Hoping somebody can point me in the correct direction here. Currently have a deployed app running on JBoss 4.2.3. The application now has a requirement to allow posts of sizes slightly larger than 10Mb. When the post is that size, it is disallowed on the client side.
I have tried setting the maxPostSize attribute to allow this but that has had no effect. My search through documentation has turned up no other suggestion.
If anybody has any suggestions, they'd be greatly appreciated.
Connector:
<Connector port="443" address="${jboss.bind.address}"
scheme="https" secure="true" SSLEnabled="true" sslProtocol="TLS"
maxThreads="250" maxHttpHeaderSize="16384"
emptySessionPath="true" protocol="HTTP/1.1"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
maxSavePostSize = "67108864" maxPostSize = "67108864" />
Related
Let's say my app is www.example.com.
When I put mydomin.com in the browser, it should redirect to https://www.example.com.
I have configured SSL already on my server.
If I put https://www.example.com, it always opens, but it does not redirect if I entered example.com.
Here is my connector:
<Connector port="8080" connectionTimeout="20000" protocol="org.apache.coyote.http11.Http11NioProtocol" redirectPort="443" />
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="file.jks" keystorePass="pass" />
My server is Tomcat 7 and Linux box.
your http port is 8080 instead of the default 80. A url without the port number will default to port 80 hence http://www.example.com. would go to http://www.example.com:80/.
I am trying to implement SSL for my application using jboss. Below is the implementation in server.xml file.
<Service name="jboss.web"
className="org.jboss.web.tomcat.tc5.StandardService">
<!-- A HTTP/1.1 Connector on port 80
<Connector port="80" address="${jboss.bind.address}"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"/> -->
<!-- A AJP 1.3 Connector on port 8009 -->
<Connector port="8809" address="${jboss.bind.address}"
enableLookups="false" redirectPort="8443" debug="0"
protocol="AJP/1.3"/>
<!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
keystorePass="rmi+ssl" sslProtocol = "TLS" />
This configuration is working for 'https://localhost:8443' on server but not using my domain eg.'https://test-example.com:8443'.
Please test using this configuration as i have added the SSLEnabled = "true".As it is mandatory
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}"
maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
keystorePass="rmi+ssl" sslProtocol = "TLS" />
If localhost works but not the domain name, then it's probably because the ${jboss.bind.address} is 127.0.0.1. Verify that you're binding the server's IP and not the loopback.
I tried to configure SSL certificate for Tomcat 7(7.0.61) which I installed on Azure Windows VM.
Https does not work and there are no errors in Tomcat logs. I use Digicert certificate which gave me .jks keystore file. VM has its own DNS: myVm.cloudapp.net I registered my own domain NNN.today at one.com and make redirection from NNN.today to myVm.cloudapp.net.
When created certificate I used NNN.today. I configured endpoints for my VM (http for port 80 and SSL for port 443). APR listener is commented out in server.xml.
Here is my server.xml config:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8443"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true" acceptCount="100"
scheme="https" secure="true" SSLEnabled="true" clientAuth="false"
sslProtocol="TLS" keyAlias="server"
keystoreFile="${catalina.base}/conf/app_farewell_today.jks" keystorePass="my_password" keystoreType="JKS"
truststoreFile="${catalina.base}/conf/app_farewell_today.jks" truststorePass="my_password" truststoreType="JKS"/>
What am I doing wrong? Any help appreciated!
The VM's firewall should be configured to listen to this ports as well and the public endpoint configuration should map to the proper internal ports as well.
I've try to deploy my project with Tomcat 5.5 (sounds dull :D)
But i have a trouble when using SSL with this error like this post.
An error occurred during a connection to localhost:7080.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
And later i go and fix it with this post with this post with adding protocol="org.apache.coyote.http11.Http11Protocol" into my Connector tag in my tomcat server.xml. But when i restart my tomcat, there is an error like this image (dont know how to copy this error through windows terminal)
And this is my server.xml connector tag
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
sslEnabled="true"
keystoreFile="${user.home}/keystores/keystore_lipsweb_jetty.jks"
keystorePass="jetty1" />
<Connector port="7080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
URIEncoding="UTF-8"/>
Well, i still have no idea how to fix this. Really appreciate with your helps. Thanks
i did it like this and it worked for me
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="80" minProcessors="5"
address="10.1.0.50"
maxProcessors="75"
enableLookups="false" redirectPort="443" acceptCount="10" debug="0" connectionTimeout="20000"
useURIValidationHack="false" URIEncoding="UTF-8"/>
<Connector port="443" maxHttpHeaderSize="8192"
address="10.1.0.50"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
URIEncoding="UTF-8"
keystoreFile="/usr/java/default/jre/lib/security/keystore.jks"
keystorePass="password"/>
I've been resolve this problem by change my Tomcat version. When i create this post, i use Tomcat 5.5.36. But when i try to use an older one (5.5.26), There is no error on deployment and my project working properly.
Well, so far i don't know what the difference between Tomcat 5.5.36 and 5.5.26. I hope in few times i can explain what happen here in detail. But anyone who knows this thing can sharing here and i really appreciate it.
I have problem where google chrome is showing:
The site uses SSL, but Google Chrome has detected either high-risk insecure content on the page or problems with the site’s certificate. Don’t enter sensitive information on this page. Invalid certificate or other serious https issues could indicate that someone is attempting to tamper with your connection to the site.
message which shows up as crossed with red https sign.
How should I configure tomcat to get rid of the message shown in detail on the below picture?
I found this link but can't make out from it how to fix this:
http://code.google.com/p/chromium/issues/detail?id=72716
Also there is mention of OpenSSL problem with APR (what would be the OpenSSL alternative?):
http://tomcat.apache.org/security-native.html
I have GeoTrust Business ID certificate which is more than adequate for the site and should be secure enough. So I believe this some issue with either Tomcat or Java.
Working configuration in server.xml:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="16384"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"
scheme="https"
secure="true"
SSLEnabled="true"
sslProtocol="TLS"
clientAuth="false"
keystoreFile="/usr/share/tomcat6/conf/tomcat.keystore" keystorePass="somepass"
/>
is giving me the error on the picture:
UPDATE - Going native
`<Connector port="443"`
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxHttpHeaderSize="16384"
maxThreads="150"
enableLookups="false"
acceptCount="100"
disableUploadTimeout="true"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"
scheme="https"
secure="true"
SSLEnabled="true"
SSLCertificateFile="/tomcat/conf/cert.crt"
SSLCertificateKeyFile="/tomcat/conf/key.pem"
SSLCACertificateFile="/tomcat/conf/rootandintermidiate.crt"
clientAuth="optional"
/>
This seemed to do the trick!
According to:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
"The APR connector uses different
attributes for SSL keys and
certificates."
The examples they give is (JSSE):
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
For JSSE and then APR:
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
clientAuth="optional" SSLProtocol="TLSv1"/>
The first thing I noticed was SSLProtocol is different (attribute and its value) and it doesn't use keystoreFile. This appears to be because:
"If the installation uses APR - i.e.
you have installed the Tomcat native
library - then it will use the APR SSL
implementation."
The attributes in your example relate to the JSSE implementation, so I'm assuming the issue relates to the use of the NIO protocol and / or APR. Change your Connector to use the attributes designed solely for APR and remove the JSSE ones (or vice versa).