RE: SMTP configurations
From: Dharani [mailto:vishgnanik...@gmail.com] Can anyone tell me what are the configurations I must do in my Tomcat server in order to send mails using my web app? None, unless you're using a security manager. But you may need some configuration in your webapp, depending what package you're using to send your email. If you want us to help you, please describe the actual problem you have, in detail. What are you trying to do? What's failing? On what Tomcat version, what OS, what Java version? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Private JVM Heap Size
From: William Biggs [mailto:kc8...@gmail.com] I'm looking at a new web hosting they give Private JVM Heap Size what is the min jvm heap size would you go with ? It depends entirely on your application. Some apps can handle fairly high loads with under 100 Mbytes of heap; others need 2 Gbytes or more for even moderate loads. You're the only person who knows what application you want to deploy; profile the application you want to deploy, under the load you want it to support, then purchase a hosting service with that much heap. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat maxThreads Issue
From: Jones, Keven [mailto:keven.jo...@ncr.com] Here is the complete config file. Thanks for the quick reply. The list strips attachments - please paste inline. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat maxThreads Issue
From: Jones, Keven [mailto:keven.jo...@ncr.com] How do I A. get thread dumps when the processes are dying The top of http://java.sun.com/developer/technicalArticles/Programming/Stacktrace/ is good general reading. kill -QUIT pid of Java process If ps is confused by all the threads, depending on your Java version, you might be able to use jps (http://java.sun.com/j2se/1.5.0/docs/tooldocs/share/jps.html) to get the pid. Depending on your Java version, jstack (http://java.sun.com/j2se/1.5.0/docs/tooldocs/share/jstack.html) will also give you thread dumps. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat maxThreads Issue
OK, so that's a JRockit JVM, not a Sun JVM. Remind me not to point you at any more Sun documentation! As a rough look at that, there are a few threads in the HTTP connector thread pool, a bunch of threads reading data from JK connections, and one or two in your app code. I've never looked at the innards of JK, so will have to leave that to one of the JK experts to interpret. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Problem setting Host
From: hellian [mailto:rashedulhasan2...@yahoo.com] I've been facing problem setting my Host property with Tomcat 5.5. Please have a look on the code below and let me know what's wrong with my code. Now if I use the url nexusroi.com, it doesn't work whereas the url nexusroi.com/nexus does work well. Can anyone help me resolve this? Cool, someone else using invisible ink :-). We could help more if you supplied the code. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: how can i extract row http data from request
From: Meir Yanovich [mailto:meiry...@gmail.com] i need to deal with legacy web app code , that needs to add basic authentication to it with sessions now i need to be able to extract the session id from the header ( can't add sessions into the code ) the scenario is that only once and only once per page i pass the session into the server side. but in the next server side calls i don't have it and i can add code to pass it into the server side call since i have the session from the first time i will save it into the map with the session id as the key. now i need only to be able to extract the session id on every client request . my question is .. can it be done ? If I'm answering the right question... Create a Filter. Filters can do things to requests and responses before and/or after the legacy web app code sees the request. The Filter can handle the authentication, for example by setting a cookie on a first response in a new session, and reading the cookie afterwards. I suspect some of the other people on the list may have more information on how to do this - I know the theory, but haven't had to deal with authentication in reality! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Error building Tomcat 6.0.18
From: jhoare [mailto:james.ho...@net-a-porter.com] I get the following errors trying to build Tomcat v6.0.18 from source on linux? ... why? Tomcat's pure Java, so runs the same on any platform. Download Sun JDK, download zip of Tomcat, unzip, go. - Peter P.S. Say hi to Chisel ;-) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Deploying .war-file in Tomcat 5.5
From: Kai Behncke [mailto:kai-behn...@gmx.de] I have installed Tomcat with apt-get install tomcat5.5 tomcat5.5-admin tomcat5.5-webapps From which we can assume you're running on Debian, rather than one of the many other platforms on which Tomcat runs? The default webapps-deirectoy is now: /usr/share/tomcat5.5-webapps/ROOT/ Yes. So that is the directory for the default (ROOT) webapp. The directory for webapps is its parent directory. Tomcat is running and I copy a .war file in /usr/share/tomcat5.5-webapps/ROOT/ But how is this .war-file unpacked/deployed? It won't be. Copy/move it to /usr/share/tomcat5.5-webapps instead. I restarted Tomcat already with /etc/init.d/tomcat restart but don't get the filestructure of that war-file? That's not surprising. Put it in the right directory and try again. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Deploying .war-file in Tomcat 5.5
From: news [mailto:n...@ger.gmane.org] On Behalf Of Marcus Better On Debian you should put it in /var/lib/tomcat5.5/webapps. Ah - thanks, Marcus. Debian's rather odd symlinking policy strikes again! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Service Specific Error 0
Exact Tomcat version? There are over 50 versions of Tomcat5. Server 2008 x86 or x64? Are you using the 32-bit or 64-bit version of the service wrapper? - Peter -Original Message- From: aditya darbha [mailto:adityadar...@gmail.com] Sent: 04 June 2009 14:39 To: Tomcat Users List Subject: Service Specific Error 0 Hi AllWhen I install Apache Tomcat using net start Tomcat5 in Windows 2003 32bit it starts the service with the specified credentials. However when I start the service using the same command net start Tomcat5 in Windows 2008, the service gets created, but it is not started even though the start mode is set to auto. When we try starting the service manually, it fails to start and exits displaying the error message Service Specific Error 0. NET HELPMSG 3547 for details. When I try the help message, there is no information and the logs are empty. How do I get out of this problem... Any help on this would be greatly appreciated.. Thanks in advance... -Aditya - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Three tomcat instances
You don't tell us which version of Tomcat you're running, so it's hard to point you to the correct docs for your version on the Web. However, if memory serves, look at the file RUNNING.txt in your Tomcat directory. There's a section in there about setting up multiple Tomcats on the same machine. - Peter -Original Message- From: xalia...@freemail.gr [mailto:xalia...@freemail.gr] Sent: 03 June 2009 08:54 To: users@tomcat.apache.org Subject: Three tomcat instances I write a java web service and depending on a result i want it to call other web service (http://localhost:80/axis/serv.jws). But, i want serv.jws to be handled by three different servers depending on where i want to send it. How can i run three tomcats simultaneously?I read the server documentation,but mentions that only one server i can set into server.xml Any help appreciated. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How to reference Shared Libraries with TOMCAT
From: Sarva [mailto:malhotrasa...@yahoo.in] Till now I have been deploying all the JARs in WEB-INF/lib folder of my Web Application and run it to satisfaction. OK. Now we need a mechanism by which the JARs will not be stored in WEB-INF/lib but in a centralized location for example c:/lib, and all tomcat Web Applications should refer to this folder for all JARs required during runtime. Why? You will make a maintenance nightmare for yourself when the version of a jar changes for one application, but another application still needs the old version. How can I do this. Depends on your Tomcat version, which you didn't bother to tell us. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How to kill the port used by tomcat
From: kalpeer [mailto:inka...@gmail.com] How I can free the port without going to the original tomcat shutdown. You have to kill the process that is using the port. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How to kill the port used by tomcat
From: kalpeer [mailto:inka...@gmail.com] Whats the command used to get the process id of the prot That depends on your OS - which you haven't told us. Tomcat should show up as a Java process, so if you're running a recent Java (which you also didn't tell us) then jps should tell you some possible process IDs. http://java.sun.com/j2se/1.5.0/docs/tooldocs/share/jps.html - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: java.net.SocketException: Too many open files
From: john.c.cartwri...@noaa.gov [mailto:john.c.cartwri...@noaa.gov] Can someone please help to to understand what might cause such an exception? File descriptor exhaustion - the process has run out of fds. Any i/o could use a file descriptor, whether that's socket to httpd, socket to database or access to a file. Naively, I'd expect lsof to show them - what makes you think it isn't? If you're lucky, you merely need to find the piece of code that's leaking resources and fix it - which I accept isn't always the easiest of jobs. If you're *un*lucky, it's load related and you've just plain run out. I'll leave the UNIX specialists to suggest ways of increasing the number of fds per process, but there have been some recent threads on here. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Caching rendered page - reducing hits to the backend?
From: Andre-John Mas [mailto:aj...@sympatico.ca] I think I may end up simply ensuring that the database has enough memory and slowly evaluate where the bottle necks are. It's often the best approach. You can spend a lot of time optimising places that turn out not to be the bottleneck. You can also spend a lot of time testing a new app, only to find out that the real usage patterns aren't like that at all and you suddenly need to optimise one operation that you never thought would be used heavily! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Update server.xml without restart?
From: Lars Nielsen Lind [mailto:lan...@tidtilforandring.dk] is it possible to update server.xml with out restart? You can edit the file, but Tomcat will not notice the new configuration until you restart Tomcat. What do you want to do? There may be other ways to achieve your goal. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Which Do I SSL - httpd or Tomcat?
From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] I have a clustered/load-balanced Apache httpd and Tomcat setup. I have one httpd front end that load balances for two Tomcat back ends. I now want to add SSL to the mix but I am confused. Do I add the SSL to the httpd server, to the two Tomcat servers, or to all of them? Unless you need secure communication between httpd and Tomcat (rare), keep the Tomcat comms unsecured and add SSL only to httpd. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Which Do I SSL - httpd or Tomcat?
From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] Thank you for reading and replying. Can I assume from your reply that if I am not on a secure LAN that I should SSL httpd and both Tomcat servers? SSL between httpd and Tomcat will protect the channel between httpd and Tomcat from eavesdropping and some tampering. How likely is someone to be able to intercept and/or tamper with the communication between your httpd and your Tomcat servers? If it's unlikely (for example, because the httpd = Tomcat communication is via a LAN that you reckon is secure enough), you probably have better targets for your security effort. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Newbie question: How to test if Tomcat is running?
From: Kai Behncke [mailto:kai-behn...@gmx.de] I have installed tomcat on a Debian Etch-System via apt-get install tomcat5.5 tomcat5.5-admin tomcat5.5-webapps and started it with /etc/init.d/tomcat start Now I would like to test if it runs on my remote server, but if I type: http://www.myhomepage.de:8180 nothing at all appears? Unless Debian changes Tomcat's configuration a lot, the default port is port 8080, not 8180. Try that? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Concurrent Requests
From: CrystalCracker [mailto:sudarshan.acha...@gmail.com] Given that each request takes 2 seconds on average. Among them, some of them take less than 500ms, and some take as long as 5 seconds or even a little more sometimes. How many such concurrent request would a tomcat server running on a double quad-core server handle? It's totally dependent on your application. If a 5-second request is CPU-bound for all that time, very few. If it's mostly waiting for data to be returned from a database or web service, probably quite a lot - but you may be saturating the database. At the extreme, I could write a webapp that slept for 500ms to 5 seconds, then returned some fixed output - almost no memory use, almost no CPU use, and it would scale very well indeed. There is only one way to find out how your application will perform: measure it. And measure end-to-end, with measurements of load-balancers, databases, web service back-ends and so on. Anything else won't give you a true picture. There is one general point, though. You'll need to set up enough threads on your connector that you can handle that degree of concurrency, or Tomcat will become a bottleneck. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Concurrent Requests
From: CrystalCracker [mailto:sudarshan.acha...@gmail.com] The 5 seconds calls are all database or webservice calls. So they all go to waiting state. OK. So the bottleneck almost certainly isn't Tomcat. I did some load tests using JMeter, but I had problems coming to a conclusion with the data. What should I look for exactly? Because as I increase the no of concurrent requests, the app starts responding slower and slower. 1) Make sure you're measuring the important things. You should be measuring load on Tomcat, but also on the database and on the web services - and on the network! 2) Look for the bottleneck. It may be in an odd place - RAM or (equivalently, in many cases) disk seeks per second on the database server are both common bottlenecks. There's no guarantee it's on your Web server at all (though it might be). JMeter's output isn't useful for finding bottlenecks. The output of tools on your servers *is* useful. On Windows, Performance Monitor is your friend. On UNIX, vmstat and iostat are good first lines of attack; your flavour of UNIX probably has better tools than those. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Concurrent Requests
From: David kerber [mailto:dcker...@verizon.net] CrystalCracker wrote: How many such concurrent request would a tomcat server running on a double quad-core server handle? At least 8 (1 per core), but that's about all you can tell without finding where the bottlenecks are. If I wanted to *really* split hairs, I'd point out that one request might launch background threads and even this isn't necessarily true. But I'm splitting hairs now. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: MaxPermSize, Tomcat startup trouble
From: Henjo [mailto:henj...@gmail.com] Thank you both for replying. The architecture is indeed x86 (Windows 2003 server) and changing OS is not an option right now (going live soon). The alternative view: You can go live with a known-unreliable system, or you can change OS and go live with a maybe-unreliable system :-). The strange thing is that if we place all 20 contexts in the Tomcat 6.0\webapps then we get this exception/error: ..backtrace.. Cause by java.lang.OutOfMemoryError: PermGen space. If we place the contexts outside of the Tomcat 6.0\webapps (updated server.xml ofc), then we DON'T get the OutOfMemoryError. Because we'd like to use the WAR update mechanism, keeping all webapps in Tomcat 6.0\webapps is preferred. I'm somewhat surprised. Do all 20 contexts get started when they're elsewhere? By the way, there's one other thing you *could* try if you had to reduce memory usage. I don't like it, because it makes versioning the webapps a nightmare; but it might save you quite a lot of RAM and allow you to go live on the current hardware. The choice is yours! If many of your webapps use the same versions of the same jars, you *could* share them between webapps. The classes will then be loaded once, rather than once per webapp, reducing the amount of PermGen required. The problem, of course, is that your webapps are then locked to the same library versions - updating one webapp with a new library is a problem. If you want to look at this approach, check the Tomcat 6 classloader how-to on the web site. But if you do this, I would suggest you regard it as an emergency hack and look urgently at ways to remove it. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: MaxPermSize, Tomcat startup trouble
From: Henjo [henj...@gmail.com] OS is Windows 2003. x86 or x64? Available RAM is 3.5Gb on the machine, so that's not a problem. I assume x86 from that sizing. As Chuck points out, you won't get the space you want given Windows' appalling memory use. Any ideas how we can get a much larger PermSpace going? Change to an x64 Windows architecture, or change to a non-Windows OS (may not be large enough, even so), or run two (or more) Tomcat instances on the machine and split the contexts between them so that you don't need 1G of Permspace. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Server can't load himself (without using localhost)
From: Sibil87 [mailto:giorgio.zampare...@gmail.com] I mount Tomcat 6.0 on my server and u can visit it at http://application.sogetel.it:8080. If I open any browser from that machine and I try to visit http://localhost:8080 I can see my Servlet Manager and it's all ok. If I open any browser from that machine and I try to visit http://application.sogetel.it:8080 I don't have any response... Why http://application.sogetel.it:8080 is not working on the same machine?!? Is there any conf file of Tomcat I have to change to make it work?!?! I think you have a firewall problem. Check your firewall configuration on the computer - is port 8080 open? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Why a dir names ondemand is not accessable under webapps/ ?
