You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Roberto B." <ro...@ipermedianet.com> on 2001/08/17 11:50:22 UTC
Why and How Tomcat before Apache?
I have a Linux/Debian system.
I want to use Apache as web-server and Tomcat only for JSP file.
Is it true that it is necessary to make start Tomcat before Apache? Why?..
and if it is true.. how??
Thanks!
Roberto.
Re: Why and How Tomcat before Apache?
Posted by Rui Miguel Seabra <rm...@multicert.com>.
On 17 Aug 2001 11:50:22 +0200, Roberto B. wrote:
> I have a Linux/Debian system.
> I want to use Apache as web-server and Tomcat only for JSP file.
> Is it true that it is necessary to make start Tomcat before Apache? Why?..
> and if it is true.. how??
If you include the automatically generated files that tomcat creates in
your apache conf, then you have to start tomcat, then apache. The
shutdown order is irrelevant.
If you do what's best for you (learn the configuration and do not use
the automatically generated confs) then you just include a static file
in your apache configuration, and will not need to restart apache when
you restart tomcat.
CAVEAT: tomcat 3.2.x has a bug in mod_jk: it is not ready for the
disappearence of workers. as a result, if you restart tomcat, a new tcp
connection will be done, but the old one will still be there and calls
for servlets will cause an internal server error, untill the tcp
connection is discarded due to a timeout, or something. As a result,
even though you shouldn't need, you have to restart apache if you
restart tomcat. I don't know about the 3.3.x or 4.x series.
Hugs, rms
--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Ghandi
+ So let's do it...?
Re: Why and How Tomcat before Apache?
Posted by David Cassidy <dc...@hotgen.com>.
The usual thing is to save it to init.d and then link to the rc[235].d
of
your choice.
If you've got redhat you can use the chkconfig program on it.
Note though that you'll need to add a user 'tomcat' and make
sure that at least the conf and logs directories are
availible for writing by that user.
You might want to make a 'web' group...
i've also added
------- 8< snip --------
DATE=`date +%Y-%m-%d-%H-%M-%S`
mkdir $TOMCAT/logs/$DATE
mv $TOMCAT/logs/*.log $TOMCAT/logs/$DATE
-------8<---- snip --------
into my shutdown.sh script. This then saves all of your logs when you
do a shutdown - which can be useful !
David
"Roberto B." wrote:
>
> Do I have to insert this script in my rc2.d dir. and link it in init.d ?
>
> R.
>
> ----- Original Message -----
> From: "David Cassidy" <dc...@hotgen.com>
> To: <to...@jakarta.apache.org>
> Sent: Friday, August 17, 2001 5:06 PM
> Subject: Re: Why and How Tomcat before Apache?
>
> > Ah what the hell try this ...
> > ( works for me !)
> >
> >
> > Watch out for the line wraps !
> >
> >
> > ------------- 8< -- snip
> > #!/bin/sh
> >
> > # Init file for Jakarta Tomcat
> > #
> > # chkconfig: 345 98 00
> > # description: Jakarta tomcat daemon
> > #
> > # processname:
> > # config: /usr/local/tomcat/conf/server.xml
> >
> > RETVAL=0
> >
> > TOMCAT_HOME=/usr/local/tomcat
> > export TOMCAT_HOME
> >
> > case "$1" in
> > start)
> > F=`$0 status`
> > if [ "$?" = "255" ] ; then
> > echo -n "Starting Tomcat : "
> > su - tomcat -c "cd $TOMCAT_HOME/bin;
> > $TOMCAT_HOME/bin/startup.sh > $TOMCAT_HOME/logs/tomcat_stdout.log 2>
> > $TOMCAT_HOME/logs/tomcat_stderr.log"
> > echo " [ OK ] "
> > else
> > echo "Tomcat is already running"
> > fi
> > echo
> > ;;
> > stop)
> > F=`$0 status`
> > if [ "$?" = "255" ] ; then
> > echo "Tomcat isn't running"
> > else
> > echo -n "Shutting down Tomcat : "
> > su - tomcat -c "cd $TOMCAT_HOME/bin ;
> > $TOMCAT_HOME/bin/shutdown.sh >
> $TOMCAT_HOME/logs/tomcat_down_stdout.log
> > 2> $TOMCAT_HOME/logs/tomcat_down_stderr.log"
> > echo " [ OK ] "
> > fi
> > echo
> > ;;
> > restart)
> > $0 stop
> > sleep 2
> > $0 start
> > RETVAL=$?
> > ;;
> > status)
> > S=`ps auxww | grep org.apache.tomcat.startup.Tomca[t] | wc -l`
> > E=`expr $S`
> > if [ "$E" = "0" ] ;then
> > echo "Tomcat is stopped"
> > RETVAL=-1
> > else
> > PIDS=`ps auxww | grep
> org.apache.tomcat.startup.Tomca[t]
> > | awk '{FS=" "}{print $2}'`
> > P=`echo $PIDS`
> > echo "Tomcat ( $P ) is running"
> > RETVAL=0
> > fi
> > ;;
> > *)
> > echo "Usage: tomcat {start|stop|restart|status}"
> > exit 1
> > esac
> >
> > exit $RETVAL
> >
> > ------------- 8< -- snip
> >
> >
> > David Cassidy wrote:
> > >
> > > unless you want to run your tomcat as root ( Very unwise )
> > > makesure that you use a 'su' command in your
> > > call to tomcat's start script...
> > >
> > > David
> > >
> > > Rui Miguel Seabra wrote:
> > > >
> > > > Just hack apachectl script to launch tomcat just before apache,
> and to
> > > > shut it down right aftwards.
> > > >
> > > > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > > > Ok ! but.. do you know the way to make this in automatic ( with
> > > > scripts at
> > > > > system start ) ??
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > > > > To: <to...@jakarta.apache.org>
> > > > > Sent: Friday, August 17, 2001 3:39 PM
> > > > > Subject: Re: Why and How Tomcat before Apache?
> > > > >
> > > > >
> > > > > > I cannot answer your "why" question, because, I am not one of
> the
> > > > > developers
> > > > > > of apache or tomcat. But here is the answer to your "how"
> > > question:
> > > > > >
> > > > > > *To stop and start your tomcat:
> > > > > >
> > > > > > cd /usr/local/tomcat
> > > > > >
> > > > > > bin/shutdown.sh
> > > > > >
> > > > > > bin/startup.sh
> > > > > >
> > > > > > *Exit from tomcat and go to your apache server:
> > > > > >
> > > > > > su
> > > > > >
> > > > > > /usr/local/apache/bin/apachectl restart
> > > > > >
> > > > > > exit
> > > > > >
> > > > > > * Another way of stopping and starting apache:
> > > > > >
> > > > > > bin/apachectl stop
> > > > > > bin/apachectl start
> > > > > >
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Roberto B." <ro...@ipermedianet.com>
> > > > > > To: <to...@jakarta.apache.org>
> > > > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > > > Subject: Why and How Tomcat before Apache?
> > > > > >
> > > > > >
> > > > > > > I have a Linux/Debian system.
> > > > > > > I want to use Apache as web-server and Tomcat only for JSP
> file.
> > > > > > >
> > > > > > > Is it true that it is necessary to make start Tomcat before
> > > > Apache?
> > > > > Why?..
> > > > > > > and if it is true.. how??
> > > > > > >
> > > > > > > Thanks!
> > > > > > > Roberto.
> > > > > > >
> > > > > > >
> > > > >
> > > > --
> > > > + No matter how much you do, you never do enough -- unknown
> > > > + Whatever you do will be insignificant,
> > > > | but it is very important that you do it -- Ghandi
> > > > + So let's do it...?
RE: Why and How Tomcat before Apache?
Posted by Martin van den Bemt <ma...@isallineed.org>.
yep ;-))
> -----Original Message-----
> From: Roberto B. [mailto:roberto@ipermedianet.com]
> Sent: Friday, August 17, 2001 5:41 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Re: Why and How Tomcat before Apache?
>
>
> Do I have to insert this script in my rc2.d dir. and link it in init.d ?
>
> R.
>
> ----- Original Message -----
> From: "David Cassidy" <dc...@hotgen.com>
> To: <to...@jakarta.apache.org>
> Sent: Friday, August 17, 2001 5:06 PM
> Subject: Re: Why and How Tomcat before Apache?
>
>
> > Ah what the hell try this ...
> > ( works for me !)
> >
> >
> > Watch out for the line wraps !
> >
> >
> > ------------- 8< -- snip
> > #!/bin/sh
> >
> > # Init file for Jakarta Tomcat
> > #
> > # chkconfig: 345 98 00
> > # description: Jakarta tomcat daemon
> > #
> > # processname:
> > # config: /usr/local/tomcat/conf/server.xml
> >
> > RETVAL=0
> >
> > TOMCAT_HOME=/usr/local/tomcat
> > export TOMCAT_HOME
> >
> > case "$1" in
> > start)
> > F=`$0 status`
> > if [ "$?" = "255" ] ; then
> > echo -n "Starting Tomcat : "
> > su - tomcat -c "cd $TOMCAT_HOME/bin;
> > $TOMCAT_HOME/bin/startup.sh > $TOMCAT_HOME/logs/tomcat_stdout.log 2>
> > $TOMCAT_HOME/logs/tomcat_stderr.log"
> > echo " [ OK ] "
> > else
> > echo "Tomcat is already running"
> > fi
> > echo
> > ;;
> > stop)
> > F=`$0 status`
> > if [ "$?" = "255" ] ; then
> > echo "Tomcat isn't running"
> > else
> > echo -n "Shutting down Tomcat : "
> > su - tomcat -c "cd $TOMCAT_HOME/bin ;
> > $TOMCAT_HOME/bin/shutdown.sh > $TOMCAT_HOME/logs/tomcat_down_stdout.log
> > 2> $TOMCAT_HOME/logs/tomcat_down_stderr.log"
> > echo " [ OK ] "
> > fi
> > echo
> > ;;
> > restart)
> > $0 stop
> > sleep 2
> > $0 start
> > RETVAL=$?
> > ;;
> > status)
> > S=`ps auxww | grep org.apache.tomcat.startup.Tomca[t] | wc -l`
> > E=`expr $S`
> > if [ "$E" = "0" ] ;then
> > echo "Tomcat is stopped"
> > RETVAL=-1
> > else
> > PIDS=`ps auxww | grep org.apache.tomcat.startup.Tomca[t]
> > | awk '{FS=" "}{print $2}'`
> > P=`echo $PIDS`
> > echo "Tomcat ( $P ) is running"
> > RETVAL=0
> > fi
> > ;;
> > *)
> > echo "Usage: tomcat {start|stop|restart|status}"
> > exit 1
> > esac
> >
> > exit $RETVAL
> >
> > ------------- 8< -- snip
> >
> >
> > David Cassidy wrote:
> > >
> > > unless you want to run your tomcat as root ( Very unwise )
> > > makesure that you use a 'su' command in your
> > > call to tomcat's start script...
> > >
> > > David
> > >
> > > Rui Miguel Seabra wrote:
> > > >
> > > > Just hack apachectl script to launch tomcat just before
> apache, and to
> > > > shut it down right aftwards.
> > > >
> > > > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > > > Ok ! but.. do you know the way to make this in automatic ( with
> > > > scripts at
> > > > > system start ) ??
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > > > > To: <to...@jakarta.apache.org>
> > > > > Sent: Friday, August 17, 2001 3:39 PM
> > > > > Subject: Re: Why and How Tomcat before Apache?
> > > > >
> > > > >
> > > > > > I cannot answer your "why" question, because, I am not
> one of the
> > > > > developers
> > > > > > of apache or tomcat. But here is the answer to your "how"
> > > question:
> > > > > >
> > > > > > *To stop and start your tomcat:
> > > > > >
> > > > > > cd /usr/local/tomcat
> > > > > >
> > > > > > bin/shutdown.sh
> > > > > >
> > > > > > bin/startup.sh
> > > > > >
> > > > > > *Exit from tomcat and go to your apache server:
> > > > > >
> > > > > > su
> > > > > >
> > > > > > /usr/local/apache/bin/apachectl restart
> > > > > >
> > > > > > exit
> > > > > >
> > > > > > * Another way of stopping and starting apache:
> > > > > >
> > > > > > bin/apachectl stop
> > > > > > bin/apachectl start
> > > > > >
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Roberto B." <ro...@ipermedianet.com>
> > > > > > To: <to...@jakarta.apache.org>
> > > > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > > > Subject: Why and How Tomcat before Apache?
> > > > > >
> > > > > >
> > > > > > > I have a Linux/Debian system.
> > > > > > > I want to use Apache as web-server and Tomcat only
> for JSP file.
> > > > > > >
> > > > > > > Is it true that it is necessary to make start Tomcat before
> > > > Apache?
> > > > > Why?..
> > > > > > > and if it is true.. how??
> > > > > > >
> > > > > > > Thanks!
> > > > > > > Roberto.
> > > > > > >
> > > > > > >
> > > > >
> > > > --
> > > > + No matter how much you do, you never do enough -- unknown
> > > > + Whatever you do will be insignificant,
> > > > | but it is very important that you do it -- Ghandi
> > > > + So let's do it...?
>
>
Re: Why and How Tomcat before Apache?
Posted by "Roberto B." <ro...@ipermedianet.com>.
Do I have to insert this script in my rc2.d dir. and link it in init.d ?
R.
----- Original Message -----
From: "David Cassidy" <dc...@hotgen.com>
To: <to...@jakarta.apache.org>
Sent: Friday, August 17, 2001 5:06 PM
Subject: Re: Why and How Tomcat before Apache?
> Ah what the hell try this ...
> ( works for me !)
>
>
> Watch out for the line wraps !
>
>
> ------------- 8< -- snip
> #!/bin/sh
>
> # Init file for Jakarta Tomcat
> #
> # chkconfig: 345 98 00
> # description: Jakarta tomcat daemon
> #
> # processname:
> # config: /usr/local/tomcat/conf/server.xml
>
> RETVAL=0
>
> TOMCAT_HOME=/usr/local/tomcat
> export TOMCAT_HOME
>
> case "$1" in
> start)
> F=`$0 status`
> if [ "$?" = "255" ] ; then
> echo -n "Starting Tomcat : "
> su - tomcat -c "cd $TOMCAT_HOME/bin;
> $TOMCAT_HOME/bin/startup.sh > $TOMCAT_HOME/logs/tomcat_stdout.log 2>
> $TOMCAT_HOME/logs/tomcat_stderr.log"
> echo " [ OK ] "
> else
> echo "Tomcat is already running"
> fi
> echo
> ;;
> stop)
> F=`$0 status`
> if [ "$?" = "255" ] ; then
> echo "Tomcat isn't running"
> else
> echo -n "Shutting down Tomcat : "
> su - tomcat -c "cd $TOMCAT_HOME/bin ;
> $TOMCAT_HOME/bin/shutdown.sh > $TOMCAT_HOME/logs/tomcat_down_stdout.log
> 2> $TOMCAT_HOME/logs/tomcat_down_stderr.log"
> echo " [ OK ] "
> fi
> echo
> ;;
> restart)
> $0 stop
> sleep 2
> $0 start
> RETVAL=$?
> ;;
> status)
> S=`ps auxww | grep org.apache.tomcat.startup.Tomca[t] | wc -l`
> E=`expr $S`
> if [ "$E" = "0" ] ;then
> echo "Tomcat is stopped"
> RETVAL=-1
> else
> PIDS=`ps auxww | grep org.apache.tomcat.startup.Tomca[t]
> | awk '{FS=" "}{print $2}'`
> P=`echo $PIDS`
> echo "Tomcat ( $P ) is running"
> RETVAL=0
> fi
> ;;
> *)
> echo "Usage: tomcat {start|stop|restart|status}"
> exit 1
> esac
>
> exit $RETVAL
>
> ------------- 8< -- snip
>
>
> David Cassidy wrote:
> >
> > unless you want to run your tomcat as root ( Very unwise )
> > makesure that you use a 'su' command in your
> > call to tomcat's start script...
> >
> > David
> >
> > Rui Miguel Seabra wrote:
> > >
> > > Just hack apachectl script to launch tomcat just before apache, and to
> > > shut it down right aftwards.
> > >
> > > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > > Ok ! but.. do you know the way to make this in automatic ( with
> > > scripts at
> > > > system start ) ??
> > > >
> > > > ----- Original Message -----
> > > > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > > > To: <to...@jakarta.apache.org>
> > > > Sent: Friday, August 17, 2001 3:39 PM
> > > > Subject: Re: Why and How Tomcat before Apache?
> > > >
> > > >
> > > > > I cannot answer your "why" question, because, I am not one of the
> > > > developers
> > > > > of apache or tomcat. But here is the answer to your "how"
> > question:
> > > > >
> > > > > *To stop and start your tomcat:
> > > > >
> > > > > cd /usr/local/tomcat
> > > > >
> > > > > bin/shutdown.sh
> > > > >
> > > > > bin/startup.sh
> > > > >
> > > > > *Exit from tomcat and go to your apache server:
> > > > >
> > > > > su
> > > > >
> > > > > /usr/local/apache/bin/apachectl restart
> > > > >
> > > > > exit
> > > > >
> > > > > * Another way of stopping and starting apache:
> > > > >
> > > > > bin/apachectl stop
> > > > > bin/apachectl start
> > > > >
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Roberto B." <ro...@ipermedianet.com>
> > > > > To: <to...@jakarta.apache.org>
> > > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > > Subject: Why and How Tomcat before Apache?
> > > > >
> > > > >
> > > > > > I have a Linux/Debian system.
> > > > > > I want to use Apache as web-server and Tomcat only for JSP file.
> > > > > >
> > > > > > Is it true that it is necessary to make start Tomcat before
> > > Apache?
> > > > Why?..
> > > > > > and if it is true.. how??
> > > > > >
> > > > > > Thanks!
> > > > > > Roberto.
> > > > > >
> > > > > >
> > > >
> > > --
> > > + No matter how much you do, you never do enough -- unknown
> > > + Whatever you do will be insignificant,
> > > | but it is very important that you do it -- Ghandi
> > > + So let's do it...?
Re: Why and How Tomcat before Apache?
Posted by David Cassidy <dc...@hotgen.com>.
Ah what the hell try this ...
( works for me !)
Watch out for the line wraps !
------------- 8< -- snip
#!/bin/sh
# Init file for Jakarta Tomcat
#
# chkconfig: 345 98 00
# description: Jakarta tomcat daemon
#
# processname:
# config: /usr/local/tomcat/conf/server.xml
RETVAL=0
TOMCAT_HOME=/usr/local/tomcat
export TOMCAT_HOME
case "$1" in
start)
F=`$0 status`
if [ "$?" = "255" ] ; then
echo -n "Starting Tomcat : "
su - tomcat -c "cd $TOMCAT_HOME/bin;
$TOMCAT_HOME/bin/startup.sh > $TOMCAT_HOME/logs/tomcat_stdout.log 2>
$TOMCAT_HOME/logs/tomcat_stderr.log"
echo " [ OK ] "
else
echo "Tomcat is already running"
fi
echo
;;
stop)
F=`$0 status`
if [ "$?" = "255" ] ; then
echo "Tomcat isn't running"
else
echo -n "Shutting down Tomcat : "
su - tomcat -c "cd $TOMCAT_HOME/bin ;
$TOMCAT_HOME/bin/shutdown.sh > $TOMCAT_HOME/logs/tomcat_down_stdout.log
2> $TOMCAT_HOME/logs/tomcat_down_stderr.log"
echo " [ OK ] "
fi
echo
;;
restart)
$0 stop
sleep 2
$0 start
RETVAL=$?
;;
status)
S=`ps auxww | grep org.apache.tomcat.startup.Tomca[t] | wc -l`
E=`expr $S`
if [ "$E" = "0" ] ;then
echo "Tomcat is stopped"
RETVAL=-1
else
PIDS=`ps auxww | grep org.apache.tomcat.startup.Tomca[t]
| awk '{FS=" "}{print $2}'`
P=`echo $PIDS`
echo "Tomcat ( $P ) is running"
RETVAL=0
fi
;;
*)
echo "Usage: tomcat {start|stop|restart|status}"
exit 1
esac
exit $RETVAL
------------- 8< -- snip
David Cassidy wrote:
>
> unless you want to run your tomcat as root ( Very unwise )
> makesure that you use a 'su' command in your
> call to tomcat's start script...
>
> David
>
> Rui Miguel Seabra wrote:
> >
> > Just hack apachectl script to launch tomcat just before apache, and to
> > shut it down right aftwards.
> >
> > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > Ok ! but.. do you know the way to make this in automatic ( with
> > scripts at
> > > system start ) ??
