Re: Proxy Apache https to Tomcat http
Chris, Problem solved. On Thu, Oct 27, 2016 at 12:32 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Ted, > > (I apologize, I didn't see your message from he 5th until just now. I > would have replied earlier.) > > On 10/27/16 12:21 PM, Ted Spradley wrote: > On Wed, Oct 5, 2016 at 7:52 PM, Christopher Schultz wrote: > >> Explicit descriptor XML file placed in > >> CATALINA_HOME/conf/[service]/[ host]/[app].xml? > > > > Yes - with a caveat. The path is CATALINA_HOME/conf/[service]/[ > > host]/context.xml > > Do you mean a /literal/ context.xml? That will deploy your application > to /context. > > Yes to the literal context.xml. I'm assuming the applications get deployed to the proper context because of the appBase attribute in the host definition. example.com > > The only contents being one empty element with the > > docBase attribute defined > > > > > > > > > > That's just fine. > > > The CATALINA_HOME/exampledotcomapps directory contains three > > applications deployed using the manager application. 1. > > "http:example.com/mycontext" 2. "http:example.com/anotherContext" > > 3. "http:example.com/stillAnontherContext" > > Okay, so you have a with appBase set to > CATAINA_HOME/exampledotcomapps. > > Note that you aren't using the manager, here. The manager is a web > application that lets you upload and manage running applications via > an HTTP interface. Putting files on the disk under CATALINA_HOME/conf > will generally just go ahead and deploy them under a default > configuration -- that is, one where autoDeploy is set to true. > > There is an instance of manager in CATALINA_HOME/exampledotcomapps that I use to deploy those applications. > All three applications are reached as expected through the proxy on > > port 80. > > > > The path CATALINA_HOME/exampledotcomapps matches the appBase > > attribute in the element for example.com in > > CATALINA_HOME/conf/server.xml > > Gotcha. > > > I've since defined a separate Connector to listen for the redirect > > from Apache on port 8082 because I thought there was a > > possibility the proxyPort directive would need to be specifically > > port 443 instead of port 80. > > Several things: mod_proxy isn't redirecting anything... it's proxying > the connection. It sounds pedantic but it's important to use the right > terminology here since both proxying and redirects are valid ways to > change where the data is coming from. A redirect would involve the > client making a follow-up HTTP request. mod_proxy is instead handling > the client's connection on behalf of the client through to Tomcat. > > Thank you for this. The "redirect port" is the port that will be used to redirect the user > if a security-constraint cannot be fulfilled using the current > connector. Most practically, it means that if the application says "I > need TLS" and the connection isn't a TLS connection, then Tomcat will > redirect the user to the same URL but with an https:// protocol and > that port number you specify. It comes preconfigured as 8443 since > that will generally get you back to Tomcat instead of some other > service. For a real service, you probably want that set to "443". > > This is one of the key changes that solved the https access issue. This is the port number that the CLIENT will end up using. Using port > 80 for the redirectPort will basically never work. You should leave it > as 443 if you want httpd to do the TLS termination (which it's pretty > obvious you are in fact trying to do). > > > So now I have a Connector to receive the port 80 traffic and > > another for the port 443 traffic. I've tried it with and without > > the redirectPort attribute. Still no success. > > Okay. This is IMO the best configuration especially if you want to > treat some applications as secure and others as insecure. (In my > environment, everything is secure, so I use only a single Connector.) > > > The Connectors appear in this order in server.xml > > > > > connectionTimeout="2" proxyName="www.example.com" > > proxyPort="80" redirectPort="8443" xpoweredBy="false" > > server="Apache TomEE" /> > protocol="HTTP/1.1" connectionTimeout="2" > > proxyName="www.example.com" proxyPort="443" redirectPort="8443" > > xpoweredBy="false" server="Apache TomEE" /> > > I think you want redirectPort="443" for both of those connectors. > Assuming that you want port 8082 to be used for proxying HTTPS > connections, you are going to want to set these attributes at well: > Done. > > scheme="https" > secure="true" > > Done. > This will let your application know that the connection is secure (but > it's up to you to make sure that it actually IS by not e.g. proxying a > non-TLS connection to port 8082). > > There are ways to get this to work with a single connector and have > the reverse proxy (that's httpd_+mod_proxy, here) tell Tomcat what > kind of connection it is. But you have to configure a
RE: Tomcat 9 exe, High CPU usage due to TCP I/O with itself
> From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Subject: Re: Tomcat 9 exe, High CPU usage due to TCP I/O with itself > On 10/27/16 1:45 PM, Dustin Delage wrote: > > Looks like the app is now slated for redevelopment. Thanks > > everyone. > I still think this has nothing to do with your application... Maybe, maybe not. On a fresh install of Tomcat 9.0.0.M11 using JDK 1.8.0_102 running as a service on Windows 7 Pro, I see the following ports in use: Protocol Local Address Remote AddressState TCP :8009 :0 LISTENING TCP :8080 :0 LISTENING TCP :8005 :0 LISTENING TCP :55089 :55090 ESTABLISHED TCP :55090 :55089 ESTABLISHED TCP :55091 :55092 ESTABLISHED TCP :55092 :55091 ESTABLISHED TCP :55093 :55094 ESTABLISHED TCP :55094 :55093 ESTABLISHED TCP :55095 :55096 ESTABLISHED TCP :55096 :55095 ESTABLISHED TCP :55097 :55098 ESTABLISHED TCP :55098 :55097 ESTABLISHED TCP :55099 :55100 ESTABLISHED TCP :55100 :55099 ESTABLISHED TCPV6 :8009 :0 LISTENING TCPV6 :8080 :0 LISTENING I haven't figured out what all the paired ports with established connections are used for yet; maybe stdin, stdout, stderr, and ?? If some of the ports are redirects of stdout and/or stderr, the webapp could be dumping a lot of junk there, causing the high CPU usage. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 9 exe, High CPU usage due to TCP I/O with itself
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dustin, On 10/27/16 1:45 PM, Dustin Delage wrote: > Looks like the app is now slated for redevelopment. Thanks > everyone. I still think this has nothing to do with your application... - -chris > -Original Message- From: Mark Thomas > [mailto:ma...@apache.org] Sent: Thursday, October 27, 2016 4:48 AM > To: Tomcat Users ListSubject: Re: Tomcat > 9 exe, High CPU usage due to TCP I/O with itself > > On 26/10/2016 18:07, Dustin Delage wrote: >> Tomcat 9, running on Windows Server 2008, runs the CPU at 79% - >> 90% continuously. The only activity is tomcat spamming itself >> with TCP traffic. Same proc ID, out one port, to another port >> back to itself. > > Tomcat doesn't do that. That looks more likely to be an app issue. > > A series of thread dumps (3 thread dumps, 10 seconds apart) should > provide some pointers as to what is going on. A profiler (e.g. > YourKit) would be better. > > Mark > >> >> A small sample from Process Monitor: >> >> # # >> >> >> # # >> >> >> ## 10:16:04.7458125 AM Tomcat9.exe 1932TCP >> Receive 7f00:1::d880:fe03:80fa::49199 -> >> 7f00:1:::::::49198 SUCCESS Length: 1, >> seqnum: 0, connid: 0 10:16:04.7458374 AM Tomcat9.exe 1932TCP >> Send Sage-Web03.sage.local:49198 -> Sage-Web03.sage.local:49199 >> SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: >> 0, connid: 0 10:16:04.7458805 AM Tomcat9.exe 1932TCP Receive >> 7f00:1::d880:fe03:80fa::49197 -> >> 7f00:1:::::::49196 SUCCESS Length: 1, >> seqnum: 0, connid: 0 10:16:04.7458972 AM Tomcat9.exe 1932TCP >> Send Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197 >> SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: >> 0, connid: 0 10:16:04.7459244 AM Tomcat9.exe 1932TCP Receive >> 7f00:1::d880:fe03:80fa::49197 -> >> 7f00:1:::::::49196 SUCCESS Length: 1, >> seqnum: 0, connid: 0 10:16:04.7459507 AM Tomcat9.exe 1932TCP >> Send Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197 >> SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: >> 0, connid: 0 >> # # >> >> >> # # >> >> >> ### >> >> Attaching an image of my findings as well >> >> Thank You, >> >> D Delage >> >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYElPDAAoJEBzwKT+lPKRY7qoP/jL/CvgwumQ8n5f4vw4yFYFC IedXndeyp6iQ5XGKi+XjjjCPUHPf0rQgjBtfn1yBmVh8Pn2QKA4SGVPrQoRwD/Q1 5HSY8n4cALaeTBLUbf/rVqeu3zzRs+TDPTf9O6MHa6PXj9LTxlRB8PqEzV8ltnLT 1UHC5w8XvDTFtVRRnmYdr0615zByEEf1l6EUbFZsi+fRTA/f39eMohXDgNYQzJ1j WL1BcmpBPJfxHZjnfkOxI8QnieAnBprNGk9T8cpbuTFURTG9B0HZ/LtWOGaCN63e Ji2Riu84TZx0Y2uz5XwunyPykRqBxMRyZhtzvCuomna8R+hYf+6i3utXnzcaKwID dAvJm7vr/BbJen5tzvzGkAX26Zl4I6UCfcVzp0OW1wmbX+gTLdmEaT0kQrO5Udz4 ZraXF5zxwYEh/BHtVv/tF6GrOSI8c3GUZOZwi6P7ItMiCahkj8seAgPBA49g9wrq HBuGRSaTW6xdyZoYzJVX4gyTjVPrCm71Ky8eORh96EnMYW/Rd+zCq9sy8UCkBg5V /aFmv+ax1PFPNByMQKtRRItQorxLanmt2Z/K1SWm6kDHhT7hMHFZcHe/Q3QMiTwi sbeGXCCGH5KEZC+j/w8OzfPJgJPJYrMyuJs/CcBNxp9zYZISL8N/IcqMFqkSMl0g QGYcT3vU2hHFlD75Ksn/ =NpHn -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 9 exe, High CPU usage due to TCP I/O with itself
Looks like the app is now slated for redevelopment. Thanks everyone. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Thursday, October 27, 2016 4:48 AM To: Tomcat Users ListSubject: Re: Tomcat 9 exe, High CPU usage due to TCP I/O with itself On 26/10/2016 18:07, Dustin Delage wrote: > Tomcat 9, running on Windows Server 2008, runs the CPU at 79% - 90% > continuously. The only activity is tomcat spamming itself with TCP > traffic. Same proc ID, out one port, to another port back to itself. Tomcat doesn't do that. That looks more likely to be an app issue. A series of thread dumps (3 thread dumps, 10 seconds apart) should provide some pointers as to what is going on. A profiler (e.g. YourKit) would be better. Mark > > A small sample from Process Monitor: > > ## > > ## > > ## > 10:16:04.7458125 AM Tomcat9.exe 1932TCP Receive > 7f00:1::d880:fe03:80fa::49199 -> > 7f00:1:::::::49198SUCCESS Length: 1, seqnum: > 0, connid: 0 > 10:16:04.7458374 AM Tomcat9.exe 1932TCP Send > Sage-Web03.sage.local:49198 -> Sage-Web03.sage.local:49199SUCCESS > Length: 1, startime: 12341635, endtime: 12341635, seqnum: 0, connid: 0 > 10:16:04.7458805 AM Tomcat9.exe 1932TCP Receive > 7f00:1::d880:fe03:80fa::49197 -> > 7f00:1:::::::49196SUCCESS Length: 1, seqnum: > 0, connid: 0 > 10:16:04.7458972 AM Tomcat9.exe 1932TCP Send > Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197SUCCESS > Length: 1, startime: 12341635, endtime: 12341635, seqnum: 0, connid: 0 > 10:16:04.7459244 AM Tomcat9.exe 1932TCP Receive > 7f00:1::d880:fe03:80fa::49197 -> > 7f00:1:::::::49196SUCCESS Length: 1, seqnum: > 0, connid: 0 > 10:16:04.7459507 AM Tomcat9.exe 1932TCP Send > Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197SUCCESS > Length: 1, startime: 12341635, endtime: 12341635, seqnum: 0, connid: 0 > ## > > ## > > ### > > Attaching an image of my findings as well > > Thank You, > > D Delage > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Proxy Apache https to Tomcat http
