Re: manager 401 error fixed with restart
On Mon, 02 Mar 2009 07:04:40 +, Thufir wrote: On Mon, 02 Mar 2009 05:49:53 +, Thufir wrote: I'm getting: HTTP Status 401 - type Status report message description This request requires HTTP authentication (). http://localhost:8080/manager/html on tomcat6 for ubuntu 8.10 with sun java. Neither restarting tomcat nor logging out gained access to the manager page, had to restart. Is there a less drastic step to take in that circumstance? Well, restarting apache2 seems to fix that problem. pain in the neck, though. -Thufir - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: instance has been stopped. could not loadoracle.toplink.essentials...
On Sun, 01 Mar 2009 21:46:30 -0600, Caldarale, Charles R wrote: From: news [mailto:n...@ger.gmane.org] On Behalf Of Thufir Subject: Re: instance has been stopped. could not loadoracle.toplink.essentials... Glad you saw that. It seems like toplink is required for JPA? Got no idea; what I said was mostly a joke, like mixing oil and water. Should have used a smiley face. Do you have suggestion beyond don't use mssql because mssql is what my school uses Nothing wrong with MSSQL; it has its quirks, just like every other DB. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. LOL. I took it as that, but also thought there might be something to it, too. I swear the tutorials on JDBC settings for mssql are wrong. Anyhow, thanks for the help. -Thufir - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: manager 401 error fixed with restart
On Mon, 02 Mar 2009 08:11:18 +, Thufir wrote: On Mon, 02 Mar 2009 07:04:40 +, Thufir wrote: On Mon, 02 Mar 2009 05:49:53 +, Thufir wrote: I'm getting: HTTP Status 401 - type Status report message description This request requires HTTP authentication (). http://localhost:8080/manager/html on tomcat6 for ubuntu 8.10 with sun java. Neither restarting tomcat nor logging out gained access to the manager page, had to restart. Is there a less drastic step to take in that circumstance? Well, restarting apache2 seems to fix that problem. pain in the neck, though. LOL. it was just that it took time to do all that and futz around. I could've just twiddled my thumbs, same diff! I just wait for it to go from: thu...@arrakis:~$ thu...@arrakis:~$ netstat -tan | grep 127 tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:48816 127.0.0.1:8080 FIN_WAIT2 tcp6 0 0 127.0.0.1:8005 :::* LISTEN tcp6 527 0 127.0.0.1:8080 127.0.0.1:48816 CLOSE_WAIT tcp6 0 0 127.0.0.1:59454 127.0.0.1:8005 TIME_WAIT thu...@arrakis:~$ thu...@arrakis:~$ to: thu...@arrakis:~$ thu...@arrakis:~$ netstat -tan | grep 127 tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp6 0 0 127.0.0.1:8005 :::* LISTEN thu...@arrakis:~$ thu...@arrakis:~$ From what I understand there's no real solution, but it's quite annoying. Perhaps I'm doing something wrong? -Thufir - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteAddrValve and RemoteHostValve
Gregor Schneider wrote: you've been asking the valve-stuff because you want to limit the access to requests coming from localhost only? Yep! why then not make tomcat listen on localhost only? configuration for that's a walk in the park... My Tomcat is serving a number of webapps, I want to restrict access to one only (the others are proper end-user-dedicated applications). Furthermore, it's more modular if I can set up such restriction rules into the app's WAR, rather than at Tomcat configuration level. So, it should be as previously explained, or am I missing something? Cheer. M. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteAddrValve and RemoteHostValve
On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken zakmc...@yahoo.it wrote: Gregor Schneider wrote: you've been asking the valve-stuff because you want to limit the access to requests coming from localhost only? Yep! why then not make tomcat listen on localhost only? configuration for that's a walk in the park... My Tomcat is serving a number of webapps, I want to restrict access to one only (the others are proper end-user-dedicated applications). Furthermore, it's more modular if I can set up such restriction rules into the app's WAR, rather than at Tomcat configuration level. So, it should be as previously explained, or am I missing something? That wasn't clear to me. Have you ever thought about fronting Tomcat with Apache HTTPD, then connecting it via mod_jk? Thus, Tomcat would listen on localhost only, and Apache HTTPD takes care about forwarding appropriate requests to Tomcat on localhost. Besides, you could use Apache's mod_authz (http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html) to specify the authorized ips / hosts. Might be a little bit more work beforehand, but that would be my preferred solution. Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: friendly urls
* is mapped to the default servlet. And this is done system wide in conf/web.xml. You can turn that behavior off and require each webpp to map *. But then youi also need to make sure you have a way to serve static content like images. (Which is what the default servlet does) A better way is to use a Filter. The filter can look at the URL - determine if it is SEO friendly URL, and then perform a RequestDispatcher.forward() to the real servlet. -Tim Dan Vega wrote: Thanks for the help Chuck. I am actually running railo under tomcat fine right now and as you said its just a specific app thats not working because it uses a convention for urls. From what I understand Tomcat only allows one * per mapping and thats why these urls are not working and that resin allows for this. Is this not correct? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: friendly urls
In this regard, http://tuckey.org/urlrewrite/is a very useful tool. -Ken On Mar 2, 2009, at 6:55 AM, Tim Funk wrote: * is mapped to the default servlet. And this is done system wide in conf/web.xml. You can turn that behavior off and require each webpp to map *. But then youi also need to make sure you have a way to serve static content like images. (Which is what the default servlet does) A better way is to use a Filter. The filter can look at the URL - determine if it is SEO friendly URL, and then perform a RequestDispatcher.forward() to the real servlet. -Tim Dan Vega wrote: Thanks for the help Chuck. I am actually running railo under tomcat fine right now and as you said its just a specific app thats not working because it uses a convention for urls. From what I understand Tomcat only allows one * per mapping and thats why these urls are not working and that resin allows for this. Is this not correct? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: friendly urls
Thank you all for the help. I indeed found urlRewrite last night and it has turned out to be exactly what I was looking for. Thanks again for everything guys! Dan
Re: RemoteAddrValve and RemoteHostValve
Thanks Gregor, that's very interesting for production environments. I'll try it. Cheers. M. Gregor Schneider wrote: On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken zakmc...@yahoo.it wrote: Gregor Schneider wrote: you've been asking the valve-stuff because you want to limit the access to requests coming from localhost only? Yep! why then not make tomcat listen on localhost only? configuration for that's a walk in the park... My Tomcat is serving a number of webapps, I want to restrict access to one only (the others are proper end-user-dedicated applications). Furthermore, it's more modular if I can set up such restriction rules into the app's WAR, rather than at Tomcat configuration level. So, it should be as previously explained, or am I missing something? That wasn't clear to me. Have you ever thought about fronting Tomcat with Apache HTTPD, then connecting it via mod_jk? Thus, Tomcat would listen on localhost only, and Apache HTTPD takes care about forwarding appropriate requests to Tomcat on localhost. Besides, you could use Apache's mod_authz (http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html) to specify the authorized ips / hosts. Might be a little bit more work beforehand, but that would be my preferred solution. Rgds Gregor - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: RemoteAddrValve and RemoteHostValve
From: Gregor Schneider [mailto:rc4...@googlemail.com] Subject: Re: RemoteAddrValve and RemoteHostValve Have you ever thought about fronting Tomcat with Apache HTTPD, then connecting it via mod_jk? Are you serious? You want to add complexity and overhead just to control access to one webapp? Since a working Valve setup was already provided, why not just use that? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
What happened to the Tomact 6 Monitor?
All: I have a Vista machine stoked with maximum memory. The following has occurred each time I complete an install of Tomcat 6.0 followed by a reboot of my computer. I downloaded and successfully installed Tomcat6 setting the checkbox on the component page that generaates during install that sets Tomcat to start automatically with Windows . Each install resulted in a Tomcat icon placed in the system tray at the lower right in Windows, which allows me to stop and start Tomcat as needed. Now, I reboot my machine. When the machine gets to the Window desktop a red X dialog box displays stating Acess is denied. Unable to open the server 'Tomcat6'. I am repeating the message here letter for letter exactly as it is shown in the dialogue box that pops up. So I click OK Now at the Windows desktop, the Tomcat Monitor icon is not in the system tray. In order to start Tomcat I have to click on Start - All Progbrams - Apache Tomcat 6.0 - Tomcat Manager. This brings up the logon dialog and then I am in the Tomcat manager panel. However I cannot stop Tomcat since I cannot open the Monitor, since the icon that existed in the system tray after the install and before the reboot is not there anymore. I have had this same behavior several times. Can anybody tell me what I am missing? Do I need to set some property or setting someplace in order to get the Tomcat Monitor be on the system tray and available for my use at all times? Thanks to all for your assistance. gary
Re: What happened to the Tomact 6 Monitor?
Hi, Now, I reboot my machine. When the machine gets to the Window desktop a red X dialog box displays stating Acess is denied. Unable to open the server 'Tomcat6'. I am repeating the message here letter for letter exactly as it is shown in the dialogue box that pops up. So I click OK Since you get a security dialog, my first guess is you are not logged on as an administrator. is this correct? Also, is tomcat started? (check task manager and look in services.msc) What are the (applicable) permissions on the directory tomcat is installed? I have had this same behavior several times. So not every time then? All these times, was it on the same machine or different machines? Hope this helps. Regards, Serge Fonville On Mon, Mar 2, 2009 at 3:21 PM, Gary Marshall gwj...@gmail.com wrote: All: I have a Vista machine stoked with maximum memory. The following has occurred each time I complete an install of Tomcat 6.0 followed by a reboot of my computer. I downloaded and successfully installed Tomcat6 setting the checkbox on the component page that generaates during install that sets Tomcat to start automatically with Windows . Each install resulted in a Tomcat icon placed in the system tray at the lower right in Windows, which allows me to stop and start Tomcat as needed. Now, I reboot my machine. When the machine gets to the Window desktop a red X dialog box displays stating Acess is denied. Unable to open the server 'Tomcat6'. I am repeating the message here letter for letter exactly as it is shown in the dialogue box that pops up. So I click OK Now at the Windows desktop, the Tomcat Monitor icon is not in the system tray. In order to start Tomcat I have to click on Start - All Progbrams - Apache Tomcat 6.0 - Tomcat Manager. This brings up the logon dialog and then I am in the Tomcat manager panel. However I cannot stop Tomcat since I cannot open the Monitor, since the icon that existed in the system tray after the install and before the reboot is not there anymore. I have had this same behavior several times. Can anybody tell me what I am missing? Do I need to set some property or setting someplace in order to get the Tomcat Monitor be on the system tray and available for my use at all times? Thanks to all for your assistance. gary
Re: JkMount a different location
On 02.03.2009 03:21, Andres Riancho wrote: List, I've search the Tomcat FAQ, but I haven't been able to find any answers, so... here is my question... I have a JSP application deployed in Tomcat inside the /abc/ directory; and I want to be able to access it from *two different locations* from Apache, for example, when I access: http://apache/abc/; and http://apache/123/abc/;. The first JkMount is trivial: JkMount /abc ajp13_worker JkMount /abc/* ajp13_worker And is working as expected, but for the second... I don't have the slightest clue on how to do it... I tried mod_rewrite, but it seems that it isn't possible to combine JkMount's and URL rewrites in a successful way. Could anyone point me in the right direction? Thanks! I'm using Apache2, Tomcat6. I'll give an answer for Apache 2.2 and yes, this is missing in the documentation at the moment. For IIS there is a builtin rewrite feature in mod_jk, but not for httpd, because httpd can already do it on its own. Context rewriting for mod_jk and Apache httpd = Tested with httpd 2.2.11. You need to handle three things: 1) Rewrite the URL /xxx/something to /yyy/something before the request gets send to Tomcat 2) Change any redirects you get back from Tomcat, which point to locations /yyy/somethingelse, into location /xxx/somethingelse 3) Change pathes of cookies, which might get set by the application from /yyy to /xxx. The module mod_proxy allow sto do this via ProxyPass, ProxyPassReverse and ProxyPassReverseCookiePath directives. But you can't use mod_proxy and mod_jk for the same requests. The first directive can be replaced by some RewriteRule, the other two cases will be handled by dynamically changing response headers. So lets start with JkMount /yyy/* myworker and now: ad 1) RewriteRule ^/xxx/(.*)$ /yyy/$1 [PT] This will change any rquest /xxx/something into /yyy/something before passing it to mod_jk. ad 2) Header edit Location ^([^/]*//[^/]*)?/yyy/(.*)$ $1/xxx/$2 This changes Location headers, the headers used for signalling a redirect to the client. Any URL of the form protocol://server:port/yyy/something will be changed (yyy - xxx), as well as URLs of the form /yyy/something. Happy regular expression studying. ad 3) Header edit Set-Cookie ^(.*; Path=)/yyy([/;].*)?$ $1/xxx$2 This changes Set-Cookie headers, the headers used for setting a cookie. I hope you get the idea. In case your webapp puts self referential links into he response pages themselves, things get more complicated (or say: more expensive in terms of CPU cycles). Then you must parse the complete response pages to do search and replace. You can do that e.g. with mod_substitute or mod_sed or mod_proxy_html. It seems it would be nice, mod_jk had short hand notations for 1)-3). You can file an enhancement request in bugzilla for this, if you like. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What happened to the Tomact 6 Monitor?
Hello and thank you for your prompt response. I should have been more detailed in my explanation and environment. The scenario I define here happens EVERY TIME I install and then reboot my Vista machine, within which, I believe I have admin rights. This Vista machine is my own personal machine. Unfortunately as I write this, I am at the office, and not at home so I cannot check that Tomcat is in fact running when I see that security red X dialog box generate, and I am sure that the default permissions are set on the directory where Tomcat is installed. I am sure that Tomcat is not running when this dialog appears because, as I stated, I am allowed to start Tomcat by clicking on Start - All Programs - Apache Tomcat 6.0 - Tomcat Manager. Wouldn't Windows or Tomcat complain if I did this and it was already started? Another important point: At any time, when I click on click on Start - All Programs - Apache Tomcat 6.0 - Configure Tomcat I get the same Red X dialog box stating Access is denied. Unable to open the server 'Tomcat6'. Hmm... Are you thinking that possibly Vista is disallowing the Tomcat Monitor from running? Thanks again Gary FYI... I On Mon, Mar 2, 2009 at 9:27 AM, Serge Fonville serge.fonvi...@gmail.comwrote: Hi, Now, I reboot my machine. When the machine gets to the Window desktop a red X dialog box displays stating Acess is denied. Unable to open the server 'Tomcat6'. I am repeating the message here letter for letter exactly as it is shown in the dialogue box that pops up. So I click OK Since you get a security dialog, my first guess is you are not logged on as an administrator. is this correct? Also, is tomcat started? (check task manager and look in services.msc) What are the (applicable) permissions on the directory tomcat is installed? I have had this same behavior several times. So not every time then? All these times, was it on the same machine or different machines? Hope this helps. Regards, Serge Fonville On Mon, Mar 2, 2009 at 3:21 PM, Gary Marshall gwj...@gmail.com wrote: All: I have a Vista machine stoked with maximum memory. The following has occurred each time I complete an install of Tomcat 6.0 followed by a reboot of my computer. I downloaded and successfully installed Tomcat6 setting the checkbox on the component page that generaates during install that sets Tomcat to start automatically with Windows . Each install resulted in a Tomcat icon placed in the system tray at the lower right in Windows, which allows me to stop and start Tomcat as needed. Now, I reboot my machine. When the machine gets to the Window desktop a red X dialog box displays stating Acess is denied. Unable to open the server 'Tomcat6'. I am repeating the message here letter for letter exactly as it is shown in the dialogue box that pops up. So I click OK Now at the Windows desktop, the Tomcat Monitor icon is not in the system tray. In order to start Tomcat I have to click on Start - All Progbrams - Apache Tomcat 6.0 - Tomcat Manager. This brings up the logon dialog and then I am in the Tomcat manager panel. However I cannot stop Tomcat since I cannot open the Monitor, since the icon that existed in the system tray after the install and before the reboot is not there anymore. I have had this same behavior several times. Can anybody tell me what I am missing? Do I need to set some property or setting someplace in order to get the Tomcat Monitor be on the system tray and available for my use at all times? Thanks to all for your assistance. gary
Jk disable worker on status
I have a tomcat farm behind an apache httpd cluster, each apache http server have a jk connector connected to three tomcat. Each tomcat have a max active session limit (let's say 10). I configured a load balanced worker with three worker. I would like to disable the worker related to the tomcat server that reach the max active session limit. I see the fail_on_status directive in jk doc (http://tomcat.apache.org/connectors-doc/reference/workers.html). I can use it to deactivate (stop) the worker on a status code, but all the previous session on this tomcat will get an error and they will be redirected on another worker loosing session data (sticky session is required by application). There is no disable_on_status directive or something that exclude a worker only for request requiring new session? Thanks in advance. Matteo -- View this message in context: http://www.nabble.com/Jk-disable-worker-on-status-tp22289604p22289604.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteAddrValve and RemoteHostValve
Hi Chuck, On Mon, Mar 2, 2009 at 3:07 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: Since a working Valve setup was already provided, why not just use that? Ehem - was it? I understood that there was one open issue that Zac needed to combine a hostname and IP-adress - which was not possible since both RemoteAdressValve RemoteHostValve cannot be combined - something with IPs via DHCP - or did I get that wrong? Beside, setting up mod_jk is all that complicated - as long as you know your Apache. My prefered solution still would be AAA - however, according to the OP that was not an option due to his requirements. If the valve does everything the OP asked for - hey, go for it! Sorry if I confused anyone here - will stop just scanning the threads but read them properly - word of a boyscout! Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: RemoteAddrValve and RemoteHostValve
From: Gregor Schneider [mailto:rc4...@googlemail.com] Subject: Re: RemoteAddrValve and RemoteHostValve I understood that there was one open issue that Zac needed to combine a hostname and IP-adress Early in the thread, someone pointed out that there's never any need to specify a host name, and, in fact, doing so increases overhead considerably. All that's needed is the set of IP addresses that are allowed to run this webapp, and configure the Valve inside the Conext of interest. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Enabling Basic Authentication and SSL for the same WebApplication on Tomcat 6
Hi, I am new to web development. We have a servlet for which both Basic Authentication and SSL has to be enabled. We are using tomcat 6 to host our web application. I would like to know how do we configure the same application to enable both authentication. Say, if the users access the application from HTTP, it should request for username and password (Basic authentication) and if the users use https, it should authenticate using certificate. We are able to enable only one at a time, ie. either BASIC or SSL. How do we enable both for the same authentication? Thanks for your help in advance. Regards, Bharath
Mod_jk problem
I compile,mod_jk in my vps everything is fine, but when i am trying to add, following lines, restarting my apache its not starting anymore pls help LoadModule jk_module /etc/httpd/modules/mod_jk.so # Where to find workers.properties JkWorkersFile /etc/httpd/workers.properties # Where to put jk logsJkLogFile /var/log/httpd/mod_jk.log # Set the jk log level [debug/error/info]JkLogLevel info # Select the log format JkLogStampFormat [%a %b %d %H:%M:%S %Y] # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories # JkRequestLogFormat set the request format JkRequestLogFormat %w %V %T # Send servlet for context / jsp-examples to worker named worker1 JkMount /jsp-examples worker1 # Send JSPs for context /jsp-examples/* to worker named worker1 JkMount /jsp-examples/* worker1 thanks -- Regards Partha Goswami President Global Web IT Solution www.globalwebitsolution.com
Re: Mod_jk problem
Partha Goswami wrote: I compile,mod_jk in my vps everything is fine, but when i am trying to add, following lines, restarting my apache its not starting anymore pls help # Set the jk log level [debug/error/info]JkLogLevel info Is this a copy/paste issue or a real config line? Regards -- ^(TM) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mod_jk problem
Yes.. On Mon, Mar 2, 2009 at 9:24 PM, Mladen Turk mt...@apache.org wrote: Partha Goswami wrote: I compile,mod_jk in my vps everything is fine, but when i am trying to add, following lines, restarting my apache its not starting anymore pls help # Set the jk log level [debug/error/info]JkLogLevel info Is this a copy/paste issue or a real config line? Regards -- ^(TM) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Regards Partha Goswami President Global Web IT Solution www.globalwebitsolution.com