> > >
> > > ----- Original Message -----
> > > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > > To: <to...@jakarta.apache.org>
> > > Sent: Friday, August 17, 2001 3:39 PM
> > > Subject: Re: Why and How Tomcat before Apache?
> > >
> > >
> > > > I cannot answer your "why" question, because, I am not one of the
> > > developers
> > > > of apache or tomcat. But here is the answer to your "how"
> question:
> > > >
> > > > *To stop and start your tomcat:
> > > >
> > > > cd /usr/local/tomcat
> > > >
> > > > bin/shutdown.sh
> > > >
> > > > bin/startup.sh
> > > >
> > > > *Exit from tomcat and go to your apache server:
> > > >
> > > > su
> > > >
> > > > /usr/local/apache/bin/apachectl restart
> > > >
> > > > exit
> > > >
> > > > * Another way of stopping and starting apache:
> > > >
> > > > bin/apachectl stop
> > > > bin/apachectl start
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Roberto B." <ro...@ipermedianet.com>
> > > > To: <to...@jakarta.apache.org>
> > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > Subject: Why and How Tomcat before Apache?
> > > >
> > > >
> > > > > I have a Linux/Debian system.
> > > > > I want to use Apache as web-server and Tomcat only for JSP file.
> > > > >
> > > > > Is it true that it is necessary to make start Tomcat before
> > Apache?
> > > Why?..
> > > > > and if it is true.. how??
> > > > >
> > > > > Thanks!
> > > > > Roberto.
> > > > >
> > > > >
> > >
> > --
> > + No matter how much you do, you never do enough -- unknown
> > + Whatever you do will be insignificant,
> > | but it is very important that you do it -- Ghandi
> > + So let's do it...?
Re: Why and How Tomcat before Apache?
Posted by David Cassidy <dc...@hotgen.com>.
better you than me ....
I take it you are the only one in the wide wide world who can
upload a cgi program to your site...
"Roberto B." wrote:
>
> Yes.. as root!
>
> R.
>
> ----- Original Message -----
> From: "David Cassidy" <dc...@hotgen.com>
> To: <to...@jakarta.apache.org>
> Sent: Friday, August 17, 2001 5:08 PM
> Subject: Re: Why and How Tomcat before Apache?
>
> >
> > check out if you can do a rm -rf * from within java...
> >
> > Don't know if you can, don't know how well the JVM will
> > protect you but
> >
> > I run mine as a different user.
> >
> > Do you run your apache as root ?
> >
> > David
> >
> >
> > Martin van den Bemt wrote:
> > >
> > > Please tell me what is dangerous about running tomcat as root? I've
> > > taken
> > > the following security measures :
> > > port 8007 and 8009 is blocked from the outside (firewall)
> > > tomcat is not running on 8080 and only allowing communications from
> > > localhost (127.0.0.1).
> > > The only potential problem is that if a tomcat /apache bug is
> exploited,
> > > you potentially have a problem.
> > >
> > > Looks pretty solid to me though..
> > >
> > > Mvgr,
> > > martin
> > >
> > > > -----Original Message-----
> > > > From: david@carrot.hotgen.com [mailto:david@carrot.hotgen.com]On
> > > Behalf
> > > > Of David Cassidy
> > > > Sent: Friday, August 17, 2001 4:54 PM
> > > > To: tomcat-user@jakarta.apache.org
> > > > Subject: Re: Why and How Tomcat before Apache?
> > > >
> > > >
> > > > unless you want to run your tomcat as root ( Very unwise )
> > > > makesure that you use a 'su' command in your
> > > > call to tomcat's start script...
> > > >
> > > >
> > > >
> > > > David
> > > >
> > > > Rui Miguel Seabra wrote:
> > > > >
> > > > > Just hack apachectl script to launch tomcat just before apache,
> and
> > > to
> > > > > shut it down right aftwards.
> > > > >
> > > > > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > > > > Ok ! but.. do you know the way to make this in automatic (
> with
> > > > > scripts at
> > > > > > system start ) ??
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > > > > > To: <to...@jakarta.apache.org>
> > > > > > Sent: Friday, August 17, 2001 3:39 PM
> > > > > > Subject: Re: Why and How Tomcat before Apache?
> > > > > >
> > > > > >
> > > > > > > I cannot answer your "why" question, because, I am not one
> of
> > > the
> > > > > > developers
> > > > > > > of apache or tomcat. But here is the answer to your "how"
> > > question:
> > > > > > >
> > > > > > > *To stop and start your tomcat:
> > > > > > >
> > > > > > > cd /usr/local/tomcat
> > > > > > >
> > > > > > > bin/shutdown.sh
> > > > > > >
> > > > > > > bin/startup.sh
> > > > > > >
> > > > > > > *Exit from tomcat and go to your apache server:
> > > > > > >
> > > > > > > su
> > > > > > >
> > > > > > > /usr/local/apache/bin/apachectl restart
> > > > > > >
> > > > > > > exit
> > > > > > >
> > > > > > > * Another way of stopping and starting apache:
> > > > > > >
> > > > > > > bin/apachectl stop
> > > > > > > bin/apachectl start
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Roberto B." <ro...@ipermedianet.com>
> > > > > > > To: <to...@jakarta.apache.org>
> > > > > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > > > > Subject: Why and How Tomcat before Apache?
> > > > > > >
> > > > > > >
> > > > > > > > I have a Linux/Debian system.
> > > > > > > > I want to use Apache as web-server and Tomcat only for JSP
> > > file.
> > > > > > > >
> > > > > > > > Is it true that it is necessary to make start Tomcat
> before
> > > > > Apache?
> > > > > > Why?..
> > > > > > > > and if it is true.. how??
> > > > > > > >
> > > > > > > > Thanks!
> > > > > > > > Roberto.
> > > > > > > >
> > > > > > > >
> > > > > >
> > > > > --
> > > > > + No matter how much you do, you never do enough -- unknown
> > > > > + Whatever you do will be insignificant,
> > > > > | but it is very important that you do it -- Ghandi
> > > > > + So let's do it...?
> > > >
mod_jk.log messages
Posted by Aravind Naidu <ar...@eha.net>.
I have got TC 3.2.3 with AJP13 connector to Apache on RedHat 7.1
Everything is working fine.
I have these messages in the log file for mod_jk
[jk_uri_worker_map.c (335)]: jk_uri_worker_map_t::uri_worker_map_close, NULL
par
ameter
[jk_uri_worker_map.c (185)]: In jk_uri_worker_map_t::uri_worker_map_free,
NULL p
arameters
What are they ?
-- Aravind
Re: Running Tomcat as a nonpriviledged user
Posted by Johannes Lehtinen <jl...@cc.hut.fi>.
On Sat, 18 Aug 2001, Pier P. Fumagalli wrote:
> > I am starting the Tomcat from /etc/rc.d/init.d/tomcat script (using it in
> > stand-alone mode) using "exec su -c $TOMCAT_HOME/bin/startup.sh tomcat".
>
> Seems all right for me, apart the "exec" command... But it really depends on
> how you installed your RC script.
That's true, the exec is really not required. It is probably a remainder
from my earlier setups. I also left out the input/output redirection.
> Can I include it in the docs for TC4.0? With the obvious modifications, of
> course :) :) :)
Sure, it is much more convenient to point people to official docs than
resending old e-mails around :)
--
Johannes Lehtinen <jo...@iki.fi>, http://www.iki.fi/jle/
Re: Running Tomcat as a nonpriviledged user
Posted by "Pier P. Fumagalli" <pi...@betaversion.org>.
Johannes Lehtinen at jlehtine@cc.hut.fi wrote:
>
> I am starting the Tomcat from /etc/rc.d/init.d/tomcat script (using it in
> stand-alone mode) using "exec su -c $TOMCAT_HOME/bin/startup.sh tomcat".
Seems all right for me, apart the "exec" command... But it really depends on
how you installed your RC script. "exec" replaces the RC script with
startup.sh, so, if something else is done in your RC after that line you
mentioned, it won't be executed... (So, if you want to start Apache in the
following line, that's not going to happen)...
Apart from this non-security-related note, everything seems pretty much
allright... :) :) :)
Can I include it in the docs for TC4.0? With the obvious modifications, of
course :) :) :)
Pier
Re: Running Tomcat as a nonpriviledged user
Posted by "Pier P. Fumagalli" <pi...@betaversion.org>.
Doug Sparling at public_class_helloworld@yahoo.com wrote:
>
> Thanks....I wish this were better documented as well.
> I had the same trouble when I had to install JRun.
> Everyone said not to install as root, but it was never
> documented that you should even do this, let alone
> how.
> Much appreciated.....
Writing docco on this as we speak for TC4...
Pier
Re: Running Tomcat as a nonpriviledged user
Posted by Doug Sparling <pu...@yahoo.com>.
--- Johannes Lehtinen <jl...@cc.hut.fi> wrote:
> On Fri, 17 Aug 2001, Doug Sparling wrote:
>
> I hope I didn't forget anything. This works for me
> on a production server.
> The procedure to run Tomcat as a nonpriviledged user
> should really be
> better documented because no-one runs (well, should
> not run IMO) it as a
> root owned daemon in a production environment.
>
Thanks....I wish this were better documented as well.
I had the same trouble when I had to install JRun.
Everyone said not to install as root, but it was never
documented that you should even do this, let alone
how.
Much appreciated.....
dss
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Running Tomcat as a nonpriviledged user
Posted by Johannes Lehtinen <jl...@cc.hut.fi>.
On Fri, 17 Aug 2001, Doug Sparling wrote:
> > I personally would never run a web app as root just
> > for the black hole of security issues dealing with the outside internet.
>
> Do you create a 'tomcat' user? I'm assuming
> permissions or owner must be changed under
> /usr/local/jakarta-tomcat....
I am running Tomcat 3.2.3 as a 'tomcat' user in a 'tomcat' group. By
default, I have made all files owned by root and made them world-readable
(not writable) using something like this (as a root)
cd .../jakarta-tomcat-3.2.3
chown -R root:root .
chmod -R go= .
find . -perm -100 -exec chmod go+x \{\} \;
find . -perm -400 -exec chmod go+r \{\} \;
Then I have done the following changes (as a root).
cd .../jakarta-tomcat-3.2.3
mkdir logs ; chown tomcat logs ; chmod 755 logs
mkdir work ; chown tomcat work ; chmod 755 work
cd conf
touch iis_redirect.reg-auto
chown tomcat iis_redirect.reg-auto
touch mod_jk.conf-auto
chown tomcat mod_jk.conf-auto
touch obj.conf-auto
chown tomcat obj.conf-auto
touch tomcat-apache.conf
chown tomcat tomcat-apache.conf
touch uriworkermap.properties-auto
chown tomcat uriworkermap.properties-auto
If you use conf/tomcat-users.xml for authentication (not really a good
idea if you have anything "dynamic" there), you most probably want to do
chown tomcat tomcat-users.xml ; chmod 400 tomcat-users.xml
Depending on the level of paranoia you might want to do the same to some
other configuration files as well.
Note 1: You might not want to make the 'logs' directory world-readable,
again depending on the desired local security level.
Note 2: You could also place the modifiable tomcat owned directories/files
to a different location in a file system and use symbolic links in
jakarta-tomcat-3.2.3 (or tweak configuration) for clarity (I have logs ->
/var/log/tomcat, for example).
The webapps have been installed as root owned, world-readable files. I
extract them by hand (doing "cd webapps ; mkdir foobar ; jar xf
../foobar.war" as a root). None of my webapps need write access to
anywhere else than /tmp.
I am starting the Tomcat from /etc/rc.d/init.d/tomcat script (using it in
stand-alone mode) using "exec su -c $TOMCAT_HOME/bin/startup.sh tomcat".
I hope I didn't forget anything. This works for me on a production server.
The procedure to run Tomcat as a nonpriviledged user should really be
better documented because no-one runs (well, should not run IMO) it as a
root owned daemon in a production environment.
Best regards,
--
Johannes Lehtinen <jo...@iki.fi>, http://www.iki.fi/jle/
Re: Why and How Tomcat before Apache?
Posted by Doug Sparling <pu...@yahoo.com>.
--- David Smith <dn...@cornell.edu> wrote:
> That's an unsettling feeling.
>
> Never trust incoming form data, but if Tomcat is
> running as a less
> priveledged user, the potential damage from
> malformed form data is reduced.
>
> I personally would never run a web app as root just
> for the black hole of
> security issues dealing with the outside internet.
Do you create a 'tomcat' user? I'm assuming
permissions or owner must be changed under
/usr/local/jakarta-tomcat....
I installed tomcat as root, so all jakarta-tomcat
files are owned by root. I haven't tried this, but I'm
guessing there will be issues running tomcat under
user 'tomcat' without changing persmissions/owner.
Could you give a brief description of how you would do
it?
Thanks.....
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Re: Why and How Tomcat before Apache?
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Fri, 17 Aug 2001, David Smith wrote:
> That's an unsettling feeling.
>
> Never trust incoming form data, but if Tomcat is running as a less
> priveledged user, the potential damage from malformed form data is reduced.
>
> I personally would never run a web app as root just for the black hole of
> security issues dealing with the outside internet.
>
> My two cents on the subject.
>
An additional measure of control you have with Tomcat is to run it under a
Java security manager. When you do this, you can manage very fine grained
control over what a particular web app is allowed to do (for example, you
can access *this* TCP port on *that* server because it's your database,
but no others). This works whether you run as root or not, if you use the
"-security" option on the command line when you start up Tomcat.
There's a HOW-TO document on this in the Tomcat 3.x docs (soon to be
ported for 4.x), and Glenn Nielsen did a great ApacheCon session on using
security managers with Tomcat at ApacheCon US 2001 last March -- I'm sure
he'd be willing to forward a pointer to where the slides are available.
> --David
>
Craig
> On Friday 17 August 2001 11:38 am, you wrote:
> > Yes.. as root!
> >
> > R.
> >
> > ----- Original Message -----
> > From: "David Cassidy" <dc...@hotgen.com>
> > To: <to...@jakarta.apache.org>
> > Sent: Friday, August 17, 2001 5:08 PM
> > Subject: Re: Why and How Tomcat before Apache?
> >
> > > check out if you can do a rm -rf * from within java...
> > >
> > > Don't know if you can, don't know how well the JVM will
> > > protect you but
> > >
> > > I run mine as a different user.
> > >
> > > Do you run your apache as root ?
> > >
> > > David
> > >
> > > Martin van den Bemt wrote:
> > > > Please tell me what is dangerous about running tomcat as root? I've
> > > > taken
> > > > the following security measures :
> > > > port 8007 and 8009 is blocked from the outside (firewall)
> > > > tomcat is not running on 8080 and only allowing communications from
> > > > localhost (127.0.0.1).
> > > > The only potential problem is that if a tomcat /apache bug is
> > > > exploited, you potentially have a problem.
> > > >
> > > > Looks pretty solid to me though..
> > > >
> > > > Mvgr,
> > > > martin
> > > >
> > > > > -----Original Message-----
> > > > > From: david@carrot.hotgen.com [mailto:david@carrot.hotgen.com]On
> > > >
> > > > Behalf
> > > >
> > > > > Of David Cassidy
> > > > > Sent: Friday, August 17, 2001 4:54 PM
> > > > > To: tomcat-user@jakarta.apache.org
> > > > > Subject: Re: Why and How Tomcat before Apache?
> > > > >
> > > > >
> > > > > unless you want to run your tomcat as root ( Very unwise )
> > > > > makesure that you use a 'su' command in your
> > > > > call to tomcat's start script...
> > > > >
> > > > >
> > > > >
> > > > > David
> > > > >
> > > > > Rui Miguel Seabra wrote:
> > > > > > Just hack apachectl script to launch tomcat just before apache, and
> > > >
> > > > to
> > > >
> > > > > > shut it down right aftwards.
> > > > > >
> > > > > > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > > > > > Ok ! but.. do you know the way to make this in automatic ( with
> > > > > >
> > > > > > scripts at
> > > > > >
> > > > > > > system start ) ??
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > > > > > > To: <to...@jakarta.apache.org>
> > > > > > > Sent: Friday, August 17, 2001 3:39 PM
> > > > > > > Subject: Re: Why and How Tomcat before Apache?
> > > > > > >
> > > > > > > > I cannot answer your "why" question, because, I am not one of
> > > >
> > > > the
> > > >
> > > > > > > developers
> > > > > > >
> > > > > > > > of apache or tomcat. But here is the answer to your "how"
> > > >
> > > > question:
> > > > > > > > *To stop and start your tomcat:
> > > > > > > >
> > > > > > > > cd /usr/local/tomcat
> > > > > > > >
> > > > > > > > bin/shutdown.sh
> > > > > > > >
> > > > > > > > bin/startup.sh
> > > > > > > >
> > > > > > > > *Exit from tomcat and go to your apache server:
> > > > > > > >
> > > > > > > > su
> > > > > > > >
> > > > > > > > /usr/local/apache/bin/apachectl restart
> > > > > > > >
> > > > > > > > exit
> > > > > > > >
> > > > > > > > * Another way of stopping and starting apache:
> > > > > > > >
> > > > > > > > bin/apachectl stop
> > > > > > > > bin/apachectl start
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > ----- Original Message -----
> > > > > > > > From: "Roberto B." <ro...@ipermedianet.com>
> > > > > > > > To: <to...@jakarta.apache.org>
> > > > > > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > > > > > Subject: Why and How Tomcat before Apache?
> > > > > > > >
> > > > > > > > > I have a Linux/Debian system.
> > > > > > > > > I want to use Apache as web-server and Tomcat only for JSP
> > > >
> > > > file.
> > > >
> > > > > > > > > Is it true that it is necessary to make start Tomcat before
> > > > > >
> > > > > > Apache?
> > > > > >
> > > > > > > Why?..
> > > > > > >
> > > > > > > > > and if it is true.. how??
> > > > > > > > >
> > > > > > > > > Thanks!
> > > > > > > > > Roberto.
> > > > > >
> > > > > > --
> > > > > > + No matter how much you do, you never do enough -- unknown
> > > > > > + Whatever you do will be insignificant,
> > > > > >
> > > > > > | but it is very important that you do it -- Ghandi
> > > > > >
> > > > > > + So let's do it...?
>
Re: Why and How Tomcat before Apache?
Posted by David Smith <dn...@cornell.edu>.
That's an unsettling feeling.
Never trust incoming form data, but if Tomcat is running as a less
priveledged user, the potential damage from malformed form data is reduced.
I personally would never run a web app as root just for the black hole of
security issues dealing with the outside internet.
My two cents on the subject.
--David
On Friday 17 August 2001 11:38 am, you wrote:
> Yes.. as root!
>
> R.
>
> ----- Original Message -----
> From: "David Cassidy" <dc...@hotgen.com>
> To: <to...@jakarta.apache.org>
> Sent: Friday, August 17, 2001 5:08 PM
> Subject: Re: Why and How Tomcat before Apache?
>
> > check out if you can do a rm -rf * from within java...
> >
> > Don't know if you can, don't know how well the JVM will
> > protect you but
> >
> > I run mine as a different user.
> >
> > Do you run your apache as root ?
> >
> > David
> >
> > Martin van den Bemt wrote:
> > > Please tell me what is dangerous about running tomcat as root? I've
> > > taken
> > > the following security measures :
> > > port 8007 and 8009 is blocked from the outside (firewall)
> > > tomcat is not running on 8080 and only allowing communications from
> > > localhost (127.0.0.1).
> > > The only potential problem is that if a tomcat /apache bug is
> > > exploited, you potentially have a problem.
> > >
> > > Looks pretty solid to me though..
> > >
> > > Mvgr,
> > > martin
> > >
> > > > -----Original Message-----
> > > > From: david@carrot.hotgen.com [mailto:david@carrot.hotgen.com]On
> > >
> > > Behalf
> > >
> > > > Of David Cassidy
> > > > Sent: Friday, August 17, 2001 4:54 PM
> > > > To: tomcat-user@jakarta.apache.org
> > > > Subject: Re: Why and How Tomcat before Apache?
> > > >
> > > >
> > > > unless you want to run your tomcat as root ( Very unwise )
> > > > makesure that you use a 'su' command in your
> > > > call to tomcat's start script...
> > > >
> > > >
> > > >
> > > > David
> > > >
> > > > Rui Miguel Seabra wrote:
> > > > > Just hack apachectl script to launch tomcat just before apache, and
> > >
> > > to
> > >
> > > > > shut it down right aftwards.
> > > > >
> > > > > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > > > > Ok ! but.. do you know the way to make this in automatic ( with
> > > > >
> > > > > scripts at
> > > > >
> > > > > > system start ) ??
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > > > > > To: <to...@jakarta.apache.org>
> > > > > > Sent: Friday, August 17, 2001 3:39 PM
> > > > > > Subject: Re: Why and How Tomcat before Apache?
> > > > > >
> > > > > > > I cannot answer your "why" question, because, I am not one of
> > >
> > > the
> > >
> > > > > > developers
> > > > > >
> > > > > > > of apache or tomcat. But here is the answer to your "how"
> > >
> > > question:
> > > > > > > *To stop and start your tomcat:
> > > > > > >
> > > > > > > cd /usr/local/tomcat
> > > > > > >
> > > > > > > bin/shutdown.sh
> > > > > > >
> > > > > > > bin/startup.sh
> > > > > > >
> > > > > > > *Exit from tomcat and go to your apache server:
> > > > > > >
> > > > > > > su
> > > > > > >
> > > > > > > /usr/local/apache/bin/apachectl restart
> > > > > > >
> > > > > > > exit
> > > > > > >
> > > > > > > * Another way of stopping and starting apache:
> > > > > > >
> > > > > > > bin/apachectl stop
> > > > > > > bin/apachectl start
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Roberto B." <ro...@ipermedianet.com>
> > > > > > > To: <to...@jakarta.apache.org>
> > > > > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > > > > Subject: Why and How Tomcat before Apache?
> > > > > > >
> > > > > > > > I have a Linux/Debian system.
> > > > > > > > I want to use Apache as web-server and Tomcat only for JSP
> > >
> > > file.
> > >
> > > > > > > > Is it true that it is necessary to make start Tomcat before
> > > > >
> > > > > Apache?
> > > > >
> > > > > > Why?..
> > > > > >
> > > > > > > > and if it is true.. how??
> > > > > > > >
> > > > > > > > Thanks!
> > > > > > > > Roberto.
> > > > >
> > > > > --
> > > > > + No matter how much you do, you never do enough -- unknown
> > > > > + Whatever you do will be insignificant,
> > > > >
> > > > > | but it is very important that you do it -- Ghandi
> > > > >
> > > > > + So let's do it...?
Re: Why and How Tomcat before Apache?
Posted by "Roberto B." <ro...@ipermedianet.com>.
Yes.. as root!
R.
----- Original Message -----
From: "David Cassidy" <dc...@hotgen.com>
To: <to...@jakarta.apache.org>
Sent: Friday, August 17, 2001 5:08 PM
Subject: Re: Why and How Tomcat before Apache?
>
> check out if you can do a rm -rf * from within java...
>
> Don't know if you can, don't know how well the JVM will
> protect you but
>
> I run mine as a different user.
>
> Do you run your apache as root ?
>
> David
>
>
> Martin van den Bemt wrote:
> >
> > Please tell me what is dangerous about running tomcat as root? I've
> > taken
> > the following security measures :
> > port 8007 and 8009 is blocked from the outside (firewall)
> > tomcat is not running on 8080 and only allowing communications from
> > localhost (127.0.0.1).
> > The only potential problem is that if a tomcat /apache bug is exploited,
> > you potentially have a problem.
> >
> > Looks pretty solid to me though..
> >
> > Mvgr,
> > martin
> >
> > > -----Original Message-----
> > > From: david@carrot.hotgen.com [mailto:david@carrot.hotgen.com]On
> > Behalf
> > > Of David Cassidy
> > > Sent: Friday, August 17, 2001 4:54 PM
> > > To: tomcat-user@jakarta.apache.org
> > > Subject: Re: Why and How Tomcat before Apache?
> > >
> > >
> > > unless you want to run your tomcat as root ( Very unwise )
> > > makesure that you use a 'su' command in your
> > > call to tomcat's start script...
> > >
> > >
> > >
> > > David
> > >
> > > Rui Miguel Seabra wrote:
> > > >
> > > > Just hack apachectl script to launch tomcat just before apache, and
> > to
> > > > shut it down right aftwards.
> > > >
> > > > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > > > Ok ! but.. do you know the way to make this in automatic ( with
> > > > scripts at
> > > > > system start ) ??
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > > > > To: <to...@jakarta.apache.org>
> > > > > Sent: Friday, August 17, 2001 3:39 PM
> > > > > Subject: Re: Why and How Tomcat before Apache?
> > > > >
> > > > >
> > > > > > I cannot answer your "why" question, because, I am not one of
> > the
> > > > > developers
> > > > > > of apache or tomcat. But here is the answer to your "how"
> > question:
> > > > > >
> > > > > > *To stop and start your tomcat:
> > > > > >
> > > > > > cd /usr/local/tomcat
> > > > > >
> > > > > > bin/shutdown.sh
> > > > > >
> > > > > > bin/startup.sh
> > > > > >
> > > > > > *Exit from tomcat and go to your apache server:
> > > > > >
> > > > > > su
> > > > > >
> > > > > > /usr/local/apache/bin/apachectl restart
> > > > > >
> > > > > > exit
> > > > > >
> > > > > > * Another way of stopping and starting apache:
> > > > > >
> > > > > > bin/apachectl stop
> > > > > > bin/apachectl start
> > > > > >
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Roberto B." <ro...@ipermedianet.com>
> > > > > > To: <to...@jakarta.apache.org>
> > > > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > > > Subject: Why and How Tomcat before Apache?
> > > > > >
> > > > > >
> > > > > > > I have a Linux/Debian system.
> > > > > > > I want to use Apache as web-server and Tomcat only for JSP
> > file.
> > > > > > >
> > > > > > > Is it true that it is necessary to make start Tomcat before
> > > > Apache?
> > > > > Why?..
> > > > > > > and if it is true.. how??
> > > > > > >
> > > > > > > Thanks!
> > > > > > > Roberto.
> > > > > > >
> > > > > > >
> > > > >
> > > > --
> > > > + No matter how much you do, you never do enough -- unknown
> > > > + Whatever you do will be insignificant,
> > > > | but it is very important that you do it -- Ghandi
> > > > + So let's do it...?
> > >
Problem with ajp13
Posted by "Roy K. Mayr R." <sy...@uapar.edu>.
When using ajp13, I get the exception;
java.net.SocketException: Connection reset by peer: Connection reset by
peer
Is there a problem with my ajp13?
Roy
Re: Why and How Tomcat before Apache?
Posted by "Pier P. Fumagalli" <pi...@betaversion.org>.
Martin van den Bemt at martin@isallineed.org wrote:
>>
>> It takes 5 minutes to write an AJP client that hacks into Tomcat.
>
> I guess that only works when the ports are bot blocked by a firewall and eg
> the address="127.0.0.1" is not added to the server.xml ?
No, it won't. Anyway as many are using the Web Server modules to have Apache
and Tomcat running on different machines (or load balancing), it's not an
issue that can be lightly "discarded"...
> Not everyone was around by then... And when growing up with MS, not a lot of
> people are made aware of security issues, since it has nice ui to let you
> handle everything.. (this was sarcasme btw..).. Hope people are alarmed by
> the code red thing in IIS though that their systems are far from secure.
If you weren't around in '98, well, not much I can do, and if you grew up
with MS that's a point that doesn't plays at your advantage when talking
about security. That's why it is so important to _know_ exactly what goes on
on the systems before talking about security...
And it's important to stress out this factor on this very mailing list. No
system is secure _ever_, at least let's try not to give the wrong
information to our users. IMO, on security, is better not-to-answer to a
question, rather than answering it in a wrong way.
> Didn't read it completely but I read the security section and it's a nice
> overview of what can go wrong.. The problem is that not much companies have
> the knowledge and willing to pay someone to prevent a lot of stuff from
> happening. (how good is eg unix security when you run sendmail?) (I use djb
> stuff btw)..
Well, that's why we wrote it back then in JServ days.
> Maby a nice security advisory should be made (just a couple of links for those
> issues you mentioned in your paper and some extra tips) and make that document
> highly noticeable..
I'm not involved in any way with the 3.x development, I was over in XML land
taking care of other stuff. I got back to go on with the effort that was
JServ 2.0 (later on renamed Catalina, and shipped as the servlet container
of Tomcat 4.0). And in 4.0's documentation there will be a long digression
about security, don't worry.
> You can stop crying (quoting you..) then and say that everything was done to
> say to the user : do something about security.. If they don't do it anyway :
> too bad for them..
I won't stop crying. I'm almost sure I'm right. And I am doing about
security: I'm crying out loud "DON'T RUN ANYTHING AS ROOT ON YOUR SERVER".
Pier
RE: Why and How Tomcat before Apache?
Posted by Martin van den Bemt <ma...@isallineed.org>.
> -----Original Message-----
> From: Pier P. Fumagalli [mailto:pier@betaversion.org]
> Sent: Saturday, August 18, 2001 3:41 AM
> To: tomcat-user@jakarta.apache.org
> Subject: Re: Why and How Tomcat before Apache?
>
>
> Martin van den Bemt at martin@isallineed.org wrote:
>
> >>> down your server or delete your webapp or other data. You don't solve
> >>> that problem with running as a seperate user..
> >>
> >> Tomcats ports are not visible from the outside. Only access is through
> >> apache - ie mod_jk ...
> >
> > do a telnet to your port 8007 or 8009 and you'll see what I mean..
>
> It takes 5 minutes to write an AJP client that hacks into Tomcat.
I guess that only works when the ports are bot blocked by a firewall and eg
the address="127.0.0.1" is not added to the server.xml ?
> We started
> saying this in 1998, when we released Apache JServ 1.0 and I cry
> to see that
> still today people do not think about it... (BTW, in AJP version following
> the original, the authentication mechanism was disabled because of
> performance issues - and because I wasn't there when they "designed"
those)
Not everyone was around by then... And when growing up with MS, not a lot of
people are made aware of security issues, since it has nice ui to let you
handle everything.. (this was sarcasme btw..).. Hope people are alarmed by
the code red thing in IIS though that their systems are far from secure.
> Check out <http://www.apache.org/~stefano/papers/> in the 1998 section.
> (Both of them are quite nice readings, or at least I hope it will be as
nice as it was writing them)
Didn't read it completely but I read the security section and it's a nice
overview of what can go wrong.. The problem is that not much companies have
the knowledge and willing to pay someone to prevent a lot of stuff from
happening. (how good is eg unix security when you run sendmail?) (I use djb
stuff btw).. Maby a nice security advisory should be made (just a couple of
links for those issues you mentioned in your paper and some extra tips) and
make that document highly noticeable.. You can stop crying (quoting you..)
then and say that everything was done to say to the user : do something
about security.. If they don't do it anyway : too bad for them..
Mvgr,
Martin
Re: Why and How Tomcat before Apache?
Posted by "Pier P. Fumagalli" <pi...@betaversion.org>.
Martin van den Bemt at martin@isallineed.org wrote:
>>> down your server or delete your webapp or other data. You don't solve
>>> that problem with running as a seperate user..
>>
>> Tomcats ports are not visible from the outside. Only access is through
>> apache - ie mod_jk ...
>
> do a telnet to your port 8007 or 8009 and you'll see what I mean..
It takes 5 minutes to write an AJP client that hacks into Tomcat. We started
saying this in 1998, when we released Apache JServ 1.0 and I cry to see that
still today people do not think about it... (BTW, in AJP version following
the original, the authentication mechanism was disabled because of
performance issues - and because I wasn't there when they "designed" those)
Check out <http://www.apache.org/~stefano/papers/> in the 1998 section.
(Both of them are quite nice readings, or at least I hope it will be as nice
as it was writing them)
Pier
RE: Why and How Tomcat before Apache?
Posted by Martin van den Bemt <ma...@isallineed.org>.
eh... addition : that is if you didn't change the defaults ;)) Would have
saved me extra firewall entries ;-((
Mvgr,
martin
> -----Original Message-----
> From: Martin van den Bemt [mailto:martin@isallineed.org]
> Sent: Saturday, August 18, 2001 12:27 AM
> To: tomcat-user@jakarta.apache.org
> Subject: RE: Why and How Tomcat before Apache?
>
>
> > > down your server or delete your webapp or other data. You don't solve
> > > that
> > > problem with running as a seperate user..
> >
> > Tomcats ports are not visible from the outside. Only access is through
> > apache - ie mod_jk ...
>
> do a telnet to your port 8007 or 8009 and you'll see what I mean..
>
> Mvgr,
> Martin
>
RE: Why and How Tomcat before Apache?
Posted by Martin van den Bemt <ma...@isallineed.org>.
> > down your server or delete your webapp or other data. You don't solve
> > that
> > problem with running as a seperate user..
>
> Tomcats ports are not visible from the outside. Only access is through
> apache - ie mod_jk ...
do a telnet to your port 8007 or 8009 and you'll see what I mean..
Mvgr,
Martin
Re: Why and How Tomcat before Apache?
Posted by David Cassidy <dc...@hotgen.com>.
Martin van den Bemt wrote:
>
> > check out if you can do a rm -rf * from within java...
>
> Yep works cool.. It saves a lot of work if I'm the admin, integrator and
> programmer at the same time ;-)), so those things don't slip through (we
> have a small team of programmers and all things are tested first.. a
> nice
> form to type in rm -f that also gets invoked will never get through ;-))
ouch !
> > Don't know if you can, don't know how well the JVM will
> > protect you but
>
> Nope, if I want to do that, then it must work ;).. (we use all system
> options quite heavily, also admin of /etc/passwd etc, so we need access
> sometimes..)
>
> > I run mine as a different user.
>
> I you don't block 8007 and 8009 for unautharized access, you will get a
> lot
> of bad packets (at least in 3.3 and ajp13, don't know what happens with
> older versions though). Someone eventually could find a bug and exploit
> and
> down your server or delete your webapp or other data. You don't solve
> that
> problem with running as a seperate user..
Tomcats ports are not visible from the outside. Only access is through
apache - ie mod_jk ...
> > Do you run your apache as root ?
>
> Nope as nobody (which is also not completely safe on default installs,
> since it also used by some daemons..)
>
It's an interresting world isn't it !
Same programs, same os's but so many different ways ...
> Mvgr,
> Martin
>
> > David
> >
> >
> > Martin van den Bemt wrote:
> > >
> > > Please tell me what is dangerous about running tomcat as root? I've
> > > taken
> > > the following security measures :
> > > port 8007 and 8009 is blocked from the outside (firewall)
> > > tomcat is not running on 8080 and only allowing communications from
> > > localhost (127.0.0.1).
> > > The only potential problem is that if a tomcat /apache bug is
> exploited,
> > > you potentially have a problem.
> > >
> > > Looks pretty solid to me though..
> > >
> > > Mvgr,
> > > martin
> > >
> > > > -----Original Message-----
> > > > From: david@carrot.hotgen.com [mailto:david@carrot.hotgen.com]On
> > > Behalf
> > > > Of David Cassidy
> > > > Sent: Friday, August 17, 2001 4:54 PM
> > > > To: tomcat-user@jakarta.apache.org
> > > > Subject: Re: Why and How Tomcat before Apache?
> > > >
> > > >
> > > > unless you want to run your tomcat as root ( Very unwise )
> > > > makesure that you use a 'su' command in your
> > > > call to tomcat's start script...
> > > >
> > > >
> > > >
> > > > David
> > > >
> > > > Rui Miguel Seabra wrote:
> > > > >
> > > > > Just hack apachectl script to launch tomcat just before apache,
> and
> > > to
> > > > > shut it down right aftwards.
> > > > >
> > > > > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > > > > Ok ! but.. do you know the way to make this in automatic (
> with
> > > > > scripts at
> > > > > > system start ) ??
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > > > > > To: <to...@jakarta.apache.org>
> > > > > > Sent: Friday, August 17, 2001 3:39 PM
> > > > > > Subject: Re: Why and How Tomcat before Apache?
> > > > > >
> > > > > >
> > > > > > > I cannot answer your "why" question, because, I am not one
> of
> > > the
> > > > > > developers
> > > > > > > of apache or tomcat. But here is the answer to your "how"
> > > question:
> > > > > > >
> > > > > > > *To stop and start your tomcat:
> > > > > > >
> > > > > > > cd /usr/local/tomcat
> > > > > > >
> > > > > > > bin/shutdown.sh
> > > > > > >
> > > > > > > bin/startup.sh
> > > > > > >
> > > > > > > *Exit from tomcat and go to your apache server:
> > > > > > >
> > > > > > > su
> > > > > > >
> > > > > > > /usr/local/apache/bin/apachectl restart
> > > > > > >
> > > > > > > exit
> > > > > > >
> > > > > > > * Another way of stopping and starting apache:
> > > > > > >
> > > > > > > bin/apachectl stop
> > > > > > > bin/apachectl start
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Roberto B." <ro...@ipermedianet.com>
> > > > > > > To: <to...@jakarta.apache.org>
> > > > > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > > > > Subject: Why and How Tomcat before Apache?
> > > > > > >
> > > > > > >
> > > > > > > > I have a Linux/Debian system.
> > > > > > > > I want to use Apache as web-server and Tomcat only for JSP
> > > file.
> > > > > > > >
> > > > > > > > Is it true that it is necessary to make start Tomcat
> before
> > > > > Apache?
> > > > > > Why?..
> > > > > > > > and if it is true.. how??
> > > > > > > >
> > > > > > > > Thanks!
> > > > > > > > Roberto.
> > > > > > > >
> > > > > > > >
> > > > > >
> > > > > --
> > > > > + No matter how much you do, you never do enough -- unknown
> > > > > + Whatever you do will be insignificant,
> > > > > | but it is very important that you do it -- Ghandi
> > > > > + So let's do it...?
> > > >
> >
RE: Why and How Tomcat before Apache?
Posted by Martin van den Bemt <ma...@isallineed.org>.
> check out if you can do a rm -rf * from within java...
Yep works cool.. It saves a lot of work if I'm the admin, integrator and
programmer at the same time ;-)), so those things don't slip through (we
have a small team of programmers and all things are tested first.. a nice
form to type in rm -f that also gets invoked will never get through ;-))
> Don't know if you can, don't know how well the JVM will
> protect you but
Nope, if I want to do that, then it must work ;).. (we use all system
options quite heavily, also admin of /etc/passwd etc, so we need access
sometimes..)
> I run mine as a different user.
I you don't block 8007 and 8009 for unautharized access, you will get a lot
of bad packets (at least in 3.3 and ajp13, don't know what happens with
older versions though). Someone eventually could find a bug and exploit and
down your server or delete your webapp or other data. You don't solve that
problem with running as a seperate user..
> Do you run your apache as root ?
Nope as nobody (which is also not completely safe on default installs, since
it also used by some daemons..)
Mvgr,
Martin
> David
>
>
> Martin van den Bemt wrote:
> >
> > Please tell me what is dangerous about running tomcat as root? I've
> > taken
> > the following security measures :
> > port 8007 and 8009 is blocked from the outside (firewall)
> > tomcat is not running on 8080 and only allowing communications from
> > localhost (127.0.0.1).
> > The only potential problem is that if a tomcat /apache bug is exploited,
> > you potentially have a problem.
> >
> > Looks pretty solid to me though..
> >
> > Mvgr,
> > martin
> >
> > > -----Original Message-----
> > > From: david@carrot.hotgen.com [mailto:david@carrot.hotgen.com]On
> > Behalf
> > > Of David Cassidy
> > > Sent: Friday, August 17, 2001 4:54 PM
> > > To: tomcat-user@jakarta.apache.org
> > > Subject: Re: Why and How Tomcat before Apache?
> > >
> > >
> > > unless you want to run your tomcat as root ( Very unwise )
> > > makesure that you use a 'su' command in your
> > > call to tomcat's start script...
> > >
> > >
> > >
> > > David
> > >
> > > Rui Miguel Seabra wrote:
> > > >
> > > > Just hack apachectl script to launch tomcat just before apache, and
> > to
> > > > shut it down right aftwards.
> > > >
> > > > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > > > Ok ! but.. do you know the way to make this in automatic ( with
> > > > scripts at
> > > > > system start ) ??
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > > > > To: <to...@jakarta.apache.org>
> > > > > Sent: Friday, August 17, 2001 3:39 PM
> > > > > Subject: Re: Why and How Tomcat before Apache?
> > > > >
> > > > >
> > > > > > I cannot answer your "why" question, because, I am not one of
> > the
> > > > > developers
> > > > > > of apache or tomcat. But here is the answer to your "how"
> > question:
> > > > > >
> > > > > > *To stop and start your tomcat:
> > > > > >
> > > > > > cd /usr/local/tomcat
> > > > > >
> > > > > > bin/shutdown.sh
> > > > > >
> > > > > > bin/startup.sh
> > > > > >
> > > > > > *Exit from tomcat and go to your apache server:
> > > > > >
> > > > > > su
> > > > > >
> > > > > > /usr/local/apache/bin/apachectl restart
> > > > > >
> > > > > > exit
> > > > > >
> > > > > > * Another way of stopping and starting apache:
> > > > > >
> > > > > > bin/apachectl stop
> > > > > > bin/apachectl start
> > > > > >
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Roberto B." <ro...@ipermedianet.com>
> > > > > > To: <to...@jakarta.apache.org>
> > > > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > > > Subject: Why and How Tomcat before Apache?
