NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
Good morning Jim! >From what I can see, support for the Http11AprProtocol protocol was removed in Tomcat 9.1.x/10.1.x (TDS Docker image uses 10.1) ( https://tomcat.apache.org/tomcat-10.0-doc/api/org/apache/coyote/http11/Http11AprProtocol.html). I believe you'll need to migrate that bit of xml config to use the org.apache.coyote.http11.Http11NioProtocol protocol ( https://tomcat.apache.org/tomcat-10.1-doc/config/http.html). Perhaps something like: <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="150" SSLEnabled="true" maxParameterCount="1000"> <SSLHostConfig> <Certificate certificateKeyFile="/usr/local/share/ca-certificates/privkey.pem" certificateFile="/usr/local/share/ca-certificates/cert.pem" certificateChainFile="/usr/local/share/ca-certificates/fullchain.pem" type="RSA" /> </SSLHostConfig> </Connector> Note that the attributes on the Connector element are slightly different. Cheers, Sean On Tue, Jul 1, 2025 at 8:00 AM Jim Fluke <james.fluke@xxxxxxxxxxxxx> wrote: > Hello, > > First, this is related to the previous questions I've posted here > regarding authentication using a certificate. The difference is that I got > that to work with the 5.5 release, but I can't get it to work with the 5.6 > release. I want to go to the 5.6 release because of the new Tomcat CVEs. > > I think I have narrowed this down to the certificate configuration in > Tomcat. This is the server.xml certificate configuration that was working > for me in thredds-docker 5.5 and Tomcat 9.0.97: > <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 > This connector uses the APR/native implementation which always uses > OpenSSL for TLS. > Either JSSE or OpenSSL style configuration may be used. OpenSSL > style > configuration is used below. > --> > <Connector server="Apache" secure="true" port="8443" protocol= > "org.apache.coyote.http11.Http11AprProtocol" > maxThreads="150" SSLEnabled="true" > > <SSLHostConfig> > <Certificate certificateKeyFile= > "/usr/local/share/ca-certificates/privkey.pem" > certificateFile= > "/usr/local/share/ca-certificates/cert.pem" > certificateChainFile= > "/usr/local/share/ca-certificates/fullchain.pem" > type="RSA" /> > </SSLHostConfig> > </Connector> > > Note I fixed the authentication problems I had previously by making sure > the certificate was installed in the container's OS as well as configured > for Tomcat. > > But this configuration does not work for thredds-docker 5.6 and Tomcat > 10.1.42. Here is the error in the Tomcat Catalina log: > 12-Jun-2025 23:29:09.855 WARNING [main] > org.apache.catalina.startup.Catalina.parseServerXml Unable to load server > configuration from [/usr/local/tomcat/conf/server.xml] > org.xml.sax.SAXParseException; systemId: > file:/usr/local/tomcat/conf/server.xml; lineNumber: 124; columnNumber: > 25; Error at line [124] column [25]: [Cannot invoke "org.apache.coyot > e.ProtocolHandler.addSslHostConfig(org.apache.tomcat.util.net.SSLHostConfig)" > because "this.protocolHandler" is null] > at > org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1948) > at > org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1981) > at > org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1017) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:618) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1728) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2899) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605) > at > java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) > at > java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1224) > at > java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:637) > at > org.apache.tomcat.util.digester.Digester.parse(Digester.java:1506) > at > org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:607) > at > org.apache.catalina.startup.Catalina.load(Catalina.java:697) > at > org.apache.catalina.startup.Catalina.load(Catalina.java:735) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) > at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at > java.base/java.lang.reflect.Method.invoke(Method.java:569) > at > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302) > at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475) > Caused by: java.lang.NullPointerException: Cannot invoke > "org.apache.coyote.ProtocolHandler.addSslHostConfig(org.apache.tomcat.util.net.SSLHostConfig)" > because "this.protocolHandler > " is null > at > org.apache.catalina.connector.Connector.addSslHostConfig(Connector.java:883) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) > at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at > java.base/java.lang.reflect.Method.invoke(Method.java:569) > at > org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:490) > at > org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:144) > at > org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1014) > ... 20 more > 12-Jun-2025 23:29:09.855 SEVERE [main] > org.apache.catalina.startup.Catalina.start Cannot start server, server > instance is not configured > > Any suggestions would be appreciated! > > Thanks, > Jim > > _______________________________________________ > thredds mailing list > thredds@xxxxxxxxxxxxxxxx > To subscribe: thredds-join@xxxxxxxxxxxxxxxx > To unsubscribe: thredds-leave@xxxxxxxxxxxxxxxx >
thredds archives: