Re: Missing application web.xml

2005-12-03 Thread Rob Hills
Hi Henrik,

On 4 Dec 2005 at 4:38, hv @ Fashion Content wrote:

> > context.xml:
> > 
> 
> Where is this context.xml file located?  The docBase attribute must
> not be used unless the  tag is inside server.xml or
> conf/Catalina//.xml; the only time a file named
> context.xml is valid is inside the META-INF directory of a webapp.
> 
> it is in META-INF. Ok, so I tried to remove the docBase. Made no
> difference whatsoever.

Please excuse the brief digression into the Ant world, but it is about building 
WAR files for Tomcat...

Another gotcha I found when putting together my Ant war-build scripts is that 
initially I just created a (working) web app on my 
development machine file system and then "zipped" that all up into a WAR file 
using the Ant WAR task.  However, I discovered after 
much fiddling and googling that you can't just zip in the "special" folders 
(WEB-INF, META-INF, WEB-INF/lib etc.) you have to exclude 
them from the files being zipped into the WAR file and then specify the files 
to go into them via the   and  
enclosed tags.

Never worked out what structural difference this made to the WAR file, since it 
looked the same as my previous ones when I unzipped it, 
but functionally it made the difference between it working and not working with 
Tomcat (WRT auto-deploy anyway).

Check your Ant documentation of the WAR task for details.

HTH,

Rob Hills
MBBS, Grad Dip Com Stud, MACS
Senior Consultant
Netpaver Web Solutions
Tel:(08) 9485 2555
Mob:(0412) 904 357
Fax:(08) 9485 2555


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



tomcat 5.5.9 w/ Apache 2.0.54 --- 'className=' no longer needed????

2005-12-03 Thread Kyle
It sems (to me anyway) that tomcat 5.5.9  has changed in recent months 
and documentation is in somewhat of a transition period.

So, I'm now a little lost w/r to integrating an AJP connector for Apache.

In TC v4.1, server.xml had a connector;

   port="8019"
   enableLookups="false" redirectPort="8453" acceptCount="500" 
minProcessors="10"

   maxProcessors="200"/>

But the only information I can find for TC 5.5 is;

 enableLookups="false" redirectPort="8453" 
protocol="AJP/1.3" />


I did find one mention of a 
className="org.apache.ajp.tomcat.Ajp13Connector", but I can't find this 
Class in any jar file I've looked in so far.


Is className really no longer necessary, needed or required?? Is the 
connector now bundled/integrated with Tomcat???


MTiA

Kyle



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Missing application web.xml

2005-12-03 Thread hv @ Fashion Content
Thanks for the advice mate.

I did indeed have an empty Context tag. Changing it didn't make the Missing 
application web.xml message go away though.

I guess I will have to upgrade to 5.5.12 tomorrow.

"Rob Hills" <[EMAIL PROTECTED]> skrev i en meddelelse 
news:[EMAIL PROTECTED]
> Hi Henrik,
>
> On 4 Dec 2005 at 3:33, hv @ Fashion Content wrote:
>
>> Sigh :(
>>
>> Gawd I hate changing Tomcat configurations, it always goes pearshaped.
>>
>> Why does Tomcat say that there is no web.xml when it is in the war
>> file when I unzip it???
>>
>> And how come the default behaviour is to show the contents of the
>> hosts app base ???
>>
>> Tomcat 5.5.9 on FC2
>>
>> partial server.xml:
>> > deployOnStartup="true" autoDeploy="false" xmlValidation="true">
>>
>> context.xml:
>> 
>>
>> I have tried dropping the war in app base and restart the server. I
>> have tried deploying using the manager app.
>>
>> Regardless it doesn't unpack the war, and either throws a nullpointer
>> exception or states that web.xml is missing
>>
>> Que?
>
> I had this one trouble me for some time until I worked out that it wasn't 
> actually the web.xml file that was the problem, but rather my
> context.
>
> A couple of suggestions/things to watch out for:
>
> 1. Try a self-closing Context tag, ie  reloadable="true"/> or else put something "substantial"
> between your opening and closing tags (ie not just a comment).  I think 
> this problem may have been fixed with Tomcat 5.5.12, but in
> an earlier version, I definitely found that Tomcat would not accept the 
>  format if there was nothing
> "substantial" between the opening and closing tags.  That one gave me 
> exactly the error you are seeing now so it took me a while to
> work out what was going on.
>
> 2. Make sure there's only one "context" file/fragment in your WAR file.  I 
> have found that some versions of Tomcat are pretty
> good at ferreting out Context fragments from WAR files, even if they're 
> not in the appropriate area (META-INF folder).  I had buried in
> my WAR tree (buried several levels deep in the WEB-INF directory actually) 
> a context file that my deployment process would parse
> in order to produce the "production version" in META-INF.  Because it 
> contained some tokens that were substituted by the
> deployment process, that precursor file was of course an invalid context. 
> Until I had the deployment process exclude this file from
> my WAR file, I would get exactly the error you describe above whenever I 
> tried to deploy.
>
> HTH,
>
> Rob Hills
> NetPaver Pty Ltd
> Western Australia 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Integrating tomcat 5.5.9 w/ Apache 2.0.54 --- which mod_jk

2005-12-03 Thread Kyle


Hi folks,

Can I still use (reliably and stable[y] ) mod_jk  1.2.14.1 when 
integrating TC 5.5.9 with Apache 2?


Or am I going to be forced to use mod_jk2?


MTiA

Kyle

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Apache, Tomcat & Tomcat Connector 1.2.15

2005-12-03 Thread hv @ Fashion Content
You can have multiple  definitions in server.xml

I am trying to get what you are looking for to work on my own setup atm.

In principle it is easy. But as always when configuration goes wrong with 
Tomcat, you are in the dark.

"Bill Barker" <[EMAIL PROTECTED]> skrev i en meddelelse 
news:[EMAIL PROTECTED]
>
> "Larry Morroni" <[EMAIL PROTECTED]> wrote in message 
> news:[EMAIL PROTECTED]
>> Hi,
>> I have the following setup:
>> Sun Solaris 9
>> Apache 2.0.54
>> Tomcat 5.5.12
>> Tomcat Connectors 1.2.15
>>
>> I run a small ISP.  We would like to setup one tomcat server instance to 
>> handle multiple low-volume tomcat sites.  Right now, the only way I can 
>> use the connector per domain is by putting the contents of the site in 
>> tomcat/webapps/ROOT and then adding: JkMount  /* worker1
>> to the httpd.conf file.  This setup requires a separate tomcat process 
>> for every site.  I think the overhead of this might get a little out of 
>> hand(maybe I am wrong here).  I'd really like to see if I could use my 
>> setup to have multiple tomcat sites running under one process.  Any 
>> advice is appreciated.
>>
>
> Urm, configure multiple Hosts in Tomcat?  See 
> http://tomcat.apache.org/tomcat-5.5-doc/config/host.html.
>
>
>>
>> -- 
>> Larry Morroni ([EMAIL PROTECTED])
>> voice:  610.891.9922
>> http://www.morroni.com 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Missing application web.xml

2005-12-03 Thread Rob Hills
Hi Henrik,

On 4 Dec 2005 at 3:33, hv @ Fashion Content wrote:

> Sigh :(
> 
> Gawd I hate changing Tomcat configurations, it always goes pearshaped.
> 
> Why does Tomcat say that there is no web.xml when it is in the war
> file when I unzip it???
> 
> And how come the default behaviour is to show the contents of the
> hosts app base ???
> 
> Tomcat 5.5.9 on FC2
> 
> partial server.xml:
>  deployOnStartup="true" autoDeploy="false" xmlValidation="true">
> 
> context.xml:
> 
> 
> I have tried dropping the war in app base and restart the server. I
> have tried deploying using the manager app.
> 
> Regardless it doesn't unpack the war, and either throws a nullpointer
> exception or states that web.xml is missing
> 
> Que?

I had this one trouble me for some time until I worked out that it wasn't 
actually the web.xml file that was the problem, but rather my 
context.

A couple of suggestions/things to watch out for:

1.  Try a self-closing Context tag, ie  or else put something "substantial" 
between your opening and closing tags (ie not just a comment).  I think this 
problem may have been fixed with Tomcat 5.5.12, but in 
an earlier version, I definitely found that Tomcat would not accept the 
 format if there was nothing 
"substantial" between the opening and closing tags.  That one gave me exactly 
the error you are seeing now so it took me a while to 
work out what was going on.

2.  Make sure there's only one "context" file/fragment in your WAR file.  I 
have found that some versions of Tomcat are pretty 
good at ferreting out Context fragments from WAR files, even if they're not in 
the appropriate area (META-INF folder).  I had buried in 
my WAR tree (buried several levels deep in the WEB-INF directory actually) a 
context file that my deployment process would parse 
in order to produce the "production version" in META-INF.  Because it contained 
some tokens that were substituted by the 
deployment process, that precursor file was of course an invalid context.  
Until I had the deployment process exclude this file from 
my WAR file, I would get exactly the error you describe above whenever I tried 
to deploy.

HTH,

Rob Hills
NetPaver Pty Ltd
Western Australia

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Missing application web.xml

2005-12-03 Thread hv @ Fashion Content
> Why does Tomcat say that there is no web.xml when it is in
> the war file when I unzip it???

>Is it inside WEB-INF (which must be in caps)?

It is generated by the Ant WAR task, so yes it is, and I verified it as 
well. context.xml is in META-INF.

> And how come the default behaviour is to show the contents of
> the hosts app base ???

>Probably because the default servlet is being invoked, since your
>webapps are appaently not being deployed.  The default Tomcat config is
>oriented towards development and testing, not production, so it displays

Yes I understand that. Listing resources in a WAR seems perfectly 
reasonable, but listing the actual WAR seems a bit strange.

> partial server.xml:
>  deployOnStartup="true" autoDeploy="false" xmlValidation="true">

>That host name looks very suspect; the value is supposed to be a DNS
>name.  I can't think of anything good happening with a value of "..".

It is a dns name. I just didnt write it.

> context.xml:
> 

Where is this context.xml file located?  The docBase attribute must not
be used unless the  tag is inside server.xml or
conf/Catalina//.xml; the only time a file named
context.xml is valid is inside the META-INF directory of a webapp.

it is in META-INF. Ok, so I tried to remove the docBase. Made no difference 
whatsoever.

Henrik


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers. 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Missing application web.xml

2005-12-03 Thread hv @ Fashion Content
> Why does Tomcat say that there is no web.xml when it is in the war file 
> when
> I unzip it???

> partial server.xml:
>  deployOnStartup="true" autoDeploy="false" xmlValidation="true">

>Have you always had xmlValidation set to true or did you change that 
>recently?


I have been banging my head against the wall with this virtualhost+ROOT 
stuff for 14 hours now, so I was just trying it out.

>There have been some threads about xml validation recently.  Since it
>sounds like Tomcat is unhappy with your web.xml file, I would try
>turning validation off and see what happens.

Good question. Although the web.xml has been working without any problems 
for at least a month, I gave it a shot at a validator, which complained 
about the xsi:schemaLocation definition being wrong, so I fixed that. Now I 
am stuck with a bunch of validation errors in the two Sun XSD files.. So 
I couldn't say if the web.xml actually validates.

Even if it is somewhat broken a NullPointerException and a complaint about a 
missing web.xml would be kinda misleading, wouldn't you say.

Henrik 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Fw: Verisign Certificate Still Giving Me Troubles:

2005-12-03 Thread Scott Purcell
Thanks Bill for the info.

Verisign gave me a cert.cer file. So I am not sure how to handle this. My
connector currently is this:

   
  // here is what I am working with that is currently commented out
// I was able to add the cert to the keystore using  this:

keytool -import -alias  -keystore
 -trustcacerts -file 



// but this is the one that is working using openSSL and the certificate
made from the below link:


I am getting messed up because I am not sure what is the private key and
what is the public key as I am reading.
Verisign made me create a "keystore", then a "csr" file which I posted to
them, and then I received a "cert.cer" file back.
Originally I tried just doing this:


But it hung and never responded. That is when I tried doing the example from
the openssl notes.

?Thanks
Scott


- Original Message -
From: "Bill Barker" <[EMAIL PROTECTED]>
To: 
Sent: Saturday, December 03, 2005 6:09 PM
Subject: Re: Verisign Certificate Still Giving Me Troubles:


> Well, firstly, Verisign should have given you a cert.crt file :).
>
> Verisign uses an intermediate cert to sign with (available from their
site).
> Based on configuring mod_ssl I'm guessing that you need to download it and
> set:
>   SSLCertificateChainFile="/path/to/int/cert.crt"
> in your  element.
>
> From the previous threads, I'm assuming that you are still using the APR
> connector.  If you are using the Java connector, then simply import the
> intermediate cert into your keystore (and ignore the above).
>
> "Scott Purcell" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>
>
>
> Hello,
>
> A few people helped me out last week, to get simple SSL running. IN
> particular Dhaval, Remy and Nate. Anyway, I have followed the directions
> from here: http://www.fatofthelan.com/articles/articles.php?pid=12 section
3
> and all works well.
>
> So that means my tomcat is all configured and happy.
>
> But this was a "generic" certificate. I gave Verisign a certreq.csr file
and
> they gave me a certificate last week and it was called cert.cer.
>
> I cannot for the life of me figure out how to get the certreq.csr working?
>
> I have been following these steps here:
>  Based upon my knowledge,to incorporate Verisign certificate, steps are as
> follows:
> (Derived from http://www.fatofthelan.com/articles/articles.php?pid=12 )
> (1) openssl req -new -out server.csr (This will generate csr and private
> key. Make sure you feel
> the values correctly on openssl command prompt. )
> (2) openssl rsa -in privkey.pem -out server.key (This removes the
passphrase
> from the private key.
> Also delete generated .rnd file)
> (3) Here there are two (either or) possibilities:
>
>
> But honestly do not know where to substitute my "certreq.csr" that
verisign
> gave me in this equation.
>
> Regards
>
>
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: Missing application web.xml

2005-12-03 Thread Caldarale, Charles R
> From: news [mailto:[EMAIL PROTECTED] On Behalf Of hv @ 
> Fashion Content
> Subject: Missing application web.xml
> 
> Why does Tomcat say that there is no web.xml when it is in 
> the war file when I unzip it???

Is it inside WEB-INF (which must be in caps)?

> And how come the default behaviour is to show the contents of 
> the hosts app base ???

Probably because the default servlet is being invoked, since your
webapps are appaently not being deployed.  The default Tomcat config is
oriented towards development and testing, not production, so it displays
directory listings.  Set the listings param of the default servlet in
conf/web.xml to false if you want to change this.

> partial server.xml:
>  deployOnStartup="true" autoDeploy="false" xmlValidation="true">

That host name looks very suspect; the value is supposed to be a DNS
name.  I can't think of anything good happening with a value of "..".

> context.xml:
> 

Where is this context.xml file located?  The docBase attribute must not
be used unless the  tag is inside server.xml or
conf/Catalina//.xml; the only time a file named
context.xml is valid is inside the META-INF directory of a webapp.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: Re: Re: NullPointer Exception in HostConfig

2005-12-03 Thread Caldarale, Charles R
> From: news [mailto:[EMAIL PROTECTED] On Behalf Of hv @ 
> Fashion Content
> Subject: Re: Re: NullPointer Exception in HostConfig
> 
> Well trying to be constructive. What syntax checker would 
> you suggest?

There are literally hundreds available - many IDEs have plugins
available, ConTEXT and jEdit have syntax highlighting, even grungy old
IE has error checking.  To keep it in the famaily, try this:
http://forrest.apache.org/docs_0_70/validation.html

There are several web sites that will do it for you, such as:
http://www.xmlvalidation.com/
http://www.mel.nist.gov/msid/validation/ (your tax dollars at work)

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Missing application web.xml

2005-12-03 Thread Wendy Smoak
On 12/3/05, hv @ Fashion Content <[EMAIL PROTECTED]> wrote:

> Why does Tomcat say that there is no web.xml when it is in the war file when
> I unzip it???

> partial server.xml:
>  deployOnStartup="true" autoDeploy="false" xmlValidation="true">

Have you always had xmlValidation set to true or did you change that recently?

There have been some threads about xml validation recently.  Since it
sounds like Tomcat is unhappy with your web.xml file, I would try
turning validation off and see what happens.

--
Wendy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: When does 408 happen ?

2005-12-03 Thread hv @ Fashion Content
Ok, in a way the problem is "solved", as I apparently was trying to achieve 
something that goes against
the implemented behaivour.

On the default page of the site I put a login form as descibed in the 
Servlet spec.
I then specified the default page to be the login page and listed all other 
pages on the site(Except access denied page) as protected.

The behaviour that I expected was:
1) If a user visits the site he has the option to log in.
2) If he returns to the site via an old link/favourite, the default page 
will be shown for him to log in.

As I understand it now, this setup cannot be achieved using form 
authentication.

In my mind that makes form authentication completely useless.

Hopefully I got it all wrong, and there is a way to achieve my goal.

"Mark Thomas" <[EMAIL PROTECTED]> skrev i en meddelelse 
news:[EMAIL PROTECTED]
> hv @ Fashion Content wrote:
>> So what if my login page does NOT create a session and the user browses 
>> to the login page and then enters credentials ?
>
> Tomcat will create one if it does not exist.
>
> I recognise the text "The time allowed for the login process has been 
> exceeded. If you wish to continue you must either click back twice and 
> re-click the link you requested or close and re-open your browser" as 
> something I wrote so I am pretty sure this is coming from Tomcat. The 
> message is generated when the session is invalid. This was only seen as 
> the result of a time-out but could also be as a result of other session 
> problems.
>
> Using a tool like ieHttpHeaders (IE), Live HTTP Headers (Firefox) or 
> TcpMon (from Apache Axis) should help you figure out what is going on.
>
> Mark 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Missing application web.xml

2005-12-03 Thread hv @ Fashion Content
Sigh :(

Gawd I hate changing Tomcat configurations, it always goes pearshaped.

Why does Tomcat say that there is no web.xml when it is in the war file when 
I unzip it???

And how come the default behaviour is to show the contents of the hosts app 
base ???

Tomcat 5.5.9 on FC2

partial server.xml:


context.xml:


I have tried dropping the war in app base and restart the server.
I have tried deploying using the manager app.

Regardless it doesn't unpack the war, and either throws a nullpointer 
exception or states that web.xml is missing

Que?

Henrik




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Re: NullPointer Exception in HostConfig

2005-12-03 Thread hv @ Fashion Content
Well trying to be constructive. What syntax checker would you suggest?

That aside, it didnt make much difference, I still get a nullpointer 
exception.

It is happening on a webapp that has run fine for 6 months. The change I am 
making is
to go from a single  and multiple  to multiple  and one 
 each.

You would think that it was a fairly simple move, not one where the whole 
server is offline for a full day.

So while less syntax checking may be a good a guiding principle, it makes 
bug hunts very time consuming.

