date:20151209


On 09.12.2015 01:13, Yu, Yujin wrote:

Hi,
Please kindly remove myself in this e-mail group.


Please see instructions for that at the bottom of *each message* on this list.
...



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Creating another Tomcat copy in hot stand-by when original goes down.

Hi everyone,

@Andre : Yes, the material is quite enough, I am using a AJP connector and
as Spring-security automatically rewrites/redirects to https, that is not
the problem I am having. The problem is that even if *one* Tomcat is going
down, the whole setup is dying, Not the point of this task. I want to keep
one alive and it should keep working.

@Chris : I have no option other then Apache httpd as I see it now, I have
already configured some stuff, which I will be posting below. What I want
is to load-balance between both the Tomcat's, but if one goes down, the
other one should still work. I have already put the JSESSIONID(consumed by
Spring-security), in the config. The problem I am having right now is that
even if *one* tomcat goes down, then I get a 503, service not available.
What am I doing wrong?

Also, is there any way to detect which Tomcat is being used by the user
right now?

Here are the changes I made :


For apache2 in sites-enabled/000-default  :



BalancerMember ajp://localhost:8010 route=jvmroute-first
connectiontimeout=10
BalancerMember http://localhost:8011 route=jvmroute-second
connectiontimeout=10

   ProxySet stickysession=JSESSIONID

   Order Deny,Allow
   Deny from none
   Allow from all




ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/




First Apache tomcat instance :





Connector port="8010" protocol="AJP/1.3" redirectPort="443"
URIEncoding="utf-8"
 compressableMimeType="text/html,text/xml,text/plain,text/css,text/
javascript,application/x-javascript,application/javascript"
/>
  
 // No modifications inside


Second tomcat instance :





  

// No modifications inside




So if I shut down one tomcat, then I cannot access the site. What is the
mistake I am making. Kindly let me know. Thank you.


On Wed, Dec 9, 2015 at 1:29 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Akshay,
>
> On 12/8/15 8:07 AM, Kernel freak wrote:
> > I am working on a Debian server in which I would like to setup 2
> instances
> > of Apache tomcat which will be load balanced by an Apache HTTP server(Do
> I
> > require a http server? ). In-case one copy of Apache tomcat goes down,
> the
> > other one will automatically comes online.
>
> You won't require Apache httpd, but you will need some kind of proxying
> server. Nginx and haproxy will work. Squid, Varnish, etc. will
> presumably all work as well. This community has expertise with Apache
> httpd -> Tomcat as well as some others. I personally have only ever used
> Apache httpd (and likely haproxy, though I don't actually know what AWS
> ELB is using. In either case, I don't configure it directly, so it
> doesn't matter).
>
> > While I was creating a configuration for one of our server, I know how to
> > relay requests based upon URL to Apache Tomcat, these are the 2 things I
> > don't know.
> >
> > 1) Will this work with https? Reason I ask is, there are many pages which
> > are served under https and the configuration which I have and shown below
> > seems to be calling with http instead of https.
> >
> > 2) How to trigger the 2nd copy of tomcat.
> >
> > Here is what I have till  now in Apache web server :
> >
> > // Below is the redirection for tomcat webapps.
> > 
> > ServerName www.domain_tomcat.de
> > ServerAlias domain_tomcat.de
> > ProxyRequests on
>
> I don't think you want this *at all*. "ProxyRequests" is for
> forward-proxying, like providing a MITM for outgoing HTTP traffic.
>
> > ProxyPreserveHost On
> > 
> > Order deny,allow
> > Allow from all
> > 
> >
> > // I was thinking instead of routing to maintenance.html, I would start
> the
> > other app, but that sounds quite hackish. I thought there might be a
> better
> > way.
> >  ErrorDocument 503 /maintenance.html
> >  ErrorDocument 404 /maintenance.html
> >  ErrorDocument 500 /maintenance.html
> >
> > ProxyPass /maintenance.html !
> >
> > // As you can see below, I am redirecting with http, which is my first
> > point, will it automatically redirect to https, as tomcat webapp is using
> > Spring-security and it has specific paths for which it must use https.
> > ProxyPass / http://localhost:8080/
> > ProxyPassReverse / http://localhost:8080/
>
> If your VirtualHost supports HTTPS, then you can still use
> http://localhost:8080 as your target. You just need to make sure that
> you send-over all the appropriate headers to the back-end server, and
> enable the various Valves on the Tomcat side to handle the proxying of
> this information:
>
> http://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Proxies_Support
>
> > 
> > Order allow,deny
> > Allow from all
> > 
> > 
> >
> > My tomcat config is rather simple :
> >
> >  > protocol="org.apache.coyote.http11.Http11NioProtocol" compression="force"
> > compressionMinSize="1024"
> >connectionTimeout="2"  maxPostSize="5242880"
> >URIEncoding="utf-8"
> >  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> >

Re: Custom Connector class

On 09/12/2015 11:13, Roel Storms wrote:
> Hello,
> 
> In Tomcat 4.1 it used to be possible to specify a custom class for the
> Connector: https://tomcat.apache.org/tomcat-4.1-doc/config/coyote.html
> 
> In the newest versions it's only possible to provide a custom Protocol.
> However I would like to modify the Request that is created by the
> Connector.createRequest() method. Is this no longer possible via
> configuration?

Currently, this is not possible and hasn't been for quite some time
(over a decade).

What is your real requirement? Or in other words, what requirement are
you trying to meet by replacing the Request implementation?

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Thread Dump

2015-12-09 Thread Konstantin Kolinko

2015-12-09 10:09 GMT+03:00 Yogesh Patel :
> *Tomcat version* : 7.0.53
> *OS *: Windows 7
>
> We are using tomcat as standalone application not as service, In task
> manager it does not showing PID for Tomcat. How to get PID of that tomcat
> in order to take tomcat thread dump.

Task Manager in Windows can be configured to show additional columns
(see View menu).

> What are the best practice  to take thread dump and what are the commands
> for windows7 system.
>

https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics
-> How To: Capture a thread dump

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AW: Tomcat closes a websocket connection with an error

On 09/12/2015 10:13, Daniel Kretz wrote:
> Thanks for your answer.
> 
> But if it is a firewall, that drops the connection, why not for the
> websocket ws://echo.websocket.org which is not hosted on a Tomcat server?
> What has this websocket what the websocket on a tomcat server not have?

Regular pings?

> I would agree with you if the connection of other websockets will also
> dropped.

The counter argument also applies. If the app works on your network,
what does the client's network do that yours doesn't?

Mark


> 
> 
> -Ursprüngliche Nachricht-
> Von: Mark Thomas [mailto:ma...@apache.org] 
> Gesendet: Dienstag, 8. Dezember 2015 13:35
> An: Tomcat Users List
> Betreff: Re: Tomcat closes a websocket connection with an error
> 
> On 08/12/2015 11:49, Daniel Kretz wrote:
>> We have tested it with and without SSL and on two different servers.
>> Only in the customer network the connection breaks with a error.
> 
> 
> 
>> 08-Dec-2015 10:20:37.757 SEVERE [http-apr-8081-exec-2] 
>> org.apache.tomcat.websocket.pojo.PojoEndpointBase.onError No error 
>> handling configured for [websocket.echo.EchoAnnotation] and the 
>> following error occurred
>>
>> java.io.IOException: Unexpected error [730,054] reading data from the 
>> APR/native socket [1,639,490,672] with wrapper 
>>
> [org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper@231e01e4:1639490672
> ].
> 
> Take that error code and subtract 720,000 to give 10054 which is the OS
> error message.
> 
> Google that and you get "Connection reset by peer"
> 
> i.e., the client dropped the connection. There is nothing Tomcat can do
> about that.
> 
> 
> 
>> If we starts the test on http://www.websocket.org/echo.html in the 
>> customer network, the connection will not stop with an error.
>>
>> For me it looks like a problem with Tomcat. But what can I do to make 
>> it run properly?
> 
> Interesting. Looks more like a network issue to me. Maybe a firewall
> dropping connections after a set period.
> 
> Mark
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Custom Connector class

2015-12-09 Thread Konstantin Kolinko

2015-12-09 14:13 GMT+03:00 Roel Storms :
> Hello,
>
> In Tomcat 4.1 it used to be possible to specify a custom class for the
> Connector: https://tomcat.apache.org/tomcat-4.1-doc/config/coyote.html
>
> In the newest versions it's only possible to provide a custom Protocol.
> However I would like to modify the Request that is created by the
> Connector.createRequest() method. Is this no longer possible via
> configuration?
>


As a note:
If such a feature ever going to be implemented, the place to fix is
org.apache.catalina.startup.ConnectorCreateRule class.

Instances of Connector are created via that rule, instead of a
standard class creation rule, and so (unlike other elements processed
by digester) className attribute does not work here.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Custom Connector class


On 09.12.2015 14:03, Roel Storms wrote:

The real requirement is being able to process the body of a request in a
Valve without restricting the servlet to call request.getInputStream,
getReader and getStream. I have tried by wrapping the request but some
behavior can't be masked. It is also much more simple to implement by just
extending the Request class and using this in Connector.createRequest().

So the actual requirement is a Valve wanting to process the body but still
allowing the target application to call whatever processing method they
chose. When the Valve would chose to process the body by calling
Request.getInputStream(). The servlet wouldn't be able to call getReader or
getParam anymore. I would like my Valve to be transparent in that sense.


I am no java nor Tomcat guru, so take this with caution :
Looking at

http://tomcat.apache.org/tomcat-8.0-doc/config/http.html#Common_Attributes
--> maxSavePostSize

makes me think that there is a case where tomcat saves an incoming request body, and 
restores it afterward (after the authentication).  Since the authentication takes place 
before the webapp is called, it cannot know the way in which the webapp is going to 
consume the request body. So the saved body must be saved in such a way, that the webapp 
can afterward consume it in the way it chooses.

Doesn't that provide some clue on how to solve your problem ?





2015-12-09 13:07 GMT+01:00 Konstantin Kolinko :


2015-12-09 14:13 GMT+03:00 Roel Storms :

Hello,

In Tomcat 4.1 it used to be possible to specify a custom class for the
Connector: https://tomcat.apache.org/tomcat-4.1-doc/config/coyote.html

In the newest versions it's only possible to provide a custom Protocol.
However I would like to modify the Request that is created by the
Connector.createRequest() method. Is this no longer possible via
configuration?




As a note:
If such a feature ever going to be implemented, the place to fix is
org.apache.catalina.startup.ConnectorCreateRule class.

Instances of Connector are created via that rule, instead of a
standard class creation rule, and so (unlike other elements processed
by digester) className attribute does not work here.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Custom Connector class

2015-12-09 Thread Roel Storms

The real requirement is being able to process the body of a request in a
Valve without restricting the servlet to call request.getInputStream,
getReader and getStream. I have tried by wrapping the request but some
behavior can't be masked. It is also much more simple to implement by just
extending the Request class and using this in Connector.createRequest().

So the actual requirement is a Valve wanting to process the body but still
allowing the target application to call whatever processing method they
chose. When the Valve would chose to process the body by calling
Request.getInputStream(). The servlet wouldn't be able to call getReader or
getParam anymore. I would like my Valve to be transparent in that sense.


2015-12-09 13:07 GMT+01:00 Konstantin Kolinko :

> 2015-12-09 14:13 GMT+03:00 Roel Storms :
> > Hello,
> >
> > In Tomcat 4.1 it used to be possible to specify a custom class for the
> > Connector: https://tomcat.apache.org/tomcat-4.1-doc/config/coyote.html
> >
> > In the newest versions it's only possible to provide a custom Protocol.
> > However I would like to modify the Request that is created by the
> > Connector.createRequest() method. Is this no longer possible via
> > configuration?
> >
>
>
> As a note:
> If such a feature ever going to be implemented, the place to fix is
> org.apache.catalina.startup.ConnectorCreateRule class.
>
> Instances of Connector are created via that rule, instead of a
> standard class creation rule, and so (unlike other elements processed
> by digester) className attribute does not work here.
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Custom Connector class

2015-12-09 Thread Roel Storms

Hello,

In Tomcat 4.1 it used to be possible to specify a custom class for the
Connector: https://tomcat.apache.org/tomcat-4.1-doc/config/coyote.html

In the newest versions it's only possible to provide a custom Protocol.
However I would like to modify the Request that is created by the
Connector.createRequest() method. Is this no longer possible via
configuration?

Kind regards,

Roel Storms

Failover not working even after configuration.

I am working on Apache and tomcat to setup Load-balancing and fail-over.
Initially I thought that load-balancing would include fail-over, but I was
wrong. I thought that if one instance is not active, then consuming other
instance also becomes a part of load-management. Enough with the
terminologies, I setup fail-over, but the ironical part is fail-over itself
is failing.

As soon as I shut down one instance of tomcat, the entire setup is dead and
I am getting 503. Can someone help me understand what is the problem.

Added this in apache2.conf :

JkWorkersFile /etc/apache2/workers.properties
JkMount /* loadbalancer

workers.properties :

worker.list=loadbalancer
 worker.server1.port=8010
 worker.server1.host=localhost
 worker.server1.type=ajp13

 worker.server2.port=8011
 worker.server2.host=localhost
 worker.server2.type=ajp13

 worker.server1.lbfactor=1
 worker.server2.lbfactor=1

 worker.loadbalancer.type=lb
 worker.loadbalancer.balance_workers=server1,server2
worker.loadbalancer.method=B
worker.balancer.sticky_session=True

000-default in sites-enabled :


JkMountCopy On
BalancerMember ajp://localhost:8010 route=server1 connectiontimeout=10
BalancerMember ajp://localhost:8011 route=server2 connectiontimeout=10

   ProxySet stickysession=JSESSIONID|jsessionid
   Order Deny,Allow
   Deny from none
   Allow from all

ProxyRequests off
ProxyPass /balancer-manager !ProxyPass /
balancer://mycluster/ProxyPassReverse /
balancer://mycluster/
SetHandler balancer-manager
Order Deny,AllowDeny from noneAllow from all


First tomcat's server.xml :




   

// No modifications inside

Second Tomcat's server.xml :





 

// No modifications here












I am working on Apache and tomcat to setup Load-balancing and
fail-over. Initially I thought that load-balancing would include
fail-over,
 but I was wrong. I thought that if one instance is not active, then
consuming other instance also becomes a part of load-management. Enough
with the terminologies, I setup fail-over, but the ironical part is
fail-over itself is failing.

As soon as I shut down one instance of tomcat, the entire setup is
dead and I am getting 503. Can someone help me understand what is the
problem.

Added this in apache2.conf :

JkWorkersFile /etc/apache2/workers.properties
JkMount /* loadbalancer

workers.properties :

GNU nano 2.2.6 File: workers.properties

 worker.list=loadbalancer
 worker.server1.port=8010
 worker.server1.host=localhost
 worker.server1.type=ajp13

 worker.server2.port=8011
 worker.server2.host=localhost
 worker.server2.type=ajp13

 worker.server1.lbfactor=1
 worker.server2.lbfactor=1

 worker.loadbalancer.type=lb
 worker.loadbalancer.balance_workers=server1,server2
worker.loadbalancer.method=B
worker.balancer.sticky_session=True

000-default in sites-enabled :

JkMountCopy On
BalancerMember ajp://localhost:8010 route=server1 connectiontimeout=10
BalancerMember ajp://localhost:8011 route=server2 connectiontimeout=10

   ProxySet stickysession=JSESSIONID|jsessionid
   Order Deny,Allow
   Deny from none
   Allow from all

ProxyRequests off
ProxyPass /balancer-manager !ProxyPass /
balancer://mycluster/ProxyPassReverse /
balancer://mycluster/
SetHandler balancer-manager
Order Deny,AllowDeny from noneAllow from all

First tomcat's server.xml :




   

// No modifications inside

Second Tomcat's server.xml :




 

// No modifications here


What mistake I am making in the config for implementing load-balancing and
fail-over together. Thanks a lot.

