How can I display the value of maxPostSize from the server.xml of an apache tomcat 7 on my jsp page? By the way is there any solution to display the whole configuration?
I need to know if the multipart request overwrites the tomcat configuration in server.xml. That doesn't seem alright, but I think that's the truth.
java
MultipartRequest multi = new MultipartRequest(request, path, 5*1024*1024);
server.xml
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443" maxPostSize="1048576" />
Maybe you use a easy js xml plugin to display the whole xml.
http://www.levmuchnik.net/Content/ProgrammingTips/WEB/XMLDisplay/DisplayXMLFileWithJavascript.html#Usage
Jep, I found out that the multipart request overrides the tomcat configuration. So I can easily set the max upload file size in the constructor of the multipart request.
Related
Currently, the server at work is underperforming and the way it's set up is not ideal either. For this reason I'm trying to find a new way to do things that will hopefully help with both, performance and deployment.
The approach I decided for is to have tomcat instances for our webapps (currently there are two, so it'd be an instance per webapp) and use Apache as a "front". I'm not experienced in this, so It's normal I'm having issues here and there, but so far I've manage to get this going.
What I expect is to redirect from mysite.com index page to either mysite.com/service1 or mysite.com/service2. Service1 was setup in out test server at port 8080 and service2 at 8081. I installed Apache2 and mod_jk yesterday and set up apache with the contents of mysite.com. Today I started the configurations, that ended up as follow:
workers.properties
worker.list=s1
worker.s1.type=ajp13
worker.s1.port=8009
#host is localhost by default according to the documentation
jk.load
LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so
JkWorkersFile /etc/apache2/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel debug
JkMount /service1/* s1
Service1's server.xml connector (The rest is all default)
<Connector protocol="AJP/1.3" port="8009" redirectPort="8443" />
I had more, but because of the errors, I took a step back and tried with only one tomcat for now. I will add the second tomcat and a loadbalancer.
Ok, so what's going on?
I can access the server and the index page of our system with no problem. The problem is when I try to redirect to service1. It just loads without response, but if I try to access service1 directly by port 8080, it works properly (I tired commenting out this connector. No luck).
Looking at server-status, I see the request stuck at w/sending reply, and in mod_jk.log I see that the worker properly matches the request. So while my configurations seem to be right, there is something in between happening. I don't really know if it's something with Apache, Tomcat or Mod_jk. I also tried to follow several guides of how to do this, but all of them got me to 404s. Looking around here and ServerFault didn't shed much light unfortunately so I'm the one asking now.
Am I missing something? Should I just use another approach? I'm very new at this and I'm at loss right now. The configuration and the logs show that nothing is really wrong (at first glance, at least...) so I'm entirely sure if my case scneario is even posible with mod_jk... HOnestly to run it back and try with proxy is very tempting at this point, but if I am, I'd rather know where Im wrong.
Additional info: Running on Ubuntu Server 18.04, lastest apache2 and mod_jk avaliable from apt (as of Apr 14), java 1.8 and Tomcat 8.5.64.
There was a change in Tomcat last year (from version 8.5.51 and version 9.0.31), which introduced a secretRequired attribute to the AJP connector with a default of true (cf. documentation). Hence you can either:
add a shared secret between the AJP connector and mod_jk
or add secretRequired="false" to the AJP connector:
<Connector protocol="AJP/1.3" port="8009" secretRequired="false" redirectPort="8443" />
Remark: AJP is a very old protocol and rarely used. Since your installation is pretty new, you might consider using directly HTTP (cf. this talk).
User when access BOBJ tomcat URL the AD SSO works without any issues, when the user tries to access the Apache load balancer, then we get the Request entity too large error message.
This is happening for few of the users and few of them can login without any issues.
Setup: configured Apache Load Balancer - to connect to two tomcat server via Workers.properties.
BOBJ AD SSO is configured on Tomcat server
Error :Request Entity Too Large
The requested resource
/BOE/portal/1712062105/BIPCoreWeb/VintelaServlet
does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.
Configuration on
Apache
Httpd:
LimitRequestLine 65536
LimitRequestBody 0
LimitRequestFieldSize 65536
LimitRequestFields 10000
ProxyIOBufferSize 65536
worker: worker.ajp13.max_packet_size=65536
Tomcat:
Request someone to help in troubleshooting the error.
Possible solution!
Apache tomcat:
1. modify /opt/ tomcat/config/server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxPostSize="209715200"
disableUploadTimeout="true"
maxHttpHeaderSize="1006384" />
2. modify /tomcat/webapps/manager/WEBINFO/web.xml
<multipart-config>
<!-- 50MB max -->
<max-file-size>104857600</max-file-size>
<max-request-size>209715200</max-request-size>
<file-size-threshold>0</file-size-threshold>
</multipart-config>
Nginx:
1. modify /etc/nginx/nginx.conf
2. add this " client_max_body_size 200M; "
http{
client_max_body_size 200M;
}
* Restart tomcat server
sudo systemctl restart tomcat
* Restart nginx server
sudo systemctl restart nginx
Similar issue for me, but the fix was slightly different:
worker.ajp13.max_packet_size=65536
This was actually in: path/apache2/conf/extra/workers.properties (probably just a typo in earlier answer)
The issue here is with the Apache parameter under Worker.properties file
We initial have set this to -> worker.ajp13.max_packet_size="65536"
However the syntax should be this :
worker..max_packet_size="65536”
Your site is basically the tomcat site which we refereed as worker1 and worker2.
Once we changed that value to below
worker: worker1.max_packet_size="65536"
This issue got fixed.
Hope this helps for users who have configure Apache as load balancer to two or more tomcat web application clusters.
I'm not 100% certain this will resolve your issue, but it seems to be related. In Tomcat's server.xml, add the following to Connector: maxHttpHeaderSize="65536". The whole line should look something like:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000"
redirectPort="8443" compression="on" URIEncoding="UTF-8" compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/json"
maxHttpHeaderSize="65536" />
The access to my server should be limited to some Remote hosts, and I want to allow Uptimerobot to monitor my server.
Currently uptimerobot gets always a 403 Forbidden.
I added Server.xml looks like this:
<Server .........>
<Service name="Catalina">
<Engine>
<Value className="org.apache.catalina.valves.RemoteHostValve" allow=".*\.uptimerobot\.com" />
</Engine>
</Service>
To match all hosts in this list UptimeRobot Whitelist
But after restarting server nothing changed, still 403.
I also tried to use a domain-name without wildcards like this:
allow="engine19\.uptimerobot\.com"
allow="engine19.uptimerobot.com"
But still 403,
I tried to enable hostnamelookups with adding
enableLookups="true"
to the <Connector
tag, but again no effect.
But in my logs I see that the access is resolved to "engine19.uptimerobot.com" wich matches my RemoteHost-Pattern.
Any Ideas, why it is still forbidden ?
EDIT:
Access via IP with
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="63\.143\.42\.244"/>
is working. But I dont want to add the whole list of ips there.
Is it possible that RemoteAddrValve and RemoteHostValve are disturbing eachother ?
I have tried this and this worked for me
set useIPVHosts to true in connector (Inside server.xml).
I am using HTTP connector and it looks as follow
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
enableLookups="true"
useIPVHosts="true" />
Details of attributes can be found here
Check tomcat/logs/local_access_log... to see what host name used for 403.
I found that our company DNS reports some names in all uppercase and others in all lowercase. Use (?i) to have regex be case insensitive:
allow="(?i)engine19\.uptimerobot\.com"
If you have both RemoteHostValve and RemoteAddValve, both must allow an incoming host. If either does not allow then 403 will be returned.
I am using Apache Tomcat 8 and also have .cert file and the .key file. But I am unable to understand how to turn on the HTTPS mode. I want the APR implementation which uses OpenSSL by default. I tried to change the server.xml file in conf folder according to the documentation but after that Tomcat failed to start and I have delete it and use new unzipped files to start. How can I turn on SSL?
If the APR is already installed and configured on your Tomcat, you could have something like this in your server.xml:
Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/>
Take a look at this tutorial tutorial, it was quite helpful for me.
Also this one could be interesting.
Our installation of Liferay Tomcat 6.2 EE bundle is behind an Apache HTTPD reverse proxy server with the SSL terminating at the load balancer. We do not have any SSL configuration on Tomcat 7 and are not using AJP.
We ran into an issue with using the web form portlet with the reCaptcha on the default site using SSL. The reCaptcha image was not rendered on the web form after configuring reCaptcha in the Control panel and then configuring the web form to use reCaptcha.
ReCaptcha worked on another HTTP Liferay 6.2 EE installation and site without an issue.
There were errors in the console in Firefox and Chrome:
Blocked loading mixed active content "http://www.google.com/recaptcha/api/challenge?k=asabsds50"[Learn More]
The reCaptcha call seemed to be made using http not https.
Thanks!
Liferay needs to have the tomcat configured in the server.xml to specify redirectport to be the same as the port tomcat is listening on ex. 8080 and adding the secure flag set to true. Restart Tomcat and test.
Apache reverse proxy in our case points to this port. This configuration worked. Now reCaptcha renders and the web forms submits successfully.
<Connector port="listeningport" protocol="HTTP/1.1"
connectionTimeout="20000" secure="true"
redirectPort="listeningport" URIEncoding="UTF-8" />
The old server.xml config was
<Connector port="listeningport" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" URIEncoding="UTF-8" />
Hope this helps