Hook into Tomcat before web applications load
Hello, Is there a hook exposed in tomcat such that a custom class can be introduced to do some work at a point where we have a list of the docBase attribute for all the web applications that will be hosted by this tomcat instance ... while one of the web application specific handling has begun yet? I 'm asking this for any tomcat version, starting with 5.x, 6.x or 7.x ... I don't care. The motivation behind this question is a bit wordy so I don't want to take everyone off topic by posting it here ... but if you are interested in reading you can refer to this link: http://pulkitsinghal.blogspot.com/2011/03/idea-day-scan-for-shared-webapp.html Thanks! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat not working with HTTPS
Don't you need to specify: keystorePass=somePassword as well? On Jan 11, 2008 4:12 PM, Neha Agrawal [EMAIL PROTECTED] wrote: hi i have it my server.xml file and tomcat does recognise it..as i understood fro mthe log Also now my logs are showing up following .. org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8180 Jan 11, 2008 3:37:23 PM org.apache.coyote.http11.Http11AprProtocol init SEVERE: Error initializing endpoint java.lang.Exception: Unable to load certificate key /var/lib/tomcat5.5/conf/localhost.key (error:0906A068:PEM routines:PEM_do_header:bad password read) --- Pulkit Singhal [EMAIL PROTECTED] wrote: Hello, Can you tell me if you are replacing this when you posted your question or if this is what you really have in your server.xml file: ${catalina.base} - Pulkit On Jan 11, 2008 2:08 PM, Neha Agrawal [EMAIL PROTECTED] wrote: hi! this is the sample connector given in the doc.. Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLEngine=on SSLCertificateFile=${catalina.base}/conf/localhost.crt SSLCertificateKeyFile=${catalina.base}/conf/localhost.key / have this in my server.xml.. i did not understand how to generate .key and .cert files above i used this documnetation http://sandbox.rulemaker.net/ngps/m2/howto.ca.html 1) to generate a CA (so got cacert.pem and cakey.pem) 2)generate a new request (for certificate) and sign it and got newkey.pem and newcert.pem then i used these two files for localhost.key and localhost.cert above by coping these to that location still https://localhost:8443 is not working am i wrong in generating the localhost.key and localhost.cert files?? thanks neha Forgot the famous last words? Access your message archive online at http://in.messenger.yahoo.com/webmessengerpromo.php - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Bring your gang together - do your thing. Go to http://in.promos.yahoo.com/groups
Re: tomcat not working with HTTPS
Hmm, changeit is the default for cacerts file which is a truststore, what you are trying to setup here (I think) is a keystore to present the identity of your server correct? So perhaps its not so obvious to tomcat? On Jan 11, 2008 4:33 PM, Neha Agrawal [EMAIL PROTECTED] wrote: keystore password is the default one 'changeit' so its not mandatory to supply --- Pulkit Singhal [EMAIL PROTECTED] wrote: Don't you need to specify: keystorePass=somePassword as well? On Jan 11, 2008 4:12 PM, Neha Agrawal [EMAIL PROTECTED] wrote: hi i have it my server.xml file and tomcat does recognise it..as i understood fro mthe log Also now my logs are showing up following .. org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8180 Jan 11, 2008 3:37:23 PM org.apache.coyote.http11.Http11AprProtocol init SEVERE: Error initializing endpoint java.lang.Exception: Unable to load certificate key /var/lib/tomcat5.5/conf/localhost.key (error:0906A068:PEM routines:PEM_do_header:bad password read) --- Pulkit Singhal [EMAIL PROTECTED] wrote: Hello, Can you tell me if you are replacing this when you posted your question or if this is what you really have in your server.xml file: ${catalina.base} - Pulkit On Jan 11, 2008 2:08 PM, Neha Agrawal [EMAIL PROTECTED] wrote: hi! this is the sample connector given in the doc.. Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLEngine=on SSLCertificateFile=${catalina.base}/conf/localhost.crt SSLCertificateKeyFile=${catalina.base}/conf/localhost.key / have this in my server.xml.. i did not understand how to generate .key and .cert files above i used this documnetation http://sandbox.rulemaker.net/ngps/m2/howto.ca.html 1) to generate a CA (so got cacert.pem and cakey.pem) 2)generate a new request (for certificate) and sign it and got newkey.pem and newcert.pem then i used these two files for localhost.key and localhost.cert above by coping these to that location still https://localhost:8443 is not working am i wrong in generating the localhost.key and localhost.cert files?? thanks neha Forgot the famous last words? Access your message archive online at http://in.messenger.yahoo.com/webmessengerpromo.php - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Bring your gang together - do your thing. Go to http://in.promos.yahoo.com/groups Save all your chat conversations. Find them online at http://in.messenger.yahoo.com/webmessengerpromo.php - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to specify attributes for Resource
Hello, I would like to specify the following attribute in the server.xml file in windows: url=jdbc:derby:net://ip:port/path/to/database;retrieveMessagesFromServerOnGetMessage=true; But the problem is that I can't figure out the right way to escape the path to the database in windows. I've tried the following permutations but tomcat hasn't been able to parse any of them correctly: Resource ... url=jdbc:derby:net://ip:port/C:\path\to\database;retrieveMessagesFromServerOnGetMessage=true; / url=jdbc:derby:net://ip:port/C:/path/to/database;retrieveMessagesFromServerOnGetMessage=true; / url=jdbc:derby:net://ip:port/C:\\path\\to\\database;retrieveMessagesFromServerOnGetMessage=true; / url=jdbc:derby:net://ip:port/\C:\path\to\database\;retrieveMessagesFromServerOnGetMessage=true; / url=jdbc:derby:net://ip:port/\C:/path/to/database\;retrieveMessagesFromServerOnGetMessage=true; / url=jdbc:derby:net://ip:port/\C:\\path\\to\\database\;retrieveMessagesFromServerOnGetMessage=true; / Does anyone know how to accomplish the correct escaping sequence? Thanks!
Why are log4j jars treated differently?
