Re: where is sign.sh from mod_ssl ???
A good HOWTO about Certificate Management and creating your own CA is on http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/c118.html Another one is here: http://www.corserv.com/freebsd/apache-ssl-howto.html (not so detailed, but not that good either) At 15:28 25.07.2003 +1000, you wrote: Hi! I am going throug a couple of books (O'Reilly OpenSSL and SAM Maxum Apache Security) and HOWTOs, I haven't come across instructions to set up a CA yet. Can you please oint me in the right direction ? TIA :( Bill Barker wrote: It seems that it is only distributed with the Apache-1.3.x version of mod_ssl. In my experience, it is usually worth the trouble in the long run to do a full setup for a CA (i.e. what 'openssl ca ...' expects) if you need to issue your own certs. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi. The HOWTO instructions on http://httpd.apache.org/docs-2.0/ssl/ssl_fag.html said I need a sign.sh script for signing server.csr. It is supposed to be distributed with mod_ssl. Mabe I should download and unpack the latest mod_ssl and look for it again... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: where is sign.sh from mod_ssl ???
I don't know about Redhat's openssl installation, but propably it spreads over several directories. However there should be an openssl.conf somewhere, maybe its in /etc/openssl.conf or /usr/local/openssl/openssl.conf If you can't find it, this might help: find /etc -name openssl.conf or find /usr -name openssl.conf Installing openssl from source would also help getting a clean (and more secure) openssl installation with everything in one directory. And don't mix up Apache2 ssl.conf with openssl.conf, they've got nothing to do with each other. In Apache 1 all the SSL stuff was in httpd.conf, in Apache 2 they just put that into conf/ssl.conf. At 19:22 25.07.2003 +1000, you wrote: Hi. Thanks, I got EngelSchall's sign.sh. I am going through exactly those doco as we speak, I think the problem with the documentation is that they refer to dfferent versions than mine. On my default RH7.1 Linux installation, I do not have /usr/local/ssl or /etc/ssl/openssl.conf, yet it comes well equipped with /etc/httpd/conf/ssl.crt ad /etc/httpd/conf/ssl.key. On the other hand, the Apache2 httpd.conf uses an Include conf/ssl.conf which doesn't look like the instructions on the documentation. I am so confused, I need a beer. S, I won't be finishing the task this week. Simon Pabst wrote: A good HOWTO about Certificate Management and creating your own CA is on http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/c118.html Another one is here: http://www.corserv.com/freebsd/apache-ssl-howto.html (not so detailed, but not that good either) At 15:28 25.07.2003 +1000, you wrote: Hi! I am going throug a couple of books (O'Reilly OpenSSL and SAM Maxum Apache Security) and HOWTOs, I haven't come across instructions to set up a CA yet. Can you please oint me in the right direction ? TIA :( Bill Barker wrote: It seems that it is only distributed with the Apache-1.3.x version of mod_ssl. In my experience, it is usually worth the trouble in the long run to do a full setup for a CA (i.e. what 'openssl ca ...' expects) if you need to issue your own certs. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi. The HOWTO instructions on http://httpd.apache.org/docs-2.0/ssl/ssl_fag.html said I need a sign.sh script for signing server.csr. It is supposed to be distributed with mod_ssl. Mabe I should download and unpack the latest mod_ssl and look for it again... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: where are sign.sh and openssl.conf ?
Ah you got me confused myself there a bit, just looked it up on my SuSE 8.1, its openssl.cnf not .conf And if openssl is installed (and it must be, since Apache successfully compiled with ssl) it must be somewhere. However doing a clean install of openssl is still the best way to do it, since Redhat rpm's are propably not up to date. At 20:22 25.07.2003 +1000, you wrote: Hi. Unbelievable, I searched all the servers for openssl.conf and found nothing. Some of these are stock standard default installatio sraight from the distro CDs from RH. I am going to install OpenSSL from sratch this weekend and ditch RH's distro copy. find /usr openssl.conf -type f find /usr -name openssl.conf etc... Nope. I mean, when you configure these things, the sey parametric values have to go somewhere, right ? That does it, download, compile, install OpenSSL this weekend. Ouch! Simon Pabst wrote: I don't know about Redhat's openssl installation, but propably it spreads over several directories. However there should be an openssl.conf somewhere, maybe its in /etc/openssl.conf or /usr/local/openssl/openssl.conf If you can't find it, this might help: find /etc -name openssl.conf or find /usr -name openssl.conf Installing openssl from source would also help getting a clean (and more secure) openssl installation with everything in one directory. And don't mix up Apache2 ssl.conf with openssl.conf, they've got nothing to do with each other. In Apache 1 all the SSL stuff was in httpd.conf, in Apache 2 they just put that into conf/ssl.conf. At 19:22 25.07.2003 +1000, you wrote: Hi. Thanks, I got EngelSchall's sign.sh. I am going through exactly those doco as we speak, I think the problem with the documentation is that they refer to dfferent versions than mine. On my default RH7.1 Linux installation, I do not have /usr/local/ssl or /etc/ssl/openssl.conf, yet it comes well equipped with /etc/httpd/conf/ssl.crt ad /etc/httpd/conf/ssl.key. On the other hand, the Apache2 httpd.conf uses an Include conf/ssl.conf which doesn't look like the instructions on the documentation. I am so confused, I need a beer. S, I won't be finishing the task this week. Simon Pabst wrote: A good HOWTO about Certificate Management and creating your own CA is on http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/c118.html Another one is here: http://www.corserv.com/freebsd/apache-ssl-howto.html (not so detailed, but not that good either) At 15:28 25.07.2003 +1000, you wrote: Hi! I am going throug a couple of books (O'Reilly OpenSSL and SAM Maxum Apache Security) and HOWTOs, I haven't come across instructions to set up a CA yet. Can you please oint me in the right direction ? TIA :( Bill Barker wrote: It seems that it is only distributed with the Apache-1.3.x version of mod_ssl. In my experience, it is usually worth the trouble in the long run to do a full setup for a CA (i.e. what 'openssl ca ...' expects) if you need to issue your own certs. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi. The HOWTO instructions on http://httpd.apache.org/docs-2.0/ssl/ssl_fag.html said I need a sign.sh script for signing server.csr. It is supposed to be distributed with mod_ssl. Mabe I should download and unpack the latest mod_ssl and look for it again... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: To PEM or not to PEM in OpenSSL ???
1. Generate a private key: openssl genrsa -des3 -out privkey.pem 2048 (this should prompt you for a passphrase)http://www.openssl.org/docs/HOWTO/keys.txt 2. a) Generate a self-signed test certificate: openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 2. b) If you want to use a Trust-Center signed SSL certificate, you need to create a certificate signing request (CSR) and submit it to a Certificate Authority (CA): openssl req -new -key privkey.pem -out cert.csr http://www.openssl.org/docs/HOWTO/certificates.txt Some Certificate Authorities: http://www.verisign.com/ http://www.thawte.com/ http://www.instantssl.com/ At 17:27 24.07.2003 +1000, you wrote: Hi. My quixotic tilt at mod_ssl continues... I am into my second book on this subject matter. Okay, let's put that in that too-hard basket for the moment. Let's make OpenSSL work first. It does. It asks me whether I want to DER or PEM. I take PEM. Then it tells me not enough random data. So I did this: # openssl -rand -des3 -out server.key 1024 That skipped the PEM bit, BUT how do I get it to challenge with a pass phrase dialogue ? Do all of you use PEM ? Regards, Discombobulated... Perplexed in search of perspicacity is the first sign of neurosis. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where is mod_jk2?
Latest (source) releases with mod_jk2 (from oldest to newest) : http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.24/src/jakarta-tomcat-connectors-4.1.24-src.tar.gz http://jakarta.apache.org/builds/jakarta-tomcat-connectors/release/v1.1M1/ http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.26-alpha/src/jakarta-tomcat-connectors-4.1.26-src.tar.gz Latest binary releases: Linux i386: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk2/release/v2.0.1/bin/linux/i386/ Win32: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk2/release/v2.0.2/bin/win32/ Redhat 7.2: http://www.johnturner.com/howto/mod_jk2/rh72-2.0.2-mod_jk2.so The various guides have also often links to them: http://jakarta.apache.org/tomcat/faq/connectors.html I agree its a shambles though :-) At 21:10 23.07.2003 -0700, you wrote: Maybe I overlooked something, but I cannot find a link to download mod_jk2 (or coyote) for Apache 1.3.27 to talk with Tomcat at the jk2 website (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/index.html). Does anyone know where the link to download mod_jk2 is? I find it incredible that there is no link to download jk2 at the jk2 website. There is only a link for mod_jk. TIA. __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: FW: question
At 10:42 24.07.2003 +0200, you wrote: Question : I've made a servlet and I can run it when I type the url : http://server.mynetwork.be:8080 http://server.mynetwork.be:8080 The URL will automatically switch to https://server.mynetwork.be:8443/index.html https://server.mynetwork.be:8443/index.html , this is ok. But if anyone types the URL http://server.mynetwork.be:8443 http://server.mynetwork.be:8443 (so no secure html, but on the secured port 8443) than I get some strange things : With Netscape I get a dialog : You have chosen to download a file of type: application/octet-stream from http://server.mynetwork.be:8443/ http://server.mynetwork.be:8443/, What shoul Netscape 6 do with this file ? * Open Using * Save to Disk With I.E. , the file opens immediately in the browser, displaying ''. The name of the file is always random. Apache is better regarding that, it puts out an error message, saying that you're speaking plain http to a https port. That isn't implemented in Tomcat i guess, so the browsers get some weird content and behave each in another way then. How can I prevent this ? Is there a way that if someone types http://server.mynetwork.be:8443/ http://server.mynetwork.be:8443 this person will get redirected to https://server.mynetwork.be:8443/index.html https://server.mynetwork.be:8443/index.html instead ? Don't know if it's possible to do redirects in Tomcat itself, however you could put Apache with mod_rewrite in front to do that. Greetings, Kris Vansant SIEMENS Atea [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] phone: +32 14 253049 mobile: Fax: +32 14 22 29 94 Mobile Solutions and Enabling Services http://www.ic.siemens.be http://www.ic.siemens.be/eng/default_rd.shtm The only thing more accurate than incoming enemy fire is incoming friendly fire. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Installing mod_ssl on Apache2+Tomcat+mod_jk setup...
Hmm i guess $APACHE_HOME points to Redhats Apache Home or where? The make should be done in the source directory, not in the Apache installation home. Just forget about the Redhat Apache and build apache completely from source, here's a step by step list (YMMV): = # Download the latest source (httpd-2.0.47.tar.gz) from http://httpd.apache.org/download.cgi tar -zxf httpd-2.0.47.tar.gz cd httpd-2.0.47 ./configure \ --prefix=/opt/apache2 \ --with-mpm=worker \ --enable-so \ --enable-rewrite \ --enable-ssl \ --with-ssl=/path/to/latest/openssl \ --enable-proxy # prefix sets the installation directory # mpm=worker compiles apache with multithreading support, needed for current mod_jk1/2 load balancing round robin to work properly # mod_so is needed for DSO support (so you can install other modules later without rebuilding the whole thing, recommended for mod_jk(2) # mod_rewrite is the swiss army knife for URL manipulation and always handy # mod_proxy is not really needed, but a possible alternative to connect to Tomcat # See http://httpd.apache.org/docs-2.0/mod/ make make install = And that openssl version problem, i'd suggest you try upgrading with a more recent openssl rpm if there is any, or you build and install the latest openssl yourself: # Download http://www.openssl.org/source/openssl-0.9.7b.tar.gz gtar -zxf openssl-0.9.7b.tar.gz cd openssl-0.9.7b ./configure --prefix=/path/to/somewhere/else/than/redhat_ssl make make install If you happen to run into any compilation problems, you propably have to upgrade some other system libraries as well. At 12:38 24.07.2003 +1000, you wrote: Well yes, I did that and configure ran normally after a make distclean (I think I maight have left some junk there from last time)... Then I tried doing this : # cd $APACHE_HOME # make # make certificate # make install make didn't work and complained No targets specified and no Makefile found. Stop I can clearly see makefile there ! Then I checked Apache, like this : # apachectl -l I do not see mod_ssl compiled into it. Having said all that, I still have another major concern about openssl-0.9.6-3 vulnerability. It seems that I am going through a lot of trouble installing a faulted version. All the research I have done sofar recommends installing a second openssl-0.9.7 alongside 0.9.6-3 because redHat7.1 has dependency problems otherside. This is very irritating ! TIA (DIV=danke im voraus?) :( Simon Pabst wrote: That configure of yours is not quite right: the following is required for Apache with SSL/HTTPS Support (still called mod_ssl): --enable-ssl this is only required if the auto detection of apache can't fint the installed open ssl: --with-ssl=/path/to/openssl At 17:49 23.07.2003 +1000, you wrote: Hiya, thanks for the tip. When I ran ./configure --help, the option --enable-ssl is missing. So I tried this : ./configure --with-apache= --with-ssl= --prefix= So komme ich auch nicht weiter ! Those options are not available in configure !?! TIA :( Simon Pabst wrote: This should go to Apache Mailing List propably. Apache 2 has its own mod_ssl included. You still need an installed OpenSSL to use mod_ssl, as how to configure: httpd-2.0.45 # ./configure --help|grep -i ssl --enable-sslSSL/TLS support (mod_ssl) --with-ssl=DIR SSL/TLS toolkit (OpenSSL) Tomcat Users List [EMAIL PROTECTED] schrieb am 14.07.03 09:56:52: Apache2.0.40 seems to ship with mod_ssl in the directory .../httpd-2.0.40/modules/ssl. But no mention of OpenSSL, although both ssl_util_ssl.c and ssl_util_ssl.h refer to OpenSSL. I ftp-ed openssl-0.9.76b.tar.gz , but they only tralk about Apache 1.3.24 as in : # configure with-apache=../apache_1.3.24 with-ssl=./open22l-0.9.6c etc Am I to understand there is no mod_ssl for Apache2+ ??? hr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Simon Pabst E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: mod_jk2 with jni+pcre, what for?
Unix sockets are a bit faster because the connection to Tomcat doesn't have to go through the whole tcp/ip layers. However with current hardware the difference with unix sockets is not so noticeable in most cases (your requests may get served one-two seconds faster), and using Jni/unix sockets may cause you more trouble than its worth that difference, it's worth a try though. Besides you're encouraged to use it, because the more people use it, the better it will become :-) At 01:22 24.07.2003 +0100, you wrote: Hi everybody, I'm trying different setups of mod_jk2 for our JSP application with Apache 2.0 acting as frontend. With the help of apachewiki and Simon Pabst I've succesfuly setup Tomcat 4.1.24 with Apache 2.0.47, running Sun JDK 1.4.1 with mod_jk2 2.0.2 (jni and pcre enabled), using Unix sockets (not TCP). Obviously Tomcat is running on the same machine as Apache... My question is: Why would I like to use this setup instead of the easier TCP/IP method? Would jni+Unix Sockets be faster? What does the Perl Regular Expressions do in all this thing? Thanks everybody, Ivan Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://uk.messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Diff betw ssh and my OpenSSL server.key and ca.key ?
SSL Web-Server Certificates have nothing to do with ssh_host keys, since SSH is something entirely different than HTTP(S)... ssh_host keys are used for verifying that remote machines can be trusted, when doing remote connections to other machines using SSH. The pem files you generated shouldn't go anywhere in those directories, but somewhere in a Tomcat or Apache directory: For Tomcat: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html For Apache: put the privkey.pem into apache/conf/ssl.key directory put the cacert.pem into apache/conf/ssl.crt directory At 18:51 24.07.2003 +1000, you wrote: In RH7.1 under /etc/ssh there are several ssh_host_* keys and config files. They seem to be for remote client logins. Would my newly generated OpenSSL keys and certificate conflict with them ??? What's the difference between the two ??? Sorry for the newbie questions... Simon Pabst wrote: 1. Generate a private key: openssl genrsa -des3 -out privkey.pem 2048 (this should prompt you for a passphrase)http://www.openssl.org/docs/HOWTO/keys.txt 2. a) Generate a self-signed test certificate: openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 2. b) If you want to use a Trust-Center signed SSL certificate, you need to create a certificate signing request (CSR) and submit it to a Certificate Authority (CA): openssl req -new -key privkey.pem -out cert.csr http://www.openssl.org/docs/HOWTO/certificates.txt Some Certificate Authorities: http://www.verisign.com/ http://www.thawte.com/ http://www.instantssl.com/ At 17:27 24.07.2003 +1000, you wrote: Hi. My quixotic tilt at mod_ssl continues... I am into my second book on this subject matter. Okay, let's put that in that too-hard basket for the moment. Let's make OpenSSL work first. It does. It asks me whether I want to DER or PEM. I take PEM. Then it tells me not enough random data. So I did this: # openssl -rand -des3 -out server.key 1024 That skipped the PEM bit, BUT how do I get it to challenge with a pass phrase dialogue ? Do all of you use PEM ? Regards, Discombobulated... Perplexed in search of perspicacity is the first sign of neurosis. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem finding css
href=/main.css looks like wrong syntax, either use: href=main.css (if your html files linking to that css file are in the same directory) or: href=/html/main.css (if your html files are somewhere else, you need to specify the URI to the CSS file, i.e. the local part of the URL without the Host- or DNS-name) At 12:34 24.07.2003 +0200, you wrote: Hi, I am using Apache 1.3 with tomcat 4.1.24. When I use netscape 7 to run my web application everything works fine. When I use e.g netscape 4 the style sheets can not be found. How do I have to configure Apache/tomcat ? In the html page the source is refered to as: link href=/main.css rel=stylesheet type=text/css Right now I have in http.conf: VirtualHost * DocumentRoot /home/oraedt/app/oracle/product/9iAS_1.0.2.2/jakarta-tomcat-4.1.24/webapps/iprweb ServerName upolu.sps.mot.com JkMount /iprweb/* ajp13 /VirtualHost Alias /html/ /home/minerva/servers/upolu/ipr_files/static_html/ The main.css is installed in /home/minerva/servers/upolu/ipr_files/static_html. Thanks for any hint .. Astrid - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to use SSL. (apache)
Download http://www.modssl.org/source/mod_ssl-2.8.14-1.3.27.tar.gz and follow the included INSTALL instructions. At 16:35 24.07.2003 +0530, you wrote: Hi, I installed apache_1.3.27.tgz . I want to make ssl run from browser. Which additional package do i need to install? OR some changes in httpd.conf will enable ssl. Thanks and regads anil. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: different port to have different base directory
well you found your own solution so no thanks needed :-) And your solution is even better, didn't knew it was possible that way. At 11:54 24.07.2003 -0500, you wrote: Thanks Simon. I added two services instead and it works ?xml version=1.0 encoding=UTF-8? Server port=8005 shutdown=SHUTDOWN debug=0 !-- Comment these entries out to disable JMX MBeans support -- !-- You may also configure custom components (e.g. Valves/Realms) by including your own mbean-descriptor file(s), and setting the descriptors attribute to point to a ';' seperated list of paths (in the ClassLoader sense) of files to add to the default list. e.g. descriptors=/com/myfirm/mypackage/mbean-descriptor.xml -- Listener debug='0' className='org.apache.catalina.mbeans.ServerLifecycleListener'/ Listener debug='0' className='org.apache.catalina.mbeans.GlobalResourcesLifecycleListener'/ !-- Global JNDI resources -- GlobalNamingResources !-- Test entry for demonstration purposes -- Environment name='simpleValue' type='java.lang.Integer' value='30'/ !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name='UserDatabase' type='org.apache.catalina.UserDatabase' description='User database that can be updated and saved' auth='Container' /Resource ResourceParams name='UserDatabase' parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container (and therefore the web applications visible within that Container). Normally, that Container is an Engine, but this is not required. Note: A Service is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- Service name=Tomcat-nonSSL Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=7081 minProcessors=5 maxProcessors=10 enableLookups=true redirectPort=443 acceptCount=10 debug=0 connectionTimeout=6 scheme=http secure=false/ Engine name=Standalone defaultHost=localhost debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.MemoryRealm/ Host name=localhost debug=0 appBase=webapps unpackWARs=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=common/ Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=localhost_log. suffix=.txt timestamp=true/ Context path= docBase=ROOT debug=0/ /Host /Engine /Service Service name=Tomcat-SSL Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=9443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=20 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=/home/murthi/.keystore keystorePass=changeit clientAuth=true protocol=TLS / /Connector Engine name=Standalone defaultHost=localhost debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_SSLlog. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.MemoryRealm/ Host name=localhost debug=0 appBase=secureapps unpackWARs=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_SSLlog. suffix=.txt pattern=common/ Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=test_localhost_log. suffix=.txt timestamp=true/ Context path= docBase=test debug=0/ /Host /Engine /Service /Server Cheers, Vijay. Simon Pabst wrote: forgot, you need to put that -f configfile stuff into two different shutdown.sh's too (i personally don't use the shutdown mechanism for stopping Tomcats, a kill -9 works better ;-) At 01:08 24.07.2003 +0200, you wrote: One tomcat with HTTP and HTTPS connector would be the simplest solution, just it won't work with the same context having two different directories (AFAIK). So either you use one tomcat and server.xml with two different Contexts, or you have use one tomcat installation, 2 different server.xml's, 2 different startup.sh's: conf/http_server.xml: HTTP Connector on 7080, shutdown port, context localservlet - $CATALINA_HOME/webapps/ conf/https_server.xml: HTTPS Connector on 7081, different
Re: Env var serverRoot or JkSet config.file
Where did you set export serverRoot=/opt/apache2 ? (without trailing
slash, though that shouldn't matter since most unixes tolerate double
slashes in a path)
It needs to be set in tomcat/bin/catalina.sh.
Besides now you say your config.file is /opt/httpd/conf/workers2.properties ?
Then serverRoot should be /opt/httpd , not /opt/apache2
At 19:17 24.07.2003 +0100, you wrote:
Thanks Eric, I forgot to mention is just set after
mod_jk2 LoadModule with full path, and file exists
LoadModule jk2_module modules/mod_jk2.so
JkSet config.file /opt/httpd/conf/workers2.properties
--- Eric J. Pinnell [EMAIL PROTECTED] wrote: Hi,
I use:
JkSet config.file
/usr/local/apache/conf/workers2.properties
you have to have the full system path in there. You
can't shortcut it
like you can in a LoadModule statement. (i.e.
modules/mod_jk2.so)
-e
On Thu, 24 Jul 2003, [iso-8859-1] Ivan Montoro
wrote:
Nicolas, Simon, many thanks for the previous
response.
To everybody else, hi again!
I'm a bit lost about configuration files with
Apache
2.0+Tomcat 4.1+mod_jk2... I was trying to lower
workers2.properties logger level to ERROR instead
of
INFO/DEBUG, but at startup Tomcat told me:
(error ) [jk_config_file.c (279)]
config.update():
Can't find config file
${serverRoot}/conf/workers2.properties
( info ) [jk_config.c (251)]
config.setAttribute()
Error setting config: file
${serverRoot}/conf/workers2.properties
I was using JkSet config.file at httpd.conf just
after LoadModule mod_jk2. Following instructions
from Nicolas' documents I did a export
serverRoot=/opt/apache2/ and everything worked
fine.
Did Tomcat/Apache ignored my order or I was doing
something wrong? I would rather prefer to have a
config line rather than another line in my mega
shell
script...
Thanks everybody
Ivan
Want to chat instantly with your online friends?
Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
Want to chat instantly with your online friends? Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: buiding 4.24
hmm weird, mod_jk2.so should be there after a successful make with no errors, what connector source release did you download? What was your jk2 configure? If you used --with-apache2 instead of --with-apxs2 then mod_jk2 won't be built as .so but instead as static module into httpd core. Maybe its somewhere else, try a find: find /path/to/jk - name '*.so' At 14:23 24.07.2003 -0400, you wrote: Ugh...I've seen this posted before but I don't use mod_jk2 so I didn't pay much attention to the answer. It will be in the archives somewhere, or perhaps someone else has the answer. John Mark F wrote: The compile completed with no problems but there is no 'make install' it says to remember to execute 'libtool --finish /usr/local/apache/modules' so I did but it didn't do anything that I can see. Also I can't find a mod_jk2.so. in the jk/build/jk2/apache2 directory there is mod_jk2.o but no mod_jk2.so ? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how 2 start tomcat from ms-dos command prompt without creating a new window ?
try the dos start command: start tomcat\bin\startup.bat (start /? for help) At 19:17 24.07.2003 +, you wrote: i have an question about how to start the tomcat servlet container as an windows-process from the ms-dos command prompt without getting a new cmd-window. Its that when i start my java server with STARTUP it makes a new command window and starts the new process in this new window. i know what in unix one can write nohup before calling the startscript too not to kill the process if u close ur telnet window, there has to be a way 2 do this, i hope u understand my question, thanx _ MSN Messenger http://www.msn.no/messenger - Den korteste veien mellom deg og dine venner - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how-to specify Java runtime options -Xmx128m, w/ Tomcat 4 as Win2k service
The 128m won't get used/allocated on Tomcat/Java start already (AFAIK), only when you do a lot of memory intensive things (you could use a webserver stress tool to increase the load on the server so memory grows) At 13:52 24.07.2003 -0400, you wrote: after assigning the following environment variables the java runtime options as follows: eg: JAVA_OPTS=-Xmx128m -Xms128m tried with: CATALINA_OPTS JAVA_OPTS amount of RAM memory used stayed aprox the same. Though i was expecting more memory to be used because of the extra memory that should have been allotted to java instance for Tomcat. Consequently, i am assuming that options were not applied by simply setting these environment variables, at least when Tomcat is started as a service. Where and how are java runtime options to be specified with Tomcat 4.1 (JDK 1.4.2) when it is started as a win2k service? [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: The JAVA_HOME environment variable is not defined. This environment variable is needed to run this program.
Set the JAVA_HOME in tomcat/bin/catalina.sh, not in your shell.
Since catalina.sh runs from sh and not tcsh, you need to use sh variable
syntax:
either:
JAVA_HOME=usr/java2
export JAVA_HOME
or:
export JAVA_HOME=usr/java2
At 13:39 24.07.2003 -0400, you wrote:
Hello everyone, hopefully someone can help me with an issue I am having
with Tomcat version 4. I am trying to install it on a SGI Octane 300 with
the Irix 6.5 O/S. I installed the JDK 1.4 to /usr/java2 and I pointed the
variable JAVA_HOME to there... I also created the CATALINA_HOME variable
to point to the tomcat install directory, but when i try to startup tomcat
with the startup.sh, i get the following error message: The JAVA_HOME
environment variable is not defined. This environment variable is needed
to run this program.
also I changed the port from 8080 to 6060 since 8080 was being used, and i
am unable to open the website on this system.
Additional information is that I am using the TCSH Shell.
Let me know if anyone has any idea, or needs more info, thanks!
-Original Message-
From: Eric J. Pinnell [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 1:31 PM
To: Tomcat Users List
Subject: Re: Env var serverRoot or JkSet config.file
Hi,
I use:
JkSet config.file /usr/local/apache/conf/workers2.properties
you have to have the full system path in there. You can't shortcut it
like you can in a LoadModule statement. (i.e. modules/mod_jk2.so)
-e
On Thu, 24 Jul 2003, [iso-8859-1] Ivan Montoro wrote:
Nicolas, Simon, many thanks for the previous response.
To everybody else, hi again!
I'm a bit lost about configuration files with Apache
2.0+Tomcat 4.1+mod_jk2... I was trying to lower
workers2.properties logger level to ERROR instead of
INFO/DEBUG, but at startup Tomcat told me:
(error ) [jk_config_file.c (279)] config.update():
Can't find config file
${serverRoot}/conf/workers2.properties
( info ) [jk_config.c (251)] config.setAttribute()
Error setting config: file
${serverRoot}/conf/workers2.properties
I was using JkSet config.file at httpd.conf just
after LoadModule mod_jk2. Following instructions
from Nicolas' documents I did a export
serverRoot=/opt/apache2/ and everything worked fine.
Did Tomcat/Apache ignored my order or I was doing
something wrong? I would rather prefer to have a
config line rather than another line in my mega shell
script...
Thanks everybody
Ivan
Want to chat instantly with your online friends? Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Installing mod_ssl on Apache2+Tomcat+mod_jk setup...
Jeez, obviously $APACHE_HOME points to an apache installation directory and not source, so no wonder your previous make didn't work. You don't need the source directory /usr/local/httpd-2.0.40 anymore, so you can delete it (or move somewhere else as backup). As for your previous configuration in the installation directory /usr/local/apache, i'd suggest you copy the relevant lines into the new apache config files and delete /usr/local/apache (or move somewhere else as backup). Besides i suggest posting any more Apache only problems to the related mailing list (To subscribe, send an empty message to [EMAIL PROTECTED] ) At 00:36 25.07.2003 +1000, you wrote: I actually downloaded and installed Apache2 recently, it is not the old version delivered in the distro. Before the make and make install, there were 2 directories : /usr/local/apache /usr/local/httpd-2.0.40 $APACHE_HOME points to /usr/local/apache I edit the files in $APACHE_HOME/conf and apache worked well like that. Then after running configure, make and make install from inside /usr/local/httpd-2.0.40, I ended up with 3 directories !?!, They are : /usr/local/apache /usr/local/apache2 /usr/local/httpd-2.0.40 The make install actually created and installed another apache for me, but since I have done a lot of work on the old i.e. /usr/local/apache aready, I must use that copy. So when you say the make should be done in the source directory, which one do you mean ??? I am very confused at the moment. Perhaps I should do it like this : ./configure --enable-ssl --with-ssl=/usr/bin --prefix=/usr/local/apache TIA :( Simon Pabst wrote: Hmm i guess $APACHE_HOME points to Redhats Apache Home or where? The make should be done in the source directory, not in the Apache installation home. Just forget about the Redhat Apache and build apache completely from source, here's a step by step list (YMMV): = # Download the latest source (httpd-2.0.47.tar.gz) from http://httpd.apache.org/download.cgi tar -zxf httpd-2.0.47.tar.gz cd httpd-2.0.47 ./configure \ --prefix=/opt/apache2 \ --with-mpm=worker \ --enable-so \ --enable-rewrite \ --enable-ssl \ --with-ssl=/path/to/latest/openssl \ --enable-proxy # prefix sets the installation directory # mpm=worker compiles apache with multithreading support, needed for current mod_jk1/2 load balancing round robin to work properly # mod_so is needed for DSO support (so you can install other modules later without rebuilding the whole thing, recommended for mod_jk(2) # mod_rewrite is the swiss army knife for URL manipulation and always handy # mod_proxy is not really needed, but a possible alternative to connect to Tomcat # See http://httpd.apache.org/docs-2.0/mod/ make make install = And that openssl version problem, i'd suggest you try upgrading with a more recent openssl rpm if there is any, or you build and install the latest openssl yourself: # Download http://www.openssl.org/source/openssl-0.9.7b.tar.gz gtar -zxf openssl-0.9.7b.tar.gz cd openssl-0.9.7b ./configure --prefix=/path/to/somewhere/else/than/redhat_ssl make make install If you happen to run into any compilation problems, you propably have to upgrade some other system libraries as well. At 12:38 24.07.2003 +1000, you wrote: Well yes, I did that and configure ran normally after a make distclean (I think I maight have left some junk there from last time)... Then I tried doing this : # cd $APACHE_HOME # make # make certificate # make install make didn't work and complained No targets specified and no Makefile found. Stop I can clearly see makefile there ! Then I checked Apache, like this : # apachectl -l I do not see mod_ssl compiled into it. Having said all that, I still have another major concern about openssl-0.9.6-3 vulnerability. It seems that I am going through a lot of trouble installing a faulted version. All the research I have done sofar recommends installing a second openssl-0.9.7 alongside 0.9.6-3 because redHat7.1 has dependency problems otherside. This is very irritating ! TIA (DIV=danke im voraus?) :( Simon Pabst wrote: That configure of yours is not quite right: the following is required for Apache with SSL/HTTPS Support (still called mod_ssl): --enable-ssl this is only required if the auto detection of apache can't fint the installed open ssl: --with-ssl=/path/to/openssl At 17:49 23.07.2003 +1000, you wrote: Hiya, thanks for the tip. When I ran ./configure --help, the option --enable-ssl is missing. So I tried this : ./configure --with-apache= --with-ssl= --prefix= So komme ich auch nicht weiter ! Those options are not available in configure !?! TIA :( Simon Pabst wrote: This should go to Apache Mailing List propably. Apache 2 has its own
RE: mod_rewrite and mod_jk
np, four eyes see more than two ;-) At 09:31 23.07.2003 +0200, you wrote: Simon, thanks, it did help. Looks like I missed it for some reason. Ori. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 6:34 PM To: Tomcat Users List Subject: RE: mod_rewrite and mod_jk Did you try this? http://www.mail-archive.com/[EMAIL PROTECTED]/msg97652.html At 09:31 22.07.2003 +0200, you wrote: I've seen many posts on the subject, yet none helped me. I've got a tomcat 4.1.24 webapp, connected via mod_jk to apache 2.0.46. for some reason, mod_jk takes precedence over mod_rewrite, for all urls mapped to mod_jk with JkMount directives. I tried switching the order of the LoadModules (jk before rewrite and vice versa), and tried moving around the mod_rewrite directives into the virtual host / server config- but still, mod_rewrite works only for urls which aren't mapped to mod_jk. does anyone have any idea? thanks, ori. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Installing mod_ssl on Apache2+Tomcat+mod_jk setup...
That configure of yours is not quite right: the following is required for Apache with SSL/HTTPS Support (still called mod_ssl): --enable-ssl this is only required if the auto detection of apache can't fint the installed open ssl: --with-ssl=/path/to/openssl At 17:49 23.07.2003 +1000, you wrote: Hiya, thanks for the tip. When I ran ./configure --help, the option --enable-ssl is missing. So I tried this : ./configure --with-apache= --with-ssl= --prefix= So komme ich auch nicht weiter ! Those options are not available in configure !?! TIA :( Simon Pabst wrote: This should go to Apache Mailing List propably. Apache 2 has its own mod_ssl included. You still need an installed OpenSSL to use mod_ssl, as how to configure: httpd-2.0.45 # ./configure --help|grep -i ssl --enable-sslSSL/TLS support (mod_ssl) --with-ssl=DIR SSL/TLS toolkit (OpenSSL) Tomcat Users List [EMAIL PROTECTED] schrieb am 14.07.03 09:56:52: Apache2.0.40 seems to ship with mod_ssl in the directory .../httpd-2.0.40/modules/ssl. But no mention of OpenSSL, although both ssl_util_ssl.c and ssl_util_ssl.h refer to OpenSSL. I ftp-ed openssl-0.9.76b.tar.gz , but they only tralk about Apache 1.3.24 as in : # configure with-apache=../apache_1.3.24 with-ssl=./open22l-0.9.6c etc Am I to understand there is no mod_ssl for Apache2+ ??? hr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Simon Pabst E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat stops serving jsp under load
Propably you have a memory leak or a too small Java Heap (Sun's default is 128m i think), so the old generation in your Java Heap hasn't any free memory anymore under load and does a lot of Full Garbage Collections which lead to Stop-the-world behaviour. Use the following Java Options to increase the Java Heap (example with 256 MB): -Xmx256m -Xms256m (setting maximum (Xmx) and initial (Xms) heapsize to same size is recommended) Use the following Java options to have GC/Heap logging (goes to catalina.out): -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintHeapAtGC For more Details on Garbage Collection see: http://java.sun.com/docs/hotspot/gc1.4.2/ http://wireless.java.sun.com/midp/articles/garbagecollection2/ At 09:15 23.07.2003 +0100, you wrote: Tomcat slows then eventually stops serving jsps under load (100+ concurrent users), html is always fine. The behaviour is sporadic and not easily reproducable but only occurs under load. Standalone (Coyote) 1.1.24, J2SDK1.4.1_03, Linux RH9. Anyone else experiencing this? Thanks Euan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: different port to have different base directory
One tomcat with HTTP and HTTPS connector would be the simplest solution,
just it won't work with the same context having two different directories
(AFAIK).
So either you use one tomcat and server.xml with two different Contexts, or
you have use one tomcat installation, 2 different server.xml's, 2 different
startup.sh's:
conf/http_server.xml: HTTP Connector on 7080, shutdown port, context
localservlet - $CATALINA_HOME/webapps/
conf/https_server.xml: HTTPS Connector on 7081, different shutdown port,
context localservlet - $CATALINA_HOME/secuareapps/
Modify last line of startup.sh:
bin/http_startup.sh: exec $PRGDIR/$EXECUTABLE start -f
${PRGDIR}/../conf/http_server.xml $@
bin/https_startup.sh: $PRGDIR/$EXECUTABLE start -f
${PRGDIR}/../conf/https_server.xml $@
Or leave startup.sh as it is and put the following into your tomcat init
script(s).
startup.sh -f /path/to/tomcat/conf/http[s]server.xml
See http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
for SSL/HTTPS configuration
At 17:06 23.07.2003 -0500, you wrote:
Hi,
I successfully configured tomcat for mutual authentication.
I would like to start tomcat server with 2 connectors listening at
http://localhost:7080
https://localhost:7081
But both of them should use different base directory. i.e., when I invoke
http://localhost:7080/localservlet
from my browser, tomcat should try to find this servlet in
$CATALINA_HOME/webapps/ location.
and if I invoke using https
https://localhost:7081/localservlet
it should try to find this servlet in $CATALINA_HOME/secuareapps/ location.
Is there any way of doing this without using virual hosts 'cuz I want the
same hostname.
Based on the port number (7080/7081) (or) protocol(http/https) they should
have different base root directory i.e., for example
I also do not want connections coming from http have access to look into
secureapps directory and https have access to webapps.
Have anybody tried this?
Thanks,
Vijay.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: different port to have different base directory
forgot, you need to put that -f configfile stuff into two different
shutdown.sh's too
(i personally don't use the shutdown mechanism for stopping Tomcats, a kill
-9 works better ;-)
At 01:08 24.07.2003 +0200, you wrote:
One tomcat with HTTP and HTTPS connector would be the simplest solution,
just it won't work with the same context having two different directories
(AFAIK).
So either you use one tomcat and server.xml with two different Contexts, or
you have use one tomcat installation, 2 different server.xml's, 2
different startup.sh's:
conf/http_server.xml: HTTP Connector on 7080, shutdown port, context
localservlet - $CATALINA_HOME/webapps/
conf/https_server.xml: HTTPS Connector on 7081, different shutdown port,
context localservlet - $CATALINA_HOME/secuareapps/
Modify last line of startup.sh:
bin/http_startup.sh: exec $PRGDIR/$EXECUTABLE start -f
${PRGDIR}/../conf/http_server.xml $@
bin/https_startup.sh: $PRGDIR/$EXECUTABLE start -f
${PRGDIR}/../conf/https_server.xml $@
Or leave startup.sh as it is and put the following into your tomcat init
script(s).
startup.sh -f /path/to/tomcat/conf/http[s]server.xml
See http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
for SSL/HTTPS configuration
At 17:06 23.07.2003 -0500, you wrote:
Hi,
I successfully configured tomcat for mutual authentication.
I would like to start tomcat server with 2 connectors listening at
http://localhost:7080
https://localhost:7081
But both of them should use different base directory. i.e., when I invoke
http://localhost:7080/localservlet
from my browser, tomcat should try to find this servlet in
$CATALINA_HOME/webapps/ location.
and if I invoke using https
https://localhost:7081/localservlet
it should try to find this servlet in $CATALINA_HOME/secuareapps/ location.
Is there any way of doing this without using virual hosts 'cuz I want the
same hostname.
Based on the port number (7080/7081) (or) protocol(http/https) they
should have different base root directory i.e., for example
I also do not want connections coming from http have access to look into
secureapps directory and https have access to webapps.
Have anybody tried this?
Thanks,
Vijay.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_rewrite and mod_jk
Did you try this? http://www.mail-archive.com/[EMAIL PROTECTED]/msg97652.html At 09:31 22.07.2003 +0200, you wrote: I've seen many posts on the subject, yet none helped me. I've got a tomcat 4.1.24 webapp, connected via mod_jk to apache 2.0.46. for some reason, mod_jk takes precedence over mod_rewrite, for all urls mapped to mod_jk with JkMount directives. I tried switching the order of the LoadModules (jk before rewrite and vice versa), and tried moving around the mod_rewrite directives into the virtual host / server config- but still, mod_rewrite works only for urls which aren't mapped to mod_jk. does anyone have any idea? thanks, ori. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Not finding my servlet ....
Tomcat Contexts are configured in server.xml If docBase is a relative path it points to a sub-directory of tomcat/webapps If you want to have your application directory somewhere else you need to use an absolute pathname for docBase. The docBase directory should contain the following subdirectories: # Application java classes dir WEB-INF/classes # Application jar/zip files dir WEB-INF/lib server.xml Context examples: Context path=/examples docBase=examples ... ... /Context Context path=/myapp docBase=/path/to/myapp debug=0 reloadable=true crossContext=true / See http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/context.html So if you want to use in your own servlet, either create a new Context and Directory or put it somewhere in tomcat/webapps/examples/ At 21:28 20.07.2003 -0400, you wrote: Hi All, I have Tomcat installed and running. I'm trying to get it to see a test sevlet but it can't seem to find it. I started looking at the example code that comes with the 4.1.24 release. I can call the HelloWorldExample servlet from my html code and it executes fine. I went through all of the configuration (.xml) files to see how this works and couldn't find HelloWorldExample anywhere. I assumed I entered my servlet in my web.xml incorrectly but now I'm confused since I can't find the example servlet in a .xml file. Can anyone shed some light? Thanks much ... Jeff seera naveen wrote: Hi, Where can I find information about Context? Currently I am using Sun ONE studio to assign context to a web application. But, how to assign a context to a web application manually? From the list, I found that by using Context element we can achieve that, but I am using Tomcat4.1.24 bundled with Jboss3.2.1. Please help me!! Thanks in advance. Naveen SMS using the Yahoo! Messenger;Download latest version. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 + Tomcat 4.1.24 - no sessions?
You need to use tomcatId jvmRoute for stickySession to work (don't know if it works with default settings), for example: workers2.properties: [channel.socket:localhost:8009] tomcatId=tomcat1 (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/configwebcom.html#workers) server.xml: Engine name=Standalone defaultHost=localhost debug=0 jvmRoute=tomcat1 Beware - in Tomcat 4.1.24 the jvmRoute example is spelled wrong ^- jmvRoute instead of jvmRoute Tomcat Users List [EMAIL PROTECTED] schrieb am 21.07.03 14:14:49: Hi, I upgraded my Tomcat 4.1.18 to 4.1.24, connected to Apache 2 using mod_jk2. However now Tomcat is not succeeding in sending any JSESSIONID cookies to clients if they connect via Apache. i.e: http://myhost:8080/myapp --- Tomcat sends JSESSIONID cookie OK http://myhost/myapp --- Tomcat does not send JSESSIONID cookie Both cases return pages correctly apart from this problem. Can anyone explain this? Is it a bug in Tomcat 4.1.24 / mod_jk2 ? Kind regards, Marc -- Marc Palmer Contract Java Consultant/Developer w a n g j a m m e r s java and web software design experts with an ethical outlook http://www.wangjammers.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Simon Pabst E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 + Tomcat 4.1.24 - no sessions?
hmm no, if you have just one Tomcat, it shouldn't be necessary. At 15:58 21.07.2003 +0100, you wrote: On Mon, 21 Jul 2003 16:43:05 +0200, Simon Pabst [EMAIL PROTECTED] wrote: You need to use tomcatId jvmRoute for stickySession to work (don't know if it works with default settings), for example: workers2.properties: [channel.socket:localhost:8009] tomcatId=tomcat1 (http://jakarta.apache.org/tomcat/tomcat-4.1- doc/jk2/jk2/configwebcom.html#workers) server.xml: Engine name=Standalone defaultHost=localhost debug=0 jvmRoute=tomcat1 Beware - in Tomcat 4.1.24 the jvmRoute example is spelled wrong ^- jmvRoute instead of jvmRoute Thanks for that - is this even necessary if I have just one tomcate instance? If so, this is surely a new feature of 4.1.24 because I'm pretty sure it worked fine with 4.1.18 Cheers -- Marc Palmer Contract Java Consultant/Developer w a n g j a m m e r s java and web software design experts with an ethical outlook http://www.wangjammers.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 + Tomcat 4.1.24 - no sessions?
Hmm works for me, (using Apache 2.0.45, mod_jk2 from jakarta-tomcat-connectors-4.1.24-src, Tomcat 4.1.24) What Apache/mod_jk2/Tomcat versions are you using? What AJP Connector are you using, how does the connector config in server.xml look like? At 17:43 21.07.2003 +0100, you wrote: On Mon, 21 Jul 2003 17:41:13 +0200, Simon Pabst [EMAIL PROTECTED] wrote: hmm no, if you have just one Tomcat, it shouldn't be necessary. I guessed as much. The thing is, I can see that the browser is just never getting the JSESSIONID cookies when accessing via Apache. If you access directly to Tomcat the JSESSIONID cookies come no problem. I just don't get it - this implies that mod_jk2 is stripping off the cookie response headers, or tomcat is not producing them through the jk connector. :( -- Marc Palmer Contract Java Consultant/Developer w a n g j a m m e r s java and web software design experts with an ethical outlook http://www.wangjammers.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk.conf-auto or /auto/mod_jk.conf (J. Turner)?
Coyote is not synonym for jk2, its just the new Tomcat Connector name, which you can use for HTTP (as in your case on port 8180), and AJP13 connections for both mod_jk 1 and 2 (on 8009 with protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler). See http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/connectors.html for a list. So everything should be all right. At 15:25 20.07.2003 +0200, you wrote: Hi, never having trouble with Apache 1.3, TomCat 3.x and mod_jk 1.2 - now - after upgrading to TomCat 4.1.24 I do not succeed in configuring the system to be accessible via port 80. I found following web sites that are recommended for getting information about how to integrate mod_jk (jk) with Apache 1.3.x and TomCat 4.x: http://www.johnturner.com/howto/rh72-howto.html and http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/aphowto.html#Installation While under jakarta.apache.org one can read that Include /var/tomcat3/conf/jk/mod_jk.conf-auto ... will tell Apache to use directives in the mod_jk.conf-auto file in the Apache configuration. This file is created by enabling the Apache auto-configuration as described in the Tomcat documentation. .. on John Turner´s web site you find following hint: ... add the following line at the very end: Include /usr/local/tomcat/conf/auto/mod_jk.conf Note: the mod_jk.conf file gets created by Tomcat when Tomcat starts. It gets created every time Tomcat starts. So, if you have your server.xml configured, you can ignore httpd.conf (in most cases) except to add the Include directive for mod_jk.conf. You don't need to create or edit mod_jk.conf. Well - following John´s instructions - I inserted following lines in my server.xml - which btw - is not mentioned with any word under the jakarta howto above: Host ... Listener className=org.apache.ajp.tomcat4.config.ApacheConfig modJk=/usr/local/apache2/modules/mod_jk.so / Server .. Listener className=org.apache.ajp.tomcat4.config.ApacheConfig append=true forwardAll=false modJk=/usr/local/apache2/modules/mod_jk.so / Moreover I commented out following line in the server.xml: Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0/ and disabled those lines: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=0 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ because they refer to the same port 8009 like the org.apache.ajp.tomcat4.Ajp13Connector class. (IS that correct? I only want to use jk and NOT jk2 - but nevertheless I find following line in the catalina.log after starting TomCat 4.1.24 - [INFO] Http11Protocol - -Starting Coyote HTTP/1.1 on port 8180 - Isn´t Coyote the synonym for jk2 ?): Starting TomCat 4.1.24 results in being able to access the example servlets via www.MyHost.com:8180. Under /usr/local/jakarta-tomcat4.1/conf/auto/ a file mod_jk.conf is created (so neither conf/jk/mod_jk.conf-auto NOR conf/auto/mod_jk.conf ) but without any text - it is empty. Hence I cannot tell Apache via the httpd.conf to include an empty mod_jk.conf. Why are there those different descriptions going around? And does anybody know how I can make my system produce a mod_jk.conf file for including it in Apache? Thanks and best regards Volker - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk.conf-auto or /auto/mod_jk.conf (J. Turner)?
Seems like your JkMount isn't working, since the error comes from Apache, what does the auto generated mod_jk.conf look like? At 17:15 20.07.2003 +0200, you wrote: Simon Pabst schrieb: Coyote is not synonym for jk2, its just the new Tomcat Connector name, which you can use for HTTP (as in your case on port 8180), and AJP13 connections for both mod_jk 1 and 2 (on 8009 with protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler). See http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/connectors.html for a list. So everything should be all right. Hi, 2 listener elements in the server.xml were reversed. After correcting this the auto-config (mod_jk.conf) is generated. NOW the mod_jk.conf is generated automatically under /usr/local/jakarta-tomcat4.1/conf/auto like you describe. catalina.out shows following: [INFO] Registry - -Loading registry information [INFO] Registry - -Creating new Registry instance [INFO] Registry - -Creating MBeanServer [INFO] Http11Protocol - -Initializing Coyote HTTP/1.1 on port 8180 Starting service Tomcat-Standalone Apache Tomcat/4.1.24 [INFO] Http11Protocol - -Starting Coyote HTTP/1.1 on port 8180 [INFO] ChannelSocket - -JK2: ajp13 listening on 0.0.0.0/0.0.0.0:8009 [INFO] JkMain - -Jk running ID=0 time=1/80 config=/usr/local/jakarta-tomcat4.1/conf/jk2.properties So obviously jk seems to be initialized - I hope (Jk running ...)! Unfortunately restarting the apache server to make him include the mod_jk.conf does not result in being able to access the servlets now via port 80. Port 8180 access (www.MyDomain.com:8180/examples/servlets) does still work. Apache´s error.log shows following when I try to access www.MyDomain.com:80/examples/servlets [Sun Jul 20 14:38:08 2003] [notice] caught SIGTERM, shutting down [Sun Jul 20 14:38:09 2003] [notice] Apache/1.3.27 OpenSSL/0.9.7 (Unix) mod_jk/1.2.3 configured -- resuming normal operations [Sun Jul 20 14:38:09 2003] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec) [Sun Jul 20 14:38:09 2003] [notice] Accept mutex: flock (Default: flock) [Sun Jul 20 14:38:23 2003] [error] [client 200.234.162.51] File does not exist: /usr/local/apache/htdocs/examples/servlets/ mod_jk.log is created under /tomcat/logs - but it is empty. Does anyone have a further hint or idea why I still cannot access the servlets via port 80? Thanks and regards Volker - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: per-context classpaths?
Sure thing, just use two different directories for the test and production webapp and put the jar files in /path/to/webapp-test/WEB-INF/lib and /path/to/webapp-prod/WEB-INF/lib and use two different Contexts: Context path=/test docBase=/path/to/webapp-test ... Context path=/prod docBase=/path/to/webapp-prod ... At 14:33 20.07.2003 -0400, you wrote: Hello, Is it possible to have different classpaths based on context definitions in server.xml? I'm asking because I have an 3rd-party JAR file which comes in two versions: testing and production. Unfortunately the vendor has named both JAR files the same -- it's just the classes inside that are different. I'd like to install them in different directories for each virtual host (test and production) and use the classpath to differentiate them. Are there any better suggestions as to how to approach this? Thanks, Gil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Solved!
If you put the proper ServerName in server.xml instead of localhost it should work too (unless of course you ain't got the same VirtualHost/ServerName a second time in httpd.conf), besides you should save the changed mod_jk.conf elsewhere, because Tomcat could overwrite it. IMO the auto-generated mod_jk.conf is only good for learning the proper setup anyway ;-) At 22:45 20.07.2003 +0200, you wrote: Volker schrieb: Simon Pabst schrieb: Seems like your JkMount isn't working, since the error comes from Apache, what does the auto generated mod_jk.conf look like? Hi, Ir e m o v e d following entry in the generated mod_jk.conf - and now - I can access the servlets via both port 8080 and 80: VirtualHost xxx.yyy.com ServerName xxx.yyy.com I replaced xxx.yyy.com with my server´s name before (and localhost) - both without success. Obviously it does not work if you already have a corresponding virtual host entry in the httpd.conf. Thanks again and best regards Volker - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: MOD_JK2 Error (shm.fil 13 Permission Denied)
Just put touch and chown shm.file in Apache control script (either apachectl or /etc/init.d/apache), and if you want in catalina.sh too At 16:11 18.07.2003 -0700, you wrote: My Apache HTTPD and Tomcat installation cosists for following version: 1. RedHat 8.0 2. Apache HTTPD 2.0.47 (from source) 3. Tomcat 4.1.24 (binary) 4. JK2 Connector (jakarta-tomcat-connector-4.1.24-src) I followed all the setup instructions to install JK2 connector. I am running HTTPD and Tomcat as same user (not as root ofcourse) [point to note here is that HTTPD is started as root but later switched to different user defined in httpd.conf file] A part of workers2.properties looks like: -- [shm:] info=Scoreboard. Required for reconfiguration and status with multiprocess servers file=/usr/local/apache/httpd/logs/shm.file size=100 debug=0 disabled=0 - I start HTTPD first, wait, and then Tomcat. Tomcat (MOD_JK2) reports errors as seen in the following log. I could the reason, why permission denied, since HTTPD starts up as root first and then switch to other user, in meantime shm.file gets created as root and so is not accessible by tomcat (which is started as other user and not root). INFO: Starting Coyote HTTP/1.1 on port 8080 [Fri Jul 18 15:16:27 2003] ( info ) [jk_config_file.c (320)] cfg.update() Updating config /usr/local/apache/httpd/conf/workers2.properties 0 1058551783 [Fri Jul 18 15:16:27 2003] ( info ) [jk_config_file.c (331)] config.setConfig(): Reading properties /usr/local/apache/httpd/conf/workers2.properties 7 [Fri Jul 18 15:16:27 2003] ( info ) [jk_logger_file.c (184)] Initializing log file stderr [Fri Jul 18 15:16:27 2003] (error ) [jk_shm.c (150)] shm.create(): error opening file /usr/local/apache/httpd/logs/shm.file 13 Permission denied [Fri Jul 18 15:16:27 2003] (error ) [jk_shm.c (358)] shm.create(): error mmapping /usr/local/apache/httpd/logs/shm.file [Fri Jul 18 15:16:27 2003] ( info ) [jk_workerEnv.c (403)] workerEnv.init() ok /usr/local/apache/httpd/conf/workers2.properties Jul 18, 2003 3:16:27 PM org.apache.jk.apr.AprImpl init INFO: JK2: Initialized apr Jul 18, 2003 3:16:27 PM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on /0.0.0.0:8009 Jul 18, 2003 3:16:27 PM org.apache.jk.common.ChannelUn init INFO: JK: listening on unix socket: /usr/local/apache/jakarta/tomcat/work/jk2.socket [Fri Jul 18 15:16:27 2003] ( info ) [jk_jni_aprImpl.c (472)] jkInvoke() invoke 593e1450 Jul 18, 2003 3:16:27 PM org.apache.jk.common.ChannelJni init INFO: JK2: listening on channel.jni:jni Jul 18, 2003 3:16:27 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=11/174 config=/usr/local/apache/jakarta/tomcat/conf/jk2.properties Consider other senario, assuming there is no such file like shm.file (since I started HTTPD before, so I shut it down and delete the shm.file), start Tomcat first it runs fine and does not log any error (see the log), I assume here that this is not a serious problem. Comments !!! INFO: Initializing Coyote HTTP/1.1 on port 8080 GlobalResourcesLifecycleListener: Naming exception processing jdbc: org.apache.naming.NamingContext:[EMAIL PROTECTED] javax.naming.NamingException: Could not create resource factory, ClassNotFoundException:org.apache.commons.dbcp.BasicDataSourceFactory Starting service Tomcat-Standalone Apache Tomcat/4.1.24-LE-jdk14 Jul 18, 2003 3:31:20 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 8080 [Fri Jul 18 15:31:20 2003] ( info ) [jk_config_file.c (320)] cfg.update() Updating config /usr/local/apache/httpd/conf/workers2.properties -2130427774 1058551783 [Fri Jul 18 15:31:20 2003] ( info ) [jk_config_file.c (331)] config.setConfig(): Reading properties /usr/local/apache/httpd/conf/workers2.properties 7 [Fri Jul 18 15:31:20 2003] ( info ) [jk_logger_file.c (184)] Initializing log file stderr [Fri Jul 18 15:31:20 2003] ( info ) [jk_workerEnv.c (403)] workerEnv.init() ok /usr/local/apache/httpd/conf/workers2.properties Jul 18, 2003 3:31:20 PM org.apache.jk.apr.AprImpl init INFO: JK2: Initialized apr Jul 18, 2003 3:31:20 PM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on /0.0.0.0:8009 Jul 18, 2003 3:31:20 PM org.apache.jk.common.ChannelUn init INFO: JK: listening on unix socket: /usr/local/apache/jakarta/tomcat/work/jk2.socket [Fri Jul 18 15:31:20 2003] ( info ) [jk_jni_aprImpl.c (472)] jkInvoke() invoke 5990f450 Jul 18, 2003 3:31:20 PM org.apache.jk.common.ChannelJni init INFO: JK2: listening on channel.jni:jni Jul 18, 2003 3:31:20 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=2/209 config=/usr/local/apache/jakarta/tomcat/conf/jk2.properties - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RES: Where can i find mod_webapp ?
Look at the docs: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/index.html and the archive: http://www.mail-archive.com/[EMAIL PROTECTED]/msg98062.html At 11:10 19.07.2003 -0300, you wrote: Sorry, but i guess i am a little bit confused. First, which file(s) should i download ? Second, where can i find the main steps to install it? Thanks, Euclides. -Mensagem original- De: Yann Cibron [mailto:[EMAIL PROTECTED] Enviada em: sabado, 19 de julho de 2003 11:01 Para: [EMAIL PROTECTED] Assunto: Re: Where can i find mod_webapp ? mod_webapp is deprecated, you should use mod_jk(2): http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/connectors.html Yann Hi, i am looking for a connector between Apache 1.3 and TomCat 4.1.18. Can anybody help me? Regards, Euclides. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK2 performance tuning
yes its milliseconds, my fault sorry At 00:08 18.07.2003 -0700, you wrote: Simon Pabst wrote: try reasonable values like 10 mins (600) Are you sure that is seconds...I think it's milliseconds. - Original Message - From: joseph lam [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, July 17, 2003 8:25 PM Subject: Re: JK2 performance tuning So nothing related to the jk2 connection between Apache and TC can be tuned? How many connections will Apache make? Auto grow? Joseph Lam Simon Pabst wrote: You can tune CoyoteConnector acceptCount and timeout values. acceptCount=10 should be fine, though you never know (test test test :-) timeout value (in seconds) shouldn't be set to 0 (infinite) or too high, else your socket count will go up much as time goes by (which not only consumes file descriptors but valuable JVM memory AFAIK), try reasonable values like 10 mins (600) (2 is suggested in jk2 doc). If timeout is too low you could get errors too (server not available), so test test test again. If you use mod_jk2 load balancing use multithreading Apache (worker mpm) At 20:25 17.07.2003 +0800, you wrote: I just got JK2 2.0.2 installed and working with Apache 2.0.47. Since my site will have high traffic and lots of concurrent connections, what parameters should I fine tune (other than the min/maxProcessor in server.xml) ? How does Apache manage its jk2 connections to Tomcat? Joseph Lam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK2 performance tuning
As far as i know: (this may be wrong and can be different on your system/configuration - test) Theoretically Apache will do as many connections as childs are used, on Apache 2 the default maximum is 150 i think. I read somewhere that suggested for Tomcat is to use a higher Coyote maxProcessors value than max. Apache childs. However since the socket reinitialization seems bugged, without a timeout in CoyoteConnector their count goes up high (counted over 3000 open sockets on a load test with one Tomcat, count seems to go down only on Tomcat restart) There is also a max_connections setting for JK2 ajp13 worker, although this is propably only useful when you use load balancing: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/configwebcom.html#workers At 11:25 18.07.2003 +0800, you wrote: So nothing related to the jk2 connection between Apache and TC can be tuned? How many connections will Apache make? Auto grow? Joseph Lam Simon Pabst wrote: You can tune CoyoteConnector acceptCount and timeout values. acceptCount=10 should be fine, though you never know (test test test :-) timeout value (in seconds) shouldn't be set to 0 (infinite) or too high, else your socket count will go up much as time goes by (which not only consumes file descriptors but valuable JVM memory AFAIK), try reasonable values like 10 mins (600) (2 is suggested in jk2 doc). If timeout is too low you could get errors too (server not available), so test test test again. If you use mod_jk2 load balancing use multithreading Apache (worker mpm) At 20:25 17.07.2003 +0800, you wrote: I just got JK2 2.0.2 installed and working with Apache 2.0.47. Since my site will have high traffic and lots of concurrent connections, what parameters should I fine tune (other than the min/maxProcessor in server.xml) ? How does Apache manage its jk2 connections to Tomcat? Joseph Lam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat+apache
If the 404 error comes from Apache your JkMount doesn't work properly (for 10.0.0.1) Look for errors in mod_jk.log or error_log. Also try putting a proper ServerName in httpd.conf (http://httpd.apache.org/docs/mod/core.html#servername) and set UseCanonicalName off (http://httpd.apache.org/docs/mod/core.html#usecanonicalname) At 16:25 18.07.2003 +0800, you wrote: Dear all, i can build the mod_jk and setup the apache + tomcat + j2sdk+mysql+jdbc sucessfully,now i still have some problems want to ask you!! when i testing the server in local,i can access the jsp file without specific the port number, for example:http://localhost/examples/jsp/index.htm when i use other computer to test it , it cannot access the jsp file for example:http://10.0.0.1/examples/jsp/index,htm(can not access!!) but if specific the port 8080,it can works!! for example:http://10.0.0.1:8080/examples/jsp/index.htm(can access) Also the apache is work,i can see the apache welcome page if i type http://10.0.0.1 regards,Frankie -- Webmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Q on Tomcat + Apache sessions
You can use mod_jk2 sticky session (on by default) when load balancing with it, then you can ignore Apache. However the round robin distribution of users sessions in mod_jk1 and 2 doesn't work properly at the moment for prefork Apache (1.x and 2.x in default configuration), see this thread: http://www.mail-archive.com/[EMAIL PROTECTED]/msg97638.html The downside of this approach is: if one Tomcat crashes, the Users on it will loose their session (have to ask yourself if you can live with that). The good thing is you don't need to change your application a bit. Alternative is Tomcat 4 Session Clustering (Tomcat 5 will have this on board), see http://cvs.apache.org/~fhanik/index.html All your session attributes need to implement java.io.Serializable then. However the author says that running mod_jk in front of Tomcat causes a lot of session replication errors to happen during load, so it may not be production worthy for you. Tomcat Users List [EMAIL PROTECTED] schrieb am 17.07.03 06:01:42: Would anyone pls tell me how sessions are kept and passed between Apache and Tomcat via jk2, e.g. whether it is completely transparent so that when I write session related codes in Tomcat I can ignore Apache? What about in a load balancing config (e.g. 1 Tomcat to 2 Apache, 1 Apache to two Tomcat)? Joseph Lam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Simon Pabst E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK2 Servlet Configuration Problem
Tomcat Users List [EMAIL PROTECTED] schrieb am 17.07.03 04:16:58: I'm running Tomcat 4.1.24 with Apache 2.0.46 using JK2 2.0.2 on a Red Hat 9 system (kernel 2.4.20). I followed the last HOWTO on the JK docs page (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/vhosthowto.html) and everything works great. Except it only specifies how to have *.jsp files sent to tomcat. None of my servlets work because JK2 is setup to only send requests ending in *.jsp to Tomcat. Here's what I have in workers2.properties: [uri:vegas.x.multivisioninc.com/*.jsp] worker=ajp13:localhost:8009 [uri:admin.vegas.x.multivisioninc.com/*.jsp] worker=ajp13:localhost:8009 My servlets all start at /action. If I change the uri path to /action/* then I loose JPSs. If I change it to * then it works, however, then tomcat is serving up my /images/* folder instead of Apache. I can't move all the JSPs under the /action directory. Is there any way to specify more than one uri per virtual host? Workaround for that: Put the servlets under a sub-directory then mount that directory additionally in workers2.properties: [uri:vegas.x.multivisioninc.com/servlets/*] worker=ajp13:localhost:8009 The documentation for JK is really bad. Someone should re-write it. Agree to that. A better way for configuration docs than the JK doc and the many JK guides on the internet would be propably if more people share their experiences and setup notices on a central site, like http://nagoya.apache.org/wiki/apachewiki.cgi?Tomcat/Jk2Connector Joe Krause -- Simon Pabst E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: javac vs. jikes (a corrected title now)
I tried jikes, it failed the testing though, as it produced compile errors for our app where javac did not. At 11:25 17.07.2003 -0300, you wrote: Hi people, I´m configuring Tomcat on Solaris as a production system to serve one app on our intranet. It really doesn´t have any static page, so we´ve decided not to integrate Apache. I´ve followed some of the optimization tasks suggested on tomcat docs for a production environment. One of them is to substitute javac by jikes and the question is: Does it really make any diff? The docs say that jikes is faster than javac and it can compile more than one jsp simultaneously. Do you do this substitution? Does it really worth? Thanks in advance JR Garcia === Jose Roberto M. Garcia ICQ: 64364941 TecnologistaCPTEC/INPE (12) 3186-8405 MCT - http://www.cptec.inpe.br === - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK2 performance tuning
You can tune CoyoteConnector acceptCount and timeout values. acceptCount=10 should be fine, though you never know (test test test :-) timeout value (in seconds) shouldn't be set to 0 (infinite) or too high, else your socket count will go up much as time goes by (which not only consumes file descriptors but valuable JVM memory AFAIK), try reasonable values like 10 mins (600) (2 is suggested in jk2 doc). If timeout is too low you could get errors too (server not available), so test test test again. If you use mod_jk2 load balancing use multithreading Apache (worker mpm) At 20:25 17.07.2003 +0800, you wrote: I just got JK2 2.0.2 installed and working with Apache 2.0.47. Since my site will have high traffic and lots of concurrent connections, what parameters should I fine tune (other than the min/maxProcessor in server.xml) ? How does Apache manage its jk2 connections to Tomcat? Joseph Lam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: which mod_jk.so to use with Apache 1.3
For Apache 1.3 you're better off with mod_jk1 since mod_jk2 requires APR libraries which aren't included with Apache 1.x. Building those on Solaris is propably compiler hell ;-). Download mod_jk 1 source here: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1.2.4/src/jakarta-tomcat-connectors-jk-1.2.4-src.tar.gz Build it: (see http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/aphowto.html#Building%20mod_jk%20on%20Unix ) tar -zxf jakarta-tomcat-connectors-jk-1.2.4-src.tar.gz cd jakarta-tomcat-connectors-jk-1.2.4-src/jk/native sh buildconf.sh #optional - set environment variable to use compiler optimizing (bash syntax) export CFLAGS=-O2 ./configure --with-apxs=/path/to/apache/bin/apxs #optional - needed for Apache with mod_ssl --enable-EAPI make cp ./apache-1.3/mod_jk.so /path/to/apache/libexec/ At 12:24 17.07.2003 +0200, you wrote: Hi, I try to connect tomcat 4.1.24 to an existing Apache 1.3 installation (Solaris 8). To do so I read I need mod_jk.so and I found a download page http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk2/release/v2.0.2/bin/solaris8/ but below it says to get * mod_jk2-1.3-eapi.so is for Apache 1.3.x with mod_ssl * mod_jk2-1.3-noeapi.so is for Apache 1.3.x without mod_ssl and they are not listed above. Has anyone done sth. similar and can tell me what to use if my plans aren't impossible (due to old Apache version) at all? Thanks. Astrid - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Integration with Apache (Tomcat cluster)
Use Apache 2 with worker mpm if you want round robin to work with mod_jk1/2 sticky session. Use mod_jk 1 or 2 as connector. See http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/aphowto.html http://www.johnturner.com/howto/apache-tomcat-howto.html http://nagoya.apache.org/wiki/apachewiki.cgi?Tomcat/Jk2Connector At 14:35 17.07.2003 +0600, you wrote: Hi all, I'm searching for the best way to Integrate tomcat with apache. is it using mod_jk or mod_webapp, or anyother method. regards Dasun - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat-ModJK2 -- [error] mod_jk child init 1 0
workaround for that: # Set mod_jk2 log level to emergency errors so logfiles don't get flooded (in workers2.properties): [logger] level=EMERG If you want try using a more recent mod_jk2 version (build from source - latest release: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/release/v1.1M1/src/tomcat-connectors-1.1M1-src.tar.gz ) and the updated coyote connector jar: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/coyote/release/v1.0-rc2/ (although they say on that site that you don't need to install coyote on Tomcat 4.1, that version is more recent than Tomcat 4.1.24) And set a shorter timeout in your JK2 CoyoteConnector (600 seconds or summat), so broken Sockets don't stay open too long At 21:08 16.07.2003 -0700, you wrote: Forgot to add this in the last email... I'm using Apache 2.0.46, Tomcat 4.1.24 and mod_jk2 version 2.0.2 configured with jni and pcre. Here is a snippet of catalina.out shortly after startup (it's in debug mode): StandardEngine[Tomcat-Apache-JK2]: setJvmRoute=localhost:8009 Starting service Tomcat-Apache Apache Tomcat/4.1.24 [INFO] ChannelSocket - -JK2: ajp13 listening on localhost.localdomain/127.0.0.1:8009 [INFO] JkMain - -Jk running ID=0 time=2/116 config=/usr/local/tomcat/conf/jk2.properties [INFO] ChannelSocket - -server has been restarted or reset this connection [INFO] ChannelSocket - -server has been restarted or reset this connection [INFO] ChannelSocket - -server has been restarted or reset this connection [INFO] ChannelSocket - -server has been restarted or reset this connection [INFO] ChannelSocket - -server has been restarted or reset this connection and on and on.. - Original Message - From: Simon Pabst [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 3:25 PM Subject: Re: Tomcat-ModJK2 -- [error] mod_jk child init 1 0 Post the JK2 configuration of your httpd.conf and workers2.properties and your AJP Connector configuration of tomcat/conf/server.xml and tomcat/conf/jk2.properties What Apache/mod_jk2/Tomcat version are you using? Is Tomcat running, are any errors in tomcat/logs/catalina.out? Did you build mod_jk2 with jni or any extra flags? At 16:26 16.07.2003 -0700, you wrote: Hi, I can't figure this one out, I have Tomcat and Apache talking to each other thru jk2 all fine and dandy except for this error on startup of Apache: [error] mod_jk child init 1 0 which in turn, I suspect, spawns these errors: [error] Error ajp_process_callback - write failed [error] ajp13.service() ajpGetReply recoverable error 3 [error] Error ajp_process_callback - write failed [error] ajp13.service() ajpGetReply recoverable error 3 [error] ajp13.service() Error forwarding ajp13:localhost:8009 1 0 [error] mod_jk.handler() Error connecting to tomcat 3 I have lost the battle...looking for any insight at all! TIA, Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat-ModJK2 -- [error] mod_jk child init 1 0
Another thing: Apache User/Group need write access to the mod_jk2 shm.file i think And check your jk2.properties config: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/configtcex.html#jk2.properties At 18:59 17.07.2003 +0200, you wrote: workaround for that: # Set mod_jk2 log level to emergency errors so logfiles don't get flooded (in workers2.properties): [logger] level=EMERG If you want try using a more recent mod_jk2 version (build from source - latest release: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/release/v1.1M1/src/tomcat-connectors-1.1M1-src.tar.gz ) and the updated coyote connector jar: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/coyote/release/v1.0-rc2/ (although they say on that site that you don't need to install coyote on Tomcat 4.1, that version is more recent than Tomcat 4.1.24) And set a shorter timeout in your JK2 CoyoteConnector (600 seconds or summat), so broken Sockets don't stay open too long At 21:08 16.07.2003 -0700, you wrote: Forgot to add this in the last email... I'm using Apache 2.0.46, Tomcat 4.1.24 and mod_jk2 version 2.0.2 configured with jni and pcre. Here is a snippet of catalina.out shortly after startup (it's in debug mode): StandardEngine[Tomcat-Apache-JK2]: setJvmRoute=localhost:8009 Starting service Tomcat-Apache Apache Tomcat/4.1.24 [INFO] ChannelSocket - -JK2: ajp13 listening on localhost.localdomain/127.0.0.1:8009 [INFO] JkMain - -Jk running ID=0 time=2/116 config=/usr/local/tomcat/conf/jk2.properties [INFO] ChannelSocket - -server has been restarted or reset this connection [INFO] ChannelSocket - -server has been restarted or reset this connection [INFO] ChannelSocket - -server has been restarted or reset this connection [INFO] ChannelSocket - -server has been restarted or reset this connection [INFO] ChannelSocket - -server has been restarted or reset this connection and on and on.. - Original Message - From: Simon Pabst [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 3:25 PM Subject: Re: Tomcat-ModJK2 -- [error] mod_jk child init 1 0 Post the JK2 configuration of your httpd.conf and workers2.properties and your AJP Connector configuration of tomcat/conf/server.xml and tomcat/conf/jk2.properties What Apache/mod_jk2/Tomcat version are you using? Is Tomcat running, are any errors in tomcat/logs/catalina.out? Did you build mod_jk2 with jni or any extra flags? At 16:26 16.07.2003 -0700, you wrote: Hi, I can't figure this one out, I have Tomcat and Apache talking to each other thru jk2 all fine and dandy except for this error on startup of Apache: [error] mod_jk child init 1 0 which in turn, I suspect, spawns these errors: [error] Error ajp_process_callback - write failed [error] ajp13.service() ajpGetReply recoverable error 3 [error] Error ajp_process_callback - write failed [error] ajp13.service() ajpGetReply recoverable error 3 [error] ajp13.service() Error forwarding ajp13:localhost:8009 1 0 [error] mod_jk.handler() Error connecting to tomcat 3 I have lost the battle...looking for any insight at all! TIA, Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod-jk and SSL certificates
that error_log message typically comes up if workers2.properties is not found or loaded put the following in global httpd.conf (not into a (SSL) VirtualHost): JkSet config.file /path/to/workers2.properties Also check that Apache hast permissions to read it, and that you don't have and IfModule directives before which don't work properly. At 18:11 17.07.2003 +0100, you wrote: Hi all, I have installed Apache and Tomcat together in various configurations - using modwebapp initially but now under mod-jk2. I can't get mod-jk to work because when I use it I get permission 403 errors from all the web application contexts and the following message appears twice in the error_log : '(2)No such file or directory: Error while opening the workers, jk will not work' If anyone can throw light on this I would appreciate it, I would investigate mod-jk further. This leads me on to the true reason for trying different configurations - I want to get the SSL client certificate from a servlet request object. I know that modwebapp does not support this so I have been trying to do it using mod-jk2. I understand I need a call like: X509Certificate jsseCerts[] = (X509Certificate []) request.getAttribute(javax.servlet.request.X509Certificate); but this just returns null. Interestingly the following call request.isSecure() returns 'true' and request.getScheme() returns 'https' Can anyone help? Is there a good howto or tutorial out there? Is it actually possible? Thanks in advance. Darren. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK2 performance tuning
seconds as far as i know, not entirely sure though, anyone else knows? At 13:27 17.07.2003 -0400, you wrote: Sorry, but ¿timeout is in seconds or in milliseconds ? Thanks Mauricio Nuñez El Jue 17 Jul 2003 12:22, Simon Pabst escribió: You can tune CoyoteConnector acceptCount and timeout values. acceptCount=10 should be fine, though you never know (test test test :-) timeout value (in seconds) shouldn't be set to 0 (infinite) or too high, else your socket count will go up much as time goes by (which not only consumes file descriptors but valuable JVM memory AFAIK), try reasonable values like 10 mins (600) (2 is suggested in jk2 doc). If timeout is too low you could get errors too (server not available), so test test test again. If you use mod_jk2 load balancing use multithreading Apache (worker mpm) At 20:25 17.07.2003 +0800, you wrote: I just got JK2 2.0.2 installed and working with Apache 2.0.47. Since my site will have high traffic and lots of concurrent connections, what parameters should I fine tune (other than the min/maxProcessor in server.xml) ? How does Apache manage its jk2 connections to Tomcat? Joseph Lam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK2 performance tuning
hm no, my brain keeps information only as long as he needs it, i.e. max. 1 hour ;-) thanks for the info though Norm. At 07:07 18.07.2003 +1000, you wrote: Simon It says milliseconds in the Tomcat docs (remember them?) for the connectors. Norm - Original Message - From: Simon Pabst [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 18, 2003 2:22 AM Subject: Re: JK2 performance tuning You can tune CoyoteConnector acceptCount and timeout values. acceptCount=10 should be fine, though you never know (test test test :-) timeout value (in seconds) shouldn't be set to 0 (infinite) or too high, else your socket count will go up much as time goes by (which not only consumes file descriptors but valuable JVM memory AFAIK), try reasonable values like 10 mins (600) (2 is suggested in jk2 doc). If timeout is too low you could get errors too (server not available), so test test test again. If you use mod_jk2 load balancing use multithreading Apache (worker mpm) At 20:25 17.07.2003 +0800, you wrote: I just got JK2 2.0.2 installed and working with Apache 2.0.47. Since my site will have high traffic and lots of concurrent connections, what parameters should I fine tune (other than the min/maxProcessor in server.xml) ? How does Apache manage its jk2 connections to Tomcat? Joseph Lam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: username password for admin manager
tomcat-users.xml hast to be defined in tomcat/conf/server.xml too, look at the default server.xml of Tomcat for how to do that, and here http://jakarta.apache.org/tomcat/tomcat-4.1-doc/manager-howto.html#Configuring%20Manager%20Application%20Access To set CATALINA_HOME for Tomcat on linux put this in your tomcat/bin/catalina.sh: export CATALINA_HOME=/path/to/tomcat To set it in your shell put that in $HOME/.bashrc (or whatever shell's startup file you're using) or even somewhere at /etc/profile to set it for all users. At 22:22 15.07.2003 -0700, you wrote: I'm sorry, i try this already, but still doesn't work. is there any other way? And how to configure (set catalina home) at linux? --- Reginald Oake [EMAIL PROTECTED] wrote: To set up a username and password for the manager account you need to go into $CATALINA_HOME/conf (or for Windows %CATALINA_HOME%\conf) and add the following line to your tomcat-users.xml file. user username= password= roles=manager/ Of course you should replace the with the username and password you want to use and this line goes between the tomcat-users start and end tags. Your tomcat-users.xml should look something like this when you are done. ?xml version='1.0' encoding='utf-8'? tomcat-users role rolename=tomcat/ role rolename=role1/ role rolename=manager/ user username=tomcat password=tomcat roles=tomcat/ user username= password= roles=manager/ user username=role1 password=tomcat roles=role1/ user username=both password=tomcat roles=tomcat,role1/ /tomcat-users After this, restart Tomcat and you should be able to access the management application. Hope this helps. Reg On Tue, 2003-07-15 at 20:23, Da Vinci wrote: i use tomcat 4.1.24. there is role admin or manager, and no user with role admin or manager in $CATALINA_HOME/conf/tomcat-users.xml. so how can i configure the tomcat administration and tomcat manager? how can i get the username and password admin manager? = __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: Tomcat 4.1.24 + Security Manager + weird Exceptions
We've got a similar issue, though this in on Linux and using channelUnix/JNI instead of normal tcp channelSocket. We're using Apache2/mod_jk2 (built from tomcat-connectors-1.1M1). On heavy load, there are over 3000 sockets open by one Tomcat/JVM, they don't seem to go down again too while Tomcat is running. (since File Descriptor limit on Solaris is lower normally (1024 or summat i think) this would cause us heavy problems there too) The Tomcats and Apache are restarted during the night to free up Memory, so socket count goes down then. However the application doesn't seem to be affected by this. In catalina.out there are many errors like this: org.apache.jk.common.ChannelUn receive SEVERE: receive error: 12 java.lang.Throwable at org.apache.jk.common.ChannelUn.receive(ChannelUn.java:230) at org.apache.jk.common.ChannelUn.processConnection(ChannelUn.java:282) at org.apache.jk.common.AprConnection.runIt(ChannelUn.java:350) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:631) at java.lang.Thread.run(Thread.java:536) org.apache.jk.common.JniHandler nativeDispatch SEVERE: nativeDispatch: error -3 java.lang.Throwable at org.apache.jk.common.JniHandler.nativeDispatch(JniHandler.java:312) at org.apache.jk.common.ChannelUn.send(ChannelUn.java:221) at org.apache.jk.common.ChannelUn.invoke(ChannelUn.java:306) at org.apache.jk.server.JkCoyoteHandler.doWrite(JkCoyoteHandler.java:249) at org.apache.coyote.Response.doWrite(Response.java:530) at org.apache.coyote.tomcat4.OutputBuffer.realWriteBytes(OutputBuffer.java:384) at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:439) at org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:359) at org.apache.coyote.tomcat4.OutputBuffer.writeBytes(OutputBuffer.java:411) at org.apache.coyote.tomcat4.OutputBuffer.write(OutputBuffer.java:398) at org.apache.coyote.tomcat4.CoyoteOutputStream.write(CoyoteOutputStream.java:110) at org.apache.catalina.servlets.DefaultServlet.copyRange(DefaultServlet.java:1996) at org.apache.catalina.servlets.DefaultServlet.copy(DefaultServlet.java:1745) at org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:1073) at org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:506) . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Tomcat load not distributed equally by Apache
Tomcat Users List [EMAIL PROTECTED] schrieb am 16.07.03 09:26:14: Simon Pabst wrote: We had the same problem, see this thread http://www.mail-archive.com/[EMAIL PROTECTED]/msg97638.html Unless mod_jk Developers fix this, the only possible solution seems to build and use Apache 2 with Multithreading support (i used the worker mpm, perchild should work too, see http://httpd.apache.org/docs-2.0/mpm.html ) then build mod_jk1/2 again with the new apxs. There is another option: http://cvs.apache.org/~fhanik/index.html Enable session clustering and then you don't have to worry about session affinity anymore. -Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] yore're right Dave, i should have written it was the only possible (and quickest) solution for us (without changing the application), because the Application Session Attributes don't implement java.io.Serializable which is needed for that Session clustering. -- Simon Pabst E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: I'm officially lost with mod_jk
Your JK Stuff in httpd.conf looks a bit wrong to me, and the error means that workers.properties is either not found or not loaded, try this: httpd.conf: #For Apache 1.x additional modules should be normally in apache/libexec dir, not in modules as in your config (unless you got Apache 2 now?) IfModule !mod_jk.c LoadModule jk_module /etc/httpd/modules/mod_jk.so #On recent Apache you don't need the following line, but on yours you do propably AddModule mod_jk.c /IfModule # Dont' think IfModule works with mod_jk.so like in your config, you need mod_jk.c there IfModule mod_jk.c JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /etc/httpd/logs/mod_jk.log JkLogLevel info ... /IfModule workers.properties: workers.java_home=/path/to/java ps=/ worker.list=ajp13 # Use localhost or IP-Address (if Tomcat is on remote machine) for the ajp13 connection host worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 Also check your httpd.conf with /path/to/httpd -t /path/to/httpd.conf (you need the binary httpd for this, not the directory) (does same as apachectl configtest) That ioctl error looks bad, if it still persists then, i would try to build Apache from source too, then mod_jk again Tomcat Users List [EMAIL PROTECTED] schrieb am 16.07.03 09:30:29: Gute Morgen Simon, I've compiled the mod_jk myself. it was easy. But I still have problems. I will so you what I have. In httpd.conf : LoadModule jk_module modules/mod_jk.so # MY OWN STUFF HERE IfModule mod_jk.so AddModule mod_jk.c JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /etc/httpd/logs/mod_jk.log JkLogLevelinfo JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T /IfModule In workers.properties : #Define 1 real worker using ajp13 worker.list=ajp13 #Set properties for worker1(ajp13) worker.ajp13.type=ajp13 worker.ajp13.host=www.connecties.com worker.ajp13.port=8009 In server.xml : on a line after Server portt=8005 .. Listener className=org.apache.ajp.tomcat4.config.ApacheConfig modJk=/etc/httpd/modules/mod_jk.so / on a line just after Host name=www.connecties.com . Listener className=org.apache.ajp.tomcat4.config.ApacheConfig append=true forwardAll=false modJk=/etc/httpd/modules/mod_jk.so / And the last part of my server.xml is : !-- Define an Apache-Connector Service -- !-- Service name=Tomcat-Apache Connector className=org.apache.catalina.connector.warp.WarpConnector port=8008 minProcessors=5 maxProcessors=75 enableLookups=true appBase=webapps acceptCount=10 debug=0/ Engine className=org.apache.catalina.connector.warp.WarpEngine name=Apache debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=apache_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.MemoryRealm / Host name=www.connecties.com Context path= docBase=/home/sites/home/web crossContext=true debug=0 reloadable=false trusted=false /Context /Host /Engine /Service The output of the apache error log is : [Wed Jul 16 09:16:27 2003] [error] (25)Inappropriate ioctl for device: Error while opening the workers, jk will not work [Wed Jul 16 09:16:28 2003] [error] (25)Inappropriate ioctl for device: Error while opening the workers, jk will not work [Wed Jul 16 09:16:29 2003] [notice] Apache/1.3.20 Sun Cobalt (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6b PHP/4.0.3pl1 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25 configured -- resuming no rmal operations [Wed Jul 16 09:16:29 2003] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) This will probably say enough (for some). It tells me that jk will not work. But I don't understand why. Anybody ? On Tuesday, July 15, 2003, at 11:29 PM, Simon Pabst wrote: Seems you're not the only one with that problem on Apache/mod_jk/Tomcat on a cobalt machine: http://www.zeffie.com/cobalt/developers/0208/162839.html Best is propably if you (or they if you don't have permissions to do that) compile mod_jk on that machine and don't use a downloaded binary. How to do that: http://list.cobalt.com/pipermail/cobalt-developers/2003-March/ 038938.html Good luck :-) At 21:03 15.07.2003 +0200, you wrote: HI, I have hired a sun microsystems cobalt machine. It comes pre configured with all kinds of internet software and a special edition of redhat. It is stripped on all sides to give maximum speed and maximum disk space. One of the settings is that you can't do anything with apache apart from restarting
Re: Re: I'm officially lost with mod_jk
If Apache says 404 not found, your JkMount config is wrong propably, What does your JkMount stuff look like? Are the JkMount directives in global httpd.conf or just in one VirtualHost? Any errors in mod_jk.log? Tomcat Users List [EMAIL PROTECTED] schrieb am 16.07.03 14:54:06: Aha, A typo on my side. changed IfModule mod_jk.so into IfModule mod_jk.c Now my error log file displays : [Wed Jul 16 14:43:40 2003] [notice] Apache/1.3.20 Sun Cobalt (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6b PHP/4.0.3pl1 mod_jk/1.2.2 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25 configured -- resuming normal operations This looks good. At least to me. Now I only can't access the requested pages. If I do www.connecties.com:8080/Friss/ I get the correct index.html page. If I do www.connecties.com/Friss/ I get a 404 doc. not found. this is what it says in the error logfile: [Wed Jul 16 14:44:02 2003] [error] [client 213.17.78.218] File does not exist: /home/sites/home/web/Friss/index.html that's right because it's not there. It is located in my webapps dir inside tomcat. Any idea's ? Kind regards Werner On Wednesday, July 16, 2003, at 02:26 PM, Simon Pabst wrote: Your JK Stuff in httpd.conf looks a bit wrong to me, and the error means that workers.properties is either not found or not loaded, try this: httpd.conf: #For Apache 1.x additional modules should be normally in apache/libexec dir, not in modules as in your config (unless you got Apache 2 now?) IfModule !mod_jk.c LoadModule jk_module /etc/httpd/modules/mod_jk.so #On recent Apache you don't need the following line, but on yours you do propably AddModule mod_jk.c /IfModule # Dont' think IfModule works with mod_jk.so like in your config, you need mod_jk.c there IfModule mod_jk.c JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /etc/httpd/logs/mod_jk.log JkLogLevel info ... /IfModule workers.properties: workers.java_home=/path/to/java ps=/ worker.list=ajp13 # Use localhost or IP-Address (if Tomcat is on remote machine) for the ajp13 connection host worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 Also check your httpd.conf with /path/to/httpd -t /path/to/httpd.conf (you need the binary httpd for this, not the directory) (does same as apachectl configtest) That ioctl error looks bad, if it still persists then, i would try to build Apache from source too, then mod_jk again Tomcat Users List [EMAIL PROTECTED] schrieb am 16.07.03 09:30:29: Gute Morgen Simon, I've compiled the mod_jk myself. it was easy. But I still have problems. I will so you what I have. In httpd.conf : LoadModule jk_module modules/mod_jk.so # MY OWN STUFF HERE IfModule mod_jk.so AddModule mod_jk.c JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /etc/httpd/logs/mod_jk.log JkLogLevelinfo JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T /IfModule In workers.properties : #Define 1 real worker using ajp13 worker.list=ajp13 #Set properties for worker1(ajp13) worker.ajp13.type=ajp13 worker.ajp13.host=www.connecties.com worker.ajp13.port=8009 In server.xml : on a line after Server portt=8005 .. Listener className=org.apache.ajp.tomcat4.config.ApacheConfig modJk=/etc/httpd/modules/mod_jk.so / on a line just after Host name=www.connecties.com . Listener className=org.apache.ajp.tomcat4.config.ApacheConfig append=true forwardAll=false modJk=/etc/httpd/modules/mod_jk.so / And the last part of my server.xml is : !-- Define an Apache-Connector Service -- !-- Service name=Tomcat-Apache Connector className=org.apache.catalina.connector.warp.WarpConnector port=8008 minProcessors=5 maxProcessors=75 enableLookups=true appBase=webapps acceptCount=10 debug=0/ Engine className=org.apache.catalina.connector.warp.WarpEngine name=Apache debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=apache_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.MemoryRealm / Host name=www.connecties.com Context path= docBase=/home/sites/home/web crossContext=true debug=0 reloadable=false trusted=false /Context /Host /Engine /Service The output of the apache error log is : [Wed Jul 16 09:16:27 2003] [error] (25)Inappropriate ioctl for device: Error while opening the workers, jk will not work [Wed Jul 16 09:16:28 2003] [error] (25)Inappropriate ioctl for device
Re: File replication (Tomcat cluster ?)
Normally there's no need for replicating your webapp, just put it somewhere outside the tomcat directories and point the application contexts in both tomcats to that directory (with absolute pathnames) At 17:13 16.07.2003 +0200, you wrote: Hello, I have two Tomcat Servers working in session cluster and I need to replicate the content of the Webapp directory. Is it possible ? and how to configure it ? ... Sorry for my poor english ___ Nicou - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL configuration for Apache HTTP server
Download and install latest version of openssl (normally in /usr/local/ssl or /usr/local/openssl): http://www.openssl.org/ Apache 1.x: download and install modssl: http://www.modssl.org/ edit SSL Stuff in apache/conf/httpd.conf to suit your needs Apache 2.x: build from source with: ./configure --enable-ssl --with-ssl=/path/to/openssl ... edit apache2/conf/ssl.conf to suit your needs At 18:15 16.07.2003 +0530, you wrote: hello, How to configure SSL in apache HTTP server. Apache and tomcat are integrated. please help thanks and regards Sushir - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: mod_jk round robin problem stateless session beans
np Norm :-) fixing this should be possible in mod_jk2 at least, think i'll post this at bugzilla.apache.org Checked the user distribution on our server today and its nearly even on all Tomcats :o) Thanks a lot to Bill for that hint with worker mpm. At 07:21 16.07.2003 +1000, you wrote: Good morning Simon. Thanks for the research. Norm - Original Message - From: Simon Pabst [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 3:58 AM Subject: Re: Re: mod_jk round robin problem stateless session beans I did a short test with Apache 2 worker mpm today and now mod_jk2 seems to distribute the sessions more evenly, will post more results tomorrow. So round robin code is broken with current mod_jk1/2 and prefork Apache (1.3.27 and default Apache 2 configuration) Unfortunately you can't use Apache 2 everywhere, i think it doesn't compile with worer mpm on solaris for example. To install Apache 2 with worker mpm you need to build it from source and use the following configure: ./configure --with-mpm=worker ... This should be fixed so Apache 1 users get a working round robin too. Although i don't know much about the mod_jk(2) code, I agree to Bill, this should be a relatively easy fix. In jk2 there's a shared memory file at least, should be enough to store the information about the last used worker if there's no other way. At 11:37 15.07.2003 +0200, you wrote: Thanks for you wisdom guys :-) I'll try and test if Apache 2 with worker mpm works better, although i still suspect the stateless session beans are part of the problem. Since like i said with sticky_session off or the SessionExample with sticky_session on the round robin seems to works fine. Besides the behaviour of sticky_session off should be theoretically similar as when any new user logs on to the server and hasn't established a session yet, right? The mod_jk lb_factor and lb_value also seem to do pretty nothing (on prefork Apache): - Tested low lb_factor on first Tomcat and increased lb_factor on following Tomcats, last Tomcats with higher lb_factor still got no requests - lb_value is almost always the same as lb_factor in JK2's jkstatus page when you access the application the lb_value changes to exactly twice as the lb_factor (on first Tomcat mostly) and then goes down to value of lb_factor again (before request: lb_factor 100, lb_value 100 after request: lb_factor 100, lb_value 200 a bit later: lb_factor 100, lb_value 100 again) How the Load Balanciung of mod_jk could be enhanced to be a real load balancing, not just round robin: Have some rules regarding the Status/Load of Tomcat/JVM, which you can put in any order you prefer (mod_backhand does sth. similar) (those will propably need jni or sth. else to work): - byJVMThreads - byJVMMemoryUsage - byJVMCPUUsage - byRoundRobin (and one which actually works ;-) etc. We considered alternative methods for load balancing too, but they all have some other downsides, so the best thing would still be if mod_jk round robin works as its supposed to be: - DNS Round Robin or Apache mod_rewrite Round Robin (similar sub-URLs for one app on same server - saves you from buying several SSL certificates) Problems: - Bookmarks - No real load balancing (ok mod_jk doesn't seem to have this either) - Requests go to down Tomcats also, no failover - Apache Loadbalancing with mod_backhand Nice approach of several Load Balancing decision rules (byCPU, byApacheChilds, byRandom etc.), which the user can put in any order he likes See http://www.backhand.org/mod_backhand/FAQ.shtml#question7 Problems: - HTTPS Apache in Front with mod_backhand using Proxy Connections to connect to Apache/Tomcats in back causes problems because of URL Redirects from Tomcat/Java - Requests go to down Tomcats also, no failover - Not sure if keeping Sessions works (backhand could use JSESSIONID for sticky sessions, have yet to test that) - Hardware Load Balancer (dind't investigate much on that) Problems: - IP based, read sth. that this ain't a particular good solution too mod_jk Tomcat Users List [EMAIL PROTECTED] schrieb am 15.07.03 07:45:11: This is a pretty good description of what goes on, and it results in the highly skewed distributions that you are seeing. I had thought that if you are using Apache-2 with the 'worker' MPM, that you should get a better distribution (but haven't tried it myself). With Apache-1.3.x or Apache-2 with the 'pre-fork' MPM this is as good as it gets at the moment (since the 'pre-forked' processes don't talk to each other). In theory, it should be a relatively easy fix in Jk2 to get 'pre-fork' working, but AFAIK, it hasn't been implemented yet. NormW [EMAIL PROTECTED] wrote in message news:[EMAIL
Re: RE: File replication (Tomcat cluster ?)
Oh, didn't realize you're on different servers, too much thinking in our own setup, sry ;-) Hmm NFS has its own file caches so you could do that, besides Tomcat caches stuff in its own local work directory and Ram. Or you just set up a script/cronjob to do an rsync or scp/rcp between the two local directories. Don't think Tomcat itself has anything which makes that possible (correct me if i'm wrong), maybe Tomcat 5 will. Tomcat Users List [EMAIL PROTECTED] schrieb am 16.07.03 18:39:51: So I should share the same directory for the Tomcat Servers, with nfs ? Is It a Good Solution for High Load environment ? -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoye : mercredi 16 juillet 2003 18:22 A : Tomcat Users List Objet : Re: File replication (Tomcat cluster ?) Normally there's no need for replicating your webapp, just put it somewhere outside the tomcat directories and point the application contexts in both tomcats to that directory (with absolute pathnames) At 17:13 16.07.2003 +0200, you wrote: Hello, I have two Tomcat Servers working in session cluster and I need to replicate the content of the Webapp directory. Is it possible ? and how to configure it ? ... Sorry for my poor english ___ Nicou - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Simon Pabst E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache 1.3.27, Tomcat 4.1 mod_jk, not working
What does your mod_jk configuration in httpd.conf look like? Any errors in mod_jk.log? Does the 404 error come from tomcat or apache? At 12:50 16.07.2003 -0700, you wrote: I build an apache 1.3.27 server and mod_jk as a DSO and it loads correctly and is recognized by the apache server. The mod_info module shows the module as being active and it lists my custom config. Here is my config: worker.list=worker1 worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8009 worker.worker1.lbfactor=50 worker.worker1.cachesize=10 worker.worker1.cache_timeout=600 worker.worker1.socket_keepalive=1 worker.worker1.socket_timeout=300 I am enabled the Coyote connector on my Tomcat server. Apache Tomcat/4.1.24 Jul 16, 2003 11:53:28 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 8080 Jul 16, 2003 11:53:28 AM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on /0.0.0.0:8009 Jul 16, 2003 11:53:28 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=1/174 config=/usr/local/tomcat/conf/jk2.properties Jul 16, 2003 11:53:59 AM org.apache.jk.common.ChannelSocket processConnection INFO: server has been restarted or reset this connection Jul 16, 2003 11:53:59 AM org.apache.jk.common.ChannelSocket processConnection INFO: server has been restarted or reset this connection Jul 16, 2003 11:56:43 AM org.apache.jk.common.ChannelSocket processConnection INFO: server has been restarted or reset this connection When I try to access a jsp page it gives me error 404. But the file is there and is readable by all. (0644) I am running tomcat 4.1.24 and using Sun's j2sdk 1.4.1 rev 03. I get nothing logged to either the apache logs or the tomcat logs when I make a request. Any ideas? Thxc, CC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Apache 1.3.27, Tomcat 4.1 mod_jk, not working
I think mod_jk works both with Coyote and old AJP13 connector (did for me at least). The tomcat http port on 8080 shouldn't cause any trouble, besides it helps with testing - if the JSP Page is accessible over 8080 then Apache/mod_jk is the problem. At 15:57 16.07.2003 -0400, you wrote: Try using the AJP13 connector in http.conf instead of the Coyote/AJP13 connector. Also, comment out tomcat-standalone. i.e. comment out where Coyote starts on port 80. Hope this helps. -Ruchi -Original Message- From: Bongrip [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 3:51 PM To: Tomcat Users List Subject: Apache 1.3.27, Tomcat 4.1 mod_jk, not working I build an apache 1.3.27 server and mod_jk as a DSO and it loads correctly and is recognized by the apache server. The mod_info module shows the module as being active and it lists my custom config. Here is my config: worker.list=worker1 worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8009 worker.worker1.lbfactor=50 worker.worker1.cachesize=10 worker.worker1.cache_timeout=600 worker.worker1.socket_keepalive=1 worker.worker1.socket_timeout=300 I am enabled the Coyote connector on my Tomcat server. Apache Tomcat/4.1.24 Jul 16, 2003 11:53:28 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 8080 Jul 16, 2003 11:53:28 AM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on /0.0.0.0:8009 Jul 16, 2003 11:53:28 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=1/174 config=/usr/local/tomcat/conf/jk2.properties Jul 16, 2003 11:53:59 AM org.apache.jk.common.ChannelSocket processConnection INFO: server has been restarted or reset this connection Jul 16, 2003 11:53:59 AM org.apache.jk.common.ChannelSocket processConnection INFO: server has been restarted or reset this connection Jul 16, 2003 11:56:43 AM org.apache.jk.common.ChannelSocket processConnection INFO: server has been restarted or reset this connection When I try to access a jsp page it gives me error 404. But the file is there and is readable by all. (0644) I am running tomcat 4.1.24 and using Sun's j2sdk 1.4.1 rev 03. I get nothing logged to either the apache logs or the tomcat logs when I make a request. Any ideas? Thxc, CC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache 1.3.27, Tomcat 4.1 mod_jk, not working
Since the 404 comes from Tomcat, Apache/mod_jk should be working. Can you call the jsp over Tomcat's HTTP Connector (port 8080)? like this http://localhost:8080/myapp/index.jsp instead of http://localhost/myapp/index.jsp Are there any errors in tomcat/logs/catalina.out or The 404 error comes from Tomcat. -Chuck - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: 2 Tomcats
Most important is to change the default shutdown/http/ajp connector ports in tomcat/conf/server.xml, else only one Tomcat will run. At 17:07 16.07.2003 -0400, you wrote: Howdy, It's easily possible: just install them to different locations, i.e. with a different CATALINA_HOME environment variable setting. Yoav Shapira Millennium ChemInformatics -Original Message- From: Jonathan Stoeck [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 5:05 PM To: '[EMAIL PROTECTED]' Subject: 2 Tomcats Hi, I got a request for two tomcat version to be installed on one server. The servers would be running IIS 5.0 and the request was for 2 different tomcat versions, say 4.0.4 and 4.1.* for example. Is there a tutorial somewhere on how to do this? Is it even possible? Does anyone out there have an experience with this? Thanks! Jon Stoeck This communication is intended for the use of the recipient to which it is addressed, and may contain confidential, personal and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communication received in error, or subsequent reply, should be deleted or destroyed. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache 1.3.27, Tomcat 4.1 mod_jk, not working
Think John meant the Jk Configuration entries of your httpd.conf, not your worers.properties - i also asked for that in a previous post. If you want help, answer the questions :-) At 14:35 16.07.2003 -0700, you wrote: John Turner wrote: This will go a lot faster if you please post your JK configuration. It could be as simple as you having the JkMount messed up, or it could be something else. John Yea, it was in the original post: worker.list=worker1 worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8009 worker.worker1.lbfactor=50 worker.worker1.cachesize=10 worker.worker1.cache_timeout=600 worker.worker1.socket_keepalive=1 worker.worker1.socket_timeout=300 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat-ModJK2 -- [error] mod_jk child init 1 0
Post the JK2 configuration of your httpd.conf and workers2.properties and your AJP Connector configuration of tomcat/conf/server.xml and tomcat/conf/jk2.properties What Apache/mod_jk2/Tomcat version are you using? Is Tomcat running, are any errors in tomcat/logs/catalina.out? Did you build mod_jk2 with jni or any extra flags? At 16:26 16.07.2003 -0700, you wrote: Hi, I can't figure this one out, I have Tomcat and Apache talking to each other thru jk2 all fine and dandy except for this error on startup of Apache: [error] mod_jk child init 1 0 which in turn, I suspect, spawns these errors: [error] Error ajp_process_callback - write failed [error] ajp13.service() ajpGetReply recoverable error 3 [error] Error ajp_process_callback - write failed [error] ajp13.service() ajpGetReply recoverable error 3 [error] ajp13.service() Error forwarding ajp13:localhost:8009 1 0 [error] mod_jk.handler() Error connecting to tomcat 3 I have lost the battle...looking for any insight at all! TIA, Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: mod_jk round robin problem stateless session beans
Thanks for you wisdom guys :-) I'll try and test if Apache 2 with worker mpm works better, although i still suspect the stateless session beans are part of the problem. Since like i said with sticky_session off or the SessionExample with sticky_session on the round robin seems to works fine. Besides the behaviour of sticky_session off should be theoretically similar as when any new user logs on to the server and hasn't established a session yet, right? The mod_jk lb_factor and lb_value also seem to do pretty nothing (on prefork Apache): - Tested low lb_factor on first Tomcat and increased lb_factor on following Tomcats, last Tomcats with higher lb_factor still got no requests - lb_value is almost always the same as lb_factor in JK2's jkstatus page when you access the application the lb_value changes to exactly twice as the lb_factor (on first Tomcat mostly) and then goes down to value of lb_factor again (before request: lb_factor 100, lb_value 100 after request: lb_factor 100, lb_value 200 a bit later: lb_factor 100, lb_value 100 again) How the Load Balanciung of mod_jk could be enhanced to be a real load balancing, not just round robin: Have some rules regarding the Status/Load of Tomcat/JVM, which you can put in any order you prefer (mod_backhand does sth. similar) (those will propably need jni or sth. else to work): - byJVMThreads - byJVMMemoryUsage - byJVMCPUUsage - byRoundRobin (and one which actually works ;-) etc. We considered alternative methods for load balancing too, but they all have some other downsides, so the best thing would still be if mod_jk round robin works as its supposed to be: - DNS Round Robin or Apache mod_rewrite Round Robin (similar sub-URLs for one app on same server - saves you from buying several SSL certificates) Problems: - Bookmarks - No real load balancing (ok mod_jk doesn't seem to have this either) - Requests go to down Tomcats also, no failover - Apache Loadbalancing with mod_backhand Nice approach of several Load Balancing decision rules (byCPU, byApacheChilds, byRandom etc.), which the user can put in any order he likes See http://www.backhand.org/mod_backhand/FAQ.shtml#question7 Problems: - HTTPS Apache in Front with mod_backhand using Proxy Connections to connect to Apache/Tomcats in back causes problems because of URL Redirects from Tomcat/Java - Requests go to down Tomcats also, no failover - Not sure if keeping Sessions works (backhand could use JSESSIONID for sticky sessions, have yet to test that) - Hardware Load Balancer (dind't investigate much on that) Problems: - IP based, read sth. that this ain't a particular good solution too mod_jk Tomcat Users List [EMAIL PROTECTED] schrieb am 15.07.03 07:45:11: This is a pretty good description of what goes on, and it results in the highly skewed distributions that you are seeing. I had thought that if you are using Apache-2 with the 'worker' MPM, that you should get a better distribution (but haven't tried it myself). With Apache-1.3.x or Apache-2 with the 'pre-fork' MPM this is as good as it gets at the moment (since the 'pre-forked' processes don't talk to each other). In theory, it should be a relatively easy fix in Jk2 to get 'pre-fork' working, but AFAIK, it hasn't been implemented yet. NormW [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Good morning Simon. 'RoundRobin' is less likely the more Tomcat's you add I suspect. The balanced worker program always searches for a new worker by starting pointers from 1 rather than the last successful worker used, (AFAICT), and if a worker is free for the task it makes for muddy water indeed if you bypass it in the hope of finding something better... You need to remember which one was used 'last', which is a 'state' not remembered if/once session ID's are used (which go to the worker that handled it the last time). If you think about 'balancing' it is 'mindgame' to decide how a 'load' might be distributed... based on session counts? based on request handling time? and what 'integration' period would you use? ... and then there are preferences based on load, server grunt, network traffic, background tasks... at the end of the day, the idea is to handle user requests, so if they're getting processed in a 'timely' manner perhaps you can put the 'unused' Tomcat's behind another Apache? ... or start a new thread here on how balancing might be better handled in different situations... Another 'possible' might be to add more balance workers and split your url's to these, in turn connected to more ajp13 workers using some of the Tomcat's currently sitting idle. Norm - Original Message - From: Simon Pabst [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 7:17 AM Subject: mod_jk round robin problem stateless session beans
Re: SSL and mod_jk not working
Where do you have JkMount for examples Context? In global httpd.conf or in a VirtualHost for Port 80? Try putting the JkMount into the SSL VirtualHost too (which is configured in apache2/conf/ssl.conf) At 16:09 15.07.2003 +0200, you wrote: Hi! I installed mod_jk and it is working for http, but not for https. In catalina.out I have: ... Starting service Tomcat-Standalone Apache Tomcat/4.1.24 15.07.2003 15:52:51 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 8080 15.07.2003 15:52:52 org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on /0.0.0.0:8009 15.07.2003 15:52:52 org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=1/171 config=/usr/local/tomcat/conf/jk2.properties in /usr/local/tomcat/conf/auto/mod_jk.conf I changed JkLogLevel to info and restarted apache and fetched http://localhost/examples/ but there is nothing in /usr/local/tomcat/logs/mod_jk.log Why is that? What am I missing? Thanks in advance Leander -- Leander Jedamus Presse- und Öffentlichkeitsarbeit FH Worms Erenburger Str. 19 67549 Worms +49 6241 509-172 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: mod_jk round robin problem stateless session beans
? based on request handling time? and what 'integration' period would you use? ... and then there are preferences based on load, server grunt, network traffic, background tasks... at the end of the day, the idea is to handle user requests, so if they're getting processed in a 'timely' manner perhaps you can put the 'unused' Tomcat's behind another Apache? ... or start a new thread here on how balancing might be better handled in different situations... Another 'possible' might be to add more balance workers and split your url's to these, in turn connected to more ajp13 workers using some of the Tomcat's currently sitting idle. Norm - Original Message - From: Simon Pabst [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 7:17 AM Subject: mod_jk round robin problem stateless session beans We have the following setup: One Apache with HTTPS/SSL with mod_jk (one load balancer, sticky sessions on) in front Eight Tomcats in back Round Robin doesn't work, but instead the Users are distributed on the Tomcats like this: Tomcat No.| User Count (approx. daily) T1 70 T2 30 T3 15 T4 6 T5 1 T6 0 T7 0 T8 0 This occurs both with Apache1.3.27/mod_jk1.2.x and Apache2.0.45/mod_jk2.x (mod_jk 1 and 2 built from source of jakarta-tomcat-connectors-4.1.24-src and later also of tomcat-connectors-1.1M1-src). Anyone ever experienced something similar or has any insight in this? According to the application developer the application is using stateless session beans. (Since i'm just a stupid server admin and no Java Programmer i don't really now what that is :-) I tested the Load Balancing with the Tomcat SessionExample and round robin seemed to work fine. If i switch of sticky session round robin also works fine, but not the application :-) Do stateless session beans even work with mod_jk's sticky session stuff? (in this discussion http://www.theserverside.com/discussion/thread.jsp?thread_id=409 somebody said: if the application stores the stateless session bean in the httpsession, the application risks having all of the workload to only one of the nodes in the cluster) If anyone knows how sticky sessions of mod_jk(2) work, please enlighten me :-) Is it IP based in any way, are Cookies involved or JSESSIONID or anything else? Could it be a problem that all Tomcats are on the same machine? (i tested this with pseudo network addresses 127.0.0.1-8 for each Tomcat too, but didn't help either) Could HTTPS cause any troubles for this? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Simon Pabst E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat load not distributed equally by Apache
We had the same problem, see this thread http://www.mail-archive.com/[EMAIL PROTECTED]/msg97638.html Unless mod_jk Developers fix this, the only possible solution seems to build and use Apache 2 with Multithreading support (i used the worker mpm, perchild should work too, see http://httpd.apache.org/docs-2.0/mpm.html ) then build mod_jk1/2 again with the new apxs. I used for my Apache2/mod_jk2/mod_ssl: httpd-2.0.47: ./configure --prefix=/path/to/apache2 --with-mpm=worker --enable-ssl --enable-so --enable-rewrite --enable-proxy tomcat-connectors-1.1M1-src: ./configure --with-apxs2=/path/to/apache2/bin/apxs [ --with-java-home=/path/to/java --with-jni ] At 13:09 15.07.2003 -0400, you wrote: All: We have Apache 2 load balancing two tomcat 4.1.x workers. There are two primary applications running under tomcat. One app has long session times - eg the user logs-in in the morning and doesn't end their session until evening. The other app has short sessions - a connection is made, some work is performed, and they get out in under 3 minutes. Mod_jk is providing the load balancing via weighted round-robin. Both workers are equally weighted. In theory, each worker should have the same load distribution. (Truly in theory, each worker gets an equivalent number of sessions. Right? Our apps have sessions with a disproportionate number of transactions per session.) We see worker1 averaging higher CPU usage. I can justify this behavior because of session affinity being enabled -- and the huge difference in transactions per session in the applications. Two questions. (1) Am I missing something or are our assumptions wrong? (2) How could we distribute load to the tomcat workers via tomcat CPU usage instead of round-robin? Is there is a different Apache module that can load balance via tomcat CPU usage? Any help, guidance, direction you can provide would be greatly appreciated. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IIS and Tomcat 4
If the Webserver offers a dynamic page for download, thats usually a sign for wrong configuration in the Webserver. Propably the ISAPI Filter is misconfigured. See http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/iishowto.html#Configuring%20the%20ISAPI%20Redirector and http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/iishowto.html#Troubleshooting At 15:37 15.07.2003 -0500, you wrote: Hi, I just installed Tomcat4 and IIS. I have set up IIS to redirect jsps to Tomcat with the isapi_redirect.dll and the arrow in the IIS property screen is up and green. When I accessed a jsp page in my localhost, I get a download confirmation screen instead of the page being served up. I can see the jsp ok in my localhost:8080. Could any one tell me what I am missing? Thanks very much. Baoha Bui * This communication may contain information that is proprietary, privileged, confidential or legally exempt from disclosure. If you are not a named addressee, you are notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so may be unlawful. If you have received this communication in error, please notify the sender via return e-mail and delete it from your computer. Thank you. St. Jude Medical, Inc. * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Site
A Tomcat site written in PHP, now if that ain't a good advertisement for Tomcat ;-) (i myself like PHP better anyway - ok ok before a flamewar starts: each of them has its own right to exist) At 13:50 15.07.2003 -0700, you wrote: Hi All. There is a site that has some info on Tomcat. They have some listings of programs and tools. Plus there is a support forum. Anyway, if you are looking for some Tomcat-related stuff or want to post a cool program, check them out. It's free to post. www.tomcatsolutions.com John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat/Apache and mod_jk2
mod_jk2 needs Apache APR libraries to work. These aren't included with Apache 1.x, only Apache 2.x - The easier thing to build mod_jk2 is to do it with Apache 2, - However you could also download and build the Apache APR libraries (http://www.apache.org/dist/apr/) and then build mod_jk2 with them for Apache 1.x. If you don't have any really strong reason for staying on Apache 1.x best thing is propably to go for Apache 2, unless you're desperately looking for trouble ;-) *me points at* http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/installhowto.html At 17:21 15.07.2003 -0400, you wrote: I'm trying to install the mod_jk2 connector under Apache 1.3.27 and Tomcat 4.1.18. When I place the mod_jk2.so in apache/modules and run the apachectl configtest I get the error message: Syntax error on line 224 of /coi/home/apache/conf/httpd.conf: Cannot load /coi/home/apache/modules/mod_jk2.so into server: ld.so.1: /coi/home/apache/bin/httpd: fatal: relocation error: file /coi/home/apache/modules/mod_jk2.so: symbol apr_pool_cleanup_null: referenced symbol not found Con anyone tell me why? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat+4.0.6 (unpackWARs not decompress)
you need to use autoDeploy, http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/host.html#Automatic%20Application%20Deployment At 21:52 15.07.2003 +0200, you wrote: Hello, I work with Apache + Tomcat 4.0.6 and I want deploy war file. The problem is that when I start Tomcat not decompress File.war and therefore Apache cannot respond static files (*.gif,*.jpg... static files) The option unpackWARs=true is not working??? As it is the problem? Why it does not decompress? Is possible to do this in Tomcat 4.0.x? I have not found any information about this.It is not left but remedy that to decompress by hand? This is part of the configuration in my server.xml: Host name=localhost debug=0 appBase=/opt/app1 unpackWARs=true Valve className=org.apache.catalina.valves.AccessLogValve prefix=access_log. suffix=.txt pattern=common/ Logger className=org.apache.catalina.logger.FileLogger prefix=tomcat_log. suffix=.txt timestamp=true/ Context path=/hs docBase=FILE.war debug=0 privileged=true Listener className=org.apache.ajp.tomcat4.config.ApacheConfig jkConfig=/var/opt/app1/conf/mod_jk.conf workersConfig=/var/opt/app1/conf/workers.properties modJk=/usr/local/lib/apache/mod_jk.so jkLog=/var/opt/app1/logs/mod_jk.log jkDebug=error jkWorker=ajp13 forwardAll=false noRoot=false append=true / Resource name=jdbc/HTT auth=Container type=javax.sql.DataSource / ResourceParams name=jdbc/HTT parameter namefactory/name valueorg.apache.commons.dbcp.BasicDataSourceFactory/value /parameter AND MORE PARAMETERS OF DATASOURCE AND CLOSED TAGS Thanks in advance. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Installing mod_ssl on Apache2+Tomcat+mod_jk setup...
This should go to Apache Mailing List propably. Apache 2 has its own mod_ssl included. You still need an installed OpenSSL to use mod_ssl, as how to configure: httpd-2.0.45 # ./configure --help|grep -i ssl --enable-sslSSL/TLS support (mod_ssl) --with-ssl=DIR SSL/TLS toolkit (OpenSSL) Tomcat Users List [EMAIL PROTECTED] schrieb am 14.07.03 09:56:52: Apache2.0.40 seems to ship with mod_ssl in the directory .../httpd-2.0.40/modules/ssl. But no mention of OpenSSL, although both ssl_util_ssl.c and ssl_util_ssl.h refer to OpenSSL. I ftp-ed openssl-0.9.76b.tar.gz , but they only tralk about Apache 1.3.24 as in : # configure with-apache=../apache_1.3.24 with-ssl=./open22l-0.9.6c etc Am I to understand there is no mod_ssl for Apache2+ ??? hr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Simon Pabst E-Mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: I'm officially lost with mod_jk
That looks like a trailing slash problem, you requested /Friss, but mounted only /Friss/ Either use the following JkMount additionally: JkMount /Friss worker1 Or use Apache's mod_rewrite to put a trailing slash to URL if it there is none. http://httpd.apache.org/docs/misc/rewriteguide.html Also make sure to have index.html in your Tomcat web.xml welcome file list. http://jakarta.apache.org/tomcat/faq/misc.html#welcome At 18:35 14.07.2003 +0200, you wrote: Hi all, Here is another user of mod_jk who's now officially lost. I have apache 1.3.x with tomcat 4.1.24 I installed mod_jk in httpd.conf I put : LoadModule jk_module modules/mod_jk.so . . . # MY OWN STUFF HERE IfModule mod_jk.so AddModule mod_jk.c JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /var/log/httpd/mod_jk.log JkLogLevelinfo JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T JkMount /Friss/* worker1 /IfModule In workers.properties I have : #Define 1 real worker using ajp13 worker.list=worker1 #Set properties for worker1(ajp13) worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8009 worker.worker1.lbfactor=50 worker.worker1.cahcesize=10 worker.worker1.cache_timeout=600 worker.worker1.socket_keepalive=1 worker.worker1.socket_timeout=300 In the webapps dir I created a dir called Friss wich contains a WEB_INF dir and a index.html file. When I restart tomcat and apache I want to request : www.connecties.com/Friss. I suspected to get the index.html file from the Friss webapp. Instead I got a 404 document not found. I think I'm missing something but I don't know what. Anybody out there had the same experience and want to share it with me? Kind regards Werner - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mod_jk round robin problem stateless session beans
We have the following setup: One Apache with HTTPS/SSL with mod_jk (one load balancer, sticky sessions on) in front Eight Tomcats in back Round Robin doesn't work, but instead the Users are distributed on the Tomcats like this: Tomcat No.| User Count (approx. daily) T1 70 T2 30 T3 15 T4 6 T5 1 T6 0 T7 0 T8 0 This occurs both with Apache1.3.27/mod_jk1.2.x and Apache2.0.45/mod_jk2.x (mod_jk 1 and 2 built from source of jakarta-tomcat-connectors-4.1.24-src and later also of tomcat-connectors-1.1M1-src). Anyone ever experienced something similar or has any insight in this? According to the application developer the application is using stateless session beans. (Since i'm just a stupid server admin and no Java Programmer i don't really now what that is :-) I tested the Load Balancing with the Tomcat SessionExample and round robin seemed to work fine. If i switch of sticky session round robin also works fine, but not the application :-) Do stateless session beans even work with mod_jk's sticky session stuff? (in this discussion http://www.theserverside.com/discussion/thread.jsp?thread_id=409 somebody said: if the application stores the stateless session bean in the httpsession, the application risks having all of the workload to only one of the nodes in the cluster) If anyone knows how sticky sessions of mod_jk(2) work, please enlighten me :-) Is it IP based in any way, are Cookies involved or JSESSIONID or anything else? Could it be a problem that all Tomcats are on the same machine? (i tested this with pseudo network addresses 127.0.0.1-8 for each Tomcat too, but didn't help either) Could HTTPS cause any troubles for this? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat service on Windows 2000 stopped unexpectedly
Your Java Virtual Machine(s) could be crashing. Search for HotSpot Virtual Machine Error in catalina.out and your application logs. We had a problem with crashing JVM's (JDK 1.4.1) on Tomcat 4.1.24 (on Linux) and using ConcurrentGC/ParNewGC. With ParallelGC the JVM works stable (although Garbage Collection performance is worse and leads to OutOfMemory from time to time, since the application needs a lot of temporary memory for PDF generations with FOP) Try using different Java Options and Collectors or JDK 1.4.1 See also http://java.sun.com/docs/hotspot/gc1.4.2/ http://wireless.java.sun.com/midp/articles/garbagecollection2/ At 17:23 14.07.2003 -0400, you wrote: Hi, All I'm running multiple Tomcat4.1.18/JSDK1.4.2 instances on Windows 2000 (SP3) as services. Unfortunately, those tomcat services randomly stopped unexpectedly. Windows event log didn't tell much detail, Tomcat log either. Does anyone have this kind of experience? How can I address it? Any information appreciated. Albert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie question on Tomcat security
Look here: http://jakarta.apache.org/tomcat/faq/misc.html#listing At 19:05 14.07.2003 -0500, you wrote: Thanks for the reply. Actually, I don't worry about people can do view source. I just don't like the fact that they can type in the folder and list the whole directory tree on the browser. They can open any file on the directory and potentially alter the code. Most web sites I've been to, if you type in the folder directory, you will get an access deny or something like that. I am wondering if I can set up something similar in Tomcat? By the way, I do have an index.jsp. Thanks. - Original Message - From: Reginald Oake [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, July 14, 2003 5:58 PM Subject: Re: Newbie question on Tomcat security Hi. I'm not certain about this but it seems to me that it would be next to impossible to keep the html source from being viewed by someone using any browser (this is not a server side issue). The source has to be uploaded to the browser and, once it is uploaded anyone can view source on the page. As far as keeping your directory structure at least a little bit more obscured you can do two things. You can never fully obscure the directory structure as the browser requires this information to load images, style sheets and links. The first is to put an index.jsp or index.html file in so that people cannot view your directory structure directly (there is probably a better way to do this). The second is to use servlet mappings. I'm not sure if this needs to be said but even though people can determine your directory structure with fairly little effort this does not, in itself, pose a security risk. Thanx Reg On Mon, 2003-07-14 at 15:49, substring wrote: Hello All, I just developed a JSP application called myapp, running on Tomcat 4.1.24. How can I keep people from accessing my files under tomcat/webapps/myapp? For example, people can do a simple view source and find the path to my css file, then they can type in the path on the browser to access my files. What kind of security that I should set up for that? I am pretty new to Tomcat so I need help. By the way, my OS is Windows 2000 Pro. Any help will be very much appreciated. __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [FAQ] : ( Re: Apache 2.0.43 + mod_jk2 + Tomcat 4.1.24 on LINUX RH8 : (
Use the following to avoid those warnings: [uri:localhost/*.jsp] group=ajp13:localhost:8009 mod_jk2 Version 2.0.0 isn't too recent either, try upgrading. At 09:33 13.07.2003 +0200, you wrote: That's not the issue!! 1.I add at httpd.conf :JkSet config.file /full/system/path/to/workers2.properties 2. I receive a message like the following : [notice] uriEnv.setAttribute() the worker directive is depriciated for EVERY Uri mapping ( like [uri:localhost/*.jsp] worker=ajp13:localhost:8009) so the workers2.properties file is read! bentzy. My workers2.properties: # only at beginnin. In production uncomment it out [logger.apache2] level=DEBUG [shm] file=/usr/local/apache2/logs/shm.file size=1048576 [uriMap:] debug=0 # Example socket channel, override port and host. [channel.socket:localhost:8009] debug=0 port=8009 host=127.0.0.1 # define the worker [ajp13:localhost:8009] channel=channel.socket:localhost:8009 # Uri mapping #[uri:127.0.0.1:/*.jsp] [uri:localhost/*.jsp] worker=ajp13:localhost:8009 #[uri:www.home.net/*.jsp] #worker=ajp13:localhost:8009 #[uri:www.customer1.it/*.jsp] #worker=ajp13:localhost:8009 #[uri:www.customer2.net/*.jsp] #worker=ajp13:localhost:8009 I receive a message like the following : [Thu Jul 10 16:41:08 2003] [notice] uriEnv.setAttribute() the worker directive is depriciated for every Uri mapping, so the workers2.properties file is read! -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 2:49 PM To: Tomcat Users List Subject: Re: [FAQ] Re: Apache 2.0.43 + mod_jk2 + Tomcat 4.1.24 on LINUX RH8 : ( Sounds good to me. John On Thu, 10 Jul 2003 23:10:03 -0400 (EDT), Eric J. Pinnell [EMAIL PROTECTED] wrote: I throw this against the wall and see what sticks... JK2 doesn't seem to be using my settings in my workers2.properties file such as creating the shm file or mapping the URIs listed to Tomcat, what's wrong? JK2 is not finding your workers2.properties file. Specify it's location in your httpd.conf file by adding: JkSet config.file /full/system/path/to/workers2.properties ? -e On Thu, 10 Jul 2003, Tim Funk wrote: OK - I read the thread. Can someone summarize this one into a question and answer? -Tim Tim Funk wrote: Duly noted (now I just have to read the what is below (and the rest of the thread) -Tim John Turner wrote: This should probably go in the FAQ under miscellaneous. John On Thu, 10 Jul 2003 11:29:48 -0400 (EDT), Eric J. Pinnell [EMAIL PROTECTED] wrote: Hi, I think we did this last week... with RH8. The solution was to put JkSet config.file /full/system/path/to/workers2.properties in the httpd.conf file. Many times JK2 doesn't see your properties file and takes some wierd kind of self initiated defaults. -e On Thu, 10 Jul 2003, Bentzy Sagiv wrote: My goal is to setup Apache 2.0.43 + mod_jk2 + Tomcat 4.1.24 on LINUX RH8 I'm following the HOWTO at http://jakarta.apache.org/tomcat/tomcat-4.1- doc/jk2/jk2/vhosthowto.html I download mod jk_2 from http://jakarta.apache.org/builds/jakarta-tomcat- connectors/jk2/release/v2.0. 1/bin/linux/i386/mod_jk2-2.0.43.so I add to the original httpd.conf file: ServerName 127.0.0.1:80 and LoadModule jk2_module modules/mod_jk2.so I copy the workers2.properties from the HOWTO as is(just changed ../apache/.. to ../apache2/.. ) I start Tomcat,it works and catalina.out looks OK. I start Apache,it works and error_log looks BAD: caught SIGTERM, shutting down :( [Thu Jul 10 16:41:02 2003] [notice] caught SIGTERM, shutting down [Thu Jul 10 16:41:08 2003] [notice] uriEnv.setAttribute() the worker directive is depriciated [Thu Jul 10 16:41:08 2003] [notice] uriEnv.setAttribute() the worker directive is depriciated [Thu Jul 10 16:41:08 2003] [notice] uriEnv.setAttribute() the worker directive is depriciated [Thu Jul 10 16:41:08 2003] [notice] uriEnv.setAttribute() the worker directive is depriciated [Thu Jul 10 16:41:08 2003] [notice] Apache/2.0.43 (Unix) mod_jk2/2.0.0 configured -- resuming normal operations [Thu Jul 10 16:41:08 2003] [notice] workerEnv.init() ok /usr/local/apache2/conf/workers2.properties [Thu Jul 10 16:41:08 2003] [notice] mod_jk child init 1 -1 [Thu Jul 10 16:41:08 2003] [notice] workerEnv.init() ok /usr/local/apache2/conf/workers2.properties [Thu Jul 10 16:41:08 2003] [notice] mod_jk child init 1 -1 [Thu Jul 10 16:41:08 2003] [notice] workerEnv.init() ok /usr/local/apache2/conf/workers2.properties [Thu Jul 10 16:41:08 2003] [notice] mod_jk child init 1 -1 [Thu Jul 10 16:41:08 2003] [notice] workerEnv.init() ok /usr/local/apache2/conf/workers2.properties [Thu Jul 10 16:41:08 2003] [notice] mod_jk child init 1 -1 [Thu Jul 10 16:41:08 2003] [notice] workerEnv.init() ok /usr/local/apache2/conf/workers2.properties [Thu Jul 10 16:41:08 2003]
Re: INFO: APR not loaded, undefined symbol: apr_md5_final
(posted this 2 days ago already)
Thats a compile problem when you compile mod_jk2 --with-jni and recent
Apache 2 versions,
follow http://nagoya.apache.org/wiki/apachewiki.cgi?TomcatFAQ/ModJK2OnRedHat
then everything should work fine.
(you only need jni if you want to use fast unix sockets or Tomcat inprocess
with Apache)
The important thing to do is to edit jk/native2/server/apache2/Makefile
after you did configure and modify JK_LDFLAGS so the proper libraries are
linked:
JK_LDFLAGS=-L${APACHE2_LIBDIR} -lcrypt -lapr-0 -laprutil-0 -lgdbm -lexpat
-ldb @PCRE_LIBS@
At 22:42 12.07.2003 -0700, you wrote:
Does anyone have any insight on this, when starting tomcat I get:
Apache Tomcat/4.1.24
Jun 6, 2003 9:50:00 AM org.apache.jk.server.JkMain start
INFO: APR not loaded, disabling jni components: java.io.IOException:
/usr/lib/apache2/jkjni.so: /usr/lib/apache2/jkjni.so: undefined symbol:
apr_md5_final
is this a bug? I have searched around the user list and found this link
http://www.mail-archive.com/[EMAIL PROTECTED]/msg92114.html
but still it persists. Is this a bug?
Thanks alot.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: precompiling jsps
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jasper-howto.html#Web%20Application%20Compilation (didn't work for me though, had some CLASSPATH problems which i didn't investigate further yet) At 12:31 13.07.2003 +0800, you wrote: Hi, How do you precompile jsps for tomcat? Is it possible to package compiled jsps in a jar file to be included in the WEB-INF dir of another war file? If this is documented somewhere, I'd appreciate a shove in the right direction. thanks Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK2
Change Apache User and Group in httpd.conf to same as Tomcat User. Make a script in /etc/init.d for tomcat which starts up tomcat with cd /path/to/tomcat su - tomcatuser -c bin/startup.sh (su needs root privileges to run without password) set the following in workers2.properties to avoid log messages: # Global logfile level set to emergency errors [logger] level=EMERG At 16:53 12.07.2003 +, you wrote: well finally i made it the problem was i had to use --with-pcre at compile time now everyworks over the socket except that i have to chmod 666 to jk.socket because apache can't access the file (starting as nobody). how can i start tomcat as another user ? and on every request following log message is written into catalina.out [Sat Jul 12 16:41:01 2003] ( info ) [jk_jni_aprImpl.c (472)] jkInvoke() invoke 4d2757f0 and at the start following happens [Sat Jul 12 16:40:06 2003] ( info ) [jk_uriEnv.c (245)] uriEnv.setAttribute() the worker directive is deprecated. Use 'group' instead. HOW does the group directive work ? i guess this results following error in apache error_log [Sat Jul 12 16:40:25 2003] [error] uriEnv.init() map to invalid worker /examples ajp13:localhost:8009 thx4help - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache 2.0.46 + Tomcat 4.1.24 -- ${serverRoot}?
serverRoot is the Apache Home Directory (or maybe IIS on windows?)
Not sure about setting this on windows,
on unix i put the following in tomcat/bin/catalina.sh:
export serverRoot=/path/to/apache
on Windows in bin/catalina.bat it should be sth. like
set serverRoot=C:\Program Files\Apache Group\Apache
At 18:36 10.07.2003 -0400, you wrote:
Hi Folks,
I am getting this strange message (***) when I start up Tomcat:
[INFO] Registry - -Loading registry information
[INFO] Registry - -Creating new Registry instance
[INFO] Registry - -Creating MBeanServer
[INFO] Http11Protocol - -Initializing Coyote HTTP/1.1 on port 8080
Starting service Tomcat-Standalone
Apache Tomcat/4.1.24
[INFO] Http11Protocol - -Starting Coyote HTTP/1.1 on port 8080
*** [Thu Jul 10 18:23:49 2003] (error ) [jk_config_file.c (279)]
config.update(): Can't find config file
${serverRoot}/conf/workers2.properties
*** [Thu Jul 10 18:23:49 2003] ( info ) [jk_config.c (251)]
config.setAttribute() Error setting config: file
${serverRoot}/conf/workers2.properties
[Thu Jul 10 18:23:49 2003] ( info ) [jk_logger_file.c (184)] Initializing
log file stderr
[Thu Jul 10 18:23:49 2003] (error ) [jk_shm.c (333)] shm.init(): No file
[Thu Jul 10 18:23:49 2003] ( info ) [jk_workerenv.c (403)] workerEnv.init()
ok ${serverRoot}/conf/workers2.properties
[INFO] AprImpl - -JK2: Initialized apr
[INFO] ChannelSocket - -JK2: ajp13 listening on 0.0.0.0/0.0.0.0:8009
[INFO] JkMain - -Jk running ID=0 time=0/261
config=C:\Tomcat\bin\..\conf\jk2.properties
How do you set the ${serverRoot}??
Thanks
Jay
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Apache 2.0.46 + Tomcat 4.1.24 -- ${serverRoot}?
If your workers2.properties is in Tomcat\conf then yes,
though normally it is in apache\conf
A better solution for this is to set the path to workers2.properties in
httpd.conf (as pointed out in an earlier discussion):
JkSet config.file /full/system/path/to/workers2.properties
At 10:47 11.07.2003 -0400, you wrote:
Thank you very much. It was actually the root of the Tomcat and not Apache.
Regards
Jay
-Original Message-
From: Simon Pabst [mailto:[EMAIL PROTECTED]
Sent: Friday, July 11, 2003 3:14 AM
To: Tomcat Users List
Subject: Re: Apache 2.0.46 + Tomcat 4.1.24 -- ${serverRoot}?
serverRoot is the Apache Home Directory (or maybe IIS on windows?)
Not sure about setting this on windows,
on unix i put the following in tomcat/bin/catalina.sh:
export serverRoot=/path/to/apache
on Windows in bin/catalina.bat it should be sth. like
set serverRoot=C:\Program Files\Apache Group\Apache
At 18:36 10.07.2003 -0400, you wrote:
Hi Folks,
I am getting this strange message (***) when I start up Tomcat:
[INFO] Registry - -Loading registry information
[INFO] Registry - -Creating new Registry instance
[INFO] Registry - -Creating MBeanServer
[INFO] Http11Protocol - -Initializing Coyote HTTP/1.1 on port 8080
Starting service Tomcat-Standalone
Apache Tomcat/4.1.24
[INFO] Http11Protocol - -Starting Coyote HTTP/1.1 on port 8080
*** [Thu Jul 10 18:23:49 2003] (error ) [jk_config_file.c (279)]
config.update(): Can't find config file
${serverRoot}/conf/workers2.properties
*** [Thu Jul 10 18:23:49 2003] ( info ) [jk_config.c (251)]
config.setAttribute() Error setting config: file
${serverRoot}/conf/workers2.properties
[Thu Jul 10 18:23:49 2003] ( info ) [jk_logger_file.c (184)] Initializing
log file stderr
[Thu Jul 10 18:23:49 2003] (error ) [jk_shm.c (333)] shm.init(): No file
[Thu Jul 10 18:23:49 2003] ( info ) [jk_workerenv.c (403)]
workerEnv.init()
ok ${serverRoot}/conf/workers2.properties
[INFO] AprImpl - -JK2: Initialized apr
[INFO] ChannelSocket - -JK2: ajp13 listening on 0.0.0.0/0.0.0.0:8009
[INFO] JkMain - -Jk running ID=0 time=0/261
config=C:\Tomcat\bin\..\conf\jk2.properties
How do you set the ${serverRoot}??
Thanks
Jay
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK2
Answer to your last question:
Thats a compile problem when you compile mod_jk2 --with-jni,
follow http://nagoya.apache.org/wiki/apachewiki.cgi?TomcatFAQ/ModJK2OnRedHat
then everything should work fine.
