Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed

[Dmitry Batiyevskiy]

We are ok with tomcat 7.0.42 and old tcnative now, and may be next tcnative
update will work appropriately
We will try updating atmosphere before trying NIO anyway

Regards,

Dmitry Batiyevskiy

Ardas Group Inc.

www.ardas.dp.ua


2014-03-04 23:18 GMT+02:00 Christopher Schultz :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Dmitry,
>
> On 3/4/14, 2:48 AM, Dmitry Batiyevskiy wrote:
> > Howard, My connector config is the following (i've already posted
> > that):
> >
> >  > enableLookups="false" disableUploadTimeout="true" acceptCount="100"
> > scheme="https" secure="true" SSLEnabled="true" compression="off"
> > SSLCertificateFile="/opt/tomcat/mycompany.com.crt"
> > SSLCertificateKeyFile="/opt/tomcat/mycompany.com.key" />
> >
> > Also -Dhttps.protocols=TLSv1 option is passed to java machine
> >
> > The reason for me to use apr connector is https performance, isn't
> > NIO much slower in that?
>
> I don't have any recent performance data, but using OpenSSL is
> apparently measurably faster than using JSSE.
>
> On the other hand, is the NIO connector does not crash, isn't that a
> point in its favor?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTFkMeAAoJEBzwKT+lPKRYA+0P+wXFWLQnxRqzxwLtXMMK19jP
> FPsqAXQTLRvSM/FsaGONS3VuIeKciVsyPfEIE8V7GOihEyQfNGYQr4caY7oZD1W8
> clJXWsc26Ez+eSYp8AHP0FORvu9hHXKWmf68ooBXwkC01v8iJD5XfpXZvev0VKWb
> HQQ/d/gP4f3wFSoQY2MYH+gsu6iayhueomHf/t2pckodztcVnmx61v3DjXjtgz3J
> HFsFay8tDTC5o/+OmU8PSzAZ2tRy8Ytd43dLNKq0YimR4Nb1LYE2MSjDoi49BvSX
> +Z9YYXIMWCPUST0GjrjhPGJ2/EKVt12zS8UJdfPvcSPyky/y2zJkwksJIB6gO8+2
> Ps8IzGEXC0lM0yBaj2h4M28rVqA84k/oV0vBSbgvRnJYduFmM4qQzWEFStmMZxlN
> D0E5QVZyBM6ZQjXYN/PJU3u9l8RP8AJY5dwcOiCm3FBZcd0gmC0JbO8y4bXFB208
> +zF63dGXqRVvLlSCmh9iqVqoqwgWGOJriKXZgqRmwtC1ovgkcfS16nxtGygh5mTG
> 4ark2XbFQUQeu5RhcrlYmb8yKRIVcbByrEAbh1vfvYfE+i01DO6StElmOnm3cJ9L
> K/ExFsOmpIyA4Z6A8Eyuq1t9TudZhhonT+6o7Or0Ve3PP8qh84HJuE7GFcT0gNAC
> z7iVVXDnPqrPjkYxEZe/
> =tY82
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet

[Utkarsh Dave]

Did you try generating / regenerating your certificated.
Once done put it under your security directory within your jdk home



On Tue, Mar 4, 2014 at 11:10 PM, Bill Davidson  wrote:

> We tried to upgrade a production server to Tomcat 7 yesterday and it
> broke our printing applet that we use to control a printer in its native
> printer language.
>
> This seemed odd to us because it worked perfectly in testing.  When we
> go direct to our production servers (bypassing the Cisco load balancer
> which is doing SSL for us), it also works fine in production.
>
> The only thing that's changed is using Tomcat 7.
>
> We only have one connector in server.xml
>
>  protocol="AJP/1.3"
> address="127.0.0.1"
> redirectPort="443"
> connectionTimeout="60"
> maxThreads="1000"
> maxPostSize="5242880"
> maxParameterCount="66000" />
>
> The Java console is giving an SSLHandshakeException
>
> v:   dump thread stack
> x:   clear classloader cache
> 0-5: set trace level to 
> 
> cache: Initialize resource manager: com.sun.deploy.cache.
> ResourceProviderImpl@c77c8
> basic: Added progress listener: sun.plugin.util.
> ProgressMonitorAdapter@a2bfd5
> basic: Plugin2ClassLoader.addURL parent called for
> https://myhost.mydomain/myapp/applets/print.jar
> security: Accessing keys and certificate in Mozilla user profile: null
> security: JSS is not configured
> network: Cache entry not found [url: https://myhost.mydomain/myapp/
> applets/print.jar, version: null]
> network: Connecting https://myhost.mydomain/myapp/applets/print.jar with
> proxy=DIRECT
> network: Cache entry not found [url: file:/C:/Program%20Files%20(
> x86)/Java/jre7/lib/ext/sunec.jar, version: null]
> network: Cache entry not found [url: file:/C:/Program%20Files%20(
> x86)/Java/jre7/lib/ext/sunjce_provider.jar, version: null]
> network: Connecting http://myhost.mydomain:443/ with proxy=DIRECT
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source)
> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
> at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> Source)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown
> Source)
> at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
> at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
> at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
> at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
> at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
> at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
> at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown
> Source)
> at 
> sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown
> Source)
> at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown
> Source)
> at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown
> Source)
> at 
> com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown
> Source)
> at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown
> Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown
> Source)
> at com.sun.deploy.security.DeployURLClassPath$JarLoader.(Unknown
> Source)
> at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown
> Source)
> at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown
> Source)
> at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown
> Source)
> at sun.plugin2.applet.Plugin2ClassLoader$1.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown
> Source)
> at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
> at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
> at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
> at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
> at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
> at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
> at java.lang.ClassLoader.loadClass(Unknown Source)
> at sun.plugin2.applet.Plugin2Cla

Performance drop under load for Tomcat8/DBCP2 with respect to Tomcat 7/DBCP1

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

All,

I've been piloting Tomcat 8 in my development environment on and off
for the last few months, and I just started working on some new
functionality that causes a #*(%^storm of JDBC activity: I have a main
page which loads dozens of images, which are actually SVGs built on
the fly by pulling similar data from the database.

This has all been working for several years, and I added some caching
at the very start because most of this data all comes from the same
place, so the first image to be loaded ends up doing the hard work
while the others wait for the cached data to become available, then
everything goes quickly after that with very little CPU usage, etc.

Now, I'm trying to load a different image simultaneously that uses
similar data yet different. This causes the two pieces of code to
fight over the cached data in a way that essentially continuously
invalidates the cache. I'll get that worked out myself because it's a
bad situation in general, but I have observed that when I run this
under Tomcat 7, it takes a long time (on the order of maybe 5 seconds)
to fulfill the request, but it makes steady progress.

When I run under Tomcat 8.0.3, a couple of the images are loaded, and
then the whole ... thing ... just ... stops. If I watch my log4j log
file, every so often a flurry of activity occurs: several pieces of
information are actually fetched from the database, and progress is
made. But I have waited like 10 minutes and the series of requests
never finishes in that time.

(Something odd I can see: when that small amount of progress is made,
the idle connection in MySQL *remains* idle. The only conclusion I can
come to is that a new connection is being created to fetch that data
and then it's being dropped, or that something is giving up somewhere
without telling me. Neither conclusion makes much sense. I haven't
actually confirmed that any real progress is made... just that I can
see "loading XYZ from db" in my log files... those messages are logged
*before* the data is loaded so I don't know it has been at this point).

Thread dumps show that everything is waiting on:

 - org.apache.tomcat.dbcp.dbcp2.BasicDataSource.getConnection()
@bci=55, line=1385 (Interpreted frame)

It's not that large a number of threads. It's something like 30-40
threads waiting on connections. (I'm not entirely sure why there are
so many threads active... I'm the only one using this environment and
I made a single top-level request... I thought most browsers limited
their outgoing connections to something like 8 per hostname, but that
appears not to be the case).

I have a variety of methods in operation at that time, but they are
all waiting on a database connection.

My DataSource configuration:

   

Note that I have a single database connection in the pool. This is to
catch any potential deadlocks in my JDBC code, and to catch abandoned
resources as soon as possible. I get *no warnings* about abandoned
anything. I don't even get timeouts waiting for connections from the
pool (there is supposed to be a 10-second connection timeout waiting
for a connection from the pool... those timeouts do not appear to be
happening... they should trigger exceptions in my log file). The MySQL
database reports that the connection held by my web application is
completely idle, and sits there doing nothing. No query is in progress.

It looks like DBCP2 is kind of hosing, here.

I don't have a simple test case right now, unfortunately, but I do
know that it has worked every time (maybe a dozen times) under Tomcat
7.0.47 and failed every time (maybe 5 times, now) under Tomcat 8.0.3.

I'm going to try using tomcat-pool to see if it makes any difference.
I suspect it will, since they are completely different architectures.