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ted, (I apologize, I didn't see your message from he 5th until just now. I would have replied earlier.) On 10/27/16 12:21 PM, Ted Spradley wrote: On Wed, Oct 5, 2016 at 7:52 PM, Christopher Schultz wrote: >> Explicit descriptor XML file placed in >> CATALINA_HOME/conf/[service]/[ host]/[app].xml? > > Yes - with a caveat. The path is CATALINA_HOME/conf/[service]/[ > host]/context.xml Do you mean a /literal/ context.xml? That will deploy your application to /context. > The only contents being one empty element with the > docBase attribute defined > > > > That's just fine. > The CATALINA_HOME/exampledotcomapps directory contains three > applications deployed using the manager application. 1. > "http:example.com/mycontext" 2. "http:example.com/anotherContext" > 3. "http:example.com/stillAnontherContext" Okay, so you have a with appBase set to CATAINA_HOME/exampledotcomapps. Note that you aren't using the manager, here. The manager is a web application that lets you upload and manage running applications via an HTTP interface. Putting files on the disk under CATALINA_HOME/conf will generally just go ahead and deploy them under a default configuration -- that is, one where autoDeploy is set to true. > All three applications are reached as expected through the proxy on > port 80. > > The path CATALINA_HOME/exampledotcomapps matches the appBase > attribute in the element for example.com in > CATALINA_HOME/conf/server.xml Gotcha. > I've since defined a separate Connector to listen for the redirect > from Apache on port 8082 because I thought there was a > possibility the proxyPort directive would need to be specifically > port 443 instead of port 80. Several things: mod_proxy isn't redirecting anything... it's proxying the connection. It sounds pedantic but it's important to use the right terminology here since both proxying and redirects are valid ways to change where the data is coming from. A redirect would involve the client making a follow-up HTTP request. mod_proxy is instead handling the client's connection on behalf of the client through to Tomcat. The "redirect port" is the port that will be used to redirect the user if a security-constraint cannot be fulfilled using the current connector. Most practically, it means that if the application says "I need TLS" and the connection isn't a TLS connection, then Tomcat will redirect the user to the same URL but with an https:// protocol and that port number you specify. It comes preconfigured as 8443 since that will generally get you back to Tomcat instead of some other service. For a real service, you probably want that set to "443". This is the port number that the CLIENT will end up using. Using port 80 for the redirectPort will basically never work. You should leave it as 443 if you want httpd to do the TLS termination (which it's pretty obvious you are in fact trying to do). > So now I have a Connector to receive the port 80 traffic and > another for the port 443 traffic. I've tried it with and without > the redirectPort attribute. Still no success. Okay. This is IMO the best configuration especially if you want to treat some applications as secure and others as insecure. (In my environment, everything is secure, so I use only a single Connector.) > The Connectors appear in this order in server.xml > > connectionTimeout="2" proxyName="www.example.com" > proxyPort="80" redirectPort="8443" xpoweredBy="false" > server="Apache TomEE" /> protocol="HTTP/1.1" connectionTimeout="2" > proxyName="www.example.com" proxyPort="443" redirectPort="8443" > xpoweredBy="false" server="Apache TomEE" /> I think you want redirectPort="443" for both of those connectors. Assuming that you want port 8082 to be used for proxying HTTPS connections, you are going to want to set these attributes at well: scheme="https" secure="true" This will let your application know that the connection is secure (but it's up to you to make sure that it actually IS by not e.g. proxying a non-TLS connection to port 8082). There are ways to get this to work with a single connector and have the reverse proxy (that's httpd_+mod_proxy, here) tell Tomcat what kind of connection it is. But you have to configure a proxy listener and configure more stuff on the httpd end. That's one of the reasons I like mod_jk better since it automatically sends all that stuff to the back-end. Something you aren't getting unless you are using the RemoteIPValve[1] is the ability to tell anything about the client's connection (origin IP, protocol, etc.) as well as possibly the hostname they were requesting. I have much less experience with mod_proxy_http than I do with mod_proxy_ajp/mod_jk which "just handles it". I would recommend using the RemoteIPValve on the Tomcat end. > Note: It is curious to me that when I enter https://example.com/ > into a browser, Apache serves the page at /var/www/html/index.html > which is in
Re: Tomcat Native compile can't find jni_md.h
> On Oct 27, 2016, at 11:53 AM, Christopher Schultz >wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Brian, > > On 10/27/16 11:47 AM, Paquin, Brian wrote: >> I’m trying to compile Tomcat Native (1.2.10 that comes with >> 8.5.6), and get the error “Cannot find jni_md.h” In >> /usr/lib/jvm/[openjdk-1.8.0_111]/jre/ I have bin and lib but not >> include… I downloaded oracle’s 1.8.0_112 JDK and have the same >> structure (no include). >> >> I haven’t found anything on the web that helps me get the headers >> back and was hoping someone here could help. > > It looks like you have a JRE and you need a JDK to build tcnative. > > The JDK contains a jre/ directory and you're right, it has no include/ > subdir. But if you back-out one directory to JAVA_HOME, you should > have an include/ directory there. > > When I unpack the jdk1.8 archive, I get these files: > > drwxr-xr-x 2 uucp 143 4096 Jun 22 21:53 bin > - -r--r--r-- 1 uucp 143 3244 Jun 22 21:53 COPYRIGHT > drwxr-xr-x 4 uucp 143 4096 Jun 22 21:53 db > drwxr-xr-x 3 uucp 143 4096 Jun 22 21:53 include > - -rwxr-xr-x 1 uucp 143 5091318 Jun 22 11:58 javafx-src.zip > drwxr-xr-x 5 uucp 143 4096 Jun 22 21:53 jre > drwxr-xr-x 5 uucp 143 4096 Jun 22 21:53 lib > - -r--r--r-- 1 uucp 143 40 Jun 22 21:53 LICENSE > drwxr-xr-x 4 uucp 143 4096 Jun 22 21:53 man > - -r--r--r-- 1 uucp 143 159 Jun 22 21:53 README.html > - -rw-r--r-- 1 uucp 143 526 Jun 22 21:53 release > - -rw-r--r-- 1 uucp 143 21109887 Jun 22 21:53 src.zip > - -rwxr-xr-x 1 uucp 143 110114 Jun 22 11:58 > THIRDPARTYLICENSEREADME-JAVAFX.txt > - -r--r--r-- 1 uucp 143 177094 Jun 22 21:53 THIRDPARTYLICENSEREADME.txt > > - -chris That did it! Thank you!! (my “find / -name jni” only returned 3 items in Tomcat) Much appreciated, Brian
Re: Proxy Apache https to Tomcat http
Chris, On Wed, Oct 5, 2016 at 7:52 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Ted, > > On 10/5/16 6:47 PM, Ted Spradley wrote: > > Chris, > > > > On Wed, Oct 5, 2016 at 5:14 PM, Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > Ted, > > > > On 10/5/16 6:10 PM, Ted Spradley wrote: > Chris, > > Thanks for your response. > > On Wed, Oct 5, 2016 at 3:14 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Ted, > > On 10/5/16 3:42 PM, TED SPRADLEY wrote: > >>> Tomcat 7.0.68 Apache 2.4.6 CentOS 7.2.1511 > > Thanks. > > >>> Problem: A Tomcat application at context "/mycontext" > >>> on port 8081 running through Apache proxy renders as > >>> expected when using http://example.com/mycontext but > >>> https://example.com/mycontext call renders "The > >>> requested URL /mycontext/ was not found on this > >>> server." > >>> > >>> Question: Do I have a Tomcat Connector configuration > >>> problem? Or an Apache proxy configuration problem? Or > >>> an Apache ssl.conf problem? > >>> > >>> Note: the CA issued certificate appears to be properly > >>> installed as evidence by the lock icon in the url bar > >>> displaying "Verified by Š " when doing a mouseover. > >>> > >>> Files: Httpd.conf - ServerName > >>> www.example.com ServerAlias *.example.com ProxyRequests > >>> off ProxyPass /mycontext > >>> http://example.com:8081/mycontext ProxyPassReverse > >>> /mycontext http://example.com:8081/mycontext > >>> ProxyRequests off > >>> ProxyPreserveHost on SSLEngine on SSLCertificateFile > >>> /path/to/certs/ca.crt SSLCertificateKeyFile > >>> /path/to/key/private/exampleDotCom.key ServerName > >>> www.example.com ServerAlias *.example.com ProxyPass > >>> /mycontext http://example.com:8081/mycontext > >>> ProxyPassReverse /mycontext > >>> http://example.com:8081/mycontext > > On first inspection, that looks correct. > > >>> Tomcat's server.xml Connector >>> protocol="HTTP/1.1" connectionTimeout="2" > >>> proxyName="www.example.com" proxyPort="80" > >>> redirectPort="8443" xpoweredBy="false" server="Apache > >>> TomEE" /> > > That also looks correct. > > How have you deployed your actual application? > > > > Yes. It is deployed and responds as expected through the > > proxy when using http. > > > > Great. But *HOW* have you deployed your actual application? > > > > > >> Sorry, I missed the "How". I'm not sure what descriptors you are > >> asking for when you ask how. > > Auto-deployed WAR file/directory? WAR/dir deployed via manager > application? Explicit descriptor XML file placed in > CATALINA_HOME/conf/[service]/[host]/[app].xml? > > WAR/dir deployed via manager application? Yes Explicit descriptor XML file placed in CATALINA_HOME/conf/[service]/[ host]/[app].xml? Yes - with a caveat. The path is CATALINA_HOME/conf/[service]/[ host]/context.xml The only contents being one empty element with the docBase attribute defined The CATALINA_HOME/exampledotcomapps directory contains three applications deployed using the manager application. 