I've a c application that uses a remote axis web service, when I connect to service using http protocol there is no problem, but when I want to use ssl, I can't call service operations & it just returns NULL.
here is part of my axis2.xml for client application:
<transportReceiver name="http" class="axis2_http_receiver">
<parameter name="port" locked="false">6060</parameter>
<parameter name="exposeHeaders" locked="true">false</parameter>
</transportReceiver>
<transportReceiver name="https" class="axis2_http_receiver">
<parameter name="port" locked="false">6060</parameter>
<parameter name="exposeHeaders" locked="true">false</parameter>
</transportReceiver>
<transportSender name="http" class="axis2_http_sender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
<parameter name="xml-declaration" insert="false"/>
<!--parameter name="Transfer-Encoding">chunked</parameter-->
<!--parameter name="HTTP-Authentication" username="" password="" locked="true"/-->
<!--parameter name="PROXY" proxy_host="127.0.0.1" proxy_port="8080" proxy_username="" proxy_password="" locked="true"/-->
</transportSender>
<transportSender name="https" class="axis2_http_sender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
<parameter name="xml-declaration" insert="false"/>
</transportSender>
is it any error with this configurations? do I need something more?
my server uses a self-signed certificate, can it cause the problem?
Another question is that if I want to enable client authentication, How can I pass required parameters (SERVER_CERT, KEY_FILE, SSL_PASSPHRASE) programmatically in my code (& not in axis2.xml)?
EDIT :
I succeed to connect to service via normal SSL (with no client authentication), but when I want to use client authentication, client fails with the following log:
[Sun Mar 16 12:49:10 2014] [info] Starting addressing out handler
[Sun Mar 16 12:49:10 2014] [debug] ..\..\src\modules\mod_addr\addr_out_handler.c(133) No action present. Stop processing addressing
[Sun Mar 16 12:49:10 2014] [debug] ..\..\src\core\transport\http\sender\http_transport_sender.c(246) ctx_epr:https://mysite.com/axis2/services/myService
[Sun Mar 16 12:49:10 2014] [debug] ..\..\src\core\transport\http\sender\http_transport_sender.c(805) using axis2 native http sender.
[Sun Mar 16 12:49:10 2014] [debug] ..\..\src\core\transport\http\sender\http_sender.c(416) msg_ctx_id:urn:uuid:fe18bf10-6611-4af9-85f6-b062bd7eb231
[Sun Mar 16 12:49:14 2014] [debug] ..\..\src\core\transport\http\sender\http_client.c(571) http client , response timed out
[Sun Mar 16 12:49:14 2014] [error] ..\..\src\core\transport\http\sender\http_client.c(574) Response timed out
[Sun Mar 16 12:49:14 2014] [error] ..\..\src\core\transport\http\sender\http_sender.c(1381) status_code < 0
[Sun Mar 16 12:49:14 2014] [error] ..\..\src\core\engine\engine.c(179) Transport sender invoke failed
To diagnose the problem you may look into log file. By default it's in axis2c/logs dir and it have a name as you pass in axutil_env_create_all function.
You can't have both transports "http" and "https" on the same port. Better is to use either of "http" or "https" transports in axis2.xml.
To set SSL params programmatically (SERVER_CERT for example):
axutil_property_t* ca_prop = axis2_property_create(env);
axutil_property_set_value(ca_prop, env, axis2_strdup("/path/to/ca.pem", env));
axis2_options_set_property(options, env, "SERVER_CERT", ca_prop);
This is the nice article on how to configure Axis2/C for SSL: http://people.apache.org/~dumindu/docs/HowToConfigureSSL.html
It was in fact a server side problem that occurred in Apache SSL engine! When I looked at apache error log, I saw following error:
[Sun Mar 16 13:33:43 2014] [error] SSL Library Error: 336068931 error:14080143:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled
According to mod_ssl documentation, this problem was because my axis libraries was build with old version of openssl:
If mod_ssl is linked against OpenSSL version 0.9.8m or later, by default renegotiation is only supported with clients supporting the new protocol extension. If this directive is enabled, renegotiation will be allowed with old (unpatched) clients, albeit insecurely.
