Re: Memory Leak
Am 29. Juni 2016 02:26:57 MESZ, schrieb Leo Donahue: >On Jun 28, 2016 4:57 PM, "Roman Gelfand" wrote: >> >> I am running a middleware application in .. tomcat... > >Ok. This is something you wrote and deployed or it is a third party >war >file? > >> >> catalina.out.prob:SEVERE: The web application [] appears to have >started a >> thread named [cluster-ClusterId{value='5745ebcecdb2e06579174645', >> description='null'}-devnymongodb01.meridiancapital.com:27017] but has >> failed to stop it. This is very likely to create a memory leak. >> > >Basically that says either you intentionally created a thread local >variable that you did not close, or the third party war file did. To be pedantic, the warning is about a thread not being closed. Regards, Felix > >If not you then ask your vendor to fix their app. > >> >> -- >> Thanks, >> R. Gelfand - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Runtime Cloning of DataSource for Different DB?
On 6/28/2016 3:56 AM, Mark Thomas wrote: On 27/06/2016 22:35, Jerry Malcolm wrote: Mark, On 6/27/2016 1:07 PM, Mark Thomas wrote: On 27/06/2016 17:44, Jerry Malcolm wrote: I'm assuming that context.lookup(...) simply locates the "jdbc/myDB" tag in the context.xml file, pulls all of the parms out of that tag, creates a DataSource object utilizing the parms, and returns it.If that's the case, couldn't I create a variation/subclass of the Context object that modifies the url parm that it found in the resource tag and puts the desired db name into the url before constructing the DataSource? Sure. You need to implement the appropriate factory and then specify your factory class explicitly in the Resource element using the factory attribute. You probably want to start here for ideas on how to code up your factory: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/naming/factory/ or for a more specific example: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java?view=annotate Mark Thanks so much. This looks doable. Just to make sure I have the big picture correct 1) I will define a new custom resource that returns a custom context object that I write. 2) On the tag for my custom context resource I can put all of the standard DataSource parms 3) I then call lookup() on this custom context passing the dbName in 4) This custom context will build an appropriate Reference object with all the parms, instantiate a BasicDataSourceFactory, and call getInstance(.) on the factory. When I need an instance of the datasource: Context initContext = new InitialContext(); Context envContext = (Context)initContext.lookup("java:/comp/env"); MyDataSourceContext dsContext = (MyDataSourceContext) envContext.lookup( "dsContext/myDSContext" ); DataSource myDS = (DataSource) dsContext.getInstance( "dbName" ); Am I getting close? Yes, but I don't think you want to use custom NamingContexts. I think there is a simpler way. 1. Write a custom DataSource factory that provides a getDataSource(...) method that allows you to pass in whatever per instance config you need. This DataSource factory will need to use bean style setters (like the example I linked to) to pick up the other config from the 2. Write a custom resource factory that returns an instance of your DataSource factory. 3. Add a context Resource element for your DataSource factory, remembering to use the factory element and specify the custom resource factory from 2. HTH, Mark If external configuration were not required, would there be a problem instantiating a DataSource directly and setting any required properties programmatically? Would any functionality be lost? Also, if there were base properties set in a element, would there be a problem using a copy of the properties from that data source, modified as necessary, to instantiate a new DataSource? -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Memory Leak
It is third party REST server named espresso. After looking further into memory leaks message, I realized this is a thread that writes to mongodb. I had also found couple of posts relating to leaks mongodb jdbc drivers. On Jun 28, 2016 8:27 PM, "Leo Donahue"wrote: > On Jun 28, 2016 4:57 PM, "Roman Gelfand" wrote: > > > > I am running a middleware application in .. tomcat... > > Ok. This is something you wrote and deployed or it is a third party war > file? > > > > > catalina.out.prob:SEVERE: The web application [] appears to have started > a > > thread named [cluster-ClusterId{value='5745ebcecdb2e06579174645', > > description='null'}-devnymongodb01.meridiancapital.com:27017] but has > > failed to stop it. This is very likely to create a memory leak. > > > > Basically that says either you intentionally created a thread local > variable that you did not close, or the third party war file did. > > If not you then ask your vendor to fix their app. > > > > > -- > > Thanks, > > R. Gelfand >
Re: Memory Leak
On Jun 28, 2016 4:57 PM, "Roman Gelfand"wrote: > > I am running a middleware application in .. tomcat... Ok. This is something you wrote and deployed or it is a third party war file? > > catalina.out.prob:SEVERE: The web application [] appears to have started a > thread named [cluster-ClusterId{value='5745ebcecdb2e06579174645', > description='null'}-devnymongodb01.meridiancapital.com:27017] but has > failed to stop it. This is very likely to create a memory leak. > Basically that says either you intentionally created a thread local variable that you did not close, or the third party war file did. If not you then ask your vendor to fix their app. > > -- > Thanks, > R. Gelfand
Re: Memory Leak
On 6/28/2016 5:57 PM, Roman Gelfand wrote: I am running a middleware application in the tomcat environment described, below. After rebooting the server, the memory consumption is couple of gigs. Couple of weeks later, I get a message, I am out of memory. Moreover, I need to bounce the whole server to start fresh. Here, the log. I am quite sure how to go about troubleshooting it. Any help is greatly appreciated. The application has a memory leak. You need to get it fixed. catalina.out.prob:SEVERE: The web application [] appears to have started a thread named [cluster-ClusterId{value='5745ebcecdb2e06579174645', description='null'}-devnymongodb01.meridiancapital.com:27017] but has failed to stop it. This is very likely to create a memory leak. catalina.out.prob:SEVERE: Servlet.service() for servlet [API REST Handler] in context with path [] threw exception [java.lang.OutOfMemoryError: unable to create new native thread] with root cause catalina.out.prob:java.lang.OutOfMemoryError: unable to create new native thread Here is my tomcat environment... Server version: Apache Tomcat/7.0.69 Server built: Apr 11 2016 07:57:09 UTC Server number: 7.0.69.0 OS Name:Linux OS Version: 2.6.32-573.12.1.el6.x86_64 Architecture: amd64 JVM Version:1.8.0_91-b14 JVM Vendor: Oracle Corporation uname -a Linux 2.6.32-573.12.1.el6.x86_64 #1 SMP Tue Dec 15 21:19:08 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux Mem info MemTotal:8061448 kB MemFree: 5399052 kB Buffers: 150360 kB Cached: 388604 kB SwapCached:0 kB Active: 2290720 kB Inactive: 197764 kB Active(anon):1949532 kB Inactive(anon): 160 kB Active(file): 341188 kB Inactive(file): 197604 kB Unevictable: 0 kB Mlocked: 0 kB SwapTotal: 4128764 kB SwapFree:4128764 kB Dirty:40 kB Writeback: 0 kB AnonPages: 1949572 kB Mapped:35900 kB Shmem: 176 kB Slab: 87844 kB SReclaimable: 27304 kB SUnreclaim:60540 kB KernelStack:5504 kB PageTables: 9032 kB NFS_Unstable: 0 kB Bounce:0 kB WritebackTmp: 0 kB CommitLimit: 8159488 kB Committed_AS:3091324 kB VmallocTotal: 34359738367 kB VmallocUsed: 158244 kB VmallocChunk: 34359576456 kB HardwareCorrupted: 0 kB AnonHugePages: 1767424 kB HugePages_Total: 0 HugePages_Free:0 HugePages_Rsvd:0 HugePages_Surp:0 Hugepagesize: 2048 kB DirectMap4k: 10240 kB DirectMap2M: 8378368 kB CPU info processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 44 model name : Intel(R) Xeon(R) CPU E5649 @ 2.53GHz stepping: 2 microcode : 29 cpu MHz : 2533.423 cache size : 12288 KB physical id : 0 siblings: 2 core id : 0 cpu cores : 2 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 11 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes hypervisor lahf_lm ida arat epb dts bogomips: 5066.84 clflush size: 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 44 model name : Intel(R) Xeon(R) CPU E5649 @ 2.53GHz stepping: 2 microcode : 29 cpu MHz : 2533.423 cache size : 12288 KB physical id : 0 siblings: 2 core id : 1 cpu cores : 2 apicid : 1 initial apicid : 1 fpu : yes fpu_exception : yes cpuid level : 11 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes hypervisor lahf_lm ida arat epb dts bogomips: 5066.84 clflush size: 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Memory Leak
I am running a middleware application in the tomcat environment described, below. After rebooting the server, the memory consumption is couple of gigs. Couple of weeks later, I get a message, I am out of memory. Moreover, I need to bounce the whole server to start fresh. Here, the log. I am quite sure how to go about troubleshooting it. Any help is greatly appreciated. catalina.out.prob:SEVERE: The web application [] appears to have started a thread named [cluster-ClusterId{value='5745ebcecdb2e06579174645', description='null'}-devnymongodb01.meridiancapital.com:27017] but has failed to stop it. This is very likely to create a memory leak. catalina.out.prob:SEVERE: Servlet.service() for servlet [API REST Handler] in context with path [] threw exception [java.lang.OutOfMemoryError: unable to create new native thread] with root cause catalina.out.prob:java.lang.OutOfMemoryError: unable to create new native thread Here is my tomcat environment... Server version: Apache Tomcat/7.0.69 Server built: Apr 11 2016 07:57:09 UTC Server number: 7.0.69.0 OS Name:Linux OS Version: 2.6.32-573.12.1.el6.x86_64 Architecture: amd64 JVM Version:1.8.0_91-b14 JVM Vendor: Oracle Corporation uname -a Linux 2.6.32-573.12.1.el6.x86_64 #1 SMP Tue Dec 15 21:19:08 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux Mem info MemTotal:8061448 kB MemFree: 5399052 kB Buffers: 150360 kB Cached: 388604 kB SwapCached:0 kB Active: 2290720 kB Inactive: 197764 kB Active(anon):1949532 kB Inactive(anon): 160 kB Active(file): 341188 kB Inactive(file): 197604 kB Unevictable: 0 kB Mlocked: 0 kB SwapTotal: 4128764 kB SwapFree:4128764 kB Dirty:40 kB Writeback: 0 kB AnonPages: 1949572 kB Mapped:35900 kB Shmem: 176 kB Slab: 87844 kB SReclaimable: 27304 kB SUnreclaim:60540 kB KernelStack:5504 kB PageTables: 9032 kB NFS_Unstable: 0 kB Bounce:0 kB WritebackTmp: 0 kB CommitLimit: 8159488 kB Committed_AS:3091324 kB VmallocTotal: 34359738367 kB VmallocUsed: 158244 kB VmallocChunk: 34359576456 kB HardwareCorrupted: 0 kB AnonHugePages: 1767424 kB HugePages_Total: 0 HugePages_Free:0 HugePages_Rsvd:0 HugePages_Surp:0 Hugepagesize: 2048 kB DirectMap4k: 10240 kB DirectMap2M: 8378368 kB CPU info processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 44 model name : Intel(R) Xeon(R) CPU E5649 @ 2.53GHz stepping: 2 microcode : 29 cpu MHz : 2533.423 cache size : 12288 KB physical id : 0 siblings: 2 core id : 0 cpu cores : 2 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 11 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes hypervisor lahf_lm ida arat epb dts bogomips: 5066.84 clflush size: 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 44 model name : Intel(R) Xeon(R) CPU E5649 @ 2.53GHz stepping: 2 microcode : 29 cpu MHz : 2533.423 cache size : 12288 KB physical id : 0 siblings: 2 core id : 1 cpu cores : 2 apicid : 1 initial apicid : 1 fpu : yes fpu_exception : yes cpuid level : 11 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes hypervisor lahf_lm ida arat epb dts bogomips: 5066.84 clflush size: 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: -- Thanks, R. Gelfand
Re: Need help setting up SSL on Tomcat 8
2016-06-28 16:24 GMT-04:00 Sean Son: > > as for the output to the keytool command: > > Isnt the output to that command, confidential information? > > No, there isn't anything confidential from the output of a simple -list. It doesn't display the private key or anything like that. It will just show the list of certificates in your keystore. The first entry in the keystore will be the one sent back by the Tomcat server since you didn't specify any alias. So, I assume this is the intended behavior. Since you do not specify any trust store, the default trust store shipped with your version of Java will be used. If the clients trying to connect are not having certificats signed by one of these, it will fails. It may not be a problem in your case since you do not provide any details on the clients' certificates. Regards, - Daniel Savard
Re: [OT] External XML Entities with relative pathnames
2016-06-28 18:53 GMT+03:00 Christopher Schultz: > I'm trying to build an XML file that includes several smaller XML > files using XXE, like this: > > bar.xml: > > > > ]> > > > > > The files "foo.xml" and "bar.xml" are in the same directory. > > This works great when the CWD of the process is the same as foo.xml > and bar.xml, but when I try to say "hey program, parse > /a/b/c/bar.xml", I get FileNotFoundException for CWD/foo.xml. > > We often recommend that people use XXE for "password-less" server.xml > files. Is everyone using absolute filenames for that? Or is there some > kind of option that I need to set on Xerces (being used internally by > the JVM -- the com.sun.org.apache.xerces flavor) or Digester (I'm > using commons-digester to read the XML) to enable relative entities? > > I've been searching the web for references to things like this, and it > appears that various versions of Xerces (including the C version) had > a bug where relative paths weren't working properly (the XML spec says > that relative paths such as the above should be relative to the > document that defined them -- that is: foo.xml should be expected in > the same location as bar.xml in my example above). Do I just have a > buggy version of Xerces? > 1. I routinely use that "passwords" recipe to externalize resources from server.xml. It is the same example as in our FAQ (no path at all -> resolved relatively to server.xml). Also Tomcat has examples in its documentation: Every document (e.g. changelog.xml, config/index.xml) references project.xml located in the same directory as the document, with different project.xml in each directory. security-manager-howto.xml also references catalina.policy Note that Apache Ant is usually run from the root of source tree. 2. Note that to be able to resolve relative URLs, XML parser must know the correct URL of the file that it processes. Sample code: o.a.catalina.ant.ValidatorTask InputSource is = new InputSource(file.toURI().toURL().toExternalForm()); is.setByteStream(stream); o.a.catalina.startup.Catalina: InputSource is = new InputSource(file.toURI().toURL().toString()); is.setByteStream(fis); instead of just calling new InputSource(stream). Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need help setting up SSL on Tomcat 8
Here is the complete configuration as for the output to the keytool command: Isnt the output to that command, confidential information? Thanks On Tue, Jun 28, 2016 at 4:06 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Sean, > > On 6/28/16 2:31 PM, Sean Son wrote: > > Hey Philip > > > > So i was able to get the page to connect with SSL but I noticed > > that when I clicked on the little icon that looks like a lock next > > to https:// in the address bar, I saw this certificate error: > > Certificate Error There are issues with the site's certificate > > chain (net::ERR_CERT_COMMON_NAME_INVALID). > > This usually means that the URL you are using contains a hostname that > doesn't match the TLS certificate's "common name". > > > Does that mean that SSL has been implemented incorrectly? > > > > Also I am trying to get an incoming connection through port 80 to > > tomcat, to automatically redirect to port 8443 (or 443 which ever > > you think is easiest to implement) without having to use a reverse > > proxy in front of it. In my server.xml I have the following: > > > > > connectionTimeout="2" redirectPort="8443" /> Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJXcti2AAoJEBzwKT+lPKRYYNAP/jimgUxO8gp1W0rOEhqeTszc > yKjAhGQ6yjBE14mvDK+x2zO7+zw01fzqm3IbsyUeEHdSjo0YPQQl0/h15tnhatgA > WuMYz78HyXVtB02FPc/gg82LXwI5GowpKRgd3phQ6f1UKOxpcIPZdOG2MvsbLgFG > m8UX1qxhq34xkQBCkLv+sWd6sgAdGX3P6x/+qxCav3gr+8os5KHFofms6BUReIro > hTRQ6XXIbB3VvOGC6uK/IXLcKtvf1v7Bv5NUsL4mWd9AFkwLl+VlSjdK055ubftp > 6CKj5RUmJkJ06Y0Hy1dK4v9mjcMvM0VwsPcwU9E/GOKMMj0Q56EFVKQkroeLjdXj > bYMPc8FNAG6eYUdlrSx5lfcDqhO/EmiUZXLJykBbPFmcke8jED1b31WdboMaJAce > YuuYVUgia4+sP2w/u0bXdQB5ie6gYHecYwdhiIB/mYY74jVz6BeQ26x7EjS7w/WT > 4eI5XbPX6JPtJe0e3WpRIe2Fk/pLQOdcHMbG+g0X69cbRtRcf7PT/feGbJzoC/qJ > rUiE7okK98P9KawCV4lueV1b7whFAhJs6apGvIOs/1w296eZ60sM373ugF6ygc1b > gQybFF/NgnwLrKk0A63retwLeSj2ImB0pl3NvJ9yxJZOy+OP4GalV6BJ5+yF5yz2 > UESskxe5+W3VYH8s1Ekt > =6brz > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Need help setting up SSL on Tomcat 8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sean, On 6/28/16 2:31 PM, Sean Son wrote: > Hey Philip > > So i was able to get the page to connect with SSL but I noticed > that when I clicked on the little icon that looks like a lock next > to https:// in the address bar, I saw this certificate error: > Certificate Error There are issues with the site's certificate > chain (net::ERR_CERT_COMMON_NAME_INVALID). This usually means that the URL you are using contains a hostname that doesn't match the TLS certificate's "common name". > Does that mean that SSL has been implemented incorrectly? > > Also I am trying to get an incoming connection through port 80 to > tomcat, to automatically redirect to port 8443 (or 443 which ever > you think is easiest to implement) without having to use a reverse > proxy in front of it. In my server.xml I have the following: > > connectionTimeout="2" redirectPort="8443" />
Re: Tomcat graceful shutdown inquiry
Fantastic. Thanks! :) On Tue, Jun 28, 2016 at 2:43 PM, Mark Thomaswrote: > On 28/06/2016 19:39, Coty Sutherland wrote: >> Hello all, >> >> I've been poking around with the Fedora distribution of tomcat and >> noticed that systemd isn't allowing tomcat to gracefully shutdown (it >> sends an immediate SIGKILL after the Boostrap stop is called). That >> isn't your issue, but in trying to mediate the issue so that session >> persistence works as expected, I found that SIGTERM causes tomcat to >> gracefully shutdown. Looking at the code of the >> org.apache.catalina.startup.Bootstrap.stop() method, I can see that it >> hands off to Server.stop() and stops the server by initiating the >> shutdown hook, etc. When you send a SIGTERM to tomcat the >> org.apache.catalina.core.StandardServer.stopInternal() method is what >> handles shutdown and appears to be gracefully stopping the server, >> though it goes about the process a bit differently. >> >> My question is, can anyone readily tell me the functional difference >> between gracefully handling a SIGTERM and utilizing Bootstrap.stop()? > > None. > >> I'm sure that the Bootstrap.stop() is the preferred method, > > Not really. > >> but is there any major harm in using SIGTERM? > > No. > >> I've compared FINE level >> logging on org.apache and both methods seem to get the same result (a >> graceful stop). > > They are equivalent. If you disable the shutdown port, SIGTERM is the > only way to gracefully shut down Tomcat. > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat graceful shutdown inquiry
On 28/06/2016 19:39, Coty Sutherland wrote: > Hello all, > > I've been poking around with the Fedora distribution of tomcat and > noticed that systemd isn't allowing tomcat to gracefully shutdown (it > sends an immediate SIGKILL after the Boostrap stop is called). That > isn't your issue, but in trying to mediate the issue so that session > persistence works as expected, I found that SIGTERM causes tomcat to > gracefully shutdown. Looking at the code of the > org.apache.catalina.startup.Bootstrap.stop() method, I can see that it > hands off to Server.stop() and stops the server by initiating the > shutdown hook, etc. When you send a SIGTERM to tomcat the > org.apache.catalina.core.StandardServer.stopInternal() method is what > handles shutdown and appears to be gracefully stopping the server, > though it goes about the process a bit differently. > > My question is, can anyone readily tell me the functional difference > between gracefully handling a SIGTERM and utilizing Bootstrap.stop()? None. > I'm sure that the Bootstrap.stop() is the preferred method, Not really. > but is there any major harm in using SIGTERM? No. > I've compared FINE level > logging on org.apache and both methods seem to get the same result (a > graceful stop). They are equivalent. If you disable the shutdown port, SIGTERM is the only way to gracefully shut down Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat graceful shutdown inquiry
Hello all, I've been poking around with the Fedora distribution of tomcat and noticed that systemd isn't allowing tomcat to gracefully shutdown (it sends an immediate SIGKILL after the Boostrap stop is called). That isn't your issue, but in trying to mediate the issue so that session persistence works as expected, I found that SIGTERM causes tomcat to gracefully shutdown. Looking at the code of the org.apache.catalina.startup.Bootstrap.stop() method, I can see that it hands off to Server.stop() and stops the server by initiating the shutdown hook, etc. When you send a SIGTERM to tomcat the org.apache.catalina.core.StandardServer.stopInternal() method is what handles shutdown and appears to be gracefully stopping the server, though it goes about the process a bit differently. My question is, can anyone readily tell me the functional difference between gracefully handling a SIGTERM and utilizing Bootstrap.stop()? I'm sure that the Bootstrap.stop() is the preferred method, but is there any major harm in using SIGTERM? I've compared FINE level logging on org.apache and both methods seem to get the same result (a graceful stop). TIA, Coty - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need help setting up SSL on Tomcat 8
Hey Philip So i was able to get the page to connect with SSL but I noticed that when I clicked on the little icon that looks like a lock next to https:// in the address bar, I saw this certificate error: Certificate Error There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID). Does that mean that SSL has been implemented incorrectly? Also I am trying to get an incoming connection through port 80 to tomcat, to automatically redirect to port 8443 (or 443 which ever you think is easiest to implement) without having to use a reverse proxy in front of it. In my server.xml I have the following: > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
Re: Need help setting up SSL on Tomcat 8
Thank you for your reply Philip yes I have and it still failed.. I can try again and let you know what errors I am running into. Thanks! On Tue, Jun 28, 2016 at 2:15 PM, Philip Hacheywrote: > Have you tried following the steps found here?: > https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Need help setting up SSL on Tomcat 8
Have you tried following the steps found here?: https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Need help setting up SSL on Tomcat 8
Hello all I am stuck trying to set up SSL on Tomcat 8. I have tried all sorts of advice and still I cannot get it to work. I attempted to use the method describe on this website: https://sysengineers.wordpress.com/2011/03/16/tomcat-automatic-redirect-https/ but I started to see the following errors in my catalina.2016-06.26.log file: WARNING [main] org.apache.catalina.startup.SetAllPropertiesRule.begin [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'SSLCertificateFile' to '/home/user/apache-tomcat-8.0.35/ssl/certificate.crt' did not find a matching property. 28-Jun-2016 10:44:20.495 WARNING [main] org.apache.catalina.startup.SetAllPropertiesRule.begin [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'SSLCertificateKeyFile' to '/home/user/apache-tomcat-8.0.35/ssl/certificate.key' did not find a matching property. So what I did was install openssl-devel and apr-devel and now those errors have disappeared, but when I try to browse to the web application or the IP of the server, I get the following error in the browser: took too long to respond. Try: - Reloading the page - Checking the connection - Checking the proxy and the firewall I have no idea what I am doing wrong. I set up my Connector in server.xml exactly the same way as the example in that website that I linked. Any suggestions will greatly be appreciated! Thanks! Sean
Re: Deploy with white screen
I started with a fresh copy. The only change was to use Java7. I don’t have a stanza in my server.xml. I do have a context.xml file. —Jeff Jeffrey Trimble, MLS William F. Maag Library Youngstown State University 330.941.2483 (Office) jatrim...@ysu.edu http://www.maag.ysu.edu http://digital.maag.ysu.edu On 6/28/16, 12:03 PM, "Christopher Schultz"wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA256 > >Jeffrey, > >On 6/25/16 11:40 AM, Jeffrey A Trimble wrote: >> I've just deployed tomcat 7.0.70 on a test server, but I'm seeing >> something very strange and I'd like some advice to point me to a >> solution. I'm running DSpace software. >> >> When I go to the web: http://:8080/xmlui I'm getting a >> blank white screen. If I add something like "/home" onto the end >> of the URL (http://:8080/xmlui/home) I receive a screen >> that looks like my application with "Page not found" error in one >> of the frames, but I can now get all my usualy menus and choose to >> go on. If I click a link for the Home landing page, it may or may >> not get a white blank page. >> >> Any thoughts? >> >> Some informational data: >> >> * server.xml has the declared the appBase to my directory where my >> webapps reside (instead of copying them into the /webapps >> directory under Tomcat). We've been doing that for years. * I'm >> running java 1.6 * xmlui is a cocoon application > >Can you post your from server.xml? > >When you migrated from Tomcat 6 -> Tomcat 7, did you start with a >fresh conf/server.xml from Tomcat 7, or did you try to copy the >conf/server.xml from Tomcat 6 into Tomcat 7? > >- -chris >-BEGIN PGP SIGNATURE- >Comment: GPGTools - http://gpgtools.org >Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > >iQIcBAEBCAAGBQJXcp/ZAAoJEBzwKT+lPKRYQgoP/iWCqzBF3cbxiNHFeVdplnwA >RXBweJF2KareM9Bx79S2dDjw/H35f7LuRvbL5hjOGDtoLT/AXOa4HOBsHYAac561 >whxtxVU6rJoQtovCX63J0zjF59oV0KEdAPAMTd0jtaeoj2l26Ro3UFKqpUbpf+U6 >iZkLTBk26L3/Rd17a8y6ITUm/dYOfsc4TUpatELAI7NLab5ofqufAXnPskTDSl6v >w4DFUyydO5cd8iwlIXYHjSMmh3KqCixWlXk7cVrJkwdjwCN61N4grKPMVFQUMQZg >Am1XAVKPS18T8iJMFGZpzro9sxBQe9NsxRTvTgRFRDNR/ipBbXlbtGohFZyMScd7 >BtLH9DXT56K5rEgARjI9G5Q1W5oDaq6Fr10iSVtv5/uAepRb4+sR0HlfGDykohUy >hl5pat4Z0x7p5Xjy+Xrsmv5Es6mNIbUGIFoadBmTa8xDnVPZ0NS/a1dfClcFCP4T >rzgYvv59U5DDibdJgbDLHzEWhx2f8ik6jyh1vS3B2x7Ixxt6hT23ykE8GNw5rhMV >8BLll+M1iykhf5dBRQHd5EqQ1ftwKWZRFQqAzGcn7vlSLdgAgvMNcPpvEzQUqvDK >oGSmHcp7OhcHjGwXpdie2Y/5fM0lhdu7zfxBFGykIo97ieZWA9EjZpGOZX6xQuEB >+RlTI4cqnGbqvQp+vqNU >=xrav >-END PGP SIGNATURE- > >- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Deploy with white screen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 6/25/16 11:40 AM, Jeffrey A Trimble wrote: > I've just deployed tomcat 7.0.70 on a test server, but I'm seeing > something very strange and I'd like some advice to point me to a > solution. I'm running DSpace software. > > When I go to the web: http://:8080/xmlui I'm getting a > blank white screen. If I add something like "/home" onto the end > of the URL (http://:8080/xmlui/home) I receive a screen > that looks like my application with "Page not found" error in one > of the frames, but I can now get all my usualy menus and choose to > go on. If I click a link for the Home landing page, it may or may > not get a white blank page. > > Any thoughts? > > Some informational data: > > * server.xml has the declared the appBase to my directory where my > webapps reside (instead of copying them into the /webapps > directory under Tomcat). We've been doing that for years. * I'm > running java 1.6 * xmlui is a cocoon application Can you post your from server.xml? When you migrated from Tomcat 6 -> Tomcat 7, did you start with a fresh conf/server.xml from Tomcat 7, or did you try to copy the conf/server.xml from Tomcat 6 into Tomcat 7? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXcp/ZAAoJEBzwKT+lPKRYQgoP/iWCqzBF3cbxiNHFeVdplnwA RXBweJF2KareM9Bx79S2dDjw/H35f7LuRvbL5hjOGDtoLT/AXOa4HOBsHYAac561 whxtxVU6rJoQtovCX63J0zjF59oV0KEdAPAMTd0jtaeoj2l26Ro3UFKqpUbpf+U6 iZkLTBk26L3/Rd17a8y6ITUm/dYOfsc4TUpatELAI7NLab5ofqufAXnPskTDSl6v w4DFUyydO5cd8iwlIXYHjSMmh3KqCixWlXk7cVrJkwdjwCN61N4grKPMVFQUMQZg Am1XAVKPS18T8iJMFGZpzro9sxBQe9NsxRTvTgRFRDNR/ipBbXlbtGohFZyMScd7 BtLH9DXT56K5rEgARjI9G5Q1W5oDaq6Fr10iSVtv5/uAepRb4+sR0HlfGDykohUy hl5pat4Z0x7p5Xjy+Xrsmv5Es6mNIbUGIFoadBmTa8xDnVPZ0NS/a1dfClcFCP4T rzgYvv59U5DDibdJgbDLHzEWhx2f8ik6jyh1vS3B2x7Ixxt6hT23ykE8GNw5rhMV 8BLll+M1iykhf5dBRQHd5EqQ1ftwKWZRFQqAzGcn7vlSLdgAgvMNcPpvEzQUqvDK oGSmHcp7OhcHjGwXpdie2Y/5fM0lhdu7zfxBFGykIo97ieZWA9EjZpGOZX6xQuEB +RlTI4cqnGbqvQp+vqNU =xrav -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: wrong request.getServerPort value reported on upgraded HTTP/2 connector ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Frank, On 6/28/16 11:02 AM, Frank Taffelt wrote: > Calling the method request.getServerPort() returns 80 on http/2 > upgraded requests for the https connector. I would expect that > this method should return 443 in these calls. My current > workarround is to disable the APR Listener as this results in > correct value for the https connector. So is this a bug? Definitely seems like a bug. You have no other connectors defined other than the one on port 443? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXcp4aAAoJEBzwKT+lPKRYfwgP/isAFGcsIB0XcgY/SCzVYdas WO0gBJmDl8IiDG7ALYQ+XZqvCaZZbQRvLZ5se6gx9UGbnpKqTV27j51kSEKb9txE sat8y7JmYlwrnTrxu6vDgPYHODYs+tI7ilYC02YSBth9v9E6I14egEV7bEv5H0F4 zYavdyO8jUFDFnv/tqllPfu0vm58BSHZnGHJcnSLU3hqijJOcS1edEq+jzj/xAJr GtMi8ehI2RMSGq5nizl5Yc3zuc3jlsvilpPSc3ygqJfNltKBKDnNivUPWONF4ozS Ibl6o1Rs8hs132xZka1OPI3+BlTc9HkQgHU3jvrQlfkWzNjv6ogM6Q5B76Jgv65T li65XFLmw9x6SdUWn93S4FIQIJs/rYoJyX53ZwSlHiONFZh2C4KlDCzQPJ6iMt5z UdQeUHCHZ2xZURmScSpVAOkyGog6V84kHtaDVPgD8+umNBqA+ujy7abDb6ZdKDuC Yke6RssFatQmWBGJkp3JORPOIq1C1sNh64Gd1hz8U17kHK0zmffYis5aqeFPxUxr 2jEz1VAbsZULDclpWi2JW4TKezVrOykmQ4Dmgz//OOKeXW1XCwtaigK/c3XSv95D cm3tpaGUsdhLUM75YaK/H1sLKwVyav6rubYrXWmKvTOPgO4sd3DlXFbW5T7NT+CR ikuriVBWliBg8rb61KlH =b+VE -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] External XML Entities with relative pathnames
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm trying to build an XML file that includes several smaller XML files using XXE, like this: bar.xml: ]> The files "foo.xml" and "bar.xml" are in the same directory. This works great when the CWD of the process is the same as foo.xml and bar.xml, but when I try to say "hey program, parse /a/b/c/bar.xml", I get FileNotFoundException for CWD/foo.xml. We often recommend that people use XXE for "password-less" server.xml files. Is everyone using absolute filenames for that? Or is there some kind of option that I need to set on Xerces (being used internally by the JVM -- the com.sun.org.apache.xerces flavor) or Digester (I'm using commons-digester to read the XML) to enable relative entities? I've been searching the web for references to things like this, and it appears that various versions of Xerces (including the C version) had a bug where relative paths weren't working properly (the XML spec says that relative paths such as the above should be relative to the document that defined them -- that is: foo.xml should be expected in the same location as bar.xml in my example above). Do I just have a buggy version of Xerces? Thanks, - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXcp1vAAoJEBzwKT+lPKRYfXcP/2SdmSpa7dLwBed7xv97BHLl Lq8JSJSVkVvZZjTF6gHvn8xVfGm+6KA1LQ6KRsSoke8ZKf54waUKclYcd04/Jkb5 N9na6UknDTCrhwPsY1xOyRZQ5jq62MeyxtJE+8EHitCwIaAqyaOaxsG1djPGnNpP a68N4WQ3qyumDuoSC9Slx5jLPi/i4XciSGCx/LRC0zaY3ABmU+boOjBK+41Ambjz 0h9kWGqSm0/QRO8wETSoWzHLtrqckRXbkvHXnydaiCcmvE1ELmAd/364+TR2ZCeu jZVO9uVSzpZkV8IQTa6Zic57avFfFdKmIRHiItDhW9Rm9l6SJgWZJmWV1/YDXcRB IEocNgSz1Ad4gU1yVsv8gHH7LTTDggmgAjwlzdjCPkKB1dGCjLW2uYmJ7qNh0hsQ GrjCG0/wisvhZh7m5K0zroG3+oYnnD+KmrEs5wUr9JDUC2TnV4a9LXozDbHdctNs ojz+bFeBeC+hv6L8ICDTUk+fnptD2PAzPDDf59MukS3X2LEDNuv9y+N71wLyI20w ecfgI6Eelgwe4Rf9dSBUNz84rArS7gzP9TDpOFV7jqP6uz7glDtIw5Wp+rRJ6xRR e9taycc9HzQg+6CnzwbNr4XCLemq+b2/agRCxLX42NiMBxEwBGGXSyiF1tsTi9Be EgBW4TOvmiba15v5bsnx =vS/0 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
wrong request.getServerPort value reported on upgraded HTTP/2 connector ?
Calling the method request.getServerPort() returns 80 on http/2 upgraded requests for the https connector. I would expect that this method should return 443 in these calls. My current workarround is to disable the APR Listener as this results in correct value for the https connector. So is this a bug? so here is my config: Tomcat: 8.5.3 OS: Win7 (64bit) tcnative: 1.2.7 Java Version: 1.8.0_92-b14 parts from my server.xml: * active APR Listener * connector: Thanks, Frank
Re: Runtime Cloning of DataSource for Different DB?
On 27/06/2016 22:35, Jerry Malcolm wrote: > Mark, > > On 6/27/2016 1:07 PM, Mark Thomas wrote: >> On 27/06/2016 17:44, Jerry Malcolm wrote: >> >>> I'm assuming that context.lookup(...) simply locates the "jdbc/myDB" >>> tag in the context.xml file, pulls all of the parms out of >>> that tag, creates a DataSource object utilizing the parms, and returns >>> it.If that's the case, couldn't I create a variation/subclass of the >>> Context object that modifies the url parm that it found in the resource >>> tag and puts the desired db name into the url before constructing the >>> DataSource? >> Sure. >> >> You need to implement the appropriate factory and then specify your >> factory class explicitly in the Resource element using the factory >> attribute. >> >> You probably want to start here for ideas on how to code up your factory: >> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/naming/factory/ >> >> or for a more specific example: >> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java?view=annotate >> >> >> >> Mark >> > Thanks so much. This looks doable. Just to make sure I have the big > picture correct > > 1) I will define a new custom resource that returns a custom context > object that I write. > 2) On the tag for my custom context resource I can put all of > the standard DataSource parms > 3) I then call lookup() on this custom context passing the dbName in > 4) This custom context will build an appropriate Reference object with > all the parms, instantiate a BasicDataSourceFactory, and call > getInstance(.) on the factory. > > When I need an instance of the datasource: > Context initContext = new InitialContext(); > Context envContext = > (Context)initContext.lookup("java:/comp/env"); > MyDataSourceContext dsContext = (MyDataSourceContext) > envContext.lookup( "dsContext/myDSContext" ); > DataSource myDS = (DataSource) dsContext.getInstance( "dbName" ); > > Am I getting close? Yes, but I don't think you want to use custom NamingContexts. I think there is a simpler way. 1. Write a custom DataSource factory that provides a getDataSource(...) method that allows you to pass in whatever per instance config you need. This DataSource factory will need to use bean style setters (like the example I linked to) to pick up the other config from the 2. Write a custom resource factory that returns an instance of your DataSource factory. 3. Add a context Resource element for your DataSource factory, remembering to use the factory element and specify the custom resource factory from 2. HTH, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I don't understand a recent change released in Tomcat 7.0.70
On 25 June 2016 at 07:38, Lyallexwrote: > On 24 June 2016 at 21:50, Christopher Schultz > wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Lyallax, >> >> Okay, one last time before I start ignoring you. We really are trying >> to be helpful. But nobody knows why who are so exercised about this. >> >> You haven't: >> >> a) Clearly explained what you want to do (redirect which requests? >> with what response code? in what cases?) > > Thank you for your very reasonable response > > https://bz.apache.org/bugzilla/show_bug.cgi?id=59399 > > Explains the problem that has been fixed in 7.0.70 Tomcat 7.0.70, stand alone production server, live. curl -D /tmp/headers.txt -s http://www.mysite.com/ HTTP/1.1 301 Moved Permanently ... Fantastic Thank You Lyallex > > My 'issue' was with the design decision, not the fix. > Software design is an obsession of mine, sometimes it overflows my > brain and spills out on the pavement so to speak. > > I don't think this forum is the right place to discuss such issues. > Many thanks for everyones patience. > > Lyallex > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org