Hello, I'd like to ask a question regarding the log4j jars and how tomcat treats/handles them. Tomcat version: 5.5.23 Log4j version: 1.2.5 (I don't think that versions matter here) If one deploys as follows: ${tomcat_home}/shared/lib/log4j.jar ${tomcat_home}/shared/classes/log4j.properties All is well. But if a webapp is thrown into the mix that comes bundled with log4j as well: ${tomcat_home}/shared/lib/log4j.jar ${tomcat_home}/shared/classes/log4j.properties ${tomcat_home}/webapps/some-app/WEB-INF/lib/log4j.jar All of a sudden tomcat gets confused and fails to initialize log4j properly. My questions to the list are: a) Why is it that there are many other jars that can be present in both of the following directories: 1) shared/lib 2) WEB-INF/lib but never have a problem, whereas log4j breaks? b) Is it because the log4j.properties file is sitting in shared/classes thats causing some confusion here? In the process of writing this email, an idea struck me of having log4j.properties file in WEB-INF/classes/ as well so I'll go try that and write back if that resolves my issue but I don't want to delay sending this email for the experts' responses. Any help is most appreciated. Cheers!
Re: URIEncoding
How about: String queryString = HttpServletRequest.getParameter(query); queryString = new String(queryString.getBytes(iso-8859-1), UTF-8); Its not very graceful so you can even make a 1-line-method for doing this and have: decodeURIParams(a, b, c) { return new String((HttpServletRequest.getParameter(a)).getBytes(b), c); } String queryString = decodeURIParams(query, URI_ENCODING_CONST, URI_DECODING_CONST)); This is all pseudo-code but I hope you see what I mean. On 7/26/07, Frederic Bastian [EMAIL PROTECTED] wrote: Hi Pulkit, thanks for your answer. The matter is that Tomcat won't get the correct values of the parameters in the URL. For instance : If my URI looks like : http://host/?query=%C3%A9%C3%A8 The URI encoding is UTF-8 By default, Tomcat will read this url in ISO-8859-1. So HttpServletRequest.getParameter(query) will return an incorrect value. The solution you proposed won't help Tomcat to return a correct value with the getParameter method. If I add into server.xml the attribut URIEncoding=UTF-8 to the Connector, Tomcat will correctly read the query parameter. I would like Tomcat to read correctly URL in UTF-8, but without modifying server.xml. Any suggestion ? Pulkit Singhal a écrit : Hi Frederic, I don't know about HttpSession.method for settign the URIEncoding. But you could always do somethign along the lines of: String uri_utf8 = new String (uri.getBytes(iso-8859-1), UTF-8); inside the application. On 7/26/07, Frederic Bastian [EMAIL PROTECTED] wrote: Hi folks :) I need my URI to be in UTF-8. In server.xml, I added to the Connector the attribut : URIEncoding=UTF-8 This works well. But my question is : Is there a way to define the URIEncoding in the application itself ? For instance, you can modify the session timeout in the application itself (HttpSession.setMaxInactiveInterval()). I would like to modify the URIEncoding by the same way. Would anyone know how to achieve that ? Thanks. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frederic Bastian, PhD student Department of Ecology and Evolution Biophore, University of Lausanne, 1015 Lausanne, Switzerland. tel: +41 21 692 4221 http://www.unil.ch/dee/page22707.html Swiss Institute of Bioinformatics http://www.isb-sib.ch/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URIEncoding
Hi Frederic, I don't know about HttpSession.method for settign the URIEncoding. But you could always do somethign along the lines of: String uri_utf8 = new String (uri.getBytes(iso-8859-1), UTF-8); inside the application. On 7/26/07, Frederic Bastian [EMAIL PROTECTED] wrote: Hi folks :) I need my URI to be in UTF-8. In server.xml, I added to the Connector the attribut : URIEncoding=UTF-8 This works well. But my question is : Is there a way to define the URIEncoding in the application itself ? For instance, you can modify the session timeout in the application itself (HttpSession.setMaxInactiveInterval()). I would like to modify the URIEncoding by the same way. Would anyone know how to achieve that ? Thanks. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Reloading keystore - how to register a new TrusStore Manager for Tomcat?
Hello, I am not sure what you are asking for here. You say that you fond some instructions on Creating Your Own X509TrustManager ... thats good. 1) Given that you have these instructions, whats the issue at hand? Conceptually (and without even looking at any content other than the title) I would chime-in and say that it sounds like ... if you can create your own TrustManager then you most likely make dynamic additions to it. 2) Or may be you have yet to implement any such solution and are still lookign for pre-provided alternatives? There are always modules like EJBCA(http://ejbca.sourceforge.net/) that you might want to have a look at, I think it can be deployed on Tomcat. On 6/11/07, Ronald Spiers [EMAIL PROTECTED] wrote: Hi, I am preparing a self enrollment webapp for generating client certificates and adding them to the server keystore. I know that Tomcat won't reload keystore unless the server is restarted, so I did look for alternatives, and the JSSE guide explains an approach to this in the section Creating Your Own X509TrustManager. My question is: Does anybody in this list have some experience solving this problem?, providing tomcat a custom trust manager to dynamically add a client certificate to the verification path when client credentials are presented? Can self-enrollment be done using Tomcat and JSSE? maybe it can't be done I am just wasting my time ;) I have searched a lot in the last 3 days, tomcat list archives and other materials, I have not found a single solution to this problem, except for the JSSE guide and this article, that explains how to create a trustManager and a SSLContext for implementing S/MIME with JavaMail: * http://www.javaworld.com/javatips/jw-javatip115.html Thanks a lot for any feedback you can provide. Regards, Martin - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: I've been trying to unsubscribe from this list for years.
You don't leave the mob and you don't leave tomcat users list. Just some humor. On 5/17/07, Keith Adams [EMAIL PROTECTED] wrote: No matter how many times I send a blank email to: [EMAIL PROTECTED], like the one I sent at 11.19 Eastern this morning, nothing happens. I use a rule to delete them permanently when I'm in Outlook, but when I use my company's web outlook, it can only move them to the deleted-items folder, which rapidly fills up, making it very hard for me to find things in there if I need to. Please help. Thanks, Keith - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DB2 DataSource.
The following is copy/pasted from http://jtds.sourceforge.net/faq.html#noSuitableDriver Why do I get a java.sql.SQLException: No suitable driver when trying to get a connection? The No suitable driver exception is thrown by the DriverManager when none of the registered Driver implementations recognizes the supplied URL. This means that you either did not register jTDS with the DriverManager first (by calling Class.forName(net.sourceforge.jtds.jdbc.Driver)) or you mistyped the URL (e.g. jbdc:jtds:... instead of jdbc:jtds:...). A common mistake is to append a semicolon (;) to the end of the URL (e.g. jdbc:jtds:sqlserver://server/db;TDS=7.0; is wrong!). For more information about URL format and the properties that may be passed to jTDS have a look at the jTDS URL formathttp://jtds.sourceforge.net/faq.html#urlFormat . On 4/12/07, Fargusson.Alan [EMAIL PROTECTED] wrote: Thanks. Unfortunately I did try this example before. It doesn't work. I get an exception, and along with the stack dump I display I get Caused by: java.sql.SQLException: No suitable driver. I am hoping that someone has a working example that they actually tested. -Original Message- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: Thursday, April 12, 2007 3:19 PM To: Tomcat Users List Subject: Re: DB2 DataSource. Alan- http://www.itjungle.com/fhg/fhg051204-story01.html Viel Gluck/Buena Suerte Martin-- This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: Fargusson.Alan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 12, 2007 6:01 PM Subject: DB2 DataSource. Can someone point me to documentation on setting up a DataSource to DB2? I tried to use the examples for Oracle and MySql, but I have not been able to get it to work. I am able to access DB2 using the DriverManager. - To start a new topic, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filter class not found problem
Hello Frank, It seems to me that the error is not so much about the Filter you want to load but the fact that it can't find the javax/servlet/Filter class which is (I think) supposed to be part of the servlet-api.jar ... I know you said that its bundled but try moving that jar around. Or at least crack open that jar in winzip or list the files using the jar command to make sure it really does have the javax.servlet.Filter class. On 4/1/07, Frank W. Zammetti [EMAIL PROTECTED] wrote: Hey folks... I'm having a real pain of a problem here... vital stats: JRE 1.6.0-b105 (JDK 6) Tomcat 6.0.10 I have a filter that compiles fine but will not initialize... error that appears on Tomcat startup: Apr 2, 2007 1:04:38 AM org.apache.catalina.core.StandardContextfilterStart SEVERE: Exception starting filter MasterControlFilter java.lang.NoClassDefFoundError: javax/servlet/Filter at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:620) at java.security.SecureClassLoader.defineClass( SecureClassLoader.java:124) at java.net.URLClassLoader.defineClass(URLClassLoader.java:260) ...and so on... The filter is contained within a JAR in my webapp's WEB-INF/lib directory. I've verified the filter is in the correct package, and that web.xml specifies the correct class name. I've spent about an hour Googling, and I've found numerous references to seemingly similar problems, but no answers... I've verified that there is no other servlet-api.jar floating around... I did notice a number of places that said servlet-api.jar should be in CATALINA_HOME/common/lib, but it's in CATALINA_HOME/lib in my installation (that's how it came out of the distro)... I assume that's just some old documentation I'm finding, but maybe not? For completeness, environment variables I have: CATALINA_HOME=k:\tomcat6010 JAVA_HOME=c:\java15 Path=c:\java15\bin;k:\tomcat6010\bin;x:\classes\apache-ant-1.7.0\bin ...NO classpath defined... I don't think there's any other relevant env vars. Can anyone point me in the right direction? I'm pretty well stuck at the moment until I get this resolved. Thanks! Frank -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM/Yahoo: fzammetti MSN: [EMAIL PROTECTED] Author of Practical Ajax Projects With Java Technology (2006, Apress, ISBN 1-59059-695-1) Java Web Parts - http://javawebparts.sourceforge.net Supplying the wheel, so you don't have to reinvent it! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HOW TO turn on client Certificate with pop choose a digital certificate window
For IE if you try to go to a https URL directly that requires Client Authn, IE itself will pop u a winddow. On 2/15/07, Zhan, Jimmy [EMAIL PROTECTED] wrote: Hi, I have set up HTTPS for tomcat without client certificate, and it is running good. Now I want to turn on the client certificate. How can to config the tomcat, let pop a Choose a digital certificate window, allow clients pick Choose a digital certificate, If failed , pop a new window to allow user input User Name and Password. In file servrer.xml , if change clientAuth=true, then when client is not in the truststoreFile, The page cannot be display comes out. If change clientAuth=want, then, tomcat ignores the result of checking client certificate. Thanks in advance!! Jimmy ZHAN Cash America International
Re: Questions regarding SSL
Can we have a look at the connectors chunk of your server.xml file? On 2/14/07, Bryant McClellan [EMAIL PROTECTED] wrote: I've tried to do my homework but I'm still having trouble with getting HTTPS to work. For starters: Server is Windows 2003 Standard Server, SP1. Java version is jdk1.5.0_04 plus update 11. Tomcat version is 5.5.20. Tomcat is set up to run as a service using the native dlls. I've built a keystore, created a CSR, gotten a cert from InstantSSL and loaded the 3 certificates from InstantSSL into the keystore. Next I modified server.xml to enable 8443, refer to the location of the keystore and provide the password. Then I restarted Tomcat HTTP works fine with either 8080 or 8443, returning the splash page. If I use HTTPS, IE eventually times out with the generic DNS error page. It is consistent in this whether I use localhost, the ip address or the eventual domain name (presently set up in the hosts file for testing). I've reinstalled Java and Tomcat thinking I missed something. I got a replacement cert and built a new keystore. Same results. There are no errors logged relative to this in either the windows logs or the Tomcat logs. I'm new at Java and Tomcat so I'd appreciate a pointer or two on where to look next. G Bryant McClellan SIRVA Data Management Project Lead T 260.429.3299 F 260.429.1762 E [EMAIL PROTECTED] www.sirva.com 5001 US Highway 30 West Fort Wayne, IN 46818 USA CONFIDENTIALITY NOTICE: The information contained in this e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may be privileged and confidential. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify the sender by reply e-mail and delete the original message and all copies from your computer.
Re: Windows Authentication against multiple domains
I can't suggest any open-source/free products but allow me to suggest reading the following article if you want to roll your own solution one of these days in the windows world: http://www.microsoft.com/msj/0899/kerberos/kerberos.aspx Once you read it, I hope you will be able to see how you can put some amount of work in from your side and leverage Kerberos as a solution across Windows domains. But may be I misunderstood your problem, may be you don't want SSO across multiple domains. Maybe you simply want a piece of code that can connect to multiple ADs instead of just one? I suggest a bit more clarification so that the list readers may understand your use-case. Cheers! On 2/9/07, Suneet Shah [EMAIL PROTECTED] wrote: Hello, We have this capability in our open source identity and access management solution where you can use more then one use more then one repository for authentication. You may be able to use just the authentication service as taking on the rest of it may be more then what you need. The project is OpenIAM on sourceforge. We will be putting a new release this weekend. If you are interested in taking a look, let me know and I can send you a link. Regards Suneet On 2/9/07, Uwe_77 [EMAIL PROTECTED] wrote: Sure, I will let you know. Perhaps we need third party tools. Doese someone knows a solution? -- View this message in context: http://www.nabble.com/RE%3A-Windows-Authentication-against-multiple-domains-tf3203321.html#a8895171 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to display chinese chars in JSP / encoding UTF-8 without @page encoding tag
I think you can set the -DFileEncoding flag or something to be UTF-8 in the java options of the script you use to start tomcat. On 1/11/07, PATTUS, Jean-Philippe [EMAIL PROTECTED] wrote: Hello the list, i'm trying to display chinese chars in my web application. I have managed to display these characters by adding this following directive in each jsp : %@ page contentType=text/html; charset=UTF-8%. It works fine. But, now i'm looking for a way to change the default charset (Iso 8859-1) used by Tomcat for the jsp compilation. I want to set this information in only one place(why not in the web.xml), to avoid to add the directive tag on my each jsp file. Let me know if you have any ideas on the subject. Regards, jp PS : When Tomcat (jasper) compiles a jsp without any directive the result is in the java source setContentType(text/html; charset=iso8859-1); When Tomcat (jasper) compiles a jsp with the directive the result is in the java source setContentType(text/html; charset=UTF-8); What i want is to have the second result without tag my jsp file with the directive %@ page contentType=text/html; charset=UTF-8% ** Ce message et ses pièces jointes sont confidentiels et établis a l'intention exclusive de ses destinataires. Tout message électronique est susceptible d'altération. SOGITEC décline toute responsabilité au titre de ce message s'il a été altéré, déformé ou falsifié. Si vous n'êtes pas destinataire de ce message, merci de le détruire immédiatement. **
Re: Problem with UTF-8 characters in JSP page
Hi Jim, The very first thing I would be tempted to try the following Copyright \ua9 2006
Re: Error: No available certificate or key corresponds to the SSL cipher suites which are enabled.
I didn't specify the keyStore parameter in here because I only have one keystore at C:\Documents and Settings\HP_Administrator\.keystore or do Iexplicitely need to do that? I read somewhere that I didn't. Personally, I can not even begin to imagine how Tomcat would know where to find the keystore on a windows machine so one thing I would suggest (until you get it all working) is to be as explicit as possible and provide the keystore location in the connector and the password for it as well. I have the same certificate imported under the 'root' and 'tomcat' alias; is that a problem? I have no idea why you felt or thought that you needed to have the same certificate listed twice in your keystore. Its not really a question of weather or not its a problem...its more a question of me wanting to know the motivation for you doing this at all. The point here is configure a connector so that when someone uses https, you can serve up a certificate that you got signed by some CA that is trusted(the CA cert is trusted by the user's browser) by most user's browsers and is embedded(the CA's cert is embedded in the user browser) in them. Since the user's browser trusts the CA's cert to sign other certs...that means they should/will the certificate that you happen to be servingRight? So as long as you tell the connector what keystore to look in, what the password for that keystore is, and what alias to use as a handle to pull the certificate (that needs to be served) out of that keystoreyou should be good to go. Feel free to tell me otherwise or let me know of any issues you face. Cheers!
Re: SSL Keystore - help
Hello, I'm going to assume that you want server authN to function between the two machines, in which case you should exchange the certificates between IIS and Tomcat. These certificates that you exchange between IIS and Tomcat will ofcourse be the certificates that you export from the keypairs in the keystores used by either server. Make sense? On 8/29/06, TomcatED [EMAIL PROTECTED] wrote: I have IIS 6.0 and Tomcat 5.5.17 on separate servers. When using the keystore to import a certificate on the Tomcat server, do I: 1. Import the SSL cert that exists on the separate web server? OR 2. Import a server certificate created specifically for the Tomcat server? OR 3. or…??? -- View this message in context: http://www.nabble.com/SSL-Keystore---help-tf2183619.html#a6039224 Sent from the Tomcat - User forum at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session drop from https to http
Hmm...kind of makes sense doesn't it? I mean there are a lot of apps that use the sessionID as a key of sorts for access or cookie management so its ok to go from a http to https connections with the same session ID because extra security is involved but not ok to go from https to http connection with the same sessionID cause tis insecure. I'm sure someone on the list can tell you how to actually make it happen the way you want but this is just my 2 cts. On 8/27/06, Amir S [EMAIL PROTECTED] wrote: Hi All, I have a Jakarta 5.0.28. When entering the tomcat first https://127.0.0.1/a.jsp and then http://127.0.0.1/b.jsp The sessionID changes?! In the revise (http://127.0.0.1/b.jsp and then https://127.0.0.1/a.jsp) order it does not, why is that?! How can I fix it? Please note that the different is in the HTTPS and HTTP order. Regards, Amir S - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multiple apache web servers single Tomcat, how many Connectors are needed?
Hi, I'm not an expert but just thinking out loud here: If in the long run you are not going to make - distinguishing the requests coming from either of the Apache instances - into a requirement. Then I do not see why you would need more than 1 JK connector. If there is absolutely never going to be a bias in how to serve the requests or treat them differently then the JK connector itself couldn't care less if 10 apache instances are hitting it right? When it runs on the tomcat side, to it (JK conn itself) everything coming in ... is just another request. [If I'm wrong about this notion of mine...then I'd like to hear about it from others on the list and be corrected] Now if you DO see yourself needing/wanting to treat the requests differently... 1st I doubt you will treat them differently on a HTTP server basis ... most likely you will want to handle them differently on a webapp basis so again ... you don't need multiple connectors listening on the tomcat side. Now if u do care about which HTTPD (apache web server) your users come through... well then you could have 2 JK connectors I guess ...but ... but ... I wouldn't know if that would be the right way to go about distiguishing and applying policies to incoming requests... may be someone else far more knowledgeable than me can comment on that. Cheers, - Pulkit On 8/25/06, tomcat [EMAIL PROTECTED] wrote: Hello, Hopefully someone can clarify a setup query I have as after lots of searching I cannot find a definitive answer. Although I'm configuring a much more complex system the problem I have boils down to this. I want to configure two Apache instances running on separate servers to talk to a single Tomcat instance (on its own server) but need clarification on the number of Connectors I need to define on the Tomcat side (server.xml). Is it a Connector listening on individual ports for each web server or one Connetor for all web servers? Apache 2.0.59 mod_jk 1.2.18 Tomcat 5.5.17 Thanks in advance J - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat does not sense the source modifications!!!
You could remove the war while tomcat is running and then redeploy it On 7/31/06, Ach [EMAIL PROTECTED] wrote: Hi all, I have a really bad problem with tomcat 5.5.x. I deploy an app (developed in Eclipse 3.1.2 using tomcat sysdeo plugin) to tomcat. Now I have a index.jsp that is just a: jsp:forward page=/pages/login.jsp/jsp:forward OK? Now it works but I change above line to something like: jsp:forward page=/tests/test.jsp/jsp:forward I remove login.jsp, stop tomcat, deploy this, start tomcat but whenever I want to see that from manager I got a 404 error that login.jsp does not exists! I stop app, start app but no chance! I reload it from manager but it again seeks the login.jsp. it is really strange. And number of sessions is 1 (and increase each time). I think this is a bug of tomcat. Have you encountered such problem? -Thanks in advance -- View this message in context: http://www.nabble.com/Tomcat-does-not-sense-the-source-modifications%21%21%21-tf2028692.html#a5579495 Sent from the Tomcat - User forum at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat5.5 and IIS 6.0 problem
i didn't touch the subject line...i have no clue what u r talkign about On 7/26/06, Mark Thomas [EMAIL PROTECTED] wrote: When starting a new thread (ie sending a message to the list about a new topic) please do not reply to an existing message and change the subject line. To many of the list archiving services and mail clients used by list subscribers this makes your new message appear as part of the old thread. This makes it harder for other users to find relevant information when searching the lists. This is known as thread hijacking and is behaviour that is frowned upon on this list. Frequent offenders will be removed from the list. It should also be noted that many list subscribers automatically ignore any messages that hijack another thread. The correct procedure is to create a new message with a new subject. This will start a new thread. Mark tomcat-user-owner - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat5.5 and IIS 6.0 problem
- JK connector - ISAPI Redirector: isapi_redirect.msihttp://tg-corpserver.cup.hp.com:8080/corpwiki/attach?page=TomcatConnectors%2Fisapi_redirect.msiis an Installer package for IIS 5 and later Web Server that takes care of all the configuration stepshttp://tomcat.apache.org/connectors-doc-archive/jk2/jk/iishowto.html#Configuring%2520the%2520ISAPI%2520Redirectorfor you. The conf steps page that is hyperlinked here is actually archived under the jk2 connector but its really the same steps that the jk connector seems to be taking neway. On 7/26/06, Uday K Sarvasiddhi [EMAIL PROTECTED] wrote: Hi , I'm trying to do an installation of Tomcat 5.5 and IIS 6.0 on a Windows 2003 server box . I am running into problems because I can not get the ISAPI Filter (DLL) to load. The arrow is always red and down (never green and up) and the service log shows that the filter fails to load each time I restart IIS. I am using identical /conf files and registry settings as my *working* IIS 6.0 with Tomcat 3.3 on windows 2003 server with jre1.5.0_07 And that setup is based on the general setup guide for the IIS connector on the jakarta.apache.org site. .I have also tried using both the JK 1.2 and JK 2.0 connectors. I've also tried disabling all the other ISAPI Filters that were present by default with the Win2k3 installation. Still i am facing the problems . Is it possible to get the existing connectors to work with IIS 6.0. If anyone has any tips on getting a connector to work under IIS 6.0, I would be most appreciative. Regards, Uday
Re: Tomcat 5.X
What URL did you use? Did you try others such as http://localhost:8080/jsp-examples/; ? On 3/16/06, Jorge Herrera Aguilar [EMAIL PROTECTED] wrote: I Install Tomcat on my pc, and i'm able to start it and to stop it, but when i try to view a simple index.html page it cames back with an error message saying : Resoirce \index.html is not available I'm running windows XP Please Help _ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.X
Just a a precaution...have you gotten around to taking a look at the logs? to see if there are any profoundly disturbing exceptions shown in there? On 3/16/06, Jorge Herrera Aguilar [EMAIL PROTECTED] wrote: yes i did, even i moved index.html to different subdirectories without any luck From: Pulkit Singhal [EMAIL PROTECTED] Reply-To: Tomcat Users List users@tomcat.apache.org To: Tomcat Users List users@tomcat.apache.org Subject: Re: Tomcat 5.X Date: Thu, 16 Mar 2006 09:28:24 -0800 What URL did you use? Did you try others such as http://localhost:8080/jsp-examples/; ? On 3/16/06, Jorge Herrera Aguilar [EMAIL PROTECTED] wrote: I Install Tomcat on my pc, and i'm able to start it and to stop it, but when i try to view a simple index.html page it cames back with an error message saying : Resoirce \index.html is not available I'm running windows XP Please Help _ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Best IDE for dev of Tomcat Servlet?
I would say Eclipse web edition...but you have to figure out how to integrate it with tomcat...shld be able to find a tutorial on that out there somewhere. On 2/16/06, Mike Reynolds [EMAIL PROTECTED] wrote: What is the best development environment for developing a Tomcat servlet? - Brings words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail.