So I just recompiled axis libraries with newer version of OpenSSL & everything is OK now!
Of course there is another unsafe solution that is adding following line to the virtual host section of Apache config file:
SSLInsecureRenegotiation ON
since enabling SSLInsecureRenegotiation can cause man in the middle attack, it is NOT a secure solution.
Related
I updated Apache2 on my Rapsberry Pi (using: apt install apache2 --only-upgrade) and now it is not starting:
root#pi:/etc/apache2 # service apache2 start
Job for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details.
root#pi:/etc/apache2 # systemctl status apache2.service
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled)
Active: failed (Result: resources) since Sun 2017-02-05 16:19:48 CET; 28min ago
Feb 05 16:47:44 pi systemd[1]: Starting The Apache HTTP Server...
Feb 05 16:47:44 pi systemd[1]: apache2.service failed to run 'start' task: No such file or directory
Feb 05 16:47:44 pi systemd[1]: Failed to start The Apache HTTP Server.
Version of apache2:
Server version: Apache/2.4.25 (Raspbian)
Server built: 2017-01-25T22:59:26
apache2ctl -t shows:
Syntax OK
I tried disabling all virtual hosts (only default left) but it didn't change anything.
Output of just apache2:
[Mon Feb 06 01:25:09.079790 2017] [core:warn] [pid 2954] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
apache2: Syntax error on line 80 of /etc/apache2/apache2.conf: DefaultRuntimeDir must be a valid directory, absolute or relative to ServerRoot
I had the same issue after upgrading a Dockerfile from 14.04 to 17.04.
The solution for me was to manually add the apache directory in /var/run
So the fix was:
mkdir /var/run/apache2
The DefaultRuntimeDir was set to /var/run/apache2 but the folder was missing.
I have configured tomcat to run on port 80 with apache2 and mod_jk and this work well. If i reboot the system then the site will be the standart site from apache2. If i restart apache2 (/etc/init.d/apache2 restart) the site will come from tomcat. But why first after restart of apache2?
Anyone an idea?
Log after reboot the system (in /var/log/apache2/):
> mod_jk.log <
[Mon Sep 22 16:24:40.296 2014] [2256:3075069696] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Sep 22 16:24:40.296 2014] [2256:3075069696] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing.
[Mon Sep 22 16:24:40.296 2014] [2256:3075069696] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing.
[Mon Sep 22 16:24:40.298 2014] [2257:3075069696] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Sep 22 16:24:40.298 2014] [2257:3075069696] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing.
[Mon Sep 22 16:24:40.298 2014] [2257:3075069696] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing.
> error.log <
[Mon Sep 22 16:24:40 2014] [notice] Apache/2.2.22 (Debian) mod_jk/1.2.37 configured -- resuming normal operations
[Mon Sep 22 16:26:50 2014] [notice] caught SIGTERM, shutting down
Log after restart apache (in /var/log/apache2/):
> mod_jk.log <
[Mon Sep 22 16:29:10.042 2014] [3599:3074443008] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Sep 22 16:29:10.042 2014] [3599:3074443008] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing.
[Mon Sep 22 16:29:10.042 2014] [3599:3074443008] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing.
[Mon Sep 22 16:29:10.052 2014] [3600:3074443008] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Sep 22 16:29:10.052 2014] [3600:3074443008] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing.
[Mon Sep 22 16:29:10.052 2014] [3600:3074443008] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing.
