I followed the official guide to set up a cluster (Clustering AS 5.3.0)
(https://docs.wso2.com/display/CLUSTER420/Setting+up+a+Cluster).
But eventually, I could not reach the management page with https://localhost:9443/carbon, and the browser redirect to https://localhost/carbon/admin/login.jsp, but getting"ERR_CONNECTION_REFUSED"
[PRODUCT_HOME]/repository/conf/carbon.xml
<HostName>PCSKY01347</HostName>
<MgtHostName>PCSKY01347</MgtHostName>
[PRODUCT_HOME]/repository/conf/tomcat/catalina-server.xml
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9763"
proxyPort="80"
...
/>
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9443"
proxyPort="443"
...
/>
NOTE:
I do not setup the load balancer.
While server starting, I'm not getting any error message. And display member joined message in console.
'proxyPort' needs to be added in catalina-server.xml only if the fronted by a load balancer.
In this case, it is not required.
Therefore removing 'proxyPorts' should allow you to access the management console.
Related
Hi I have running wso2 docker image running inside aws instance. I am accessing wso2 apim services(store/publisher/carbon console) through aws ELB. And I have mapped ELB with DNS name inside Route 53.
Problem is I am able to access store and publisher(https://wso2.vitkutin.com./store/ and https://wso2.vitkutin.com./publisher/) successfully but when I'm trying carbon console https://wso2.vitkutin.com./carbon/ gives me below error.I am able to successfully curl -v -k https://localhost:9443/carbon/admin/login.jsp inside docker container. Can someone help me to solve this error ?
<am:fault xmlns:am="http://wso2.org/apimanager">
<am:code>404</am:code>
<am:type>Status report</am:type>
<am:message>Not Found</am:message>
<am:description>The requested resource is not available.</am:description>
</am:fault>
Route 53 DNS name is configured inside carbon.xml and apimanager.xml as shown below :
carbon.xml
<HostName>wso2.xxx.com.</HostName>
<MgtHostName>wso2.xxx.com.</MgtHostName>
apimanager.xml
<GatewayEndpoint>http://wso2.xxx.com.:80,https://wso2.xxx.com.:443</GatewayEndpoint>
<APIStore>
<URL>https://wso2.xxx.com.:443/store</URL>
</APIStore>
<APIPublisher>
<URL>https://wso2.xxx.com.:443/publisher</URL>
</APIPublisher>
As per the access log, it seems the request is sent to 8280 or 8243, instead of 9443. Please check your loadbalancer rules.
Application is not coming up on ELB but is coming up fine when tried on EC2 instance locally.
I have created a new AMI with tomcat 7.0.70 installed and deployed my stack. But then ELB did not register instances on HTTPS:443 (using self signed cert using openssl). When changed healthcheck to TCP:443, the instances got registered over ELB (inService) but issue remains.
When tried to curl over load balancer url, it throws connection timed out. I have redirection set in tomcat's server.xml to redirect all http connections coming to EC2 instance to https as below:
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="yyy" keystorePass="xxx" clientAuth="false" sslProtocol="TLS" />
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
No other configuration changes have been done and these setting have been working fine for all my old AMI's with tomcat 7.0.68. Nothing relevant is coming up in ELB Access logs.
Has anyone faced this issue before?
Appreciate any help on this!
I have a AWS EC2 ubuntu 14.04 machine and apache tomcat 7 is installed on that machine.
I deployed a web application on apache tomcat7 and started the server, I had an issue where EC2 machine running apache tomcat7 was not accessible from outside using the port 8080.
Then I figured that we have to https://serverfault.com/questions/666338/ec2-instance-running-apache-tomcat-not-accessible-from-outside/731513#731513 do this that is present in the link, then port 8080 worked.
Now the issue is SSL port 8443 does not work, if I hit my web application in this manner https://{ipaddress}:8443.
Note - I have generated a certificate using java keytool and configured in the Tomcat server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/home/ubuntu/mycert.crt"
keystorepass="*****" keyAlias="tomcat" />
And my EC2 Security Groups Inbound Configurations
Can someone let me know what Im doing wrong?
After looking into the Catalina.out log, I found the issue i.e. In the I mentioned above, tomcat7 has the property named as "keystorePass" (P is capital in keystorePass) but in tomcat6 "keystorepass" also works.
Due to this issue, password was not getting rightly set.
My application deployed on Tomcat 7 needs to be able to handle non-latin characters properly in get queries properly, to do this I have to add URIEncoding="UTF-8" to the server.xml file.
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
URIEncoding="UTF-8"/>
then restart Tomcat, and this works.
But how do I do this or equivalent when using Amazon Web Services and Elastic Beanstalk
You may need to use your own server.xml. You can replace it using ebextensions config files.
Take a look at this question:
How do I supply configuration to elastic beanstalk tomcat
I have a MULE application. It consist of a Flow like below:
<flow name="article_list">
<http:inbound-endpoint address="http://localhost:8000/jcore/article/list" />
<component class="com.joshlabs.jcore.article.ArticleList" />
</flow>
Now as it can be seen it runs on "localhost".
But everybody is able to access it through my local IP (only if we are on same network). But I don't want that anybody to use these services. How can I prevent this?
Different options:
Use a firewall (the easiest),
Protect the HTTP endpoint with Mule/Spring security,
If your machine has several IPs, bind the endpoint to an IP that isn't reachable from other machines.