Re: Multiple instances?
hum OK many thanks for your hints, I got it, I understand what is going on now. Ok, I now have a clean and multiple instances running !! Thanks to everyone! @Mark Eggers: CentOS systemd units are not quite so far from the Fedora ones. Personally I do love the way fedora and CentOS are working but I have to confess that sometimes, and especially with tomcat everything is a pain in the ass as they scatter the components everywhere in the system without any (apparent) logics. WTH with all this /usr/share/blabla ?? @Christopher: Many thanks for your advices, obviously it make more sens to keep the catalina_base and derivate the catalina_home. I love this method!! Once again, many thanks to everyone, I now have a clean and working server! 2014-12-18 19:46 GMT+01:00 Mark Eggers its_toas...@yahoo.com.invalid: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/18/2014 10:07 AM, Christopher Schultz wrote: Billy, On 12/18/14 9:25 AM, Billy Bones wrote: Ok s, here is a small update. I've finally found what does this SERVICE_NAME mean, indeed you have to copy the original unit, then add the Systemd's directive named Environment like this: Environment=SERVICE_NAME=YOUROWNSERVICENAMEHERE then you will copy the default tomcat config file found on the /etc/sysconfig directory. And as you supposed it Cristophe and Daniel, you then have to copy the whole CATALINA_{HOME/BASE} or update the previous config file to point out to another tomcat installation. You should not have to copy the whole CATALINA_HOME. Instead, create a CATALINA_BASE (which is basically just a few directories and a few configuration files) for each service and then set the CATALINA_BASE environment variable to point to each one for each service, set CATALINA_HOME to point to where the full installation of Tomcat is (with no web applications installed in it), and each service should operate independently. So you should be able to have something like this: SERVICE_NAME=tomcat-one CATALINA_HOME=/opt/apache-tomcat-7.0.57 CATALINA_BASE=/opt/tomcat/tomcat-one SERVICE_NAME=tomcat-two CATALINA_HOME=/opt/apache-tomcat-7.0.57 CATALINA_BASE=/opt/tomcat/tomcat-two Then you configure /opt/tomcat/tomcat-(one|two) to have the configuration and applications you want. You should be able to start tomcat-one and tomcat-two independently of each other. I don't know exactly what systemd does with all of this, but once you end up calling catalina.sh with the right environment variables set, Tomcat will do the right thing. -chris Fedora 21 has a relatively nice systemd script for Tomcat. It's designed for running multiple Tomcat instances. If you have a copy of Fedora 21 and yumdownloader (by installing yum-utils), you can take a look at the system with: mkdir Temp cd Temp yumdownloader tomcat.noarch rpm2cpio tomcat-7.0.54-3.fc21.noarch.rpm | cpio -idmv All of the files are then accessible in the Temp directory. I've never liked how Fedora / RedHat / CentOS scatter the components all over the landscape. I'm thinking of adapting the Fedora systemd scripts to work with Tomcats installed under a particular user. The only issue seems to be that the SHUTDOWN_WAIT (time to wait in seconds before killing the process) is documented not to work. Sadly, I have some truly misbehaving applications that sometime need a kill -9 on the underlying Tomcat. Those misbehaving applications are unlikely to be fixed. My init scripts take care of this by issuing an orderly shutdown command, waiting up to SHUTDOWN_WAIT seconds (checking every second), then issuing a kill -9 if the process still exists. . . . better late than never (mostly) /mde/ -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJUkyEAAAoJEEFGbsYNeTwtxbEH/jsc5+ywzGWZneOU5eRDt6I6 k5DWaP0S7OeAEU4FIGN5IK2zGE5ioYITxxQQ+QtWn61QkqkOR4mb6fMe7wNERiP7 0hX4fs1SXA13H3MdeO1PXRGi0T9f0bnqPmSstpCLHVy7kavy/ywgammOir87moje bw58Ga62iM/QhZIAcMksi2V255j+GdKOAgMG0Q9TKapMeDY1t3ywi/HJziTw8NAW du/3eniAjM6SGi74GsYTkY44hM4yB7uXko3RDeU+A0I20gz9umWkRf5u39PiRUPL RYMP8JAorjI8p4jt9ZnCPAwTrwrnvHLMnTFYYG10xQAkV9j22xgc0Hf49IMOq0k= =1cES -END PGP SIGNATURE- --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: GoDaddy SSL cert update from SHA1 to SHA2
