We are using Jboos Eap 7.1 in our organization with access log enabled with the following pattern:
<access-log pattern="%h %l %u %t %r %s %b %{Referer}i %{User-Agent}i %{COOKIE}i %{SET-COOKIE}o %S %I %T"/>
Each 5 minutes server log says:
[org.springframework.web.servlet.mvc.support.DefaultHandlerExceptionResolver] (default task-49) Resolved [org.springframework.web.HttpMediaTypeNotAcceptableException: Could not find acceptable representation]
But in access log we see:
GET /general-error.html HTTP/1.1 404
Which is a fallback page for errors, so we don't know which url or spring controller is being requested, how can I see actual requested path like nginx does?
You can configure Request logging / RequestDumping handler using following commands.
Create a new Expression Filter with the RequestDumping Handler
/subsystem=undertow/configuration=filter/expression-filter=requestDumperExpression:add(expression="dump-request")
Enable the Expression Filter in the Undertow Web Server
/subsystem=undertow/server=default-server/host=default-host/filter-ref=requestDumperExpression:add
Above commands will add the following configuration in domain.xml/standalone.xml in undertow subsystem
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
...
<filter-ref name="requestDumperExpression"/>
</host>
</server>
...
<filters>
...
<expression-filter name="requestDumperExpression" expression="dump-request"/>
</filters>
The output will be logged in server.log file.
Refer following url for more detail :
https://access.redhat.com/solutions/2429371
Related
Im unable to display an image uploaded by a user on my local server (D:\fichiers)in a JSP,
using pure Jee (no spring), Tomcat 9, intelli-j idea.
I've tried everything i could find :
I tried to add :
<Context docBase="D:\fichiers" path="/images"/>
in context.xml in meta-inf, in server.xml in Tomcat installation conf folder, in server.xml in Tomcat/conf of the app, in catalina/localhost/root.xml, in catalina/localhost/context.xml.
But i still get an error 404, images not found.
Here is the server.xml file :
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Context docBase="D:\\fichiers" path="/images"/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b"/>
</Host>
and the jsp call :
<c:set var="chemin">/images/</c:set>
<c:forEach items="${spot.photos}" var="photo">
<img src="${chemin}${photo.nom}"/>
</c:forEach>
The only time it worked is when i checked on tomcat configuration
Deploy applications configured in Tomcat instance
But i had to remove it, cause Catalina was starting springframework on its own, and nothing worked properly after that.
Ok i found the answer, and though it's stupidly simple, i couldn't find a place where it was said.
In Tomcat configuration tab in Intelli-j :
Deployment Tab -> Add external Source -> Select the local Drive -> Put URL desired in Application Context, and that's it !
I am trying to add a vhost to my already running tomcat7 server.
I already have my default application running on tomcat successfully.
<Host name="mydefault.com" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<Host name="myNewHostDomain.com"
appBase="wings_microx_cash_reports"
unpackWars="true" autoDeploy="true">
i have added the domain as well on dns (godaddy) and ping is running fine.
But when i check the logs in /usr/share/tomcat7/logs, i do not see anyinfo with respect to my new vhost
Also, when i send in a http request to my new host, i see the default host app is running
<Engine name="Catalina" defaultHost="mydefault.com">
Any pointers how i can check/rectify this?
sorry for false alarm
i had not closed the tag pproperly.
I am having a very challenging time forcing HTTPS on a Bitnami Ubutnu Wildfly 10 install.
The HTTPS works fine (e.g. https://example.com works great)
I have tried many different things with no result. Here are some highlights of what I've done:
I modified my web.xml to add this (note MYWEBNAME was replaced with my war file name):
<security-constraint>
<web-resource-collection>
<web-resource-name>MYWEBNAME</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I modified /opt/bitnami/apache2/conf/bitnami/bitnami.conf (as per https://docs.bitnami.com/aws/components/apache/):
<VirtualHost _default_:80>
DocumentRoot /opt/bitnami/apache2/htdocs"
ADD: RewriteEngine On
ADD: RewriteCond %{HTTPS} !=on
ADD: RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
...
</VirtualHost>
I modified standalone.xml
<management-interfaces>
<http-interface security-realm="ApplicationRealm" http-upgrade-enabled="true">
<socket-binding https="management-https"/>
</http-interface>
</management-interfaces>
I modified my root index.html to redirect to:
<SCRIPT>document.location="https://example.com";</SCRIPT>
As per Wildfly 9 http to https, I tried this:
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
<socket interface="management" secure-port="${jboss.management.http.port:9990}"/>
</http-interface>
this resulted in a 503 error and wildfly to die, so I removed it.
What I have now, is http://example.com redirecting to https://localhost:8443
So I think it's close, I just cannot figure out how to make it redirect to https://example.com:8443 instead
I m not using Apache proxing Wildfly. But in my setup, all request on port 80 or 8080 (http://example.com or http://example.com:8080) is redirected to port 443 (https://example.com).
It is done making iptables to redirect traffic from 80 to 8080 and 443 to 8443 and than wildfly redirects CONFIDENTIAL transport requests to port 443 instead 8443.
Please see if it is helpful: make wildfly listen on port 443 not 8443
By the way, use javascript or any other client side script to redirect to SSL is not safe enough once the responsability of the redirection is in the client side.
For others looking for a solution, here's a summary of what I did - all in one spot. This is a summary of the links located in this thread, so h/t to those authors who answered the question. The credit belongs to them, this is just a summary of what worked for me.
1. Add an IPTABLES routing rule to route port 443 to 8443.
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
Hint: to see what rules you already have in place, use:
sudo iptables -t nat -L -n -v
2. Add a Rewrite Filter and a Predicate to the configuration. Add the entries shown on line 10 and 24 of the snippet.
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<https-listener name="default-ssl" security-realm="ApplicationRealm" socket-binding="https"/>
<host name="default-host" default-web-module="YOURWARFILENAMEHERE.war" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="http-to-https" predicate="equals(%p,8080)"/>
<!-- ADD THE filter-ref ENTRY ABOVE -->
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<rewrite name="http-to-https" redirect="true" target="https://DOMAINNAMEHERE:8443%U"/>
<!-- ADD THE rewrite ENTRY ABOVE, BE SURE TO SUBSTITUTE YOUR DOMAIN NAME -->
</filters>
</subsystem>
Note: I wondered if adding an iptables reroute from 8080 to 8443 using the command in step 1 would be sufficient and eliminate the need for step 2. But step 2 worked for me so I went with it. I'll leave trying that option up to the reader if they want.
3. Modify The Management Interfaces section of the standalone.xml.
<management-interfaces>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
<socket-binding https="management-https"/>
</http-interface>
</management-interfaces>
Note that this replaced the binding to http. Also note this step may not be directly related to the forwarding of HTTP to HTTPS but rather just a step in the HTTPS setup.
4. Restart your Wildfly instance.
I am using Tomcat 7.0.65.
Here is my tomcat-users.xml:
<role rolename="manager"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-status"/>
<user username="admin" password="tomcat" roles="manager,manager-gui,manager-script,manager-status"/>
Here is the server realm snippet in server.xml
<Realm className="org.apache.catalina.realm.MemoryRealm" />
I can access the below urls : [It asks for the credentials for the first time]
http://localhost:8080/manager/status
http://localhost:8080/manager/status/all
But accessing any of the urls :
http://localhost:8080/manager/text/sessions?path=/examples
http://localhost:8080/manager/text/serverinfo
fails with "404 Not found". Below is the displayed error message:
The page you tried to access (/manager/text/sessions) does not exist.
The Manager application has been re-structured for Tomcat 7 onwards and some of URLs have changed. All URLs used to access the Manager application should now start with one of the following options:
/manager/html for the HTML GUI
/manager/text for the text interface
/manager/jmxproxy for the JMX proxy
/manager/status for the status pages
Note that the URL for the text interface has changed from "/manager" to "/manager/text".
You probably need to adjust the URL you are using to access the Manager application. However, there is always a chance you have found a bug in the Manager application. If you are sure you have found a bug, and that the bug has not already been reported, please report it to the Apache Tomcat team.
Note that I am accessing the url as /manager/text . Even curl fails with the same error.
Am I missing any configuration?
After much debugging, I found the real cause was the ManagerServlet was failing to get instantiated with the below security exception:
java.lang.SecurityException: Restricted (ContainerServlet) class org.apache.catalina.manager.ManagerServlet
The way to fix is to set "privileged=true" in the "Context" section in TOMCAT_INSTALL_DIR/conf/context.xml
<!-- The contents of this file will be loaded for each web application -->
<Context privileged="true">
<!-- Default set of monitored resources. If one of these changes, the -->
<!-- web application will be reloaded.
Provide the roles below in the conf/tomcat-users.xml file.
<user username="test" password="test" roles="admin-gui,manager-gui"/>
My apache document root is /srv/www/htdocs/ and my url is https://internal.net/
My requirement is to open a URL https://internal.net/jenkins-project/ which should have document root as /usr/share/tomcat7/webapps/jenkins-project/ rather than looking into /srv/www/htdocs/jenkins-project/
I tried using mod_jk and have configured a worker property with name worker1 and am using it in httpd.conf as mentioned below
JkMount /jenkins-project/* worker1
But still throwing an error
File does not exist: /srv/www/htdocs/jenkins-project/
I have used below code in tomcat's server.xml and restarted Tomcat. Its working fine now.
<Context path="/jenkins-project" docBase="jenkins-project" debug="0" reloadable="true">
<Logger className="org.apache.catalina.logger.FileLogger" prefix="jenkins-project" suffix=".log" timestamp="false"/>
</Context>