Tag: configuration

IPv6 and IPv4 for Apache Tomcat

If you’ve recently upgraded your network from IPv4 to IPv6, you might find that some software no longer works as it had before. Apache Tomcat is one that I recently stumbled upon, as it seems to prefer the IPv6 connection and stops listening on IPv4 with the default configuration.

The solution is simple, you just have to tell the server to listen on all incoming IP addresses. This worked for me with versions 7.x and 8.x, and I suspect that older and newer versions would be similar.

  1. sudo vi /opt/tomcat/conf/server.xml
  2. To each <Server> entry add:
    address="0.0.0.0"
  3. Restart Tomcat

REFERENCES:

IPv6 DNS configuration

As an IT professional, I’ve long been aware of the impending IPv4 exhaustion. To the layperson, this can easily be compared to phone numbers… there are now so many devices connected to the Internet that the size of the number used to identify and reach each of them uniquely is impossible.

IPv6 is a newer addressing system that supports a drastically increased number of addresses/numbers for use. Unfortunately, like Digital TV (in the US), adoption and migration of users and websites is slow.

To do your part as a user, you can change the settings in your gateway/router/modem to allow for IPv6 DNS lookups as most providers already support IPv6 traffic.

You can test your connection here:
http://www.test-ipv6.com/

Here are a few common values, I’ve also provided the Comcast/Xfinity values for reference:

OpenDNS IPv4:

  • 208.67.222.222 (resolver1.opendns.com)
  • 208.67.220.220 (resolver2.opendns.com)
  • 208.67.222.220 (resolver3.opendns.com)
  • 208.67.220.222 (resolver4.opendns.com)

OpenDNS IPv6:

  • 2620:0:ccc::2
  • 2620:0:ccd::2

Google IPv4:

  • 8.8.8.8
  • 8.8.4.4

Google IPv6:

  • 2001:4860:4860::8888
  • 2001:4860:4860::8844

Comcast IPv4:

  • 75.75.75.75
  • 76.76.76.76

Comcast IPv6:

  • 2001:558:feed::1
  • 2001:558:feed::2

REFERENCES:

Problems uploading/deploying large WAR’s to Tomcat7?

I’ve run into this a few times as my web applications got larger. Often this has been seen when builds automated by Jenkins start failing as they increase in size. It has also occurred to me when doing manual deployments as the Jenkins WAR itself is larger than 50MB lately.

Let’s just go in and increase the maximum expected file size…

This change should work on any platform, but the following is from my experience with Ubuntu.

sudo vi /opt/tomcat7/webapps/manager/WEB-INF/web.xml

Default is:

<multipart-config>
<!-- 50MB -->
<max-file-size>62428800</max-file-size>
<max-request-size>62428800</max-request-size>
<file-size-threshold>0</file-size-threshold>
</multipart-config>

Change to something a bit larger (to your liking):

<multipart-config>
<!-- 50MB max 62428800, 100MB = 104857600 -->
<max-file-size>104857600</max-file-size>
<max-request-size>104857600</max-request-size>
<file-size-threshold>0</file-size-threshold>
</multipart-config>

Restart with either…
sudo /etc/init.d/tomcat7 restart
or
sudo service tomcat7 restart

Comcast Business Class gateway forwarding port 22 for SSH

For as long as I’ve had Comcast, and other providers for that matter, I’ve been able to configure my internet gateway/router to allow port 22 (SSH) access to an internal machine. It came as a surprise to me earlier this week that I was blocked when I tried to use their web admin console to change the internal forwarding to a newer machine. As usual, Technical Support was less that helpful and said that it was not possible to do so, and never should have been as Comcast uses that port to administer the gateway. To make matters more disturbing, I was told that I could not have similar SSH access to the gateway, and that replacing their hardware, while permitted, would prevent my use of a static IP.

Back to the solution, as I know that I had only setup this forwarding about a year ago, and it was working only minutes before I tried to change it, I knew that the configuration was possible if I could figure out how it was being blocked. The message in the web console was a javascript alert(); and gave me a starting point. I opened up Firefox and used Firebug to look for the message. Here are a few interesting findings from:

http://HOSTNAME/user/feat-firewall-port-forward-edit.asp

var RemoteManagementPortsCgiBase = “8080,8080,1\|8181,8181,1\|2323,2323,1\|22,22,1\|”;

msg += “Public Port Range conflict with Remote Management Ports.\n”;

if (msg.length > 1)
{
alert(msg);
return false;
}
return true;
}

If you even a little bit of javascript (or simple computer programming for that matter), the solution is clear…. if the ‘msg’ value is empty you will not see the alert or be prevented from making the change you desire.

Lesson to be learned by the Comcast developers (or most likely = subcontractors), always validate submitted form data in your application code, NEVER rely upon javascript alone to verify user entered data!

I also find it interesting that they are also preventing 8080, 8081 and 2323… perhaps that’s their other back doors in these gateways for their access. The same approach should work for those ports if you need it!

Improve Apache Tomcat logging performance

Logging is often an overlooked performance drain on systems requiring high throughput. Here’s a simple change to the default Tomcat logging configuration to implement. It works on all operating systems.

In the file:
$TOMCAT_HOME/conf/logging.properties

Change:
.handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler

to
.handlers = 1catalina.org.apache.juli.FileHandler

REFERENCES:

Enable .htaccess on Apache HTTPD Server

Occasionally, there becomes a need to expose the use of the .htaccess file to the domains hosted on your Apache server. This technique is particularly useful when you host websites for external clients (or developers).

The steps to enable it are relatively easy,

  • Uncomment the ‘httpd.conf’ line that reads as:

    LoadModule rewrite_module modules/mod_rewrite.so

  • Review (and replace as appropriate) all cases of :

    AllowOverride None with AllowOverride All

    in the following files:
    httpd.conf, /extra/httpd-vhosts.conf, /extra/httpd-autoindex.conf and any related files you may be using.

  • Add the .htaccess file into the appropriate websites/folders
  • Restart the server to accept the changes

NOTE: If you develop or host on Windows, you’ll likely have problems creating the file because there is no filename, just a file extension. You can create (or download) it from any non-Windows host and use it without additional changes. Apache does let you use a different filename, but you also need to be careful to update related security configuration that is used to prevent download of such files.

Happy hosting!

Enabling the Apache2 – Tomcat5 mod_jk Connector

Often you want to use Apache HTTP for static content, yet use Tomcat for JSP and other Java type work.  This is a very common infrastructure for enterprise applications, particularly when using ‘pools’ of servers for performance, redundancy and security.  

In order to accomplish this, all connections need to be handled by the Apache webserver, which will delegate appropriate requests to Tomcat for it to process.

Here’s a simple setup to get you started:

  • First you need to get the connector appropriate to your installation:

    http://tomcat.apache.org/connectors-doc/

  • Next make sure the connector file is in the /conf folder of your Apache installation.

    NOTE: I prefer to use this path and leave the version name to make maintenance and backups easier.

  • Add the following line to httpd.conf

    LoadModule jk_module conf/mod_jk-1.2.26-httpd-2.2.4.so

  • Now, add the following to http.conf

    <IfModule jk_module>
    Include “c:/TOMCATPATH/conf/auto/mod_jk.conf”
    JkWorkersFile conf/workers.properties
    JkLogFile “c:/LOGSPATH/tomcat55_mod_jk.log”
    </IfModule>

  • Add the c:/APACHEPATH/conf/workers.properties file with the following (minimal) contents:

    worker.list=ajp13
    worker.ajp13.port=8009
    worker.ajp13.host=localhost
    worker.ajp13.type=ajp13

  • Finally, restart both Apache and Tomcat
  • The following file should have been created in c:/TOMCATPATH/conf/auto/mod_jk.conf

    ########## Auto generated on …some datetime… ##########

    <IfModule !mod_jk.c>
      LoadModule jk_module “C:/APACHEPATH/conf/mod_jk-1.2.26-httpd-2.2.4.so”
    </IfModule>

    JkWorkersFile “C:/TOMCATPATH/conf/jk/workers.properties”
    JkLogFile “c:/LOGSPATH/mod_jk.log”

    JkLogLevel emerg

    <VirtualHost localhost>
        ServerName localhost

        JkMount /webdav ajp13
        JkMount /webdav/* ajp13

        JkMount /servlets-examples ajp13
        JkMount /servlets-examples/* ajp13

        JkMount /jsp-examples ajp13
        JkMount /jsp-examples/* ajp13

        JkMount /balancer ajp13
        JkMount /balancer/* ajp13

        JkMount /host-manager ajp13
        JkMount /host-manager/* ajp13

        JkMount /tomcat-docs ajp13
        JkMount /tomcat-docs/* ajp13

        JkMount /manager ajp13
        JkMount /manager/* ajp13
    </VirtualHost>

If all went well, you should be able to access  your Tomcat server webapps on the regular HTTP port used by your Apache installation.

Cheers!