And how do I get the Private Key back? Its definitely not there. From: Igor Cicimov icici...@gmail.com Sent: Thursday, December 18, 2014 17:52 To: Tomcat Users List Subject: Re: GoDaddy SSL cert update from SHA1 to SHA2 On Fri, Dec 19, 2014 at 9:56 AM, Bruce Kostival bkosti...@universallumpers.com wrote: Thanks Igor I'll poke around based on your input. From: Igor Cicimov icici...@gmail.com Sent: Thursday, December 18, 2014 15:49 To: Tomcat Users List Subject: Re: GoDaddy SSL cert update from SHA1 to SHA2 On Fri, Dec 19, 2014 at 9:28 AM, Bruce Kostival bkosti...@universallumpers.com wrote: Tomcat 6.0.x Windows Server 2008 Running Java 7 Home grown app written in STS Running HTTPS with SHA1 cert Obtained SHA2 cert from GoDaddy by sending CSR generated from original keystore. Removed existing aliases from original keystore and loaded new root and domain cert to keystore. Trying to run up the new cert gives me this error: SEVERE: Error starting endpoint java.io.IOException: jsse.invalid_ssl_conf at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207) at org.apache.catalina.connector.Connector.start(Connector.java:1196) at org.apache.catalina.core.StandardService.start(StandardService.java:540) at org.apache.catalina.core.StandardServer.start(StandardServer.java:754) at org.apache.catalina.startup.Catalina.start(Catalina.java:595) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. I feel like I'm missing something basic in the keystore. Any ideas? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Just guessing but based on the cause given in the above error you probably have ciphers set in your connector using 128 bit key, something like this: ciphers=SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA In that case try to change that to match your new 256 bit key now. Of course take care of the proper cipher suit names for BIO/NIO or APR connector since they differ (the above example is for BIO/NIO connector). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Another possibility is that you have removed the private key used to generate the new CSR by removing the old aliases from the keystore. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: GoDaddy SSL cert update from SHA1 to SHA2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bruce, On 12/18/14 5:28 PM, Bruce Kostival wrote: Tomcat 6.0.x Windows Server 2008 Running Java 7 Home grown app written in STS Running HTTPS with SHA1 cert Obtained SHA2 cert from GoDaddy by sending CSR generated from original keystore. Removed existing aliases from original keystore and loaded new root and domain cert to keystore. Trying to run up the new cert gives me this error: SEVERE: Error starting endpoint java.io.IOException: jsse.invalid_ssl_conf at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:207) at org.apache.catalina.connector.Connector.start(Connector.java:1196) at org.apache.catalina.core.StandardService.start(StandardService.java:540) at org.apache.catalina.core.StandardServer.start(StandardServer.java:754) at org.apache.catalina.startup.Catalina.start(Catalina.java:595) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. I feel like I'm missing something basic in the keystore. Any ideas? The you use the original (old) key to generate the new CSR? If so, do you still have the old private key? (Your later reply seems to indicate that you no longer have the private key). If you don't have the private key anymore, you will have to generate a new one and go through the whole process again. I always make it a point to start over from scratch when obtaining a new certificate even when I'm not using Java Keystores, which seem to be unnecessarily finicky. If you have to do it all over again, move the old keystore out of the way (e.g. re-name it to keystore.backup-[date]) and create a new keystore, private key, and CSR. Send the CSR to the CA and then import the certificate and chain they give back to you. That should be all you need to do. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUlEyHAAoJEBzwKT+lPKRYUycP/jmLEVFRXYVYbOjOWuB1fV5r u91WT1vC6xQUeHz7gZpn6YY/qKnhOcKibGZTn/3RFZ5uOin+beKsJdfRD3OYTZxa 1RW5IDATsYbvzf1SCxZmyh3IUKA2+EoV8icc2uOwnPIftfUOl9NyrQI7l+oKjriQ tRQR3S6oETyzsnYKB04Su7duZc6tefA4UI2ZNXnUs2EVgd6Q6B3fAzGOEY2JrhTc R6Qre2PLBUepM5XhnzrcgSTkBNvJ0MM/58eoPCf5pQGpXKveb0p1owli2ITX/0xy 0DcHBMp7Xt2NvId6Jai7S8ysU2dGBk/fZAtKd8UqtT27VXOlDAuz7u7KdOsJNuzo /eWRJAU2gqZ6npFwxlHcPmSwjFfbu06SgTgljx6dIl4D6ckzG/CvHvL0hThJBg11 j9rlpxIVlfEIyXbag/9KZAON5o3M+fsTbU3bDD4ct6NV8ZqjsIMWLOo+ymKq0fe5 KAUtiKPK9fXGo1EKi0hya/orX3V4YmSf1y0VN+fef4IXToBkvlQgt7t4boFUD8v7 LUeS1JGNI33r1xG4ues5wLH+dvot3Qk6UK9NHLkvlh0NwIxE1yKY2oKE8jsmqDnl P3awTny0qy3vdaoGbZMVz6vorS5DrELwynxZ+Ws5vLR7/Yw+DuqrbmhbzR/h1xd/ HeV8EyEZmJF2Xi5J8gGU =btLS -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multiple instances?