RE: WebEx meeting invitation: Apache Tomcat: TLS Virtual Hosting

2015-12-09 Thread Cris Berneburg - US

Aww phooey, I missed it!  I set my reminder incorrectly and ended up trying to 
sign in 20 minutes late.  By the time I did sign in, the place was empty.  
“Hello, anybody there?”

--
Cris Berneburg, Lead Software Engineer
CACI, IRMA Project, 703-679-5313

From: Mark Thomas [mailto:messen...@webex.com]
Sent: Wednesday, December 02, 2015 5:59 AM
To: users@tomcat.apache.org
Subject: WebEx meeting invitation: Apache Tomcat: TLS Virtual Hosting

Hello,

Mark Thomas invites you to join this WebEx meeting.





Apache Tomcat: TLS Virtual Hosting

Tuesday, 8 December 2015

21:00  |  GMT Time (London, GMT)  |  1 hr





Join WebEx meeting 



Meeting number:

642 749 240






Join by phone

Call-in toll-free number: 1-877-8818371  (US)

Call-in number: 1-617-3374371  (US)

Show global 
numbers

Attendee access code: 289 459 03





Add this 
meeting
 to your calendar.





Can't join the meeting? Contact support.





IMPORTANT NOTICE: Please note that this WebEx service allows audio and other 
information sent during the session to be recorded, which may be discoverable 
in a legal matter. By joining this session, you automatically consent to such 
recordings. If you do not consent to being recorded, discuss your concerns with 
the host or do not join the session.

Re: WebEx meeting invitation: Apache Tomcat: TLS Virtual Hosting

On 09/12/2015 13:39, Cris Berneburg - US wrote:
> Aww phooey, I missed it!  I set my reminder incorrectly and ended up trying 
> to sign in 20 minutes late.  By the time I did sign in, the place was empty.  
> “Hello, anybody there?”

All is not lost:

https://www.youtube.com/channel/UCpqpJ0-G1lYfUBQ6_36Au_g

Mark


> 
> --
> Cris Berneburg, Lead Software Engineer
> CACI, IRMA Project, 703-679-5313
> 
> From: Mark Thomas [mailto:messen...@webex.com]
> Sent: Wednesday, December 02, 2015 5:59 AM
> To: users@tomcat.apache.org
> Subject: WebEx meeting invitation: Apache Tomcat: TLS Virtual Hosting
> 
> Hello,
> 
> Mark Thomas invites you to join this WebEx meeting.
> 
> 
> 
> 
> 
> Apache Tomcat: TLS Virtual Hosting
> 
> Tuesday, 8 December 2015
> 
> 21:00  |  GMT Time (London, GMT)  |  1 hr
> 
> 
> 
> 
> 
> Join WebEx meeting 
> 
> 
> 
> Meeting number:
> 
> 642 749 240
> 
> 
> 
> 
> 
> 
> Join by phone
> 
> Call-in toll-free number: 1-877-8818371  (US)
> 
> Call-in number: 1-617-3374371  (US)
> 
> Show global 
> numbers
> 
> Attendee access code: 289 459 03
> 
> 
> 
> 
> 
> Add this 
> meeting
>  to your calendar.
> 
> 
> 
> 
> 
> Can't join the meeting? Contact support.
> 
> 
> 
> 
> 
> IMPORTANT NOTICE: Please note that this WebEx service allows audio and other 
> information sent during the session to be recorded, which may be discoverable 
> in a legal matter. By joining this session, you automatically consent to such 
> recordings. If you do not consent to being recorded, discuss your concerns 
> with the host or do not join the session.
> 
> 
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Extending Apache Tomcat's Single Sign On feature with org.apache.catalina.authenticator.SingleSignOn

2015-12-09 Thread Chiranga Alwis

Hi,

I have been attempting to extend the Single Sign On feature of Apache
Tomcat by extending the org.apache.catalina.authenticator.SingleSignOn
class.

My attempt is to create a Java Maven project extending the above class
which outputs a jar and add the resultant jar file to the
$CATALINA_HOME/lib folder of the Tomcat distribution. Further, in order to
use the implementation, add it as a Valve in the server.xml file.

I am quite new to these technologies and I am not entirely sure whether
this is the correct approach.

Any help or suggestions with regards to this approach and validity of the
steps is highly appreciated.


Yours sincerely,

Chiranga

Re: Extending Apache Tomcat's Single Sign On feature with org.apache.catalina.authenticator.SingleSignOn

2015-12-09 Thread kidambi madhu

Hi Chiranga,

Are you providing the SSO feature as a server side single Sign on or as a
Servlet that can be used as a Controller in the desired apps to enable
Application SSO?

Regards,
Madhu

On Wed, Dec 9, 2015 at 8:43 PM, Chiranga Alwis 
wrote:

> Hi,
>
> I have been attempting to extend the Single Sign On feature of Apache
> Tomcat by extending the org.apache.catalina.authenticator.SingleSignOn
> class.
>
> My attempt is to create a Java Maven project extending the above class
> which outputs a jar and add the resultant jar file to the
> $CATALINA_HOME/lib folder of the Tomcat distribution. Further, in order to
> use the implementation, add it as a Valve in the server.xml file.
>
> I am quite new to these technologies and I am not entirely sure whether
> this is the correct approach.
>
> Any help or suggestions with regards to this approach and validity of the
> steps is highly appreciated.
>
>
> Yours sincerely,
>
> Chiranga
>

Re: Failover not working even after configuration.



On 09.12.2015 15:56, Kernel freak wrote:

I am working on Apache and tomcat to setup Load-balancing and fail-over.
Initially I thought that load-balancing would include fail-over, but I was
wrong. I thought that if one instance is not active, then consuming other
instance also becomes a part of load-management.


It should :
quote : http://tomcat.apache.org/connectors-doc/reference/workers.html

 Load balancer management includes:

Instantiating the workers in the web server.
Using the worker's load-balancing factor, perform weighed-round-robin load balancing 
where high lbfactor means stronger machine (that is going to handle more requests)

Keeping requests belonging to the same session executing on the same Tomcat 
worker.
Identifying failed Tomcat workers, suspending requests to them and instead 
fall-backing on other workers managed by the lb worker.


The overall result is that workers managed by the same lb worker are load-balanced (based 
on their lbfactor and current user session) and also fall-backed so a single Tomcat 
process death will not "kill" the entire site.



 Enough with the

terminologies, I setup fail-over, but the ironical part is fail-over itself
is failing.

As soon as I shut down one instance of tomcat, the entire setup is dead and
I am getting 503. Can someone help me understand what is the problem.



Maybe the first step would be to remove the irrelevant parts of he 
configuration below.
Also, please make an effort at formatting your email, in plain text.
What comes below is almost unreadable as it is.
(Even in the original mail to the list, see by yourself)

I have reformatted what I could..


Added this in apache2.conf :

JkWorkersFile /etc/apache2/workers.properties
JkMount /* loadbalancer

workers.properties :

worker.list=loadbalancer
  worker.server1.port=8010
  worker.server1.host=localhost
  worker.server1.type=ajp13

  worker.server2.port=8011
  worker.server2.host=localhost
  worker.server2.type=ajp13

  worker.server1.lbfactor=1
  worker.server2.lbfactor=1

  worker.loadbalancer.type=lb
  worker.loadbalancer.balance_workers=server1,server2
worker.loadbalancer.method=B
worker.balancer.sticky_session=True

000-default in sites-enabled :


JkMountCopy On




 BalancerMember ajp://localhost:8010 route=server1 connectiontimeout=10
 BalancerMember ajp://localhost:8011 route=server2 connectiontimeout=10

ProxySet stickysession=JSESSIONID|jsessionid
Order Deny,Allow
Deny from none
Allow from all

ProxyRequests off
ProxyPass /balancer-manager !


ProxyPass /  balancer://mycluster/
ProxyPassReverse / balancer://mycluster/

SetHandler balancer-manager
Order Deny,Allow
Deny from none
Allow from all




First tomcat's server.xml :



On your front-end, you are re-directing everything to the tomcats, via AJP.
So this Connector is superfluous, and only makes the discussion more confusing :






Same for this one. You are using AJP, so you are never accessing tomcat directly via 
HTTPS. Useless :






This one is being used :



 
 // No modifications inside

Second Tomcat's server.xml :



useless, see above :





useless, see above :




Used:

  
 
 // No modifications here
 




Note : your HTTP(S) Connectors are useless, since nothing should in principle ever reach 
tomcat via HTTP(S). But if you are going to use the

redirectPort="8443"
attribute, you may at least ensure that the corresponding port is attended to.

So, I suggest that you clean up your configuration, and repost it in a more readable 
format. Then maybe we'll see something.














I am working on Apache and tomcat to setup Load-balancing and
fail-over. Initially I thought that load-balancing would include
fail-over,
  but I was wrong. I thought that if one instance is not active, then
consuming other instance also becomes a part of load-management. Enough
with the terminologies, I setup fail-over, but the ironical part is
fail-over itself is failing.

As soon as I shut down one instance of tomcat, the entire setup is
dead and I am getting 503. Can someone help me understand what is the
problem.

Added this in apache2.conf :

JkWorkersFile /etc/apache2/workers.properties
JkMount /* loadbalancer

workers.properties :

GNU nano 2.2.6 File: workers.properties

  worker.list=loadbalancer
  worker.server1.port=8010
  worker.server1.host=localhost
  worker.server1.type=ajp13

  worker.server2.port=8011
  worker.server2.host=localhost
  worker.server2.type=ajp13

  worker.server1.lbfactor=1
  worker.server2.lbfactor=1

  worker.loadbalancer.type=lb
  worker.loadbalancer.balance_workers=server1,server2
worker.loadbalancer.method=B
worker.balancer.sticky_session=True

000-default in sites-enabled :

JkMountCopy On
 BalancerMember ajp://localhost:8010 route=server1 connectiontimeout=10
 BalancerMember ajp://localhost:8011 route=server2 connectiontimeout=10

ProxySet stickysession=JSESSIONID|jsessionid
Order Deny,Allow
Deny

Apache failover configuration not working(Update)

Hello friends,

I am working on a server-configuration in which I would like to setup
load-balancing with fail-over. Unfortunately, I am not having much luck
with the process. I will be posting my updated config, so it is easier to
understand. Kindly have a look.

First Tomcat's server.xml :


> SSLEnabled="true" maxThreads="200" compression="force"
>> compressionMinSize="1024" scheme="https" secure="true" clientAuth="false"
>>  sslProtocol="TLS"
>> keystoreFile="keystore.jks" keystorePass="PASSWORD" URIEncoding="utf-8"
>>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
>> javascript,application/x-javascript,application/javascript"
>> />
>>   // I didn't remove the above connector, as I didn't knew how to use SSL
>> with load-balancing and fail-over.
>>
>
>>  > URIEncoding="utf-8"
>>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
>> javascript,application/x-javascript,application/javascript"
>> />
>>
> 
>
>   unpackWARs="true" autoDeploy="true">
>  channelSendOptions="8">
>
>   expireSessionsOnShutdown="false"
>notifyListenersOnReplication="true"/>
>
>className="org.apache.catalina.tribes.group.GroupChannel">
>  className="org.apache.catalina.tribes.membership.McastService"
> address="228.0.0.4" // What kind of address is
> this?
> port="45564"
> frequency="500"
> dropTime="3000"/>
>  className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>   address="148.251.151.18"
>   port="4000"
>   autoBind="100"
>   selectorTimeout="5000"
>   maxThreads="6"/>
>
>  className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
>className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
> 
>  className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
>  className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>
>   
>  
>


Second tomcat config :

>
>  SSLEnabled="true" maxThreads="200" compression="force"
>   compressionMinSize="1024" scheme="https" secure="true"
> clientAuth="false"  sslProtocol="TLS"
> keystoreFile="keystore.jks" keystorePass="PAssword"
> URIEncoding="utf-8"
>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> javascript,application/x-javascript,application/javascript"
> />
>   URIEncoding="utf-8"
>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> javascript,application/x-javascript,application/javascript"
> />
> // The cluster config same as above, only the above stuff has changed.
>

workers.properties :

 worker.list=loadbalancer
>  worker.server1.port=8010
>  worker.server1.host=localhost
>  worker.server1.type=ajp13
>
>  worker.server2.port=8011
>  worker.server2.host=localhost
>  worker.server2.type=ajp13
>
>  worker.server1.lbfactor=1
>  worker.server2.lbfactor=1
>
>  worker.loadbalancer.type=lb
>  worker.loadbalancer.balance_workers=server1,server2
> worker.loadbalancer.method=B
> worker.balancer.sticky_session=true
>


 000-defaults in sites-enabled

JkMountCopy On
> 
> BalancerMember ajp://localhost:8010 route=server1 connectiontimeout=10
> BalancerMember ajp://localhost:8011 route=server2 connectiontimeout=10
>
>ProxySet stickysession=JSESSIONID|jsessionid
>Order Deny,Allow
>Deny from none
>Allow from all
>
> 
>
> 
> ProxyRequests off
>
> ProxyPass /balancer-manager !
> ProxyPass / balancer://mycluster/
> ProxyPassReverse / balancer://mycluster/
> 
>
> 
> SetHandler balancer-manager
>
> Order Deny,Allow
> Deny from none
> Allow from all
> 
>


This added in apache2.conf :

JkWorkersFile /etc/apache2/workers.properties
>
> JkMount /* loadbalancer
>


Now, when both the tomcat versions are online, then I have no issues, but
as soon as one tomcat goes down, then the whole setup dies. What am I doing
wrong. Also, if I remove connector for 443, should I also remove the
redirectPort in AJP connector. Kindly let me know. Thank you.

Re: Failover not working even after configuration.

Hi,

Thank you for finding out that mistake with port-number. What I fail to
understand is, where to redirect the AJP request then? Can you tell me
that. I am as of now creating additional mail, as I changed the config and
added a Cluster in tomcat. I just need to know what's the deal with those
connectors, as the webapp requires https..

Should I remove that redirectPort in ajp? Kindly let me know. Thank you.