Any suggestions?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFoLjAAoJEBzwKT+lPKRYMOIP/3HestrhGen4GMPRTDpM5VJN
5kW8dxlPJ4U9vLioLk9FgvLVWdPOsaHQpzWP0rII2qvynhb1XIf/D3idRCOsQ9Q8
jxjDxEMhX2RRuMjqZES5ACY1CxhaElBcfzYI39Gh0hPfqdotilQ/3U+7yCR7N0F/
NbGmjYFSOBXgPFYwMGTB6Z7cXq+PyAcz0H7N7sc6vFOqBY4cjwFKTNkacxyogCcP
a163TFqdo5FbZ5zat76QHy96SkFLzT9wez7tMWJLyQlSA2XUHgyj0ch9THCvfNea
o+PVkClnR2Cz5PCJKRTZ5X+14Gs/oSquRSlsqjlA78trDnJu2joC7KfE7WwnkwdT
WCkDepAoSD5SSH4YWLz2PScp3vNl1sZ6cQVSJ0IjfQdDkSt62jzbjUoNbnSEEC0s
hi3ChqoZoB1s+bY+eM3Yd70Fwv5YGlDEsPaemmwz3psZt+xw8/8NeH+a+KABVM6S
azIblSM9Gsq0Knv2LJeTzby8SxO4Luqcyf5b0M+USeWrEXxiFpDv2VtHCeqwnaLD
9ojx5AGvlbJN/WXYCXvHS60FYdhlZIWXltrkO7FticbEkJUC5ptNMfPfHqCcf+KG
CbaMs6QiAKmlPDQ+f5tQXOvnwR8eB9jdkwjkicjXogwmvKmLh6luVuq5+TyGD/0s
f4dzoI/10l9h/RivLSnB
=qNjE
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Can I use jmx to see jdbc pool variables/properties in Tomcat 6?

[Neven Cvetkovic]

On Tue, Mar 4, 2014 at 2:56 PM, Charles Richard <
charle...@thelearningbar.com> wrote:

> On Tue, Mar 4, 2014 at 3:17 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>  > Can we still use Hibernate in our Spring application if we
> > > configure the Data Source through a context.xml?
> >
> > Yup. You just need to tell Hibernate that you already have a
> > DataSource. I'm not exactly sure how to do that, but I'm confident it
> > can be done. You posted only the DataSource configuration itself and
> > it didn't have a name (other than the "id"). You'll need to figure out
> > how to get Hibernate to use an existing (external) DataSource rather
> > than configuring it yourself as you have done.
> >
> > I'm really not sure how that could be done either but hopefully the
> developers here could help me with this.
>
>
Charles,

As Chris pointed out - there are two ways you can get a datasource into
your Spring application:

1) Spring managed resource (datasource) - e.g. C3P0, Tomcat Pool
Datasource, etc... this is the one you've been using. Connection pool is
implemented and managed by the Spring container. That usually doesn't
register itself with JMX MBeanServer.

You define datasource in the Spring configuration, e.g.


 ...



2) Tomcat / container managed resource (datasource) - defined by the
 in the Tomcat configuration.

See more details on JNDI entries here
https://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html

You will notice there are two ways to configure your resource in Tomcat
container:

(a) a global resource, so every deployed application will have access to
the same entry, as defined in TOMCAT_DIR/conf/server.xml
(b) per application resource, as defined in
YOURAPP.war/META-INF/context.xml  (as Chris suggested).

There are pros and cons for both approaches.

Once you register your resource with JNDI, you can reference that
datasource in your spring configuration with:



(works in newer Spring 3.x, and possibly 2.x)

You can see more details here:
http://docs.spring.io/spring/docs/3.0.x/reference/xsd-config.html#xsd-config-body-schemas-jee
http://docs.spring.io/spring/docs/2.5.6/reference/xsd-config.html#xsd-config-body-schemas-jee

Hopefully, that answers your question.

Cheers!
Neven

Re: [OT] secure reverse proxy to my tomcat server HELP NEEDED

[André Warnier]

Jeff Haferman wrote:

Jeff "Top-Posting is not Bad because you have to scroll to the bottom to see what 
you're after" Haferman wrote:


[...]

quote :

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Bottom-posting preserves the logical order of the replies and is consistent with the 
Western reading direction from top to bottom.


unquote.

My comment was not meant to start a flame war, just to remind you (and gently, at that) of 
what the usage rules of this list are.  Even if for your own personal communications 
elsewhere you prefer to use another style, when you are going somewhere in order to get 
free help in resolving a problem of yours, and you obtain such help freely given, it would 
seem just mere politeness to abide by the customs of the place, no ?


(Which customs are listed here : http://tomcat.apache.org/lists.html -> tomcat-users -> 
Important, as Chuck already pointed out)



Apart from this, if you want to understand better how Apache httpd handles requests and in 
which order things happen (such as proxying via mod_proxy or mod_jk, or things like 
JkMount, SetHandler/AddHandler etc), one of the best explanations I know of, is to be 
found here :


http://perl.apache.org/docs/2.0/user/handlers/http.html

This is related to Perl, and mod_perl (a tight integration of a Perl interpreter into 
Apache httpd), which in itself might not be of direct interest to you.
But in the process, it gives a very good idea of how Apache httpd works internally, 
including at what stages of the HTTP request processing cycle it decides to pass the 
request to the various mod_xxx modules within httpd.
(including mod_jk, which is in fact for Apache httpd only one of the possible 
"response-generating" modules).