OS? Tomcat version? Anything in the logs? -Original Message- From: meili100 [mailto:steve@yahoo.com] Sent: 26 May 2009 06:21 To: users@tomcat.apache.org Subject: Why a dir names ondemand is not accessable under webapps/ ? I have multiple subdirs under webapps/ . All of them work fine except a dir called ondemand. It can not be access from browser. The permission has no problem. Indeed I can access it at first, but after few days it's not accessable. But if i rename it to, say mydir000, it works, but after few days it does not work any more. Any hint why it doesn't work? Thanks lot -- View this message in context: http://www.nabble.com/Why-a-dir-names-%22ondemand%22-is-not-ac cessable-under-webappstp23716945p23716945.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Silent Installation of Apache Tomcat
From: aditya darbha [mailto:adityadar...@gmail.com] If I decide against installing TOMCAT using the conventional exe in WINDOWS, is there a way I can install Tomcat? What files typically need to go into the installation? Download the zip installation. Unzip. You now have the files. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: deploy my files with a different user than root
From: Jose Manuel Hostalet Wandosell I am using the tomcat manager to deploy my apps, but after deploy, web files have root as owner. I have permissions to deploy but I am not root of the machine, how can I deploy my files with a different user? Don't run Tomcat as root. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance: switch vs if ... else if
From: David kerber [mailto:dcker...@verizon.net] As a result, right now I don't have any way of generating enough load to find a bottleneck in the overall servlet (which is a very good thing!!). That's a win. Congratulations! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Silent Installation of Apache Tomcat
From: aditya darbha [mailto:adityadar...@gmail.com] want to couple Apache Tomcat into my application. My installer would check for an existing installation of the TOMCAT and would try to install Tomcat if there is no existing installation.!! This installation has to be silent and the user need not explicitly know that Apache Tomcat is being installed.Is there a way of installing Apache Tomcat silently in Windows? If yes, how can I do it? A Tomcat installation is just a bunch of files plus some way of starting Tomcat. Your installer could install the files (don't forget you may need to install a JRE as well, as the machine may not already have an appropriate version installed). Your installer could also call the script to create an appropriate service - it depends whether you want to start Tomcat as a service, or whether you just want it started when the user starts your program. Be aware of your user base if you choose to do this. In general, I get rather upset when an installer installs something that runs at startup on my machine and doesn't tell me. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: MAX Simultaneous connections with Tomcat on Windows XP Pro
From: Arijit Sarkar Job Gmail [mailto:arijit.k.sar...@gmail.com] So If I have an web application deployed on tomcat and windows XP pro, theoretically, unlimited users can connect to the application simultaneously? Tomcat or Windows XP does not place any limits to that? There are no limits imposed by XP's license - XP's 10-connection limit applies only to it acting as a SMB server, and doesn't affect anything else. Tomcat also doesn't impose any limits due to licensing. Of course, you may still hit limits due to memory use, processor use, network bandwidth etc, number of concurrent sockets open etc..., but they're the standard ones you'd encounter on any operating system. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache httpd vs Tomcat static content performance
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 1. Is the number of requests (100, sufficient? It seems to take forever on this machine... my Coyote tests took longer than overnight. You want enough tests that they're sensitive to statistically significant differences that you're interested in finding. The tests shouldn't be dominated by end effects - startup and shutdown. I'd be more inclined to run *multiple* tests - 3 is about the minimum - to make sure that your single test hasn't been messed up by something unexpected. I'd expect a few minutes per test to be enough to ignore end effects; I'd be far more inclined to run 10 2-minute tests than 1 20-minute test, for example. 2. Is a concurrency of 1 okay? I thought about it and testing the ability of the OS to schedule processes and threads doesn't seem like it adds anything to the data. Depends. *Exactly* what are you testing? If it's who can serve the most bytes per second / requests per second, a concurrency of 1 isn't appropriate - you want to see what happens as you approach saturation, which is unlikely to happen with a single thread. If it's who can serve load without horrible lock contention in the system, same answer. Below is the data I've collected so far. I'll publish everything on my blog, including graphs, etc. once it's finished. (Strange that httpd dramatically increased its transfer rate when requesting the 16MiB file!) Looks interesting. Is there any way of finding out what the rate-limiting factor is in each case - CPU, memory bandwidth, memory capacity, disk bandwidth? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache httpd vs Tomcat static content performance
From: Christopher Schultz [mailto:ch...@christopherschultz.net] I suppose I could gauge each test so it would take (roughly) a certain amount of time (say, 10 minutes). At least then I'd know how long the entire battery would take :) I think that's probably a better approach. Okay. My original test plan included concurrencies of 1, 2, 4, 8, and 16. I think I'll just do 1 and 16 and maybe another one if I get the time. Maybe I should just get a faster server :) 1, 4, 16 would be interesting - and if you run for fixed time rather than fixed number of requests, you might be able to afford to do this. That's a good question... if the disk can't read the data any faster, than the server can't serve the bytes any faster (unless caching is being used, I suppose, but this is supposed to be out-of-the-box config). You'd hope your underlying OS (Gentoo, I assume from your other message) would cache the file! Since this is a relatively old server (1500MHz 32-bit AMD Athlon), I'm surely being limited by just about everything except memory capacity (it doesn't take much memory to serve static content). I can easily get memory timing information, and I suspect my memory timing will significantly beat the throughput of the TCP stack (shared memory be damned). I can also benchmark my disk I suppose. Since I already have the transfer rates for the HTTP responses, I can simply see if the hardware is significantly faster than the server so rule-out any real hardware difficulties. As a rough first cut, vmstat 5 and watch the numbers ;-). iostat too, if you can. If CPU isn't pegged at 100% and the disk isn't at full capacity, that's an interesting result as it implies the box has spare capacity and there's contention elsewhere - often lock contention, as David Kerber has recently seen! It just seems a shame to waste the opportunity to gather information about *what* the rate limiter is, as well as at what point you get to the limit. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Preventing OutOfMemoryError: Java heap space
From: André Warnier [...@ice-sa.com] would it not be easier to catch the OOM exception and then return a sorry, server overloaded page to the browser ? At that point, it's too late. A thread, somewhere in the system, tried to allocate some memory for an object and couldn't. This could happen anywhere! It might be while allocating the buffer to read the request, or the buffer to send the response, or even the socket instance from which to read the request. There are then no guarantees. You may be unable to send anything back to the client, as you may be unable to access the socket because the OOM was caused by trying to create that socket. Or the thread that got the exception might be one of the threads processing incoming requests. Once the system encounters an out-of-memory error, you pretty much have to stop the process and start again, as you generally have no idea what else has failed. You can't even save any outstanding work to file, as there's no guarantee you can allocate the memory for the file object - if MS Word runs out of memory, you just lost your document! This isn't unique to Java, by the way - if you want a coding nightmare, try to handle *all* malloc() fails in a reasonably sized C program. Or kalloc() calls in a kernel :-). When you realise that running out of memory means you can no longer guarantee to allocate any new memory for any purpose at all, the scale of the problem becomes apparent. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Preventing OutOfMemoryError: Java heap space
From: Todd Hivnor [mailto:spambox_98...@yahoo.com] One challenge with Peter's suggestion of tracking the number of sessions myself is that I have a collection of webapps. So I can't just set up a shared static counter; I need a counter which works across multiple webapps. The only way I know to do that is to use a text file, and take care about locking the file before updating it. Or perhaps I can use ServletContext. Some classes can be shared across webapps, though the precise approach varies depending on the version. See the Classloader how-to for your Tomcat version at http://tomcat.apache.org for details. Pre-6.0, you could load a class through the common or shared classloaders; in 6.0, your options are reduced somewhat. That class could keep a common integer. It doesn't have to be a straight session count; you could weight it based on the relative sizes of the sessions. A heavy session increments the counter by 10, a light one by 1. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Cluster Deployment without WAR
From: Alexander Diedler [mailto:adied...@tecracer.de] WatchDir is F:\inetpub\wwwroot if there is something changed, it should be deployed to all other cluster nodes. If you're on Windows, why not use the built-in file replication to replicate changes between the nodes rather than use Tomcat? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Preventing OutOfMemoryError: Java heap space
From: André Warnier [mailto:a...@ice-sa.com] Thanks, Chuck and Peter, for the clarifications on OOM. I believe that unconsciously, with my large object reservation theory, I was vaguely remembering something I had read some time in the past. So I searched Google for java +parachute +memory and this is something I found : http://mail-archives.apache.org/mod_mbox/tomcat-dev/200703.mbo x/%3c20070325171940.34dae1a9...@eris.apache.org%3e Does this have any bearing on the OP's issue ? It is past me capacities to see if it is relevant or not (I don't mean the above post per se, but the idea). Nice. The idea's relevant... as long as you realise that all it's doing is defending a very few critical areas of Tomcat's code against some (not all) OOMEs. Another thread could allocate heap memory between lines in this code, leading to unexpected failures because the memory freed by the parachute has been used elsewhere; and it doesn't defend all areas of Tomcat's code (I think - Filip will no doubt correct me). It's a great way of helping to make sure that, most of the time, it's at least possible to log an OOME - assuming the application passes it up the stack, which most will. It's not a general solution without a lot more work; each webapp would have to do something similar at each point that it might allocate heap memory. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance with many small requests
From: David Kerber [mailto:dcker...@verizon.net] I definitely should hook a profiler to the app so I can be sure of what's taking the time, though. Yes. If you don't measure it, you don't know whether you're fixing the right problem! Also consider connector, then if necessary process and OS limits on the number of concurrent connections. Do you usually have connector threads sat idle, or are they all reading and processing requests most/all of the time? A thread dump will tell you - the last one you posted had at least one thread in the pool waiting for a connection, and you can simply spot which others look similar. The other way to check would be to monitor the depth of your connector's socket's accept queue, but I'm not aware of any way to do this in Windows. At this point, I'm guessing on any remaining bottlenecks. I recall your network is gigabit from the router (I think I've recalled correctly), but also check: - Is the firewall or router overloaded? Highly unlikely if they're properly specced, but I have been in one data centre where the bottleneck turned out to be the routers.* - What's your external connectivity like? Gigabit from the router is irrelevant if you're trying to fit 20 Mbit/s of data down a 10 Mbit/s pipe :-). - Peter * Names elided to protect the innocent, but a manufacturer's claim that a particular spec of router could handle two ISDN primaries turned out to be correct in the USA (23 B-channels per PRI) and wrong in Europe (30 B-channels per PRI). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance with many small requests
From: David kerber [mailto:dcker...@verizon.net] In my original post, I posted a bunch of numbers about network and other possible bottlenecks, and what it boiled down to was that neither my firewall load, nor total internet connection bandwidth were close to their limits. Thanks. Apologies for not referring back! I do have questions about the number of connections that the OS networking stack can handle, but have not figured out how to check on that. As a first step: netstat -an somefile.txt How many TCP sockets are there in the result? The outside world connection is a full T-1, running about 40% - 50% capacity on average. Dedicated or contended bandwidth? Can you get the other 50-60% out of it if you try hard from another machine on the same network, or do you never get it in reality? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance with many small requests
From: David kerber [mailto:dcker...@verizon.net] Just over 1000 total, 810 to the port that this application is using. Should be fine on Windows. The vast majority are showing a status of TIME_WAIT, a dozen or so in ESTABLISHED and one (I think) in FIN_WAIT_1. Sounds fair enough. The ESTABLISHED ones are active both ways and able to transfer data; the one in FIN_WAIT_1 has been closed at one end but the other end's still open; and the ones in TIME_WAIT are closed but tombstoned so the TCP stack knows to throw away any data that arrives for them. None of those are a surprise. That's our corporate connection, so it's shared across all users. I can easily run it up to 100% it by doing a large d/l from somewhere (I need to plan my patch Tuesday updates to avoid trouble), so my router and firewall have no trouble handling the full bandwidth. Ah, OK. However, those are low numbers of high-throughput connections. This app produces large numbers of connections, each with small amounts of data, so it may scale differently. It may, but I'd be a little surprised - IP is IP, and you have enough concurrency that latency shouldn't be a problem. That said, if a client has multiple data items to send in rapid succession, does it accumulate those and batch them, or does it send each one as a different request? Or does the situation never arise? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Analyzing Tomcat related VM crash?
From: Rainer Jung [mailto:rainer.j...@kippdata.de] Look for a GC fix (1.6.0_13), or try the child vm, or try switching to another GC algorithm, like CMS. (Coming to the thread late, sorry if this has all already been said). Also consider bad RAM, or memory corruption caused by some native code, if you have any native code in your app - JNI, ODBC drivers, other database drivers that are not pure Java, etc. From my days dealing with Smalltalk GC, I found the commonest cause of a crash during GC was a bad object header somewhere in the heap - usually because something's overwritten it or a bit's flipped due to bad RAM. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] RE: Performance with many small requests
From: David kerber [mailto:dcker...@verizon.net] A typical client will have 2 to 5 items to send per transaction (they're actually lines from a data logger's data file), and each line is done in a separate POST request. The frequency of transactions varies widely, but typically won't exceed one every 10 or 15 seconds from any given site. As I mentioned earlier, each data line is small, 20 to 50 bytes. OK, so your top end is about 1 line every 2 seconds. You'll need at least 2 round-trip times (RTT) per line (SYN out, SYN-ACK back, ACK-DATA out, ACK-DATA back, plus the FIN-ACK out), but that's not a high rate. We had looked at batching up the transmissions before, and it's still an option. However that adds a bit of complexity to the software on both ends, though the gain would be far fewer individual requests to process. For now, we prefer the simplicity of line-by-line transmission, but if we start running into network limitations we'll probably start batching them up. I'm interested - and this is now a long way from Tomcat, hence the [OT] mark above. If a set of lines represents one transaction, why would you ever not send it and try to process it atomically? Or is it acceptable to have part-transactions within your system? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance with many small requests
From: David kerber [dcker...@verizon.net] My cpu usage for tomcat has gone from bouncing between 0 and 1 in task manager, to a steady 2 since more threads are now actually doing work instead of waiting around for their turn at the code, my disk writes per sec in perfmon have also more than doubled, and the destination log file is growing much faster as well. All excellent news. The fact that you've seen the performance double means that there was, in fact, a bottleneck there. Have you taken a new thread dump to see whether the locks (almost certainly on the log write) are still a problem? If so, you might have to go to a more complex scheme such as multiple log files managed by a pool manager. Don't even try to write the pool manager yourself; they're horribly messy things to get right and shake the race conditions out*. I half-remember Jakarta Commons has one that can be adapted if you get to that stage. Thanks a ton!!! No problem. - Peter * Yes, I did implement one. I still have the scars. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Preventing OutOfMemoryError: Java heap space
From: Todd Hivnor [spambox_98...@yahoo.com] I would like to proactively avoid running out of heap space. I would like people get a Server Too Busy message, _before_ the heap is actually exhausted. I would rather serve 40 users well than 45 users poorly. Rather than monitor memory, which is subject to GC whims as George points out, I'd suggest monitoring the number of sessions in your application - find a number of sessions you can live with, keep a (suitably synchronized) counter that's incremented and decremented as sessions are created and destroyed, and don't start new sessions if that counter is higher than your threshold. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance with many small requests
From: David Kerber [mailto:dcker...@verizon.net] The synchronized section doesn't do a whole lot, so it doesn't take long to process. Indeed. So take a thread dump and see what's happening before making *any* changes to this key part. My question is, what kinds of operations need to be synchronized? All I do is decrypt the data from the POST, send a small acknowledgement response back to the site, and write the line to the log file. Does that sound like something that would need to be synchronized? If not, pulling that out would be a really easy test to see if it helps my performance issue. Decrypt: parallel. Send ack: parallel. Increment counters: synced. Write to log file: synced (or you'll have some very odd stuff happening). - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance with many small requests
From: David kerber [mailto:dcker...@verizon.net] Also, right now I'm doing a .flush() after the .write() to the log file. Is that usually necessary, other than to avoid losing data lines in case of a system failure? No, other than that. What disk subsystem are you running on? Start Performance Monitor and, from Physical Disks, monitor your disk writes per second. If it's over 150(ish, depending on the disk) per spindle in your disk array, you're saturating your disks. How would a .flush() affect the speed of returning from a synchronized .write()? It can be significant, as the data has to get to the file. I'd check the above. Also, do you have any battery-backed write cache (BBWC) on the disk subsystem and how's it configured? On systems where disk has proved to be the bottleneck, and there are many small pieces of data being written, I've seen better than a factor of 10 improvement by adding write cache in this way. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance with many small requests
From: David kerber [mailto:dcker...@verizon.net] I'll look into that to be sure, but I don't think the HD is limiting. I think I agree with you, but it's a classic area that people miss - Intel have done entirely too good a job of branding the CPU as the only place where speed matters! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance with many small requests
From: David kerber [mailto:dcker...@verizon.net] Now that I've got a thread dump, what am I looking for? You found it first time :-). Now the hard part - fixing it. I've got a bunch of sections like this, pretty much all of which are waiting to lock 0x057c73e0. Is there any way to figure out what that object is? I imagine it's the disk write, but can't figure out how to tell for sure. It's the sync at the start of your method. [2009-05-08 10:43:24] [info] waiting for monitor entry [2009-05-08 10:43:24] [info] [0x2739f000..0x2739fb64] [2009-05-08 10:43:24] [info] at eddsrv.EddRcvr.doPost(EddRcvr.java:70) [2009-05-08 10:43:24] [info] - waiting to lock 0x057c73e0 (a eddsrv.EddRcvr) ... so they're all waiting to get the monitor on a eddsrv.EddRcvr, which is what the synchronized on your doPost method will lock on. If you say pretty much all are stuck there, then you have massive contention on that monitor. Time to move to some finer-grained locking! As a first step, I'd remove the synchronized from the method; I'd replace it with one lock around the counter updates (locked on one object) and another lock in your decrypt/log/respond code that's purely around the logging section (locked on a different object). Then I'd re-evaluate - run, take another thread dump and see where the bottlenecks are now. If they're anywhere, I'll bet they're around the logging code. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance with many small requests
From: David kerber [mailto:dcker...@verizon.net] I also have quite a few blocks like this: [...] [2009-05-08 10:43:23] [info] - locked 0x0510e6e0 (a org.apache.tomcat.util.threads.ThreadPool$ControlRunnable) [...] I assume these are just threads waiting for something to do (waiting for a request)? They look like spares in the pool, but my knowledge of Tomcat's internals is limited. Until you said that, I didn't even notice that I had what appear to be double synchronizations, making the method synchronized, and also having synchronized{} blocks inside it. I assume I've been double-screwing myself all this time?? Yeah, I did raise an eyebrow when I saw it. It'll take a few CPU cycles per request, but no more than that. Only one thread can get into the method, so any internal syncs just add overhead. They're not further places for contention to occur. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance with many small requests
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Strictly speaking, that's one thread per *servlet* object; if using the SingleThreadModel (let's hope not), the container is allowed to create multiple instances. Good point in the general case, but I rather suspect David would have seen very different performance characteristics and some *very* confused output if that were the case here. They're not further places for contention to occur. Depending on what else uses the criticalProcess object, that may or may not be true. Another good point. I was assuming something that isn't necessarily true, namely that criticalProcess was created for just that sync block. Meh, why don't I bow out and leave Chuck to give all the good answers? ;-) - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Performance with many small requests
From: David kerber [mailto:dcker...@verizon.net] The tomcat application simply takes the post request, does a checksum verification of it, decrypts the lightly-encrypted data, and writes it to a log file with the timestamps and site identifiers I mentioned above. Pretty simple processing, and it is all inside a synchronized{} construct: protected synchronized void doPost(HttpServletRequest request, HttpServletResponse response ) throws ServletException, IOException { synchronized ( criticalProcess ) { totalReqCount++; dailyReqCount++; processRequest( request, response, false ); } } Doesn't the synchronized in the above mean that you're essentially single-threading Tomcat? So you have all this infrastructure... and that sync may well be the bottleneck. You could detect this by taking a thread dump in the middle of the day, and seeing whether a significant number of threads were waiting on either of your sync objects. If there are a significant number, consider re-engineering this critical piece of your application to be multi-threaded :-). - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: invalid certificate
From: Melanie Pfefer [mailto:melanie_pfe...@yahoo.co.uk] So you mean this error cannot be fixed? All self-signed certificates have this problem when a browser accesses the page using ssl? If the browser doesn't trust the root certificate that certifies the self-signed cert, it will give at least a warning and in some cases an error. This is a good thing, as otherwise I could create a self-signed certificate that said my web server was https://www.paypal.com, trick your browser into visiting my server, and you wouldn't see a warning. Think of a certificate as being ID for that web server. A certificate signed by a root certificate authority (CA) that's trusted by the browser is like a passport - slow and expensive to get, but almost everybody trusts it as ID. A self-signed certificate is like a letter you've signed as proof of your own identity - fast and cheap to get, but not very good for proving who you are. Is your web application being used on the Internet, or within the company? If it's on the Internet, you really don't have a choice - if you want SSL and no warnings, you'll have to get a certificate signed by a well-known certificate authority, and you'll have to pay the money for that. If it's on your internal network, the alternative is to add your company root CA to the browsers' trust list, then use an internally-generated cert. You still can't use a *self-signed* cert as they're always one-offs, but you can generate one from your company CA if you have it. Clearly if you don't have a company CA, you can't do this! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: hot-deploy problems
Tomcat version? Java version? OS? -Original Message- From: david owens [mailto:ym...@yahoo.com] Sent: 01 May 2009 15:52 To: users@tomcat.apache.org Subject: hot-deploy problems I hope you folks are not sick to death of this question, but I have still not found a satisfactory answer. I used to hot-deploy war files with no problems, and about half the time I get ZipException: error in opening zip file, or Illegal access: this web application instance has been stopped already. errors. I don't currently specify a config.xml and it seems to have something to do with that (docbase and appbase being the same?). But I hate to add app configurations that are not contained in the war files themselves. Is there a way to solve this with the META-INF/config.xml? If so, can someone please provide an example? If not, what is the best solution? (I have no spaces or other unusual characters in my jar or war file names, and half the time things work fine). Thank you much, -- David D. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Slightly OT: log4j - generic log4j.dtd
From: Gregor Schneider [mailto:rc4...@googlemail.com] Most of you may know the typical first lines of any log4j.xml-config-file: ?xml version=1.0 encoding=UTF-8 ? !DOCTYPE log4j:configuration SYSTEM log4j.dtd Why does the DTD need to be stored relative to the XML file rather than (say) with its correct absolute path, then use the XML parser's preferred solution to tell it where the local DTD cache is? This is just an idle thought - I've no idea how or even whether it would work in Tomcat, as I don't know how you'd set up the cache location. But most XML parsers have one *somewhere*. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: GC Problem
From: S Arvind [mailto:arvindw...@gmail.com] Tomcat after running for couple of hours , somthing is getting wrong and it is keep on doing Garbage Collection(as it dispaly in console) . And tomcat also becoming dump slow.. and we cant able to do any, until it restarts... I suspect your application has a memory leak somewhere - and it is almost always the application, not Tomcat :-). Use a profiler to find out where all the memory is going. Do you get out-of-memory errors in the Tomcat log files if you leave the application running even once it has become slow? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: GC Problem
From: S Arvind [mailto:arvindw...@gmail.com] Yeah daily atleast once Out-of-memory will raise and we will restart the tomcat. As the amount of free memory goes down, the JVM will have to collect garbage more and more frequently, until you get the symptoms you see where it is spending most of its time in GC. You can prove it's a memory leak by increasing the amount of RAM available to the JVM. If you still run out of memory - but a little later - it's almost certainly a leak. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: GC Problem
From: S Arvind [mailto:arvindw...@gmail.com] Is there any good settings for GC for tomcat running in server with 4GB and Quad Core processor. As much RAM as the OS doesn't need for other purposes. There's no straiht answer for this, as it depends what else is running on the box. You might try initial and maximum heap sizes of 3 Gbytes, but that's a finger-in-the-air guess. Try it; measure it; and adjust it if your application spends a lot of time collecting garbage, or if the OS starts using its swap file. I bascially need GC parameter for RESOURCE HUNGRY WEB APPLICATION I'm going to make a prediction: it doesn't matter how much RAM you allocate, you won't have enough. You will still run out of memory and have to restart Tomcat. I think this, because I think you have a memory leak in your application. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Extra Threads in background
From: David.Meldrum [mailto:david.meld...@verizon.net] My least favorite activity is programming by experiment. Try Morris dancing sometime ;-).* Alternatively, enable debugging, connect a suitable debugger and set a breakpoint in the code you want to prevent being called twice? Depends on the toolset you have available. - Peter * Before I get descended upon by a side of stick-wielding real ale enthusiasts wearing bells, I should probably point out that I've played for, run sound for and danced Morris. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Why we need two servers (httpd and tomcat)
From: Vinay Nagrik [mailto:vnag...@gmail.com] Can someone explain to me the basic difference between httpd and tomacat serer. What one can do so the other can not do. Apache httpd can serve static content over HTTP. It can have modules plugged in (CGI, perl, PHP) to serve various kinds of dynamic content. It has many modules, and very flexible configuration options. It is written in C and needs to be compiled for each platform. It cannot serve Java servlet content; for that you need a Java servlet container, which you can connect to it in various ways. Apache Tomcat is a Java servlet specification-compliant servlet container. It can serve static content over HTTP. It has built-in facilities for serving Java servlets, and requires no modules to do this. It has relatively few modules, and some configuration has to be done in code where Apache httpd allows configuration through files. It is written in Java, and portable to any platform able to run a (sensible) Java virtual machine. It can be connected to Apache httpd in various ways so that httpd can appear to serve servlet content. And why do we need these two servers in the first place. Because httpd doesn't serve Java servlets (and Tomcat doesn't serve perl and PHP efficiently, though it's pretty good at static content). Even if httpd did everything, someone would write a pure Java web server and servlet container, because Java developers are like that :-). - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JVM crash issue
From: jochen [mailto:songzhou...@gmail.com] I deployed an inhouse application in Tomcat 6.0 and I experienced random JVM crashes for two weeks. Are you *absolutely certain* your hardware is good? We've had several reports of JVM crashes on this list where the real problem is faulty hardware - usually bad RAM. It's far more common than most people realise. Test by running the application on different hardware. [...] Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x3678c8] Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) v ~BufferBlob::Interpreter [...] java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/ Object;)Ljava/lang/Object; v ~BufferBlob::Interpreter J com.opensymphony.xwork2.DefaultActionInvocation.invoke()Ljava/ lang/String; [...] The code that is closest to the crash is this OpenSymphony code, which is then invoking something by reflection when the crash happens. Do the crashes always happen at the same point in the code? If so, I'd ask OpenSymphony :-). If not, I suspect bad hardware - but you might want to analyse several crash dumps to look for common factors. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat shutsdown automatically
From: Potri Raaja [mailto:potri.ra...@hotcourses.co.in] Our Tomcat application server is throwing the below mentioned eror and it shutsdown automatically. This happens occasionally i.e., once or twice in a week.Can you please suggest us with a solution to solve this issue. [...] # An error report file with more information is saved as hs_err_pid29022.log Read the error log. See if it gives you any more information. At the very least, it'll tell you what the JVM was doing at the time. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache HTTP before Tomcat
From: Bart Ophelders [mailto:bartopheld...@hotmail.com] If I put an Apache HTTP server in front of Tomcat, will this influence performance? Yes. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat shutsdown automatically
From: Potri Raaja [mailto:potri.ra...@hotcourses.co.in] The below mentioned details are the error message from the hs_err_pid29022.log file, can you please look in to this and help me out to trace the exact issue. The fault is happening in some native code in the Oracle driver (libocijdbc10.so). I'm with Chuck, I'd try the native Java Oracle client and see whether the problem goes away. Failing that, check with Oracle about any issues between their native client and your exact JVM version and environment? Stack: [0x22e7f000,0x22f0), sp=0x22efe9a8, free space=510k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) C [libocijdbc10.so+0x123e6] C [libocijdbc10.so+0xe248] Java_oracle_jdbc_driver_T2CStatement_t2cDefineFetch+0x90 J [...] - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Problem with maximum threads
From: connossieur [mailto:anand.b...@aricent.com] There is no problem in the application code. How have you proved this? Take a thread dump (you're on Java 1.6, so you can use jstack). What are the threads doing? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Problem with maximum threads
From: connossieur [mailto:anand.b...@aricent.com] The application doesn't have problems as I tested it with Visual VM (profiler for java 6) on Windows. OK. You've done more research than most, then - we get a lot of people blaming Tomcat as the first thing they do, so we tend to have some well-developed check your code! reflexes. Anyways, can there be problem with Tomcat? It's pretty stable. But no code is ever 100% guaranteed bug-free, despite what we might like, so there always *can* be a problem :-). 6.0.9 is quite old now; the current version is 6.0.18, and there have been a number of bugfixes. How tied are you to the old version - can you update and see whether that resolves the issue? I mean, I have limited the number of threads, still tomcat spawns more than 1000 threads? This is where that thread dump comes in. *Something* is spawning threads - rather than guess what's doing it, let's get some evidence of what they're doing? Then we stand a better chance of working out what's spawning them. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Problem with maximum threads
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Also, please post a full thread dump. I want to see 1000 complete stack traces, baby. Mmm, that's a good few kilos of carbon to shift the bits around the mailing list subscribers ;-). Any chance of putting the thread dump on a convenient web site and posting a link? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: What Tomcat presentations / demos / discussions do you want to see at ApacheCon US 2009?
From: André Warnier [mailto:a...@ice-sa.com] How about a session like : Everything you always wanted to know about connecting Apache httpd and Tomcat, but never dared to ask To be given jointly by Apache httpd AND Tomcat experts. - when do you need to do that, and when do you not really need it Ye gods. You'll have a religious war between the presenters! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: CLOSE_WAIT and what to do about it
From: André Warnier [mailto:a...@ice-sa.com] public void close() throws SomeException { putEndRequest(); flush(); socket = null; } flush() being another function which reads the socket until there's nothing left to read, and throws away the result. socket is a property of the object created by this class, obtained somewhere else from a java.net.Socket object. Looking at that code above, it is obvious that socket is open, until it is set to null, without previously doing a socket.close(). I don't know Java enough to know if this alone could cause that socket to be lingering until the GC, but I kind of suspect so. Nice piece of detective work, André! Yes, that code's broken - the socket's not referenced but not closed, so it will stay open until a GC tidies it up. $deity only knows what the original developer was thinking when they wrote that. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[Mildly OT] RE: apache/tomcat communication issues (502 response)
From: André Warnier [mailto:a...@ice-sa.com] a TCP CLOSE_WAIT state happens when the writing side of a TCP connection has finished writing and (nicely) closes its side of the socket to indicate the fact, Yes. but the reading side of the connection does not read what is left in the buffers, so there is still some data unread in the pipeline, No. It merely means that the reader has not yet closed the socket. You're putting more context behind that than there really is - the reader may, for example, have read all the data, but never have issued the close() call. and the reading side never closes the socket. Has not yet closed :-). http://www.cs.northwestern.edu/~agupta/cs340/project2/TCPIP_State_Transition_Diagram.pdf (itself reproduced from TCP/IP Illustrated, Volume 2) is a useful resource if you want to know what the states mean. If you're seeing CLOSE_WAITs on the Tomcat server, it means the client has sent a FIN and Tomcat's ACKed that. If you can, look on the client to see what's happening. If you see connections in FIN_WAIT_1, the client never got the ACK from Tomcat, if you see connections in FIN_WAIT_2, the client got the ACK and is sitting around waiting for Tomcat to close the connection and send a FIN. - Peter P.S. Yes, I used to teach this stuff ;-). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: CLOSE_WAIT and what to do about it
From: André Warnier [mailto:a...@ice-sa.com] It has been previously established that a socket in a long-time-lingering CLOSE-WAIT status, is due to one or the other side of a TCP connection not properly closing its side of the connection when it is done with it. I also surmise (without having a definite proof of this), that this is essentially bad, as it ties up some resources that could be otherwise freed. At the very least it'll tie up a kernel data structure for the socket itself. I don't know modern Linux kernels well enough to know how buffers are allocated, but I suspect you won't be wasting much memory on buffers as they'll be allocated on-demand. You're probably talking tens to low hundreds of bytes for each one of these. You will also be consuming resources in whichever program is not closing the sockets correctly. So my question is : considering the situation above, is there something I can do locally to free these lingering CLOSE_WAIT sockets, and under which conditions ? For example, I see this line : tcp6 12 0 :::127.0.0.1:41764 :::127.0.0.1:11002 CLOSE_WAIT 29649/java which tells me that there is a local process 29649/java, whith a local socket port 41674 in the CLOSE_WAIT state, related to another socket #11002 on the same host. On the other hand, I see this line : tcp0 0 127.0.0.1:11002 127.0.0.1:41764 FIN_WAIT2 - which shows a local socket on port 11002, related to this other local socket port #41764, with no process-id/program displayed. What does that tell me ? The process that was on port 11002 closed its end of the socket and sent a FIN. Process 29649 hasn't closed its end of the socket yet. I also know that the process-id 29649 corresponds to a local java process, of the daemon variety, multi-threaded. That program talks to another known server program, written in C, of which instances are started on an ad-hoc base by inetd, and which listens on port 11002 (in fact it is inetd who does, and it passes this socket on to the process it forks, I understand that). The local Java process may have a resource leak. It appears not to have closed the socket it was using to communicate with the server. A possible reason for the lack of a PID on port 11002 is that the socket was handed across from inetd to the C daemon - not sure about this. What it looks like to me in this case, is that at some point one of the threads of process # 29649 opened a client socket #41674 to the local inetd port #11002; that inetd then started the underlying server process (the C program); that the underlying C program then at some point exited; but that process #41674 never closes one of the sides of its connection with port #11002. Agree. Can I somehow detect this condition, and force the offending thread of process #29649 to close that socket (or just force this thread to exit) ? Threads are flows of control. Threads do not reference objects other than from their stack and any thread-local storage - and there are plenty of other places that can hold onto objects! The socket may well be referenced from an object on the heap (not the stack) that's ultimately referenced by a static variable in a class, for example, in which case zapping a thread may well do nothing. You need to find out what, if anything, is holding onto the socket. If you have some way of forcing that Java process to collect garbage, you should do so. It's possible for sockets that haven't been close()d to hang around, unreferenced but not yet garbage collected. A full GC would collect any of these, finalizing them as it does and hence closing the socket. If a full GC doesn't close the socket, some other object is still referencing it. If a full GC doesn't clear the problem, you may need to go in with some memory-tracing tool and find out what's holding onto the socket. It's a long, long time since I had to do this in Java, so I have no idea of the appropriate tools - my brain's telling me Son of Strike, which is for the .Net CLR and *definitely* wrong! Does that help? Or is it clear as mud? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: CLOSE_WAIT and what to do about it
From: André Warnier [mailto:a...@ice-sa.com] This process is started as a daemon, with a java command-line. Is it possible to add some arguments to that command-line to induce the JVM to do a GC more often ? http://java.sun.com/javase/technologies/hotspot/gc/gc_tuning_6.html - I don't think so, although the RMI option under Explicit Garbage Collection might work. The same question for the related Tomcat webapp (which I suspect of having the same issue). But in that case I do have to be a bit more careful regarding the performance impact, although this webapp is pretty much all that is running in this Tomcat. That one's easy. Add another webapp with one page. When the page is requested, call System.GC(). Job done! Relatedly, does there exist any way to force a given JVM process to do a full GC interactively, but from a Linux command-line ? I'm not aware of one, but I'm not an expert. I await the experts' comments with interest! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Installing Tomcat
From: Jonathan Mast [mailto:jhmast.develo...@gmail.com] I'm trying to get Tomcat 6 running on a RedHat box. I don't want to build deamon with jsvc as the docs say I should do, at least not yet. Is this the extent of the official documentation for setting up Tomcat on Linux? You don't say what this is, so we can't help you. I installed JDK 6 and Tomcat 6, defined JAVA_HOME and TOMCAT_HOME and setup have a Host and Context in server.xml for www.mysite.com. I invoke catalina.sh start and get a process running, but I can't reach mysite. *Exactly* how are you trying to reach it? From what computer, and what are you trying as the address? If it's www.mysite.com, have you changed your hosts file or DNS so that it points to your computer rather than off into the Internet? What happens if you browse to http://localhost:8080? I should say that apache httpd 2.0 is already running on this machine and my www.mysite.com is reachable there, so I figured www.mysite.com:8080 would take me to tomcat. Is that a correct assumption? IE. Should I be able to by httpd by tacking :8080 onto the url? If you still have a default server.xml, this should work. However, you've changed your server.xml. You haven't bothered to post your new one, so we can't tell whether this would work or not. If I kill apache httpd (I have no intention of using it going forward), will updating server.xml with port 80 rather than port 8080 automagically get everything to work, or is there other stuff I need to do before Tomcat will run as a standalone webserver? With the default server.xml, simply changing 8080 to 80 (and ensuring the process at least starts as root, which is why jsvc is so important) will be all you need to do. With your server.xml? Nobody on the list will have any idea. Give us some more information, please - we're not psychic! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Jsp working fine from tomcat, but displaying source when accessed through apache (Only on Firefox)
From: newToMina [mailto:askme...@yahoo.com] I have jsp page which displays fine when I access it directly from tomcat. But when the page is access through apache (mod_jk) it displays the source code. Do you have a JkMount for the directory with the .jsp in *and* the same directory exposed directly through httpd? Seems unlikely to be the problem givem that both responses shown below return a JSESSIONID cookie, but even so This is happening only on Firefox and on IE it works fine. What do the requests look like? Presumably there's a key difference somewhere? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] RE: Slow servlet response under WinXP Pro
From: jo...@catholic-doc.org [mailto:jo...@catholic-doc.org] This may be key. Can you recommend any option changes based on your experience? One thing I was hoping for was to exclude certain directories/processes from being scanned by Symantec 11.0, but I can not find a way to do this. Does a way exist? If it can't do that, change AV providers - at least for any server that supplies database services. No, I'm not joking. I've seen everything from slow performance to a production SQL Server detaching databases and marking them corrupt due to poor AV performance. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: redirection
From: fredk2 [mailto:fre...@gmail.com] I would be better...The apache httpd web server is more versatile Irrelevant to this problem. and its vulnerabilities are better researched. References for that assertion? I'm not disagreeing, I'd just be interested in the hard data. You can also add mod_security and other modules to further protect the Tomcat against common attacks (assuming you do not use a WAF firewall). And, indeed, that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just Tomcat. Furthermore you can add more Tomcats and balance when needed... Irrelevant to this problem, though I agree with you in the general case. also on unix if you do not use jsvc or iptable you need to run tomcat as root for port 80 which is not a good idea...etc... True, but that's like saying if you do not have a lock on your front door, your front door will not be locked which is not a good idea. Why would anyone *not* run using jsvc or iptables? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: redirection
From: Gregor Schneider [mailto:rc4...@googlemail.com] On Wed, Apr 1, 2009 at 4:22 PM, Peter Crowther peter.crowt...@melandra.com wrote: And, indeed, that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just Tomcat. Since I'm interested on hard data, too, hand over the facts, please. Quite. If you look at the full original quote... -- snip -- From: fredk2 [mailto:fre...@gmail.com] [...] (assuming you do not use a WAF firewall). And, indeed, that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just Tomcat. -- snip -- ... I was re-using the assuming from the previous poster's brackets. Sorry - I should have made that more explicit. Here's the re-stated version: And, indeed, *assuming* that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just Tomcat. I'd also be very interested to see the evidence (either way) on that. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] RE: redirection
From: Gregor Schneider [mailto:rc4...@googlemail.com] See, I believe in the statement that the more components you're adding to an environment, the more possibilities there are for a security-hole. However, to believe is not to know... It's clear that a naïve more components = less secure argument doesn't work in computer security, as I think few people on this list would argue with the following: A Tomcat server with a dedicated firewall in front will be more secure than the same Tomcat with no dedicated firewall in front. Here, more components - and the assumption of fitness for purpose and correct configuration - lead to an assumption of higher rather than lower security. So we're then into a discussion of how well httpd + mod_security + { mod_proxy, mod_jk} would serve for the purpose - a discussion of the *quality* of the components, rather than just the *quantity*. And that's why I'd love to see the hard data because, like you, I don't know :-). - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT] of very off topic marketing question
From: André Warnier [mailto:a...@ice-sa.com] Peter Crowther wrote: I'm also particularly amused by the topmost set of bars in figure 2, given how proud the perl-ites are of their RE library and performance ;-). You didn't expect for a minute that this would remain unanswered, did you ? First, the perl-ites would answer that the comparison being with PHP, it is of little relevance. sigh. Quite. One of these days I'll learn to read... apologies. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] RE: very off topic marketing question
From: Christopher Schultz [ch...@christopherschultz.net] I wonder how the folks over at Wikipedia feel about their PHP-based system. I suspect they get a significant amount of load. And, indeed, Facebook. I'm not sure who gets more hits! There are some big, big PHP systems out there, and they clearly work. I'm not trying to be combative... I'm just really interested in how they feel their scalability feels to them. Quite. I'd be fascinated. I also wonder how much the limiting factor on the big sites is scaling the database, not scaling the front-end services - but that's getting *really* off-topic! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Issue with SSL server/ network configuration
From: i_am_superman [mailto:ee...@objectivation.nl] is there a simple way to map one domain name to two different SSL connectors? I don't think there is, unless you want part of your application to be accessible from a different port. So the part that doesn't need certs might be at https://www.example.com (implicitly on port 443) and the part that does need certs might be at https://www.example.com:8443. You could then set up two different connectors, with different hosts and the different security constraints. I *think* this would allow you to re-use your existing server certificate; browsers check the cert based on the domain name excluding the port, so as long as www.example.com matched you'd be OK. You could probably get away with just the single keystore, too. But you'd need appropriate code (or vanilla HTML) in the applications to direct the user to the other app at the appropriate time! Does this help, or have I answered the wrong question? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Issue with SSL server/ network configuration
From: i_am_superman [mailto:ee...@objectivation.nl] I don't think my client will allow me to run a public SSL website any port but 443 (firewalls). Then you'll also need a second IP address on the server, as I'm sure you've already realised. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Issue with SSL server/ network configuration
From: i_am_superman [mailto:ee...@objectivation.nl] we have 3 environment (test, accept, prod) so we need 3 extra certificates. No big deal indeed, but I need to be sure that I really need them. Get a wildcard certificate? They're about 3 times the price of a regular cert, and can authenticate *.example.com (for example). - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Issue with SSL server/ network configuration
From: i_am_superman [mailto:ee...@objectivation.nl] What are the restrictions on wildcard certificates? Some very old browsers don't understand them. Probably not a problem in your environment, but check your client's browser support requirements. If I have two subdomains with one wildcard certificate, do I still need the two IP addresses? Not sure. I'll leave that to the more experienced folks on the list to answer! Or is the IP address tied to the (wildcard) certificate? IP addresses are never tied to certificates. Certificates allow browsers to authenticate based on the common name in the certificate, and the hostname that the browser is using to access the site. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: very off topic marketing question
From: Jason Pyeron [mailto:jpye...@pdinc.us] PHP by itself is very fast. Much faster than ASP or JSP running on the same type of server. This is because it has very little overhead compared to its competitors and it pre-compiles all of its code before it runs each script How would others respond to this? PHP doesn't scale as well under heavy load. If they are genuinely interested in scalability, figures 4-12 of http://www.trl.ibm.com/people/mich/pub/200812_middleware2008specweb.pdf should be interesting to them. I'm also particularly amused by the topmost set of bars in figure 2, given how proud the perl-ites are of their RE library and performance ;-). I copy the paper's conclusions here: 8 Conclusion When implementing a web server system which will never experience high load, or in which performance, throughput, and reliability under high load is not an issue, then the use of any of the analyzed languages or web servers will achieve similar performance results. If outstanding performance and throughput is the primary goal, then the use of JSP over PHP is advisable. However, if a 5-10% difference in throughput and performance is acceptable, then the implementer of a web system can achieve similar results using either PHP or JSP. In which case, other requirements such as developer language familiarity and programming efficiency, maintainability, security, reliability, middleware compatibility, etc. would be the deciding factors. It is also reassuring to developers of both language runtimes and web servers, that enhancements to either can offer performance improvements to the community. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: very off topic marketing question
From: Matt Brown [mailto:matt.br...@citrixonline.com] I would ask for benchmarks and evidence to back up that assertion. There are plenty out there, but mostly old (... PHP4 promises to...). The IBM reference I've posted is relatively new and appears on an initial read to have a reasonable methodology. Incidentally, the figures in that IBM paper are with httpd+mod_jk or lighttpd+mod_proxy in front of Tomcat - the raw Tomcat throughput would be higher. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] RE: very off topic marketing question
From: Martin Gainty [mailto:mgai...@hotmail.com] Apache is hamstrung by the number of prefork processes it can spawn.. Yes. For this job, it's hamstrung by the PHP process being single-threaded and therefore having to spawn and keep multiple copies (each with its own address space) to handle concurrent requests. In other words: PHP (at least up to PHP5) is architecturally unsuitable for high-throughput services. It can be made to work, as Facebook demonstrates; but there are better architectures that have lower overhead. Actually, that's an interesting question. I wonder how many tonnes of carbon would be saved per annum if Facebook were reimplemented in something that allowed multiple threading and smaller sessions, such as Mono/ASP.Net or glassfish/servlets? ducks and runs to avoid the PHP lynch mob - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: no request on access log
From: Kaushal Shriyan [mailto:kaushalshri...@gmail.com] Host name=testa.example.com [...] Host name=testb.example.com [...] So are you testing these by browsing to http://testa.example.com, and have you mapped that in your DNS or hosts file to be your Tomcat server? If not, these won't work. Do you need two Host elements? Are you actually serving two different sites from one Tomcat? What Tomcat revision are you running? There were two different major versions of Tomcat 5. Version numbers are 5.x.y - what are the values of x and y? If you tell us that, we can give you more help. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] RE: tracing port to port
From: André Warnier [mailto:a...@ice-sa.com] I think I'll have to refresh my TCP knowledge base, to see if there is any byte somewhere in a TCP header specifying the internet protocol. But I don't think so. Sort of :-). The nearest you get is the four bytes specifying the source and destination port numbers - though as you already know that's subject to considerable latitude in interpretation! In particular, if one of those values is a well-known port (http://www.iana.org/assignments/port-numbers), the corresponding protocol RFC-SHOULD* be in use - Peter * Acronym decoder for those who are about to complain: Internet Engineering Task Force (IETF) Requests for Comments (RFCs) frequently make use of MUST, SHOULD, MAY, SHOULD NOT or MUST NOT (capitalised in that way) to indicate how a correct system behaves. This has entered some more general Internet parlance, so RFC-SHOULD can be taken to mean SHOULD as defined in RFC 2119 (http://www.ietf.org/rfc/rfc2119.txt). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] RE: Vmware Server 2 web interface uses tomcat but hogs 8005 and 8009
From: Christopher Schultz [mailto:ch...@christopherschultz.net] On 3/17/2009 4:18 AM, Rainer Frey (Inxmail GmbH) wrote: On Monday 16 March 2009 22:42:27 Christopher Schultz wrote: Can you clarify this a bit? There is no special management instance. VMWare Server is an application that runs on a regular host operating system instance (it installs linux kernel modules though, and probably also Windows drivers). Interesting. This used to be called VMWare Workstation. Not entirely. VMware Server has also (for many years) run on a normal OS. I first looked at it in around 2002, but the price was prohibitive for us. Luckily, competition in the virtualisation market has brought the price down to near zero for the simpler products. The difference has been in the capabilities, as Workstation initially provided enhanced I/O (for example the ability to connect to USB devices on the host) whereas Server initally scaled to multiple guests on one host. And, yes, both put a lot of drivers onto the host! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSESSIONID hijacking
From: Pieter Temmerman [mailto:ptemmerman@sadiel.es] However, as the jsessionid URL rewriting is defined in the servlet specification, I would expect this to be secure. Why, out of interest? Therefor I was wondering whether the hijacking is caused by a misconfiguration of Tomcat, my webapp or rather completely normal. It's completely normal. Other frameworks have exactly the same features. Some form of magic number maps to a session; match the magic number and you match the session. Sometimes there's a different magic number to match a login, but that's just a different magic number that can be hijacked too. If you don't want eavesdroppers to be able to pick up your sessions, use SSL. If you don't want session IDs to appear in your URLs so that your users don't cut+paste them or save them in favourites, use cookies. But be assured that if someone can read the request your browser sends to the server, they can hijack your session. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSESSIONID hijacking
From: Pieter Temmerman [mailto:ptemmerman@sadiel.es] I don't know. It just seemed way to easy to hijack a session, so I supposed it must be secure. Large portions of the web architecture are insecure by their original design. This makes security in web-based systems... erm.. a challenge :-). In my case cookies are created as well. OK. So why not rely entirely on the cookie rather than exposing the JSESSIONID in the URL at all? Or (most likely) have I got the wrong end of the stick here? By SSL, I suppose you mean client authentication with a certificate? No, I mean securing the connection by using https: rather than http:. Entirely server-side. At least that way, someone with a wiretap can't steal your session IDs off the wire. There's still a long way to go before you can prevent a different person using a different client from using a session ID that they happen to have obtained via (say) an eavesdropping plug-in on the user's browser, but it's a good start. Something to think about: No security will be 100%, not least because there are users involved and they're really remarkably good at leaving massive security holes in any technological solution - emailing their password to a colleague's Hotmail account, writing down login details on a Post-It or just leaving their computer unlocked as they nip to the loo. What security is good enough for your application? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSESSIONID hijacking
From: Zaki Akhmad [mailto:zakiakh...@gmail.com] 2009/3/13 zhaoxueqing zhaoxueq...@g-data.com.cn: jsessionid is the only way to indentity the user logined. if you get it ,you are this user. but? we can check others , for example IP! Difficult, depending on your environment. Some ISPs run large proxy clusters, meaning that different requests can appear to come from different IP addresses. But we can *still* do IP spoofing. Any other better recomendation? Don't just use a non-varying shared secret (a password) as login information. Instead, use client certificate authentication (distributed by non-network means such as USB keys) and/or a SecurID token or similar. All of which pushes the cost of security to the point that the application may be unworkable. What is good enough for your application? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat for Dummies
[I seem to be getting very delayed emails from the list; if this has already been answered, ignore me!] From: André Warnier [mailto:a...@ice-sa.com] suppose there are 3 active servlets (processing requests) at the moment the request to undeploy is issued by one of them. The servlet issuing the undeploy request knows that it has asked for it, so it can take any appropriate measures to terminate itself cleanly and quickly. Which leaves the other two (I am using two intentionally, because there is only one call to the ServletContextListener; it avoids cheating). How do they know ? That's up to you, as the application developer. It depends how tight a coupling you want between the servlets, and how much configuration you want in web.xml. Would that be like positioning some variable somewhere, accessible to all the servlets belonging to that same webapp, which they can check from time to time ? That works. Or does one have to implement in each servlet some kind of callback routine that the ContextDestroy can call ? That works too. Or if they were genuinely independent servlets that happened to be bundled into the same webapp, I think you could choose to register three listeners so that each of the three got an appropriate ContextDestroy call? And, does that tie into the fact that all the servlets of a same webapp, by virtue of sharing the same classloader, can actually share something? They share classes, and hence they can share (say) a singleton or a static variable. And, does that somehow relate to what the original OP of another thread, who was talking about a static variable being set when Tomcat is shut down, meant ? Probably :-). - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How can JSP use the .jar file out of Tomcat's Home ?
From: lrvb...@gmail.com [mailto:lrvb...@gmail.com] I have to make a JSP invoke a Class which is in a .jar file out of Tomcat Home, How can I deal with it? Add the jar to the WEB-INF/lib directory of the webapp with the JSP in. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How can JSP use the .jar file out of Tomcat's Home ?
From: lrvb...@gmail.com [mailto:lrvb...@gmail.com] Sent: 12 March 2009 13:51 To: 'Tomcat Users List' Subject: Re: How can JSP use the .jar file out of Tomcat's Home ? Thanks, For the jar is the core of another running application. I want to use API in the jar to put stream from the servlet to the core. If you have written a client/server application with both the client and the server in the same jar, you have an architecture problem. You should separate out the API into its own jar, and call that. But changing code takes time. If the server code is never called from the API, all you lose by putting a copy of the jar in your webapp's WEB-INF/lib is some storage space. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Error filterStart
From: Dolphin06 [mailto:david.vauque...@gmail.com] Hello, i have tomcat 5.5.27 installed on Red Hat 4.0 and jdk 6u12. I m deploying my application using xml file that i put under $TOMCAT_HOME/conf/Catalina/localhost When i start up tomcat the application is created inside the webapps directory and work directory, but cannot start. What error message(s) are you seeing in Tomcat's log files? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Starting Tomcat6 via command line/Removing registry keys
From: Cornelius Herzog (CH Software) [mailto:c.her...@chsoftware.net] Now I want to control Tomcat via an external script and so I need it to start via command line to adapt the parameters. If you install Tomcat via the zip (not the exe), you get some scripts to control its startup and shutdown via the command line. tomcat6.exe is not used, and neither is the registry. Try downloading the zip, unzipping it, looking for the .bat files in the root of the unzipped content and moving them across to your current install. For some reason the scripts are not included in the setup version that installs the service. Several of us on this list are puzzled about why they are not included. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: unkown protocol httpg - using apache-tomcat-6.0.18
From: shashidhar velagandula I am using apache-tomcat-6.0.18 , I want to access a SRM(storage resource manager) service endpoint which uses httpg protocol eg: service endpoint - httpg://srmserver.host:8444/ , by deploying a web service application using apache-tomcat server when a client tries to invoke the service , it is giving error as Exception java.net.MalformedURLException: unknown protocol: httpg That's not surprising - most browsers don't understand httpg:... as a prefix. Just to check, which of the following do you want to do? 1) Client (browser?) uses http to access a web application running inside Tomcat. Web application redirects client to a httpg: resource. Browser uses httpg to access that resource. 2) Client (browser?) uses http to access a web application running inside Tomcat. Web application accesses the httpg: resource internally, forms a response to the browser, and replies to the browser using http. 3) Client (browser?) uses httpg to access a web application running inside Tomcat. 4) Something else - in which case please tell us what! 1 and 2 require no changes to Tomcat's configuration files. 3 does, but Tomcat doesn't support a httpg connector so you'd have to write your own. 1 and 3 require the client to understand httpg, which browsers don't. I *think* you're trying to do 2, in which case you need to write/buy the appropriate web application to deploy, and make sure its configuration files are set up so that it knows to contact httpg://srmserver.host:8444/ to reach the SRM endpoint. If you're writing it, http://www.mail-archive.com/users@tomcat.apache.org/msg34996.html may be relevant - the webapp will have to be quite careful in how it registers the protocol handler. If you're trying to do something else, post more details to the list and we may be able to help! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org