On Wed, Dec 9, 2015 at 4:46 PM, André Warnier (tomcat) 
wrote:

>
> On 09.12.2015 15:56, Kernel freak wrote:
>
>> I am working on Apache and tomcat to setup Load-balancing and fail-over.
>> Initially I thought that load-balancing would include fail-over, but I was
>> wrong. I thought that if one instance is not active, then consuming other
>> instance also becomes a part of load-management.
>>
>
> It should :
> quote : http://tomcat.apache.org/connectors-doc/reference/workers.html
>
>  Load balancer management includes:
>
> Instantiating the workers in the web server.
> Using the worker's load-balancing factor, perform weighed-round-robin
> load balancing where high lbfactor means stronger machine (that is going to
> handle more requests)
> Keeping requests belonging to the same session executing on the same
> Tomcat worker.
> Identifying failed Tomcat workers, suspending requests to them and
> instead fall-backing on other workers managed by the lb worker.
>
> The overall result is that workers managed by the same lb worker are
> load-balanced (based on their lbfactor and current user session) and also
> fall-backed so a single Tomcat process death will not "kill" the entire
> site.
>
>
>  Enough with the
>
>> terminologies, I setup fail-over, but the ironical part is fail-over
>> itself
>> is failing.
>>
>> As soon as I shut down one instance of tomcat, the entire setup is dead
>> and
>> I am getting 503. Can someone help me understand what is the problem.
>>
>>
> Maybe the first step would be to remove the irrelevant parts of he
> configuration below.
> Also, please make an effort at formatting your email, in plain text.
> What comes below is almost unreadable as it is.
> (Even in the original mail to the list, see by yourself)
>
> I have reformatted what I could..
>
>
> Added this in apache2.conf :
>>
>> JkWorkersFile /etc/apache2/workers.properties
>> JkMount /* loadbalancer
>>
>> workers.properties :
>>
>> worker.list=loadbalancer
>>   worker.server1.port=8010
>>   worker.server1.host=localhost
>>   worker.server1.type=ajp13
>>
>>   worker.server2.port=8011
>>   worker.server2.host=localhost
>>   worker.server2.type=ajp13
>>
>>   worker.server1.lbfactor=1
>>   worker.server2.lbfactor=1
>>
>>   worker.loadbalancer.type=lb
>>   worker.loadbalancer.balance_workers=server1,server2
>> worker.loadbalancer.method=B
>> worker.balancer.sticky_session=True
>>
>> 000-default in sites-enabled :
>>
>>
>> JkMountCopy On
>>
>
> 
>
>>  BalancerMember ajp://localhost:8010 route=server1
>> connectiontimeout=10
>>  BalancerMember ajp://localhost:8011 route=server2
>> connectiontimeout=10
>>
>> ProxySet stickysession=JSESSIONID|jsessionid
>> Order Deny,Allow
>> Deny from none
>> Allow from all
>> 
>> ProxyRequests off
>> ProxyPass /balancer-manager !
>>
>
> ProxyPass /  balancer://mycluster/
> ProxyPassReverse / balancer://mycluster/
> 
> SetHandler balancer-manager
> Order Deny,Allow
> Deny from none
> Allow from all
> 
>
>>
>>
>> First tomcat's server.xml :
>>
>>
> On your front-end, you are re-directing everything to the tomcats, via AJP.
> So this Connector is superfluous, and only makes the discussion more
> confusing :
>
> > compression="force" compressionMinSize="1024"
>> connectionTimeout="2"
>> redirectPort="443" URIEncoding="utf-8"
>>   compressableMimeType="text/html,text/xml,text/plain,text/css,text/
>> javascript,application/x-javascript,application/javascript"/>
>>
>>
> Same for this one. You are using AJP, so you are never accessing tomcat
> directly via HTTPS. Useless :
>
> > SSLEnabled="true" maxThreads="200" compression="force"
>>compressionMinSize="1024" scheme="https" secure="true"
>> clientAuth="false"  sslProtocol="TLS"
>>  keystoreFile="keystore_file" keystorePass="PASSWORD"
>> URIEncoding="utf-8"
>>   compressableMimeType="text/html,text/xml,text/plain,text/css,text/
>> javascript,application/x-javascript,application/javascript"/>
>>
>
> This one is being used :
>
> > URIEncoding="utf-8"
>>   compressableMimeType="text/html,text/xml,text/plain,text/css,text/
>> javascript,application/x-javascript,application/javascript"/>
>>  
>>  // No modifications inside
>>
>> Second Tomcat's server.xml :
>>
>>
>> useless, see above :
>
> > compression="force" compressionMinSize="1024"
>> connectionTimeout="2"
>> redirectPort="443" URIEncoding="utf-8"
>>   compressableMimeType="text/html,text/xml,text/plain,text/css,text/
>>

Re: Apache failover configuration not working(Update)

Yes, I can do that, but Spring-security switches back and forth http/https
depending upon the security-configuration in webapp, that's why I have not
removed it.

What do you mean by your worker members should appear in
workers.properties?

 File:
workers.properties


 worker.list=loadbalancer
 worker.server1.port=8010
 worker.server1.host=localhost
 worker.server1.type=ajp13

 worker.server2.port=8011
 worker.server2.host=localhost
 worker.server2.type=ajp13

 worker.server1.lbfactor=1
 worker.server2.lbfactor=1

 worker.loadbalancer.type=lb
 worker.loadbalancer.balance_workers=server1,server2
worker.loadbalancer.method=B
worker.loadbalancer.sticky_session_force=false
worker.loadbalancer.sticky_session=false








On Wed, Dec 9, 2015 at 5:31 PM, Mikel Ibiricu  wrote:

> Hi
>
> I was reading your previous message and Andre's reply and I could not
> figured out why you don't manage https certificates in Apache Httpd and
> take all its configuration out of the tomcats.
>
> Second way, not sure about that, it's been a while since the last time I
> used a load balancer, but should not the load balancer worker members
> appear in the workers.properties' worker_list?
>
> Regards,
> Mikel
> El 09/12/2015 17:24, "Kernel freak"  escribió:
>
> > Hello friends,
> >
> > I am working on a server-configuration in which I would like to setup
> > load-balancing with fail-over. Unfortunately, I am not having much luck
> > with the process. I will be posting my updated config, so it is easier to
> > understand. Kindly have a look.
> >
> > First Tomcat's server.xml :
> >
> >
> >  > >> SSLEnabled="true" maxThreads="200" compression="force"
> > >> compressionMinSize="1024" scheme="https" secure="true"
> > clientAuth="false"
> > >>  sslProtocol="TLS"
> > >> keystoreFile="keystore.jks" keystorePass="PASSWORD"
> URIEncoding="utf-8"
> > >>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> > >> javascript,application/x-javascript,application/javascript"
> > >> />
> > >>   // I didn't remove the above connector, as I didn't knew how to use
> > SSL
> > >> with load-balancing and fail-over.
> > >>
> > >
> > >>   > >> URIEncoding="utf-8"
> > >>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> > >> javascript,application/x-javascript,application/javascript"
> > >> />
> > >>
> > > 
> > >
> > >   > > unpackWARs="true" autoDeploy="true">
> > > > >  channelSendOptions="8">
> > >
> > >> className="org.apache.catalina.ha.session.DeltaManager"
> > >expireSessionsOnShutdown="false"
> > >notifyListenersOnReplication="true"/>
> > >
> > >> > className="org.apache.catalina.tribes.group.GroupChannel">
> > >  > > className="org.apache.catalina.tribes.membership.McastService"
> > > address="228.0.0.4" // What kind of address is
> > > this?
> > > port="45564"
> > > frequency="500"
> > > dropTime="3000"/>
> > >  > > className="org.apache.catalina.tribes.transport.nio.NioReceiver"
> > >   address="148.251.151.18"
> > >   port="4000"
> > >   autoBind="100"
> > >   selectorTimeout="5000"
> > >   maxThreads="6"/>
> > >
> > >  > >
> className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
> > >> >
> >
> className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
> > > 
> > >  > >
> >
> className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
> > >  > >
> >
> className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>
> > >   
> > >  
> > >
> >
> >
> > Second tomcat config :
> >
> > >
> > >  > > SSLEnabled="true" maxThreads="200" compression="force"
> > >   compressionMinSize="1024" scheme="https" secure="true"
> > > clientAuth="false"  sslProtocol="TLS"
> > > keystoreFile="keystore.jks" keystorePass="PAssword"
> > > URIEncoding="utf-8"
> > >  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> > > javascript,application/x-javascript,application/javascript"
> > > />
> > >   > > URIEncoding="utf-8"
> > >  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> > > javascript,application/x-javascript,application/javascript"
> > > /> jvmRoute="server2">
> > > // The cluster config same as above, only the above stuff has changed.
> > >
> >
> > workers.properties :
> >
> >  worker.list=loadbalancer
> > >  worker.server1.port=8010
> > >  worker.server1.host=localhost
> > >  worker.server1.type=ajp13
> > >
> > >  worker.server2.port=8011
> > >  worker.server2.host=localhost
> > >  worker.server2.type=ajp13
> > >
> > >  worker.server1.lbfactor=1
>

Re: WebEx meeting invitation: Apache Tomcat: TLS Virtual Hosting

2015-12-09 Thread Rainer Frey (Inxmail GmbH)

Hi,

> On 08.12.2015, at 11:41, Mark Thomas  wrote:
> The meetings are currently set up so you have to use a telephone to
> connect to the audio. You can either dial in or get the system to call
> you back.