> error.log <
[Mon Sep 22 16:29:10 2014] [notice] Apache/2.2.22 (Debian) mod_jk/1.2.37 configured -- resuming normal operations
EDIT 1:
Ok, i have tested this several times and find out that the apache2 / tomcat7 / mod_jk behavior is more crazy xD
I will show you my configurations:
> local: hosts <
192.168.84.129 migor
192.168.84.129 test.migor
> in tomcat server.xml <
<Host name="test.migor" appBase="myapps/test" unpackWARs="true" autoDeploy="true" />
> worker.properties <
workers.tomcat_home=/var/lib/tomcat7
workers.java_home=/usr/lib/jvm/java-7
ps=/
worker.list=ajp13_worker
worker.ajp13_worker.port=8009
worker.ajp13_worker.host=localhost
worker.ajp13_worker.type=ajp13
worker.ajp13_worker.lbfactor=1
> sitea-available/test.migor <
<Virtualhost test.migor>
JkMount /* ajp13_worker
ServerName test.migor
DocumentRoot /var/lib/tomcat7/myapps/test
ErrorLog /var/lib/tomcat7/logs/error.log
CustomLog /var/lib/tomcat7/logs/access.log common
<Directory /var/lib/tomcat7/myapps/test>
Options -Indexes
</Directory>
</Virtualhost>
Now the behavior:
After reboot under url: "test.migor/", "migor/" and my server ip 192.168.84.129 i will get the site from apache2
After restarting apache2 i will get on migor/ and 192.168.84.129 the tomcat page from webapps and on test.migor/ the page from myapps/test. Here the problem, i expected on 192.168.84.129 the page from apache2.
Any an idea?
EDIT 2:
Ok, i have forget to add "NameVirtualHost test.migor" to "sitea-available/test.migor" and my config have completly overwrite default settiong of apache. Now is the behavior ok for me. With url "migor/" i can call default apache site and with url "test.migor/" i can call the tomcat homepage which is in tomcat7/myapps/test.
But this behavior will be activated only after restart of apache2 (if i have rebooted my system before). I will show for the solution and post it here. Maybe in "EDIT 3" xD
The error clearly says that jk-manager and jk-status is not accurately defined in workers.property file.
Please check your workers.properties file and make following changes:
worker.list=jk-manager
worker.jk-manager.type=status
worker.list=jk-status
worker.jk-status.type=status
worker.jk-status.read_only=true
Cheers!!
WordPress Creating Empty database. (there is a database but with out any values!)
I am on local WAMP Server 2.4 (PHP 5.4)
Windows 8
WordPress 3.6 (also tried 3.5.1)
Wamp Apache is Giving some errors I am pasting few lines here:
access.log:
"GET /test_3/wp-admin/css/colors-fresh.min.css?ver=3.6 HTTP/1.1" 304 -
"GET /phpmyadmin/db_structure.php?db=db_test_3&token=4bb71407ccf91fc27d3c8338186ee369&db=db_test_3&ajax_request=true&ajax_page_request=true&menuHashes=572d5b14-cb7c7ed1-ada592ed-4fce1948&_nocache=1376960501429607598 HTTP/1.1" 200 40875
apache_error.log
[Mon Aug 19 13:34:54.335301 2013] [mpm_winnt:notice] [pid 7864:tid 468] AH00418: Parent: Created child process 6540
[Mon Aug 19 13:34:54.769224 2013] [mpm_winnt:notice] [pid 6540:tid 344] AH00354: Child: Starting 150 worker threads.
[Mon Aug 19 18:09:28.498364 2013] [mpm_winnt:notice] [pid 7864:tid 468] AH00422: Parent: Received shutdown signal -- Shutting down the server.
Possibly related to issue: I have changed port to :8080 cuz windows 8 was already using port :80
Any help will be much appreciated.
I found the solution! -- i might have messed this up while changing port.
In httpd.conf -- i had this:
Listen 8080
#Listen 0.0.0.0:8080
Simply changed it to this:
#Listen 8080
Listen 0.0.0.0:8080
Database was receiving values but word-press started giving this error on loin attempt
You do not have sufficient permissions to access this page
So i simply went to database and gave my user administrator privileges! (From here i followed the instruction under heading "Editing the wp_usermeta table")
I use a Glassfish-ApplicationServer for a Webapplication. The Glassfish is connected with mod_jk to a Apache2-Server.