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Billy, On 12/19/14 4:46 AM, Billy Bones wrote: hum OK many thanks for your hints, I got it, I understand what is going on now. Ok, I now have a clean and multiple instances running !! Thanks to everyone! @Mark Eggers: CentOS systemd units are not quite so far from the Fedora ones. Personally I do love the way fedora and CentOS are working but I have to confess that sometimes, and especially with tomcat everything is a pain in the ass as they scatter the components everywhere in the system without any (apparent) logics. WTH with all this /usr/share/blabla ?? @Christopher: Many thanks for your advices, obviously it make more sens to keep the catalina_base and derivate the catalina_home. I love this method!! Once again, many thanks to everyone, I now have a clean and working server! Great. Care to post your systemd script template to the wiki? It will likely help others trying to do the same thing. - -chris 2014-12-18 19:46 GMT+01:00 Mark Eggers its_toas...@yahoo.com.invalid: On 12/18/2014 10:07 AM, Christopher Schultz wrote: Billy, On 12/18/14 9:25 AM, Billy Bones wrote: Ok s, here is a small update. I've finally found what does this SERVICE_NAME mean, indeed you have to copy the original unit, then add the Systemd's directive named Environment like this: Environment=SERVICE_NAME=YOUROWNSERVICENAMEHERE then you will copy the default tomcat config file found on the /etc/sysconfig directory. And as you supposed it Cristophe and Daniel, you then have to copy the whole CATALINA_{HOME/BASE} or update the previous config file to point out to another tomcat installation. You should not have to copy the whole CATALINA_HOME. Instead, create a CATALINA_BASE (which is basically just a few directories and a few configuration files) for each service and then set the CATALINA_BASE environment variable to point to each one for each service, set CATALINA_HOME to point to where the full installation of Tomcat is (with no web applications installed in it), and each service should operate independently. So you should be able to have something like this: SERVICE_NAME=tomcat-one CATALINA_HOME=/opt/apache-tomcat-7.0.57 CATALINA_BASE=/opt/tomcat/tomcat-one SERVICE_NAME=tomcat-two CATALINA_HOME=/opt/apache-tomcat-7.0.57 CATALINA_BASE=/opt/tomcat/tomcat-two Then you configure /opt/tomcat/tomcat-(one|two) to have the configuration and applications you want. You should be able to start tomcat-one and tomcat-two independently of each other. I don't know exactly what systemd does with all of this, but once you end up calling catalina.sh with the right environment variables set, Tomcat will do the right thing. -chris Fedora 21 has a relatively nice systemd script for Tomcat. It's designed for running multiple Tomcat instances. If you have a copy of Fedora 21 and yumdownloader (by installing yum-utils), you can take a look at the system with: mkdir Temp cd Temp yumdownloader tomcat.noarch rpm2cpio tomcat-7.0.54-3.fc21.noarch.rpm | cpio -idmv All of the files are then accessible in the Temp directory. I've never liked how Fedora / RedHat / CentOS scatter the components all over the landscape. I'm thinking of adapting the Fedora systemd scripts to work with Tomcats installed under a particular user. The only issue seems to be that the SHUTDOWN_WAIT (time to wait in seconds before killing the process) is documented not to work. Sadly, I have some truly misbehaving applications that sometime need a kill -9 on the underlying Tomcat. Those misbehaving applications are unlikely to be fixed. My init scripts take care of this by issuing an orderly shutdown command, waiting up to SHUTDOWN_WAIT seconds (checking every second), then issuing a kill -9 if the process still exists. . . . better late than never (mostly) /mde/ --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUlEzdAAoJEBzwKT+lPKRYDcUP/j4pL9nN2SJp6A16T6f8HhEC uXRd+10RRZOtiwen0+h/M6h/YKhvWarCnVeGiBEWz82LvvfKTxMnGzNdHSMHBi2a nLdCWWEPYDCHWxwX+VpjyMwvanyK0Dl2zjeEfu0XGz4kf8Q0y+hPbMCa0bUUjHIQ B+3UcPvss2YmaZUAb+FKodFVUJNSLBKYCNTtRJL/+LO6TlriQIIa18kNujNk3ric W/cQAdreCd3HOjpopa/U0Bsxvplt+DLU2JAU+ooquupzIRR7+9/Z6JlyKX8Q+5du o9pjiDAYneRr1NWMVGFjAyxIqK2HNS1ARKn/0onsft8RRLXEGJrDSQCdSM4AMSPj 5e7pRNlYUMqkAYCIKRV66GBuWBO9eGIeHTh1BsKYhlnlwTLANghwAD1XlFgo/hVF d63WALimBV2VZwt0eNwuYN7OjrLVNAv5LeVM4je+6fEvqmMyGAizhz+g1jxLhJjt MIDnafQ75YJ4gCXnMP1gPsp+pvK6/OxGH76/T4k2BcbwiDwpWVMrZC4NbI6UQHV8
Re: Tomcat 7 ssl by default
On 18 December 2014 at 14:06, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Duncan, On 12/18/14 4:18 AM, Lyallex wrote: On 17 December 2014 at 22:37, Christopher Schultz ch...@christopherschultz.net wrote: Duncan, On 12/17/14 12:32 PM, Lyallex wrote: Yea I thought of this, the problem is I currently have a user area that requires a login and all this is currently configured in web.xml and I'm not sure how all this will fit together. I'll try a few things out and see what happens. You can have multiple, overlapping security-constraints. One of them (which covers the whole site) will require HTTPS, the other (existing one) will require authentication and authorization, but only for certain (again, existing) URL patterns. Should be no problem. You are correct, I followed Marks instructions, set up a new security constraint and restarted the server now when I access localhost I get 'redirected' to https://localhost which is what I wanted, it was the whole overlapping security-constraint thing that was vexing me somewhat. I can also log into my user and admin areas as normal which is a relief but I'm getting some problems with AJAX not updating the live areas of my site so I'll have to look into that. Now I know this is probably OT but I'm in the UK and was wondering if anyone has found a UK certification co that has decent customer support as I now have to figure out how to buy and install a certificate with the right params in a standalone Tomcat instance. My server hosts don't offer support in this area as they seem to be obsessed with Apache httpd :-( You can use keytool to create your CSR and give it to the CA, and when they give you back a PEM-encoded .crt file, you can import it back into keytool, you just need to know the magic words to do it. So it doesn't matter what the CA says they officially support; you should be able to handle whatever they give you, since it's all X.509 no matter what. I have the keytool stuff working now, I can create keystores and CSRs and what have you and access my site on staging (with the obvious warnings etc) Actually some of the CAs have tools on their websites example: https://www.digicert.com/csr-creation.htm I use the tool then take the resulting command string to bits so I can figure out what's going on, great fun. (I really must get a life). If you want to get a free certificate, try StartCom (startssl.com). They are trusted by most browsers and offer no-cost standard SSL certificates. You have to pay if you want EV certs, or if you want to revoke a cert you've requested in the past. They can also do code-signing certs and other things, for a fee. OK, thanks for the heads up. Obviously the cert I end up with needs to be as widely recognized as possible so I'm currently looking at all the browsers I have here (on laptops, tablets, smart phones, whatever gizmo) to see which CAs appear most frequently. Thanks to all for the advice, I'll probably be back when it all goes horribly wrong :-) Duncan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
REST call failure on newer tomcat version/update
Hello, We had a gwt app deployed and working with tomcat 7_42 and tried it recently in several configurations (Windows/Linux) with the latest update of 7 and it fails during a RestyGwt/RestEasy call to the server. Previous calls succeed but this particular one appears to get an http code of 200 but doesn't return any data (but it should) - and so the app never proceeds. There's no message, exception, etc - so the app just sits there. In running this on several clients (Firefox, Chrome, RestClient for FF, etc), I *have* received a couple messages on that call (in certain situations) such as... Error Code: 502 Proxy Error. A software error occurred for a Windows Internet extension application that is required for the current operation. and Error 415 Unsupported Media Type Does anyone have an idea what this might be? Why it changed? If I swap out the latest version for 41 or 42, and change nothing else, it works fine. Can't find anything in docs or searches online. Thank you!
Re: Multiple instances?
For sure, do I need an account or something special? Could you send me the wiki link? 2014-12-19 17:05 GMT+01:00 Christopher Schultz ch...@christopherschultz.net : -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Billy, On 12/19/14 4:46 AM, Billy Bones wrote: hum OK many thanks for your hints, I got it, I understand what is going on now. Ok, I now have a clean and multiple instances running !! Thanks to everyone! @Mark Eggers: CentOS systemd units are not quite so far from the Fedora ones. Personally I do love the way fedora and CentOS are working but I have to confess that sometimes, and especially with tomcat everything is a pain in the ass as they scatter the components everywhere in the system without any (apparent) logics. WTH with all this /usr/share/blabla ?? @Christopher: Many thanks for your advices, obviously it make more sens to keep the catalina_base and derivate the catalina_home. I love this method!! Once again, many thanks to everyone, I now have a clean and working server! Great. Care to post your systemd script template to the wiki? It will likely help others trying to do the same thing. - -chris 2014-12-18 19:46 GMT+01:00 Mark Eggers its_toas...@yahoo.com.invalid: On 12/18/2014 10:07 AM, Christopher Schultz wrote: Billy, On 12/18/14 9:25 AM, Billy Bones wrote: Ok s, here is a small update. I've finally found what does this SERVICE_NAME mean, indeed you have to copy the original unit, then add the Systemd's directive named Environment like this: Environment=SERVICE_NAME=YOUROWNSERVICENAMEHERE then you will copy the default tomcat config file found on the /etc/sysconfig directory. And as you supposed it Cristophe and Daniel, you then have to copy the whole CATALINA_{HOME/BASE} or update the previous config file to point out to another tomcat installation. You should not have to copy the whole CATALINA_HOME. Instead, create a CATALINA_BASE (which is basically just a few directories and a few configuration files) for each service and then set the CATALINA_BASE environment variable to point to each one for each service, set CATALINA_HOME to point to where the full installation of Tomcat is (with no web applications installed in it), and each service should operate independently. So you should be able to have something like this: SERVICE_NAME=tomcat-one CATALINA_HOME=/opt/apache-tomcat-7.0.57 CATALINA_BASE=/opt/tomcat/tomcat-one SERVICE_NAME=tomcat-two CATALINA_HOME=/opt/apache-tomcat-7.0.57 CATALINA_BASE=/opt/tomcat/tomcat-two Then you configure /opt/tomcat/tomcat-(one|two) to have the configuration and applications you want. You should be able to start tomcat-one and tomcat-two independently of each other. I don't know exactly what systemd does with all of this, but once you end up calling catalina.sh with the right environment variables set, Tomcat will do the right thing. -chris Fedora 21 has a relatively nice systemd script for Tomcat. It's designed for running multiple Tomcat instances. If you have a copy of Fedora 21 and yumdownloader (by installing yum-utils), you can take a look at the system with: mkdir Temp cd Temp yumdownloader tomcat.noarch rpm2cpio tomcat-7.0.54-3.fc21.noarch.rpm | cpio -idmv All of the files are then accessible in the Temp directory. I've never liked how Fedora / RedHat / CentOS scatter the components all over the landscape. I'm thinking of adapting the Fedora systemd scripts to work with Tomcats installed under a particular user. The only issue seems to be that the SHUTDOWN_WAIT (time to wait in seconds before killing the process) is documented not to work. Sadly, I have some truly misbehaving applications that sometime need a kill -9 on the underlying Tomcat. Those misbehaving applications are unlikely to be fixed. My init scripts take care of this by issuing an orderly shutdown command, waiting up to SHUTDOWN_WAIT seconds (checking every second), then issuing a kill -9 if the process still exists. . . . better late than never (mostly) /mde/ --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUlEzdAAoJEBzwKT+lPKRYDcUP/j4pL9nN2SJp6A16T6f8HhEC uXRd+10RRZOtiwen0+h/M6h/YKhvWarCnVeGiBEWz82LvvfKTxMnGzNdHSMHBi2a nLdCWWEPYDCHWxwX+VpjyMwvanyK0Dl2zjeEfu0XGz4kf8Q0y+hPbMCa0bUUjHIQ B+3UcPvss2YmaZUAb+FKodFVUJNSLBKYCNTtRJL/+LO6TlriQIIa18kNujNk3ric W/cQAdreCd3HOjpopa/U0Bsxvplt+DLU2JAU+ooquupzIRR7+9/Z6JlyKX8Q+5du