1. "http:example.com/mycontext" 2. "http:example.com/anotherContext" 3. "http:example.com/stillAnontherContext" All three applications are reached as expected through the proxy on port 80. The path CATALINA_HOME/exampledotcomapps matches the appBase attribute in the element for example.com in CATALINA_HOME/conf/server.xml I've since defined a separate Connector to listen for the redirect from Apache on port 8082 because I thought there was a possibility the proxyPort directive would need to be specifically port 443 instead of port 80. So now I have a Connector to receive the port 80 traffic and another for the port 443 traffic. I've tried it with and without the redirectPort attribute. Still no success. The Connectors appear in this order in server.xml Note: It is curious to me that when I enter https://example.com/ into a browser, Apache serves the page at /var/www/html/index.html which is in the document root defined in /etc/httpd/conf/httpd.conf with the directive DocumentRoot "/var/www/html" My expectation is that the call to https://example.com/ would be redirected with the pair ProxyPass / http://example.com:8082/ ProxyPassReverse / https://example.com:8082/ in the virtual host element for port 443. To refresh, the virtual host definitions are currently: ServerName www.example.com ServerAlias *.example.com ProxyRequests off ProxyPreserveHost on ProxyPass / http://example.com:8081/ ProxyPassReverse / http://example.com:8081/ ProxyPass /mycontext http://example.com:8081/mycontext ProxyPassReverse /mycontext http://example.com:8081/mycontext ProxyPass
RE: Tomcat 9 exe, High CPU usage due to TCP I/O with itself
Unfortunately my knowledge of Tomcat and Java apps is limited to basic sys admin stuff. I've made the suggestion to the developer to Profile the app. I'm sure this will reveal the problem. I might make an attempt as well. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, October 27, 2016 12:03 PM To: Tomcat Users ListSubject: Re: Tomcat 9 exe, High CPU usage due to TCP I/O with itself -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 10/27/16 4:47 AM, Mark Thomas wrote: > On 26/10/2016 18:07, Dustin Delage wrote: >> Tomcat 9, running on Windows Server 2008, runs the CPU at 79% - 90% >> continuously. The only activity is tomcat spamming itself with TCP >> traffic. Same proc ID, out one port, to another port back to itself. > > Tomcat doesn't do that. That looks more likely to be an app issue. > > A series of thread dumps (3 thread dumps, 10 seconds apart) should > provide some pointers as to what is going on. A profiler (e.g. > YourKit) would be better. Tomcat9.exe should be the monitor (procrun), not anything hosting an application, right? - -chris >> A small sample from Process Monitor: >> >> # # >> >> ## >> ## 10:16:04.7458125 AM Tomcat9.exe 1932TCP >> Receive 7f00:1::d880:fe03:80fa::49199 -> >> 7f00:1:::::::49198 SUCCESS Length: 1, >> seqnum: 0, connid: 0 10:16:04.7458374 AM Tomcat9.exe 1932TCP >> Send Sage-Web03.sage.local:49198 -> Sage-Web03.sage.local:49199 >> SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: >> 0, connid: 0 10:16:04.7458805 AM Tomcat9.exe 1932TCP Receive >> 7f00:1::d880:fe03:80fa::49197 -> >> 7f00:1:::::::49196 SUCCESS Length: 1, >> seqnum: 0, connid: 0 10:16:04.7458972 AM Tomcat9.exe 1932TCP >> Send Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197 >> SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: >> 0, connid: 0 10:16:04.7459244 AM Tomcat9.exe 1932TCP Receive >> 7f00:1::d880:fe03:80fa::49197 -> >> 7f00:1:::::::49196 SUCCESS Length: 1, >> seqnum: 0, connid: 0 10:16:04.7459507 AM Tomcat9.exe 1932TCP >> Send Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197 >> SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: >> 0, connid: 0 >> # # >> >> ## >> ### >> >> Attaching an image of my findings as well >> >> Thank You, >> >> D Delage >> >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYEiUyAAoJEBzwKT+lPKRY92oP/jYekQFTj5HaiQsmsQaaWgg+ eGmookPwRATKubROIedjzQA9Y62Y1PL0udQpk5xnEReQ5ISxbUs+OGJtPQippC85 VxILggVIA2ZHuPVd2qEhj1cBb5ppB9n1SsRBFRHU+Y7rdJGp8goIMBZzs1CytR/M vK7xkyDtXzLinerMGj4k/82KnTfCo6nwf+z7Np03Np2doWXYYcZmJO3yo3N/v4lm arp1MEHf1qSutd12ga3MeMXwt8e3WZaK5M1gFL7h7CMclIbgUBz0vGtZ7VYYCB7g qVCzwQi64Jt7HADwllKKLmPC/N3lA3zTQvp/o1z8qsDSYPtbaZNSKNnSoqb4uzx/ 8Z59Y3HZEQudT8gV2GwNzULmGh6Clcn3ECQaUxnK81YZFz0YluO8QbKTMuRM18pb mr8UH/JoPO3PUaBsDvWo95KUZw8m1+YPhvtMCi0r2NTD7j+Klr3r9cHubAHq21Hi VfsGXHm1Pv7vaYVx4za9bREtxEtQZWkQOsjrviYX9lH5n2Ad8QwWOd0fI4HrLBhM 3i/zE7VSOLnCpCZwQ0Dpx7inzVIuXQzmvecdSS6MsuPea3uzNqgSbKoct0A28tTU Em1dBwPuyeHVISnxBtTYufJOeBSBEq/sFW5385QftHLQgwfH4aVouix9U6pLfAF0 +ptjg7u5okrPzuh+6RTx =laEe -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 9 exe, High CPU usage due to TCP I/O with itself
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 10/27/16 4:47 AM, Mark Thomas wrote: > On 26/10/2016 18:07, Dustin Delage wrote: >> Tomcat 9, running on Windows Server 2008, runs the CPU at 79% - >> 90% continuously. The only activity is tomcat spamming itself >> with TCP traffic. Same proc ID, out one port, to another port >> back to itself. > > Tomcat doesn't do that. That looks more likely to be an app issue. > > A series of thread dumps (3 thread dumps, 10 seconds apart) should > provide some pointers as to what is going on. A profiler (e.g. > YourKit) would be better. Tomcat9.exe should be the monitor (procrun), not anything hosting an application, right? - -chris >> A small sample from Process Monitor: >> >> # # >> >> ## >> ## 10:16:04.7458125 AM Tomcat9.exe 1932TCP >> Receive 7f00:1::d880:fe03:80fa::49199 -> >> 7f00:1:::::::49198 SUCCESS Length: 1, >> seqnum: 0, connid: 0 10:16:04.7458374 AM Tomcat9.exe 1932TCP >> Send Sage-Web03.sage.local:49198 -> Sage-Web03.sage.local:49199 >> SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: >> 0, connid: 0 10:16:04.7458805 AM Tomcat9.exe 1932TCP Receive >> 7f00:1::d880:fe03:80fa::49197 -> >> 7f00:1:::::::49196 SUCCESS Length: 1, >> seqnum: 0, connid: 0 10:16:04.7458972 AM Tomcat9.exe 1932TCP >> Send Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197 >> SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: >> 0, connid: 0 10:16:04.7459244 AM Tomcat9.exe 1932TCP Receive >> 7f00:1::d880:fe03:80fa::49197 -> >> 7f00:1:::::::49196 SUCCESS Length: 1, >> seqnum: 0, connid: 0 10:16:04.7459507 AM Tomcat9.exe 1932TCP >> Send Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197 >> SUCCESS Length: 1, startime: 12341635, endtime: 12341635, seqnum: >> 0, connid: 0 >> # # >> >> ## >> ### >> >> Attaching an image of my findings as well >> >> Thank You, >> >> D Delage >> >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYEiUyAAoJEBzwKT+lPKRY92oP/jYekQFTj5HaiQsmsQaaWgg+ eGmookPwRATKubROIedjzQA9Y62Y1PL0udQpk5xnEReQ5ISxbUs+OGJtPQippC85 VxILggVIA2ZHuPVd2qEhj1cBb5ppB9n1SsRBFRHU+Y7rdJGp8goIMBZzs1CytR/M vK7xkyDtXzLinerMGj4k/82KnTfCo6nwf+z7Np03Np2doWXYYcZmJO3yo3N/v4lm arp1MEHf1qSutd12ga3MeMXwt8e3WZaK5M1gFL7h7CMclIbgUBz0vGtZ7VYYCB7g qVCzwQi64Jt7HADwllKKLmPC/N3lA3zTQvp/o1z8qsDSYPtbaZNSKNnSoqb4uzx/ 8Z59Y3HZEQudT8gV2GwNzULmGh6Clcn3ECQaUxnK81YZFz0YluO8QbKTMuRM18pb mr8UH/JoPO3PUaBsDvWo95KUZw8m1+YPhvtMCi0r2NTD7j+Klr3r9cHubAHq21Hi VfsGXHm1Pv7vaYVx4za9bREtxEtQZWkQOsjrviYX9lH5n2Ad8QwWOd0fI4HrLBhM 3i/zE7VSOLnCpCZwQ0Dpx7inzVIuXQzmvecdSS6MsuPea3uzNqgSbKoct0A28tTU Em1dBwPuyeHVISnxBtTYufJOeBSBEq/sFW5385QftHLQgwfH4aVouix9U6pLfAF0 +ptjg7u5okrPzuh+6RTx =laEe -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Native compile can't find jni_md.h
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Brian, On 10/27/16 11:47 AM, Paquin, Brian wrote: > I’m trying to compile Tomcat Native (1.2.10 that comes with > 8.5.6), and get the error “Cannot find jni_md.h” In > /usr/lib/jvm/[openjdk-1.8.0_111]/jre/ I have bin and lib but not > include… I downloaded oracle’s 1.8.0_112 JDK and have the same > structure (no include). > > I haven’t found anything on the web that helps me get the headers > back and was hoping someone here could help. It looks like you have a JRE and you need a JDK to build tcnative. The JDK contains a jre/ directory and you're right, it has no include/ subdir. But if you back-out one directory to JAVA_HOME, you should have an include/ directory there. When I unpack the jdk1.8 archive, I get these files: drwxr-xr-x 2 uucp 143 4096 Jun 22 21:53 bin - -r--r--r-- 1 uucp 143 3244 Jun 22 21:53 COPYRIGHT drwxr-xr-x 4 uucp 143 4096 Jun 22 21:53 db drwxr-xr-x 3 uucp 143 4096 Jun 22 21:53 include - -rwxr-xr-x 1 uucp 143 5091318 Jun 22 11:58 javafx-src.zip drwxr-xr-x 5 uucp 143 4096 Jun 22 21:53 jre drwxr-xr-x 5 uucp 143 4096 Jun 22 21:53 lib - -r--r--r-- 1 uucp 143 40 Jun 22 21:53 LICENSE drwxr-xr-x 4 uucp 143 4096 Jun 22 21:53 man - -r--r--r-- 1 uucp 143 159 Jun 22 21:53 README.html - -rw-r--r-- 1 uucp 143 526 Jun 22 21:53 release - -rw-r--r-- 1 uucp 143 21109887 Jun 22 21:53 src.zip - -rwxr-xr-x 1 uucp 143 110114 Jun 22 11:58 THIRDPARTYLICENSEREADME-JAVAFX.txt - -r--r--r-- 1 uucp 143 177094 Jun 22 21:53 THIRDPARTYLICENSEREADME.txt - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYEiL8AAoJEBzwKT+lPKRYj+wP/0OUeSQn/w8bh6lII/eviMO2 bJwbot3/WrPBT3jMwUoZK/3/QyJ118brLFqInddKDKsUpyKalZ0K6hLzLbP2NGA+ GtyHA6TgJbPcMpbd3Fdpzpcbf1Oy+5WQOoDUgV5rC69yFyDg2d5+R1MHfMRSZ0lp UqtkEEJ0LRN1YxQV23XwgUIGBI6j/ZYw3KTWg7747V7/NPBSF/FuOxQt0flHZy+W jZtel0H7j2SMLRrVxMSCGeemZgry2bx7mDsmT9Sz+ycrgOalxeg3MUbIZZk/zISC Ldd3KaL6d98g9VOFX0uO3bLyH+eQ3l5yQu26ziKP64keQww0HODTWatC0xQI+JVZ v/y/gKgRiFd8ASW04qDaLDQLfUl32d3DrZX26MhfBWxtWJEGqeXhCMXgr3fb+cnF c3wsYhH7alppZ1iDqf3LcpB2gcQrg2VNE8nvgse+/s/t19U4vsU5TGhtovVOoq2h bV9Cl0atLgueSx+YCTNJy7Am8lsUwWrIEcZ8fA+g8WTIGEJrtgfvbY+qjgei/z5o NQylLCDWYXEe7SM+CSUpAzbP15HP/kjcyp8s+GO5YJRiewT8ZVCr4JPrHW1oexEu IpDTH17Vxtf/Z/6T+coj1s/oIzX3RWutcdWpgyTH4ACRUYrGi0U0pLDlMkBcCMxy 1wZA0UwWhI1v1s4BIeZm =nqnn -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat Native compile can't find jni_md.h
I’m trying to compile Tomcat Native (1.2.10 that comes with 8.5.6), and get the error “Cannot find jni_md.h” In /usr/lib/jvm/[openjdk-1.8.0_111]/jre/ I have bin and lib but not include… I downloaded oracle’s 1.8.0_112 JDK and have the same structure (no include). I haven’t found anything on the web that helps me get the headers back and was hoping someone here could help. Brian
[SECURITY] CVE-2016-6797 Apache Tomcat Unrestricted Access to Global Resources
CVE-2016-6797 Apache Tomcat Unrestricted Access to Global Resources Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M9 Apache Tomcat 8.5.0 to 8.5.4 Apache Tomcat 8.0.0.RC1 to 8.0.36 Apache Tomcat 7.0.0 to 7.0.70 Apache Tomcat 6.0.0 to 6.0.45 Earlier, unsupported versions may also be affected. Description The ResourceLinkFactory did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. Mitigation Users of affected versions should apply one of the following mitigations - Upgrade to Apache Tomcat 9.0.0.M10 or later - Upgrade to Apache Tomcat 8.5.5 or later - Upgrade to Apache Tomcat 8.0.37 or later - Upgrade to Apache Tomcat 7.0.72 or later (Apache Tomcat 7.0.71 has the fix but was not released) - Upgrade to Apache Tomcat 6.0.47 or later (Apache Tomcat 6.0.46 has the fix but was not released) Credit: This issue was discovered by the Apache Tomcat Security Team. References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html [4] http://tomcat.apache.org/security-6.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[SECURITY] CVE-2016-6796 Apache Tomcat Security Manager Bypass