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Shutdown port on Windows Service installation

[Jeffrey Janner]

> -Original Message-
> From: David kerber [mailto:dcker...@verizon.net]
> Sent: Tuesday, March 04, 2014 11:32 AM
> To: Tomcat Users List
> Subject: Re: Shutdown port on Windows Service installation
> 
> On 3/4/2014 12:04 PM, Jeffrey Janner wrote:
> >> -Original Message-
> >> From: David kerber [mailto:dcker...@verizon.net]
> >> Sent: Tuesday, March 04, 2014 8:17 AM
> >> To: Tomcat Users List
> >> Subject: Shutdown port on Windows Service installation
> >>
> >> I am running several instances of TC 7 as services on a Windows
> >> Server
> >> 2008 R2.  Each instance has its own set of ports, and I have both
> the
> >> data port and shutdown ports configured in server.xml.  They are
> >> currently running only HTTP.
> >>
> >> My questions:
> >>
> >> 1.  Does the shutdown port serve any purpose on a windows service
> >> installation?  I thought I had read that it did not, but some
> >> searching didn't turn up a definitive answer.
> >>
> > The shutdown port is not needed for a Windows service, but it is
> usable if configured.
> > In other words, assuming the default configuration, if someone were
> to send "SHUTDOWN" to the localhost port 8005, then Tomcat would
> shutdown.
> 
> Ok, I think I'll disable that.  We always use the service controls.
> 
> 
> 
> > I couldn't tell from the documentation
> (http://tomcat.apache.org/tomcat-7.0-doc/config/server.html), but I
> seem to recall that the "port" attribute is required on the 
> tag.  For all my Windows installations, I just set it to -1 and let the
> Commons Daemon implementation (tomcat.exe) take care of the shutdown
> task.
> > FYI: Tomcat implements the Java Daemon API, which is the mechanism
> that the Apache Commons Daemon
> (http://commons.apache.org/proper/commons-daemon/) executables use to
> communicate with the Tomcat. The ACD is a C program that loads the JVM
> and tells it to run the Tomcat bootstrap. Then it just listens for
> system signals.  There is a Windows version (procrun) and a Unix/Linux
> version (jsvc).  This is a separate utility that you can use if you
> have standalone Java programs you need to run as a service.
> > BTW: The JVM exits when Tomcat issues a System.exit() call.
> 
> So -1 disables the shutdown port, right?
> 
Correct!
> 
> >
> >> 2.  I may need to start using HTTPS for my data transfer for at
> least
> >> one of the instances.  If that instance is going to allow only HTTPS
> >> (and not HTTP), can I just make the current HTTP port into HTTPS?
> Or
> >> do I need to configure an additional port?  If I need an additional
> >> port, and the shutdown port isn't needed, I could just turn the
> >> shutdown port into the HTTPS port, right?
> >>
> > You don't mention your setup, but I would use the standard HTTPS port
> of 443 and actually provide both the HTTP and HTTPS connectors, then
> configure the application to force HTTPS where necessary via the
> web.xml directives.
> > But then again, it depends on your implementation.
> 
> The ports are different for each TC instance, but I can give each
> instance an extra port if needed.
> 
> 
> >
> >> I understand that there are significant configuration changes needed
> >> for HTTPS, and will be back if I run into issues with it, but for
> now
> >> I'm only asking about the TCP ports.
> >>
> >> Thanks!
> >> Dave
> >
> > Be careful of whether you are also running with the native/APR
> library.  The SSL configuration requirements are different if doing so.
> It is all well documented in the Tomcat documentation.
> 
> 
> Thanks for the comments, Jeff.  I'll definitely be running the native
> lib for performance reasons.  A couple  of the instances get around 4M
> transactions per day, and we total well over 10M per day across all the
> instances.  So I want to keep the load as small as I reasonably can.
> 
When it comes time to issue the signed certificate from whatever CA you decide 
to use, be careful which version you pick.  Some will offer a choice of 
"Tomcat", but that will get you a certificate useful for the native-Java SSL 
implementation.  You will want to be sure to pick the "Apache" offering.
Jeff


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet

[Bill Davidson]

On 3/4/2014 3:13 PM, Mark Eggers wrote:


Hmm, is the applet signed, and is the certificate from a trusted authority?

Oracle recently made some changes to Java which tightened down applet security. 
They also made some changes in the security policy that block communication on 
well-known ports unless you create a policy exception.

I got bit by the latter when I moved to 1.7.0_51 on Windows and tried to start 
up a Derby database.


The applet is signed and runs without warning pop-ups.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: secure reverse proxy to my tomcat server HELP NEEDED

[Jeff Haferman]

Jeff "Top-Posting is not Bad because you have to scroll to the bottom to see 
what you're after" Haferman wrote:

>
>
> Listen 80
> ProxyRequests Off
> ProxyPreserveHost on
>
>
> ServerName my.webserver.com
> ProxyPass / http://my.webserver.com:8080/
> ProxyPassReverse / http://localhost:8080/
>   
>
>http://my.webserver.com:8080/>
> AllowOverride None
> Order Deny,Allow
> Allow from all
>
>
> Listen 443
>
>
> SSLEngine on
> SSLProxyEngine on
> SSLCertificateFile /path/to/server.crt
> SSLCertificateKeyFile /path/to/server.key
> ServerName my.webserver.com
> ProxyPass / https://my.webserver.com:8443/
> ProxyPassReverse / https://localhost:8443/
>
>
>https://my.webserver.com:8443/>
> AllowOverride None
> Order Deny,Allow
> Allow from all
>
>

Problem solved. The config listed is good. It was getting borked by some 
garbage in an included extra/httpd-ssl.conf file. Most helpful resource I found 
was the apache mod_proxy documentation...I thought it might have been a tomcat 
connector problem but not so... 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet

[Mark Eggers]

On 3/4/2014 1:36 PM, Bill Davidson wrote:

On 3/4/2014 1:24 PM, Christopher Schultz wrote:


Well... then you'd need a balancer for each balancer ;)

Can you reproduce this issue yourself on your own computer (running
the applet locally)? If so, what version of Java is running?


That's mostly what I've been doing for the last 24 hours.


Java recently made some changes to the SSL code that make it a much
bigger pain in the neck to make HTTPS connections for instance. I
haven't seen any "Remote host closed connection during handshake" but
presumably that could happen under the right failed-negotiation
conditions.



Hmm.  We were building with Java 1.7.0_25 (I think) when it was working and
now we're building with Java 1.7.0_45.  Could that actually be it?


Hmm, is the applet signed, and is the certificate from a trusted authority?

Oracle recently made some changes to Java which tightened down applet 
security. They also made some changes in the security policy that block 
communication on well-known ports unless you create a policy exception.


I got bit by the latter when I moved to 1.7.0_51 on Windows and tried to 
start up a Derby database.


. . . just some random thoughts
/mde/


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Can I use jmx to see jdbc pool variables/properties in Tomcat 6?

[Mark Eggers]

Since it's only two lines, I'll top-post as well as answer inline.

http://wiki.apache.org/tomcat/TomcatHibernate


On 3/4/2014 12:05 PM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Charles,

On 3/4/14, 2:56 PM, Charles Richard wrote:

On Tue, Mar 4, 2014 at 3:17 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

Charles,

On 3/4/14, 2:10 PM, Charles Richard wrote:

The tomcat version is 6.0.30.


You should look at the changelog and security reports. I think
you're going to want to upgrade.



That  is something that would be the next priority after
understanding our connection pooling issues. If upgrading Tomcat
would help with this as well, we would definitely try to
fasttrack it. We usually try to change one thing at a time on our
production environment.


A very good policy. No, I don't think this will help you with your
DataSource stuff. But you will want to get this into testing ASAP.
Honestly, you should probably be looking at Tomcat 7 or even Tomcat 8
for getting into your development and/or testing environments.


Can we still use Hibernate in our Spring application if we
configure the Data Source through a context.xml?


Yup. You just need to tell Hibernate that you already have a
DataSource. I'm not exactly sure how to do that, but I'm confident
it can be done. You posted only the DataSource configuration itself
and it didn't have a name (other than the "id"). You'll need to
figure out how to get Hibernate to use an existing (external)
DataSource rather than configuring it yourself as you have done.


I'm really not sure how that could be done either but hopefully
the developers here could help me with this.




Here's a quick wiki document I wrote a while back for that:

http://wiki.apache.org/tomcat/TomcatHibernate




They should be able to do that.


We are not using a context.xml right now, can I use the
context.xml in $TOMCAT_HOME/conf?


No! That's the system-wide defaults for all web applications
deployed to the container. You want META-INF/context.xml within
your WAR file (or exploded WAR-dir).


Our server.xml, the config is as follows:

 


You should not have a  element at all in your server.xml.
It's a wonder that your application even works with a path of ""
and a docBase of "". I'll bet you have a WEB-INF directory directly
in your webapps/ directory, right?




We've got a WEB-INF folder in our appBase folder reference
(/ourpath/WEB-INF).



Sounds like you've got a mess on your hands.



I guess.



Move that  into META-INF/context.xml, remove the
"docBase" and "path" attributes, and then add a  as a
child to configure your DataSource. You'll also need to move your
JDBC driver from WEB-INF/lib into Tomcat's lib/ directory.



In our /ourpath/META-INF, there is no context.xml, just a
MANIFEST.MF file. I can create one if that's what I'm supposed to
do.


Yep, just create a new one.

- -chris


Hope that helps

Mark
/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Configuring mod_jk with multiple Apache HTTPD Virtual Hosts

[Doug Strick]

The F5 issues were just due to poor environment configuration.  Each F5 VIP
was sending traffic to the same pool and that pool was only configured for
1 member.  That 1 member IP/port was used by several apache virtual hosts.
 So basically I never knew which virtual host was getting the request which
meant some requests were going to listeners not running mod_jk.  Always fun
joining a new company and having to piece together what someone else has
done.

Please remember that over 90% of these configs were created by the Adobe CF
webserver config utility so I question some of it as well.  Here is what's
being used in the uriworkermap.properties:

/cfformgateway/* = cfusion
/CFFormGateway/* = cfusion
/flex2gateway/* = cfusion
/flex2gateway = cfusion
/cffileservlet/* = cfusion
/CFFileServlet/* = cfusion
/cfform-internal/* = cfusion
/flashservices/gateway/* = cfusion
/flex-internal/* = cfusion
/rest/* = cfusion
/*.cfml/* = cfusion
/*.mxml = cfusion
/*.as = cfusion
/*.cfm = cfusion
/*.cfm/* = cfusion
/*.swc = cfusion
/*.cfml = cfusion
/*.cfc = cfusion
/*.cfc/* = cfusion
/*.cfr = cfusion
/*.cfswf = cfusion
/*.sws = cfusion
/*.jsp = cfusion
/*.hbmxml = cfusion


This is what I'm seeing in the mod_jk log.  I've cut out a few sections of
the "Attempting to map context URI" so there's less clutter.

[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
map_uri_to_worker_ext::jk_uri_worker_map.c (1131): Attempting to map URI
'/' from 24 maps

[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
jk_translate::mod_jk.c (3723): no match for / found
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
map_uri_to_worker_ext::jk_uri_worker_map.c (1131): Attempting to map URI
'/' from 24 maps

[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
jk_map_to_storage::mod_jk.c (3798): no match for / found
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
map_uri_to_worker_ext::jk_uri_worker_map.c (1131): Attempting to map URI
'/index.cfm' from 24 maps
[
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
find_match::jk_uri_worker_map.c (958): Found a wildchar match
'/*.cfm=cfusion'
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
jk_handler::mod_jk.c (2621): Into handler jakarta-servlet worker=cfusion
r->proxyreq=0
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
wc_get_worker_for_name::jk_worker.c (115): found a worker cfusion
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
wc_get_name_for_type::jk_worker.c (292): Found worker type 'ajp13'
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
init_ws_service::mod_jk.c (1097): Service protocol=HTTP/0.9 method=GET
ssl=false host=(null) addr=192.168.253.3 name=app1.dev5.abc.com port=80
auth=(null) user=(null) laddr=192.168.253.61 raddr=192.168.253.3 uri=/
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_get_endpoint::jk_ajp_common.c (3161): acquired connection pool slot=0
after 0 retries
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_marshal_into_msgb::jk_ajp_common.c (626): ajp marshaling done
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_service::jk_ajp_common.c (2450): processing cfusion with 2 retries
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_connection_tcp_send_message::jk_ajp_common.c (1184): sending to ajp13
pos=4 len=185 max=8192
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_connection_tcp_send_message::jk_ajp_common.c (1184): 12 34 00
B5 02 02 00 08 48 54 54 50 2F 30 2E 39  - .4..HTTP/0.9
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_connection_tcp_send_message::jk_ajp_common.c (1184): 001000 00 01
2F 00 00 0D 31 39 32 2E 31 36 38 2E 32  - .../...192.168.2
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_connection_tcp_send_message::jk_ajp_common.c (1184): 002035 33 2E
33 00 FF FF 00 22 63 6F 6D 6D 65 72 63  - 53.3"app1
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_connection_tcp_send_message::jk_ajp_common.c (1184): 003065 2E 64
65 76 35 2E 6C 69 66 65 74 65 63 68 6E  - dev5.abc
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_connection_tcp_send_message::jk_ajp_common.c (1184): 00406F 6C 6F
67 69 65 73 2E 63 6F 6D 00 00 50 00 00  - .com..P..
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_connection_tcp_send_message::jk_ajp_common.c (1184): 005002 A0 09
00 27 54 4C 54 53 49 44 3D 31 38 36 35  - 'TLTSID=1865
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_connection_tcp_send_message::jk_ajp_common.c (1184): 006037 36 41
32 41 33 45 35 31 30 41 33 30 30 30 33  - 76A2A3E510A30003
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_connection_tcp_send_message::jk_ajp_common.c (1184): 007045 43 39
33 42 35 31 31 39 39 42 43 00 A0 08 00  - EC93B51199BC
[Tue Mar 04 16:36:50 2014] [5763:140265396258560] [debug]
ajp_connection_tcp_send_message::jk_ajp_common.c (1184): 008001 30 00
0A 00 

Re: Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet

[Bill Davidson]

On 3/4/2014 1:24 PM, Christopher Schultz wrote:


Well... then you'd need a balancer for each balancer ;)

Can you reproduce this issue yourself on your own computer (running
the applet locally)? If so, what version of Java is running?


That's mostly what I've been doing for the last 24 hours.


Java recently made some changes to the SSL code that make it a much
bigger pain in the neck to make HTTPS connections for instance. I
haven't seen any "Remote host closed connection during handshake" but
presumably that could happen under the right failed-negotiation
conditions.



Hmm.  We were building with Java 1.7.0_25 (I think) when it was working and
now we're building with Java 1.7.0_45.  Could that actually be it?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Bill,

On 3/4/14, 4:16 PM, Bill Davidson wrote:
> On 3/4/2014 11:22 AM, Christopher Schultz wrote:
>> 
>> Aah, sorry, I had missed that. So, the only change was Tomcat?
>> No upgrade to mod_jk or anything like that? OpenSSL upgrade?
>> Upgraded Java on the client? Everything else *absolutely* the
>> same?
> 
> Exact same httpd, including mod_jk.  Same files.  Same directory.
> httpd was not touched at all.
> 
> I just tried reverting to Tomcat 6 and the problem is still there,
> so it keeps getting weirder.
> 
>> If you aren't using SSL at all in Tomcat, then Tomcat isn't
>> likely to be the problem, here.
> 
> I'm thinking that now too.

Good ;)

I don't want to point fingers, but I don't see anything in your
description that really points to Tomcat, so...

>> Can other command-line tools connect -- take the applet out of
>> the picture? Try something like curl, wget, or even OpenSSL's
>> s_client tool. s_client will give you lots of good information
>> about the SSL connection state, too.
> 
> The applet is the only thing that's having the problem.
> Everything else works (and this is a massive app).
> 
> We've also seen the applet work for some people, all of whom were 
> using IE but not others who may be using IE, Firefox or Chrome.
> 
> We've played with TLS/SSL settings in IE and Firefox.  That can 
> change the error message but it still fails.
> 
> Again, it works fine when connecting directly to Apache httpd and 
> bypassing the load balancer.  We've been forced to open up direct 
> access to the ports for that so that our customers can print.  We 
> don't like that because we lose the advantages of load balancing 
> and the SSL load is now on our web servers instead of the
> expensive dedicated hardware that's supposed to be doing that for
> us.
> 
> My current suspicion is that the load balancer hardware is going
> bad.

That would really suck. Those things are expensive.

> It has two server pools.  One is to cover customers in one
> hemisphere (mostly Australia) and one for the other hemisphere
> (mostly US/GB/IE). We only updated the servers in the pool for the
> eastern hemisphere to Tomcat 7.  We have the two different pools so
> that we can have down time during low activity periods.

Good call. Lots of people just throw-together a solution and hope they
don't have any downtime.

> It's just weird that it happened to start having this problem
> right after we upgraded to Tomcat 7 and only on the pool that got
> upgraded to Tomcat 7.
> 
> Rebooting the load balancer involves kicking everyone off of both 
> pools, which means that no matter when we do it, it will be during 
> some non-trivial number of customers prime activity time.
> 
> We should have gotten completely different load balancers for each 
> pool.  Sigh.  Mr. CEO, can I please have $25,000-$50,000?

Well... then you'd need a balancer for each balancer ;)

Can you reproduce this issue yourself on your own computer (running
the applet locally)? If so, what version of Java is running?

Java recently made some changes to the SSL code that make it a much
bigger pain in the neck to make HTTPS connections for instance. I
haven't seen any "Remote host closed connection during handshake" but
presumably that could happen under the right failed-negotiation
conditions.

If things aren't working after rolling-back to Tomcat 6, I think it's
clear the problem isn't Tomcat 7, but it may still be Tomcat-related
in one way or another (i.e. mod_jk upgrade, config change, etc.)...
but not likely. It might be instructive to see what happens at the
protocol level between the lb and httpd for a successful and failed
connection (which might be tough... if you can't connect successfully
*at all*, now).