> > > > > >
> > > > > >
> > > > > > > I have a Linux/Debian system.
> > > > > > > I want to use Apache as web-server and Tomcat only for JSP
> > file.
> > > > > > >
> > > > > > > Is it true that it is necessary to make start Tomcat before
> > > > Apache?
> > > > > Why?..
> > > > > > > and if it is true.. how??
> > > > > > >
> > > > > > > Thanks!
> > > > > > > Roberto.
> > > > > > >
> > > > > > >
> > > > >
> > > > --
> > > > + No matter how much you do, you never do enough -- unknown
> > > > + Whatever you do will be insignificant,
> > > > | but it is very important that you do it -- Ghandi
> > > > + So let's do it...?
> > >
>
Re: Why and How Tomcat before Apache?
Posted by David Cassidy <dc...@hotgen.com>.
check out if you can do a rm -rf * from within java...
Don't know if you can, don't know how well the JVM will
protect you but
I run mine as a different user.
Do you run your apache as root ?
David
Martin van den Bemt wrote:
>
> Please tell me what is dangerous about running tomcat as root? I've
> taken
> the following security measures :
> port 8007 and 8009 is blocked from the outside (firewall)
> tomcat is not running on 8080 and only allowing communications from
> localhost (127.0.0.1).
> The only potential problem is that if a tomcat /apache bug is exploited,
> you potentially have a problem.
>
> Looks pretty solid to me though..
>
> Mvgr,
> martin
>
> > -----Original Message-----
> > From: david@carrot.hotgen.com [mailto:david@carrot.hotgen.com]On
> Behalf
> > Of David Cassidy
> > Sent: Friday, August 17, 2001 4:54 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Re: Why and How Tomcat before Apache?
> >
> >
> > unless you want to run your tomcat as root ( Very unwise )
> > makesure that you use a 'su' command in your
> > call to tomcat's start script...
> >
> >
> >
> > David
> >
> > Rui Miguel Seabra wrote:
> > >
> > > Just hack apachectl script to launch tomcat just before apache, and
> to
> > > shut it down right aftwards.
> > >
> > > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > > Ok ! but.. do you know the way to make this in automatic ( with
> > > scripts at
> > > > system start ) ??
> > > >
> > > > ----- Original Message -----
> > > > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > > > To: <to...@jakarta.apache.org>
> > > > Sent: Friday, August 17, 2001 3:39 PM
> > > > Subject: Re: Why and How Tomcat before Apache?
> > > >
> > > >
> > > > > I cannot answer your "why" question, because, I am not one of
> the
> > > > developers
> > > > > of apache or tomcat. But here is the answer to your "how"
> question:
> > > > >
> > > > > *To stop and start your tomcat:
> > > > >
> > > > > cd /usr/local/tomcat
> > > > >
> > > > > bin/shutdown.sh
> > > > >
> > > > > bin/startup.sh
> > > > >
> > > > > *Exit from tomcat and go to your apache server:
> > > > >
> > > > > su
> > > > >
> > > > > /usr/local/apache/bin/apachectl restart
> > > > >
> > > > > exit
> > > > >
> > > > > * Another way of stopping and starting apache:
> > > > >
> > > > > bin/apachectl stop
> > > > > bin/apachectl start
> > > > >
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Roberto B." <ro...@ipermedianet.com>
> > > > > To: <to...@jakarta.apache.org>
> > > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > > Subject: Why and How Tomcat before Apache?
> > > > >
> > > > >
> > > > > > I have a Linux/Debian system.
> > > > > > I want to use Apache as web-server and Tomcat only for JSP
> file.
> > > > > >
> > > > > > Is it true that it is necessary to make start Tomcat before
> > > Apache?
> > > > Why?..
> > > > > > and if it is true.. how??
> > > > > >
> > > > > > Thanks!
> > > > > > Roberto.
> > > > > >
> > > > > >
> > > >
> > > --
> > > + No matter how much you do, you never do enough -- unknown
> > > + Whatever you do will be insignificant,
> > > | but it is very important that you do it -- Ghandi
> > > + So let's do it...?
> >
RE: Why and How Tomcat before Apache?
Posted by Martin van den Bemt <ma...@isallineed.org>.
Please tell me what is dangerous about running tomcat as root? I've taken
the following security measures :
port 8007 and 8009 is blocked from the outside (firewall)
tomcat is not running on 8080 and only allowing communications from
localhost (127.0.0.1).
The only potential problem is that if a tomcat /apache bug is exploited, you
potentially have a problem.
Looks pretty solid to me though..
Mvgr,
martin
> -----Original Message-----
> From: david@carrot.hotgen.com [mailto:david@carrot.hotgen.com]On Behalf
> Of David Cassidy
> Sent: Friday, August 17, 2001 4:54 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Re: Why and How Tomcat before Apache?
>
>
> unless you want to run your tomcat as root ( Very unwise )
> makesure that you use a 'su' command in your
> call to tomcat's start script...
>
>
>
> David
>
> Rui Miguel Seabra wrote:
> >
> > Just hack apachectl script to launch tomcat just before apache, and to
> > shut it down right aftwards.
> >
> > On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > > Ok ! but.. do you know the way to make this in automatic ( with
> > scripts at
> > > system start ) ??
> > >
> > > ----- Original Message -----
> > > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > > To: <to...@jakarta.apache.org>
> > > Sent: Friday, August 17, 2001 3:39 PM
> > > Subject: Re: Why and How Tomcat before Apache?
> > >
> > >
> > > > I cannot answer your "why" question, because, I am not one of the
> > > developers
> > > > of apache or tomcat. But here is the answer to your "how" question:
> > > >
> > > > *To stop and start your tomcat:
> > > >
> > > > cd /usr/local/tomcat
> > > >
> > > > bin/shutdown.sh
> > > >
> > > > bin/startup.sh
> > > >
> > > > *Exit from tomcat and go to your apache server:
> > > >
> > > > su
> > > >
> > > > /usr/local/apache/bin/apachectl restart
> > > >
> > > > exit
> > > >
> > > > * Another way of stopping and starting apache:
> > > >
> > > > bin/apachectl stop
> > > > bin/apachectl start
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Roberto B." <ro...@ipermedianet.com>
> > > > To: <to...@jakarta.apache.org>
> > > > Sent: Friday, August 17, 2001 4:50 AM
> > > > Subject: Why and How Tomcat before Apache?
> > > >
> > > >
> > > > > I have a Linux/Debian system.
> > > > > I want to use Apache as web-server and Tomcat only for JSP file.
> > > > >
> > > > > Is it true that it is necessary to make start Tomcat before
> > Apache?
> > > Why?..
> > > > > and if it is true.. how??
> > > > >
> > > > > Thanks!
> > > > > Roberto.
> > > > >
> > > > >
> > >
> > --
> > + No matter how much you do, you never do enough -- unknown
> > + Whatever you do will be insignificant,
> > | but it is very important that you do it -- Ghandi
> > + So let's do it...?
>
Re: Why and How Tomcat before Apache?
Posted by David Cassidy <dc...@hotgen.com>.
unless you want to run your tomcat as root ( Very unwise )
makesure that you use a 'su' command in your
call to tomcat's start script...
David
Rui Miguel Seabra wrote:
>
> Just hack apachectl script to launch tomcat just before apache, and to
> shut it down right aftwards.
>
> On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> > Ok ! but.. do you know the way to make this in automatic ( with
> scripts at
> > system start ) ??
> >
> > ----- Original Message -----
> > From: "Barnabas Yohannes" <yo...@hotmail.com>
> > To: <to...@jakarta.apache.org>
> > Sent: Friday, August 17, 2001 3:39 PM
> > Subject: Re: Why and How Tomcat before Apache?
> >
> >
> > > I cannot answer your "why" question, because, I am not one of the
> > developers
> > > of apache or tomcat. But here is the answer to your "how" question:
> > >
> > > *To stop and start your tomcat:
> > >
> > > cd /usr/local/tomcat
> > >
> > > bin/shutdown.sh
> > >
> > > bin/startup.sh
> > >
> > > *Exit from tomcat and go to your apache server:
> > >
> > > su
> > >
> > > /usr/local/apache/bin/apachectl restart
> > >
> > > exit
> > >
> > > * Another way of stopping and starting apache:
> > >
> > > bin/apachectl stop
> > > bin/apachectl start
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Roberto B." <ro...@ipermedianet.com>
> > > To: <to...@jakarta.apache.org>
> > > Sent: Friday, August 17, 2001 4:50 AM
> > > Subject: Why and How Tomcat before Apache?
> > >
> > >
> > > > I have a Linux/Debian system.
> > > > I want to use Apache as web-server and Tomcat only for JSP file.
> > > >
> > > > Is it true that it is necessary to make start Tomcat before
> Apache?
> > Why?..
> > > > and if it is true.. how??
> > > >
> > > > Thanks!
> > > > Roberto.
> > > >
> > > >
> >
> --
> + No matter how much you do, you never do enough -- unknown
> + Whatever you do will be insignificant,
> | but it is very important that you do it -- Ghandi
> + So let's do it...?
Re: Why and How Tomcat before Apache?
Posted by Rui Miguel Seabra <rm...@multicert.com>.
Just hack apachectl script to launch tomcat just before apache, and to
shut it down right aftwards.
On 17 Aug 2001 16:43:41 +0200, Roberto B. wrote:
> Ok ! but.. do you know the way to make this in automatic ( with scripts at
> system start ) ??
>
> ----- Original Message -----
> From: "Barnabas Yohannes" <yo...@hotmail.com>
> To: <to...@jakarta.apache.org>
> Sent: Friday, August 17, 2001 3:39 PM
> Subject: Re: Why and How Tomcat before Apache?
>
>
> > I cannot answer your "why" question, because, I am not one of the
> developers
> > of apache or tomcat. But here is the answer to your "how" question:
> >
> > *To stop and start your tomcat:
> >
> > cd /usr/local/tomcat
> >
> > bin/shutdown.sh
> >
> > bin/startup.sh
> >
> > *Exit from tomcat and go to your apache server:
> >
> > su
> >
> > /usr/local/apache/bin/apachectl restart
> >
> > exit
> >
> > * Another way of stopping and starting apache:
> >
> > bin/apachectl stop
> > bin/apachectl start
> >
> >
> >
> > ----- Original Message -----
> > From: "Roberto B." <ro...@ipermedianet.com>
> > To: <to...@jakarta.apache.org>
> > Sent: Friday, August 17, 2001 4:50 AM
> > Subject: Why and How Tomcat before Apache?
