RE: need help in setting up virtual url for tomcat 5 URGENT
Hi, We ar eusing the BIGIP url for this , so certificates and all will not be kept at host level. This means now do we need to only change files to use new url and port. Thanks, Vivyek kanchan -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Wednesday, April 14, 2010 6:12 PM To: Tomcat Users List Subject: Re: need help in setting up virtual url for tomcat 5 URGENT On 14/04/2010 12:10, Vivek Kanchan wrote: This is urgent please , i am new to tomcat. :( People volunteer their support here for free. If you need urgent support you may have to look for a professional. In the meantime, start reading here: http://tomcat.apache.org/tomcat-6.0-doc/index.html and then: http://tomcat.apache.org/tomcat-6.0-doc/config/index.html p Thanks, Vivyek kanchan -Original Message- From: Vivek Kanchan Sent: Wednesday, April 14, 2010 4:32 PM To: users@tomcat.apache.org Subject: need help in setting up virtual url for tomcat 5 HI, I have setup tomcat 5 for a customer, now i need to use virtual url and por= t t other than 8080 , please let me know how to do it , what files to change = for these. Thanks, Vivyek kanchan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk question about socket_timeout
Hi, I'm using mod_jk 2.2.27 to connect via AJP to a JBoss backend. The problem is that a reporting application takes a couple of minutes to run a report but mod_jk seems to be closing the connection to the back-end and the user receives a 502 Bad Gateway error. 10 seconds after the request is made, I see the following in the mod_jk logs.:- [Thu Apr 01 11:51:45.586 2010] [10148:1178638688] [debug] jk_shutdown_socket::jk_connect.c (680): About to shutdown socket 13 [Thu Apr 01 11:51:45.726 2010] [10148:1084229984] [debug] jk_watchdog_func::mod_jk.c (2850): Watchdog thread running [Thu Apr 01 11:51:47.586 2010] [10148:1178638688] [debug] jk_shutdown_socket::jk_connect.c (731): Shutdown socket 13 and read 0 lingering bytes [Thu Apr 01 11:51:47.586 2010] [10148:1178638688] [info] ajp_connection_tcp_get_message::jk_ajp_common.c (): (tomcat1) can't receive the response message from tomcat, network problems or tomcat (172.26.199.15:7032) is down (errno=11) [Thu Apr 01 11:51:47.586 2010] [10148:1178638688] [error] ajp_get_reply::jk_ajp_common.c (1920): (tomcat1) Tomcat is down or refused connection. No response has been sent to the client (yet) [Thu Apr 01 11:51:47.586 2010] [10148:1178638688] [info] ajp_service::jk_ajp_common.c (2407): (tomcat1) sending request to tomcat failed (recoverable), (attempt=1) [Thu Apr 01 11:51:47.586 2010] [10148:1178638688] [debug] ajp_service::jk_ajp_common.c (2267): retry 1, sleeping for 100 ms before retrying The worker.properties file has only the following timeouts configured:- worker.tomcat1.connect_timeout=1 worker.tomcat1.prepost_timeout=1 worker.tomcat1.socket_keepalive=true worker.tomcat1.socket_timeout=10 worker.tomcat1.connection_pool_timeout=600 Which timeout is likely to be responsible for closing this connection? I have run a network trace between the web and app servers and it shows there's no AJP traffic at all between them whilst the report is being generated and then the connection being closed after 10 seconds, would socket_timeout close the connection in that case? I don't see any errors about failing cping/cpongs. Kind regards, Phil. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re-direct webpage from HTTP to HTTPS
Hi all, I have recently bought and installed an SSL Certificate on my Apache Tomcat Server. I modified the server.xml file, so that my webpage now uses only HTTPS (meaning, a secure site) However, I would like to modify it such that : if someone types in only HTTP, he will nevertheless be directed to the proper place : HTTPS://mysite.com I know that this is a simple thing to do; I'm just not sure of the exact syntax Any help, please? Thanks _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
Re: need help in setting up virtual url for tomcat 5 URGENT
On 15/04/2010 13:56, Vivek Kanchan wrote: hi I meant is that we are implemnting SSL at bigip level not at host level. So which files do i need to change the url and port number. is it onnly in server.xml or other files too? I don't mean to be rude Vivek, but have you actually read the documents at the links I suggested below? The link to the configuration docs explain all of this, and it'll be easier for you, than me writing several paragraphs at a time over a bunch of emails. p -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Thursday, April 15, 2010 5:54 PM To: Vivek Kanchan Subject: Re: need help in setting up virtual url for tomcat 5 URGENT On 15/04/2010 10:02, Vivek Kanchan wrote: Hi, We ar eusing the BIGIP url for this , so