You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Glenn Nielsen <gl...@voyager.apg.more.net> on 2002/02/15 14:32:12 UTC

Tomcat 4 workDir namespace collisions

If you configure both an https(SSL) Host and an http Host which have
the same domain name they end up having the same workDir.

Using the Host name to create the default workDir does not guarantee
it is unique since their can be both an http host and an https host
with the same domain name.

There is no easy workaround for this in the current tomcat configuration
since the workDir can only be configured in the Context scope.

This case can arise when you use two Engine configurations, one for
http hosts and one for https hosts, each Engine with a separte Ajp
connector to Apache.

Perhaps the work dir directory path should have an additional directory
in its path for the Engine name.

$CATALINA_HOME/work/{engine}/{host}/{webapp}

Regards,

Glenn

----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Tomcat 4 workDir namespace collisions

Posted by Glenn Nielsen <gl...@voyager.apg.more.net>.

Remy Maucherat wrote:
> 
> > Remy Maucherat wrote:
> > >
> > > > If you configure both an https(SSL) Host and an http Host which have
> > > > the same domain name they end up having the same workDir.
> > > >
> > > > Using the Host name to create the default workDir does not guarantee
> > > > it is unique since their can be both an http host and an https host
> > > > with the same domain name.
> > > >
> > > > There is no easy workaround for this in the current tomcat
> configuration
> > > > since the workDir can only be configured in the Context scope.
> > > >
> > > > This case can arise when you use two Engine configurations, one for
> > > > http hosts and one for https hosts, each Engine with a separte Ajp
> > > > connector to Apache.
> > > >
> > > > Perhaps the work dir directory path should have an additional
> directory
> > > > in its path for the Engine name.
> > > >
> > > > $CATALINA_HOME/work/{engine}/{host}/{webapp}
> > >
> > > Yes, I know about that issue. I've been saying that the host name should
> be
> > > unique across all services, which seems reasonable to me.
> > > In your example, I think there should be 2 connectors attached to the
> same
> > > host.
> > >
> >
> > I am not sure how the above would fix the problem I see.
> >
> > Attaching two connectors to the same host would not fix the problem I
> have.
> > Because each host (http and https with the same domain name) are a
> different
> > web site with different content and web applications.
> 
> Ok, your use case looks legitimate :-(
> 
> I'm -1 for fixing this in 4.0.x (it's just too risky). Fixing it in HEAD is
> non trivial (you have to change the work dir, change the JNDI URLs), but
> since there are no pending releases, I think it can be done. Using the
> engine name or the service name seems reasonable. Which one do you think is
> best ? Do you volunteer to do the changes ?
>

Fixing this in HEAD is fine with me.  But I think there may be more problems
related to using the hostname as a unique identifier than just the above.  

Read on...

I was able to overcome my original problem where
both hosts used the same workDir but using a different host name for
the public site and setting an Alias for the host name it had in common
with the SSL site.

Hmmm, another host name space wierdness is happening.  context logging
for failures in one host are sometimes logged to the other host's context
log.

I have a public website which has two host names for the same site.
www.something.mo.us and www.something.com.  In addition
there is an SSL site for www.something.com.

Here is some psuedo server.xml config:

<Server port="8005" shutdown="SHUTDOWN" debug="0">

  <Service name="Tomcat-Apache">

    <Connector className="org.apache.ajp.tomcat4.Ajp13Connector"
               port="8009" minProcessors="5" maxProcessors="75"
               acceptCount="50" connectionTimeout="0" debug="0"/>

    <Engine name="Tomcat-Apache" defaultHost="www.something.mo.us" debug="0">

      <Logger className="org.apache.catalina.logger.FileLogger"
              prefix="catalina_log." suffix=".txt"
              timestamp="true"/>

      <Host name="www.something.mo.us" debug="0"
            appBase="/export/home/something/webapps"
            unpackWARs="true">

        <Alias>www.something.com</Alias>

        <Logger className="org.apache.catalina.logger.FileLogger"
                directory="logs"  prefix="www.something.mo.us_log." suffix=".txt"
                timestamp="true"/>
      </Host>
    </Engine>
  </Service>

  <Service name="Tomcat-Apache-SSL">

    <Connector className="org.apache.ajp.tomcat4.Ajp13Connector"
               port="8010" minProcessors="5" maxProcessors="75"
               acceptCount="10" scheme="https" secure="true"
               connectionTimeout="0" debug="0"/>

