Ask Questions and Find Answers
Important:
Ask is now read-only. You can review any existing questions and answers, but not add anything new.
But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:
discuss.liferay.com
Migrate tomcat-8 bundle to tomcat-8.5 in side Liferay7-GA4
Migrate tomcat-8 bundle to tomcat-8.5 in side Liferay7-GA4.
Hello Every one actually from last some days we are trying to migrate tomcat 8 to tomcat 8.5 inside
Liferay7-GA4 actually our future vision is to have multiple public/private web sites running on liferay itself with their own SSL Certificates.
So for that we have followed the process please find the below steps.
1. Prerequisite
i. Download liferay7-GA4
ii. Download tomcat 8.5
2. Once we download the liferay7 extract it and run the startup.sh file
3. Once the basic configuration you got change the Database as you wish with our case we use
MySQL once you change the database server run the scripts and all the tables populated with data in respective tables in database.
4. Next you need to stop the server by executing shutdown.sh command once it is shutdown.
5. Copy the tomcat8.5 inside liferay-ce-portal-7.0-ga4.
6. There is same folder structure for tomcat8.5 and tomcat8 which is default web server in liferay7.
7. Replace every folder accepts webapp and deletes the temp and work folder in tomcat setup.
8. Once you done with replacement just run the statup.sh file.
9. Actually after this changes we have start the tomcat8.5 server but still there is lots of error in logs
Some of the major error I mention please check.
i. While using MySQL as database actually it required MySQL 5.6 at least but again one more thing is it’s not case sensitive so please go with MySQL 5.7.
ii. Please delete MANIFEST.MF file.
webapps\ROOT\WEB-INF\classes\META-INF\MANIFEST.MF
iii. Again you will find some more error while bring up liferay7 so please avoid those initializing portal error so please delete one more folder i.e. osgi/state.
liferay-ce-portal-7.0-ga4\osgi\state
iv. One more common issue we see if we have multiple web sites and there domain configure with its so some cookie error you will get so you need to add one tag inside context.xml file.
Tag –
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />
Inside context.xml file.
liferay-ce-portal-7.0-ga4\tomcat-8.5.5\conf\context.xml file
v. If you have multiple web site inside the liferay7 so just bring the SSL Certificate in you server home directory and put those entry to you server.xml file.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="/C:/Users/user/tomcat1.keystore"
certificateKeystoreFile="/C:/Users/user/tomcat2.keystore" />
</SSLHostConfig>
</Connector>
vi. After this you need to delete all the logs and run the startup.sh file from bin folder in tomcat8.5
If you find any issue with this so please reply and shared with me this is my use case which I checked don’t know if you try to do this on your machine with your configuration may be facing some more referent error.
TIA....
Hello Every one actually from last some days we are trying to migrate tomcat 8 to tomcat 8.5 inside
Liferay7-GA4 actually our future vision is to have multiple public/private web sites running on liferay itself with their own SSL Certificates.
So for that we have followed the process please find the below steps.
1. Prerequisite
i. Download liferay7-GA4
ii. Download tomcat 8.5
2. Once we download the liferay7 extract it and run the startup.sh file
3. Once the basic configuration you got change the Database as you wish with our case we use
MySQL once you change the database server run the scripts and all the tables populated with data in respective tables in database.
4. Next you need to stop the server by executing shutdown.sh command once it is shutdown.
5. Copy the tomcat8.5 inside liferay-ce-portal-7.0-ga4.
6. There is same folder structure for tomcat8.5 and tomcat8 which is default web server in liferay7.
7. Replace every folder accepts webapp and deletes the temp and work folder in tomcat setup.
8. Once you done with replacement just run the statup.sh file.
9. Actually after this changes we have start the tomcat8.5 server but still there is lots of error in logs
Some of the major error I mention please check.
i. While using MySQL as database actually it required MySQL 5.6 at least but again one more thing is it’s not case sensitive so please go with MySQL 5.7.
ii. Please delete MANIFEST.MF file.
webapps\ROOT\WEB-INF\classes\META-INF\MANIFEST.MF
iii. Again you will find some more error while bring up liferay7 so please avoid those initializing portal error so please delete one more folder i.e. osgi/state.
liferay-ce-portal-7.0-ga4\osgi\state
iv. One more common issue we see if we have multiple web sites and there domain configure with its so some cookie error you will get so you need to add one tag inside context.xml file.
Tag –
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />
Inside context.xml file.
liferay-ce-portal-7.0-ga4\tomcat-8.5.5\conf\context.xml file
v. If you have multiple web site inside the liferay7 so just bring the SSL Certificate in you server home directory and put those entry to you server.xml file.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="/C:/Users/user/tomcat1.keystore"
certificateKeystoreFile="/C:/Users/user/tomcat2.keystore" />
</SSLHostConfig>
</Connector>
vi. After this you need to delete all the logs and run the startup.sh file from bin folder in tomcat8.5
If you find any issue with this so please reply and shared with me this is my use case which I checked don’t know if you try to do this on your machine with your configuration may be facing some more referent error.
TIA....
Liferay 7 and Liferay DXP are only tested with Tomcat version 8.0, so to avoid issues you should not use version 8.5.
See the compatibility matrix of 7.0 GA4 here: https://community.liferay.com/news/liferay-portal-7-0-ce-ga4-release/ only Tomcat 8.0 and Wildfly 10.0 are tested.
See the compatibility matrix of 7.0 GA4 here: https://community.liferay.com/news/liferay-portal-7-0-ce-ga4-release/ only Tomcat 8.0 and Wildfly 10.0 are tested.
The recent vulnerability discovered in Tomcat (https://www.chaitin.cn/en/ghostcat) is only fixed in the 8.5.x . Tomcat 8.0 is no longer maintained and won't get a fix for that. So how would you suggest to address this security issue with Liferay 7.0?
You can disable the ajp connector if you don't use it. Then you are fine.
If you need the connector, you could decide that you want to switch to http protocol.
If you can't do that block access to it from outside (e.g. using a firewall, local firewall, Iptables, ...) and/or hosts that should not access it. Also, set a secret and secretRequired on the connector and in apache mod_proxy.
If you use the ajp connector with a local Apache, configure the ajp listener to listen only on localhost (add address="127.0.0.1" to the Connector).
With that configuration, an attacker would need to attack from a specific host and know the secret.
Even if you upgrade, which should work, but is quite the hassle, you basically should/need to follow the above steps.
If you need the connector, you could decide that you want to switch to http protocol.
If you can't do that block access to it from outside (e.g. using a firewall, local firewall, Iptables, ...) and/or hosts that should not access it. Also, set a secret and secretRequired on the connector and in apache mod_proxy.
If you use the ajp connector with a local Apache, configure the ajp listener to listen only on localhost (add address="127.0.0.1" to the Connector).
With that configuration, an attacker would need to attack from a specific host and know the secret.
Even if you upgrade, which should work, but is quite the hassle, you basically should/need to follow the above steps.
Thomas Kellerer:
Not only is Tomcat 8.0 no longer supported: Liferay 7.0 (CE) is also no longer supported. IMHO the danger of running an unsupported web application on top of a vulnerable appserver (where you can properly disable/firewall one open port, and you should have always done that with AJP) is larger on the side of the application side than on the appserver side.
The recent vulnerability discovered in Tomcat (https://www.chaitin.cn/en/ghostcat) is only fixed in the 8.5.x . Tomcat 8.0 is no longer maintained and won't get a fix for that. So how would you suggest to address this security issue with Liferay 7.0?
If you're keen on no longer running vulnerable software: Work on upgrading Liferay. And keep it up to date. That's just what you're getting into, when you decide to run any web-facing software, but many are in denial for that.
Copyright © 2025 Liferay, Inc
• Privacy Policy
Powered by Liferay™