Re: Jk disable worker on status
On 02.03.2009 15:55, mturra wrote: I have a tomcat farm behind an apache httpd cluster, each apache http server have a jk connector connected to three tomcat. Each tomcat have a max active session limit (let's say 10). I configured a load balanced worker with three worker. I would like to disable the worker related to the tomcat server that reach the max active session limit. Altgough we try to distribute new sessions equally between nodes, we don't actually know how many sessions each node has. We simply count requests which do not carry any session information as new sessions, and we divide the new sessions counter of each node by 2 once a minute. We don't get any invalidation information from the backend, neither do we know, whether a request carrying a session id actually belongs to a valid session. So we do not have any immediate way of limiting by session count. I see the fail_on_status directive in jk doc (http://tomcat.apache.org/connectors-doc/reference/workers.html). I can use it to deactivate (stop) the worker on a status code, but all the previous session on this tomcat will get an error and they will be redirected on another worker loosing session data (sticky session is required by application). There is no disable_on_status directive or something that exclude a worker only for request requiring new session? No, there is not. We could provide one, but it would only make sense, if the webapp would provide us with a special indication, that the node should be disabled. So you would need a filter, that checks the number of sessions, and if it is over the limit, the filter would return the indication. But since we already send the request to the node, in some cases, like e.g. POST requests, we cannot make sure, that we can send the same request to some other node. Furthermore, disabled is a configuration state. You do not only want it to be set automatically, but you also need a way of revoking it later. I think a robust implemenation would be something like: - a new state for temporarily disabling a node, except for sticky requests - a configurable probe request, that the watchdog thread sends, and which is answered by the application, the answer containing the information whether the node should be temporarily disabled or not Beware, that the watchdog thread would only probe e.g. once a minute, so some requests might still be send to the backend, although the limit has been reached. I'm not sure, what the purpose of this is. Assume our session load balancing works, so that all three nodes have an equal number of sessions, you would soon end up having all your nodes temporarily disabled. No? Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JkMount a different location
Rainer, On Mon, Mar 2, 2009 at 12:29 PM, Rainer Jung rainer.j...@kippdata.de wrote: On 02.03.2009 03:21, Andres Riancho wrote: List, I've search the Tomcat FAQ, but I haven't been able to find any answers, so... here is my question... I have a JSP application deployed in Tomcat inside the /abc/ directory; and I want to be able to access it from *two different locations* from Apache, for example, when I access: http://apache/abc/; and http://apache/123/abc/;. The first JkMount is trivial: JkMount /abc ajp13_worker JkMount /abc/* ajp13_worker And is working as expected, but for the second... I don't have the slightest clue on how to do it... I tried mod_rewrite, but it seems that it isn't possible to combine JkMount's and URL rewrites in a successful way. Could anyone point me in the right direction? Thanks! I'm using Apache2, Tomcat6. I'll give an answer for Apache 2.2 and yes, this is missing in the documentation at the moment. For IIS there is a builtin rewrite feature in mod_jk, but not for httpd, because httpd can already do it on its own. Context rewriting for mod_jk and Apache httpd = Tested with httpd 2.2.11. You need to handle three things: 1) Rewrite the URL /xxx/something to /yyy/something before the request gets send to Tomcat 2) Change any redirects you get back from Tomcat, which point to locations /yyy/somethingelse, into location /xxx/somethingelse 3) Change pathes of cookies, which might get set by the application from /yyy to /xxx. The module mod_proxy allow sto do this via ProxyPass, ProxyPassReverse and ProxyPassReverseCookiePath directives. But you can't use mod_proxy and mod_jk for the same requests. The first directive can be replaced by some RewriteRule, the other two cases will be handled by dynamically changing response headers. So lets start with JkMount /yyy/* myworker and now: ad 1) RewriteRule ^/xxx/(.*)$ /yyy/$1 [PT] This will change any rquest /xxx/something into /yyy/something before passing it to mod_jk. ad 2) Header edit Location ^([^/]*//[^/]*)?/yyy/(.*)$ $1/xxx/$2 This changes Location headers, the headers used for signalling a redirect to the client. Any URL of the form protocol://server:port/yyy/something will be changed (yyy - xxx), as well as URLs of the form /yyy/something. Happy regular expression studying. ad 3) Header edit Set-Cookie ^(.*; Path=)/yyy([/;].*)?$ $1/xxx$2 This changes Set-Cookie headers, the headers used for setting a cookie. I hope you get the idea. I got the idea, and I was able to successfully implement it. I was going in the right direction with the RewriteRule stuff, I actually wrote something like: RewriteRule ^/xxx/(.*)$ /yyy/$1 Myself, but the *most important* thing, that allows you to rewrite and use mod_jk is the [PT] flags for the rule! RewriteRule ^/xxx/(.*)$ /yyy/$1 [PT] In case your webapp puts self referential links into he response pages themselves, things get more complicated (or say: more expensive in terms of CPU cycles). Then you must parse the complete response pages to do search and replace. You can do that e.g. with mod_substitute or mod_sed or mod_proxy_html. It seems it would be nice, mod_jk had short hand notations for 1)-3). You can file an enhancement request in bugzilla for this, if you like. Yes, I truly think that mod_jk needs to address this on its own. Thank you very much for your help, Cheers, Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mod_jk problem
On 02.03.2009 16:57, Partha Goswami wrote: Yes.. This is not an answer for an or question :( There is a second item, that seems to be broken: # Where to put jk logsJkLogFile /var/log/httpd/mod_jk.log In case Apache doesn't start with mod_jk, you should find an error either in your Apache httpd error log, or in your configured mod_jk log (JkLogFile, or if default in SERVERROOT/logs/mod_jk.log). Regards, Rainer On Mon, Mar 2, 2009 at 9:24 PM, Mladen Turkmt...@apache.org wrote: Partha Goswami wrote: I compile,mod_jk in my vps everything is fine, but when i am trying to add, following lines, restarting my apache its not starting anymore pls help # Set the jk log level [debug/error/info]JkLogLevel info Is this a copy/paste issue or a real config line? Regards -- ^(TM) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Servlet API loggin in tomcat 5.5 vs. tomcat 6
Anyone else having similar issues with logging? Guillaume Cauchon | DataDirect Technologies inc. -email:guillaume.cauc...@datadirect.com -mobile: 418.952-7357 -work: 418.649-1551 -Original Message- From: Guillaume Cauchon [mailto:guillaume.cauc...@datadirect.com] Sent: Friday, February 27, 2009 3:23 PM To: users@tomcat.apache.org Subject: Servlet API loggin in tomcat 5.5 vs. tomcat 6 I'm actually working on a distributed and one of the component is a webapp. The development for the webapp started on tomcat 5.5, but for technical reason we decided to upgrade to tomcat 6 recently... However we realized the logging configuration doesn't seams to be working the same way! The same webapp running on 5.5 and 6 doesn't produce the same amount of logging: everything that was produced by the JspServlet (Servlet API) is missing now; and I guess a lot more is also missing, but we didn't saw it yet... The logging is based on log4j, using a xml configuration file. We are using DOMConfigurator to intitialise and monitor the log4j configuration which can be modified at runtime. I know the Common Logging if the basis of the whole logging architecture in tomcat, is there something I need to know about the tomcat 6 release that might be related to this issue? Guillaume Cauchon | DataDirect Technologies inc. -email: guillaume.cauc...@datadirect.com mailto:guillaume.cauc...@datadirect.com -mobile: 418.952-7357 -work: 418.649-1551 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request not forwarded to login page with security-constraint after session time-out
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcel, On 2/27/2009 5:17 PM, Marcel Stör wrote: On 27.02.2009, at 17:38, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 2/26/2009 5:39 PM, Caldarale, Charles R wrote: From: Mark Thomas [mailto:ma...@apache.org] Subject: Re: Request not forwarded to login page with security-constraint after session time-out The spec is clearer than that. The * role == all roles defined in web.xml. Yes, but what it's not clear about is what happens when there are *no* roles defined in web.xml, which is the situation the OP has. It's worse than that: he has no roles table defined, so he gets SQLExceptions during authorization. [OT] Yes, indeed. I had expected that Tomcat would handle this more gracefully. I find it odd that JDBCRealm does try to run a query against the role table without checking first if one has even been defined. This is particularly annoying because the Realm tag in context.xml cannot be validated against a DTD or schema - from a configuration point of view I'm not required to define it. Patches are always welcome :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmsDgYACgkQ9CaO5/Lv0PDrGwCgvcKAeb9tIPqIRGmAgw2ClvTl 0qAAoMQhP6hh/VorqRKMyy4gR62pVbMw =BSPA -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Servlet API loggin in tomcat 5.5 vs. tomcat 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Guillaume, On 2/27/2009 3:23 PM, Guillaume Cauchon wrote: However we realized the logging configuration doesn't seams to be working the same way! The same webapp running on 5.5 and 6 doesn't produce the same amount of logging: everything that was produced by the JspServlet (Servlet API) is missing now; and I guess a lot more is also missing, but we didn't saw it yet... The logging is based on log4j, using a xml configuration file. We are using DOMConfigurator to intitialise and monitor the log4j configuration which can be modified at runtime. So, are you talking about application logging or Tomcat internal logging? You mentioned the JspServlet, but any logging performed by that servlet (that is, the actual log messages) is not part of the servlet API. If you use ServletContext.log(...) you aren't guaranteed (in fact, you are very unlikely) to use your application's logging mechanism. I know the Common Logging if the basis of the whole logging architecture in tomcat, is there something I need to know about the tomcat 6 release that might be related to this issue? I'm not sure if there is an appreciable difference between logging configuration in Tomcat 5.5 and 6.0. Can you tell us what you expected and what actually happens? No log files created? No log messages generated? Log level is different than expected? You didn't give any real details except for we upgraded and now it doesn't work. :( - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmsEdoACgkQ9CaO5/Lv0PCenACfdCDcRqYAjyriSFLCNYDA0gIG tawAn1JeKcALyKvKBHZg7D++m4kofbvi =WSiR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mod_jk problem
can not found anythig in logs. On Mon, Mar 2, 2009 at 9:41 PM, Rainer Jung rainer.j...@kippdata.de wrote: On 02.03.2009 16:57, Partha Goswami wrote: Yes.. This is not an answer for an or question :( There is a second item, that seems to be broken: # Where to put jk logsJkLogFile /var/log/httpd/mod_jk.log In case Apache doesn't start with mod_jk, you should find an error either in your Apache httpd error log, or in your configured mod_jk log (JkLogFile, or if default in SERVERROOT/logs/mod_jk.log). Regards, Rainer On Mon, Mar 2, 2009 at 9:24 PM, Mladen Turkmt...@apache.org wrote: Partha Goswami wrote: I compile,mod_jk in my vps everything is fine, but when i am trying to add, following lines, restarting my apache its not starting anymore pls help # Set the jk log level [debug/error/info]JkLogLevel info Is this a copy/paste issue or a real config line? Regards -- ^(TM) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Regards Partha Goswami President Global Web IT Solution www.globalwebitsolution.com
Re: Tomcat 6 catalina.sh does not remove tomcat.pid
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marilyn, On 2/27/2009 4:58 PM, Marilyn Daum wrote: We just upgraded from Tomcat 5.5.23 to Tomcat 6.0.18. After the upgrade, our shutdown script hangs, waiting for removal of the pid file. I compared the catalina.sh scripts, and noticed that the Tomcat 6 version does contain the rm -f $CATALINA_BASE/tomcat.pid command. A quick search of the release notes turned up nothing on pid changes. Any comments on why this was removed? For the time being, I'll explicitly add this rm command to our catalina.sh script. Other suggestions are welcom. It's good that catalina.sh does not remove tomcat.pid, since it never creates it in the first place. As Chuck points out, you are probably running a Tomcat packaged by a 3rd-party (like Debian, RedHat, etc.). If that's the case, you need to consult their documentation and/or mailing lists. This list, in general, supports only the standard Tomcat distribution. If you've modified your own catalina.sh, then you can probably figure out how to add rm tomcat.pid to your own script. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmsE3kACgkQ9CaO5/Lv0PAS8wCghOdJrw6NyqX35t8xJBuBvsHQ QXMAn1ij2PbzXSuU25VWR6/0k2OAdZaj =w15+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Slightly OT: ApacheCon - Mark Thomas
Hi Mark, Thanks for your reply. It's not 100% sure yet, but it seems my company is willing to pay to attend your training. I'm crossing my fingers! :-) Just one last question. The Tomcat pre-conference training, is it spread over 2 days, or are the 2 sessions identical? Thanks On Fri, 2009-02-27 at 20:12 +, Mark Thomas wrote: Pieter Temmerman wrote: Hi list, Actually this question is more a question for Mark Thomas than for the list, but please feel free to respond with your input. I'm trying to convince my bosses to let me attend to the upcoming ApacheCon. I'm mainly interested in the Tomcat topics as this is what I touch regularly in my work environment. All topics, beginning the pre-conference training courses till Fridays Becoming a Tomcat super user seem very interesting. The only problem is that I will have to pick, since I'm quite sure my bosses won't like to pay 2000+ euros and me being a week out. So I was wondering, does the pre-conference topic Everything Tomcat - Administering, Tuning, Troubleshooting Developing cover more or less the different Tomcat topics handled during the actual conference? There is quite a lot of overlap but some topics will be covered in more detail in the conference (Filip and Servlet 3.0 for example) In terms of maximum content for minimum time the 2 day tutorial is probably best. If at all possible I would try and attend at least some of the conference as well. It isn't just the other presentations but the opportunity to talk to the presenters and other attendees. HTH, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Pieter Temmerman email: ptemmerman@sadiel.es skype: ptemmerman.sadiel SADIEL TECNOLOGÍAS DE LA INFORMACIÓN, S.A. http://www.sadiel.es. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Jk disable worker on status
Rainer Jung-3 wrote: We don't get any invalidation information from the backend, neither do we know, whether a request carrying a session id actually belongs to a valid session. So we do not have any immediate way of limiting by session count. There is no disable_on_status directive or something that exclude a worker only for request requiring new session? No, there is not. We could provide one, but it would only make sense, if the webapp would provide us with a special indication, that the node should be disabled. Furthermore, disabled is a configuration state. You do not only want it to be set automatically, but you also need a way of revoking it later. I mean the web application use a Standard Session Manager property (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/session/StandardManager.html#maxActiveSessions) to limit the session number. When the limit is reached I catch the exception and return a http status code 503 (Service Unavailable). Like the fail_on_status the connector could try after the recovery period to pass a new session request (without session information in the request) to the disabled worker and test the status code returned. If the status is not like previous the worker can pass to active state, otherwise the worker remain disabled. Matteo -- View this message in context: http://www.nabble.com/Jk-disable-worker-on-status-tp22289604p22292327.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteAddrValve and RemoteHostValve
