Has Anyone Done a tomcat6 setup on debian Linux with SSL?

Slightly off topic, I apologize...

I'm trying to get SSL to work on a standalone tomcat6 system for running the TeamCity master. Normally, you'd plunk tomcat behind apache and let apache terminate SSL connections, but due to the chattiness of the WebUI, this turns out to be a significant bottleneck.

So far, I'm using a fairly vanilla debian squeeze setup using:

tomcat6
openssl
authbind
libapr1
libtcnative-1

and I use the following stanza in /etc/tomcat6/server.xml:

    <Connector port="443"
               protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="200"
               connectionTimeout="20000"
               enableLookup="false"
               scheme="https"
               secure="true"
               clientAuth="optional"
               SSLEnabled="true"
               SSLCertificateFile="/etc/ssl/GENERIC-lindenlab.com.pem"
               SSLCertificateKeyFile="/etc/ssl/GENERIC-lindenlab.com.pem"
               SSLCertificateChainFile="/etc/ssl/Geotrust_Intermediate_CA.crt"
               SSLVerifyClient="none"
               SSLProtocol="all"/>

Unfortunately, I still get the following error:

java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.Pool.create(J)J
        at org.apache.tomcat.jni.Pool.create(Native Method)
        at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:613)
        at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107)
        at org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
        at org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
        at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:548)

Research via google seems to indicate some kind of search path issue, but wouldn't debian installs take care of it?

Would I need to Pre-Depend on those packages above so that tomcat6 can be configured that way?

3 comments
Comment actions Permalink

HI,

I set up tomcat behind apache with mod_jk. Can you explain what you mean by"significant bottleneck" ?
At the same time do not you consider running tomcat as a root (for ports lower then 1024) a security risk?

Regards!

0
Comment actions Permalink

I obviously won't run tomcat as root.

Instead, I'll be terminating SSL on 8443, and I'll have our hardware load balancer map 443 to 8443.

The problem in the initial post was due to me not activating the APR listener in the server.xml config.

Now I'm more concerned with making TC highly available - which is a different thread :)

0

Please sign in to leave a comment.