(you only need jni if you want to use fast unix sockets or Tomcat inprocess
with Apache)
The important thing to do is to edit jk/native2/server/apache2/Makefile
after you did configure and modify JK_LDFLAGS so the proper libraries are
linked:
JK_LDFLAGS=-L${APACHE2_LIBDIR} -lcrypt -lapr-0 -laprutil-0 -lgdbm -lexpat
-ldb @PCRE_LIBS@
At 16:35 11.07.2003 +, you wrote:
Hi
i've got tomcat 4.1.24 and apache 2.0.47 utilizing JK2 and currently
connected over normal sockets.
there are other methods like APR sockets, UNIX sockets and over JNI channel.
how do they in short work and which one is solution for a server (linux)
where apache and tomcat run on both servers, and which would be the best
one if they'd run on different ?
and last question do they work at all since
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19917
regards, nicolas
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: TOMCAT cluster ... request info
I'd try a more recent version of the session replication stuff, which will be used in tomcat 5 also (think it uses a similar codebase like that javagroups stuff): http://cvs.apache.org/~fhanik/index.html However there's an obstacle (true for that older version too) Make sure all your session attributes implement java.io.Serializable else Session replication (and your webapp) won't work At 17:00 11.07.2003 +0200, you wrote: Hi all, we need to replicate HTTP session between TOMCAT istance/cluster on Win2000 (and in the next-time on Tru64 5.1B). We have TOMCAT v.4.0.6 (but we can change it). We have done some test with procedure suggest on TheServerSide.COM site - http://www.theserverside.com/resources/article.jsp?l=Tomcatbut, but we have some problems when try to use TOMCAT session example : --- type Exception report message Internal Server Error description The server encountered an internal error (Internal Server Error) that prevented it from fulfilling this request. exception java.lang.NullPointerException at org.apache.catalina.session.InMemoryReplicationManager.createSession(InMemor yReplicationManager.java:212) at org.apache.catalina.session.InMemoryReplicationManager.createSession(InMemor yReplicationManager.java:242) at org.apache.catalina.connector.HttpRequestBase.doGetSession(HttpRequestBase.j ava:1134) - Do you have a suggestion about this ? What's tomcat's module to use ? any servlets examples ? What's the better TOMCAT version ? Thanks in advance. Best Regards Tony - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need help with performance issue - Tomcat 4.1.X
Could be a Memory Leak/Garbage Collection issue (we had a similar problem with a memory intensive app), maybe your heap is too small and java is running many Full GC's. Start java with -verbose:gc and look in tomcat/logs/catalina.out for Garbage Collections. (set Environment Variables JAVA_OPTS or CATALINA_OPTS in bin/catalina.sh to do this in Tomcat) Try using a bigger Heapsize (though if you've got a Memory Leak that will only delay your problem) or set initial Heapsize to same as maximum, for example 128MB: -Xmx128m -Xms128m Modify the Connector you are using to access Tomcat (in tomcat/conf/server.xml) and try using more Tomcat Processors (maxProcessors=XX) or a bigger accept queue length (acceptCount=XX) (test value for acceptCount: at least concurrent users x 3) Try using another method of garbage collection, if you're using JDK 1.4.1 i'd try either ConcurrentGC with ParNewGC (ParNewGC on Multi-CPU machines): -XX:+UseConcMarkSweepGC -XX:+UseParNewGC or ParallelGC with AdaptiveSizePolicy (saves you the work of Java Heap usage analyzing :-) : -XX:UseParallelGC -XX:+UseAdaptiveSizePolicy A good article on GC can be found here: http://wireless.java.sun.com/midp/articles/garbagecollection2/ At 18:04 11.07.2003 +, you wrote: With Tomcat 4.1.x We've recently run into an issue where some of our pages either a) take a really long time to come up (20+ seconds) or b) come up, but never really finish loading (the status bar in IE shows the the response hasn't finished). These are very simple pages (for example, a login page) and our server load is minimal (maybe 10 concurrent users). Then, mysteriously, the problem will go away by itself. It will also return. Given the information above, I'm not expecting any solutions, but I could use some help steering me in the right direction with things to check. We're hooking up monitoring on the systems (Linux) to examine memory and CPU utilization during the slowdowns. Any things in particular we should be examining to try to find the problem? Any idea why the pages would never fully return from the server? TIA -- Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat listing directories instead of Apache
Is the Directory Index displayed by Apache or Tomcat? At 14:16 11.07.2003 -0400, you wrote: I guess I don't understand what it is you want, then. AFAIK, putting index.jsp (or any JSP) in Apache's DirectoryIndex does nothing...Apache will never treat it as an index file. Unless JK2 handles this differently than JK. John On Fri, 11 Jul 2003 13:12:00 -0700, Rick [EMAIL PROTECTED] wrote: John I am not running standalone. - Original Message - From: John Turner [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, July 11, 2003 9:57 AM Subject: Re: Tomcat listing directories instead of Apache http://jakarta.apache.org/tomcat/faq/misc.html#welcome John On Fri, 11 Jul 2003 12:55:42 -0700, Rick [EMAIL PROTECTED] wrote: Hi I have Apache2.0.46 set up with Tomcat4.1.24 through mod_jk2. My = httpd.conf has: Options Indexes FollowSymLinks DirectoryIndex index.html index.jsp Location /*.jsp JkUriSet group ajp13:localhost:8009=20 /Location If I go to a directory with no index.html or index.jsp Tomcat displays = the directory instead of Apache. If I take out the index.jsp in DirectoryIndex index.html index.jsp Apache lists the directory but then directories containing index.jsp get = displayed as well because the index.jsp has been removed. Any ideas? Thanks -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need help with performance issue - Tomcat 4.1.X
If your application is running on same Tomcat/JVM then blocking GC calls could still lead to that effect for hello.jsp too. Are you using Apache/mod_jk/Tomcat or Tomcat standalone? HTTPS Connections? Does the Problem occur only with IE or with other Browsers (Mozilla) too? I read once something about a problem of IE closing http connections too fast when it thinks the page transfer is finished. At 20:08 11.07.2003 +, you wrote: We are currently starting up with -Xmx256M. Java is currently using about 327MB and has been that way for hours. I haven't really seen any fluxuations at all, which leans me away from the garbage collection issue. I created a hello.jsp, which is completely separate from our application. Same results. It takes about 30 seconds to return. In the hello.jsp, the results of the page return instantly to the browser, but then it's as if tomcat just won't close the connection to the browser. The page is there, fully rendered, but just sits there waiting for the server to tell it it is done. Is there some way that the tomcat connections could be failing to terminate properly? Our current maxProcessors = 75 acceptCount = 10 (which is probably low but right now we have only a couple users on the system). We're not using 1.4 so those options are out. -- Dave Could be a Memory Leak/Garbage Collection issue (we had a similar problem with a memory intensive app), maybe your heap is too small and java is running many Full GC's. Start java with -verbose:gc and look in tomcat/logs/catalina.out for Garbage Collections. (set Environment Variables JAVA_OPTS or CATALINA_OPTS in bin/catalina.sh to do this in Tomcat) Try using a bigger Heapsize (though if you've got a Memory Leak that will only delay your problem) or set initial Heapsize to same as maximum, for example 128MB: -Xmx128m -Xms128m Modify the Connector you are using to access Tomcat (in tomcat/conf/server.xml) and try using more Tomcat Processors (maxProcessors=XX) or a bigger accept queue length (acceptCount=XX) (test value for acceptCount: at least concurrent users x 3) Try using another method of garbage collection, if you're using JDK 1.4.1 i'd try either ConcurrentGC with ParNewGC (ParNewGC on Multi-CPU machines): -XX:+UseConcMarkSweepGC -XX:+UseParNewGC or ParallelGC with AdaptiveSizePolicy (saves you the work of Java Heap usage analyzing :-) : -XX:UseParallelGC -XX:+UseAdaptiveSizePolicy A good article on GC can be found here: http://wireless.java.sun.com/midp/articles/garbagecollection2/ At 18:04 11.07.2003 +, you wrote: With Tomcat 4.1.x We've recently run into an issue where some of our pages either a) take a really long time to come up (20+ seconds) or b) come up, but never really finish loading (the status bar in IE shows the the response hasn't finished). These are very simple pages (for example, a login page) and our server load is minimal (maybe 10 concurrent users). Then, mysteriously, the problem will go away by itself. It will also return. Given the information above, I'm not expecting any solutions, but I could use some help steering me in the right direction with things to check. We're hooking up monitoring on the systems (Linux) to examine memory and CPU utilization during the slowdowns. Any things in particular we should be examining to try to find the problem? Any idea why the pages would never fully return from the server? TIA -- Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need help with performance issue - Tomcat 4.1.X
Tomcat 4.1 processes need some extra memory besides the heap i believe, so the total process memory will always be bigger than the maximum specified heap (unless this isn't a bug or a misunderstanding of me of course :-) Our Tomcat 4.1.24 on Redhat Linux with 1GB heapsize consumes about 1,25GB Memory at its maximum. At 16:13 11.07.2003 -0400, you wrote: I'm certainly no guru, but if you are setting a max of 256 and then your app is soaking up 327 with no load whatsoever, I'd say you have a problem. Have you tried a max of 512? John On Fri, 11 Jul 2003 20:08:10 +, [EMAIL PROTECTED] wrote: We are currently starting up with -Xmx256M. Java is currently using about 327MB and has been that way for hours. I haven't really seen any fluxuations at all, which leans me away from the garbage collection issue. I created a hello.jsp, which is completely separate from our application. Same results. It takes about 30 seconds to return. In the hello.jsp, the results of the page return instantly to the browser, but then it's as if tomcat just won't close the connection to the browser. The page is there, fully rendered, but just sits there waiting for the server to tell it it is done. Is there some way that the tomcat connections could be failing to terminate properly? Our current maxProcessors = 75 acceptCount = 10 (which is probably low but right now we have only a couple users on the system). We're not using 1.4 so those options are out. -- Dave Could be a Memory Leak/Garbage Collection issue (we had a similar problem with a memory intensive app), maybe your heap is too small and java is running many Full GC's. Start java with -verbose:gc and look in tomcat/logs/catalina.out for Garbage Collections. (set Environment Variables JAVA_OPTS or CATALINA_OPTS in bin/catalina.sh to do this in Tomcat) Try using a bigger Heapsize (though if you've got a Memory Leak that will only delay your problem) or set initial Heapsize to same as maximum, for example 128MB: -Xmx128m -Xms128m Modify the Connector you are using to access Tomcat (in tomcat/conf/server.xml) and try using more Tomcat Processors (maxProcessors=XX) or a bigger accept queue length (acceptCount=XX) (test value for acceptCount: at least concurrent users x 3) Try using another method of garbage collection, if you're using JDK 1.4.1 i'd try either ConcurrentGC with ParNewGC (ParNewGC on Multi-CPU machines): -XX:+UseConcMarkSweepGC -XX:+UseParNewGC or ParallelGC with AdaptiveSizePolicy (saves you the work of Java Heap usage analyzing :-) : -XX:UseParallelGC -XX:+UseAdaptiveSizePolicy A good article on GC can be found here: http://wireless.java.sun.com/midp/articles/garbagecollection2/ At 18:04 11.07.2003 +, you wrote: With Tomcat 4.1.x We've recently run into an issue where some of our pages either a) take a really long time to come up (20+ seconds) or b) come up, but never really finish loading (the status bar in IE shows the the response hasn't finished). These are very simple pages (for example, a login page) and our server load is minimal (maybe 10 concurrent users). Then, mysteriously, the problem will go away by itself. It will also return. Given the information above, I'm not expecting any solutions, but I could use some help steering me in the right direction with things to check. We're hooking up monitoring on the systems (Linux) to examine memory and CPU utilization during the slowdowns. Any things in particular we should be examining to try to find the problem? Any idea why the pages would never fully return from the server? TIA -- Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Please help with unusual configuration
One Apache listening on Port 80 and 443 is a standard setup for HTTPS, i don't see any reason for a second Apache when your firewall blocks access to Port 80 from outside. Only reason for this would be if you're concerned about SSL Performance with heavy traffic and want a separate machine for it. If you're using only one Tomcat behind the Apaches just use the same ajp connector port, there's no need for setting up two connectors in Tomcat. (I have setups with two Apache's at front, one for production and one for mod_jk(2) testing, both accessing the same Tomcat on one ajp port, no problem there) Tomcat Ports should be blocked too from outside access too (at best for any other than localhost, though you'd need a firewall on your Tomcat Servers too then). At 13:30 11.07.2003 -0700, you wrote: Connector fans, I'm currently running Apache 2.x and Tomcat 4.24 (no ssl) on Windows 2000 on a Government intranet web server. This will be placed on the public internet and use full-time ssl for connections outside the firewall. Only port 443 will be available from outside the firewall. Inside the firewall, users can communicate without ssl. The system uses mod_perl scripts, Java servlets and six static pages. I'm trying to evaluate if it is better to use one Apache that listens on two ports or use two Apaches with two config files. I'd like to avoid having to maintain two sets of directories on the server, if possible, but I haven't used Windows 2000's symbolic links (junctions) before. Because of the limited info on junctions, I'm leery of using them. In my code, I'm already setup to handle multiple server names and ports, but having to use different directory names or cgi file names might be a problem. I figure I need to run Apache twice with separate config files that alias the same directories. I also figure I need to convert the static pages to jsp files so I can put the correct port and protocol on links at run time. On the Tomcat side I'll need two connectors to communicate with the two mod_jk that will be running. I'd also need two entries in the workers.properties file to mate them up. I don't think I should need to use ssl for Apache to talk to Tomcat but I'm not sure. Am I on the right track, or am I going to get sharing violations and other problems? Below is a summary of what I think I need: Tomcat direct port 8080. Apache 1 port 80 Tomcat connector port 8009 Apache 2 port 443 Tomcat connector port 8010 Thanks for any inputs you can give me. Chuck - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need help with performance issue - Tomcat 4.1.X
-verbose:gc may affect performance a bit (cpu/disk), but since your system doesn't run so well anyway, oh well :-) Using a higher acceptCount doesn't hurt much (needs maybe 1k memory for each queue place i think) On earlier Java Versions there is a switch to turn on incremental Garbage Collection (off by default), -Xincgc (may decrease performance) which is kind of similar to Concurrent GC i think, so worth a try if nothing else helps At 20:08 11.07.2003 +, you wrote: We are currently starting up with -Xmx256M. Java is currently using about 327MB and has been that way for hours. I haven't really seen any fluxuations at all, which leans me away from the garbage collection issue. I created a hello.jsp, which is completely separate from our application. Same results. It takes about 30 seconds to return. In the hello.jsp, the results of the page return instantly to the browser, but then it's as if tomcat just won't close the connection to the browser. The page is there, fully rendered, but just sits there waiting for the server to tell it it is done. Is there some way that the tomcat connections could be failing to terminate properly? Our current maxProcessors = 75 acceptCount = 10 (which is probably low but right now we have only a couple users on the system). We're not using 1.4 so those options are out. -- Dave Could be a Memory Leak/Garbage Collection issue (we had a similar problem with a memory intensive app), maybe your heap is too small and java is running many Full GC's. Start java with -verbose:gc and look in tomcat/logs/catalina.out for Garbage Collections. (set Environment Variables JAVA_OPTS or CATALINA_OPTS in bin/catalina.sh to do this in Tomcat) Try using a bigger Heapsize (though if you've got a Memory Leak that will only delay your problem) or set initial Heapsize to same as maximum, for example 128MB: -Xmx128m -Xms128m Modify the Connector you are using to access Tomcat (in tomcat/conf/server.xml) and try using more Tomcat Processors (maxProcessors=XX) or a bigger accept queue length (acceptCount=XX) (test value for acceptCount: at least concurrent users x 3) Try using another method of garbage collection, if you're using JDK 1.4.1 i'd try either ConcurrentGC with ParNewGC (ParNewGC on Multi-CPU machines): -XX:+UseConcMarkSweepGC -XX:+UseParNewGC or ParallelGC with AdaptiveSizePolicy (saves you the work of Java Heap usage analyzing :-) : -XX:UseParallelGC -XX:+UseAdaptiveSizePolicy A good article on GC can be found here: http://wireless.java.sun.com/midp/articles/garbagecollection2/ At 18:04 11.07.2003 +, you wrote: With Tomcat 4.1.x We've recently run into an issue where some of our pages either a) take a really long time to come up (20+ seconds) or b) come up, but never really finish loading (the status bar in IE shows the the response hasn't finished). These are very simple pages (for example, a login page) and our server load is minimal (maybe 10 concurrent users). Then, mysteriously, the problem will go away by itself. It will also return. Given the information above, I'm not expecting any solutions, but I could use some help steering me in the right direction with things to check. We're hooking up monitoring on the systems (Linux) to examine memory and CPU utilization during the slowdowns. Any things in particular we should be examining to try to find the problem? Any idea why the pages would never fully return from the server? TIA -- Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat Load Balancing / Session Clustering - Tests
If you are using a webserver stresstest tool like siege (http://www.joedog.org/siege) be sure to have a delay (5secs or more) between the requests. Because otherwise if the requests come too fast, the load balancing round robin will get screwed up (i think mod_jk(2)'s worker stats aren't updated quick enough), like this: Siege in benchmark mode (--benchmark on cmdline): 20 or more requests go to first tomcat 20 or more to second 20 or more to third and so on... Siege with delay of 5 secs (--delay=5): 1-2 requests to first tomcat 1-2 to second ... And use something without a session for testing, like an image (or use worker.lb_xx.sticky_session=0) At 12:15 10.07.2003 -0400, you wrote: thanks Ben! -Original Message- From: Ben Ricker [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 11:35 AM To: Tomcat Users List Subject: Re: Tomcat Load Balancing / Session Clustering - Tests Well, load testing on the Apache end would be the way to go for scalability testing. You can monitor the network connections to the Tomcat instances (use of netstat does well here; grep for the number of connections to each port every N seconds or minutes, etc.). To test the session stuff, try shutting down instances as you are running through the app. Can you access each Tomcat instance individually? The best way is to use each Tomcat's web server and to access it on the port. Then, shut down that Tomcat and access another Tomcat by its port. If your session continues unaffected, you are good to go. If you have a REALLY good load tester that can capture page data (i.e., return codes and pages from the web server), you could randomly shutdown Tomcat instances while load testing to see how that affects the ouput. HTH, Ben Ricker Wellinx.com On Thu, 2003-07-10 at 09:52, Weissman, Alan wrote: Hey everyone, I've set up a few Tomcat instances in a cluster and would like to test the scalability of the cluster as well as make sure the session clustering is working. Testing scalability is easy and I have load balncing software, but whats the best way to make sure that sessions are clustering as expected? Thanks, Alan Weissman Systems Engineer Concord Financial Technologies [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK Connector url rewrite question
Hmm, sure you don't use a proxy connection toconnect to tomcat instead of mod_jk? :-) My other guess would be to check Apache's httpd.conf for UseCanonicalName and ServerName If ServerName is my.hostname.com and UseCanonicalName is on Apache uses always Servername instead of the URL you typed in Browser, if you want to keep the Browser typed URL set UseCanonicalName Off At 11:03 10.07.2003 -0400, you wrote: I'm running an Apache/Tomcat combination using mod_jk. Whenever I enter a URL to hit the apache server, somewhere along the redirect to tomcat the server portion of the url gets changed. So, if I type http://localhost/myapp I actually get in the browser http://my.hostname.com/myapp This even happens if I type the IP address, rather than a hostname. I'd really like it to not do this, and just use the hostname or IP address that I type in, but I can't seem to find any hook to change this behavior. Can anybody help? Noel Rappin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: webapplication as virtual host root
Just use an empty String as Context path in tomcat/conf/server.xml, for example: Context path= docBase=/path/to/webapp debug=0/ If you want to have both URLs working but not configure everything twice, another method would be to leave the application as is and use Apache's mod_rewrite to redirect all requests to the right URL, for example: RewriteEngine On RewriteRule ^/$ /tgp/ [R] # or with specified host RewriteRule ^/$ http://localhost/tgp/ [R] (see http://httpd.apache.org/docs/misc/rewriteguide.html) At 12:03 10.07.2003 -0700, you wrote: i know this isn't the most sexy question in the world. but, my webapp is getting pounded by traffic right now, and i need this to finish off a desperate performance enhancement . . . does anyone know how to set a webapplication as the root of a virtual host using mod_jk2? basically, i have a webapp /tgp that is accessible via http://localhost/tgp -- but i want this app to be accessible through a virtual host http://tgp -- http://localhost/tgp if anyone could help, you would save me dozens of customers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk2.properties
I think you can leave all entries commented when you're using channelSockets, however when you use channelUnix (fast unix sockets) you need some entries in jk2.properties. (see http://www.pubbitch.org/jboss/mod_jk2.html for details) At 14:28 10.07.2003 -0700, you wrote: Under what circumstances are the properties set in this file relevant? At least for channelSocket they seem to at best be overridden by those in the server.xml for the corresponding CoyoteConnector. I'm using Tomcat 4.1.24. Jamey - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How can I deactivate the access logging
Look for a xml entry with org.apache.catalina.valves.AccessLogValve then comment it out. (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/valve.html) At 15:37 09.07.2003 +0200, you wrote: Hi, i have noticed that tomcat logs all calls to the file localhost_access_log. Is it possible to deactivate this feature ? Best regards anis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