"Caldarale, Charles R" <[EMAIL PROTECTED]> skrev i en meddelelse 
news:[EMAIL PROTECTED]
> From: news [mailto:[EMAIL PROTECTED] On Behalf Of hv @
> Fashion Content
> Subject: Re: NullPointer Exception in HostConfig
>
> P.S. the ROOT.xml does end with a 

Which could well be part of the problem, since the tag is  not
.  Case matters. Also, if you're using a 5.5 version of Tomcat,
the path attribute is illegal (not ignored) unless the  element
is inside server.xml - which is strongly discouraged.

You should be using an XML syntax checker before you actually throw junk
at Tomcat - diagnosing XML structure problems is not what it's designed
for.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers. 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: Re: NullPointer Exception in HostConfig

2005-12-03 Thread Caldarale, Charles R
> From: news [mailto:[EMAIL PROTECTED] On Behalf Of hv @ 
> Fashion Content
> Subject: Re: NullPointer Exception in HostConfig
> 
> P.S. the ROOT.xml does end with a 

Which could well be part of the problem, since the tag is  not
.  Case matters. Also, if you're using a 5.5 version of Tomcat,
the path attribute is illegal (not ignored) unless the  element
is inside server.xml - which is strongly discouraged.

You should be using an XML syntax checker before you actually throw junk
at Tomcat - diagnosing XML structure problems is not what it's designed
for.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Apache 2.2 and mod_proxy_ajp

2005-12-03 Thread Bill Barker

"Chris Lear" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
>* Jess Holle wrote (02/12/05 13:53):
>> I have some vague recollection that performance of mod_proxy_ajp tested
>> just /slightly /better than mod_jk.
>
> But where is the information on this?
>

You can search the [EMAIL PROTECTED] archives (where I vaguely remember this), 
but 
I haven't seen any recent benchmark data on either the [EMAIL PROTECTED] or the 
[EMAIL PROTECTED] lists.

> I joined this list a few days ago after Googling like crazy for
> information on the most sensible and supported way to connect apache to
> tomcat (or whether to drop it and just use the http connector). In the
> end, I'm using mod_jk, because I couldn't find *anything* helpful on the
> web about configuring or using mod_proxy_ajp, apart from some
> theoretical examples that tended to be incompatibile with one another.

It's integrated into mod_proxy, so you use the same directives that you 
would use for mod_proxy.  e.g.

# Forward all to myapp
ProxyPass /myapp ajp://localhost:8009/myapp

# Alt Forward all to myapp

ProxyPass ajp://localhost:8009/myapp


# Forward all JSP files
RewriteRule (.*)\.jsp$ ajp://localhost:8009/$1.jsp [P]



> The only thing people seem to agree on is that mod_jk2 is no use, though
> that had the option of unix sockets, which I would have thought would be
> a good thing.
>
> I might revert to using the http connector. The reasons for not doing
> this are: 1) I want apache to do SSL, 2) I don't want to run tomcat as
> root, and using local port forwarding is a hassle, and 3) there's a bit
> more flexibility in the apache route.
>
> Chris
>
>
>>
>> Tim Funk wrote:
>>
>>> Performance (IIRC while reading on the mailing lists) is about the
>>> same. mod_proxy_ajp should be easier to configure and install since it
>>> comes bundled with apache and it should be much easier to install than
>>> jk.
>
>>>
>>> -
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>> 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Charset configurations for JSP pages

2005-12-03 Thread Bill Barker

"Mieke Banderas" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> Mark Thomas said:
>>Mieke Banderas wrote:
>>> Mark Thomas said:
Read the spec.
>>> Where in the spec?
>>
>>"JSP.4 Internationalization Issues" would seem to be a blinding
>>obvious place to start.
>
> I didn't find anything obvious in that section. It says:
> "A JSP page uses a character encoding.  The encoding can be described
> explicitly using the pageEncoding attribute of the page directive.  The
> character  encoding defaults to the encoding indicated in the contentType
> attribute of the  page directive if it is given, or to ISO-8859-1 
> otherwise."
> Which is more or less what T P already had got down in the question.
>
> So it seems there were something else going on, unless I miss something.
> Is Tomcat 3, 4 and 5 very different in the settings that need to be done?
> I still use 3 and 4.
>

Tomcat 3 is very different from 4 & 5.  In particular, internationalization 
isn't very well supported in JSP 1.1/Servlet 2.2.  Tomcat 3.3.x has some 
specialized extensions to work around this, but at the end of the day it's 
an outdated spec problem.

> Some links list searchers may appreciate:
> The JSP 1.1, 1.2 (the one I needed myself) and 2.0 specifications are
> downloadable (after reg) from Sun here:
> 
> (Scroll down to the specs)
> and JSP documentation is here:
> 
>
> While not JSP specific, I've found this useful link page of Java
> Internationalization oriented writings as well:
> "i18ngurus.com, the open internationalization resources directory" -> /
> Programming/Java
> 
>
> and O'Reilly released the book "Java Internationalization" in 2001
>  




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Apache, Tomcat & Tomcat Connector 1.2.15

2005-12-03 Thread Bill Barker

"Larry Morroni" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> Hi,
> I have the following setup:
> Sun Solaris 9
> Apache 2.0.54
> Tomcat 5.5.12
> Tomcat Connectors 1.2.15
>
> I run a small ISP.  We would like to setup one tomcat server instance to 
> handle multiple low-volume tomcat sites.  Right now, the only way I can 
> use the connector per domain is by putting the contents of the site in 
> tomcat/webapps/ROOT and then adding: JkMount  /* worker1
> to the httpd.conf file.  This setup requires a separate tomcat process for 
> every site.  I think the overhead of this might get a little out of 
> hand(maybe I am wrong here).  I'd really like to see if I could use my 
> setup to have multiple tomcat sites running under one process.  Any advice 
> is appreciated.
>

Urm, configure multiple Hosts in Tomcat?  See 
http://tomcat.apache.org/tomcat-5.5-doc/config/host.html.


>
> -- 
> Larry Morroni ([EMAIL PROTECTED])
> voice:  610.891.9922
> http://www.morroni.com 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Verisign Certificate Still Giving Me Troubles:

2005-12-03 Thread Bill Barker
Well, firstly, Verisign should have given you a cert.crt file :).

Verisign uses an intermediate cert to sign with (available from their site). 
Based on configuring mod_ssl I'm guessing that you need to download it and 
set:
  SSLCertificateChainFile="/path/to/int/cert.crt"
in your  element.

>From the previous threads, I'm assuming that you are still using the APR 
connector.  If you are using the Java connector, then simply import the 
intermediate cert into your keystore (and ignore the above).

"Scott Purcell" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]



Hello,

A few people helped me out last week, to get simple SSL running. IN 
particular Dhaval, Remy and Nate. Anyway, I have followed the directions 
from here: http://www.fatofthelan.com/articles/articles.php?pid=12 section 3 
and all works well.

So that means my tomcat is all configured and happy.

But this was a "generic" certificate. I gave Verisign a certreq.csr file and 
they gave me a certificate last week and it was called cert.cer.

I cannot for the life of me figure out how to get the certreq.csr working?

I have been following these steps here:
 Based upon my knowledge,to incorporate Verisign certificate, steps are as 
follows:
(Derived from http://www.fatofthelan.com/articles/articles.php?pid=12 )
(1) openssl req -new -out server.csr (This will generate csr and private 
key. Make sure you feel
the values correctly on openssl command prompt. )
(2) openssl rsa -in privkey.pem -out server.key (This removes the passphrase 
from the private key.
Also delete generated .rnd file)
(3) Here there are two (either or) possibilities:


But honestly do not know where to substitute my "certreq.csr" that verisign 
gave me in this equation.

Regards





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Apache, Tomcat & Tomcat Connector 1.2.15

2005-12-03 Thread Larry Morroni

Hi,
I have the following setup:
Sun Solaris 9
Apache 2.0.54
Tomcat 5.5.12
Tomcat Connectors 1.2.15

I run a small ISP.  We would like to setup one tomcat server instance to 
handle multiple low-volume tomcat sites.  Right now, the only way I can 
use the connector per domain is by putting the contents of the site in 
tomcat/webapps/ROOT and then adding: JkMount  /* worker1
to the httpd.conf file.  This setup requires a separate tomcat process 
for every site.  I think the overhead of this might get a little out of 
hand(maybe I am wrong here).  I'd really like to see if I could use my 
setup to have multiple tomcat sites running under one process.  Any 
advice is appreciated.



--
Larry Morroni ([EMAIL PROTECTED])
voice:  610.891.9922
http://www.morroni.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: NullPointer Exception in HostConfig

2005-12-03 Thread hv @ Fashion Content
P.S. the ROOT.xml does end with a 

"hv @ Fashion Content" <[EMAIL PROTECTED]> skrev i en meddelelse 
news:[EMAIL PROTECTED]
> The error information on context.xml parsing is very sparse to say the 
> least...
>
> SEVERE: Error deploying configuration descriptor ROOT.xml
> java.lang.NullPointerException
>at 
> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:574)
>at 
> org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:536)
>at 
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:471)
>at 
> org.apache.catalina.startup.HostConfig.start(HostConfig.java:1102)
>at 
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>at 
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
>at 
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1020)
>at 
> org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
>at 
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1012)
>at 
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
>at 
> org.apache.catalina.core.StandardService.start(StandardService.java:450)
>at 
> org.apache.catalina.core.StandardServer.start(StandardServer.java:683)
>at org.apache.catalina.startup.Catalina.start(Catalina.java:537)
>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>at java.lang.reflect.Method.invoke(Method.java:585)
>at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271)
>at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409)
>
> As I have 3 different hosts defined, I am not sure which one it refers to. 
> It seems though that all three fail with this message. Even so the third 
> seems to be working fine, while the other two are not.
>
> This is the content of one of them
>path="" docBase="ROOT" reloadable="true">
> 
> directory="logs"  prefix="blingon_test_log." 
> suffix=".txt"
>  pattern="common" resolveHosts="false"/>
>
> Any ideas as to what makes HostConfig fail ? I assume it is a parsing 
> error, but since there is no logging statement in line 566, I don't know 
> which. 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Problems with Mod JK (Apache 2.052 and Tomcat 5.5.9)

2005-12-03 Thread Luka Andrejasic
The Catalina log file does contain the message you suggested. And also 
another one listening on /0.0.0.0:8010.