I am pretty sure that I have attended webex meetings with audio in the webex 
client.
Would it be possible to set up future webinars like that? Having to use a phone 
is
quite cumbersome.

Also, audio quality of the youtube recording is really bad (at least this time).
Any improvement would be appreciated.

Thanks
Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: WebEx meeting invitation: Apache Tomcat: TLS Virtual Hosting

On 09/12/2015 15:39, Rainer Frey (Inxmail GmbH) wrote:
> Hi,
> 
>> On 08.12.2015, at 11:41, Mark Thomas  wrote:
>> The meetings are currently set up so you have to use a telephone to
>> connect to the audio. You can either dial in or get the system to call
>> you back.
> 
> I am pretty sure that I have attended webex meetings with audio in the webex 
> client.
> Would it be possible to set up future webinars like that? Having to use a 
> phone is
> quite cumbersome.

Because of how $work have purchased WebEx (and I am using $work's
account) the options are all telephone or all VOIP. There is no way to
support both for the same meeting.

I have opted for telephone to date but we can experiment with VOIP for
the next if that is what people prefer.

> Also, audio quality of the youtube recording is really bad (at least this 
> time).
> Any improvement would be appreciated.

I used exactly the same equipment. Maybe the line was bad. I'm looking
into getting a headset for future webinars which should give a more
consistent quality.

Depending on how bad the YouTube recording is (the bits I sampled were
OK) we do have the option of re-recording the audio (although it would
probably be easier just to re-record the whole thing).

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache failover configuration not working(Update)

2015-12-09 Thread Mikel Ibiricu

Hi

I was reading your previous message and Andre's reply and I could not
figured out why you don't manage https certificates in Apache Httpd and
take all its configuration out of the tomcats.

Second way, not sure about that, it's been a while since the last time I
used a load balancer, but should not the load balancer worker members
appear in the workers.properties' worker_list?

Regards,
Mikel
El 09/12/2015 17:24, "Kernel freak"  escribió:

> Hello friends,
>
> I am working on a server-configuration in which I would like to setup
> load-balancing with fail-over. Unfortunately, I am not having much luck
> with the process. I will be posting my updated config, so it is easier to
> understand. Kindly have a look.
>
> First Tomcat's server.xml :
>
>
>  >> SSLEnabled="true" maxThreads="200" compression="force"
> >> compressionMinSize="1024" scheme="https" secure="true"
> clientAuth="false"
> >>  sslProtocol="TLS"
> >> keystoreFile="keystore.jks" keystorePass="PASSWORD" URIEncoding="utf-8"
> >>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> >> javascript,application/x-javascript,application/javascript"
> >> />
> >>   // I didn't remove the above connector, as I didn't knew how to use
> SSL
> >> with load-balancing and fail-over.
> >>
> >
> >>   >> URIEncoding="utf-8"
> >>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> >> javascript,application/x-javascript,application/javascript"
> >> />
> >>
> > 
> >
> >   > unpackWARs="true" autoDeploy="true">
> > >  channelSendOptions="8">
> >
> >className="org.apache.catalina.ha.session.DeltaManager"
> >expireSessionsOnShutdown="false"
> >notifyListenersOnReplication="true"/>
> >
> >> className="org.apache.catalina.tribes.group.GroupChannel">
> >  > className="org.apache.catalina.tribes.membership.McastService"
> > address="228.0.0.4" // What kind of address is
> > this?
> > port="45564"
> > frequency="500"
> > dropTime="3000"/>
> >  > className="org.apache.catalina.tribes.transport.nio.NioReceiver"
> >   address="148.251.151.18"
> >   port="4000"
> >   autoBind="100"
> >   selectorTimeout="5000"
> >   maxThreads="6"/>
> >
> >  > className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
> >>
> className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
> > 
> >  >
> className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
> >  >
> className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>
> >   
> >  
> >
>
>
> Second tomcat config :
>
> >
> >  > SSLEnabled="true" maxThreads="200" compression="force"
> >   compressionMinSize="1024" scheme="https" secure="true"
> > clientAuth="false"  sslProtocol="TLS"
> > keystoreFile="keystore.jks" keystorePass="PAssword"
> > URIEncoding="utf-8"
> >  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> > javascript,application/x-javascript,application/javascript"
> > />
> >   > URIEncoding="utf-8"
> >  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> > javascript,application/x-javascript,application/javascript"
> > />
> > // The cluster config same as above, only the above stuff has changed.
> >
>
> workers.properties :
>
>  worker.list=loadbalancer
> >  worker.server1.port=8010
> >  worker.server1.host=localhost
> >  worker.server1.type=ajp13
> >
> >  worker.server2.port=8011
> >  worker.server2.host=localhost
> >  worker.server2.type=ajp13
> >
> >  worker.server1.lbfactor=1
> >  worker.server2.lbfactor=1
> >
> >  worker.loadbalancer.type=lb
> >  worker.loadbalancer.balance_workers=server1,server2
> > worker.loadbalancer.method=B
> > worker.balancer.sticky_session=true
> >
>
>
>  000-defaults in sites-enabled
>
> JkMountCopy On
> > 
> > BalancerMember ajp://localhost:8010 route=server1
> connectiontimeout=10
> > BalancerMember ajp://localhost:8011 route=server2
> connectiontimeout=10
> >
> >ProxySet stickysession=JSESSIONID|jsessionid
> >Order Deny,Allow
> >Deny from none
> >Allow from all
> >
> > 
> >
> > 
> > ProxyRequests off
> >
> > ProxyPass /balancer-manager !
> > ProxyPass / balancer://mycluster/
> > ProxyPassReverse / balancer://mycluster/
> > 
> >
> > 
> > SetHandler balancer-manager
> >
> > Order Deny,Allow
> > Deny from none
> > Allow from all
> > 
> >
>
>
> This added in apache2.conf :
>
> JkWorkersFile /etc/apache2/workers.properties
> >
> > JkMount /* loadbalancer
> >
>
>
> Now, when both the tomcat versions are online, then I have no issues, but
> as soon as one tomcat goes down, then the

Re: Custom Connector class

Roel,

On 12/9/15 8:03 AM, Roel Storms wrote:
> The real requirement is being able to process the body of a request in a
> Valve without restricting the servlet to call request.getInputStream,
> getReader and getStream. I have tried by wrapping the request but some
> behavior can't be masked. It is also much more simple to implement by just
> extending the Request class and using this in Connector.createRequest().
> 
> So the actual requirement is a Valve wanting to process the body but still
> allowing the target application to call whatever processing method they
> chose. When the Valve would chose to process the body by calling
> Request.getInputStream(). The servlet wouldn't be able to call getReader or
> getParam anymore. I would like my Valve to be transparent in that sense.

What you want to do can be done with a Valve as long as you don't mind a
bit of typing.