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Zak, On 2/27/2009 9:28 PM, Zak Mc Kracken wrote: I'd like to filter incoming requests with this criterion: if it's www.somewhere.com - OK else if it's 1.2.3.4 - OK else - KO You could always use our favorite urlrewrite tool: http://tuckey.org/urlrewrite/ This can manage many criteria, chained or not. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmsFQIACgkQ9CaO5/Lv0PC2mACdEmW+hq/u2W+jY7kgr9Md4Qhm dBQAnRxW3YE+wsbX3Nabkauk513AtYpc =DXBg -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: serializing session in DB
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Amit, On 2/28/2009 9:02 PM, Amit Chandel wrote: I am trying to deploy a tomcat cluster. I was able to set up a test tomcat cluster using in-memory replication with version 6.0.10, but my session data is too much (almost 5 GB per tomcat instance, and using 2 nodes in cluster both instances will require 10GB of RAM to hold session data). Wow, does this thing scale? 5 GB of session data is a /lot/. Have you considered using either db-backed sessions (that is, writing everything to the database instead of keeping it in memory) or having your application itself store things in the db instead of the session? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmsFhYACgkQ9CaO5/Lv0PCK3wCdFKK3UW36VBjJuO/TgjmIQWoT YusAoJ1WNgnn7nnAul84qJ8E7MHHPlJB =G8Kk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Jk disable worker on status
Rainer Jung-3 wrote: Furthermore, disabled is a configuration state. You do not only want it to be set automatically, but you also need a way of revoking it later. I think a robust implemenation would be something like: - a new state for temporarily disabling a node, except for sticky requests - a configurable probe request, that the watchdog thread sends, and which is answered by the application, the answer containing the information whether the node should be temporarily disabled or not I agree a new state could be better. I used disabled because of its behavior: let the previous run and block the new coming. The probe is done retrying after a quiet period. Thanks, Matteo. -- View this message in context: http://www.nabble.com/Jk-disable-worker-on-status-tp22289604p22292526.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Slightly OT: ApacheCon - Mark Thomas
Pieter Temmerman wrote: Hi Mark, Thanks for your reply. It's not 100% sure yet, but it seems my company is willing to pay to attend your training. I'm crossing my fingers! :-) Just one last question. The Tomcat pre-conference training, is it spread over 2 days, or are the 2 sessions identical? It is two days. The sessions are not identical. Hope to see you there. Mark Thanks On Fri, 2009-02-27 at 20:12 +, Mark Thomas wrote: Pieter Temmerman wrote: Hi list, Actually this question is more a question for Mark Thomas than for the list, but please feel free to respond with your input. I'm trying to convince my bosses to let me attend to the upcoming ApacheCon. I'm mainly interested in the Tomcat topics as this is what I touch regularly in my work environment. All topics, beginning the pre-conference training courses till Fridays Becoming a Tomcat super user seem very interesting. The only problem is that I will have to pick, since I'm quite sure my bosses won't like to pay 2000+ euros and me being a week out. So I was wondering, does the pre-conference topic Everything Tomcat - Administering, Tuning, Troubleshooting Developing cover more or less the different Tomcat topics handled during the actual conference? There is quite a lot of overlap but some topics will be covered in more detail in the conference (Filip and Servlet 3.0 for example) In terms of maximum content for minimum time the 2 day tutorial is probably best. If at all possible I would try and attend at least some of the conference as well. It isn't just the other presentations but the opportunity to talk to the presenters and other attendees. HTH, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: What happened to the Tomact 6 Monitor?
From: Gary Marshall [mailto:gwj...@gmail.com] Subject: Re: What happened to the Tomact 6 Monitor? The scenario I define here happens EVERY TIME I install and then reboot my Vista machine, within which, I believe I have admin rights. You probably don't. Unlike previous versions of Windows, Vista does not grant administrative privileges to an account just because it's a member of the Administrators group. Whatever program you want to execute as an administrator has to be started with the Run as Administrator option. To enable the Tomcat monitor, find the tomcat6w.exe program (not tomcat6.exe) in Tomcat's bin directory with Explorer, right-click on the program entry, select the Compatibility tab, and then check the Run this program as an administrator box. This will allow the Tomcat monitor icon to be placed in the system tray and start the service. However, you will still get an annoying UAC dialog box at boot time asking you to ok what you did; I don't know how to get rid of that without turning off UAC completely. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Re: session.isNew() not thread safe?
Hi Jakob, Session object is not thread-safe. It's better put the session object in a synchronized block. Regards, Karl San Gabriel Tim Funk wrote: div class=moz-text-flowed style=font-family: -moz-fixedSort of (if I read the code correctly) isNew is set to false after the response is finished. So if you have 2 concurrent requests running, isNew is true until the first request finishes sending its response back to the client. Of course isNew could be set to false if the second request finishes its response faster than the first request. In which case, the first request could have isNew set=true only later have it be set to be false. -Tim Jakob Ericsson wrote: Our feeling is that this is a race condition between threads before tomcat set isNew to false. A quick workaround is to use request.getSession(false) and null checks. This seems to get us around our specific application problem. Could this be a problem in Tomcat? /div - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Re: session.isNew() not thread safe?
From: Karl San Gabriel [mailto:karl.sangabr...@gmail.com] Subject: Re: Re: session.isNew() not thread safe? Session object is not thread-safe. Please don't post false information - do your homework. To quote from 7.7.1 of the servlet spec: Multiple servlets executing request threads may have active access to the same session object at the same time. The container must ensure that manipulation of internal data structures representing the session attributes is performed in a thread safe manner. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6 catalina.sh does not remove tomcat.pid
Thanks for the replies. Someone here apparently modified the catalina.sh script. Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's good that catalina.sh does not remove tomcat.pid, since it never creates it in the first place. As Chuck points out, you are probably running a Tomcat packaged by a 3rd-party (like Debian, RedHat, etc.). If that's the case, you need to consult their documentation and/or mailing lists. This list, in general, supports only the standard Tomcat distribution. If you've modified your own catalina.sh, then you can probably figure out how to add rm tomcat.pid to your own script. -- View this message in context: http://www.nabble.com/Tomcat-6-catalina.sh-does-not-remove-tomcat.pid-tp22255263p22294706.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk not working as expected - is there a bug??