CVE-2016-6796 Apache Tomcat Security Manager Bypass Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M9 Apache Tomcat 8.5.0 to 8.5.4 Apache Tomcat 8.0.0.RC1 to 8.0.36 Apache Tomcat 7.0.0 to 7.0.70 Apache Tomcat 6.0.0 to 6.0.45 Earlier, unsupported versions may also be affected. Description A malicious web application was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. Mitigation Users of affected versions should apply one of the following mitigations - Upgrade to Apache Tomcat 9.0.0.M10 or later - Upgrade to Apache Tomcat 8.5.5 or later - Upgrade to Apache Tomcat 8.0.37 or later - Upgrade to Apache Tomcat 7.0.72 or later (Apache Tomcat 7.0.71 has the fix but was not released) - Upgrade to Apache Tomcat 6.0.47 or later (Apache Tomcat 6.0.46 has the fix but was not released) Credit: This issue was discovered by the Apache Tomcat Security Team. References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html [4] http://tomcat.apache.org/security-6.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[SECURITY] CVE-2016-5018 Apache Tomcat Security Manager Bypass
CVE-2016-5018 Apache Tomcat Security Manager Bypass Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M9 Apache Tomcat 8.5.0 to 8.5.4 Apache Tomcat 8.0.0.RC1 to 8.0.36 Apache Tomcat 7.0.0 to 7.0.70 Apache Tomcat 6.0.0 to 6.0.45 Earlier, unsupported versions may also be affected. Description A malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. Mitigation Users of affected versions should apply one of the following mitigations - Upgrade to Apache Tomcat 9.0.0.M10 or later - Upgrade to Apache Tomcat 8.5.5 or later - Upgrade to Apache Tomcat 8.0.37 or later - Upgrade to Apache Tomcat 7.0.72 or later (Apache Tomcat 7.0.71 has the fix but was not released) - Upgrade to Apache Tomcat 6.0.47 or later (Apache Tomcat 6.0.46 has the fix but was not released) Credit: This issue was discovered by Alvaro Munoz of the HP Enterprise Security Team and reported responsibly to the Apache Tomcat Security Team. References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html [4] http://tomcat.apache.org/security-6.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[SECURITY] CVE-2016-6794 Apache Tomcat Security System Property Disclosure
CVE-2016-6794 Apache Tomcat System Property Disclosure Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M9 Apache Tomcat 8.5.0 to 8.5.4 Apache Tomcat 8.0.0.RC1 to 8.0.36 Apache Tomcat 7.0.0 to 7.0.70 Apache Tomcat 6.0.0 to 6.0.45 Earlier, unsupported versions may also be affected. Description When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. Mitigation Users of affected versions should apply one of the following mitigations - Upgrade to Apache Tomcat 9.0.0.M10 or later - Upgrade to Apache Tomcat 8.5.5 or later - Upgrade to Apache Tomcat 8.0.37 or later - Upgrade to Apache Tomcat 7.0.72 or later (Apache Tomcat 7.0.71 has the fix but was not released) - Upgrade to Apache Tomcat 6.0.47 or later (Apache Tomcat 6.0.46 has the fix but was not released) Credit: This issue was discovered by the Apache Tomcat Security Team. References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html [4] http://tomcat.apache.org/security-6.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[SECURITY] CVE-2016-0762 Apache Tomcat Realm Timing Attack
CVE-2016-0762 Apache Tomcat Realm Timing Attack Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M9 Apache Tomcat 8.5.0 to 8.5.4 Apache Tomcat 8.0.0.RC1 to 8.0.36 Apache Tomcat 7.0.0 to 7.0.70 Apache Tomcat 6.0.0 to 6.0.45 Earlier, unsupported versions may also be affected. Description The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. Mitigation Users of affected versions should apply one of the following mitigations - Upgrade to Apache Tomcat 9.0.0.M10 or later - Upgrade to Apache Tomcat 8.5.5 or later - Upgrade to Apache Tomcat 8.0.37 or later - Upgrade to Apache Tomcat 7.0.72 or later (Apache Tomcat 7.0.71 has the fix but was not released) - Upgrade to Apache Tomcat 6.0.47 or later (Apache Tomcat 6.0.46 has the fix but was not released) Credit: This issue was discovered by The Apache Tomcat Security Team. References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html [4] http://tomcat.apache.org/security-6.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: setWriteListener and async operations concurrency
On 27.10.2016 13:41, Sergey Mashkov wrote: On Thu, Oct 27, 2016 at 2:19 PM André Warnier (tomcat)wrote: On 27.10.2016 12:15, Sergey Mashkov wrote: Hi I am experiencing deadlock when trying to set output stream write listener: The thread from my own thread pool is trying to set a write listener (my code via setWriteListener call) and another one thread is https-jsse-nio-N-exec is trying to close and flush (there is no my code in the stack trace) and no more threads locked. .. So the question is: is it even legal to call any async operation from non-server thread? I see a lot of existing code in the web assumes that it is. I also used to write so many times with no issues until now. This is why I suppose it could be a tomcat bug. Hi. Not an answer to your questions, but : It would be good practice, and probably help a lot the people here to answer your questions, if you provided : - the Tomcat version - the Java version - the platform OS and version You can find all of those in the Tomcat logs, or by running the (tomcat_dir)/bin/VERSION.(sh|bat) It's more about the API and requirements: the documentation is not clear about threading. But if it's a bug then it could be significant The documentation also corresponds to the version of Tomcat, so it is significant and useful (and mainly it saves time for the list volunteers) if you specify what you are looking at. You want free expert advice. You will get it on this list. But the easier and less time-consuming you make it for these experts, the quicker you will have your expert response. Versions are 9.0.0M6 and M11, java 8u112, Linux x86_64 Thank you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: setWriteListener and async operations concurrency
