4. April 2014

Debian – Tomcat 7 is not serving https after upgrade

I made upgrade of Tomcat7 server on Linux Debian.

Tomcat stopped serving https. Port was open, no strange message in log, but it was not possible to connect from browser.

Here is configuration of https connector:

Connector port="8443" SSLEnabled="true" 
 protocol="org.apache.coyote.http11.Http11Protocol"
 maxThreads="150" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLSv1"

Long story short. Old version of Tomcat7 was using keystore from file /etc/tomcat7/keystore, but new version expects /etc/tomcat7/keystore.jks.

Simple fix:

cd /etc/tomcat7
ln -s keystore keystore.jks

Restart Tomcat. :-)

1. June 2013

Tomcat installed as Windows service doesn’t create log files

I was chasing one very insidious bug. Tomcat installed as Windows service was not creating logs. The only log produced by Tomcat was stdout and stderr from procrun wrapper.

It was very weird. Tomcat downloaded from Apache’s website was creating logs without problem. There was no difference between directories of problematic Tomcat and working Tomcat.

Ok, let’s cut long story short. After several attempts to locate the bug I realized that Tomcat started by startup.bat was working correctly.

The only difference was in the Tomcat’s start method.

It was necessary to open Tomcat service properties (ES stands for Edit Service):

tomcat7w.exe \\ES\\tomcatweb

The tricky part here was not to check the Logging tab. This issue had nothing to do with stuff displayed in Logging tab. It was necessary to open Java tab.

When I compared working service and Tomcat service without logging I found that following lines were missing:

-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.util.logging.config.file=C:\projects\apache-tomcat-7.0.40\conf\logging.properties

tomcat-edit-windows-service

Somebody who was registering the service just omitted those lines when overriding –JvmOptions. It was sufficient to add java.util.logging.manager and config.file. Restart service and Tomcat was logging without problem.

10. March 2012

Tomcat 7 listen on port 80 – Linux Debian

The default installation of Tomcat 7 for Linux Debian is listening on port 8080.

When you want to change the port to 80 then you have several options.

You can use iptables and redirect communication from port 8080 to port 80.

iptables -t nat -P PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-port 8080

The more straight forward approach is to bind Tomcat directly to port 80. First of all change port 8080 to 80 in file /etc/tomcat7/server.xml.

You’ll see error messages in /var/log/tomcat7/catalina.out when you try to restart Tomcat:

SEVERE: Failed to initialize connector [Connector[HTTP/1.1-80]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-80]]
Caused by: java.net.BindException: Permission denied

The problem is that default installation of Tomcat 7 for Linux Debian allows to bind only ports higher than 1023. You need to allow binding to privileged ports.

Open file /etc/defaults/tomcat7 and change option from:

#AUTHBIND=no

to:

AUTHBIND=yes

Restart Tomcat and it will listen on port 80.

19. February 2012

Tomcat 7 and curl – SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

There is very annoying bug in Open SSL 1.0 which affects curl. When you try to access Tomcat 7 with https with curl you’ll get fancy error:

curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

-k parameter is not working at all

You’re not able to invoke any request against Tomcat 7 with https in default configuration.

The solution is to restrict available ciphers in Tomcat’s https connector:

ciphers="SSL_RSA_WITH_RC4_128_SHA"

Restart Tomcat and curl will work.

10. January 2012

Debian Tomcat 7 – the trustAnchors parameter must be non-empty

I was deploying application on Tomcat7/OpenJDK. This application was accessing further secure services like SMTPS and HTTPS.

Tomcat was complaining that certificates are not correct (PKIX): the trustAnchors parameter must be non-empty.

Solution for Debian was quite easy after I found correct path to cacerts. Java cacerts for OpenJDK are stored in file: /etc/ssl/certs/java/cacerts.

To import certificate it is sufficient to use keytool:

keytool -import -keystore /etc/ssl/certs/java/cacerts -file cert.pem \
-alias ci.sinusgear.com

Then I restarted Tomcat and problem with trustAnchors disappeared.

13. November 2011

Apache Tomcat 7 Maven plugin

I was searching for Apache Tomcat 7 Maven plugin. I found only messages that no such thing exists and that I have to use some workaround. Finally I found link at StackOwerflow that pointed me to the testing version of  such a plugin.

You just need to configure repository and update mojo definition.

