I've installed a Platform Indepednant Binary version Geoserver (http://geoserver.org/release/2.16.2/) successfully. It's been a while using it an no real problems. I now want to use this version of Geoserver for an OpenLayers website (that uses GeoLocation) but that requires all the component parts that use HTTP to use HTTPS...Geoserver is the last server I have that needs to be migrated.
I've looked online and there seems to be a lot of info on moving Geoserver to HTTPS but it doesn't all tie up with my installation. Some examples talk about server.xml files (which my installation doesn't have) and updating an apache conf file (/etc/apache2/sites-avaiable/smallmelo-le-ssl.conf) which I don't have either so I'm struggling to get instructions on my particular version of Geoserver. The docs state that it's running on a Jetty servlet. Does anyone have any documentation or links on how to configure https?
Progress!! So my installation is using Jetty. I've setup the keystore correctly with a valid certificate. I've updated the start.ini file to reflect the location of the keystore and password but...when I try to run geoserver I get:
ERROR : No module found to provide ssl for https{enabled}
I do not have an SSL.MOD module in the modules folder of my jetty installation. I did dig out a module (ssl) from https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.2.13.v20150730/ but I now get:
java.lang.IllegalStateException: No constructor class org.eclipse.jetty.server.ServerConnector([],{}) in file:/C:/Program%20Files/Geoserver/geoserver-2.16.2/etc/jetty-https.xml
I've struggled to find out how to update this file and add what is needed. Problem is I'm not a java expert so I don't want to just randomly copy someone elses config settings.
This is a simple case of finding a Jetty tutorial and following it, GeoServer doesn't care about https.
However, I should warn you that the reason you can't find much help in the GeoServer documentation is because you shouldn't run the platform independent binary in a production environment. This is the reason that the documentation expects a server.xml (part of tomcat) and assumes that you are behind an Apache2 or Nginx web server that is designed to handle ssl.
Both of the warning messages you mention come from bit rot in the Jetty configuration files on the GeoServer repository. You figured out that the ssl.mod file is missing, and adding it manually solves that issue.
The second error java.lang.IllegalStateException: No constructor class comes from a mix of Jetty version config files. The jetty-https.xml file that is in the GeoServer 2.16 repo is from Jetty 9.4, and the jetty-ssl.xml is from Jetty 9.2. At some point between those version, the location of the constructor <Configure id="Server" class="org.eclipse.jetty.server.Server"> was moved from jetty-https to jetty-ssl. It was not updated correctly in the GeoServer repo so there is a set of mismatched xml files.
I solved this by copying the jetty-https.xml file from 9.2 to match the 9.2 version of jetty-ssl.xml included with Geoserver. You could use the more current jetty files that match what Geoserver is running on, but make sure you copy all of them, ssl.mod, jetty-https.xml, jetty-ssl.xml, and jetty-ssl-context.xml.
Ok, just wanted to share this in case it was helpful. It is a bit brief but hopefully will be of use. Please note: My setup used a legitimate GoDaddy DNS/SSL Certificate so that may be a limiter for some and force you to use a self-signed certificate.
Thank you to Ian Turton who created the 'aha' moment :)
I used the following youtube video to get Tomcat and Geoserver installed: https://www.youtube.com/watch?v=RyCFKGm4NSw
Firstly, once I had Tomcat running (I used port 8081 as 8080 was already in use). Please be aware when I installed to port 8081 it didn't update the server.xml file, so I had to manually open it up and change
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
to
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
and then restart Tomcat.
I used a legitimate PFX file I downloaded from GoDaddy. I already have an SSL certificate/DNS setup with them so it was just a question of requesting a PFX file.
Secondly, I imported my PFX using JAVA installed from AdoptOpenJDK. I went to the commandline, navigated to the AdoptOpenJDK bin folder (which has a keytool.exe application). I then ran this command:
keytool -importkeystore -srckeystore c:/temp/mygodaddycert.pfx -srcstoretype pkcs12 -destkeystore c:/temp/mycert.jks -deststoretype JKS
When prompted for the password for the enter source password I got that from GoDaddy and then I used my own, completely different, password for the JKS file. I then copied my JKS file to ./conf/certs folder (I created the certs folder)
Thirdly, I added this to my /conf/server.xml file:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150"
SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLS"
keystoreFile="conf/certs/mycert.jks"
keystorePass="<your_jks_password_when_registering_with_keytool>"
/>
I restart Tomcat...