See this thread where I built pretty much exactly what you're requesting:
http://tomcat.markmail.org/thread/fumpfuspt7a3nesz

I implemented mine as a Filter, not as a Valve.

There's no need to go writing your own Request implementation.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Creating another Tomcat copy in hot stand-by when original goes down.

Akshay,

On 12/9/15 5:33 AM, Kernel freak wrote:
> @Andre : Yes, the material is quite enough, I am using a AJP connector and
> as Spring-security automatically rewrites/redirects to https, that is not
> the problem I am having. The problem is that even if *one* Tomcat is going
> down, the whole setup is dying, Not the point of this task. I want to keep
> one alive and it should keep working.

>From your configuration, you were pretty clearly using mod_proxy_http,
so you weren't using AJP at all.

> @Chris : I have no option other then Apache httpd as I see it now, I have
> already configured some stuff, which I will be posting below. What I want
> is to load-balance between both the Tomcat's, but if one goes down, the
> other one should still work. I have already put the JSESSIONID(consumed by
> Spring-security), in the config. The problem I am having right now is that
> even if *one* tomcat goes down, then I get a 503, service not available.
> What am I doing wrong?

I don't know. Using mod_jk, if one node goes down the others pick-up the
slack. I have much less experience with mod_proxy_*.

> Also, is there any way to detect which Tomcat is being used by the user
> right now?

On which end? You want to check from the client end? If you look at the
session id, it will have the jvmroute in it, appended onto the end. Your
session id will be something like "37680235094857.node1".

> Here are the changes I made :
> 
> For apache2 in sites-enabled/000-default  :
> 
> 
> 
> BalancerMember ajp://localhost:8010 route=jvmroute-first
> connectiontimeout=10
> BalancerMember http://localhost:8011 route=jvmroute-second
> connectiontimeout=10

Why are you using AJP for one connection and HTTP for the other? That's
going to get confusing.

>ProxySet stickysession=JSESSIONID
> 
>Order Deny,Allow
>Deny from none
>Allow from all
> 
> 

Other than the protocol games, this looks good so far.

> 
> ProxyPass / balancer://mycluster/
> ProxyPassReverse / balancer://mycluster/
> 
> 
> 
> 
> First Apache tomcat instance :
> 
>  compression="force" compressionMinSize="1024"
>connectionTimeout="2"
>redirectPort="443" URIEncoding="utf-8"
>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> javascript,application/x-javascript,application/javascript"/>
> 
> 
>  maxThreads="200" compression="force"
>   compressionMinSize="1024" scheme="https" secure="true"
> clientAuth="false"  sslProtocol="TLS"
> keystoreFile="domain.keystore" keystorePass="password"
> URIEncoding="utf-8"
>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> javascript,application/x-javascript,application/javascript"
> />
> Connector port="8010" protocol="AJP/1.3" redirectPort="443"
> URIEncoding="utf-8"
>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> javascript,application/x-javascript,application/javascript"
> />
>   
>  // No modifications inside
> 
> 
> Second tomcat instance :
> 
>  compression="force" compressionMinSize="1024"
>connectionTimeout="2"
>redirectPort="443" URIEncoding="utf-8"
>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> javascript,application/x-javascript,application/javascript"/>
> 
> 
>  maxThreads="200" compression="force"
>   compressionMinSize="1024" scheme="https" secure="true"
> clientAuth="false"  sslProtocol="TLS"
> keystoreFile="keystore" keystorePass="password"
> URIEncoding="utf-8"
>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> javascript,application/x-javascript,application/javascript"
> />
>URIEncoding="utf-8"
>  compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> javascript,application/x-javascript,application/javascript"
> />
>  jvmRoute="jvmroute-second">
> // No modifications inside
> 
> 
> So if I shut down one tomcat, then I cannot access the site. What is the
> mistake I am making. Kindly let me know. Thank you.

Consider configuring the balancer manager within httpd to see what's
going on:
http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html#balancer_manager

-chris


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: WebEx meeting invitation: Apache Tomcat: TLS Virtual Hosting

Mark,

On 12/9/15 8:46 AM, Mark Thomas wrote:
> On 09/12/2015 13:39, Cris Berneburg - US wrote:
>> Aww phooey, I missed it!  I set my reminder incorrectly and ended up trying 
>> to sign in 20 minutes late.  By the time I did sign in, the place was empty. 
>>  “Hello, anybody there?”
> 
> All is not lost:
> 
> https://www.youtube.com/channel/UCpqpJ0-G1lYfUBQ6_36Au_g

New and improved... with SOUND!

Your tax dollars at work. ;)

(Thanks Mark)

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Failover not working even after configuration.

On 09.12.2015 17:02, Kernel freak wrote:

Hi,

Thank you for finding out that mistake with port-number. What I fail to
understand is, where to redirect the AJP request then?

Why would you need to ?

Again :

Your AJP (in Tomcat) will *never* receive requests that are HTTPS. It expects
(and in your configuration, receives) only requests in the AJP protocol format (from the
Apache-httpd-side mod_jk or mod_proxy_ajp module).

(And if it received anything else, it would bitterly complain).

Also again:
Your configuration is :

User browser <-- HTTP(S) --> Apache httpd + mod_jk <- AJP -> Tomcat AJP Connector
<-->Tomcat webapp

The user's browser talks to Apache httpd using either HTTP or HTTPS.
If it is HTTPS, Apache unencrypts it.
The request is then (partially) processed in Apache httpd (parsing the headers etc.), and
then it is forwarded to (one of the) Tomcat by the mod_jk module, in AJP format (which has
no encrypted version). It is received by the AJP Connector in Tomcat (which understands
AJP, but not HTTP/HTTPS). The AJP Connector in Tomcat makes this into a Tomcat/java HTTP
Request object, that object is passed to the webapp, and that is what the webapp is
dealing with.

The webapp Response object goes the opposite way.
Tomcat outputs this response through the AJP connector, which encodes it as an "AJP
message". This message goes to the Apache mod_jk connector. The mod_jk connector decodes
this back for Apache-httpd, into an "Apache httpd response". Apache httpd then sends this
response back to the browser, in HTTP or HTTPS, depending on how the browser originally
connected to httpd to send that request.

The thing to understand here, is that along with the request in AJP format that mod_jk
sends to the Tomcat AJP Connector, there will be (optionally) a number of "SSL
attributes", which allow the recipient webapp to know that the original browser-to-httpd
connection was HTTPS (or not), even though Tomcat received that request through the AJP
Connector, in non-SSL AJP format.

See here :
http://tomcat.apache.org/connectors-doc/reference/apache.html
--> JkExtractSSL

I do not know Spring, and I do not know under what conditions it would send back https://
links or not. But this should not be a problem, if the configuration on both Apache-httpd
and Tomcat is correct.

Now, all that I am saying above, and also all your load-balancing setup, is only valid
assuming that *all* browser-to-Tomcat communications always goes through Apache httpd.

If you allow browsers to access Tomcat directly, then all this is moot.

A browser cannot talk directly to the Tomcat AJP Connector, they would not understand
eachother. But if your Tomcats have active HTTP/HTTPS Connectors, and the browser is able
to connect to them, then forget all the above, it will not work as you expect.

(Such connections would also bypass the load-balancing that you want).

Can you tell me

that. I am as of now creating additional mail, as I changed the config and
added a Cluster in tomcat. I just need to know what's the deal with those
connectors, as the webapp requires https..

Should I remove that redirectPort in ajp? Kindly let me know. Thank you.

On Wed, Dec 9, 2015 at 4:46 PM, André Warnier (tomcat)
wrote:

On 09.12.2015 15:56, Kernel freak wrote:

I am working on Apache and tomcat to setup Load-balancing and fail-over.
Initially I thought that load-balancing would include fail-over, but I was
wrong. I thought that if one instance is not active, then consuming other
instance also becomes a part of load-management.