There is only the basic firewall running on the server, with the following 
settings :


*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmp -m limit --limit 5/sec -j ACCEPT
-A INPUT -p icmp -j DROP
-A OUTPUT -m limit --limit 2000/sec --limit-burst 2000 -j ACCEPT
-A OUTPUT -p icmp -m limit --limit 5/sec -j ACCEPT
-A OUTPUT -p icmp -j DROP
COMMIT

And yes, Apache and Tomcat are both running on the same server. I really 
have no idea what this could be...If I put the mod_jk log into debug mode, 
it starts generating a file, which gets a few GB after a few days. And that 
is just from 1 connection.


What else could be wrong?

Thanks for helping,
Luka

- Original Message - 
From: "Duan, Nick" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Friday, December 02, 2005 5:07 PM
Subject: RE: Problems with Mod JK (Apache 2.052 and Tomcat 5.5.9)


I guess one way to test if the ajp listener on tomcat is working is to
take a look at your Catalina log file and see if it contains a log
message something like "INFO: JK: ajp13 listening on /0.0.0.0:8009".

Some other factors to consider:  Are tomcat and apache httpd running on
the same machine?  Any firewall/proxies/socks in between?

ND

-Original Message-
From: Luka Andrejasic [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 30, 2005 3:15 PM
To: Tomcat Users List
Subject: Re: Problems with Mod JK (Apache 2.052 and Tomcat 5.5.9)

I tried your version and I tried deleting acceptCount and className out
of
the connector settings and nothing has changed. I am still getting the
Error
500, when trying to access "server.domain.com". Other apache only
virtual
domains work without problems.

The error log still says :
[Wed Nov 30 14:34:42 2005] [info]  jk_handler::mod_jk.c (1993): Could
not
find a worker for worker name=ajp13w

What else could it be?

Thanks,
Luka

- Original Message - 
From: "Duan, Nick" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Wednesday, November 30, 2005 8:45 PM
Subject: RE: Problems with Mod JK (Apache 2.052 and Tomcat 5.5.9)


I see.  It still looks like a connector configuration problem.  It seems
that your connector config was using an older format, not the one for
5.5.  For instance, the acceptCount and className shouldn't be part of
the AJP connector setting.

You may want to try the one I posted or configure one according to
http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html

ND

-Original Message-
From: Luka Andrejasic [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 30, 2005 11:37 AM
To: Tomcat Users List
Subject: Re: Problems with Mod JK (Apache 2.052 and Tomcat 5.5.9)

Thanks for the assistance Nick.

I think the connector is alreary defined in the current configuration.
Perhaps you overlooked that line :

   

Should I delete this one and try yours? The same error occured when they

were placed side by side (yours on top).

Thanks for helping.

Luka

- Original Message - 
From: "Duan, Nick" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Wednesday, November 30, 2005 3:58 PM
Subject: RE: Problems with Mod JK (Apache 2.052 and Tomcat 5.5.9)


Well, the log msg is complaining about not able to find the worker.
Apparently your tomcat wasn't configured for listening to ajp13 request
from httpd.  A connector entry for ajp13 should be added to server.xml
file.  At least it was not listed in your email.

   
   

ND

-Original Message-
From: Luka Andrejasic [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 9:24 PM
To: Tomcat Users List
Subject: Re: Problems with Mod JK (Apache 2.052 and Tomcat 5.5.9)

"I remember workers.properties is  located in apache/conf/, the same
directory with httpd.conf.."
The file workers.properties is located under Tomcat`s conf directory,
not
Apache`s.

In workers.properties I only have the following and that should be
enough :
worker.list=ajp13w
worker.ajp13w.port=8009
worker.ajp13w.host=localhost
worker.ajp13w.type=ajp13
worker.ajp13w.cachesize=10
worker.ajp13w.cache_timeout=1200
worker.ajp13w.socket_timeout=3600

Any other idea what else it might be?

Thanks for the reply and trying to help.

Luka

- Original Message - 
From: "blueberry lake" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Wednesday, November 30, 2005 3:06 AM
Subject: Re: Problems with Mod JK (Apache 2.052 and Tomcat 5.5.9)


Since I am a new user of mod_jk, please correct me if I am wrong.

In your apache httpd.conf, you set:
"JkWorkersFile "/var/tomcat/conf/workers.properties"
I remember workers.properties is  located in apache/conf/, the same
directory with httpd.conf..

And, do you indicate the location of tomcat in workers.properties, such
as
workers.tomcat_home=/.../tomcat/?

-b

On 11/29/05, Luka Andrejasic <[EMAIL PROTECTED]> wrote:


Hello guys,

I am trying to figure this one out for weeks. Nothing seem

NullPointer Exception in HostConfig

2005-12-03 Thread hv @ Fashion Content
The error information on context.xml parsing is very sparse to say the 
least...

SEVERE: Error deploying configuration descriptor ROOT.xml
java.lang.NullPointerException
at 
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:574)
at 
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:536)
at 
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:471)
at 
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1102)
at 
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at 
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1020)
at 
org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
at 
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1012)
at 
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
at 
org.apache.catalina.core.StandardService.start(StandardService.java:450)
at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:683)
at org.apache.catalina.startup.Catalina.start(Catalina.java:537)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409)

As I have 3 different hosts defined, I am not sure which one it refers to. 
It seems though that all three fail with this message. Even so the third 
seems to be working fine, while the other two are not.

This is the content of one of them


   

Any ideas as to what makes HostConfig fail ? I assume it is a parsing error, 
but since there is no logging statement in line 566, I don't know which. 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: SSL InvalidKeystore Format?

2005-12-03 Thread Scott Purcell
Could you clarify? I am unsure what you mean.

I am really stuck on this, and could use a hand. 



- Original Message - 
From: "James Rome" <[EMAIL PROTECTED]>
To: 
Sent: Saturday, December 03, 2005 2:42 PM
Subject: Re: SSL InvalidKeystore Format?


> The accepted CAs are in /jre/lib/security/cacerts which you manage with
> keytool. This only comes into play if you require a client certificate.
> Then the user's browser only presents certificates from your CA list.
> 
> Jim
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: SSL InvalidKeystore Format?

2005-12-03 Thread James Rome
The accepted CAs are in /jre/lib/security/cacerts which you manage with
keytool. This only comes into play if you require a client certificate.
Then the user's browser only presents certificates from your CA list.

Jim

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Sttaus 500 when delivering PHP pages with JSR 223 Reference Implementation

2005-12-03 Thread Richard A. DeVenezia
My situation is that my web host processes php files using a cgi-bin/php
mechanism, which incurs a php startup cost on each php page served.  I don't
have the option of getting mod_php turned on

I do have pretty complete control over my Tomcat situation though.  Thus, I
want to try to use the JSR 223 reference implementation to deliver my php
pages from a servlet, which in theory, will keep a php processor
(libphp.so?) in memory and
deliver php generated content faster than the apache/cgi-bin situation I am
hindered with.  I would have to rename all my php pages to something like
.phpx, or .phpj, or .phptc, or .sphp to prevent the cgi-bin situation

(remove the big X's)

browse to: http://deveXnezia.coXm.wXwXw1.kc.aoindustries.com/inXfo.phpx
--
HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it
from fulfilling this request.

exception

java.lang.NullPointerException
com.sun.script.util.ScriptEnginePool.(ScriptEnginePool.java:28)
com.sun.script.util.ScriptEnginePool.(ScriptEnginePool.java:39)
com.sun.script.http.ScriptServlet$EngineRepository.checkOut(ScriptServlet.ja
va:117)
com.sun.script.http.ScriptServlet.getEngine(ScriptServlet.java:85)
javax.script.http.HttpScriptServlet.service(HttpScriptServlet.java:115)

note The full stack trace of the root cause is available in the Apache
Tomcat/5.5.9 logs.
Apache Tomcat/5.5.9
--

$  more /www/devenezia.com/webapps/ROOT/info.phpx


$ cat /proc/version
Linux version 2.6.8.1-25mdk ([EMAIL PROTECTED]) (gcc version 3.4.1
(Mandrakelinux 10.1 3.4.1-4mdk)) #1 Tue May 31 12:00:26 MDT 2005

$ uname -a
Linux www1.kc.aoindustries.com 2.6.8.1-25mdk #1 Tue May 31 12:00:26 MDT 2005
i686 Intel(R) Pentium(R) 4 CPU 1.70GHz unknown GNU/Linux

jsr223 installed at:
/www/devenezia.com/opt/jsr223

/www/devenezia.com/conf/web.xml contains:
-

JSR223Script
com.sun.script.http.ScriptServlet

script-blocks
js,groovy

 
and

JSR223Script
*.phpx

-

My host has a browser based Control Panel (CP) for restarting Tomcat.  Some
logging indicates the tomcat process has these env vars (as setup by
startupjsr.sh)

JAVA_OPTS=-Djava.library.path=/www/devenezia.com/opt/jsr223/php5/lib
LD_LIBRARY_PATH=/usr/postgresql/7.3/lib:/usr/j2sdk/1.4.2_04/jre/lib/i386/cli
ent:/usr/j2sdk/1.4.2_04/jre/lib/i386:/usr/j2sdk/1.4.2_04/jre/../lib/i386:/us
r/postgresql/7.3/lib:/usr/postgresql/7.3/lib::/www/devenezia.com/opt/jsr223/
php5/lib/dummylib
PHPRC=/www/devenezia.com/opt/jsr223/php5/lib

Any ideas on what is needed for getting 223 reference implementation working
?
Is the source code of the ref. imp. available ?