Now there is a really strange behavior: Some Parts of the received Files (html, css, js, ...) are missing and there are strange numbers in the Files... If I use the direct access to the Glassfish eth works.
I use Glassfish 3.1.2, mod_jk 1.2.33 and Apache2. The Webapplication uses jsf/Primefaces 3.2.
In the mod_jk log there are strange error Messages. The Messages apear only on the first access to the Webpage.
[Mon Mar 19 13:33:42 2012] [3763:2928831344] [error]ajp_connection_tcp_get_message::jk_ajp_common.c (1280): wrong message format 0x2020 from 127.0.0.1:9009
[Mon Mar 19 13:33:42 2012] [3763:2928831344] [error] ajp_get_reply::jk_ajp_common.c (2145): (ajp13_worker) Tomcat is down or network problems. Part of the response has already been sent to the client
[Mon Mar 19 13:33:42 2012] [3763:2928831344] [info] ajp_service::jk_ajp_common.c (2614): (ajp13_worker) sending request to tomcat failed (recoverable), because of protocol error (attempt=2)
[Mon Mar 19 13:33:42 2012] [3763:2928831344] [error] ajp_service::jk_ajp_common.c (2634): (ajp13_worker) connecting to tomcat failed.
[Mon Mar 19 13:33:42 2012] [3763:2928831344] [info] jk_handler::mod_jk.c (2788): Service error=-11 for worker=ajp13_worker
[Mon Mar 19 13:33:42 2012] ajp13_worker ores.pragma.biz 0.191397
[Mon Mar 19 13:33:42 2012] [3764:2903653232] [error] ajp_connection_tcp_get_message::jk_ajp_common.c (1280): wrong message format 0x6973 from 127.0.0.1:9009
[Mon Mar 19 13:33:42 2012] [3764:2903653232] [error] ajp_get_reply::jk_ajp_common.c (2145): (ajp13_worker) Tomcat is down or network problems. Part of the response has already been sent to the client
[Mon Mar 19 13:33:42 2012] [3764:2903653232] [info] ajp_service::jk_ajp_common.c (2614): (ajp13_worker) sending request to tomcat failed (recoverable), because of protocol error (attempt=2)
[Mon Mar 19 13:33:42 2012] [3764:2903653232] [error] ajp_service::jk_ajp_common.c (2634): (ajp13_worker) connecting to tomcat failed.
[Mon Mar 19 13:33:42 2012] [3764:2903653232] [info] jk_handler::mod_jk.c (2788): Service error=-11 for worker=ajp13_worker
Hope, that anybody can help me.
Try installing GF 3.1.1 and see if that fixes the problem. I read about this bug last week, which might be your problem: http://java.net/jira/browse/GLASSFISH-18446 Looks like there is a patch available on that bug.
This is not exactly an answer, but if by any chance you're using apache and mod_jk only as a proxy to GF (as we did for years) - install nginx, and forget about apache. It's like day and night.
http://wiki.nginx.org/HttpProxyModule
I am having troubles with the current apache httpd (2.2.21) and mod_fcgid (2.3.6) versions. In my project, it is possible that the ScriptAlias directive in the httpd.conf can contain spaces because operating system paths can contain them. This use to work with older httpd and fcgid versions. But since we switched to the current versions, it doesn't work anymore. If the path of the ScriptAlias contain a space and mod_fcgid wants to start my fcgi process, I get the following error log:
326 [Fri Jan 06 11:30:01 2012] [notice] Apache/2.2.21 (Unix) mod_fcgid/2.3.6 configured -- resuming normal operations
327 [Fri Jan 06 11:30:03 2012] [warn] [client 77.58.246.206] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
328 [Fri Jan 06 11:30:03 2012] [error] [client 77.58.246.206] Premature end of script headers: somename.fcgi
Is this a known problem? I couldn't find anything on Google.
Best
David
Yes, unfortunately the copy of mod_fcgid for Apache 2.2.21 does not work with paths that have spaces. The bug has been committed and should be resolved in newer versions, so you can update, or you can use the 8.3 short-name of the path.