certificates and all will not be kept at host level. Certificates aren't kept at Host level in Tomcat. I'm not sure what you mean by that. This means now do we need to only change files to use new url and port. I'm not even sure there's a question here, perhaps you could explain? p Thanks, Vivyek kanchan -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Wednesday, April 14, 2010 6:12 PM To: Tomcat Users List Subject: Re: need help in setting up virtual url for tomcat 5 URGENT On 14/04/2010 12:10, Vivek Kanchan wrote: This is urgent please , i am new to tomcat. :( People volunteer their support here for free. If you need urgent support you may have to look for a professional. In the meantime, start reading here: http://tomcat.apache.org/tomcat-6.0-doc/index.html and then: http://tomcat.apache.org/tomcat-6.0-doc/config/index.html p Thanks, Vivyek kanchan -Original Message- From: Vivek Kanchan Sent: Wednesday, April 14, 2010 4:32 PM To: users@tomcat.apache.org Subject: need help in setting up virtual url for tomcat 5 HI, I have setup tomcat 5 for a customer, now i need to use virtual url and por= t t other than 8080 , please let me know how to do it , what files to change = for these. Thanks, Vivyek kanchan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Re: Re-direct webpage from HTTP to HTTPS
You need to add a security constraint to web.xml with transport-guarantee CONFIDENTIAL http://confluence.sakaiproject.org/display/DOC/Sakai+Admin+Guide+-+Advanced+Tomcat++%28and+Apache%29+Configuration google is your friend. Stephen . wrote: Hi all, I have recently bought and installed an SSL Certificate on my Apache Tomcat Server. I modified the server.xml file, so that my webpage now uses only HTTPS (meaning, a secure site) However, I would like to modify it such that : if someone types in only HTTP, he will nevertheless be directed to the proper place : HTTPS://mysite.com I know that this is a simple thing to do; I'm just not sure of the exact syntax Any help, please? Thanks _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 -- Mark Shifman MD. Ph.D. Yale Center for Medical Informatics Phone (203)737-5219 mark.shif...@yale.edu - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Hung threads
2010/4/13 Christopher Schultz ch...@christopherschultz.net: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff, Okay, you're running into the limits of my knowledge of the APR connector's internals. On 4/13/2010 1:24 PM, Jeffrey Janner wrote: http-172.16.27.1-443-Acceptor-0 daemon prio=6 tid=0x6425c400 nid=0xb6c4 in Object.wait() [0x65d7f000] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) - waiting on 0x0b8bafd8 (a org.apache.tomcat.util.net.AprEndpoint$WorkerStack) at java.lang.Object.wait(Object.java:485) at org.apache.tomcat.util.net.AprEndpoint.getWorkerThread(AprEndpoint.java:924) - locked 0x0b8bafd8 (a org.apache.tomcat.util.net.AprEndpoint$WorkerStack) at org.apache.tomcat.util.net.AprEndpoint$Acceptor.run(AprEndpoint.java:997) at java.lang.Thread.run(Thread.java:619) This is the acceptor thread which basically accepts all the incoming requests and assigns them to worker threads: it's just a traffic cop. This thread looks like it's stuck waiting for an available worker thread (AprEndpoint.getWorkerThread) so it looks like something is definitely wrong, here. +1. If it is stuck there, it will not accept any more incoming requests. It might be that you bumped into BZ 48843 https://issues.apache.org/bugzilla/show_bug.cgi?id=48843 A patch for it is already available, proposed, and has enough votes, so it will be applied shortly. That will be 5.5.30, though. Unfortunately for you, you'll need someone like Filip who knows everything about these Connectors to comment. Connector address=172.16.27.1 port=443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=5 maxSpareThreads=75 enableLookups=false acceptCount=100 It looks like a thread called http-172.16.27.1-443-150 exists, which suggests that all maxThreads have been allocated, though they really do all look idle to me. Hmm. Yeah, wait for Filip. :) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Re-direct webpage from HTTP to HTTPS
On 15/04/2010 14:38, Mark Shifman wrote: You need to add a security constraint to web.xml with transport-guarantee CONFIDENTIAL http://confluence.sakaiproject.org/display/DOC/Sakai+Admin+Guide+-+Advanced+Tomcat++%28and+Apache%29+Configuration google is your friend. Stephen . wrote: Hi all, I have recently bought and installed an SSL Certificate on my Apache Tomcat Server. I modified the server.xml file, so that my webpage now uses only HTTPS (meaning, a secure site) How have you modified it? You will still need a Connector for both HTTP and HTTPS. p However, I would like to modify it such that : if someone types in only HTTP, he will nevertheless be directed to the proper place : HTTPS://mysite.com I know that this is a simple thing to do; I'm just not sure of the exact syntax Any help, please? Thanks _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 signature.asc Description: OpenPGP digital signature
question about APR based native library
Are there any reasons I shouldn't use the APR based native libaray? Or at least things that I should be aware of if I do use it? According to the documentation using the native library will give better scalability and performance. I want to understand if there are any downside since with most things there are both upside and downside. Bill
Trouble accessing content in webapps/ROOT
Hi, I'm using Tomcat 6.0.26 with Apache 2.2 on Mac 10.6.3. I want to use http://localhost/ to access content in my $CATALINA_HOME/webapps/ROOT/ directory. However, when I visit http://localhost/index.jsp, I just get the raw page with all the uncompiled, JSP code. Below is the directive I'm using in my httpd.conf file. Any thoughts? VirtualHost *:80 ServerName lvcva DocumentRoot /Library/Tomcat/Home/webapps/ROOT Directory /Library/Tomcat/Home/webapps/ROOT Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all /Directory JkMount /* ajp13_worker JkMount /leadtracker ajp13_worker JkMount /campaigns ajp13_worker JkMount /tracking/leads ajp13_worker JkUnMount /myco/* ajp13_worker JkUnMount /ltourism/* ajp13_worker JkUnMount /mtourism/* ajp13_worker JkUnMount /images/* ajp13_worker JkUnMount /error-pages/*.html ajp13_worker JkUnMount /*.swf ajp13_worker # Administer mount implied my wildcard mount above JkMount /administer/* ajp13_worker JkMount /search/* ajp13_worker JkMount /contentSyndication ajp13_worker ErrorDocument 404 /error-pages/404.html ErrorDocument 500 /error-pages/500.html ErrorDocument 503 /error-pages/503.html /VirtualHost I am successfully able to access JSP content in other webapps directories other than ROOT. Thanks, - Dave -- View this message in context: http://old.nabble.com/Trouble-accessing-content-in-webapps-ROOT-tp28256603p28256603.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL session resuming
Hi,
seems that MSIE for some reason resets the connection forcing a new SSL
session to be created. (This seems to be an TLSv1 issue as well, TLSv1.1
available with Java7 is said to be more tolerant on that). I don't know
whether this behavior of MSIE can be influenced.
Regards,
Matthias
Meandron80 wrote:
Hi,
I have a problem with tomcat SSL session resuming using MSIE. In my
webapp, user authentication is done using the
org.apache.catalina.authenticator.SingleSignOn valve and a corresponding
realm (PKI authentication). Now accessing the webapp, which uses a
frameset that might be part of the problem, results in the following logs.
*** ClientHello, TLSv1
RandomCookie: GMT: 1254330738 bytes = { 67, 136, 202, 169, 151, 124, 142,
187, 135, 183, 161, 157, 81, 240, 254, 21, 180, 139, 139, 46, 32, 65, 155,
230, 69, 24, 175, 180 }
Session ID: {75, 196, 142, 249, 121, 35, 217, 254, 49, 37, 92, 86, 255,
220, 61, 188, 8, 128, 86, 203, 172, 93, 103, 185, 114, 43, 169, 80, 236,
96, 181, 108}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA]
Compression Methods: { 0 }
***
%% Created: [Session-28, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1254330670 bytes = { 70, 109, 88, 141, 114, 86, 38,
165, 172, 3, 134, 203, 86, 192, 194, 212, 222, 116, 116, 70, 224, 228,
141, 46, 205, 21, 60, 245 }
Session ID: {75, 196, 145, 46, 223, 171, 82, 104, 96, 0, 209, 75, 145,
92, 61, 143, 30, 199, 157, 239, 160, 76, 28, 177, 71, 221, 98, 117, 244,
137, 146, 126}
As you can see, the MSIE client wants to resume the SSL session, but a new
one is created every time a new request is sent. In the logs I can also
see entries like the following:
http-8444-5, handling exception: java.net.SocketException: Connection
reset
%% Invalidated: [Session-27, SSL_RSA_WITH_RC4_128_MD5]
http-8444-5, SEND TLSv1 ALERT: fatal, description = unexpected_message
Seems, the socket is closed after every request resulting in a new SSL
handshake.
Here is my connector setup:
Connector port=8444 maxHttpHeaderSize=16384 bufferSize=16384
protocol=org.apache.coyote.http11.Http11Protocol
maxThreads=150 enableLookups=false
disableUploadTimeout=true
acceptCount=100 scheme=https secure=true
clientAuth=true
sslProtocol=TLSv1
connectionTimeout=24
SSLEnabled=true keystoreFile=someFile
keystorePass=somePass keystoreType=pkcs12 truststoreFile=someFile
truststorePass=somePass truststoreType=jks /
The strange thing is that everything works as expected using Firefox, i.e.
the SSL session is resumed for subsequent requests. But I need to get it
run on MSIE as well.
Thanks for any help on that!
Regards,
Matthias
--
View this message in context:
http://old.nabble.com/SSL-session-resuming-tp28232164p28256674.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
8443 to 443 problem
I am trying to use port 443 for https - without success so far. I changed from 8443 to 443 in two places in server.xml: Connector protocol=HTTP/1.1 port=80 ... redirectPort=443 / ... Connector protocol=HTTP/1.1 SSLEnabled=true port=443 ... scheme=https secure=true clientAuth=false keystoreFile=... keystorePass=... sslProtocol = TLS / But apparently this is not enough because when I navigate to a confidential part of the web app tomcat sends a http 302 redirect to port 8443 still instead of 443.. What am i missing? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Hung threads
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Konstantin, On 4/15/2010 10:19 AM, Konstantin Kolinko wrote: +1. If it is stuck there, it will not accept any more incoming requests. Thanks for the confirmation that Jeffrey is deadlocked. It might be that you bumped into BZ 48843 https://issues.apache.org/bugzilla/show_bug.cgi?id=48843 Heh. This guy is bouncing from one bug to the next, here. Sorry, Jeffrey. :( A patch for it is already available, proposed, and has enough votes, so it will be applied shortly. That will be 5.5.30, though. Jeffrey, do you have the inclination to apply this patch to your TC instance? Compiling TC 5.5 was relatively simply IIRC. Or, maybe someone would be willing to roll you a binary patch. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvHQcwACgkQ9CaO5/Lv0PA+wgCghM9Vcpn550UWN4EaQ38vTbaT eTEAniwPB4PsiNNpHMJd/ZMiN7Ai/Nko =+lIJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Hung threads
Thanks Konstantin - That's a possibility. Is it feasible that all 150 worker threads would enter await before the Acceptor thread got some CPU time again? I guess so. I suppose setting the priority of the Acceptor thread higher than the workers would minimize the chances of this happening. I dropped them back to a 1.5 JVM and made it through the night last night, though that might have just been lower load on the system as well. It only opened about 135 worker threads. Hopefully, 5.5.30 will be along faster than 5.5.29. I'm still waiting on whomever to put the Windows installer version out there for that. Jeff -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Thursday, April 15, 2010 9:20 AM To: Tomcat Users List Subject: Re: Hung threads 2010/4/13 Christopher Schultz ch...@christopherschultz.net: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff, Okay, you're running into the limits of my knowledge of the APR connector's internals. On 4/13/2010 1:24 PM, Jeffrey Janner wrote: http-172.16.27.1-443-Acceptor-0 daemon prio=6 tid=0x6425c400 nid=0xb6c4 in Object.wait() [0x65d7f000] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) - waiting on 0x0b8bafd8 (a org.apache.tomcat.util.net.AprEndpoint$WorkerStack) at java.lang.Object.wait(Object.java:485) at org.apache.tomcat.util.net.AprEndpoint.getWorkerThread(AprEndpoint.java:924) - locked 0x0b8bafd8 (a org.apache.tomcat.util.net.AprEndpoint$WorkerStack) at org.apache.tomcat.util.net.AprEndpoint$Acceptor.run(AprEndpoint.java:997) at java.lang.Thread.run(Thread.java:619) This is the acceptor thread which basically accepts all the incoming requests and assigns them to worker threads: it's just a traffic cop. This thread looks like it's stuck waiting for an available worker thread (AprEndpoint.getWorkerThread) so it looks like something is definitely wrong, here. +1. If it is stuck there, it will not accept any more incoming requests. It might be that you bumped into BZ 48843 https://issues.apache.org/bugzilla/show_bug.cgi?id=48843 A patch for it is already available, proposed, and has enough votes, so it will be applied shortly. That will be 5.5.30, though. Unfortunately for you, you'll need someone like Filip who knows everything about these Connectors to comment. Connector address=172.16.27.1 port=443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=5 maxSpareThreads=75 enableLookups=false acceptCount=100 It looks like a thread called http-172.16.27.1-443-150 exists, which suggests that all maxThreads have been allocated, though they really do all look idle to me. Hmm. Yeah, wait for Filip. :) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 8443 to 443 problem
2010/4/15 Me Self wmso...@gmail.com: I am trying to use port 443 for https - without success so far. I changed from 8443 to 443 in two places in server.xml: Connector protocol=HTTP/1.1 port=80 ... redirectPort=443 / ... Connector protocol=HTTP/1.1 SSLEnabled=true port=443 ... scheme=https secure=true clientAuth=false keystoreFile=... keystorePass=... sslProtocol = TLS / But apparently this is not enough because when I navigate to a confidential part of the web app tomcat sends a http 302 redirect to port 8443 still instead of 443.. What am i missing? 1. Tomcat version? 2. Is Tomcat running standalone, or behind another web server, e.g. Apache? 3. There are only these two connectors in your server.xml? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: 8443 to 443 problem
Did you restart your Tomcat instance? -Original Message- From: Me Self [mailto:wmso...@gmail.com] Sent: Thursday, April 15, 2010 11:25 AM To: users@tomcat.apache.org Subject: 8443 to 443 problem I am trying to use port 443 for https - without success so far. I changed from 8443 to 443 in two places in server.xml: Connector protocol=HTTP/1.1 port=80 ... redirectPort=443 / ... Connector protocol=HTTP/1.1 SSLEnabled=true port=443 ... scheme=https secure=true clientAuth=false keystoreFile=... keystorePass=... sslProtocol = TLS / But apparently this is not enough because when I navigate to a confidential part of the web app tomcat sends a http 302 redirect to port 8443 still instead of 443.. What am i missing? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Hung threads
*** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. ---BeginMessage--- I've not got the tools nor training to do a Windows build. I could gather the tools, but I'd rather not learn by patching a production system. I think it's probably a sudden usage spike by the customer's 3rd-party users. I can increase their max thread count and probably give them relief. Plus then I can really see if there is a possible connection leak going on in my developer's code. Thanks for the sympathy. Jeff -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, April 15, 2010 11:42 AM To: Tomcat Users List Subject: Re: Hung threads -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Konstantin, On 4/15/2010 10:19 AM, Konstantin Kolinko wrote: +1. If it is stuck there, it will not accept any more incoming requests. Thanks for the confirmation that Jeffrey is deadlocked. It might be that you bumped into BZ 48843 https://issues.apache.org/bugzilla/show_bug.cgi?id=48843 Heh. This guy is bouncing from one bug to the next, here. Sorry, Jeffrey. :( A patch for it is already available, proposed, and has enough votes, so it will be applied shortly. That will be 5.5.30, though. Jeffrey, do you have the inclination to apply this patch to your TC instance? Compiling TC 5.5 was relatively simply IIRC. Or, maybe someone would be willing to roll you a binary patch. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvHQcwACgkQ9CaO5/Lv0PA+wgCghM9Vcpn550UWN4EaQ38vTbaT eTEAniwPB4PsiNNpHMJd/ZMiN7Ai/Nko =+lIJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ---End Message--- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: question about APR based native library
Other than the different SSL implementation? It depends on the release of Tomcat you are using. 5.5.28 (and some release of 6.x) won't properly recognize the library. That is fixed in current releases. -Original Message- From: Bill Au [mailto:bill.w...@gmail.com] Sent: Thursday, April 15, 2010 9:25 AM To: Tomcat Users List Subject: question about APR based native library Are there any reasons I shouldn't use the APR based native libaray? Or at least things that I should be aware of if I do use it? According to the documentation using the native library will give better scalability and performance. I want to understand if there are any downside since with most things there are both upside and downside. Bill *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trouble accessing content in webapps/ROOT
2010/4/15 laredotornado laredotorn...@gmail.com: Hi, I'm using Tomcat 6.0.26 with Apache 2.2 on Mac 10.6.3. I want to use http://localhost/ to access content in my $CATALINA_HOME/webapps/ROOT/ directory. However, when I visit http://localhost/index.jsp, I just get the raw page with all the uncompiled, JSP code. Below is the directive I'm using in my httpd.conf file. Any thoughts? Yes, your configuration is wrong. Have you read the manuals, I mean the proper ones at http://tomcat.apache.org/ ? There should be a warning somewhere, that you must not point Apache to your Tomcat appbase. (Pointing it to your ROOT application is a lesser crime, but still similar to the original one). DocumentRoot /Library/Tomcat/Home/webapps/ROOT Directory /Library/Tomcat/Home/webapps/ROOT Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all /Directory JkMount (...) I am successfully able to access JSP content in other webapps directories other than ROOT. Thanks, - Dave Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Hung threads
On 4/15/2010 12:47 PM, Jeffrey Janner wrote: Thanks Konstantin - That's a possibility. Is it feasible that all 150 worker threads would enter await before the Acceptor thread got some CPU time again? I guess so. I suppose setting the priority of the Acceptor thread higher than the workers would minimize the chances of this happening. I dropped them back to a 1.5 JVM and made it through the night last night, though that might have just been lower load on the system as well. It only opened about 135 worker threads. Hopefully, 5.5.30 will be along faster than 5.5.29. I'm still waiting on whomever to put the Windows installer version out there for that. Jeff If you already have an installation, you don't need a windows installation package to install the updates. Just unzip the package on top of your old installation, and everything will be updated (assuming it's the same base version, such as upgrading from 5.5.20 to 5.5.30). -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Thursday, April 15, 2010 9:20 AM To: Tomcat Users List Subject: Re: Hung threads 2010/4/13 Christopher Schultzch...@christopherschultz.net: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff, Okay, you're running into the limits of my knowledge of the APR connector's internals. On 4/13/2010 1:24 PM, Jeffrey Janner wrote: http-172.16.27.1-443-Acceptor-0 daemon prio=6 tid=0x6425c400 nid=0xb6c4 in Object.wait() [0x65d7f000] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) - waiting on0x0b8bafd8 (a org.apache.tomcat.util.net.AprEndpoint$WorkerStack) at java.lang.Object.wait(Object.java:485) at org.apache.tomcat.util.net.AprEndpoint.getWorkerThread(AprEndpoint.java:924) - locked0x0b8bafd8 (a org.apache.tomcat.util.net.AprEndpoint$WorkerStack) at org.apache.tomcat.util.net.AprEndpoint$Acceptor.run(AprEndpoint.java:997) at java.lang.Thread.run(Thread.java:619) This is the acceptor thread which basically accepts all the incoming requests and assigns them to worker threads: it's just a traffic cop. This thread looks like it's stuck waiting for an available worker thread (AprEndpoint.getWorkerThread) so it looks like something is definitely wrong, here. +1. If it is stuck there, it will not accept any more incoming requests. It might be that you bumped into BZ 48843 https://issues.apache.org/bugzilla/show_bug.cgi?id=48843 A patch for it is already available, proposed, and has enough votes, so it will be applied shortly. That will be 5.5.30, though. Unfortunately for you, you'll need someone like Filip who knows everything about these Connectors to comment. Connector address=172.16.27.1 port=443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=5 maxSpareThreads=75 enableLookups=false acceptCount=100 It looks like a thread called http-172.16.27.1-443-150 exists, which suggests that all maxThreads have been allocated, though they really do all look idle to me. Hmm. Yeah, wait for Filip. :) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trouble accessing content in webapps/ROOT
What specifically is wrong? Why are the pages being served without being compiled? Thanks, - Dave Konstantin Kolinko wrote: 2010/4/15 laredotornado laredotorn...@gmail.com: Hi, I'm using Tomcat 6.0.26 with Apache 2.2 on Mac 10.6.3. I want to use http://localhost/ to access content in my $CATALINA_HOME/webapps/ROOT/ directory. However, when I visit http://localhost/index.jsp, I just get the raw page with all the uncompiled, JSP code. Below is the directive I'm using in my httpd.conf file. Any thoughts? Yes, your configuration is wrong. Have you read the manuals, I mean the proper ones at http://tomcat.apache.org/ ? There should be a warning somewhere, that you must not point Apache to your Tomcat appbase. (Pointing it to your ROOT application is a lesser crime, but still similar to the original one). DocumentRoot /Library/Tomcat/Home/webapps/ROOT Directory /Library/Tomcat/Home/webapps/ROOT Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all /Directory JkMount (...) I am successfully able to access JSP content in other webapps directories other than ROOT. Thanks, - Dave Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Trouble-accessing-content-in-webapps-ROOT-tp28256603p28258290.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: question about APR based native library
I am using 6.0.26. The native library is loaded. I am not as concern about SSL since most of our application don't use SSL. I am guessing that most people don't use the native library. One of my concern is stability. With a smaller user community, is the native code less stable than the pure Java code? Less usage could mean that there may be bugs that have not been shaken out yet. Bill On Thu, Apr 15, 2010 at 1:03 PM, Jeffrey Janner jeffrey.jan...@polydyne.com wrote: Other than the different SSL implementation? It depends on the release of Tomcat you are using. 5.5.28 (and some release of 6.x) won't properly recognize the library. That is fixed in current releases. -Original Message- From: Bill Au [mailto:bill.w...@gmail.com] Sent: Thursday, April 15, 2010 9:25 AM To: Tomcat Users List Subject: question about APR based native library Are there any reasons I shouldn't use the APR based native libaray? Or at least things that I should be aware of if I do use it? According to the documentation using the native library will give better scalability and performance. I want to understand if there are any downside since with most things there are both upside and downside. Bill *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 8443 to 443 problem
1. Tomcat version? 2. Is Tomcat running standalone, or behind another web server, e.g. Apache? 3. There are only these two connectors in your server.xml? Its tomcat 5.5 (i believe) embedded in jboss5.1.0GA running standalone default server. Those are the only 2 connectors in the context.xml file. I removed the AJP connector completely. From the server log when its starting up, notice the change from 8080 to 80 went through but 8443 to 443 had no effect: 18:48:09,605 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-192.168.1.5-80 18:48:09,648 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-192.168.1.5-8443 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 8443 to 443 problem
Many times, also tried reinstalling the server complete. On Thu, Apr 15, 2010 at 6:59 PM, Jeffrey Janner jeffrey.jan...@polydyne.com wrote: Did you restart your Tomcat instance? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 5.5.28
Christopher Schultz wrote: ... Note that members of this list often have difficulty giving advice to folks using package-managed versions of Tomcat because of the ... latitude taken by the package administrators when it comes to the placement of configuration files, deployed webapps, etc. Oh in such elegant terms this is written. An additional note : package administrators for Linux distributions also usually package one single version of Tomcat per release of their OS, which tends to be the current one at the time the OS release is being planned. In other words, there is no guarantee that for a given release of say Ubuntu, you would find a package with the very latest Tomcat version. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat AJP Problem
I have Tomcat 6.0.16 running on a box, and Apache 2.2.11 running on another box, both running on windows server 2003 and am using Mod_JK 1.2.23 for communications between the two. I have had a recurring problem where after a few days, usually 3 or 4, the AJP listener on the tomcat seems to stop working correctly. The apache starts displaying 503 service temporarily unavailable messages, and when I check the mod_jk.log file it says it can't connect to the tomcat. All it takes is restarting the tomcat and everything starts working again. Here is what troubleshooting I've done so far: I checked the tomcat via its http port 8080, and the application comes up fine. I check the tomcat box and make sure the AJP listener is still up and listening using netstat and it shows as listening. When I telnet to it (either locally or from the Apache box), it accepts the connection.. holds it open for a few seconds.. maybe 15.. then closes it. However when I telnet to the AJP listener port on the tomcat box when everything is working, it accepts the connection and it pretty much stays open until I use control C to close it. I realize this isn't exact troubleshooting, but it's just something I've noticed when looking into this. So to me it looks like only the AJP listener is having issues. When I pull the Application up via 8080 it works fine, I can use it and do everything like I could when the connection between apache and tomcat is working. I've tried decreasing the time before an idle session expires, increased the memory usage limit on the tomcat from 64 to 256mb (it defiantly was not big enough), and even tried restarting the tomcat before this happens to prevent it from happening(which made no difference on the 3-4 day timetable). Any ideas, questions or suggestions are welcome. Thanks Rusty SA
Re: mod_jk question about socket_timeout
On 15.04.2010 13:22, Philip Wigg wrote: Hi, I'm using mod_jk 2.2.27 to connect via AJP to a JBoss backend. The problem is that a reporting application takes a couple of minutes to run a report but mod_jk seems to be closing the connection to the back-end and the user receives a 502 Bad Gateway error. 10 seconds after the request is made, I see the following in the mod_jk logs.:- [Thu Apr 01 11:51:45.586 2010] [10148:1178638688] [debug] jk_shutdown_socket::jk_connect.c (680): About to shutdown socket 13 [Thu Apr 01 11:51:45.726 2010] [10148:1084229984] [debug] jk_watchdog_func::mod_jk.c (2850): Watchdog thread running [Thu Apr 01 11:51:47.586 2010] [10148:1178638688] [debug] jk_shutdown_socket::jk_connect.c (731): Shutdown socket 13 and read 0 lingering bytes [Thu Apr 01 11:51:47.586 2010] [10148:1178638688] [info] ajp_connection_tcp_get_message::jk_ajp_common.c (): (tomcat1) can't receive the response message from tomcat, network problems or tomcat (172.26.199.15:7032) is down (errno=11) [Thu Apr 01 11:51:47.586 2010] [10148:1178638688] [error] ajp_get_reply::jk_ajp_common.c (1920): (tomcat1) Tomcat is down or refused connection. No response has been sent to the client (yet) [Thu Apr 01 11:51:47.586 2010] [10148:1178638688] [info] ajp_service::jk_ajp_common.c (2407): (tomcat1) sending request to tomcat failed (recoverable), (attempt=1) [Thu Apr 01 11:51:47.586 2010] [10148:1178638688] [debug] ajp_service::jk_ajp_common.c (2267): retry 1, sleeping for 100 ms before retrying The worker.properties file has only the following timeouts configured:- worker.tomcat1.connect_timeout=1 worker.tomcat1.prepost_timeout=1 worker.tomcat1.socket_keepalive=true worker.tomcat1.socket_timeout=10 worker.tomcat1.connection_pool_timeout=600 Which timeout is likely to be responsible for closing this connection? The socket timeout. I have run a network trace between the web and app servers and it shows there's no AJP traffic at all between them whilst the report is being generated and then the connection being closed after 10 seconds, would socket_timeout close the connection in that case? I don't see any errors about failing cping/cpongs. Recent versions of mod_jk allow a very fine-grained response timeout configuration, so that you can e.g. set a general response timeout to 20 seconds and a longer timeout like 60 seconds for special URLs you expect to take longer like report generation. The cases where you would need short timeouts are the cping/cpong and during connection setup. For the latter there is now also a special timeout, so that you can actually drop the socket timeout. Have a look at: http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html which tries to describe the possible timepouts and their implications in great length. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: question about APR based native library
2010/4/15 Bill Au bill.w...@gmail.com: I am using 6.0.26. The native library is loaded. I am not as concern about SSL since most of our application don't use SSL. I am guessing that most people don't use the native library. One of my concern is stability. With a smaller user community, is the native code less stable than the pure Java code? Less usage could mean that there may be bugs that have not been shaken out yet. At the end of the following page there is a table comparing the feature sets provided by the different connector implementations: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html The main competitors are APR connector vs. Nio connector, as both provide multiplexing aka polling, allowing to serve more sockets than the count of your worker threads. The APR connector sure has a bit more longer history, dating back to TC 5.5. The Nio connector is more modern, available since TC 6.x only, but that is several years already. less stable than the pure Java code Note, that that also depends on the JRE implementation that you would be using. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Re-direct webpage from HTTP to HTTPS
Hi, You can read here - http://myunster.com/blog/10.html http://myunster.com/blog/10.htmlI wrote it a while ago and configuration is pretty simple. Best Regards, Leon Kolchinsky On Thu, Apr 15, 2010 at 22:33, Stephen . marr...@hotmail.com wrote: Hi all, I have recently bought and installed an SSL Certificate on my Apache Tomcat Server. I modified the server.xml file, so that my webpage now uses only HTTPS (meaning, a secure site) However, I would like to modify it such that : if someone types in only HTTP, he will nevertheless be directed to the proper place : HTTPS://mysite.com I know that this is a simple thing to do; I'm just not sure of the exact syntax Any help, please? Thanks _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
Re: Basic Question
Did you put an entry in your web.XML file? Lance Campbell Sent from my iPhone On Apr 15, 2010, at 8:09 PM, Rhino rhi...@sympatico.ca wrote: I hope someone will take pity on me and help me with this very basic question. I was moderately fluent with servlets and Tomcat several years ago but haven't touched them in a while. I'm trying to get back into servlets now. I am having trouble getting my servlets to start in Tomcat. I inevitably get a 404 error. I am running Tomcat 6.0.26 on Windows XP SP2. The sample applications in Tomcat run fine. My servlets are in Eclipse 3.5.2. They compile fine and I have used the Tomcat menu to export them to the war file directory; no error gets reported when I do the export. I did a manual deploy of the war file from the war file to deplay section of the Tomcat Manager page. When I start the Tomcat Manager in my browser, it shows several servlets, including the examples and the servlets that I have deployed myself. In each case, my own servlets seem to be started just fine. All of them say running, the number of sessions is 0 for each of them, and all of them have stop, reload and undeploy options which are clickable and a start option which is not clickable. To me, that says these puppies are started and there is no error in any of them. However, when I click on my servlets, like /FileUploadServlet for example, I get this: HTTP Status 404 - /FileUploadServlet/ --- - *type* Status report *message* _/FileUploadServlet/_ *description* _The requested resource (/FileUploadServlet/) is not available._ --- - Apache Tomcat/6.0.26 I feel sure that I've simply neglected to do something simple and straightforward but my memory is failing me. I can't remember what other steps are needed to get a servlet configured so that it runs in Tomcat. I was going to try to run the servlet in Eclipse but I'm darned if I can remember how to start it there either. Can someone help me out? -- Rhino - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Basic Question
Did you configure your servlets in your web.xml properly? Also...it sounds as though you are deploying each servlet in its own app. Make sure you are invoking the servlet through the proper app. -Original message- From: Rhino rhi...@sympatico.ca To: tomcat-user tomcat-u...@jakarta.apache.org Sent: Fri, Apr 16, 2010 01:07:29 GMT+00:00 Subject: Basic Question I hope someone will take pity on me and help me with this very basic question. I was moderately fluent with servlets and Tomcat several years ago but haven't touched them in a while. I'm trying to get back into servlets now. I am having trouble getting my servlets to start in Tomcat. I inevitably get a 404 error. I am running Tomcat 6.0.26 on Windows XP SP2. The sample applications in Tomcat run fine. My servlets are in Eclipse 3.5.2. They compile fine and I have used the Tomcat menu to export them to the war file directory; no error gets reported when I do the export. I did a manual deploy of the war file from the war file to deplay section of the Tomcat Manager page. When I start the Tomcat Manager in my browser, it shows several servlets, including the examples and the servlets that I have deployed myself. In each case, my own servlets seem to be started just fine. All of them say running, the number of sessions is 0 for each of them, and all of them have stop, reload and undeploy options which are clickable and a start option which is not clickable. To me, that says these puppies are started and there is no error in any of them. However, when I click on my servlets, like /FileUploadServlet for example, I get this: HTTP Status 404 - /FileUploadServlet/ *type* Status report *message* _/FileUploadServlet/_ *description* _The requested resource (/FileUploadServlet/) is not available._ Apache Tomcat/6.0.26 I feel sure that I've simply neglected to do something simple and straightforward but my memory is failing me. I can't remember what other steps are needed to get a servlet configured so that it runs in Tomcat. I was going to try to run the servlet in Eclipse but I'm darned if I can remember how to start it there either. Can someone help me out? -- Rhino - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
