Re: SSL for modjk and tomcat
Simple i have setup httpd,modjk,tomcat .i want to enable SSL(i.e i can handle everything on https). If you have httpd sending traffic via mod_jk to tomcat, you are nearly there. Just configure httpd to listen over ssl. If (instead) you want to encrypt the AJP connection between HTTPD and Tomcat, you'll have to use an SSH tunnel because the AJP protocol is not encrypted. Now AJP not support SSL fine. i.e AJP protocol is not encrypted. i dont want SSH tunnel. That's fine if you don't want/need a tunnel What other approach i can follow now.i mean other way ? i am not sure where to configure those mod jk directive and what configurations at tomcat side? I don't think you quite understand how this list works. You need to ask a specific question, and people will generally try to provide a specific answer. In your email you say you have httpd/mod_jk/tomcat communicating. You keep saying that you want to turn on ssl. As 3 people have already pointed out, you can have ssl between browser and httpd. You can have ssl between httpd and tomcat, but you said you don't want that. If you configure httpd for ssl, then you're probably there. IMO you only to worry about those mod_jk directives if you need tomcat to know that it is being handed a connection that has come from an ssl connection. Perhaps explain why you need this ssl information in your app? Perhaps supply a copy of web.xml with the security constraints? In short help us help you - http://www.catb.org/~esr/faqs/smart-questions.html Chris
RE: Session time out never takes place with ajax
Christopher, So to recap, and verify my understanding... Perhaps I am missing some valve overview. I understand it is invoked before the filters, but after completion it would arrive to the filter/servlet container anyway. So what your saying is that if I build a valve and read information from IO file or/db or any other cached data which doesn’t trigger a request.getSession That will work? And if so, I will still need to break the chain and prevent it from continuing deeper into tomcat or else it will update the session access time Did I get it right? Sharon -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, November 10, 2011 8:04 AM To: Tomcat Users List Subject: Re: Session time out never takes place with ajax -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sharon, On 11/9/11 12:56 AM, Sharon Prober (sprober) wrote: This is my first post here so wish me luck J Welcome. My question is as follow: I have a web based application running on tomcat 6.0.29 On my main page there is a polling ajax call every 5 seconds. Clearly this revalidates the session and by that renders the session timeout feature unusable Yes. I read about two main solutions for this issue 1. Coding on the server side (filter) a simple snippet that identifies an ajax call based on a parameter passed and based on that knows if this is a valid post or a polling hit that should not affect the session expiration date This is problematic for a few reasons: 1. You usually want a polling request to return something of use, which often involves the session. You can't access the session without updating its last-accessed-time. 2. Under certain configuration, Tomcat will update the last-accessed-time of the session even if you don't call request.getSession(). This may be only the case in Tomcat 7 with the following configuration settings: See the org.apache.catalina.core. StandardHostValve.ACCESS_SESSION and org.apache.catalina.STRICT_SERVLET_COMPLIANCE system properties here: http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Sessions 2. Create a stub webapp and redirect the calls of the polling to that app I'm not sure this buys you anything: if you pass-through calls to the real webapp, then you'll still be touching the session. So my question is, is there another way for this to be achieved? It would be best to describe what your ping actually does. If it doesn't require session access, you may have some options. Note. I think it might be a cool feature (with the vast ajax use these days) to have a configuration in the web.xml the excludes various paths/urls from the session validation checkups This would, by definition, be a violation of the specification. Instead, something like a Valve placed early in the pipeline could avoid a session update but still perform some trivial action. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk67aUkACgkQ9CaO5/Lv0PBl2ACdHDKUqQ/zkT0dfc63MFELStLK +a4An3kuFz39fXKymLVFBqYRMQ9xWUbX =naid -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session time out never takes place with ajax
So to recap, and verify my understanding... Perhaps I am missing some valve overview. I understand it is invoked before the filters, but after completion it would arrive to the filter/servlet container anyway. So what your saying is that if I build a valve and read information from IO file or/db or any other cached data which doesn’t trigger a request.getSession That will work? And if so, I will still need to break the chain and prevent it from continuing deeper into tomcat or else it will update the session access time Instead of mapping all requests e.g. /* through security*, you could split you app. So say /public folder contains static resources and requires not security*. You could put dynamic resources under /dynamic and map to security*. That way anybody requesting a dynamic resource would need a session, and this would be touched on every request to /dynamic/*. If you had this kind of setup, then you could create another top level folder called say /ajaxPing and not map that to security*. Then as long as the filter/servlet/jsp page that fulfills that request does not call request.getSession, you will fulfill your aim to respond without affecting session expiration Alternatively you could put a valve in the front of the whole web app, and have that respond to a given url, and then stop the request, e.g. not pass the request to tomcat. I beleive that is what Mr Schultz was suggesting * when I keep saying security, I'm not sure the correct collective term. I don't just mean container security, but also any filter/servlet/jsp that calls request.getSession HTH Chris
graceful restart tomcat
Hi, Is there a way to forcefully graceful restart tomcat server using bash script via cron.Any sample bash script ? Regards, Kaushal - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL for modjk and tomcat
Thanks guys .i will take care while posting in future. So far i will go for ssl between browser and httpd only. On Thu, Nov 10, 2011 at 1:40 PM, chris derham ch...@derham.me.uk wrote: Simple i have setup httpd,modjk,tomcat .i want to enable SSL(i.e i can handle everything on https). If you have httpd sending traffic via mod_jk to tomcat, you are nearly there. Just configure httpd to listen over ssl. If (instead) you want to encrypt the AJP connection between HTTPD and Tomcat, you'll have to use an SSH tunnel because the AJP protocol is not encrypted. Now AJP not support SSL fine. i.e AJP protocol is not encrypted. i dont want SSH tunnel. That's fine if you don't want/need a tunnel What other approach i can follow now.i mean other way ? i am not sure where to configure those mod jk directive and what configurations at tomcat side? I don't think you quite understand how this list works. You need to ask a specific question, and people will generally try to provide a specific answer. In your email you say you have httpd/mod_jk/tomcat communicating. You keep saying that you want to turn on ssl. As 3 people have already pointed out, you can have ssl between browser and httpd. You can have ssl between httpd and tomcat, but you said you don't want that. If you configure httpd for ssl, then you're probably there. IMO you only to worry about those mod_jk directives if you need tomcat to know that it is being handed a connection that has come from an ssl connection. Perhaps explain why you need this ssl information in your app? Perhaps supply a copy of web.xml with the security constraints? In short help us help you - http://www.catb.org/~esr/faqs/smart-questions.html Chris
Re: sessionCookieDomain and sessionCookiePath
Hello, I have an application serving several subdomains (a1.domain.com, a2.domain.com etc.) and i want to be able to have a single session cookie shared between subdomains (registered on domain .domain.com). However, when using Tomcat's sessionCookieDomain (tried on versions 6.0.33, 7.0.22) i don't get the expected behaviour: 1. If i set the sessionCookiePath to \test for example i get only one JSESSIONID cookie with domain .domain.com, but the path obviously is set to /test. 2. If i set the sessionCookiePath to \, or if i don't set it at all, i get a JSESSIONID cookie with domain .domain.com and a JSESSIONID cookie with domain a1.domain.com, which is not what i expect. As a side note, on Tomcat 6.0.33 i also tried using the emptySessionPath attribute for the connector, but that did not help either. Can you please spot the error in my logic and guide me through the right steps to achieve this single JSESSIONID cookie? Thanks, Ionut
Re: graceful restart tomcat
On 10/11/2011 08:28, Kaushal Shriyan wrote: Hi, Is there a way to forcefully graceful restart tomcat server using bash script via cron.Any sample bash script ? Which is it: forceful or graceful? The two are not usually compatible. 'graceful' is found in Apache HTTPD: [the] signal causes the parent process to advise the children to exit after their current request (or to exit immediately if they're not serving anything). The parent re-reads its configuration files and re-opens its log files. As each child dies off the parent replaces it with a child from the new generation of the configuration, which begins serving new requests immediately. There is no equivalent for Tomcat. The Commons Daemon found in tomcat/bin/commons-daemon-native.tar.gz provides a service wrapper and /etc/init.d/ type sample script which may be useful. Why do you need to schedule Tomcat restarts? It is often a mitigation applied instead of resolving the cause of a memory leak. Better to find fix the leak than leave it place. p Regards, Kaushal - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: graceful restart tomcat
On Thu, Nov 10, 2011 at 2:42 PM, Pid p...@pidster.com wrote: On 10/11/2011 08:28, Kaushal Shriyan wrote: Hi, Is there a way to forcefully graceful restart tomcat server using bash script via cron.Any sample bash script ? Which is it: forceful or graceful? The two are not usually compatible. 'graceful' is found in Apache HTTPD: [the] signal causes the parent process to advise the children to exit after their current request (or to exit immediately if they're not serving anything). The parent re-reads its configuration files and re-opens its log files. As each child dies off the parent replaces it with a child from the new generation of the configuration, which begins serving new requests immediately. There is no equivalent for Tomcat. The Commons Daemon found in tomcat/bin/commons-daemon-native.tar.gz provides a service wrapper and /etc/init.d/ type sample script which may be useful. Hi pid I dont see commons-daemon-native.tar.gz under /opt/test/apache-tomcat-5.5.27/bin catalina.shcommons-logging-api-1.1.1.jar digest.sh jsvc.tar.gzsetclasspath.sh startup.bat tomcat5w.exe tool-wrapper.bat version.sh [root@bin]# pwd /opt/test/apache-tomcat-5.5.27/bin [root@bin]# ls bootstrap.jar catalina-tasks.xml cpappend.bat jkstatus-tasks.xml service.bat shutdown.bat startup.sh tomcat-juli.jar tool-wrapper.sh catalina.bat commons-daemon.jar digest.bat jmxaccessor-tasks.xml setclasspath.bat shutdown.sh tomcat5.exe tomcat-native.tar.gz version.bat catalina.shcommons-logging-api-1.1.1.jar digest.sh jsvc.tar.gzsetclasspath.sh startup.bat tomcat5w.exe tool-wrapper.bat version.sh [root@bin]# Please suggest further. Regards, Kaushal - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: sessionCookieDomain and sessionCookiePath
On 10/11/2011 08:39, Ionut Stoian wrote: Hello, I have an application serving several subdomains (a1.domain.com, a2.domain.com etc.) and i want to be able to have a single session cookie shared between subdomains (registered on domain .domain.com). However, when using Tomcat's sessionCookieDomain (tried on versions 6.0.33, 7.0.22) i don't get the expected behaviour: 1. If i set the sessionCookiePath to \test for example i get only one JSESSIONID cookie with domain .domain.com, but the path obviously is set to /test. 2. If i set the sessionCookiePath to \, or if i don't set it at all, i get a JSESSIONID cookie with domain .domain.com and a JSESSIONID cookie with domain a1.domain.com, which is not what i expect. Why would you set it to '\' or anything that starts with '\'? sessionCookieDomain, sessionCookiePath are Servlet 3.0 (ie Tomcat 7.0) configuration directives. They won't work in Tomcat 6.0. Where did you set them? In tomcat/conf/context.xml or somewhere else? p As a side note, on Tomcat 6.0.33 i also tried using the emptySessionPath attribute for the connector, but that did not help either. Can you please spot the error in my logic and guide me through the right steps to achieve this single JSESSIONID cookie? Thanks, Ionut -- [key:62590808] signature.asc Description: OpenPGP digital signature
Unable to receive message through TCP channel
Hello together, I am using to Tomcat 5.5.26 Servers. I took over the responsibility for this system some time ago. Since then we already got the following error message. SEVERE: Manager [/mywebapp]: Unable to receive message through TCP channel java.lang.ClassNotFoundException: After questioning what this error is about I got no response but the comment that everything is running fine. So I haven't searhc after it. But now after having a rollout of new servlet version we have some serious performance issues. And now I have to check for every severe error message I can find. But unfornatly I haven't found a solution or cause for this. The only thing which I have found is a posting that this might be a problem of the tomcats version and that this might be a bug which was solved in 5.5.28. Is this correct? The cluster configuration part in server.xml looks like a standard configuration: Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster managerClassName=org.apache.catalina.cluster.session.DeltaManager expireSessionsOnShutdown=false useDirtyFlag=true notifyListenersOnReplication=true Membership className=org.apache.catalina.cluster.mcast.McastService mcastAddr=228.0.0.4 mcastPort=45564 mcastFrequency=500 mcastDropTime=3000/ Receiver className=org.apache.catalina.cluster.tcp.ReplicationListener tcpListenAddress=auto tcpListenPort=4002 tcpSelectorTimeout=100 tcpThreadCount=6/ Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=pooled ackTimeout=15000/ Valve className=org.apache.catalina.cluster.tcp.ReplicationValve filter=.*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.css;.*\.txt;/ Deployer className=org.apache.catalina.cluster.deploy.FarmWarDeployer tempDir=/tmp/war-temp/ deployDir=/tmp/war-deploy/ watchDir=/tmp/war-listen/ watchEnabled=false/ ClusterListener className=org.apache.catalina.cluster.session.ClusterSessionListener/ /Cluster I found out thatwe are not using the Deployer context. It is just configured, but both Tomcats servers use a deployment path on its local storage. Has somebody an idea? Mit freundlichen Grüßen / Yours sincerely Uwe Hellmann T-Systems International GmbH Production CSS GCU Large Accounts AC Express Logistics LT1 Gradestr. 20, 30163 Hannover +49 511 333 - 1233 (Tel.) +49 511 333 - 1287 (Fax) Email: uwe.hellm...@t-systems.commailto:uwe.hellm...@t-systems.com Internet: http://www.t-systems.comhttp://www.t-systems.com/ T-Systems International GmbH Aufsichtsrat: René Obermann (Vorsitzender) Geschäftsführung: Reinhard Clemens (Vorsitzender), Dr. Ferri Abolhassan, Ulrich Meister, Georg Pepping, Hagen Rickmann, Dietmar Wendt, Klaus Werner Handelsregister: Amtsgericht Frankfurt am Main HRB 55933 Sitz der Gesellschaft: Frankfurt am Main Notice: This transmittal and/or attachments may be privileged or confidential. If you are not the intended recipient, you are hereby notified that you have received this transmittal in error; any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.
Re: Unable to receive message through TCP channel
On 10/11/2011 10:20, uwe.hellm...@t-systems.com wrote: Hello together, I am using to Tomcat 5.5.26 Servers. I took over the responsibility for this system some time ago. Since then we already got the following error message. SEVERE: Manager [/mywebapp]: Unable to receive message through TCP channel java.lang.ClassNotFoundException: After questioning what this error is about I got no response but the comment that everything is running fine. So I haven't searhc after it. But now after having a rollout of new servlet version we have some serious performance issues. And now I have to check for every severe error message I can find. But unfornatly I haven't found a solution or cause for this. The only thing which I have found is a posting that this might be a problem of the tomcats version and that this might be a bug which was solved in 5.5.28. Is this correct? How can we judge whether the posting is accurate if you don't post a link to it? Do you have exactly the same versions of the application deployed on each node of the cluster? Is there a reason why you aren't upgrading to the latest version of 5.5 (5.5.34)? p The cluster configuration part in server.xml looks like a standard configuration: Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster managerClassName=org.apache.catalina.cluster.session.DeltaManager expireSessionsOnShutdown=false useDirtyFlag=true notifyListenersOnReplication=true Membership className=org.apache.catalina.cluster.mcast.McastService mcastAddr=228.0.0.4 mcastPort=45564 mcastFrequency=500 mcastDropTime=3000/ Receiver className=org.apache.catalina.cluster.tcp.ReplicationListener tcpListenAddress=auto tcpListenPort=4002 tcpSelectorTimeout=100 tcpThreadCount=6/ Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=pooled ackTimeout=15000/ Valve className=org.apache.catalina.cluster.tcp.ReplicationValve filter=.*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.css;.*\.txt;/ Deployer className=org.apache.catalina.cluster.deploy.FarmWarDeployer tempDir=/tmp/war-temp/ deployDir=/tmp/war-deploy/ watchDir=/tmp/war-listen/ watchEnabled=false/ ClusterListener className=org.apache.catalina.cluster.session.ClusterSessionListener/ /Cluster I found out thatwe are not using the Deployer context. It is just configured, but both Tomcats servers use a deployment path on its local storage. Has somebody an idea? Mit freundlichen Grüßen / Yours sincerely Uwe Hellmann T-Systems International GmbH Production CSS GCU Large Accounts AC Express Logistics LT1 Gradestr. 20, 30163 Hannover +49 511 333 - 1233 (Tel.) +49 511 333 - 1287 (Fax) Email: uwe.hellm...@t-systems.commailto:uwe.hellm...@t-systems.com Internet: http://www.t-systems.comhttp://www.t-systems.com/ T-Systems International GmbH Aufsichtsrat: René Obermann (Vorsitzender) Geschäftsführung: Reinhard Clemens (Vorsitzender), Dr. Ferri Abolhassan, Ulrich Meister, Georg Pepping, Hagen Rickmann, Dietmar Wendt, Klaus Werner Handelsregister: Amtsgericht Frankfurt am Main HRB 55933 Sitz der Gesellschaft: Frankfurt am Main Notice: This transmittal and/or attachments may be privileged or confidential. If you are not the intended recipient, you are hereby notified that you have received this transmittal in error; any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you. -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: How to run tomcat 5.5.9 as a service in 64-bit OS?
I've downloaded the zip archive and i've replaced the files from x64 and now it works!!! Thank you! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Re: sessionCookieDomain and sessionCookiePath
It was a typo, i meant /. They are available also on tomcat 6.0.27: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html -- Forwarded message -- From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Date: Thu, 10 Nov 2011 09:28:15 + Subject: Re: sessionCookieDomain and sessionCookiePath On 10/11/2011 08:39, Ionut Stoian wrote: Hello, I have an application serving several subdomains (a1.domain.com, a2.domain.com etc.) and i want to be able to have a single session cookie shared between subdomains (registered on domain .domain.com). However, when using Tomcat's sessionCookieDomain (tried on versions 6.0.33, 7.0.22) i don't get the expected behaviour: 1. If i set the sessionCookiePath to \test for example i get only one JSESSIONID cookie with domain .domain.com, but the path obviously is set to /test. 2. If i set the sessionCookiePath to \, or if i don't set it at all, i get a JSESSIONID cookie with domain .domain.com and a JSESSIONID cookie with domain a1.domain.com, which is not what i expect. Why would you set it to '\' or anything that starts with '\'? sessionCookieDomain, sessionCookiePath are Servlet 3.0 (ie Tomcat 7.0) configuration directives. They won't work in Tomcat 6.0. Where did you set them? In tomcat/conf/context.xml or somewhere else? p
Re: Parallel deployment - can we use JMX to monitor old and new versions of a webapp?
On 10/11/2011 06:31, Ellecer Valencia wrote: Would using JMX allow us to view this information for the two webapp versions without being dependent on user sessions? Yes. How would we distinguish between status info coming from the old and new webapp versions? Include the full application version in the MBean name(s) you register. Take a look (e.g. with JConsole) how Tomcat does this for multiple versions at the moment. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ContextInitialization fails, but app starts anyway
Hi. For reference, my set up is Tomcat 5.5.27, Java 1.6.0_22 , Ubuntu 10.04.3. Once in a while when starting Tomcat; ContextInitialization fails for my app (specifically, Spring DI fails), but the app still comes up in a broken state. Is there a way to make this a hard fail-- Ideally tomcat wouldn't start at all and would exit with a non-zero exit code? I'm separately investigating why Initialization fails, but at this time I'm looking for an easier way for our automated tools to know immediately that there is a problem (regardless of what the problem is). thanks, Marc - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ContextInitialization fails, but app starts anyway
Marc, Take a look at org.apache.catalina.startup.EXIT_ON_INIT_FAILURE. From the docs... If true, the server will exit if an exception happens during the server initialization phase. If not specified, the default value of false will be used. https://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html Dan On Thu, 2011-11-10 at 08:32 -0800, Marc Limotte wrote: Hi. For reference, my set up is Tomcat 5.5.27, Java 1.6.0_22 , Ubuntu 10.04.3. Once in a while when starting Tomcat; ContextInitialization fails for my app (specifically, Spring DI fails), but the app still comes up in a broken state. Is there a way to make this a hard fail-- Ideally tomcat wouldn't start at all and would exit with a non-zero exit code? I'm separately investigating why Initialization fails, but at this time I'm looking for an easier way for our automated tools to know immediately that there is a problem (regardless of what the problem is). thanks, Marc - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JVM config for tomcat7.0.19
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Celtic, On 11/10/11 8:01 AM, celtic man wrote: Can i set the below parameters on the setenv.sh? Sure. application running on tomcat7.0.19 on linux 64 bit with 2GB total memory and 0.5 GB available memory on the machine. JAVA_OPTS=-Xms2048M -Xmx2048M -XX:Permsize=512m -XX:MaxPermsize=512m If you only have 0.5GiB available, perhaps requesting a 2GiB heap isn't wise. The current setting on the setenv.sh file is : CATALINA_OPTS=-Xmx4000M Well, lowering it from 4GiB to 2 GiB will certainly help free up some of your RAM. If you only have a 2GiB machine, why bother running 64-bit? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk68AJEACgkQ9CaO5/Lv0PBL6wCfR7KU0u5uYtX57GBJOZd6oI49 hzYAoLOjPtnLyZjQ7bSoOVI/ti+LO9rC =qUbu -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ContextInitialization fails, but app starts anyway
Thanks for the suggestion, Dan. Sound like that option would be perfect, but I do not see it for Tomcat 5.5 (https://tomcat.apache.org/tomcat-5.5-doc/config/systemprops.html). Is there a work-around or alternative for users of older Tomcat versions? Marc On Thu, Nov 10, 2011 at 11:43 AM, Daniel Mikusa dmik...@vmware.com wrote: Marc, Take a look at org.apache.catalina.startup.EXIT_ON_INIT_FAILURE. From the docs... If true, the server will exit if an exception happens during the server initialization phase. If not specified, the default value of false will be used. https://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html Dan On Thu, 2011-11-10 at 08:32 -0800, Marc Limotte wrote: Hi. For reference, my set up is Tomcat 5.5.27, Java 1.6.0_22 , Ubuntu 10.04.3. Once in a while when starting Tomcat; ContextInitialization fails for my app (specifically, Spring DI fails), but the app still comes up in a broken state. Is there a way to make this a hard fail-- Ideally tomcat wouldn't start at all and would exit with a non-zero exit code? I'm separately investigating why Initialization fails, but at this time I'm looking for an easier way for our automated tools to know immediately that there is a problem (regardless of what the problem is). thanks, Marc - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: sessionCookieDomain and sessionCookiePath
On 10 Nov 2011, at 13:06, Ionut Stoian isto...@tremend.ro wrote: It was a typo, i meant /. They are available also on tomcat 6.0.27: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html -- Forwarded message -- From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Date: Thu, 10 Nov 2011 09:28:15 + Subject: Re: sessionCookieDomain and sessionCookiePath On 10/11/2011 08:39, Ionut Stoian wrote: Hello, I have an application serving several subdomains (a1.domain.com, a2.domain.com etc.) and i want to be able to have a single session cookie shared between subdomains (registered on domain .domain.com). However, when using Tomcat's sessionCookieDomain (tried on versions 6.0.33, 7.0.22) i don't get the expected behaviour: 1. If i set the sessionCookiePath to \test for example i get only one JSESSIONID cookie with domain .domain.com, but the path obviously is set to /test. 2. If i set the sessionCookiePath to \, or if i don't set it at all, i get a JSESSIONID cookie with domain .domain.com and a JSESSIONID cookie with domain a1.domain.com, which is not what i expect. Why would you set it to '\' or anything that starts with '\'? sessionCookieDomain, sessionCookiePath are Servlet 3.0 (ie Tomcat 7.0) configuration directives. They won't work in Tomcat 6.0. Where did you set them? In tomcat/conf/context.xml or somewhere else? p Please don't top post. I missed that addition to 6.0. (must read release notes to see what else I missed). Can you confirm which file you set the config in? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ContextInitialization fails, but app starts anyway
Marc, Yep, think you're right. My fault for not paying closer attention to your version. Other options that come to mind... - fetch one of the URL's for your application, check for a 404 status - connect via JMX, look at Catalina:type=Deployer,host=localhost (substitute your host name for localhost). That object exposes a isDeploy operation which will show a true / false value indicating if the app is deployed. Dan On Thu, 2011-11-10 at 08:57 -0800, Marc Limotte wrote: Thanks for the suggestion, Dan. Sound like that option would be perfect, but I do not see it for Tomcat 5.5 (https://tomcat.apache.org/tomcat-5.5-doc/config/systemprops.html). Is there a work-around or alternative for users of older Tomcat versions? Marc On Thu, Nov 10, 2011 at 11:43 AM, Daniel Mikusa dmik...@vmware.com wrote: Marc, Take a look at org.apache.catalina.startup.EXIT_ON_INIT_FAILURE. From the docs... If true, the server will exit if an exception happens during the server initialization phase. If not specified, the default value of false will be used. https://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html Dan On Thu, 2011-11-10 at 08:32 -0800, Marc Limotte wrote: Hi. For reference, my set up is Tomcat 5.5.27, Java 1.6.0_22 , Ubuntu 10.04.3. Once in a while when starting Tomcat; ContextInitialization fails for my app (specifically, Spring DI fails), but the app still comes up in a broken state. Is there a way to make this a hard fail-- Ideally tomcat wouldn't start at all and would exit with a non-zero exit code? I'm separately investigating why Initialization fails, but at this time I'm looking for an easier way for our automated tools to know immediately that there is a problem (regardless of what the problem is). thanks, Marc - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Programmatically updating the keystore Tomcat uses
I have a setup in which an instance of Tomcat 6 is running on a given machine, and another application on the same machine generates or updates the SSL credentials that Tomcat should present. The credentials are not in JKS format, and so currently I'm exporting them to PKCS#12 and writing them out to a location previously specified in server.xml. The problem is that since Tomcat only seems to load its credentials at startup, the only way to get the new SSL certificate to be used is to restart Tomcat. Is there a programmatic way to change Tomcat's keystore dynamically so that when I want to update the SSL credentials, I can do so without having to restart the service? I looked at the HTTP11Connector class, and possibly wrapping/replacing that in my setup, but I couldn't see anything that would allow me to override the current keystore. Even if I could just override the certificate/key used, that'd be fantastic. Thanks.
Re: JVM config for tomcat7.0.19
Thanks a lot for the quick response.. So i have updated the setenv.sh with -Xms2048M -Xmx2048M -XX:Permsize=512m -XX:MaxPermsize=512m and restarted tomcat.. but when i grep for tomcat process i don't see it .. ps -ef | grep tomcat root 10959 1 19 14:57 pts/400:00:29 /appl/java/bin/java -Dnop -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/appl/tomcat/endorsed -classpath /appl/tomcat/bin/bootstrap.jar:/appl/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/appl/tomcat -Dcatalina.home=/appl/tomcat -Djava.io.tmpdir=/appl/tomcat/temp org.apache.catalina.startup.Bootstrap start do you know why ?? Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Celtic, On 11/10/11 8:01 AM, celtic man wrote: Can i set the below parameters on the setenv.sh? Sure. application running on tomcat7.0.19 on linux 64 bit with 2GB total memory and 0.5 GB available memory on the machine. JAVA_OPTS=-Xms2048M -Xmx2048M -XX:Permsize=512m -XX:MaxPermsize=512m If you only have 0.5GiB available, perhaps requesting a 2GiB heap isn't wise. The current setting on the setenv.sh file is : CATALINA_OPTS=-Xmx4000M Well, lowering it from 4GiB to 2 GiB will certainly help free up some of your RAM. If you only have a 2GiB machine, why bother running 64-bit? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk68AJEACgkQ9CaO5/Lv0PBL6wCfR7KU0u5uYtX57GBJOZd6oI49 hzYAoLOjPtnLyZjQ7bSoOVI/ti+LO9rC =qUbu -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/JVM-config-for-tomcat7.0.19-tp32819635p32821446.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JVM config for tomcat7.0.19
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Celtic, On 11/10/11 12:02 PM, celtic man wrote: So i have updated the setenv.sh with -Xms2048M -Xmx2048M -XX:Permsize=512m -XX:MaxPermsize=512m and restarted tomcat.. Where is setenv.sh located? Can you give us the full contents of that file? but when i grep for tomcat process i don't see it .. ps -ef | grep tomcat root 10959 1 19 14:57 pts/4 00:00:29 /appl/java/bin/java -Dnop -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/appl/tomcat/endorsed -classpath /appl/tomcat/bin/bootstrap.jar:/appl/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/appl/tomcat -Dcatalina.home=/appl/tomcat -Djava.io.tmpdir=/appl/tomcat/temp org.apache.catalina.startup.Bootstrap start How are you starting Tomcat? Give us the exact command you are running. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk68QVoACgkQ9CaO5/Lv0PAvHwCfditQGu0AsA5NxZD0eV1mjD1d hc8Anil55svBR7vxCJKxG1v4psEAA7Uw =zMFY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Programmatically updating the keystore Tomcat uses
2011/11/10 Shawn Deer shawn.d...@entrust.com: I have a setup in which an instance of Tomcat 6 is running on a given machine, and another application on the same machine generates or updates the SSL credentials that Tomcat should present. The credentials are not in JKS format, and so currently I'm exporting them to PKCS#12 and writing them out to a location previously specified in server.xml. The problem is that since Tomcat only seems to load its credentials at startup, the only way to get the new SSL certificate to be used is to restart Tomcat. Is there a programmatic way to change Tomcat's keystore dynamically so that when I want to update the SSL credentials, I can do so without having to restart the service? I looked at the HTTP11Connector class, and possibly wrapping/replacing that in my setup, but I couldn't see anything that would allow me to override the current keystore. Even if I could just override the certificate/key used, that'd be fantastic. It might worth to try to stop and then start a connector, e.g. through JMX. You may try with jconsole first without any programming. (I do not remember whether they are restartable, but it is worth trying). JMX support is better in Tomcat 7, up to allowing you to create and configure Tomcat components through JMX. Also IIRC there might be some hooks in the connector, like using custom key store provider. YMMV Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JVM config for tomcat7.0.19
JAVA_OPTS=-Xms2048M -Xmx2048M -XX:Permsize=512m -XX:MaxPermsize=512m You are allocating here 2.5GB of memory to tomcat ... how do you expect it to start on a box with 2GB in total of which only 500MB are available? On Fri, Nov 11, 2011 at 8:25 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Celtic, On 11/10/11 12:02 PM, celtic man wrote: So i have updated the setenv.sh with -Xms2048M -Xmx2048M -XX:Permsize=512m -XX:MaxPermsize=512m and restarted tomcat.. Where is setenv.sh located? Can you give us the full contents of that file? but when i grep for tomcat process i don't see it .. ps -ef | grep tomcat root 10959 1 19 14:57 pts/4 00:00:29 /appl/java/bin/java -Dnop -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/appl/tomcat/endorsed -classpath /appl/tomcat/bin/bootstrap.jar:/appl/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/appl/tomcat -Dcatalina.home=/appl/tomcat -Djava.io.tmpdir=/appl/tomcat/temp org.apache.catalina.startup.Bootstrap start How are you starting Tomcat? Give us the exact command you are running. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk68QVoACgkQ9CaO5/Lv0PAvHwCfditQGu0AsA5NxZD0eV1mjD1d hc8Anil55svBR7vxCJKxG1v4psEAA7Uw =zMFY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JVM config for tomcat7.0.19
On 10/11/2011 22:45, Igor Cicimov wrote: JAVA_OPTS=-Xms2048M -Xmx2048M -XX:Permsize=512m -XX:MaxPermsize=512m You are allocating here 2.5GB of memory to tomcat ... how do you expect it to start on a box with 2GB in total of which only 500MB are available? +1 It's the perfect way to achieve shockingly bad performance. p On Fri, Nov 11, 2011 at 8:25 AM, Christopher Schultz ch...@christopherschultz.net wrote: Celtic, On 11/10/11 12:02 PM, celtic man wrote: So i have updated the setenv.sh with -Xms2048M -Xmx2048M -XX:Permsize=512m -XX:MaxPermsize=512m and restarted tomcat.. Where is setenv.sh located? Can you give us the full contents of that file? but when i grep for tomcat process i don't see it .. ps -ef | grep tomcat root 10959 1 19 14:57 pts/4 00:00:29 /appl/java/bin/java -Dnop -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/appl/tomcat/endorsed -classpath /appl/tomcat/bin/bootstrap.jar:/appl/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/appl/tomcat -Dcatalina.home=/appl/tomcat -Djava.io.tmpdir=/appl/tomcat/temp org.apache.catalina.startup.Bootstrap start How are you starting Tomcat? Give us the exact command you are running. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature