Re: Enable two way SSL in Apache Tomcat 10 Version 10.0.27

2023-08-19 Thread Kaushal Shriyan 
Hi,

I am attaching both server.xml for one way SSL and Two Way SSL

One way SSL
/opt/tomcat10/conf/server.xml -> tomcat10serverworkingonewaytls.xml
(working)
Two way SSL /opt/tomcat10/conf/server.xml
-> tomcat10serverworkingtwowaytls.xml (Not working)

Please comment. Thanks in advance.

Best Regards,

Kaushal

On Sun, Aug 20, 2023 at 6:48 AM Kaushal Shriyan 
wrote:

>
>
> On Thu, Aug 10, 2023 at 11:29 AM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> Kaushal,
>>
>> On 8/7/23 22:23, Kaushal Shriyan wrote:
>> > Hi,
>> >
>> > I have gone through
>> https://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html.
>> > Is there a way to enable two way SSL (mutual) in Apache Tomcat 10
>> Version
>> > 10.0.27?
>> >
>> > Please guide me.
>> >
>> > Thanks in Advance.
>>
>> I see you have "gone through" the SSL Howto, but could you be specific
>> about what you have actually done? For example, what does your
>>  in server.xml look like, what does your web.xml look like,
>> and what files do you have on the disk?
>>
>> -chris
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
> Hi Chris,
>
> Apologies for the delay in replying. Thanks in advance. I am trying to
> enable Mutual two way SSL using tomcat 10.0.27 on Red Hat Enterprise Linux
> release 8.8 (Ootpa). Currently I am encountering the below issue.
>
> 20-Aug-2023 06:40:25.183 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component [Connector[HTTP/1.1-10443]]
> org.apache.catalina.LifecycleException: Protocol handler initialization
> failed
>
> Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element
> was found with the hostName [_default_] to match the
> defaultSSLHostConfigName for the connector [https-openssl-nio-10443]
>
> #cat /etc/redhat-release
>
> *Red Hat Enterprise Linux release 8.8 (Ootpa)*
> # /opt/tomcat10/bin/version.sh
> Using CATALINA_BASE:   /opt/tomcat10
> Using CATALINA_HOME:   /opt/tomcat10
> Using CATALINA_TMPDIR: /opt/tomcat10/temp
> Using JRE_HOME:/usr
> Using CLASSPATH:
> /opt/tomcat10/bin/bootstrap.jar:/opt/tomcat10/bin/tomcat-juli.jar
> Using CATALINA_OPTS:
> Server version: Apache Tomcat/10.0.27
> Server built:   Oct 3 2022 14:18:31 UTC
> Server number:  10.0.27.0
> OS Name:Linux
> OS Version: 4.18.0-477.15.1.el8_8.x86_64
> Architecture:   amd64
> JVM Version:1.8.0_382-b05
> JVM Vendor: Red Hat, Inc.
> #
>
> #*cat catalina.out*
> 20-Aug-2023 06:40:24.753 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [clientAuth] to [want]
> 20-Aug-2023 06:40:24.756 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [sslProtocol] to [TLS]
> 20-Aug-2023 06:40:24.756 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [keystoreFile] to
> [/opt/tomcat10/ssl/keystore.jks]
> 20-Aug-2023 06:40:24.756 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [keystorePass] to [apigee]
> 20-Aug-2023 06:40:24.757 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [truststoreFile] to
> [/opt/tomcat10/ssl/clienttrustore.jks]
> 20-Aug-2023 06:40:24.757 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [truststorePass] to
> [apigee]
> 20-Aug-2023 06:40:24.809 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Server version name:
>   Apache Tomcat/10.0.27
> 20-Aug-2023 06:40:24.809 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Server built:
>  Oct 3 2022 14:18:31 UTC
> 20-Aug-2023 06:40:24.809 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Server version
> number: 10.0.27.0
> 20-Aug-2023 06:40:24.809 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log OS Name:
>   Linux
> 20-Aug-2023 06:40:24.810 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log OS Version:
>  4.18.0-477.15.1.el8_8.x86_64
> 20-Aug-2023 06:40:24.810 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Architecture:
>  amd64
> 20-Aug-2023 06:40:24.810 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Java Home:
>   /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.382.b05-2.el8.x86_64/jre
> 20-Aug-2023 06:40:24.810 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log JVM Version:
>   1.8.0_382-b05
> 20-Aug-2023 06:40:24.810 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:
>  Red Hat, Inc.
> 20-Aug-2023

Re: Tomcat 9 Connector config allowHostHeaderMismatch not working as expected

2023-08-19 Thread Bhavesh Mistry 
Hi Mark,

Thanks for your quick reply.   According to the spec, the Request line
three line: http method path and version.  Basically, what I wanted to do
to is if the HOST header does not match the requested server name in the
URL then return 404 04 403.

Can you please help me how I can do this?  From raw request, there is NO
way to know what the user requested URL is and the HOST name as tomcat
reconstructed that from the HOST header.

When using the following:

curl - -k "https://10.40.43.26/login?sessionExpire=true; -H   'Host:
attacker.com'

request.getServerName() = attacker.com

request.getHeader("Host") = attacker.com

request.getURL() :  https://attacker.com/login?sessionExpire=true

There is no way for the server to know that the HOST header does not match
the URL hostname name.  So the only way to stop this is to have a
pre-determined list of hostnames and check against it.  Do you have any
recommendations how to detect host header mismatch from application logic ?

Only thing I found is this to have list trusted host and compare host
header against it:
https://github.com/spring-projects/spring-security/blob/main/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java#L549







On Sat, Aug 19, 2023 at 2:10 PM Mark Thomas  wrote:

>
> 19 Aug 2023 19:46:56 Bhavesh Mistry :
>
> > Hi, Tomcat Dev team and Users,
> >
> >
> > I am trying to block the request and give 404 bad requests or 403 when
> > the
> > HOST header does not match the requested server name.  My goal is to
> > block
> > whenever there is a mismatch in the host header and URL server name.
> >
> > I would appreciate your help.
>
> Look at the request. Despite the curl command using an IP address, the
> actual request does not contain a host in the request line hence there is
> no mismatch.
>
> Mark
>
>
> >
> > curl - -k "https://*10.40.43.26*/login?sessionExpire=true; -H
> > '*Host:
> > text.com *'
> > * Using Stream ID: 1 (easy handle 0x7f8316012800)
> >> GET /login?sessionExpire=true HTTP/2
> > *> Host: text.com *
> >> User-Agent: curl/8.1.2
> >> Accept: */*
> >
> > Response:
> >
> > * HTTP/2 200 *
> > < cache-control: no-cache, no-store, must-revalidate
> > < expect-ct: enforce, max-age=30, report-uri='
> > https://report-uri.com/account/'
> > < pragma: no-cache
> > < expires: Thu, 01 Jan 1970 00:00:00 GMT
> > < set-cookie:
> >
> >
> JSESSIONID=4D75D564BC3CF7E406A599962DE5C092;Version=1;Path=/versa;Secure;HttpOnly;
> > SameSite=strict
> > < strict-transport-security: max-age=31536000 ; includeSubDomains ;
> > preload
> > < x-xss-protection: 1; mode=block
> > < x-frame-options: DENY
> > < x-content-type-options: nosniff
> > < referrer-policy: strict-origin-when-cross-origin
> > < content-type: text/html;charset=UTF-8
> > < content-length: 4084
> > < date: Sat, 19 Aug 2023 19:02:11 GMT
> >
> > Here is my connector config:
> >
> >  >connectionTimeout="2"
> >redirectPort="443" scheme="https" secure="true"
> > server="Versa Director"
> >address="${tomcat.address}"  maxPostSize="-1"
> > *allowHostHeaderMismatch="false"* />
> >
> >
> >  > protocol="org.apache.coyote.http11.Http11NioProtocol"
> >relaxedPathChars="[\\]^`{|}"
> > relaxedQueryChars="[\\]^`{|}" *allowHostHeaderMismatch="false"
> > *
> >address="${tomcat.address}" minSpareThreads="100"
> > maxThreads="200" SSLEnabled="true"
> >scheme="https" secure="true" maxSwallowSize="-1"
> > maxPostSize="-1">
> >
> > Thanks,
> >
> > Bhavesh
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Enable two way SSL in Apache Tomcat 10 Version 10.0.27

2023-08-19 Thread Kaushal Shriyan 
On Thu, Aug 10, 2023 at 11:29 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Kaushal,
>
> On 8/7/23 22:23, Kaushal Shriyan wrote:
> > Hi,
> >
> > I have gone through
> https://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html.
> > Is there a way to enable two way SSL (mutual) in Apache Tomcat 10 Version
> > 10.0.27?
> >
> > Please guide me.
> >
> > Thanks in Advance.
>
> I see you have "gone through" the SSL Howto, but could you be specific
> about what you have actually done? For example, what does your
>  in server.xml look like, what does your web.xml look like,
> and what files do you have on the disk?
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Hi Chris,

Apologies for the delay in replying. Thanks in advance. I am trying to
enable Mutual two way SSL using tomcat 10.0.27 on Red Hat Enterprise Linux
release 8.8 (Ootpa). Currently I am encountering the below issue.

20-Aug-2023 06:40:25.183 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component [Connector[HTTP/1.1-10443]]
org.apache.catalina.LifecycleException: Protocol handler initialization
failed

Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was
found with the hostName [_default_] to match the defaultSSLHostConfigName
for the connector [https-openssl-nio-10443]

#cat /etc/redhat-release

*Red Hat Enterprise Linux release 8.8 (Ootpa)*
# /opt/tomcat10/bin/version.sh
Using CATALINA_BASE:   /opt/tomcat10
Using CATALINA_HOME:   /opt/tomcat10
Using CATALINA_TMPDIR: /opt/tomcat10/temp
Using JRE_HOME:/usr
Using CLASSPATH:
/opt/tomcat10/bin/bootstrap.jar:/opt/tomcat10/bin/tomcat-juli.jar
Using CATALINA_OPTS:
Server version: Apache Tomcat/10.0.27
Server built:   Oct 3 2022 14:18:31 UTC
Server number:  10.0.27.0
OS Name:Linux
OS Version: 4.18.0-477.15.1.el8_8.x86_64
Architecture:   amd64
JVM Version:1.8.0_382-b05
JVM Vendor: Red Hat, Inc.
#

#*cat catalina.out*
20-Aug-2023 06:40:24.753 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [clientAuth] to [want]
20-Aug-2023 06:40:24.756 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [sslProtocol] to [TLS]
20-Aug-2023 06:40:24.756 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [keystoreFile] to
[/opt/tomcat10/ssl/keystore.jks]
20-Aug-2023 06:40:24.756 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [keystorePass] to [apigee]
20-Aug-2023 06:40:24.757 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [truststoreFile] to
[/opt/tomcat10/ssl/clienttrustore.jks]
20-Aug-2023 06:40:24.757 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [truststorePass] to
[apigee]
20-Aug-2023 06:40:24.809 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server version name:
  Apache Tomcat/10.0.27
20-Aug-2023 06:40:24.809 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server built:
 Oct 3 2022 14:18:31 UTC
20-Aug-2023 06:40:24.809 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server version
number: 10.0.27.0
20-Aug-2023 06:40:24.809 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log OS Name:
  Linux
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log OS Version:
 4.18.0-477.15.1.el8_8.x86_64
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Architecture:
 amd64
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Java Home:
  /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.382.b05-2.el8.x86_64/jre
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log JVM Version:
  1.8.0_382-b05
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:
 Red Hat, Inc.
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:
  /opt/tomcat10
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:
  /opt/tomcat10
20-Aug-2023 06:40:24.811 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument:
-Djava.util.logging.config.file=/opt/tomcat10/conf/logging.properties
20-Aug-2023 06:40:24.811 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument:

Re: Tomcat 9 Connector config allowHostHeaderMismatch not working as expected

2023-08-19 Thread Mark Thomas 



19 Aug 2023 19:46:56 Bhavesh Mistry :


Hi, Tomcat Dev team and Users,


I am trying to block the request and give 404 bad requests or 403 when 
the
HOST header does not match the requested server name.  My goal is to 
block

whenever there is a mismatch in the host header and URL server name.

I would appreciate your help.


Look at the request. Despite the curl command using an IP address, the 
actual request does not contain a host in the request line hence there is 
no mismatch.


Mark




curl - -k "https://*10.40.43.26*/login?sessionExpire=true; -H 
'*Host:

text.com *'
* Using Stream ID: 1 (easy handle 0x7f8316012800)

GET /login?sessionExpire=true HTTP/2

*> Host: text.com *

User-Agent: curl/8.1.2
Accept: */*


Response:

* HTTP/2 200 *
< cache-control: no-cache, no-store, must-revalidate
< expect-ct: enforce, max-age=30, report-uri='
https://report-uri.com/account/'
< pragma: no-cache
< expires: Thu, 01 Jan 1970 00:00:00 GMT
< set-cookie:

JSESSIONID=4D75D564BC3CF7E406A599962DE5C092;Version=1;Path=/versa;Secure;HttpOnly;
SameSite=strict
< strict-transport-security: max-age=31536000 ; includeSubDomains ; 
preload

< x-xss-protection: 1; mode=block
< x-frame-options: DENY
< x-content-type-options: nosniff
< referrer-policy: strict-origin-when-cross-origin
< content-type: text/html;charset=UTF-8
< content-length: 4084
< date: Sat, 19 Aug 2023 19:02:11 GMT

Here is my connector config:

    


    

Thanks,

Bhavesh


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Ответить: tomcat timeouts on startup and on context deployment

2023-08-19 Thread Усманов Азат Анварович 
Hello everyone!  I use tomcat at $work, both on windows with Eclipse and on 
Linux without Eclipse. I believe that those timeouts  the OP is talking 
about,are   used for tomcat itself, not individual apps inside Tomcat. When 
such timeouts are reached Eclipse typically just ends tomcat java process, 
releases all the resources  , such as ports,files  etc. It is a useful thing to 
have for cases when tomcat is accessing the remote db.  So when db is down for 
some reason, you don't want to wait forever to figure something is wrong. 
Notice that on timeout eclipse just says unable to start tomcat in n number of 
seconds , please increase timeout., and outputs nothing about the termination 
in console window in eclipse, at least by default. I suspect its because these 
are purely eclipse timeouts. I usually keep them around 5 minutes for startup 
just in case., although tomcat usually starts in  no more than 50 seconds.


От: Ivano Luberti 
Отправлено: 19 августа 2023 г. 10:57
Кому: users@tomcat.apache.org 
Тема: Re: tomcat timeouts on startup and on context deployment

Christopher, Maxim

To clarify , I have never hit a timeout in production , but it happened
in Eclipse and since this timeout is configurable in Eclipse Tomcat
Launch configuration I have guessed such a timeout is a tomcat property
hidden somewhere.

AFAIK the list server doesn't allow attachment so I put here a dropbox
link of a picture of the Eclipse interface I'm talking about.

I hope this make me able to let you understand what I mean

https://www.dropbox.com/scl/fi/vg4ygu8pggkz3tpa1a0wo/EclipseTomcatTimeotConfig.PNG?rlkey=ztt0n6axy2hohi47ix3zjvzif=0

Il 19/08/2023 06:27, Maxim Solodovnik ha scritto:
> from mobile (sorry for typos ;)
>
>
> On Sat, Aug 19, 2023, 10:49 Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> Ivano,
>>
>> On 8/18/23 18:17, Ivano Luberti wrote:
>>> It seems I had explained myself badly. I'll try again.
>>>
>>> I need to know if there is and it is configurable a timeout on tomcat
>>> startup (in Eclipse you can configure it in the server configuration
>>> interface)
>>>
>>> I need also to know if there is and it is configurable a timeout on
>>> application deployment when you use tomcat manager to deploy a war file
>>> or application start, fom tomcat manager interface as well
>> Tomcat doesn't wait for anything on startup except for the web
>> applications to deploy. If your application takes long to start, Tomcat
>> will take long to start. But Tomcat won't say "it's been 60 seconds,
>> sorry, I'm killing the application" or anything like that.
>>
>> If you use the Manager web application to deploy an application, it's
>> possible that the tool you use for deployment (e.g. curl, or whatever
>> makes the call to Tomcat's manager-deploy action) will have an HTTP
>> timeout. Tomcat will complete the deployment work, but the
>> deploying-client might not get a successful HTTP response within that
>> time period.
>>
>> But that's a timeout on the client end, not on Tomcat's end.
>>
>> I'm just guessing at what timeout you are talking about, here. I may be
>> totally off.
>>
>> You said that Eclipse had a configurable timeout. What is that for /
>> what is it called / what does it do?
>>
> Initializing of SecureRandom might cause long tomcat start
> You can switch to /dev/urandom (less secure)
>
>
>
>> -chris
>>
>>> Il 18/08/2023 22:57, Christopher Schultz ha scritto:
 Ivano,

 On 8/18/23 10:18, Ivano Luberti wrote:
> Hello eveybody, in one of my use case, when upgrading a web
> application it coult happen that on startup the application has to
> perform some database operation that could require some time, even
> some minutes.
>
> This happens typically when deploying the application via tomcat
> manager but could possibly happen when starting tomcat if the war
> file has been replaced while tomcat was down.
>
> Where can I configure these timeouts?
 What timeouts, specifically?

 -chris

 -
 To unsubscribe, e-mail:users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail:users-h...@tomcat.apache.org

>> -
>> To unsubscribe, e-mail:users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail:users-h...@tomcat.apache.org
>>
>>
--

Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno
2003 n. 196
per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa


dott. Ivano Mario Luberti

Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa

tel.: +39 050/580959 | fax: +39 050/8932061

web: www.archicoop.it

Tomcat 9 Connector config allowHostHeaderMismatch not working as expected

2023-08-19 Thread Bhavesh Mistry 
Hi, Tomcat Dev team and Users,


I am trying to block the request and give 404 bad requests or 403 when the
HOST header does not match the requested server name.  My goal is to block
whenever there is a mismatch in the host header and URL server name.

I would appreciate your help.

curl - -k "https://*10.40.43.26*/login?sessionExpire=true; -H '*Host:
text.com *'
* Using Stream ID: 1 (easy handle 0x7f8316012800)
> GET /login?sessionExpire=true HTTP/2
*> Host: text.com *
> User-Agent: curl/8.1.2
> Accept: */*

Response:

* HTTP/2 200 *
< cache-control: no-cache, no-store, must-revalidate
< expect-ct: enforce, max-age=30, report-uri='
https://report-uri.com/account/'
< pragma: no-cache
< expires: Thu, 01 Jan 1970 00:00:00 GMT
< set-cookie:
JSESSIONID=4D75D564BC3CF7E406A599962DE5C092;Version=1;Path=/versa;Secure;HttpOnly;
SameSite=strict
< strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
< x-xss-protection: 1; mode=block
< x-frame-options: DENY
< x-content-type-options: nosniff
< referrer-policy: strict-origin-when-cross-origin
< content-type: text/html;charset=UTF-8
< content-length: 4084
< date: Sat, 19 Aug 2023 19:02:11 GMT

Here is my connector config:






Thanks,

Bhavesh

Re: tomcat timeouts on startup and on context deployment

2023-08-19 Thread Maxim Solodovnik 
On Sat, 19 Aug 2023 at 14:58, Ivano Luberti
 wrote:
>
> Christopher, Maxim
>
> To clarify , I have never hit a timeout in production , but it happened
> in Eclipse and since this timeout is configurable in Eclipse Tomcat
> Launch configuration I have guessed such a timeout is a tomcat property
> hidden somewhere.
>
> AFAIK the list server doesn't allow attachment so I put here a dropbox
> link of a picture of the Eclipse interface I'm talking about.
>
> I hope this make me able to let you understand what I mean
>
> https://www.dropbox.com/scl/fi/vg4ygu8pggkz3tpa1a0wo/EclipseTomcatTimeotConfig.PNG?rlkey=ztt0n6axy2hohi47ix3zjvzif=0

I only can guess
But I believe these are internal Eclipse timeouts to ensure Tomcat
process is alive
i.e. how long to wait before grep the logs for `Server startup in
[8002] milliseconds` message :)

Additionally you can try to check plugin sources :)

>
> Il 19/08/2023 06:27, Maxim Solodovnik ha scritto:
> > from mobile (sorry for typos ;)
> >
> >
> > On Sat, Aug 19, 2023, 10:49 Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> >> Ivano,
> >>
> >> On 8/18/23 18:17, Ivano Luberti wrote:
> >>> It seems I had explained myself badly. I'll try again.
> >>>
> >>> I need to know if there is and it is configurable a timeout on tomcat
> >>> startup (in Eclipse you can configure it in the server configuration
> >>> interface)
> >>>
> >>> I need also to know if there is and it is configurable a timeout on
> >>> application deployment when you use tomcat manager to deploy a war file
> >>> or application start, fom tomcat manager interface as well
> >> Tomcat doesn't wait for anything on startup except for the web
> >> applications to deploy. If your application takes long to start, Tomcat
> >> will take long to start. But Tomcat won't say "it's been 60 seconds,
> >> sorry, I'm killing the application" or anything like that.
> >>
> >> If you use the Manager web application to deploy an application, it's
> >> possible that the tool you use for deployment (e.g. curl, or whatever
> >> makes the call to Tomcat's manager-deploy action) will have an HTTP
> >> timeout. Tomcat will complete the deployment work, but the
> >> deploying-client might not get a successful HTTP response within that
> >> time period.
> >>
> >> But that's a timeout on the client end, not on Tomcat's end.
> >>
> >> I'm just guessing at what timeout you are talking about, here. I may be
> >> totally off.
> >>
> >> You said that Eclipse had a configurable timeout. What is that for /
> >> what is it called / what does it do?
> >>
> > Initializing of SecureRandom might cause long tomcat start
> > You can switch to /dev/urandom (less secure)
> >
> >
> >
> >> -chris
> >>
> >>> Il 18/08/2023 22:57, Christopher Schultz ha scritto:
>  Ivano,
> 
>  On 8/18/23 10:18, Ivano Luberti wrote:
> > Hello eveybody, in one of my use case, when upgrading a web
> > application it coult happen that on startup the application has to
> > perform some database operation that could require some time, even
> > some minutes.
> >
> > This happens typically when deploying the application via tomcat
> > manager but could possibly happen when starting tomcat if the war
> > file has been replaced while tomcat was down.
> >
> > Where can I configure these timeouts?
>  What timeouts, specifically?
> 
>  -chris
> 
>  -
>  To unsubscribe, e-mail:users-unsubscr...@tomcat.apache.org
>  For additional commands, e-mail:users-h...@tomcat.apache.org
> 
> >> -
> >> To unsubscribe, e-mail:users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail:users-h...@tomcat.apache.org
> >>
> >>
> --
>
> Archimede Informatica tratta i dati personali in conformità a quanto
> stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno
> 2003 n. 196
> per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
> Informativa completa
> 
>
> dott. Ivano Mario Luberti
>
> Archimede Informatica società cooperativa a r. l.
> Via Gereschi 36, 56127 Pisa
>
> tel.: +39 050/580959 | fax: +39 050/8932061
>
> web: www.archicoop.it
> linkedin: www.linkedin.com/in/ivanoluberti
> facebook: www.facebook.com/archimedeinformaticapisa/



-- 
Best regards,
Maxim

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat timeouts on startup and on context deployment

2023-08-19 Thread Ivano Luberti 

Christopher, Maxim

To clarify , I have never hit a timeout in production , but it happened 
in Eclipse and since this timeout is configurable in Eclipse Tomcat 
Launch configuration I have guessed such a timeout is a tomcat property 
hidden somewhere.


AFAIK the list server doesn't allow attachment so I put here a dropbox 
link of a picture of the Eclipse interface I'm talking about.


I hope this make me able to let you understand what I mean

https://www.dropbox.com/scl/fi/vg4ygu8pggkz3tpa1a0wo/EclipseTomcatTimeotConfig.PNG?rlkey=ztt0n6axy2hohi47ix3zjvzif=0

Il 19/08/2023 06:27, Maxim Solodovnik ha scritto:

from mobile (sorry for typos ;)


On Sat, Aug 19, 2023, 10:49 Christopher Schultz <
ch...@christopherschultz.net> wrote:


Ivano,

On 8/18/23 18:17, Ivano Luberti wrote:

It seems I had explained myself badly. I'll try again.

I need to know if there is and it is configurable a timeout on tomcat
startup (in Eclipse you can configure it in the server configuration
interface)

I need also to know if there is and it is configurable a timeout on
application deployment when you use tomcat manager to deploy a war file
or application start, fom tomcat manager interface as well

Tomcat doesn't wait for anything on startup except for the web
applications to deploy. If your application takes long to start, Tomcat
will take long to start. But Tomcat won't say "it's been 60 seconds,
sorry, I'm killing the application" or anything like that.

If you use the Manager web application to deploy an application, it's
possible that the tool you use for deployment (e.g. curl, or whatever
makes the call to Tomcat's manager-deploy action) will have an HTTP
timeout. Tomcat will complete the deployment work, but the
deploying-client might not get a successful HTTP response within that
time period.

But that's a timeout on the client end, not on Tomcat's end.

I'm just guessing at what timeout you are talking about, here. I may be
totally off.

You said that Eclipse had a configurable timeout. What is that for /
what is it called / what does it do?


Initializing of SecureRandom might cause long tomcat start
You can switch to /dev/urandom (less secure)




-chris


Il 18/08/2023 22:57, Christopher Schultz ha scritto:

Ivano,

On 8/18/23 10:18, Ivano Luberti wrote:

Hello eveybody, in one of my use case, when upgrading a web
application it coult happen that on startup the application has to
perform some database operation that could require some time, even
some minutes.

This happens typically when deploying the application via tomcat
manager but could possibly happen when starting tomcat if the war
file has been replaced while tomcat was down.

Where can I configure these timeouts?

What timeouts, specifically?

-chris

-
To unsubscribe, e-mail:users-unsubscr...@tomcat.apache.org
For additional commands, e-mail:users-h...@tomcat.apache.org


-
To unsubscribe, e-mail:users-unsubscr...@tomcat.apache.org
For additional commands, e-mail:users-h...@tomcat.apache.org



--

Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno 
2003 n. 196

per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa 



dott. Ivano Mario Luberti

Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa

tel.: +39 050/580959 | fax: +39 050/8932061

web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/