Then I used my DNS from GoDaddy to connect to the instance: https://myXYZ.de:8443/ and voila Tomcat running on SSL with no certificate errors. Since Geoserver was installed. I can just add geoserver to the end: https://myXYZ.de:8443/geoserver and voila number 2.
Related
I have been trying to install Beaker server on Fedora 26 following the instructions in https://beaker-project.org/docs/admin-guide/installation.html#installing-the-beaker-server.I've done setting up Beaker database and enabling beakerd scheduler, but I'm stuck when I come to the step of configuring the URL for beaker server on Apache (as provided in the link and the image).the instruction i'm stuck on
I'm not sure what is the URL of my Beaker server (where to find it in the config file?). Should I config that URL in /etc/httpd/conf/httpd.conf or /etc/httpd/conf.d/beaker-server.conf? I gave a try on both but all I can manage is displaying the index.html file of the server, not the Beaker server UI as expected. I configured the server name to be the IP of the server since I want to test first before contacting the DNS provider.
Thank you for your help on the matter.
The default /etc/httpd/conf.d/beaker-server.conf file configures the Beaker web application to be served under the path /bkr/. That's this line (and all the related settings):
WSGIScriptAlias /bkr/ /usr/share/bkr/beaker-server.wsgi/bkr/
So you should find Beaker accessible at http://$YOURSERVER/bkr/. That's what the documentation means when it says "the URL configured in Apache".
If you just visit http://$YOURSERVER/ you will indeed see the Apache welcome page because nothing else is configured to be served at the root.
I am trying to install an SSL certificate on my Apache server that's hosted on an EC2 instance from AWS. I originally intended to go with AWS Certificate Manager and put the SSL on a Load Balancer but I have no need for more than one EC2 instance.
What I have found is that you can install the SSL directly to the server that's hosted at AWS. What I am confused about is how to do it. https://www.digicert.com/ssl-certificate-installation-apache.htm, among others, is a link that I have been trying to follow. I am stuck at #2 in the digicert link above becuase I can't find the SSL configuration file. Is it possible that I could not have that set up? If so, do I create the virtual host like specified in #4? Where would I place the virtual host block of code in my server?
Thank you for any and all help!
You need to put ssl certificate inside tomcat on ec2 instance, then you can take an image of that instance and update image on amazon autoscale. The steps for installing ssl certificate in tomcat server, you can find on different links, google on this and you will find many links. While i am providing some below links, hope these helps :
https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
https://www.mulesoft.com/tcat/tomcat-ssl
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html
If you can't find the SSL config file in /etc/httpd/conf.d it's because you don't have mod_ssl installed on your server. mod_ssl works for Apache version 2.2. mod24_ssl will not work for Apache version 2.2 but 2.4. I used command sudo yum install -y mod_ssl and it worked fine on my instance since I had version 2.2.
If anyone needs any more explanation on this issue, let me know. I figured it out from scratch and would be more than happy to help someone else avoid the confusion/frustration. It's pretty straight forward once you can understand it.
I'm trying t use the InfoRecoverySample in IS 5.0.0. I was able to build it as according to the instructions here:
https://docs.wso2.com/display/IS500/Recovering+Account+Information+Using+a+Webapp
However after placing the war file in [IS_HOME]/repository/deployment/server/webapps/ and restarting, I get errors in the application logs. Unfortunately they are very vague:
org.apache.axis2.deployment.DeploymentException: Error occurred while deploying webapp : [IS_HOME]/repository/deployment/server/webapps/InfoRecoverySample.war
Error occurred while deploying webapp : [IS_HOME]/repository/deployment/server/webapps/InfoRecoverySample.war
Error while deploying webapp: StandardContext[InfoRecoverySample.war].File[repository/deployment/server/webapps/InfoRecoverySample.war]
My best guess is that the pom.xml file is out of date because I see lots of references to 4.2.0. This is the pom.xml file I'm using:
https://svn.wso2.org/repos/wso2/people/chamathg/samples/is/InfoRecoverySample/pom.xml
Does it sound like I'm on the right track? If so, is there an updated pom.xml file (or sample project) out there?
TIA,
Mike
Deploy the war file in your tomcat/webapps folder, not the identity server webapps. then access via localhost:8080
edit:
The way the pom is designed is for deployment on your localhost, not the wso2 server. Despite what the instructions say. However, you can deploy it to [IS_HOME]/repository/deployment/server/webapps/ as long as you remove most of the jar files that are created in the war's WEB-INF/lib directory. These will conflict when being run from the IS. The only one you need to leave is org.wso2.carbon.identity.sso.agent-1.2.0.jar. remove, re-zip, and then redeploy.
I write my first service in Netbeans 7.1.1 and can`t deploy it on Tomcat 7 server.
Tomcat server started.
In-place deployment at /home/likewise-open/PROMWAD/alexandr.kurkin/NetBeansProjects/HelloWs1/build/web
Deployment is in progress...
deploy?config=file%3A%2Ftmp%2Fcontext1698562612061154650.xml&war=file:/home/likewise-open/PROMWAD/alexandr.kurkin/NetBeansProjects/HelloWs1/build/web/
http://localhost:8080/manager/deploy?config=file%3A%2Ftmp%2Fcontext1698562612061154650.xml&war=file:/home/likewise-open/PROMWAD/alexandr.kurkin/NetBeansProjects/HelloWs1/build/web/
/home/likewise-open/PROMWAD/alexandr.kurkin/NetBeansProjects/HelloWs1/nbproject/build-impl.xml:729: The module has not been deployed.
See the server log for details.
BUILD FAILED (total time: 44 seconds)
Tomcat`s log is without errors.
Deploy stopped in this line in build-impl.xml
<target if="netbeans.home" name="-run-deploy-nb">
<nbdeploy clientUrlPart="${client.urlPart}" debugmode="false" forceRedeploy="${forceRedeploy}"/>
</target>
Netbeans can work with external Tomcat. But sometimes when you change of netbeans version or tomcat version, the configuration file get corrupted (build-impl.xml). So don't reinstall Netbeans the easiest way is to create a new clean project and copy/paste the source. I've encountered this kind of error many times (at least one project after each updates...) so I think it will work.
you need to make sure that, in tomcat/conf/server.xml, the URIEncoding is correct.
NetBeans put the context.xml in C:\Users\your-name\AppData\Local\Temp, so if your name is Chinese or ..., tomcat may not find the context.xml and fail to deploy your web-app.
<Connector port="8080" protocol="HTTP/1.1"
URIEncoding="utf-8"
connectionTimeout="20000"
redirectPort="8443" />
You will have to reinstall NetBeans. While installation NetBeans will show you both Glassfish & Tomcat as server option. You will have to select Tomcat as server. Hopefully, this will resolve your issue.
Please note that adding server externally in NetBeans causes problems sometime.
I'm looking to map to a directory on a different host using Jetty/Maven when working locally. I've found you can do this w/ Apache using mod_jk (JkMount/JkUnMount), but haven't figured it how to do the same on jetty.
On our dev/q/live servers, we have Apache in front of JBoss and use mod_jk to do this. Locally, we're using jetty
To give you an idea of what I'm talking about, this is how you would configure Apache to accomplish this:
in httpd.conf:
JkMount /images/* host2
JkMount /* host2
JkUnMount /images/* host1
workers.properties:
worker.list=host2,host1
worker.host2.host=host-2.theDomain.com
worker.host2.port=46654
worker.host1.host=host-1.theDomain.com
worker.host1.port=46655
Is there a way to configure Jetty to do the same thing?
Btw, locally, I'm using the Maven plugin for Eclipse if that makes a difference.
thanks!
Update:
I tried going a different route here and just added a folder, then Advanced > Link to a folder in the file system and I pointed to a file on the remote server (I believe we use WebDav). The files show up in project explorer, but they aren't served. I'm going to try setting org.mortbay.util.FileResource.checkAliases to true as specified here:
http://docs.codehaus.org/display/JETTY/How+to+enable+serving+aliased+files
...will let you know if that takes care of it.
Are you using the Spring Framework? If so, another solution here is to use tuckey urlrewrite. You can test for your local domain and only run the rules there.
http://www.tuckey.org/urlrewrite/manual/3.0/introduction.html