Re: Tomcat JMX remote
I suggest the following additional params: -Dcom.sun.management.jmxremote.host=ip-address -Djava.rmi.server.hostname=ip-address, same as above For me, this (with the options below, of course) works as expected. wbr Johann From: Adrien RUFFIE Sent: Thursday, December 06, 2012 4:03 PM To: users@tomcat.apache.org Subject: Tomcat JMX remote Hello all, I have a tomcat6 installed in one debian, But openjdk6 is installed and I try to active JMX access on the throught the network On my tomcat, but it doesn’t work … I use following option (CATALINA_OPTS or JAVA_OPTS I have try two): set CATALINA_OPTS=-Dcom.sun.management.jmxremote \ -Dcom.sun.management.jmxremote.port= \ -Dcom.sun.management.jmxremote.ssl=false \ -Dcom.sun.management.jmxremote.authenticate=true \ -Dcom.sun.management.jmxremote.password.file=../conf/jmxremote.password \ -Dcom.sun.management.jmxremote.access.file=../conf/jmxremote.access \ My tomcat is launched correctly with following jvm parameter: root@rd4-was7:/usr/local# ps -ef | grep java root 23943 1 0 15:30 pts/200:00:01 /usr/lib/jvm/java-6-openjdk/jre/bin/java -Djava.util.logging.config.file=/usr/local/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.sun.management.jmxremote.port= -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.endorsed.dirs=/usr/local/tomcat6/endorsed -classpath /usr/local/tomcat6/bin/bootstrap.jar -Dcatalina.base=/usr/local/tomcat6 -Dcatalina.home=/usr/local/tomcat6 -Djava.io.tmpdir=/usr/local/tomcat6/temp org.apache.catalina.startup.Bootstrap start But I cannot access with my JVisualVM: Cannot connect to tomcat@192.168.101.160: using service:jmx:rmi///jndi/rmi://192.168.101.160:/jmxrmi Tomcat of tomcat@192.168.101.160 must be are a user on my debian ? Because the current tomcat user is “tomcat6” on file system Attached file is my catalina.sh Any one have an idea ? Bien cordialement, Adrien RUFFIE Ingénieur RD 40, rue du Village d’Entreprises 31670 Labège www.e-deal.com LD : +33 1 73 03 29 50 Std : +33 1 73 03 29 80 Fax : +33 1 73 01 69 77 a.ruf...@e-deal.com E-DEAL soutient le Pacte Mondial de l'ONU - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: tomcat not working with HTTPS
As I unterstand the mails before, you are merging Java-Certificates with
OpenSSL ones.
In the Tomcat connector you should use a SUN-JKS keystore instead of
PEM-Files (usually created by OpenSSL utilities).
Enter Tomcat SSL keystore in Google to get the recommended how-to.
Be aware of the following recommendations (even though there are
alternatives, but first you should get working your SSL connector):
- To work with Tomcat, the referenced keystore must contain a certificate
with the -alias tomcat, usually with the default password changeit (the
same as cacerts keystore has).
- To create the needed keystore you need to use the keytool utility of the
JDK (or a GUI based utility like Porteclè).
- Don't forget to add the chain to cacerts by the keytool argument
-trustcacerts when importing the signed certificate.
Regards,
Johann
-Ursprüngliche Nachricht-
Von: Neha Agrawal [mailto:[EMAIL PROTECTED]
Gesendet: Samstag, 12. Jänner 2008 01:50
An: Tomcat Users List
Betreff: RE: tomcat not working with HTTPS
hi!
Connector port=8443 maxHttpHeaderSize=8192
maxThreads=150 minSpareThreads=25
maxSpareThreads=75
enableLookups=false
disableUploadTimeout=true
acceptCount=100 scheme=https
secure=true
SSLEngine=on
SSLCertificateFile=${catalina.base}/conf/localhost.crt
SSLCertificateKeyFile=${catalina.base}/conf/localhost.key
SSLPassword=phrase
/
is in my server.xml file
where 'phrase' is the secret phrase when i created the
newkey.pem
Are you sure you're building a keystore compatible
with OpenSSL?
what exactly does it imply?
as i wrote earlier i just created a New CA its private
key,
then generateda new certificate request
thus i got newcert.pem and newkey.pem
I did this using CA.pl and openssl.cnf fro mthe source
code of open-ssl
these 2 files are copied to localhost.key and .cert in
the connector...
i dont know what to do with the .keystore file
it is in JKS format and i have done any import/export
operation
can someone guide me on this please
neha
Unlimited freedom, unlimited storage. Get it now, on
http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5.0.28 and SSL setup
If you are still looking for a solution:
There is a mismatch in your informations: you wrote, the keystore file would
be located in your home directory but in the connector properties the
keystore is referenced to be located at /user/machine/.keystore: are you
aware of this difference?
Johann
- Original Message -
From: Tami Corn [EMAIL PROTECTED]
To: users@tomcat.apache.org
Sent: Saturday, January 05, 2008 3:10 PM
Subject: tomcat 5.0.28 and SSL setup
My problem: Port 8443 won't open. But I can see port 8080.