On Thu, Oct 27, 2016 at 2:19 PM André Warnier (tomcat)wrote: > On 27.10.2016 12:15, Sergey Mashkov wrote: > > Hi > > > > I am experiencing deadlock when trying to set output stream write > listener: > > The thread from my own thread pool is trying to set a write listener (my > > code via setWriteListener call) and another one thread is > > https-jsse-nio-N-exec is trying to close and flush (there is no my code > in > > the stack trace) and no more threads locked. > > .. > > So the question is: is it even legal to call any async operation from > > non-server thread? I see a lot of existing code in the web assumes that > it > > is. I also used to write so many times with no issues until now. This is > > why I suppose it could be a tomcat bug. > > > > Hi. > Not an answer to your questions, but : > It would be good practice, and probably help a lot the people here to > answer your > questions, if you provided : > - the Tomcat version > - the Java version > - the platform OS and version > You can find all of those in the Tomcat logs, or by running the > (tomcat_dir)/bin/VERSION.(sh|bat) > It's more about the API and requirements: the documentation is not clear about threading. But if it's a bug then it could be significant Versions are 9.0.0M6 and M11, java 8u112, Linux x86_64 > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: setWriteListener and async operations concurrency
On 27.10.2016 12:15, Sergey Mashkov wrote: Hi I am experiencing deadlock when trying to set output stream write listener: The thread from my own thread pool is trying to set a write listener (my code via setWriteListener call) and another one thread is https-jsse-nio-N-exec is trying to close and flush (there is no my code in the stack trace) and no more threads locked. .. So the question is: is it even legal to call any async operation from non-server thread? I see a lot of existing code in the web assumes that it is. I also used to write so many times with no issues until now. This is why I suppose it could be a tomcat bug. Hi. Not an answer to your questions, but : It would be good practice, and probably help a lot the people here to answer your questions, if you provided : - the Tomcat version - the Java version - the platform OS and version You can find all of those in the Tomcat logs, or by running the (tomcat_dir)/bin/VERSION.(sh|bat) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
setWriteListener and async operations concurrency
Hi I am experiencing deadlock when trying to set output stream write listener: The thread from my own thread pool is trying to set a write listener (my code via setWriteListener call) and another one thread is https-jsse-nio-N-exec is trying to close and flush (there is no my code in the stack trace) and no more threads locked. . So the question is: is it even legal to call any async operation from non-server thread? I see a lot of existing code in the web assumes that it is. I also used to write so many times with no issues until now. This is why I suppose it could be a tomcat bug.
Re: Tomcat 9 exe, High CPU usage due to TCP I/O with itself
On 26/10/2016 18:07, Dustin Delage wrote: > Tomcat 9, running on Windows Server 2008, runs the CPU at 79% - 90% > continuously. The only activity is tomcat spamming itself with TCP > traffic. Same proc ID, out one port, to another port back to itself. Tomcat doesn't do that. That looks more likely to be an app issue. A series of thread dumps (3 thread dumps, 10 seconds apart) should provide some pointers as to what is going on. A profiler (e.g. YourKit) would be better. Mark > > A small sample from Process Monitor: > > ## > ## > ## > 10:16:04.7458125 AM Tomcat9.exe 1932TCP Receive > 7f00:1::d880:fe03:80fa::49199 -> > 7f00:1:::::::49198SUCCESS Length: 1, seqnum: > 0, connid: 0 > 10:16:04.7458374 AM Tomcat9.exe 1932TCP Send > Sage-Web03.sage.local:49198 -> Sage-Web03.sage.local:49199SUCCESS > Length: 1, startime: 12341635, endtime: 12341635, seqnum: 0, connid: 0 > 10:16:04.7458805 AM Tomcat9.exe 1932TCP Receive > 7f00:1::d880:fe03:80fa::49197 -> > 7f00:1:::::::49196SUCCESS Length: 1, seqnum: > 0, connid: 0 > 10:16:04.7458972 AM Tomcat9.exe 1932TCP Send > Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197SUCCESS > Length: 1, startime: 12341635, endtime: 12341635, seqnum: 0, connid: 0 > 10:16:04.7459244 AM Tomcat9.exe 1932TCP Receive > 7f00:1::d880:fe03:80fa::49197 -> > 7f00:1:::::::49196SUCCESS Length: 1, seqnum: > 0, connid: 0 > 10:16:04.7459507 AM Tomcat9.exe 1932TCP Send > Sage-Web03.sage.local:49196 -> Sage-Web03.sage.local:49197SUCCESS > Length: 1, startime: 12341635, endtime: 12341635, seqnum: 0, connid: 0 > ## > ## > ### > > Attaching an image of my findings as well > > Thank You, > > D Delage > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org