> >
> >
> > > I have a Linux/Debian system.
> > > I want to use Apache as web-server and Tomcat only for JSP file.
> > >
> > > Is it true that it is necessary to make start Tomcat before Apache?
> Why?..
> > > and if it is true.. how??
> > >
> > > Thanks!
> > > Roberto.
> > >
> > >
>
--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Ghandi
+ So let's do it...?
Re: Why and How Tomcat before Apache?
Posted by "Roberto B." <ro...@ipermedianet.com>.
Ok ! but.. do you know the way to make this in automatic ( with scripts at
system start ) ??
----- Original Message -----
From: "Barnabas Yohannes" <yo...@hotmail.com>
To: <to...@jakarta.apache.org>
Sent: Friday, August 17, 2001 3:39 PM
Subject: Re: Why and How Tomcat before Apache?
> I cannot answer your "why" question, because, I am not one of the
developers
> of apache or tomcat. But here is the answer to your "how" question:
>
> *To stop and start your tomcat:
>
> cd /usr/local/tomcat
>
> bin/shutdown.sh
>
> bin/startup.sh
>
> *Exit from tomcat and go to your apache server:
>
> su
>
> /usr/local/apache/bin/apachectl restart
>
> exit
>
> * Another way of stopping and starting apache:
>
> bin/apachectl stop
> bin/apachectl start
>
>
>
> ----- Original Message -----
> From: "Roberto B." <ro...@ipermedianet.com>
> To: <to...@jakarta.apache.org>
> Sent: Friday, August 17, 2001 4:50 AM
> Subject: Why and How Tomcat before Apache?
>
>
> > I have a Linux/Debian system.
> > I want to use Apache as web-server and Tomcat only for JSP file.
> >
> > Is it true that it is necessary to make start Tomcat before Apache?
Why?..
> > and if it is true.. how??
> >
> > Thanks!
> > Roberto.
> >
> >
Re: Why and How Tomcat before Apache?
Posted by Barnabas Yohannes <yo...@hotmail.com>.
I cannot answer your "why" question, because, I am not one of the developers
of apache or tomcat. But here is the answer to your "how" question:
*To stop and start your tomcat:
cd /usr/local/tomcat
bin/shutdown.sh
bin/startup.sh
*Exit from tomcat and go to your apache server:
su
/usr/local/apache/bin/apachectl restart
exit
* Another way of stopping and starting apache:
bin/apachectl stop
bin/apachectl start
----- Original Message -----
From: "Roberto B." <ro...@ipermedianet.com>
To: <to...@jakarta.apache.org>
Sent: Friday, August 17, 2001 4:50 AM
Subject: Why and How Tomcat before Apache?
> I have a Linux/Debian system.
> I want to use Apache as web-server and Tomcat only for JSP file.
>
> Is it true that it is necessary to make start Tomcat before Apache? Why?..
> and if it is true.. how??
>
> Thanks!
> Roberto.
>
>
Re: Why and How Tomcat before Apache?
Posted by "Roberto B." <ro...@ipermedianet.com>.
I use Tomcat 4.. where and which are the configuration file ?
I use the the command startup.sh in the tomacat_home dir. to start Tomcat 4
Do I have to insert this command in rc* ?
Roberto.
----- Original Message -----
From: "Nikola Milutinovic" <Ni...@ev.co.yu>
To: <to...@jakarta.apache.org>
Cc: <ro...@ipermedianet.com>
Sent: Friday, August 17, 2001 12:28 PM
Subject: Re: Why and How Tomcat before Apache?
> > I have a Linux/Debian system.
> > I want to use Apache as web-server and Tomcat only for JSP file.
>
> You can use it for servlets, too. :-)
>
> > Is it true that it is necessary to make start Tomcat before Apache?
Why?..
>
> 1. Tomcat usually builds automatic configuration for including in Apache's
httpd.conf. If nothing changed from the last time, then Apache can use the
old generated file. Still it should make any admin feel uneasy.
>
> 2. Apache connects to Tomcat via plugin, mod_jserv (my case - Digital
UNIX), mod_jk or mod_webapp. It is reasonable to assume that the other end
should be up and running, when Apache loads that module.
>
> > and if it is true.. how??
>
> You have startup scripts which bring up most, if not all, of your daemons.
Place Tomcat's startup commands there. On our Digital UNIX it is a
collection of stratup/shutdown scripts in /sbin/init.d/ On Linux it should
be /etc/rc* or something similar.
>
> Nix.
>
Re: Why and How Tomcat before Apache?
Posted by Nikola Milutinovic <Ni...@ev.co.yu>.
> I have a Linux/Debian system.
> I want to use Apache as web-server and Tomcat only for JSP file.
You can use it for servlets, too. :-)
> Is it true that it is necessary to make start Tomcat before Apache? Why?..
1. Tomcat usually builds automatic configuration for including in Apache's httpd.conf. If nothing changed from the last time, then Apache can use the old generated file. Still it should make any admin feel uneasy.
2. Apache connects to Tomcat via plugin, mod_jserv (my case - Digital UNIX), mod_jk or mod_webapp. It is reasonable to assume that the other end should be up and running, when Apache loads that module.
> and if it is true.. how??
You have startup scripts which bring up most, if not all, of your daemons. Place Tomcat's startup commands there. On our Digital UNIX it is a collection of stratup/shutdown scripts in /sbin/init.d/ On Linux it should be /etc/rc* or something similar.
Nix.
RE: Why and How Tomcat before Apache?
Posted by Martin van den Bemt <ma...@isallineed.org>.
this is for tomcat 3.3 :
Start tomcat first so requests, so tomcat has the time to fire up. Then
start apache and serving request will be ok right away. For production
servers I restart them both anyway, but for development : just restart
tomcat when you need it and don't look at apache..
This is the way it works for me ...
Mvgr,
Martin
> -----Original Message-----
> From: Roberto B. [mailto:roberto@ipermedianet.com]
> Sent: Friday, August 17, 2001 11:50 AM
> To: tomcat-user@jakarta.apache.org
> Subject: Why and How Tomcat before Apache?
>
>
> I have a Linux/Debian system.
> I want to use Apache as web-server and Tomcat only for JSP file.
>
> Is it true that it is necessary to make start Tomcat before Apache? Why?..
> and if it is true.. how??
>
> Thanks!
> Roberto.
>
>
Re: Why and How Tomcat before Apache?
Posted by "Pier P. Fumagalli" <pi...@betaversion.org>.
Roberto B. at roberto@ipermedianet.com wrote:
>
> Is it true that it is necessary to make start Tomcat before Apache? Why?..
To appropriately set up connections and configurations...
> and if it is true.. how??
$CATALINA_HOME/bin/catalina start
$APACHE_HOME/bin/apachectl start
Easy...
Pier
Re: Why and How Tomcat before Apache?
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Fri, 17 Aug 2001, Roberto B. wrote:
> I use the webapp connector between Apache and Tomcat 4. Where are the config
> file that generate Tomcat?
>
You don't need any generated config files for mod_webapp -- that's part of
the real beauty of it :-).
When you declare a particular web application in httpd.conf, like this:
WebAppDeploy examples warpConnection /examples/
then Apache configures itself from the web application's settings in
web.xml, including servlet mappings, filters, container managed security,
and everything else. No muss, no fuss.
Craig
Re: Why and How Tomcat before Apache?
Posted by "Roberto B." <ro...@ipermedianet.com>.
I use the webapp connector between Apache and Tomcat 4. Where are the config
file that generate Tomcat?
----- Original Message -----
From: "Jan Labanowski" <jk...@osc.edu>
To: <to...@jakarta.apache.org>
Sent: Friday, August 17, 2001 5:40 PM
Subject: Re: Why and How Tomcat before Apache?
> Before you dwelve into connecting Tomcat and Apache, you need to know
> what is the TCP socket, and what is TCP server and TCP client.
>
> In the case of connection mod_jk connector between Apache and Tomcat,
> Tomcat is the TCP server and Apache is the TCP client.
> And for this to work nicely, you need to start Tomcat first, and then
> start Apache.
> Of course, when you include (what you should not do: you should copy
> to some file, and include this file) config files (e.g., mod_jk.auto)
> automatically created by Tomcat, then obviously, you cannot include
> what was not yet created.
>
> Jan
>
>
> On Fri, 17 Aug 2001, Roberto B. wrote:
>
> > I have a Linux/Debian system.
> > I want to use Apache as web-server and Tomcat only for JSP file.
> >
> > Is it true that it is necessary to make start Tomcat before Apache?
Why?..
> > and if it is true.. how??
> >
> > Thanks!
> > Roberto.
> >
>
> Jan K. Labanowski | phone: 614-292-9279, FAX: 614-292-7168
> Ohio Supercomputer Center | Internet: jkl@osc.edu
> 1224 Kinnear Rd, | http://www.ccl.net/chemistry.html
> Columbus, OH 43212-1163 | http://www.osc.edu/
>
Re: Why and How Tomcat before Apache?
Posted by Jan Labanowski <jk...@osc.edu>.
Before you dwelve into connecting Tomcat and Apache, you need to know
what is the TCP socket, and what is TCP server and TCP client.
In the case of connection mod_jk connector between Apache and Tomcat,
Tomcat is the TCP server and Apache is the TCP client.
And for this to work nicely, you need to start Tomcat first, and then
start Apache.
Of course, when you include (what you should not do: you should copy
to some file, and include this file) config files (e.g., mod_jk.auto)
automatically created by Tomcat, then obviously, you cannot include
what was not yet created.
Jan
On Fri, 17 Aug 2001, Roberto B. wrote:
> I have a Linux/Debian system.
> I want to use Apache as web-server and Tomcat only for JSP file.
>
> Is it true that it is necessary to make start Tomcat before Apache? Why?..
> and if it is true.. how??
>
> Thanks!
> Roberto.
>
Jan K. Labanowski | phone: 614-292-9279, FAX: 614-292-7168
Ohio Supercomputer Center | Internet: jkl@osc.edu
1224 Kinnear Rd, | http://www.ccl.net/chemistry.html
Columbus, OH 43212-1163 | http://www.osc.edu/