Thanks,

Richard


Re: SSL InvalidKeystore Format?

2005-12-03 Thread Scott Purcell
Do you think Verisign should be able to supply me with a openSSL
certificate? Maybe that would help. I just don't know enough about this to
make any logical sense. I will email Verisign and see what they say.

Thanks,
Scott

PS, did you have Nates earlier email you described below? If so could you
email me it?

Thanks


- Original Message -
From: "Dhaval Patel" <[EMAIL PROTECTED]>
To: "Tomcat Users List" 
Sent: Saturday, December 03, 2005 1:13 PM
Subject: Re: SSL InvalidKeystore Format?


> Scott,
>
>You might have to use OpenSSL instead of keytool. OpenSSL is
recommended in production
> environment. Also if you want to use APR+SSL, you might have to use
OpenSSL (I am not sure about
> it). So you have to generate key using openssl and then supplied key to
Verisign. If you have
> time, read my and Nate's previous messages. Nate's message explains a lot
about key, certificate
> and encoding.
>
>I am not quite sure wheter this key+certificate will work with APR+SSL
since they were
> generated using keytool. But you can try.
>
>Let us know if it works or not.
>
> Regards,
> D
>
> --- Scott Purcell <[EMAIL PROTECTED]> wrote:
>
> > Just found this in my email mess: Thanks for responding:
> > Here is what I supplied to verisign for my certificate:
> >
> > 1) Prepared the Keystore:
> > keytool -genkey -keystore myKeystore -alias keystoreAlias
> > (it asked for me for passwords, etc.);
> >
> > 2) Generated a CSR
> > a)  keytool -genkey -alias keystoreAlias -keyalg RSA -keystore
myKeystore
> > b) keytool -certreq -keyalg RSA -alias keystoreAlias -file
> > certreq.csr -keystore myKeystore
> >
> >  so it looks like I used keytool, and not openssl.
> >
> > Then they send me back a
> > cert.cer file in my email:
> >
> > ###
> > 2) I was not able to download it from anywhere, as it came in my email:
> >
> > 3) I was able to get the SSL running in a ssl format using the supplied
link
> > from fatofthelan.com article pid=12
> > and currently have a generic certificate running.
> >
> >
> > Thanks,
> > Scott
> >
> >
> >
> >
> >
> >
> > - Original Message -
> > From: "Nate Rock" <[EMAIL PROTECTED]>
> > To: "Tomcat Users List" 
> > Sent: Friday, December 02, 2005 8:50 AM
> > Subject: RE: SSL InvalidKeystore Format?
> >
> >
> > Dhaval your explincation was excellent! I think with a bit more
information
> > about how exactly Scott got his certificate from verisign, I think we
can
> > help him out a bit more.
> >
> > 1. What did you use to create your Certificate Request (csr) to
verisign?
> >
> > -IIS
> > -java keytool
> > -openssl
> >
> > 2. after you received your signed certificate back from verisign, what
> > format did you download it in?
> >
> > -PKCS7  - signed cert only - DER binary encoding
> > -PEM   - signed cert only
> >
> > 3. After you got the signed certificate what format is your keystore?
> >
> > -PKCS12 - pub/priv keys + signed certificate
> >   -JKS  - pub/priv keys + signed certificate (sun specific format
> > -PEM  - single file with both PEM encoded (RSA formatted, non
encrypted!)
> > private key   concatinated on to the PEM encoded signed cert
> > -PEM  - two files
> >   1. one contain the PEM encoded (RSA formattd, non-encrypted private
key -
> > server.key
> >   2. one containing the PEM encoded signed cert
> >
> > The native ARP connector only supports the last two file formats, so if
you
> > have a PKCS12 refer to my previous posting expliaining how to split a
PKCS12
> > file into multiple PEM Encoded files.
> >
> > Just for the record, I belive you can go back to verisign and download
your
> > signed certificate in multiple formats...
> >
> > I am also in the process of parsing out a signed by verisign certificate
to
> > see if it's even possible. We may be stuck using self signed
certificates
> > for now because the APR connector doesn't support he following
attributes
> > yet:
> >
> > SSLCACertificateFile
> > SSLCACertificatePath
> >
> > These attributes are supported allowing you to specify which CA's you
accept
> > outside of the "default" ones (who's location I am still trying to
> > trackdown).
> >
> >-rOcK
> >
> > -Original Message-
> > From: Dhaval Patel [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, December 01, 2005 8:48 PM
> > To: Tomcat Users List
> > Subject: Re: SSL InvalidKeystore Format?
> >
> > Hi Scott,
> >
> >   Good to hear that it works. Thank also go to Remy and Nate Rock.
> >
> >   You have purchased SSL. In this purchase process, did you submit
> > Certificate Request (csr) to Verisign? As far as I know the process of
> > getting signed SSL certificate is first you have to generate certificate
> > request (csr), then you have to submit this csr to Verisign or Thawte,
then
> > they will give you actual signed certificate (.crt) and then you have to
use
> > that crt in this process.
> >
> >   Based upon my knowledge,to incorporate Verisign certificate, steps are
as
> > follows:
> > (Derived from http://www.fatofthelan.com/article

Re: SSL InvalidKeystore Format?

2005-12-03 Thread Dhaval Patel
Scott,

   You might have to use OpenSSL instead of keytool. OpenSSL is recommended in 
production
environment. Also if you want to use APR+SSL, you might have to use OpenSSL (I 
am not sure about
it). So you have to generate key using openssl and then supplied key to 
Verisign. If you have
time, read my and Nate's previous messages. Nate's message explains a lot about 
key, certificate
and encoding.

   I am not quite sure wheter this key+certificate will work with APR+SSL since 
they were
generated using keytool. But you can try. 

   Let us know if it works or not.

Regards,
D

--- Scott Purcell <[EMAIL PROTECTED]> wrote:

> Just found this in my email mess: Thanks for responding:
> Here is what I supplied to verisign for my certificate:
> 
> 1) Prepared the Keystore:
> keytool -genkey -keystore myKeystore -alias keystoreAlias
> (it asked for me for passwords, etc.);
> 
> 2) Generated a CSR
> a)  keytool -genkey -alias keystoreAlias -keyalg RSA -keystore myKeystore
> b) keytool -certreq -keyalg RSA -alias keystoreAlias -file
> certreq.csr -keystore myKeystore
> 
>  so it looks like I used keytool, and not openssl.
> 
> Then they send me back a
> cert.cer file in my email:
> 
> ###
> 2) I was not able to download it from anywhere, as it came in my email:
> 
> 3) I was able to get the SSL running in a ssl format using the supplied link
> from fatofthelan.com article pid=12
> and currently have a generic certificate running.
> 
> 
> Thanks,
> Scott
> 
> 
> 
> 
> 
> 
> - Original Message -
> From: "Nate Rock" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" 
> Sent: Friday, December 02, 2005 8:50 AM
> Subject: RE: SSL InvalidKeystore Format?
> 
> 
> Dhaval your explincation was excellent! I think with a bit more information
> about how exactly Scott got his certificate from verisign, I think we can
> help him out a bit more.
> 
> 1. What did you use to create your Certificate Request (csr) to verisign?
> 
> -IIS
> -java keytool
> -openssl
> 
> 2. after you received your signed certificate back from verisign, what
> format did you download it in?
> 
> -PKCS7  - signed cert only - DER binary encoding
> -PEM   - signed cert only
> 
> 3. After you got the signed certificate what format is your keystore?
> 
> -PKCS12 - pub/priv keys + signed certificate
>   -JKS  - pub/priv keys + signed certificate (sun specific format
> -PEM  - single file with both PEM encoded (RSA formatted, non encrypted!)
> private key   concatinated on to the PEM encoded signed cert
> -PEM  - two files
>   1. one contain the PEM encoded (RSA formattd, non-encrypted private key -
> server.key
>   2. one containing the PEM encoded signed cert
> 
> The native ARP connector only supports the last two file formats, so if you
> have a PKCS12 refer to my previous posting expliaining how to split a PKCS12
> file into multiple PEM Encoded files.
> 
> Just for the record, I belive you can go back to verisign and download your
> signed certificate in multiple formats...
> 
> I am also in the process of parsing out a signed by verisign certificate to
> see if it's even possible. We may be stuck using self signed certificates
> for now because the APR connector doesn't support he following attributes
> yet:
> 
> SSLCACertificateFile
> SSLCACertificatePath
> 
> These attributes are supported allowing you to specify which CA's you accept
> outside of the "default" ones (who's location I am still trying to
> trackdown).
> 
>-rOcK
> 
> -Original Message-
> From: Dhaval Patel [mailto:[EMAIL PROTECTED]
> Sent: Thursday, December 01, 2005 8:48 PM
> To: Tomcat Users List
> Subject: Re: SSL InvalidKeystore Format?
> 
> Hi Scott,
> 
>   Good to hear that it works. Thank also go to Remy and Nate Rock.
> 
>   You have purchased SSL. In this purchase process, did you submit
> Certificate Request (csr) to Verisign? As far as I know the process of
> getting signed SSL certificate is first you have to generate certificate
> request (csr), then you have to submit this csr to Verisign or Thawte, then
> they will give you actual signed certificate (.crt) and then you have to use
> that crt in this process.
> 
>   Based upon my knowledge,to incorporate Verisign certificate, steps are as
> follows:
> (Derived from http://www.fatofthelan.com/articles/articles.php?pid=12 )
> (1) openssl req -new -out server.csr (This will generate csr and private
> key. Make sure you feel the values correctly on openssl command prompt. )
> (2) openssl rsa -in privkey.pem -out server.key (This removes the passphrase
> from the private key.
> Also delete generated .rnd file)
> (3) Here there are two (either or) possibilities:
> 
>(a) save the key and submit this csr to Verisign. They will sign it and
> give you the final certificate (.crt format may be). You may also need to
> give them key. (this is paid option but mostly used in production
> environment)
>(b) create self-signed certificate.
> openssl x509 -in server.csr -out server.crt -req -signkey serv

Re: SSL InvalidKeystore Format?

2005-12-03 Thread Scott Purcell
Just found this in my email mess: Thanks for responding:
Here is what I supplied to verisign for my certificate:

1) Prepared the Keystore:
keytool -genkey -keystore myKeystore -alias keystoreAlias
(it asked for me for passwords, etc.);

2) Generated a CSR
a)  keytool -genkey -alias keystoreAlias -keyalg RSA -keystore myKeystore
b) keytool -certreq -keyalg RSA -alias keystoreAlias -file
certreq.csr -keystore myKeystore

 so it looks like I used keytool, and not openssl.

Then they send me back a
cert.cer file in my email:

###
2) I was not able to download it from anywhere, as it came in my email:

3) I was able to get the SSL running in a ssl format using the supplied link
from fatofthelan.com article pid=12
and currently have a generic certificate running.


Thanks,
Scott






- Original Message -
From: "Nate Rock" <[EMAIL PROTECTED]>
To: "Tomcat Users List" 
Sent: Friday, December 02, 2005 8:50 AM
Subject: RE: SSL InvalidKeystore Format?


Dhaval your explincation was excellent! I think with a bit more information
about how exactly Scott got his certificate from verisign, I think we can
help him out a bit more.

1. What did you use to create your Certificate Request (csr) to verisign?

-IIS
-java keytool
-openssl

2. after you received your signed certificate back from verisign, what
format did you download it in?

-PKCS7  - signed cert only - DER binary encoding
-PEM   - signed cert only

3. After you got the signed certificate what format is your keystore?

-PKCS12 - pub/priv keys + signed certificate
  -JKS  - pub/priv keys + signed certificate (sun specific format
-PEM  - single file with both PEM encoded (RSA formatted, non encrypted!)
private key   concatinated on to the PEM encoded signed cert
-PEM  - two files
  1. one contain the PEM encoded (RSA formattd, non-encrypted private key -
server.key
  2. one containing the PEM encoded signed cert

The native ARP connector only supports the last two file formats, so if you
have a PKCS12 refer to my previous posting expliaining how to split a PKCS12
file into multiple PEM Encoded files.

Just for the record, I belive you can go back to verisign and download your
signed certificate in multiple formats...

I am also in the process of parsing out a signed by verisign certificate to
see if it's even possible. We may be stuck using self signed certificates
for now because the APR connector doesn't support he following attributes
yet:

SSLCACertificateFile
SSLCACertificatePath

These attributes are supported allowing you to specify which CA's you accept
outside of the "default" ones (who's location I am still trying to
trackdown).

   -rOcK

-Original Message-
From: Dhaval Patel [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 01, 2005 8:48 PM
To: Tomcat Users List
Subject: Re: SSL InvalidKeystore Format?

Hi Scott,

  Good to hear that it works. Thank also go to Remy and Nate Rock.

  You have purchased SSL. In this purchase process, did you submit
Certificate Request (csr) to Verisign? As far as I know the process of
getting signed SSL certificate is first you have to generate certificate
request (csr), then you have to submit this csr to Verisign or Thawte, then
they will give you actual signed certificate (.crt) and then you have to use
that crt in this process.

  Based upon my knowledge,to incorporate Verisign certificate, steps are as
follows:
(Derived from http://www.fatofthelan.com/articles/articles.php?pid=12 )
(1) openssl req -new -out server.csr (This will generate csr and private
key. Make sure you feel the values correctly on openssl command prompt. )
(2) openssl rsa -in privkey.pem -out server.key (This removes the passphrase
from the private key.
Also delete generated .rnd file)
(3) Here there are two (either or) possibilities:

   (a) save the key and submit this csr to Verisign. They will sign it and
give you the final certificate (.crt format may be). You may also need to
give them key. (this is paid option but mostly used in production
environment)
   (b) create self-signed certificate.
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days
365
   (this is free but it can be used in production environment. You dont need
to perform this step if you have certificate from Versign)

  Is the self signed certificate good? Yes and may be no.

  Yes. It is nearly same as Verisign certificate and if you use it, the SSL
will be enabled as it is going to be enabled using Verisign. The only
problem you will face, is when you open the website in any browser it will
complain about authenticity of the certificate. Browser can not verify it
and so it will ask user if he/she wants to proceed further or not. The
communication is still SSL enabled and secure. This method is more preferred
in testing environment. I have seen many web projects using it in production
environment also.

  May be no. Again if you have good professional website, it is almost
standard now that you use signed certificate from Ver

Re: Verisign Certificate Still Giving Me Troubles:

2005-12-03 Thread Kyle

Scott,

I don't remember reading your previous thread, so I may be off-base but, 
.. 


To state the obvious, you just need to replace in config whichever 
self-signed cert file you generated with your new Verisign cert file.


Ignoring for a second the certificate install process in Tomcat, could 
your problem be as simple as;


You initially got everything working and configured with your generic 
(self-signed) cert. and presumably server.key.


However, upon submitting your .csr to Verisign, you appear to have 
generated a new key. So have you remembered to also replace in config 
the new server.key to match the provided cert.?


The .csr AFAIK is just that, a request, and is actually irrelevant once 
you have received the cert.



K


Scott Purcell wrote:



Hello,

A few people helped me out last week, to get simple SSL running. IN particular 
Dhaval, Remy and Nate. Anyway, I have followed the directions from here: 
http://www.fatofthelan.com/articles/articles.php?pid=12 section 3 and all works 
well.

So that means my tomcat is all configured and happy.

But this was a "generic" certificate. I gave Verisign a certreq.csr file and 
they gave me a certificate last week and it was called cert.cer.

I cannot for the life of me figure out how to get the certreq.csr working?

I have been following these steps here:
Based upon my knowledge,to incorporate Verisign certificate, steps are as 
follows:
(Derived from http://www.fatofthelan.com/articles/articles.php?pid=12 )
(1) openssl req -new -out server.csr (This will generate csr and private key. 
Make sure you feel
the values correctly on openssl command prompt. )
(2) openssl rsa -in privkey.pem -out server.key (This removes the passphrase 
from the private key.
Also delete generated .rnd file)
(3) Here there are two (either or) possibilities: 



But honestly do not know where to substitute my "certreq.csr" that verisign 
gave me in this equation.

Regards


 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: How much memory will Tomcat 5.5/Java 5 support?

2005-12-03 Thread Carl Olivier
Hi Nate.

Yeah, the AggressiveHeap is definitely an option.  My take on it - over
months of researching, fighting, tweaking the memory settings is that it
leaves a lot of decision making up to the VM.  While this is not necessarily
a bad thing - prefer to keep some more control - although that may be my
paranoia talking :)

Thing is that memory settings I find are more about finding a balance
between the different 'users' of the resources within the entire system -
all the servers and apps need to coexist on the box - and as such I do not
believe there is a 'fix-all' setting - ites definitely more about finding
the settings which allow your particular setup to exist best in harmony!  

With that in mind however, I will give this setting a go on one of my boxes
- one where the SQL Server is not running and is on another machine - and
see what effect it has - will report any findings/conclusions back to the
list for those that are interested.

With regards the CPU usage I would agree with you in that dual or quad Xeons
will not suffer under the AggressiveHeap option - although it does not that
it is intended for quad processors...

Gains and losses?  Depends on your requirements and setup.  As stated in my
case (as I did in fact try the AggressiveHeap) where quite often the Tomcat
server and Database server runs on the same machine it did not work as well
as the more granular settings I have used.  I am also a firm believer in
leaving enough RAM for the underlying native processes and OS to do its
work!

All in all resource tweaking is generally a tedious task that requires
thorough investigation and a good understaning of your environment and the
requirements of your web apps, servers, and operating system...

Thanks and regards,

Carl

-Original Message-
From: Nate Rock [mailto:[EMAIL PROTECTED]
Sent: 03 December 2005 14:58
To: Tomcat Users List; [EMAIL PROTECTED]
Subject: RE: How much memory will Tomcat 5.5/Java 5 support?

-XX:+AggressiveHeap usage for JVM?

This email is pointed almost directly for Carl Oliver, since he seems to be
someone who knows his virtual memory settings, but I figure Joe Reger might
get something out of it too ;)

Evidently this setting by iteself "instructs the JVM to push memory use to
the limit", and is only recommended for use on boxes containing a single JVM
with nothing else running on it (a server running only Tomcat seems to foot
the bill)

It does a few things that Carl suggested implicitly

-XX:+UseParallelGC
-XX:+UseAdaptiveSizePolicy
-Xss256k

You can read more about it here:

http://java.sun.com/docs/hotspot/gc1.4.2/

>From my experience it has made some of our "problem servers" much more
stable, allowing them to run for months without OOM instead of days or weeks
allowing us to actually use session replication without the servers going
bananas ;) We also used to have our Max memory set at -Xms1300mb and
-Xmx1300mb, but I have found that when using the
-XX+Aggressive heap the JVM memory usage rarely tops 1024MB because it's
cleaned out much more efficiently.

Carl what is your take on this? I realize it uses a bit more CPU because of
the adaptive size and parallelGC, but on duel Xeon boxes CPU usually isn't
the limiting factor (at least in our case). 

What gains/loss do you see over using -XX:AggressiveHeap (dynamic,
adjustible settings) vs hard coding fixed settings like you suggest? 

   -rOcK 

-Original Message-
From: Carl Olivier [mailto:[EMAIL PROTECTED]
Sent: Saturday, December 03, 2005 7:43 AM
To: 'Tomcat Users List'; [EMAIL PROTECTED]
Subject: RE: How much memory will Tomcat 5.5/Java 5 support?

Hi Joe.

Well, heres how I run it - and remember this is all dependent on the
beakdown of requirements of the following:

1.  Web app memory needs - how memory intensive are your web apps within
Tomcat going to be?
2.  Concurrent connections (tcp threads) for incoming requests - how busy
will the web apps be?
3.  Are you running DB connections?  Are you using a Connection pool?
How long will each db connection take to return?
4.  Are you running OTHER applications/servers on the server which will
require memory?  E.g. RDBMS Server 5.  Always be aware that the native OS
will also need memory - thus you cannot just give it all to Tomcat!

So, heres one of my scenarios:

Server:
Quad Xeon
2GB RAM

OS:
Windows 2000 Server (32 bit)

Applications/Servers:
Tomcat 5.0.28 (with 40 web apps/contexts/classloaders) MSSQL Server 2000

My Tomcat runtime switches are as follows:

-Xms768m//assign all the JVM heap at
startup
to 768mb
-Xmx768m//assign max JVM heap
-Xss128k//set the native thread stack
size
memory allocation down from windows def of 1024kb - very useful
-XX:+UseParallelGC  //parralel GC - makes use of the
multiple processors
-XX:MaxPermSize=256m//up the perm gen space (used for
classloading etc) from def 64mb - also useful wi

RE: Deploying new virtual hosts

2005-12-03 Thread George Sexton
Can you recommend a commercial hosting application that would manage tomcat
and meet my needs?

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
  

> -Original Message-
> From: Terence M. Bandoian [mailto:[EMAIL PROTECTED] 
> Sent: Friday, December 02, 2005 2:08 PM
> To: users@tomcat.apache.org
> Subject: Deploying new virtual hosts
> 
> Hi-
> 
> For that many virtual domains, you may want to investigate using a
> commercial hosting application that allows you to manage the 
> server from
> a web interface.  They are available for Linux and Windows and may be
> worth the cost in time saved.
> 
> -Terence M. Bandoian
> 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: How to make a redirector?

2005-12-03 Thread Caldarale, Charles R
> From: Seak, Teng-Fong [mailto:[EMAIL PROTECTED] 
> Subject: How to make a redirector?
> 
> I've seen some URL which contains two URL's, something like
> http://www.siteA.com/x/http://www.siteB.com/some/path/here/

Are you sure you're not missing a rather important "?" between the siteA
URL and the one for siteB?  The presence of the "?" indicates the second
URL is treated as a parameter for whatever processes the first one; a
simple forwarding filter, servlet, or jsp would then suffice.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: How much memory will Tomcat 5.5/Java 5 support?

2005-12-03 Thread Caldarale, Charles R
> From: Joe Reger, Jr. [mailto:[EMAIL PROTECTED] 
> Subject: Re: How much memory will Tomcat 5.5/Java 5 support?
> 
> How would you go about using more of the memory that I have on the
> server?  Can I run two Tomcat services and cluster?

32-bit Windows normally only provides 2 GB of virtual space per process.
There is a boot-time option (I forget what it is) for some server
versions of Windows to increase that to 3 GB. This is a tradeoff with
system resources, since doing so reduces the amount of virtual space for
the kernel to 1 GB.  Windows loads several discontiguous DLLs within the
virtual space of each process, so that fragments it somewhat, and the
last time I checked, a HotSpot JVM required contiguous space for the
heap.  Also, there was a bug in the 1.4 32-bit JVM dealing with heap
sizes larger than 2 GB due to sign extension problems, but that may be
fixed now.  (Haven't looked at the heap init code in 1.5.)  64-bit
versions of Windows and the JVM obviously don't have these issues.

Running multiple instances of Tomcat would certainly allow you to use
more total memory, since each Tomcat process will get its own 2 GB.
However, clustering doesn't come free - there's a good bit of overhead
involved due to the instances sharing state.  You'll have to test with
your actual applications to see if the performance is acceptable.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: How to make a redirector?

2005-12-03 Thread Martin Gainty

Good Morning Seak

If your intention is to implement an apache/tomcat redirector I would start 
here

http://developer.novell.com/education/tutorials/portal/novell12.htm

If your intention is to redirect a (jsp) page automatically to another 
(jsp)page

I would place this text in your original JSP





Does this make sense to you/Anyone else?
Martin-
- Original Message - 
From: "Seak, Teng-Fong" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Saturday, December 03, 2005 4:53 AM
Subject: How to make a redirector?



   I've seen some websites providing redirector.  I'd like to know if
anyone has done so in Tomcat.  Well, I'm not sure how this mechanism is
called exactly, maybe not called "redirector", so let me explain.

   I've seen some URL which contains two URL's, something like
http://www.siteA.com/x/http://www.siteB.com/some/path/here/

   A concrete example is those links to mirror sites.

   Anybody knows if there's something similar for Tomcat?  If it's not
available, I'm willing to programme it.  But I don't know what classes
to use to accomplish this.  Anybody could help?

   TIA

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: How much memory will Tomcat 5.5/Java 5 support?

2005-12-03 Thread Nate Rock
-XX:+AggressiveHeap usage for JVM?

This email is pointed almost directly for Carl Oliver, since he seems to
be someone who knows his virtual memory settings, but I figure Joe Reger
might get something out of it too ;)

Evidently this setting by iteself "instructs the JVM to push memory use
to the limit", and is only recommended for use on boxes containing a
single JVM with nothing else running on it (a server running only Tomcat
seems to foot the bill)

It does a few things that Carl suggested implicitly

-XX:+UseParallelGC
-XX:+UseAdaptiveSizePolicy
-Xss256k

You can read more about it here:

http://java.sun.com/docs/hotspot/gc1.4.2/

>From my experience it has made some of our "problem servers" much more
stable, allowing them to run for months without OOM instead of days or
weeks allowing us to actually use session replication without the
servers going bananas ;) We also used to have our Max memory set at
-Xms1300mb and -Xmx1300mb, but I have found that when using the
-XX+Aggressive heap the JVM memory usage rarely tops 1024MB because it's
cleaned out much more efficiently.

Carl what is your take on this? I realize it uses a bit more CPU because
of the adaptive size and parallelGC, but on duel Xeon boxes CPU usually
isn't the limiting factor (at least in our case). 

What gains/loss do you see over using -XX:AggressiveHeap (dynamic,
adjustible settings) vs hard coding fixed settings like you suggest? 

   -rOcK 

-Original Message-
From: Carl Olivier [mailto:[EMAIL PROTECTED] 
Sent: Saturday, December 03, 2005 7:43 AM
To: 'Tomcat Users List'; [EMAIL PROTECTED]
Subject: RE: How much memory will Tomcat 5.5/Java 5 support?

Hi Joe.

Well, heres how I run it - and remember this is all dependent on the
beakdown of requirements of the following:

1.  Web app memory needs - how memory intensive are your web apps within
Tomcat going to be?
2.  Concurrent connections (tcp threads) for incoming requests - how
busy will the web apps be?
3.  Are you running DB connections?  Are you using a Connection pool?
How long will each db connection take to return?
4.  Are you running OTHER applications/servers on the server which will
require memory?  E.g. RDBMS Server 5.  Always be aware that the native
OS will also need memory - thus you cannot just give it all to Tomcat!

So, heres one of my scenarios:

Server:
Quad Xeon
2GB RAM

OS:
Windows 2000 Server (32 bit)

Applications/Servers:
Tomcat 5.0.28 (with 40 web apps/contexts/classloaders) MSSQL Server 2000

My Tomcat runtime switches are as follows:

-Xms768m//assign all the JVM heap at
startup
to 768mb
-Xmx768m//assign max JVM heap
-Xss128k//set the native thread stack
size
memory allocation down from windows def of 1024kb - very useful
-XX:+UseParallelGC  //parralel GC - makes use of the
multiple processors
-XX:MaxPermSize=256m//up the perm gen space (used for
classloading etc) from def 64mb - also useful with lots of web apps
-XX:+DisableExplicitGC  //don't let the System.gc() be called as
it
could cuse 'pause the world's

I also limit the amount of RAM that MSSQL can have to 640mb - and have
also set the memory allocation size per sql connection down from 1024kb
to 512kb (SQL Server setting) - this is however due to my running MSSQL
Server on the same box and may not apply.

I have thus left some RAM for the OS to use where required - this should
not be ignored.

I found that this is a pretty stable setup - with my only problem
occurring occasionally when I get a MAJOR spike in concurrent requests.
I plan to upgrade to a 64bit OS soon and to up the SQL RAM allocation as
my problem lies there - it sometimes has issues with memory!

It should be noted that my web apps can be fairly SQL intensive - I do
have VM level caching but alas not all of it

Anyway - I do hope that helps!

Other areas you could look into is the number of concurrent requests
Tomcat serves (set at a Connector level) - as too many will cause memory
issues under load, while too few will cause visitors to be rejected/wait
for response!

Anyway, take care,

Carl


-Original Message-
From: Joe Reger, Jr. [mailto:[EMAIL PROTECTED]
Sent: 03 December 2005 13:19
To: Tomcat Users List
Subject: Re: How much memory will Tomcat 5.5/Java 5 support?

> Are you running a 64bit or 32bit OS?  If 32bit the JVM will not be 
> able to assign higher that 2gb for a single process (which includes 
> system overheads etc).

Hi Carl - I'm 32 bit right now.   I'll check the archive for past posts.

How would you go about using more of the memory that I have on the
server?
Can I run two Tomcat services and cluster?

Thanks for the feedback and help!

Joe

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---

Re: Charset configurations for JSP pages

2005-12-03 Thread Mark Thomas

Mieke Banderas wrote:

Some links list searchers may appreciate:
The JSP 1.1, 1.2 (the one I needed myself) and 2.0 specifications are
downloadable (after reg) from Sun here: 


(Scroll down to the specs)
and JSP documentation is here: 



For 1.2, the errata are also relevant. See 
http://www.jcp.org/aboutJava/communityprocess/maintenance/jsr053/errata_1_2_a_20020321.html



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: When does 408 happen ?

2005-12-03 Thread Mark Thomas

hv @ Fashion Content wrote:
So what if my login page does NOT create a session and the user browses to 
the login page and then enters credentials ?


Tomcat will create one if it does not exist.

I recognise the text "The time allowed for the login process has been 
exceeded. If you wish to continue you must either click back twice and 
re-click the link you requested or close and re-open your browser" as 
something I wrote so I am pretty sure this is coming from Tomcat. The 
message is generated when the session is invalid. This was only seen 
as the result of a time-out but could also be as a result of other 
session problems.


Using a tool like ieHttpHeaders (IE), Live HTTP Headers (Firefox) or 
TcpMon (from Apache Axis) should help you figure out what is going on.


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: Running jconsole against TC 5.5 on Windows

2005-12-03 Thread Nate Rock
Hey Damon, 

Whe you start up tomcat using the jmxrmote params the default is
have SSL enabled and to force authentication. If you want to connect to
it quickly, you have to explicitly turn this OFF! Try

-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.port=9004
-Dcom.sun.management.jmxremote.authenticate=false 

Then, when you start up jconsole, click the Remote Tab

Host or IP: localhost
Port: 9004

I got this to work using Windows XP SP2, Tomcat 5.5.12, JDK 1.5.5_05. 


*NOTE* This isn't recommended for a production environment because it's
not secure. Check the documentation on how to set up authentication or
client cert authentication.

   -rOcK

-Original Message-
From: Damon Rand [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 02, 2005 11:42 AM
To: users@tomcat.apache.org
Subject: Running jconsole against TC 5.5 on Windows

Hi there,
I'm stuck.. I am running TC 5.5.12 and JDK 1.5.0_05 on Windows as a
service. When I start TC with -Dcom.sun.management.jmxremote in the
config it starts but jconsole shows nothing in the local connections.
When I start TC with -Dcom.sun.management.jmxremote.port=8999 TC crashes
out and the logs are empty.. Debug gives me little extra info. Has
anyone actually done this on Windows?

Regards,
Damon.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: tomcat5 stop auto after started.

2005-12-03 Thread William Bonnet

Hi


it stoped after short time.

Does anyone help me?
  

Do you have some more logs to provide ?

Kind regards,



--
William Bonnet

SunWizard - Le site francais dédié aux amateurs de stations Unix
http://www.sunwizard.net




smime.p7s
Description: S/MIME Cryptographic Signature


RE: How much memory will Tomcat 5.5/Java 5 support?

2005-12-03 Thread Carl Olivier
Hi Joe.

Well, heres how I run it - and remember this is all dependent on the
beakdown of requirements of the following:

1.  Web app memory needs - how memory intensive are your web apps within
Tomcat going to be?
2.  Concurrent connections (tcp threads) for incoming requests - how busy
will the web apps be?
3.  Are you running DB connections?  Are you using a Connection pool?  How
long will each db connection take to return?
4.  Are you running OTHER applications/servers on the server which will
require memory?  E.g. RDBMS Server
5.  Always be aware that the native OS will also need memory - thus you
cannot just give it all to Tomcat!

So, heres one of my scenarios:

Server:
Quad Xeon
2GB RAM

OS:
Windows 2000 Server (32 bit)

Applications/Servers:
Tomcat 5.0.28 (with 40 web apps/contexts/classloaders)
MSSQL Server 2000

My Tomcat runtime switches are as follows:

-Xms768m//assign all the JVM heap at startup
to 768mb
-Xmx768m//assign max JVM heap
-Xss128k//set the native thread stack size
memory allocation down from windows def of 1024kb - very useful
-XX:+UseParallelGC  //parralel GC - makes use of the
multiple processors
-XX:MaxPermSize=256m//up the perm gen space (used for
classloading etc) from def 64mb - also useful with lots of web apps
-XX:+DisableExplicitGC  //don't let the System.gc() be called as it
could cuse 'pause the world's

I also limit the amount of RAM that MSSQL can have to 640mb - and have also
set the memory allocation size per sql connection down from 1024kb to 512kb
(SQL Server setting) - this is however due to my running MSSQL Server on the
same box and may not apply.

I have thus left some RAM for the OS to use where required - this should not
be ignored.

I found that this is a pretty stable setup - with my only problem occurring
occasionally when I get a MAJOR spike in concurrent requests.  I plan to
upgrade to a 64bit OS soon and to up the SQL RAM allocation as my problem
lies there - it sometimes has issues with memory!

It should be noted that my web apps can be fairly SQL intensive - I do have
VM level caching but alas not all of it

Anyway - I do hope that helps!

Other areas you could look into is the number of concurrent requests Tomcat
serves (set at a Connector level) - as too many will cause memory issues
under load, while too few will cause visitors to be rejected/wait for
response!

Anyway, take care,

Carl


-Original Message-
From: Joe Reger, Jr. [mailto:[EMAIL PROTECTED] 
Sent: 03 December 2005 13:19
To: Tomcat Users List
Subject: Re: How much memory will Tomcat 5.5/Java 5 support?

> Are you running a 64bit or 32bit OS?  If 32bit the JVM will not be 
> able to assign higher that 2gb for a single process (which includes 
> system overheads etc).

Hi Carl - I'm 32 bit right now.   I'll check the archive for past posts.

How would you go about using more of the memory that I have on the server?
Can I run two Tomcat services and cluster?

Thanks for the feedback and help!

Joe

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: How much memory will Tomcat 5.5/Java 5 support?

2005-12-03 Thread Joe Reger, Jr.
> Are you running a 64bit or 32bit OS?  If 32bit the JVM will not be able to
> assign higher that 2gb for a single process (which includes system overheads
> etc).

Hi Carl - I'm 32 bit right now.   I'll check the archive for past posts.

How would you go about using more of the memory that I have on the
server?  Can I run two Tomcat services and cluster?

Thanks for the feedback and help!

Joe

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: How much memory will Tomcat 5.5/Java 5 support?

2005-12-03 Thread Carl Olivier
Hi.

Are you running a 64bit or 32bit OS?  If 32bit the JVM will not be able to
assign higher that 2gb for a single process (which includes system overheads
etc).  You will need to move to a 64bit OS to be able to create higher Heap.

I would check your OS memory/kernel/process memory documentation if I were
you.

There were recently some posts on this list dealing with Tomcat memory -
would suggest reading thrugh those for some useful tips too.

Rgds,

Carl

-Original Message-
From: Joe Reger, Jr. [mailto:[EMAIL PROTECTED] 
Sent: 03 December 2005 12:57
To: users@tomcat.apache.org
Subject: How much memory will Tomcat 5.5/Java 5 support?

Hi!  I'm having trouble getting my Tomcat 5.5. production box to use more
than 1.1Gb of memory.

1) When I use the Configure Tomcat console's Java tab to set the Maximum
Memory Pool I can only use a max of 1999Mb.  If I go above that the Windows
Tomcat service will fail to start.

2) Tomcat will start with a configured value of 1999Mb, but when I view max
memory in the app it says that it has a max of about 1140Mb (sorry, I forgot
the exact value... possibly 1048Mb, but i don't remember it being one of the
magic numbers).

Is this a JVM issue or a Tomcat issue?  I've got 4Gb of ram on the dedicated
Tomcat server and I'd like to give 3Gb to Tomcat.

Thanks,

Joe

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



How much memory will Tomcat 5.5/Java 5 support?

2005-12-03 Thread Joe Reger, Jr.
Hi!  I'm having trouble getting my Tomcat 5.5. production box to use
more than 1.1Gb of memory.

1) When I use the Configure Tomcat console's Java tab to set the
Maximum Memory Pool I can only use a max of 1999Mb.  If I go above
that the Windows Tomcat service will fail to start.

2) Tomcat will start with a configured value of 1999Mb, but when I
view max memory in the app it says that it has a max of about 1140Mb
(sorry, I forgot the exact value... possibly 1048Mb, but i don't
remember it being one of the magic numbers).

Is this a JVM issue or a Tomcat issue?  I've got 4Gb of ram on the
dedicated Tomcat server and I'd like to give 3Gb to Tomcat.

Thanks,

Joe

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



How to make a redirector?

2005-12-03 Thread Seak, Teng-Fong
I've seen some websites providing redirector.  I'd like to know if
anyone has done so in Tomcat.  Well, I'm not sure how this mechanism is
called exactly, maybe not called "redirector", so let me explain.

I've seen some URL which contains two URL's, something like
http://www.siteA.com/x/http://www.siteB.com/some/path/here/

A concrete example is those links to mirror sites.

Anybody knows if there's something similar for Tomcat?  If it's not
available, I'm willing to programme it.  But I don't know what classes
to use to accomplish this.  Anybody could help?

TIA

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]