It should :
quote : http://tomcat.apache.org/connectors-doc/reference/workers.html

Load balancer management includes:

Instantiating the workers in the web server.
Using the worker's load-balancing factor, perform weighed-round-robin
load balancing where high lbfactor means stronger machine (that is going to
handle more requests)
Keeping requests belonging to the same session executing on the same
Tomcat worker.
Identifying failed Tomcat workers, suspending requests to them and
instead fall-backing on other workers managed by the lb worker.

The overall result is that workers managed by the same lb worker are
load-balanced (based on their lbfactor and current user session) and also
fall-backed so a single Tomcat process death will not "kill" the entire
site.

Enough with the

terminologies, I setup fail-over, but the ironical part is fail-over
itself
is failing.

As soon as I shut down one instance of tomcat, the entire setup is dead
and
I am getting 503. Can someone help me understand what is the problem.

Maybe the first step would be to remove the irrelevant parts of he
configuration below.
Also, please make an effort at formatting your email, in plain text.
What comes below is almost unreadable as it is.
(Even in the original mail to the list, see by yourself)

I have reformatted what I could..

Added this in apache2.conf :

Frequent tomcat outages

2015-12-09 Thread Akbar Thanakalacheruvu

Hi

We are using Tomcat 7.0.62 (with JVM version 1.7.0_79-b15) in our production 
servers. This web server has 16 GB RAM and out of which we allocated 12 GB RAM 
(xms and xmx) to tomcat (through Tomcat7w.exe).
When I monitor tomcat manager application, I see that "CMS old Gen" is 
increasing minute to minute and it is reaching to 99% (11 GB) in less than 12 
hrs.

I am not sure why this memory is not clearing out. Are there any settings that 
you can suggest which can help this "CMS old Gen" to be under control?
I see lot many "OutOfMemory" errors in Tomcat logs which were caused by our 
Java application(which is a 3rd party application). I tried to take heapdump 
using the below command, but it failed saying "insufficient memory" error.

Command: jmap -dump:format=b,file=snapshot.jmap process-pid

Not sure how to proceed further to get out of these "OutOfMemory" errors. 
Please help.

-Akbar

Re: Frequent tomcat outages

On 09/12/2015 21:36, Akbar Thanakalacheruvu wrote:
> Hi
> 
> We are using Tomcat 7.0.62 (with JVM version 1.7.0_79-b15) in our production 
> servers. This web server has 16 GB RAM and out of which we allocated 12 GB 
> RAM (xms and xmx) to tomcat (through Tomcat7w.exe).
> When I monitor tomcat manager application, I see that "CMS old Gen" is 
> increasing minute to minute and it is reaching to 99% (11 GB) in less than 12 
> hrs.
> 
> I am not sure why this memory is not clearing out. Are there any settings 
> that you can suggest which can help this "CMS old Gen" to be under control?
> I see lot many "OutOfMemory" errors in Tomcat logs which were caused by our 
> Java application(which is a 3rd party application). I tried to take heapdump 
> using the below command, but it failed saying "insufficient memory" error.
> 
> Command: jmap -dump:format=b,file=snapshot.jmap process-pid
> 
> Not sure how to proceed further to get out of these "OutOfMemory" errors. 
> Please help.

It depends if a) you really have a memory leak or b) the app just needs
more memory than you have given it.

If a) yell at the vendor of application to get their act together and
fix the memory leaks.

If b) install some more RAM in the box

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Frequent tomcat outages

Mark,

On 12/9/15 4:51 PM, Mark Thomas wrote:
> On 09/12/2015 21:36, Akbar Thanakalacheruvu wrote:
>> Hi
>>
>> We are using Tomcat 7.0.62 (with JVM version 1.7.0_79-b15) in our production 
>> servers. This web server has 16 GB RAM and out of which we allocated 12 GB 
>> RAM (xms and xmx) to tomcat (through Tomcat7w.exe).
>> When I monitor tomcat manager application, I see that "CMS old Gen" is 
>> increasing minute to minute and it is reaching to 99% (11 GB) in less than 
>> 12 hrs.
>>
>> I am not sure why this memory is not clearing out. Are there any settings 
>> that you can suggest which can help this "CMS old Gen" to be under control?
>> I see lot many "OutOfMemory" errors in Tomcat logs which were caused by our 
>> Java application(which is a 3rd party application). I tried to take heapdump 
>> using the below command, but it failed saying "insufficient memory" error.
>>
>> Command: jmap -dump:format=b,file=snapshot.jmap process-pid
>>
>> Not sure how to proceed further to get out of these "OutOfMemory" errors. 
>> Please help.
> 
> It depends if a) you really have a memory leak or b) the app just needs
> more memory than you have given it.
> 
> If a) yell at the vendor of application to get their act together and
> fix the memory leaks.
> 
> If b) install some more RAM in the box

It also depends upon the nature of the OOMEs. Lots of applications have
PermGen errors, which is just a matter of adjusting the size of PermGen.

My experience has been that often /reducing/ the heap size ends up being
more informative than just increasing the heap until you stop getting OOMEs.

Akbar, can you post some of the OOMEs you have been getting?

The 99% of old generation used certainly looks like it might be an
actual leak. Obvious places to look include the HttpSession objects (are
you storing lots of data in users sessions?) and application data caches
(are they the right size? are members expiring appropriately?).

A final thought about memory usage. Long ago, a friend of mine
complained about not seeing very much "free memory" available on his
Linux workstation. When we investigated, the OS was using large amounts
of RAM for "caches" which basically means that the OS was using memory
for whatever it wanted -- no specific user process was using that
memory. When he bristled about the OS "wasting" memory, I explained that
unused memory was a waste of money and resources if it wasn't going to
be used. So, back to the Java heap: your heap should be as full as you
can keep it while maintaining a healthy application hosted inside that
JVM. Caches are great, but remember that sometimes you have to let the
users have that memory. But when they're done... refill those caches, baby!

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

tomcat embedded / hcr within a maven environment

2015-12-09 Thread Tobias Soloschenko

Hello everyone,

is anyone able to give me a little hint about what I can do to
automatically deploy changes made in java files to an embedded tomcat? (hot
code replacement). Maybe it is a m2e related topic, but I just try to
figure out.

Currently I am starting a Runner class in test scope to publish a Wicket
Application which also uses CSS files generated with nodejs / npm / grunt:

https://github.com/klopfdreh/fluentsquare/blob/master/com.fluentsquare.web/src/test/java/com/fluentsquare/web/Runner.java

What actually works is that when the Runner has been started up and I
execute a "mvn package -Pwatch" and I change something in a sass file - it
is reflected back to the tomcat.

This does not work for java files. The context is not reloaded in that
case, even if I set the following options:

ctx.setReloadable(true);
ctx.setAntiResourceLocking(true);

kind regards and thanks in advance

Tobias

Re: Tomcat Thread Dump

2015-12-09 Thread 侯树成

You can use the java tool *jps*, this is a command tool.  When use like
this : jps -lv  , you can get detail infomation of all java
instance.Hope help to you.

2015-12-09 19:28 GMT+08:00 Konstantin Kolinko :

> 2015-12-09 10:09 GMT+03:00 Yogesh Patel :
> > *Tomcat version* : 7.0.53
> > *OS *: Windows 7
> >
> > We are using tomcat as standalone application not as service, In task
> > manager it does not showing PID for Tomcat. How to get PID of that tomcat
> > in order to take tomcat thread dump.
>
> Task Manager in Windows can be configured to show additional columns
> (see View menu).
>
> > What are the best practice  to take thread dump and what are the commands
> > for windows7 system.
> >
>
> https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics
> -> How To: Capture a thread dump
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Apache failover configuration not working(Update)