(Tomcat Apache configurations)can't see Tomcat Apache landing page - apache

Actually, I'm new to Linux and its configurations. I just installed Tomcat Apache 7.0.52 on my debian linux. I entered IP192.168.56.10, the server ip, but it shows it works! page which means the older version of apache server:Apache/2.2.16 (Debian) is running, not tomcat, the correct page should contain tomcat's logo. Is there any configurations I missed?

Check the server.xml. Tomcat's port is normally 8080, if you have not changed it. So please try the IP with the port: 192.168.56.10:8080
This defines the port, where the server listens:
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />

Related

Can't sign in to the Apache Tomcat Version 8.5.75

I have previously installed some older Apache Tomcat. I have already removed they completely(how to remove it) and reinstall the Apache Tomcat 8.5 . Now when I try to type http://localhost:8080/ and try to log in , It doesn't give me to login even I give the correct username and password.
this is my 'tomcat-users.xml'
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<user username="admin" password="admin" roles="manager-gui" />
LogIn image help me to fix it
I changed port number from 8080 t0 8081 and it worked. Go to apache tomcat installation directory and find conf directory in my pc it is
C:\Program Files\Apache Software Foundation\Tomcat 10.0\conf
Now open the server.xml and change the port number to 8081 and save.
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
Now restart the apache tomcat server.

Tomcat won't point to new port after changing in server.xml

Changed the port from 8080 to 9090. But still it pointing to 8080
<Connector port="9090" address="0.0.0.0" protocol="HTTP/1.1"
connectionTimeout="20000" redirectPort="8443">
</Connector>
Browser
Found my problem. I was referring to wrong folder("C:\tomcat-8.5.24\conf") instead of "C:\Program Files\Apache Software Foundation\Tomcat 8.5\conf"
OpenKM installed Tomcat in "C:\tomcat-8.5.24". So when I tried to access http:localhost:8080/OpenKM, it was saying someone is already using port 8080.
So I was making changes to "C:\tomcat-8.5.24\conf\server.xml" and restarting Tomcat service instead of OpenKM service.

AWS load balancer always routes 443 to 8443

I am serving up content on an ec2 instance running tomcat 7. I have all traffic routing in the tomcat config to 8443 and a valid cert installed. When i explicitly put https://website.com:443 the site loads fine, but when i put in http://website.com it should route to the https with port 443, but it uses the port 8443 instead. Anyone have any idea why this would be happening? I have the exact same config working on another server but i have two new servers that dont want to behave.
in my tomcat server.xml i have:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
keystoreFile="conf/cert.p12"
keystorePass="password"
keystoreType="PKCS12" />
and in web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Found an answer to this, turns out i had to route all traffic over TCP from 8443 to 8443. The client was requesting port 80, routing to 8080 per my load balancer config for tomcat to serve up content, tomcat was turning the request into requesting port 8443.
8443 wasnt being routed back to 8443 on the tomcat server so it just ended up in a dead end. hope this helps someone else someday.
Tomcat sends a redirect when using a transport-guarantee of CONFIDENTIAL
By default this is your connector port. Run a curl -vs http://website.com to confirm.
You could set the http/8080 connectors redirectPort to 443 but this means you are choosing ELB redirects to work. Local Tomcat redirects will then start failing as nothing listens locally on 443, just the ELB does.

WebSockets through Apache and Tomcat: HTTP upgrade is not supported by the AJP protocol

I am developing with WebSockets, and made a working web application running on Tomcat 8. However, when testing with Apache 2 in front of it, the client is getting an HTTP 500 and the Tomcat log says:
java.lang.UnsupportedOperationException: HTTP upgrade is not supported by the AJP protocol
at org.apache.coyote.ajp.AbstractAjpProcessor.action(AbstractAjpProcessor.java:587)
at org.apache.coyote.Request.action(Request.java:379)
at org.apache.catalina.connector.Request.upgrade(Request.java:1886)
at org.apache.catalina.connector.RequestFacade.upgrade(RequestFacade.java:1114)
at org.apache.tomcat.websocket.server.UpgradeUtil.doUpgrade(UpgradeUtil.java:231)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:77)
This worked when accessing Tomcat directly through its HTTP connector. If this is not supported with AJP, is there a workaround?
Use Apache module mod_proxy_wstunnel:
sudo a2enmod mod_proxy_wstunnel
Then use it to let WebSocket connections through by adding this to apache.conf:
ProxyPass "/ws2/" "ws://localhost:8180/ws"
And make sure you have enabled an HTTP connector in Tomcat by using <Connector protocol="HTTP/1.1" port="8180" ...> in server.xml.

Limiting Tomcat http connector to Apache server

I am using Apache 2.4 in front of Tomcat 7. I am trying to use web-sockets so I have configured http based connector in tomcat as below
<Connector port="8009"
protocol="HTTP/1.1"
proxyPort="80"
maxPostSize="10485760"
redirectPort="8443"
URIEncoding="UTF-8"/>
I have configured mod_proxy and mod_proxy_wstunnel and mod_proxy_http in Apache 2.4 Web-socket connections works fine when accessed App via "http://webserver/myapp".
However app can also be accessed via http://webserver:8009/myapp.
I want my app to be accessible only via Apache webserver (http://webserver/myapp) and NOT directly using tomcat(http://webserver:8009/myapp). I cannot use AJP modules (mod_proxy_ajp or mod_jk) because AJP modules doesn't support web-sockets.
Is there a way I can limit tomcat Connector to Apache webserver only.
You can use this.
<Context path="/manager" docBase="manager" reloadable="true" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteIpValve"/>
<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="<your IP regex>"/>
</Context>
Change appropriate valve in Context Path, docbase and IP Address. This would at least restrict to localhost.
Other way is to listen tomcat only on localhost with help of below code.
<Connector port="8009" address="127.0.0.1"
Use a firewall on your server. This way you not only make tomcat unavailable, but also any other process that happens to open a port on that machine.
Whitelist the ports that you want to be available to the world and default to blocking every other port.