I will change the JkLogLevel and post the results. I have a question though: Does prepost_timeout also detect if it received http code such as 503 from app server. On Wed, Feb 25, 2009 at 9:05 AM, Rainer Jung rainer.j...@kippdata.de wrote: On 25.02.2009 17:10, Mohit Anchlia wrote: you are right there is a mod-jk.conf. So given my workers.properties file what should I change so that mod_jk detects that app server is down before attempting to send the request. Shouldn't retries in workers.properties try to connect to some other app server instead. Just a wild guess: your prepost timeout of 5 milliseconds produces the error messages you cited. First correct this timeout, then do another clean test on your test system. You can even increase JkLogLevel to trace (not in production) so we can see exactly what is going on. Do not send many requests with JkLogLevel trace, just do a minimal test that shows the problem. The early detection of a broken instance should be possible with your configuration. Here is mod-jk.conf # Where to find workers.properties JkWorkersFile conf/workers.properties # Where to put jk logs JkLogFile /var/log/apache2/mod_jk.log # Set the jk log level [debug/error/info] JkLogLevel error # Allow mod_jk worker status reports, with the URL of http://servername/JkStatus ## This is very helpful for monitoring purposes, but should be ## allowed from the local machine. Location /JkStatus Order deny,allow Deny from all Allow from localhost /Location #JkMount /JkStatus status # Below line forward all requests to application server #JkMount /* local On Wed, Feb 25, 2009 at 2:55 AM, Rainer Jungrainer.j...@kippdata.de wrote: On 25.02.2009 02:47, Mohit Anchlia wrote: In httpd conf I just see JkMount and no other directive. I searched for Jk. There should be others as well, for instance JkWorkersFile to point to your workers.properties. The names of the directives are case insensitive, they can also be in files included to your main httpd configuration file via include directives. Here is workers.properties file: ... # appfe1 ... worker.appfe1.socket_timeout=5 I generally don't like socket_timeout. Others do :) worker.appfe1.prepost_timeout=5 5 milliseconds prepost timeout? You're kidding. I assume it should have been 5000. worker.appfe1.recycle_timeout=900 This is deprecated. Use connection_pool_timeout instead. The value is OK, you should set connectionTimeout on the Tomcat AJP connector to 90 then. Since you are using prefork MPM, you might want to set connection_pool_minsize to 0 if you want to keep the number of established connections low. And the same for the other members of the load balancer. On Tue, Feb 24, 2009 at 4:50 PM, Rainer Jungrainer.j...@kippdata.de wrote: On 25.02.2009 00:00, Mohit Anchlia wrote: Reposting: Apache Server - 2.2 Tomcat server 6 Jboss - 4.2 We have Web Servers talking to Jboss App Servers over mod_jk. When we do our patch or upgrade of software we do it in rolling fashion so that there is 0 customer impact. But it looks like mod_jk load balancer on Web server doesn't detect it as soon as Jboss App Server goes down. Our goal is to have 0 customer impact. So my question is what can we do to overcome this problem. Web Server sees Http Error Code 503. Information from log file: [Mon Feb 23 13:39:42.146 2009] [31682:4143745888] [error] ajp_connection_tcp_get_message::jk_ajp_common.c (966): (appfe4) can't receive the response message from tomcat, network problems or tomcat (10.10.81.89:8009) is down (errno=104) [Mon Feb 23 13:39:42.147 2009] [31682:4143745888] [error] ajp_service::jk_ajp_common.c (2097): (appfe4) Connecting to tomcat failed. Tomcat is probably not started or is listening on the wrong port This means that mod_jk detected that your backend is down and thus puts it into an error state. All following requests will no longer be sent to this backend. Once a minute it will send a request there and try, but as long as it is down this test will not succeed and thus all requests will be sent to other nodes. The first request that gets sent to the backend you stopped might get an error back. If you want to prevent that from happening, use Cping/Cpong: http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html so we will detect the broken node before actually sending a request there. More details are not possible to give without your JK configuration (Jk directive sin httpd configuration files, workers.properties and if used uriworkermap.properties). The line number of the above message tells me you are using mod_jk 1.2.25. Although there's nothing wrong in principal with 1.2.25, we always try to improve and you might consider switching to 1.2.27. You should also increase your JkLogLevel to info. As long as only occasional info messages are in your log file everything is fine, but once error
[OT] Using jsp/serlvets to track clicking
[Sorry for this non-Tomcat specific question, but Sun Forums didn't help me much with this one] I would like to know how to imitate the click of link in JSP or serlvet, in order to track clicks. I have pages with links containing tel protocol URIs like this: Click a href=tel:55here/a to listen! I want to replace the above with something like this: Click a href=call_tracking.jsp?pn=55here/a to listen! And have call_tracking.jsp do its tracking stuff and then spawn a phone call, just like the first example does. I do not want to bother the user with another page, hence the need to accomplish the click action programmatically. I presume this feat is achievable via Response header magic, I just don't know the right incantation ;-) I should add that this is not necessarily a TEL-specific question, I am looking for a generic, protocol-independent mechanism for mimicking a click. Thanks
Re: [OT] Using jsp/serlvets to track clicking
Well, a very generic way of getting a hold of a click in the kind of setting you're describing would be to an an onclick to the link, invoking some Javascript doing whatever you want. Maybe something like a href=tel:55 onclick=myCalltrackingCode();here/a to listen! Almost all html entities support onclick. --Ken On Mar 2, 2009, at 3:22 PM, Jonathan Mast wrote: [Sorry for this non-Tomcat specific question, but Sun Forums didn't help me much with this one] I would like to know how to imitate the click of link in JSP or serlvet, in order to track clicks. I have pages with links containing tel protocol URIs like this: Click a href=tel:55here/a to listen! I want to replace the above with something like this: Click a href=call_tracking.jsp?pn=55here/a to listen! And have call_tracking.jsp do its tracking stuff and then spawn a phone call, just like the first example does. I do not want to bother the user with another page, hence the need to accomplish the click action programmatically. I presume this feat is achievable via Response header magic, I just don't know the right incantation ;-) I should add that this is not necessarily a TEL-specific question, I am looking for a generic, protocol-independent mechanism for mimicking a click. Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: serializing session in DB
Hi Chris, Thanks for bringing up these concerns. I did a more detailed analysis of our application. Though it keeps 5GB of session data in RAM which are actually disk backed, the active session data will only account for a maximum of 200MB per second. So I am only required to persist this much data in DB every second. Going with the in-memory session replication will require 10GB of RAM on both the tomcat instances. When the session data gets replicated to another node, it gets written on disk of the other node too. Its a Wicket application, and I can't just get away with replicating the disk based session data :-( If I go with persisting sessions in DB, my RAM requirement drops to only 5GB on the cost of more network traffic and 200MB of DB writes per second. We plan to use an NDB cluster for that. But only issue is that Tomcat doesn't persist sessions to DB synchronously as is the case with in-memory replication where session data is first replicated and then the request gets served. So if master fails, and the session data has not been persisted, subsequent requests going to the other tomcat node will see old session data from DB, and might frustrate the *user*. I would like to know how synchronous persistance of session data with Tomcat is done in practice. Thanks, Amit On Mon, Mar 2, 2009 at 12:23 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Amit, On 2/28/2009 9:02 PM, Amit Chandel wrote: I am trying to deploy a tomcat cluster. I was able to set up a test tomcat cluster using in-memory replication with version 6.0.10, but my session data is too much (almost 5 GB per tomcat instance, and using 2 nodes in cluster both instances will require 10GB of RAM to hold session data). Wow, does this thing scale? 5 GB of session data is a /lot/. Have you considered using either db-backed sessions (that is, writing everything to the database instead of keeping it in memory) or having your application itself store things in the db instead of the session? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmsFhYACgkQ9CaO5/Lv0PCK3wCdFKK3UW36VBjJuO/TgjmIQWoT YusAoJ1WNgnn7nnAul84qJ8E7MHHPlJB =G8Kk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk not working as expected - is there a bug??