Re: Loading data in tree model from database table by Java
I guess you would just have to write a function to process the data. you probable need to look at the result set and use a data structure where you can, one by one, add the each child to the parent. Then you could write a output method that goes through this and for each node tabs the children and prints them. On 2/13/06, Gangaa D [EMAIL PROTECTED] wrote: How do I loading data in tree model from database table by Java? 1) ReadData(Result); read following table; table structure: id msg child 1 msg1 0 2 msg2 1 3 msg3 2 2) ViewTree(); print following tree; Tree View: msg1 msg2 msg3 Please help me solve it. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Having problem with special characters
Hi I think there were a few posts earlier regarding consistent UTF-8 encoding in tomcat. If I remember correctly, this was resolved by setting some flags in a few files. I know I'm being awfully vague :( but I know its there. Cheers, - Pulkit On 2/7/06, Randy Paries [EMAIL PROTECTED] wrote: Hello, Please help I have to tomcat servers. Same version of OS fedora 4 and apache-tomcat-5.5.15 this is driving me crazy i am in a form, it calls a servlet and the servlet writes a file the character i am trying to write is £ on one machine it writes a £ but on the other machine it writes a £ the form posts directly to the servlet any ideas. not sure even where to start Thanks Randy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk / 503 Error
Hello Neal, What stands out in my mod_jk.log is this line: trying to connect socket 10 to 127.0.0.1:8009 The system seems to be trying to connect via the local host. As you can see from my config files below I do not reference localhost or the 127.0.0.1 IP address. Best I can tell JK should be using http://www.site.com:8009 to get/pass data to Tomcat from Apache. Is there a configuration option I am missing? I remember seeing a few posts in this mailing-list which to my understanding pretty much stated that the worker.properties file is only used to tell the connector where the tomcat instance is located. I too tried entering the outward facing ip of my local machine but it doesn't seem to make a difference. Maybe it would, if tomcat was actually located on a different machine. But locallly even if i give the website name or the outward-facing-ip address itself...it uses localhost to talk to tomcat (after locating it i guess). Or how can I get JK to use the correct location? So what I'm trying to say is that in the end I Couldn't get the connector to talk with tomcat with anything other than localhost. AND that it DOES NOT hurt if it uses localhost to talk to Tomcat!!! It should work fine! Having said that..I think we should concentrate on these log entries that you posted to figure out what the error is: [info] jk_open_socket::jk_connect.c (433): connect to 127.0.0.1:8009 failed with errno=111 [info] ajp_connect_to_endpoint::jk_ajp_common.c (880): Failed opening socket to (127.0.0.1:8009) with (errno=111) [info] ajp_send_request::jk_ajp_common.c (1239): Error connecting to the Tomcat process. I wonder what errno=111 is? Maybe the tomcat experts can help answer this one. By the way you mentioned that you cannot access the page via: http://www.site.com/examples/ BUT can you access it via http://localhost/examples/ ??? If so, I might write more :) Cheers, - Pulkit On 1/25/06, Warren Pace [EMAIL PROTECTED] wrote: From: Neal Whitley [EMAIL PROTECTED] Date: 2006/01/24 Tue PM 05:40:53 EST To: users@tomcat.apache.org Subject: mod_jk / 503 Error I have mod_jk / tomcat and apache somewhat working together but I am getting an error when displaying pages via the connector. Tomcat is set up and works. I can hit: http://www.site.com:8080/examples/ or http://www.site.com:8009/examples/ However, when I try: http://www.site.com/examples/ I get a 503 error. Service Temporarily Unavailable. The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. What stands out in my mod_jk.log is this line: trying to connect socket 10 to 127.0.0.1:8009 The system seems to be trying to connect via the local host. As you can see from my config files below I do not reference localhost or the 127.0.0.1 IP address. Best I can tell JK should be using http://www.site.com:8009 to get/pass data to Tomcat from Apache. Is there a configuration option I am missing? Or how can I get JK to use the correct location? Thanks, Neal System Specs: Lixux/Debian Apache 1.3.X Tomcat 4.1.31 JK 1.2.14 mod_jk.log file: [Tue Jan 24 13:53:01 2006] [23378:] [debug] map_uri_to_worker::jk_uri_worker_map.c (442): Attempting to map URI '/examples/' from 11 maps [Tue Jan 24 13:53:01 2006] [23378:] [debug] map_uri_to_worker::jk_uri_worker_map.c (454): Attempting to map context URI '/examples/jsp/security/protected/j_security_check' [Tue Jan 24 13:53:01 2006] [23378:] [debug] map_uri_to_worker::jk_uri_worker_map.c (454): Attempting to map context URI '/examples/CompressionTest' [Tue Jan 24 13:53:01 2006] [23378:] [debug] map_uri_to_worker::jk_uri_worker_map.c (454): Attempting to map context URI '/examples/SendMailServlet' [Tue Jan 24 13:53:01 2006] [23378:] [debug] map_uri_to_worker::jk_uri_worker_map.c (454): Attempting to map context URI '/examples/servletToJsp' [Tue Jan 24 13:53:01 2006] [23378:] [debug] map_uri_to_worker::jk_uri_worker_map.c (454): Attempting to map context URI '/examples/servlet/*' [Tue Jan 24 13:53:01 2006] [23378:] [debug] map_uri_to_worker::jk_uri_worker_map.c (454): Attempting to map context URI '/examples/*.jsp' [Tue Jan 24 13:53:01 2006] [23378:] [debug] map_uri_to_worker::jk_uri_worker_map.c (454): Attempting to map context URI '/examples/snoop' [Tue Jan 24 13:53:01 2006] [23378:] [debug] map_uri_to_worker::jk_uri_worker_map.c (454): Attempting to map context URI '/examples/*' [Tue Jan 24 13:53:01 2006] [23378:] [debug] map_uri_to_worker::jk_uri_worker_map.c (468): Found a wildchar match ajp13 - /examples/* [Tue Jan 24 13:53:01 2006] [23378:] [debug] map_uri_to_worker::jk_uri_worker_map.c
Re: How can I take a webapp temporarily out of service using mod_jk?
Hello, Ok this might be a step in the totally wrong direction for you...but I just saw another post...where the problem is that the user sees the out of service message...LOL So may be you'll have some luck if you head over there and checkout what his config is!!! The subject of this topic is:* mod_jk / 503 Error *Cheers, -Pulkit On 1/24/06, Mladen Turk [EMAIL PROTECTED] wrote: Prout John - jprout wrote: I think this is the trick: If you need only to remove particular mappings then use JkMount directive and prefix each mapping with '-'. Within 60 seconds, mod_jk will disable the mappings. Looking at documentation at the link you sent, it describes this behavior for the JkMountFile directive; do you know there's similar functionality for the JkMount directive? Right, it's JkMountFile (type :). In an ideal world, I'd like to be able to make these changes without editing a file - similar to stopping a node using the status worked - but this is a big step in the right direction In mod_jk3 (mod_jk1.3.x) we'll add the url management to status worker. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Remote address filter for host Alias
Using RemoteAddrValve as Host/ subelement won't work, as will apply to both, any suggestions? Why not just do: Host name=www.mydomain.com .. Context path= docBase= debug=0 . / /Host Host name=www-i.mydomain.com http://www.mydomain.com/ .. Context path= docBase= debug=0 . / /Host Ofcourse I'm pretty new to this so you might see some cons to this :) Cheers, - Pulkit On 1/20/06, Patricio Keilty [EMAIL PROTECTED] wrote: Hi, I need to restrict access to my webapp to some IP adresses on a per-domain name basis. In our tomcat server we are using an Alias/ element to serve both domains from same host as the following config shows: Host name=www.mydomain.com .. Aliaswww-i.mydomain.com/Alias Context path= docBase= debug=0 . / /Host Is it possible to use a RemoteAddrValve for each domain, each which different IP address sets? Using RemoteAddrValve as Host/ subelement won't work, as will apply to both, any suggestions? Thanks, --p - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat5 and LDAP authentication
Hello, However, if we enter in a correct username/password combination, it binds correctly, however it just hangs there as if it were awaiting response. The LDAP logs indicate that it did successfully bind correctly with the username/password combination, but no search was performed. How can we get it so that if the correct username/password is entered, it lets us pass the login page? Seeing how nobody seems to have responded to your message yet...I do have a suggestion for you: - Try to find forums and/or mailing lists for your Directory Server and posting this issue there - for ex: if you happen to be using Sun ONE DS 5.2 then you can use their forums at http://swforum.sun.com/jive/forum.jspa?forumID=13 - Or if you have a proprietary DS...try contacting their support...I think tomcat *should be* popular enough for them to have run into this with another client at least once. - Oh and by the way...do post the solution/progress here...should you find/make any. Cheers, - Pulkit On 1/9/06, Derrick [EMAIL PROTECTED] wrote: Nobody? On 1/6/06, Derrick Woo [EMAIL PROTECTED] wrote: I'm having a bit of a tough time getting Tomcat5 to authenticate correctly to our LDAP server. It connects using the service account, and then attempts to bind using the username and password entered at the login page to confirm if it is valid. As it is set up right now, if an invalid username/password is entered, catalina_log confirms that bind attempt failed and Username XXX NOT successfully authenticated just as we expect. However, if we enter in a correct username/password combination, it binds correctly, however it just hangs there as if it were awaiting response. The LDAP logs indicate that it did successfully bind correctly with the username/password combination, but no search was performed. Here is the relevent section of my server.xml file: Realm className=org.apache.catalina.realm .JNDIRealm debug=99 connectionURL=ldap://ldap.domain.com; connectionName=uid=admin,ou=ldapadmin,o=domain.com connectionPassword=xx userPattern=uid={0},ou=it,o=domain.com userBase=ou=it,o=domain.com / Am I missing out on something here? I tried playing around with some of the different attributes mentioned in the Jakarta Tomcat JNDIRealm documentation, but still get the same results. We are not using any roles. How can we get it so that if the correct username/password is entered, it lets us pass the login page?
Re: log4j setup in tomcat 5.0
Also, try and remove any log4j .jars and .properties files from under the apps deployed under the webapps folders. Restart and see if that does the trick. - Pulkit On 12/28/05, Dwayne A. Ghant [EMAIL PROTECTED] wrote: If I remember correcty you should but the properties file(s) in the CATALINA_HOME/conf direcotry??? Let me know if it works. bana lakshmi narayana reddy wrote: Hi, I need small help. for setup a log4j in tomcat 5.0 i have done the following steps 1). copied log4j.jar into CATALINA_HOME/common/lib 2). copied log4j.properties file into CATALINA_HOME/common/classes still i am not able done a setup. Is there anything is missed in my setup process... please help me regards, reddy - Yahoo! Photos Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever. -- Dwayne A. Ghant Application Developer Temple University 215.204.3467 [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: UDP Server app
Hi, A few questions to help clarify what you want: 1) Is this UDP port actually being used by your instance of Tomcat for implementing some functionality and you simply want to listen on the port without interfering with the actions that take place? (kind of like a wire tap) -- If you are indeed trying to monitor a port on Tomcat then I take it that Tomcat already makes use of that port of somehow. In which case, you should really have no need to open anything or configure Tomcat in any way, shape or form. 2) Are you looking to add-to Tomcat's present functionality on this UDP port or extend it with your code? -- I lack ideas on this one. 3) This really has nothing to do with Tomcat in the sense that you just want to listen on a UDP port and your app just happens to be deployed on Tomcat and you just want the damned thing to work? -- I think that if its simply an app that you deployed on Tomcat that will listen on any given UDP port then Tomcat has no business constraining you. But ofcourse this can be confirmed :) If it was me...here's how I would go about confirming: a) I think that since main() is a static method, it should run automagically when you deploy your app into webapps and start tomcat. b) You can confirm this by writing a fake webapp (real quick) where the main method contains print_out statements to your catalina.log c) If you see these log statements in catalina.log or wherever else you tried to output them to then your code in main() should have run. d) Now, put similar print statements in your real webapp's main() method inside the try and catch block so that you know if you are listening or failing. e) You can also write a test class that prints an UDP message on the port that you are either hard-coded to listen to or maybe have a configuration file for. In turn, have your listening webapp print any messages it captures. Then looking at the file (stdout or catalina.out) where you printed the message...you should have a good feel for where you stand. Cheers, - Pulkit On 12/26/05, kjr_23 [EMAIL PROTECTED] wrote: I'm developing an application that will monitor a port on Tomcat 5.5.x and receive udp datagrams. I've got the class coded, but not sure if I've done it correctly. I created a class with a main() method that runs the code to read from whatever port I specify. Do I need to configure Tomcat to open this port or listen on the port? Should I inherit my server class from thread, so it can be multithreaded? How do I know my application is running? I usually just develop classes/applications that are initiated by JSP pages. Thanks, K - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk versus mod_proxy under load ?
I hate to take you off topic here but just in case you migth want to check this post out as well: *Re: About possible memory leak in Tomcat 5.x* Cheers and Gluck! On 12/26/05, Laurent Perez [EMAIL PROTECTED] wrote: Hello One of our production servers recently started to suffer from very heavy performance troubles under load : the current setup is apache2 + mod_jk/ajp13 + tomcat5.0.25, jdk 1.4.2, 1GB (Xmx/Xms to 640MB) on a dual 2.4Ghz Xeon server. The maximum amount of requests/sec reached is around 15req/sec under production load, and I'd like to hit something between 30 and 40req/sec, unfortunately, mod_cache is not really an option for our current hosting company. Are there available benchmarks comparing mod_jk and mod_proxy available, or resulting from anyone's personal experience ? I googled quite a bit and results are just random, someone will tell jk is faster, someone else will tell proxy is faster, so I'm looking for some advice on this TC list. Thanks for any input Laurent -- a href=http://in-pocket.blogspot.com;http://in-pocket.blogspot.com - Mobile world, technology and more/a - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to forward external-ip-facing requests from ApacheHTTPServer to Tomcat?
Hi, Thank you for the suggestion :) I will give it a shot but I am really too deep into my setup to be doing any big changes or something new! So while I try to google and learn more about setting up mod_proxy, I would really appreciate if someone can tell me: How do I go about configuring apache to forward the outside-facing-ip requests to Tomcat through JK connector? This should be something pretty standard for anyone who has ever moved Tomcat from a local testing env. (localhost) to a production env. (real ip) ...right? Thanks, - Pulkit On 12/23/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: use mod_proxy, much easier, and in our tests has proven to scale better, and you will wanna look for a directive called ProxyHostPreserve so that request.getServerName returns the right name, then the IP address will be stored in x-forwarded-for header in the HTTP request. Filip Hello Everyone, I have successfully configured Apache to forward requests to my Tomcat instance. But it does so...only for requests whose IP resolves to 127.0.0.1 If I try to access a page through apache server (that's actually on tomcat) with the outside-facing-ip of my computer it fails. For example: 1) URL: http://12.34.56.78:666/blah/serveMe.html;FAILS with a 404 (apache does not forward properly) 2) URL: http://12.34.56.78:8080/blah/serveMe.html; SUCCEEDS (tomcat seems to be ok when it gets the request directly, so it has to be a forwarding failure by apache in the previous case) 3) URL: http://my.domain.com:666/blah/serveMe.html; SUCCEEDS (I have my.domain.com mapped to 127.0.0.1 in my windows' hosts file) 4) URL: http://localhost:666/blah/serveMe.html;SUCCEEDS I think this happens because the 1st request (the one with the outside facing ip) is not forwarded to Tomcat by apache. a) The apache error logs show that Apache is trying to look for the page in the wrong place b) The access logs ofcourse show a 404 because it can't find the page to serve Now, I have read a few threads and been on a few forums and apparently my worker.properties file is supposed to be as simple as this: worker.list=ajp13 worker.ajp13.port=8009 worker.ajp13.host=my.domain.com worker.ajp13.type=ajp13 --- I also tried putting my outside-facing-ip and localhost as values for worker.ajp13.host but it didn't seem to make any difference at all. In that case I must ask all of you: Question 1: How do I go about configuring apache to forward the outside-facing-ip requests to Tomcat? If it is not done in workers.properties...then where is it handled? Question 2: Or am I wrong and it is actually handled by workers.properties? Even then, how? Thanks in advance to all those who answer and all those who take the time to read this. Cheers, - Pulkit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to forward external-ip-facing requests from ApacheHTTPServer to Tomcat?
Hi Daniel, Firstly, Thank you for your response. Secondly, I must confess that I failed to grasp some of it due to my ignorance of Unix. I understood the overall idea but found myself scared/hesitant in implementing it as I'm using Win Server 2003. I'm a bit perplexed by the contents you said I could add to workers2.properties as I was not aware that fields were acceptable in such format. May be its the type of connector you are using or maybe its just my lack of experience/knowledge. I did find a soulution of ***sorts** which I would like to share with all of you so that you may comment/bash on its weaknesses/lamenesses thus helping me in finding a better one: *sigh* I just: a) Removed the 127.0.0.1my.server.com mapping from the hosts file. b) Added another Virtual Host to my server.xml file...resulting in something like this: !-- Define the default virtual host -- Host name=localhost ... Listener className=org.apache.jk.config.ApacheConfig modJk=c:/apps/apache/apache2/modules/mod_jk- apache-2.0.55.so / /Host !-- Define the hack virtual host for external-facing-ip requests Host name=my.server.com ... Listener className=org.apache.jk.config.ApacheConfig modJk=c:/apps/apache/apache2/modules/mod_jk- apache-2.0.55.so / /Host c) This happened to do the job, as now the file that Tomcat was auto-generating for use by Apache had some lines that accounted for the proper forwarding of external-facing-ip requests as well :) These were not there earlier and the file I speak of is tomcat_home\conf\auto\mod_jk.conf ) d) I still feel a bit jilted because my solution seems repetitive...there are 2 virtual hosts that are located in the exact same place and to top it off they have the same listeners inside them. They are identical in every aspect. I HAD tried entering Aliasmy.server.com/Alias under the localhost virtual-host but that did not seem to do the job... so I settled for having this repitition. Do let me know of your thoughts on this... Cheers, - Pulkit On 12/25/05, Daniel Blumenthal [EMAIL PROTECTED] wrote: I've set up my system so that Apache handles all requests, and forwards to the servlet when the path is www.mysite.com/myservlet/*. Following are my installation notes. (note that there's a slightly newer version of the JK connector) % tar zxf jakarta-tomcat-connectors-jk2-src-current.tar.gz % cd jakarta-tomcat-connectors-jk2-2.0.2-src/jk/native2 % ./configure --with-apxs2=/usr/local/apache/bin/apxs % make % su % cp ../build/jk2/apache2/mod_jk2.so /usr/local/apache/modules % cp ../build/jk2/apache2/jkjni.so /usr/local/apache/modules make sure that httpd owns the apache directory tomcat/server.xml: make sure that the following connector is uncommented: Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0/ create a workers2.properties file in /usr/local/apache/conf with the following contents: [logger] level=DEBUG [shm] file=/usr/local/apache/logs/jk2.shm size=1048576 [channel.socket:localhost:8009] info=Ajp13 forwarding over socket tomcatId=localhost:8009 [uri:/myservlet/*] context=/myservlet % touch /usr/local/apache/logs/jk2.shm % chown httpd /usr/local/apache/logs/jk2.shm % chgrp httpd /usr/local/apache/logs/jk2.shm add the following line to /usr/local/apache/conf/httpd.conf: LoadModule jk2_module modules/mod_jk2.so I hope this helps. Daniel -Original Message- From: Pulkit Singhal [mailto:[EMAIL PROTECTED] Sent: Sunday, December 25, 2005 1:12 PM To: Tomcat Users List Subject: Re: How to forward external-ip-facing requests from ApacheHTTPServer to Tomcat? Hi, Thank you for the suggestion :) I will give it a shot but I am really too deep into my setup to be doing any big changes or something new! So while I try to google and learn more about setting up mod_proxy, I would really appreciate if someone can tell me: How do I go about configuring apache to forward the outside-facing-ip requests to Tomcat through JK connector? This should be something pretty standard for anyone who has ever moved Tomcat from a local testing env. (localhost) to a production env. (real ip) ...right? Thanks, - Pulkit On 12/23/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: use mod_proxy, much easier, and in our tests has proven to scale better, and you will wanna look for a directive called ProxyHostPreserve so that request.getServerName returns the right name, then the IP address will be stored in x-forwarded-for header in the HTTP request. Filip Hello Everyone, I have successfully configured Apache to forward requests to my Tomcat instance. But it does so...only for requests whose IP resolves to 127.0.0.1