I am trying to use port unification for glassfish 4 to redirect any http request to https. I could easily do this with V3 but I am having issues with glassfish v4 - Java 1.7.
Commands that I executed in glassfish v4 -
asadmin create-protocol --securityenabled=false http-redirect
asadmin create-protocol-filter --protocol http-redirect --classname org.glassfish.grizzly.config.portunif.HttpRedirectFilter redirect-filter
asadmin create-protocol --securityenabled=false pu-protocol
asadmin create-protocol-finder --protocol pu-protocol --targetprotocol http-listener-2 --classname org.glassfish.grizzly.config.portunif.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol pu-protocol --targetprotocol http-redirect --classname org.glassfish.grizzly.config.portunif.HttpProtocolFinder http-redirect
set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-1.protocol=pu-protocol
All the above command execute without errors. However when I try accessing the web it throws exception and the http address does not launch - localhost:8080 fails
Exception in Glassfish -
WARNING: Exception during FilterChain execution
java.lang.ClassCastException: org.glassfish.grizzly.memory.HeapMemoryManager$TrimmableHeapBuffer cannot be cast to org.glassfish.grizzly.http.HttpContent
at org.glassfish.grizzly.config.portunif.HttpRedirectFilter.handleRead(HttpRedirectFilter.java:99)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.portunif.PUFilter.handleRead(PUFilter.java:231)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544)
at java.lang.Thread.run(Thread.java:722)
Appreciate it if this can be resolved, is there any other way to do port redirection from http to https?
Make sure your last command includes "asadmin" as set is a DOS command.
This worked for me with GlassFish 4.0 when I used the following commands (although it looks pretty similar to yours):
asadmin create-protocol --securityenabled=false http-redirect
asadmin create-http-redirect --redirect-port 8181 --secure-redirect true http-redirect
asadmin create-protocol --securityenabled=false pu-protocol
asadmin create-protocol-filter --protocol http-redirect --classname org.glassfish.grizzly.config.portunif.HttpRedirectFilter redirect-filter
asadmin create-protocol-finder --protocol pu-protocol --targetprotocol http-listener-2 --classname org.glassfish.grizzly.config.portunif.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol pu-protocol --targetprotocol http-redirect --classname org.glassfish.grizzly.config.portunif.HttpProtocolFinder http-redirect
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-1.protocol=pu-protocol
I have noticed that the this causes the HTTP tab for http-listener-1 (Configurations --> server-config --> Network Config --> Network Listeners --> http-listener-1 --> SSL tab) to no longer display. Not an issue for me.
So I'm not sure why, but when I used the protocol name pu-protocol it would not configure correctly and it would not show up in the Admin console under the protocols list. All I had to do was use a different name for the protocol and everything worked fine. I used the name portunif-protocol and as soon as I ran the command to create it, it showed up in the Glassfish Admin console under the Protocols section as you would expect. Now I've got my site redirecting to https as desired!
Commands I used:
asadmin create-protocol --securityenabled=false http-redirect
asadmin create-http-redirect --redirect-port 443 --secure-redirect true http-redirect
asadmin create-protocol --securityenabled=false portunif-protocol
asadmin create-protocol-filter --protocol http-redirect --classname org.glassfish.grizzly.config.portunif.HttpRedirectFilter redirect-filter
asadmin create-protocol-finder --protocol portunif-protocol --targetprotocol http-listener-2 --classname org.glassfish.grizzly.config.portunif.HttpProtocolFinder http-finder
asadmin create-protocol-finder --protocol portunif-protocol --targetprotocol http-redirect --classname org.glassfish.grizzly.config.portunif.HttpProtocolFinder http-redirect
asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-1.protocol=portunif-protocol
Hope that helps anyone else that may have ran into the same issue I did.
Related
I already installed Apache ActiveMQ Artemis 2.26.0 and tried to create master slave cluster.
I create master slave cluster based on a Youtube video. Apache ActiveMQ Artemis 2.15.0 is used in that video.
When I try to create it in command prompt there is no notification that backup already announced, but I can open the live server in 8161 and backup server in 8162.
Then I create address and queue in localhost 8161. And already succeeded.
I got the problem when I try to send message in 8161. I got the notification:
Could not send message: java.lang.IllegalStateException : AMQ229031: Unable to validate user from Management. Username: null; SSL certificate subject DN: unavailable
For the information, I found that difference in bootsrap.xml (slave) that the script is different. The different is:
ActiveMQ Artemis 2.26.0
<!-- The web server is only bound to localhost by default -->
<web path="web" rootRedirectLocation="console">
<binding uri="http://localhost:8161">
<app url="activemq-branding" war="activemq-branding.war"/>
<app url="artemis-plugin" war="artemis-plugin.war"/>
<app url="console" war="console.war"/>
</binding>
</web>
ActiveMQ Artemis 2.15.0
<!-- The web server is only bound to localhost by default -->
<web bind="http://localhost:8161" path="web">
<app url="activemq-branding" war="activemq-branding.war"/>
<app url="artemis-plugin" war="artemis-plugin.war"/>
<app url="console" war="console.war"/>
</web>
Does the difference affect or not when create backup server in localhost 8162?
I try the steps on the Youtube video and searched for the solution in Google, but I don't find the solution. I expect to run live and backup server successfully, and I want to know the right steps to install master slave cluster.
Using the ServiceBindingManager referencing the "sample-bindings.xml" configuration in the /conf/jboss-service.xml:
<mbean code="org.jboss.services.binding.ServiceBindingManager"
name="jboss.system:service=ServiceBindingManager">
<attribute name="ServerName">myserver</attribute>
<attribute name="StoreURL">${jboss.home.url}/docs/examples/binding-manager/sample-bindings.xml</attribute>
<attribute name="StoreFactoryClassName">
org.jboss.services.binding.XMLServicesStoreFactory
</attribute>
</mbean>
1) Having enabled the ServiceBindingManager does it mean the "server.xml" ports are overwritten by the sample-bindings.xml defined ports?
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" address="${jboss.bind.address}"
maxThreads="250" maxHttpHeaderSize="8192"
emptySessionPath="true" protocol="HTTP/1.1"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,text/css,text/plain"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" server="server1" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="250" scheme="https" secure="true"
maxHttpHeaderSize="8192"
emptySessionPath="true"
address="${jboss.bind.address}"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="xx"
truststoreFile="${jboss.server.home.dir}/conf/server.keystore"
truststorePass="xx"
clientAuth="false" sslProtocol="TLS" server="server1" />
2) If the server.xml ports are not relevant any more, how can the TLS server certificate still be used?
After some googling, it does look like sample-bindings.xml ports will override server.xml ports related settings and is mainly used for running multiple instances of JBoss on the same server/machine. On the SSL scertificate, if the keystores appear to be no longer found - you can add them as program arguments either in the JAVA_OPTS section of run.conf (I'm assuming you're using an older version of JBoss) or you can add them to the command line or script you use to start JBoss, for example:
/home/jboss/jboss-eap-5.1/jboss-as/bin/./run.sh -Djavax.net.ssl.keyStore=server.keystore -Djavax.net.ssl.trustStore=server.keystore -Djavax.net.ssl.trustStorePassword=xx -Djavax.net.ssl.keyStorePassword=xx > /dev/null 2>&1 &
Note, you'd need the correct paths to the files.
We use the same keystore/truststore program arguments at work on many Jboss instances.
I have one problem when i am configuring 2 way SSL (client certificate) with mod_cluster on wildfly 9.0.2
-Direct connection on wildfly on port 8443 (like https://wildflyserver:8443/context) is working,
-AJP connector connection between apache and wildfly and mod_cluster is not working
-There is no HTTPS connector ?
<mod-cluster-config advertise-socket="modcluster" proxies="mc-proxy1" advertise="false" connector="http-default">
<dynamic-load-provider>
<load-metric type="cpu"/>
</dynamic-load-provider>
<ssl key-alias="aofweb" password="XXXXXX" certificate-key-file="${jboss.domain.config.dir}/keystoreWeb.jks" cipher-suite="ALL" protocol="TLSv1" ca-certificate-file="${jboss.domain.config.dir}/keystoreWeb.jks"/>
</mod-cluster-config>
-When i am using http redirect to https with web.xml configuration and redirect-socket binding the URL changes from https://apacheserver/context to https://wildflyserver:8443/context, if i had a directive preserveProxyhost it does'nt work too,
anybody have a solution ?
i manage to do it , i configure "ajp" connection , in listener scheme https,
in case of in httpd listener certificate-forwarding=true and redirection on https,
in web.xml auth-method to CLIENT-CERT and transport-guarantee to CONFIDENTIAL,
and then the most important in apache, client verification mandatory and forward cert data :
SSLHonorCipherOrder on
SSLVerifyClient require
SSLVerifyDepth 10
#THE CA USED TO GENERATE CLIENT CERTIFICATE
SSLCACertificateFile /etc/httpd/certs/cacert.pem
SSLOptions +ExportCertData
SSLOptions +StdEnvVars
Require all granted
tell me if you have problem :
widlfy 9.0
apache 2.4
mod_proxy_ajp
mod_ssl
mod_proxy
modcluster 1.3.1
I have a restful service deployed in public IP, and thus does not have a port number associated with it. I need to invoke that service, in mule and create a workflow.
I can consume a service with port number as specified below but am unable to do the same for a service which does not have a port number associated.
<http:listener-config name="HTTP_Listener_Configuration" host="localhost" port="8105" doc:name="HTTP Listener Configuration" />
<http:request-config name="HTTP_Request_Configuration" host="localhost" port="8080" basePath="/onlineexam" doc:name="HTTP Request Configuration"/>
Please help
It will always have a port. If the URL does not have one specified then it is using the default http port '80' so set the port attribute to 80.
I was also facing the issue despite adding default port 443 for my HTTPS request. Usually this issue persists when the hostname ends with .io or .org. Mine was .io
Adding this inside the <http:request > block helped:
<http:request-builder>
<http:header headerName="Host" value="hostname"/>
</http:request-builder>
This will overrirde the configuration host and port. So you would still have to mention host and port number in the request configuration which will be overridden.
For http, use port 80 and for HTTPS, use port 443
Environment:
Windows 2008 R2
Jenkins 1.580.2 LTS
Mailer plugin 1.12
Email Extension Plugin 2.39
Java 8
I have some problems with configuring my Jenkins CI server to send email notifications after moving to the Business account in Office365.
So here is the my configurations:
Jenkins is started with StartTLS support (with parameter
'-Dmail.smtp.starttls.enabled=true')
SMTP server is 'smtp.office365.com'
SMTP port is 587
SSL is disabled for SMTP authention
Account is real and password is correct
Account is specified like username#company.com
Looks like message should be sent correctly but the email message is NOT sent.
The following error occurs:
Failed to send out e-mail
com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM
at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:2057)
at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1580)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1097)
at javax.mail.Transport.send0(Transport.java:195)
at javax.mail.Transport.send(Transport.java:124)
at hudson.tasks.Mailer$DescriptorImpl.doSendTestMail(Mailer.java:527)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:745)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:875)
at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:745)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:875)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
at org.kohsuke.stapler.Stapler.service(Stapler.java:237)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:58)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:99)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:86)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Could please someone help me with this?
Thank you
After review the answers here I still got the error:
Client does not have permissions to send as this sender
So what I missed is to set the System Admin e-mail address and than everything worked well - probably the email plugin using the System Admin e-mail to connect the mailbox .
Here are all the steps to configure the mail notification (also email ext):
Go to manage jenkins > configure system:
under Jenkins Location
System Admin e-mail address: notification#domain.com
under Extended E-mail Notification:
SMTP server: smtp.office365.com
Default user e-mail suffix: #domain.com
User Name: notification#domain.com
Password: ###########
Use SSL: no
SMTP Port: 25 or 587
Charset UTF-8
edit file: "/etc/default/jenkins"
sudo vim /etc/default/jenkins
add the line:
JAVA_ARGS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"
restart jenkins
sudo /etc/init.d/jenkins restart
tested on ubuntu 16
TLS is not enabled.
Just add next java property for Jenkins on start:
-Dmail.smtp.starttls.enable=true
So for Ubuntu it can be configured here:
home/ubuntu# grep ^JAVA_ARGS /etc/default/jenkins
JAVA_ARGS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"
I used SMTP port 25 instead of 587 and it works
If you are using AWS EC2 AMI Linux then this is a common problem. You need to edit /etc/sysconfig/jenkins and restart Jenkins.
You need to have both
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"
AND
JENKINS_ARGS="-Dmail.smtp.starttls.enable=true"
Steps:
Open debug of your mail sender
Check if you have got the following in your first debug info.
DEBUG: setDebug: JavaMail version 1.3
Please upgrade your JavaMail version to one higher than 1.4 and it should be fixed without any code changes.
If you are using Jenkins in Kubernetes add below lines in your YAML file and make sure you have the same email in "System Admin e-mail address: "
containers:
...
env:
- name: JENKINS_OPTS
value: "-Dmail.smtp.starttls.enable=true"
- name: JENKINS_JAVA_OPTIONS
value: "-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true"
- name: JAVA_OPTS
value: >-
-Djava.awt.headless=true
-Dmail.smtp.starttls.enable=true
According to my test, just the following parameters are required:
System Admin e-mail address: bunny#acme.com
SMTP server: smtp.office365.com
SMTP Port: 587
SMTP Username: bunny#acme.com
SMTP Password: ***
Use SSL: no
Charset UTF-8
And if you don't want to touch/restart your jenkins at low level (-Dmail.smtp.starttls.enable=true) just add
mail.smtp.starttls.enable = true to the Advanced Email Properties