 <repositories>
    <repository>
      <id>people.apache.snapshots</id>
      <url>http://repository.apache.org/content/groups/snapshots-group/</url>
      <releases>
        <enabled>false</enabled>
      </releases>
      <snapshots>
        <enabled>true</enabled>
      </snapshots>
    </repository>
  </repositories>

  <pluginRepositories>
    <pluginRepository>
      <id>apache.snapshots</id>
      <name>Apache Snapshots</name>
      <url>http://repository.apache.org/content/groups/snapshots-group/</url>
      <releases>
        <enabled>false</enabled>
      </releases>
      <snapshots>
        <enabled>true</enabled>
      </snapshots>
    </pluginRepository>
  </pluginRepositories>
...
<plugin>
      <groupId>org.apache.tomcat.maven</groupId>
      <artifactId>tomcat7-maven-plugin</artifactId>
      <version>2.0-SNAPSHOT</version>
      <configuration>
        <path>/</path>
      </configuration>
    </plugin>

You can run Tomcat7 by: mvn tomcat7:run

You can read more about this new version of Tomcat Maven plugin at tomcat.apache.org.

This plugin is still under development.

BTW: List Maven plugins hosted at Apache.org is available at maven.apache.org/plugins.

2. July 2010

Ako vytvoriť klientskú aplikáciu pre Google App Engine s podporou Remote Development Services

Ako som už spomínal na BarCampe v Brne, klasický model vývoja klient server aplikácii je celkom pracný. Na jednej strane musíte implementovať serverový interface a na strane druhej musíte vyreplikovať dátové triedy a volania v klientovi. Uznávam, že ručná práca je dnes cenená, ale nie v IT.

Predstavme si scenár:

  • serverový vývojár: naimplementuje funkcie a dáta zaperzistuje pomocou JDO
  • vývojár klienta: pripojí sa na server a vytiahne si volania, ktoré potrebuje a pokračuje v implementácii GUI

Typickým problémom býva zmena rozhrania. Rozšírme scenár:

  • serverový vývojár: zmení API a definíciu tried
  • vývojár klienta: zvolí refresh, zmeny sa vyreplikujú do klientskej aplikácie a len opraví zasiahnutý kód

Pomerne jednoduché scenáre, bez dobrých nástrojov sú však veľmi pracné.

Open source technológia BlazeDS od Adobe podporuje tzv. Remote Development Service. Umožňuje automatizovať veľkú časť manuálnych prác, ktoré sa objavia pri replikácii serverového API do klientských aplikácií. Technológia BlazeDS je primárne integrovaná s Tomcatom a Spring serverom. Mňa zaujímala iná oblasť a síce ako dostať BlazeDS na Google App Engine.

V nasledujúcom screencaste je ukázané, ako RDS funguje.

Archetyp pre Mave nájdete na maven.sinusgear.com.

16. May 2010

Spolupracujúce internetové aplikácie s použitím BlazeDS

BlazeDS umožňuje vytvárať aplikácie, ktoré navzájom komunikujú po sieti a synchronizujú si medzi sebou údaje.

BlazeDS je open source server side technológia, ktorá je postavená na Jave. V kombinácii so serverom Tomcat je možné vytvárať aplikácie, ktoré podporujú napríklad aj server push.

Klientské aplikácie je možné vytvárať priamo vo Flash Builderi 4. Postup tvorby je veľmi podobný, ako pri napojení na bežné webové služby.

Ako si vyskúšať BlazeDS?

  • Prevziať ZIP archív BlazeDS Turnkey, rozbaliť.
  • Spustiť ukážkovú databázu. Skript startdb.bat (sh) nájdete v adresári sampledb.
  • Spustiť Tomcat. Skript startup.bat (sh) nájdete v adresári tomcat/bin
    • Tomcat nenaštartuje ak nemáte dobre nastavenú cestu k JDK 1.6.
    • Túto cestu je možné nastaviť na začiatok skriptu, napríklad:
    • Windows: set JAVA_HOME=c:\Java\Java-1.6
    • Linux: export JAVA_HOME=export JAVA_HOME=/usr/lib/jvm/java-6-sun-1.6.0.12
  • Nasmerujte svoj web prehliadač na adresu: http://localhost:8400/

Na začiatok odporúčam článok: Getting started with BlazeDS.

Pokiaľ by ste sa chceli o technológii BlazeDS dozvedieť viac, možete využiť ponuku školena na technológie Adobe Flex/AIR. Naviac môžete využiť službu hostovania BlazeDS a nemusíte zostavovať vlastnú serverovú infraštruktúru.

  • Babel fish

      Translate from:

      Translate to:

  • Where’s the fish?

  • Further info

  • Badges

  • Video channel

  • Learning

    lynda.com online training tutorials
  • Tags

  • Topics

  • Comments