    <Engine name="Apache-Apache-SSL" defaultHost="www.something.com" debug="0">

      <Logger className="org.apache.catalina.logger.FileLogger"
              prefix="catalina_ssl_log." suffix=".txt"
              timestamp="true"/>

      <Host name="www.molottery.com" debug="0"
            appBase="/export/home/something/ssl/webapps"
            unpackWARs="true">
        <Logger className="org.apache.catalina.logger.FileLogger"
                prefix="www.something.com_log." suffix=".txt"
                timestamp="true"/>

      </Host
    </Engine>
  </Service>
</Server>


----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Tomcat 4 workDir namespace collisions

Posted by Remy Maucherat <re...@apache.org>.

> Remy Maucherat wrote:
> >
> > > If you configure both an https(SSL) Host and an http Host which have
> > > the same domain name they end up having the same workDir.
> > >
> > > Using the Host name to create the default workDir does not guarantee
> > > it is unique since their can be both an http host and an https host
> > > with the same domain name.
> > >
> > > There is no easy workaround for this in the current tomcat
configuration
> > > since the workDir can only be configured in the Context scope.
> > >
> > > This case can arise when you use two Engine configurations, one for
> > > http hosts and one for https hosts, each Engine with a separte Ajp
> > > connector to Apache.
> > >
> > > Perhaps the work dir directory path should have an additional
directory
> > > in its path for the Engine name.
> > >
> > > $CATALINA_HOME/work/{engine}/{host}/{webapp}
> >
> > Yes, I know about that issue. I've been saying that the host name should
be
> > unique across all services, which seems reasonable to me.
> > In your example, I think there should be 2 connectors attached to the
same
> > host.
> >
>
> I am not sure how the above would fix the problem I see.
>
> Attaching two connectors to the same host would not fix the problem I
have.
> Because each host (http and https with the same domain name) are a
different
> web site with different content and web applications.

Ok, your use case looks legitimate :-(

I'm -1 for fixing this in 4.0.x (it's just too risky). Fixing it in HEAD is
non trivial (you have to change the work dir, change the JNDI URLs), but
since there are no pending releases, I think it can be done. Using the
engine name or the service name seems reasonable. Which one do you think is
best ? Do you volunteer to do the changes ?

Remy


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Tomcat 4 workDir namespace collisions

Posted by Glenn Nielsen <gl...@voyager.apg.more.net>.

Remy Maucherat wrote:
> 
> > If you configure both an https(SSL) Host and an http Host which have
> > the same domain name they end up having the same workDir.
> >
> > Using the Host name to create the default workDir does not guarantee
> > it is unique since their can be both an http host and an https host
> > with the same domain name.
> >
> > There is no easy workaround for this in the current tomcat configuration
> > since the workDir can only be configured in the Context scope.
> >
> > This case can arise when you use two Engine configurations, one for
> > http hosts and one for https hosts, each Engine with a separte Ajp
> > connector to Apache.
> >
> > Perhaps the work dir directory path should have an additional directory
> > in its path for the Engine name.
> >
> > $CATALINA_HOME/work/{engine}/{host}/{webapp}
> 
> Yes, I know about that issue. I've been saying that the host name should be
> unique across all services, which seems reasonable to me.
> In your example, I think there should be 2 connectors attached to the same
> host.
> 

I am not sure how the above would fix the problem I see.  

Attaching two connectors to the same host would not fix the problem I have.
Because each host (http and https with the same domain name) are a different
web site with different content and web applications.

Regards,

Glenn

----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Tomcat 4 workDir namespace collisions

Posted by Remy Maucherat <re...@apache.org>.

> If you configure both an https(SSL) Host and an http Host which have
> the same domain name they end up having the same workDir.
>
> Using the Host name to create the default workDir does not guarantee
> it is unique since their can be both an http host and an https host
> with the same domain name.
>
> There is no easy workaround for this in the current tomcat configuration
> since the workDir can only be configured in the Context scope.
>
> This case can arise when you use two Engine configurations, one for
> http hosts and one for https hosts, each Engine with a separte Ajp
> connector to Apache.
>
> Perhaps the work dir directory path should have an additional directory
> in its path for the Engine name.
>
> $CATALINA_HOME/work/{engine}/{host}/{webapp}

Yes, I know about that issue. I've been saying that the host name should be
unique across all services, which seems reasonable to me.
In your example, I think there should be 2 connectors attached to the same
host.

Remy


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>