Running Tomcat 5.0.28 on Mac OS 10.4.11 (no firewall yet).
I'm not using a self-assigned cert. I created a CSR request, got my
certs and have imported my certs in the following order using Terminal.
Everything I have researched says they have to be installed in a
particular order or the will not work.:
root - AddTrustExternalCARoot.crt
inter - UTNAddTrustServer_CA.crt
chain - NetworkSolutions_CA.crt
tomcat - mydomain.com.crt
(My keystore is located my user's home directory along with a folder that
has the certs in it.)
If I printcerts in Terminal, they look good to me compared to
documentation and examples online. (howeverI'm a newbie.)
I have uncommented the connector port in the server.xml config.
Connector port=8443
maxThreads=100 minSpareThreads=5 maxSpareThreads=25
enableLookups=false disableUploadTimeout=true
acceptCount=100 debug=0 scheme=https secure=true
clientAuth=false sslProtocol=TLS keyAlias=tomcat
keystoreFile=/Users/machine/.keystore keystorePass=... /
Tomcat Log shows:
2008-01-05 07:25:56 StandardContext[/servlets-examples] ContextListener:
attributeReplaced ('org.apache.catalina.WELCOME_FILES',
'[Ljava.lang.String;@8e7b84')
2008-01-05 07:25:56 StandardContext[/servlets-examples] ContextListener:
attributeReplaced ('org.apache.catalina.WELCOME_FILES',
'[Ljava.lang.String;@4f53eb')
2008-01-05 07:25:56 StandardContext[/servlets-examples] ContextListener:
attributeReplaced ('org.apache.catalina.WELCOME_FILES',
'[Ljava.lang.String;@e6b82')
2008-01-05 07:25:56 StandardContext[/servlets-examples] SessionListener:
contextDestroyed()
2008-01-05 07:25:56 StandardContext[/servlets-examples] ContextListener:
contextDestroyed()
2008-01-05 07:25:56 StandardContext[/jsp-examples]ContextListener:
attributeReplaced('org.apache.catalina.WELCOME_FILES',
'[Ljava.lang.String;@8e45a8')
2008-01-05 07:25:56 StandardContext[/jsp-examples]ContextListener:
attributeReplaced('org.apache.catalina.WELCOME_FILES',
'[Ljava.lang.String;@7f3202')
2008-01-05 07:25:56 StandardContext[/jsp-examples]ContextListener:
attributeReplaced('org.apache.catalina.WELCOME_FILES',
'[Ljava.lang.String;@ac5c8b')
2008-01-05 07:25:56 StandardContext[/jsp-examples]SessionListener:
contextDestroyed()
2008-01-05 07:25:56 StandardContext[/jsp-examples]ContextListener:
contextDestroyed()
2008-01-05 07:29:44 StandardContext[/balancer]Exception starting filter
BalancerFilter
java.lang.NoClassDefFoundError: org/apache/commons/digester/Digester
at org.apache.webapp.balancer.RulesParser.createDigester
(RulesParser.java:65)
at org.apache.webapp.balancer.RulesParser.init(RulesParser.java:43)
at org.apache.webapp.balancer.BalancerFilter.init (BalancerFilter.java:79)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter
(ApplicationFilterConfig.java:225)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef
(ApplicationFilterConfig.java:308)
at org.apache.catalina.core.ApplicationFilterConfig.init
(ApplicationFilterConfig.java:79)
at org.apache.catalina.core.StandardContext.filterStart
(StandardContext.java:3698)
at org.apache.catalina.core.StandardContext.start
(StandardContext.java:4349)
at org.apache.catalina.core.ContainerBase.addChildInternal
(ContainerBase.java:823)
at org.apache.catalina.core.ContainerBase.addChild
(ContainerBase.java:807)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java: 595)
at org.apache.catalina.core.StandardHostDeployer.install
(StandardHostDeployer.java:277)
at org.apache.catalina.core.StandardHost.install(StandardHost.java:832)
at org.apache.catalina.startup.HostConfig.deployDirectories
(HostConfig.java:701)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java: 432)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:983)
at org.apache.catalina.startup.HostConfig.lifecycleEvent
(HostConfig.java:349)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent
(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java: 1091)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:789)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java: 1083)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java: 478)
at org.apache.catalina.core.StandardService.start
(StandardService.java:480)
at
Re: Setting Memory Limit per Virtual Host
We are running into some issues on a shared hosting machine. Basically Java is eating too much memory! :-) Is it possible to set the amount of memory that a virtual host is allowed to consume? Perhaps in the server.xml We have the overall JVM set to use 1024mb of ram, but it is getting to the point where it is exceeding this Be aware, if you limit the JVM heap size, that it additionally consumes memory on stack for each thread. Try to reduce max heap size to approximately 768 MB in your case. Johann - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: Enhancing Tomcat Speed
Richard Reyes wrote: I have not had the chance to try the heap size and class reloading thing, but would still like to learn on other might be areas of improvements. To be able to influence the memory consumption (e.g. to tune the PermGen-Space) is the main criteria and most efficient way to speed up your application. Johann - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem with Tomcat 5.5
To ensure you have a valid keystore with the included private key and a refer to an alias 'tomcat' I recommend strongly to create a new keystore as described in the reference (see links in other answer mails). At least you can create a self-signed certificate if you don't need one signed by a trusted CA. To check if SSL is running you can test it from a Linux or Unix box with installed OpenSSL with the following command: echo -e GET /jsp-examples/index.jsp HTTP/1.0\r\n\r\n|openssl s_client -connect localhost:8443 -ssl3 -debug -quiet Replace URI-context and welcome file, replace hostname and port if neccessary, change SSL mode to ssl2 or tsl as needed Johann - Original Message - From: Bob Grabbe [EMAIL PROTECTED] To: 'Tomcat Users List' users@tomcat.apache.org Sent: Monday, November 26, 2007 10:48 PM Subject: RE: SSL problem with Tomcat 5.5 OK, I've attached a new file with the startup. Unfortunately I'm not seeing anything in any logs that indicate any https requests. Just in case, what's the command to generate a new empty keystore file ? I've seen the notes on the tomcat docs for creating the csr, but I didn't do that this time. I might try it though, if I can get godaddy to go through the process with me again, Thanks Bob Grabbe University of Michigan [EMAIL PROTECTED] _ Research is the process of going up alleys to see if they are blind. -- Marston Bates -Original Message- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Monday, November 26, 2007 4:09 PM To: Tomcat Users List Subject: Re: SSL problem with Tomcat 5.5 What would be best would be catalina.log at startup, showing whether the SSL connector started cleanly. And of course, any log entry relating specifically to an HTTPS request. I didn't generate a new csr, I figured renewing the cert shouldn't need that. Do I need to go through that or should I be able to just renew it ? Dunno about GoDaddy, but when I renew a Thawte cert for one of my sites, I have to generate a new cert request. So I just create a new keystore file, named something like keystore-example.com-2007, and use that for the new cert. HTH! -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5 - Virtualhost - context configuration for the zero path
I have moved the docBase to /vhosts/past-int/PaST and I have modified the CATALINA_BASE/conf/EngineName/HostName/ROOT.xml to direct docBase to the new phyiscal path. After stopping the JVM, deleting the CATALINA_BASE/work/EngineName/HostName/_ and starting up the JVM again I get a NullPointer Exception: Stacktrace: org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWra pper.java:506) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:3 95) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause java.lang.NullPointerException org.apache.struts.util.RequestUtils.pageURL(RequestUtils.java:1596) org.apache.struts.util.RequestUtils.computeURL(RequestUtils.java:541) org.apache.struts.taglib.html.RewriteTag.doStartTag(RewriteTag.java:99) org.apache.jsp.administration.index_jsp._jspx_meth_html_rewrite_0(index_jsp. java:149) org.apache.jsp.administration.index_jsp._jspService(index_jsp.java:82) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:3 34) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) I have controlled all settings again to avoid a mistake, so I am sure I have done the suggested settings right. Maybe there is another setting needed to be considered? @Martin, who wrote: What is context-root specified as? I am not sure what you mean with context-root, for me it is path=. Johann - Original Message - From: Mark Thomas [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Sunday, November 18, 2007 4:43 PM Subject: Re: Tomcat 5.5 - Virtualhost - context configuration for the zero path Schadler Johann wrote: I would prefer to use an explicit method to define a context, not only the implicit possibility by naming the WAR file to something which doesn't refer anyway to the service provided in the physical directory ROOT. Is there a possibility to do this in may way? Place your directory outside of a host's appBase. Place ROOT.xml in CATALINA_BASE/conf/EngineName/HostName and then the docBase attribute of the Context element inside ROOT.xml will be honoured. You should not specify a path as this is inferred from the name of the xml file. Mark - To start a new topic, e-mail: mailto:users@tomcat.apache.org users@tomcat.apache.org To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] [EMAIL PROTECTED]
Tomcat 5.5 - Virtualhost - context configuration for the zero path
We usually use Tomcat instances without Apache connector and we could do this without problems with Tomcat 4.x until now by defining a docBase to the path= in a context located in the server.xml. (Usually we configure virtualhosts for a service with the default path - no additional context must be entered by the user). In Tomcat 5.5 (we didn't use Tomcat 5.0, so I don't know if there are similiar changes) there seems to be only one possibility to configure a context with path : to rename the WAR file to ROOT.war and place it in the appBase of the virtualhost. The expected equivalent to configure the -path explicitly seems not to work. I tried to create the file: CATALINA_BASE/conf/EngineName/HostName/ROOT.xml as follows: Context override=true displayName=PaST2 docBase=/opt/jakarta5_jvm2/webapps3/PaST path= !-- other settings, like log valves and so on -- /Context Requesting the URL http://%3cHostName%3e[/ http://HostName[/] results in an HTTP 404 error, Resource Not Found. After renaming the directory PaST to ROOT in the appBase=/opt/jakarta5_jvm2/webapps3 the service is reachable with the URL above. I would prefer to use an explicit method to define a context, not only the implicit possibility by naming the WAR file to something which doesn't refer anyway to the service provided in the physical directory ROOT. Is there a possibility to do this in may way? Johann