On 02.03.2009 20:28, Mohit Anchlia wrote: I will change the JkLogLevel and post the results. I have a question though: Does prepost_timeout also detect if it received http code such as 503 from app server. prepost_timeout activates Cping/Cpong before each request. mod_jk will send a tiny test packet to the ap server before each request, and the AJP protocol stack of the app server will immediately respond with a tiny reply packet, indicating that it is still alive and able to parse AJP messages. The web application itself is not involved in this part of the processing, neither is any http request or response (or their AJP equivalent). So prepose_timeout will detect, if it receives some garbage (anything different from a Cpong packet), but http responses with http status codes are only generated much later and will thus not influence the prepose Cping/Cpong result. See also: http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html Regards, Rainer On Wed, Feb 25, 2009 at 9:05 AM, Rainer Jungrainer.j...@kippdata.de wrote: On 25.02.2009 17:10, Mohit Anchlia wrote: you are right there is a mod-jk.conf. So given my workers.properties file what should I change so that mod_jk detects that app server is down before attempting to send the request. Shouldn't retries in workers.properties try to connect to some other app server instead. Just a wild guess: your prepost timeout of 5 milliseconds produces the error messages you cited. First correct this timeout, then do another clean test on your test system. You can even increase JkLogLevel to trace (not in production) so we can see exactly what is going on. Do not send many requests with JkLogLevel trace, just do a minimal test that shows the problem. The early detection of a broken instance should be possible with your configuration. Here is mod-jk.conf # Where to find workers.properties JkWorkersFile conf/workers.properties # Where to put jk logs JkLogFile /var/log/apache2/mod_jk.log # Set the jk log level [debug/error/info] JkLogLevel error # Allow mod_jk worker status reports, with the URL of http://servername/JkStatus ## This is very helpful for monitoring purposes, but should be ## allowed from the local machine. Location /JkStatus Order deny,allow Deny from all Allow from localhost /Location #JkMount /JkStatus status # Below line forward all requests to application server #JkMount /* local On Wed, Feb 25, 2009 at 2:55 AM, Rainer Jungrainer.j...@kippdata.de wrote: On 25.02.2009 02:47, Mohit Anchlia wrote: In httpd conf I just see JkMount and no other directive. I searched for Jk. There should be others as well, for instance JkWorkersFile to point to your workers.properties. The names of the directives are case insensitive, they can also be in files included to your main httpd configuration file via include directives. Here is workers.properties file: ... # appfe1 ... worker.appfe1.socket_timeout=5 I generally don't like socket_timeout. Others do :) worker.appfe1.prepost_timeout=5 5 milliseconds prepost timeout? You're kidding. I assume it should have been 5000. worker.appfe1.recycle_timeout=900 This is deprecated. Use connection_pool_timeout instead. The value is OK, you should set connectionTimeout on the Tomcat AJP connector to 90 then. Since you are using prefork MPM, you might want to set connection_pool_minsize to 0 if you want to keep the number of established connections low. And the same for the other members of the load balancer. On Tue, Feb 24, 2009 at 4:50 PM, Rainer Jungrainer.j...@kippdata.de wrote: On 25.02.2009 00:00, Mohit Anchlia wrote: Reposting: Apache Server - 2.2 Tomcat server 6 Jboss - 4.2 We have Web Servers talking to Jboss App Servers over mod_jk. When we do our patch or upgrade of software we do it in rolling fashion so that there is 0 customer impact. But it looks like mod_jk load balancer on Web server doesn't detect it as soon as Jboss App Server goes down. Our goal is to have 0 customer impact. So my question is what can we do to overcome this problem. Web Server sees Http Error Code 503. Information from log file: [Mon Feb 23 13:39:42.146 2009] [31682:4143745888] [error] ajp_connection_tcp_get_message::jk_ajp_common.c (966): (appfe4) can't receive the response message from tomcat, network problems or tomcat (10.10.81.89:8009) is down (errno=104) [Mon Feb 23 13:39:42.147 2009] [31682:4143745888] [error] ajp_service::jk_ajp_common.c (2097): (appfe4) Connecting to tomcat failed. Tomcat is probably not started or is listening on the wrong port This means that mod_jk detected that your backend is down and thus puts it into an error state. All following requests will no longer be sent to this backend. Once a minute it will send a request there and try, but as long as it is down this test will not succeed and thus all requests will be sent to other nodes. The first request that gets sent to the backend you stopped might get an error back. If
Re: session.isNew() not thread safe?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 3/2/2009 1:54 PM, Caldarale, Charles R wrote: From: Karl San Gabriel [mailto:karl.sangabr...@gmail.com] Subject: Re: Re: session.isNew() not thread safe? Session object is not thread-safe. Please don't post false information - do your homework. To quote from 7.7.1 of the servlet spec: Multiple servlets executing request threads may have active access to the same session object at the same time. The container must ensure that manipulation of internal data structures representing the session attributes is performed in a thread safe manner. Interestingly enough, the specification doesn't say that the session object itself is threadsafe. It just says that the internal structure of the object has to remain sane under threaded conditions. That sounds like a stupid distinction, but consider this: 1. setAttribute and getAttribute must certainly be threadsafe (that is, multiple threads doing get/sets on the attribute hash won't corrupt each other). Otherwise, webapps would fail all the time. 2. The object returned by Tomcat for a call to HttpServletRequest.getSession() is a org.apache.catalina.session.StandardSessionFacade. 3. StandardSession.getSession() is unsynchronized and creates instances of StandardSessionFascade wrapping 'this' and stores them in a member. Thus, you cannot guarantee that using the session object itself for synchronization (like doing synchronized(session) { ... } in your code will give you exclusive access to your session object. I'm not entirely convinced this exclusive access is necessary, since mostly people are doing set/get attribute calls and those will be fine. But, if you wanted exclusive access to the session (say, to increment the number of requests handled by the session and store that variable in the session), I don't believe there is a way to ensure that the count is correct. There is always a race condition because the session itself cannot be used as a monitor. You can't even throw an object into the session to be used as a monitor because you'll have to check to make sure the monitor object is null, then shove one into the session, and you can't guarantee that all threads will see the null and then use the new object in the session attributes. Of course, all this is pretty much academic, since once the StandardSessionFacade object has been created (or you stick a monitor object in the session attributes), everything is fine after that. But the point is that you can't just say synchronized(mySession) { ... } and expect no surprises at all. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmsVY8ACgkQ9CaO5/Lv0PCy0QCglTwRqoLZASK51zDLJ49iBcWN hTEAoLB5TfQcqX5/sBSS9duKQ+ipe6yJ =zJiq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org