Thank you so much for your support.
Related
I researched about any plugin/module WSGI for Oracle WebLogic 12c that allows me run a python flask app, with no success.
The reason for why i need to run from WebLogic 12c, it's because i need to use the SSL certfied living there.
Researching, i found many web server (Apache, Gunicorn, etc) can act as proxy of WebLogic, here is an example, where Nginx receive all the requests with SSL and then passed them to WebLogic:
https://medium.com/#Dracontis/nginx-as-proxy-for-weblogic-with-ssl-c7e1076e2c0c
So, i wonder if there is a manner to invert this order? I mean, WebLogic receive all the requests (safely because of SSL certified) and then pass them to any web server with the WSGI standard.
Thanks in advance.
I didn't find a sort of solution that accomplished the topic above. However, in case someone needs implements this topology here is what i did:
I've installed an Oracle HTTP Server (OHS) and creating a wallet for the SSL certified, in certain way in which the OHS can receive the requests secure, then inside the OHS with specific setting achieve forward the request to the Apache running with the module WSGI.
Backstory: A couple of years ago my group changed the server on which coldfusion runs to Apache instead of IIS. I changed my dev environment to run CF on Apache httpd and everything was fine. Later we changed the session variables to j2ee, but I have never been able to get j2ee to work on dev so I am still using regular session variables on dev. Lately I am getting session persistence failure on test but I can't reproduce on dev. In looking for differences in CF server settings between test and dev I discovered that test is running on Tomcat while dev is running on Apache httpd.
My problem real problem is how to get j2ee session vars to work on dev. My question right now is how do I change my server from Apache httpd to the Tomcat that is built in with CF 10? Is there a way to do this without starting over with a fresh install of CF 10 as those are the only instructions I can find?
System: Windows 7
IIS and Apache are not (for Coldfusion, anyway) application servers. They are your front-end web servers. Your 'application server' in this setup is the software running the "application" of Coldfusion via servlets, and that's Tomcat.
While it is possible to use CF's builtin Tomcat server as your front-end web server, it isn't advisable, and it's almost certainly got nothing to do with your problem. Apache is more than capable of doing what you need and a problem with J2EE session variables is going to be related either to your JVM (are you using more-or-less the same version as your production server?) or to Tomcat itself.
Think about how J2EE sessions work. A request comes in and hits your front-end server (httpd), which, presumabl through mod_proxy or mod_jk, hands that connection over to Tomcat. Until this happens, that your system is even running a JVM isn't relevant -- neither Apache nor IIS care about Java. I wouldn't go so far as to say that it's impossible for an Apache problem to be monkeying with your session variables, but it would be pretty low on my list of suspects.
Once Tomcat (and then CF) get involved, then your JVM is doing all the work, so that's where I'd look. I'd also have a look at CF logs and Tomcat logs.
To properly answer your question, though, if you want to remove Apache from the loop, you're looking at Tomcat's server.xml and web.xml in /cfusion/runtime/conf - you'd need it running on port 80 (or else reconfigure Apache to just pass all requests to Tomcat instead of only CFML, but that doesn't really do what you asked about since Apache is still involved). You'd also have to reproduce your entire Apache configuration in Tomcat, which I've never done and wouldn't recommend, but that's the direction you'd need to investigate.
Much better to work on solving your session problem. Killing Apache is just collateral damage here.
I use mod_spdy to realize SPDY on apache. But I met some problems.
I did every step on ubuntu according to Google's document of installing mod_spdy.And I realized https on Apache. When I checked if mod_spdy has worked, I sent https request to the server, but I donot see server's domain listed in the "SPDY session" table that means the mod_spdy don't work. I also checked Apache server logs, and I didn't find any error message from mod_spdy.
I hope somebody can help me to deal with this problem.
This is my problem:
I have a JBoss server (Running an existing app) and a Apache Tomcat (Running an app created by me) server running on the same server with different ports.
I have two subdomain names which i have routed to the IP of the server.
What i need to do is to bind the subdomain names to the IP, but with different ports.
I saw an easy way to do it with XAMPP and apache, editing the httpd.conf, but i can't find any simular fway to do it with Apache Tomcat or JBoss.
Does anyone have any ideas about this?
I rather have a solution on the question above, but the question below can be accepted as a backup solution:
Since i could not figure that out, i had to at least have a solution to one of the applications (the one running at JBoss).
So i configured JBoss to port 80 instead of 8080.
What happens now if i go to the subdomains is that i get the JBoss welcome window.
How can i change the default JBoss "app" to my app?
Thanks in advance
There's no way to get this:
sub1.domain.com(192.168.0.1) on port 80 --> jboss app
sub2.domain.com(192.168.0.1) on port 80 --> tomcat app
without either adding to or subtracting from your software stack.
Your options are:
use jboss to run your tomcat app
add a reverse-proxy
use an HTTP-aware layer 7 firewall
The first is probably easiest; jboss deploys web applications using tomcat (or, in more recent versions, a fork of tomcat called jbossweb), so you can probably just drop your .war into the deploy directory.
If that's not possible for some reason, I'd use a reverse-proxy. Apache HTTPD with mod_proxy or mod_jk is fairly common. If you go the mod_jk route and you have non-trivial load, I'd review this.
The last I'm not familiar with. I imagine that the spendy Cisco firewalls can do this, and I'm sure it's possible to hack iptables to do it too, but my google-fu failed to find specifics.
Recently our Software Analytic provider (NETTRACKER) sent us a plugin in order to be able to capture visitors in a better way. This plugin is for Apache 1.x and Apache 2.x. They said and I quote
that since Apache Tomcat is built on Apache HTTP server the configuration of the plugin should be the same.
I have looked for a httpd.conf in our tomcat deployment but we cannot find one, the only configuration that is similar to that one is the server.xml under the /conf directory.
If someone has better information regarding these two incredible products (Apache HTTP server and Apache Tomcat) I will greatly appreciate to draw the differences.
EDIT:
In case you are curious we know that Apache Web Server and Tomcat can work together using the mod_jk option and other proxys. But this will be too complex for our deployment.
Apache Tomcat and Apache HTTP are completely different server technologies. It is impossible to use a plugin for Apache HTTP server with Tomcat.
Apache HTTP server is developed in C and so are the plug-ins. On the contrary Tomcat is now completely developed in Java. Tomcat doesn't only serve static content, but it can also serve JSP pages and servlets.
Tomcat is used for hosting Java Web Applications. It can sure serve static content - you can host a web application using only Tomcat. Secure connections are supported and the performance is also very good (comparable with the performance of HTTP server).
A plain installation of Apache serves static content. Using the appropriate plug-ins, HTTP requests can be redirected to an application server (Tomcat, JBoss, Glassfish) or a script language interpreter (PHP). With this way dynamic content can be generated. The big advantages of Apache are the numerous plug-ins available, which allows administrators to configure and monitor web sites any way they want and that is the most widespread server available. This makes it the most secure solution, since it is thoroughly tested and any discovered flaw is corrected very quickly.
The best solution would be to use Tomcat proxied by an Apache server. It isn't so difficult to set up. If you can't do this, then you can't take advantage of Apache's plug-ins.
You see this confusion all the time. Many people think that Apache is a web server where in reality it is the name of an organization that has a web server project called "The Apache HTTP Server Project". In short the web server is called HTTPD (D as in daemon or Unix process).
Tomcat is another Apache project. This project implements a Java servlet engine to serve JSP pages and servlets. Tomcat and HTTPD have nothing to do with each other. However, you can set up HTTPD and Tomcat so that they work together. This way you can have HTTPD serve all static content, do URL rewriting and much more fancy stuff that the built in Tomcat web server can't do (or can't do very well). Whenever a JSP page is requested, HTTPD will pass the request on to Tomcat. Tomcat will process the request and will hand the output back to HTTPD which in turn will send it to the client.
Apache has many interesting projects. E.g. there is also a project called Geronimo which is a Java Enterprise server (J2EE). You can e.g. choose to embed Tomcat inside Geronimo to handle requests for JSP's and servlets where Geronimo does the more enterprisy stuff (LDAP, Messaging etc.). And you guessed it probably already, you can use HTTPD as a static content server for Geronimo as well.
totally bogus. Apache httpd plugins are written in C, Tomcat is pure Java.
Tomcat is a Java servlet engine. It can be hosted under Apache or IIS or quite a number of other external facing web servers. It sounds like you may be currently running your Tomcat instance standalone...
If you serve the JSP/servlets off of port 8080 and have it do things standalone, on the same host machine that Apache is running on, this can allow you to have them loosely coupled. Having multiple web servers fielding independent requests is not recommended, especially if you want to use server-based authentication along with Apache. Typically, you have one outside facing server that shepherds everything through it... Apache does this quite well, and the plugin you mention probably relies on this type of setup (everything gets wired through Apache) for its features/capabilities, based on your brief description of it.
If you would like to serve up your Tomcat servlets under Apache, you could configure apache to forward a class of URIs to your tomcat server instances. you could achieve this type of forwarding through mod_rewrite. this is a slower option performance-wise, as it adds slight overhead on everything you server up. You could also proxy incoming requests via a CGI mechanism similarly, from Apache to Tomcat.
mod_jk will simplify deployment and increase performance for placing Tomcat into an Apache server config. It is pretty painless to configure if you follow the docs, so I am not sure what you mean by "too complex" for your deployment -- if you want Apache and have Tomcat already, it would seem only a matter of slight config changes to get mod_jk downloaded and installed.