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFkSgAAoJEBzwKT+lPKRYNToQAIk9MaWgyhvZtmGbQIgTdDsN
lY2tCqU7R5N9JU83cgy8VXPZ+2U9vN3eB/lNqo6++IUNQASKhkSg0C7OL/nyaD6E
e1ePea3V/6cfH+IHeI9nxwVwbkkAGlMwRO0vcW5HmDXdfyTIiT6+4UpnqT2aw71F
9zKVD20M7VdgUpIhIIfYfLs5996euODpu/dy0evKUeQJRwFd2HilZEDdxmMtgzRs
5qWxNfzgRs5IKQma9LDtHboaixlINx/qI04BRnShI6ZAP31+FpYnrYElBpB+PhR9
JeUBpbjPwmhcThVeFaLVnb5lg7GsZGpJah7YQDoGfMNix9Nwryt69LHWRFlv6rR7
65hLobRJIYIme6+sUEy8BjY4uidBo/w+7wtn4jBmPxGNCAtL5TeMCCIaII8p76vD
Uu9+R6TXJUCGYRb6E3fRvBuv9xPH/o26QvJHvfTwJrf/A8PW39rh1mIe1S3uw+f1
wOfIAmeSgN3ZsW8Ixe0xUykl42TvkbpP3z9qx6XxZCb0tqiawaG87939tkoB2rEB
2eF8mNzVyoW2yubf6amwXFkzRP62/PIAnA7nLfX+FL+PSU8ctOzuHG3AnvY4l0RS
RpzzoEKIJQE0AToqkg5wEu9y2lrOdYMsbAXjAhAYUOumMbpPe5J4PdwgGZ/Ldb7h
xYWZdG2p52sR84xXV7KZ
=tIeu
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dmitry,

On 3/4/14, 2:48 AM, Dmitry Batiyevskiy wrote:
> Howard, My connector config is the following (i've already posted
> that):
> 
>  enableLookups="false" disableUploadTimeout="true" acceptCount="100"
> scheme="https" secure="true" SSLEnabled="true" compression="off" 
> SSLCertificateFile="/opt/tomcat/mycompany.com.crt" 
> SSLCertificateKeyFile="/opt/tomcat/mycompany.com.key" />
> 
> Also -Dhttps.protocols=TLSv1 option is passed to java machine
> 
> The reason for me to use apr connector is https performance, isn't
> NIO much slower in that?

I don't have any recent performance data, but using OpenSSL is
apparently measurably faster than using JSSE.

On the other hand, is the NIO connector does not crash, isn't that a
point in its favor?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFkMeAAoJEBzwKT+lPKRYA+0P+wXFWLQnxRqzxwLtXMMK19jP
FPsqAXQTLRvSM/FsaGONS3VuIeKciVsyPfEIE8V7GOihEyQfNGYQr4caY7oZD1W8
clJXWsc26Ez+eSYp8AHP0FORvu9hHXKWmf68ooBXwkC01v8iJD5XfpXZvev0VKWb
HQQ/d/gP4f3wFSoQY2MYH+gsu6iayhueomHf/t2pckodztcVnmx61v3DjXjtgz3J
HFsFay8tDTC5o/+OmU8PSzAZ2tRy8Ytd43dLNKq0YimR4Nb1LYE2MSjDoi49BvSX
+Z9YYXIMWCPUST0GjrjhPGJ2/EKVt12zS8UJdfPvcSPyky/y2zJkwksJIB6gO8+2
Ps8IzGEXC0lM0yBaj2h4M28rVqA84k/oV0vBSbgvRnJYduFmM4qQzWEFStmMZxlN
D0E5QVZyBM6ZQjXYN/PJU3u9l8RP8AJY5dwcOiCm3FBZcd0gmC0JbO8y4bXFB208
+zF63dGXqRVvLlSCmh9iqVqoqwgWGOJriKXZgqRmwtC1ovgkcfS16nxtGygh5mTG
4ark2XbFQUQeu5RhcrlYmb8yKRIVcbByrEAbh1vfvYfE+i01DO6StElmOnm3cJ9L
K/ExFsOmpIyA4Z6A8Eyuq1t9TudZhhonT+6o7Or0Ve3PP8qh84HJuE7GFcT0gNAC
z7iVVXDnPqrPjkYxEZe/
=tY82
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet

[Bill Davidson]

On 3/4/2014 11:22 AM, Christopher Schultz wrote:


Aah, sorry, I had missed that. So, the only change was Tomcat? No
upgrade to mod_jk or anything like that? OpenSSL upgrade? Upgraded
Java on the client? Everything else *absolutely* the same?


Exact same httpd, including mod_jk.  Same files.  Same directory. httpd was not
touched at all.

I just tried reverting to Tomcat 6 and the problem is still there, so it keeps 
getting
weirder.


If you aren't using SSL at all in Tomcat, then Tomcat isn't likely to
be the problem, here.


I'm thinking that now too.


Can other command-line tools connect -- take the applet out of the
picture? Try something like curl, wget, or even OpenSSL's s_client
tool. s_client will give you lots of good information about the SSL
connection state, too.


The applet is the only thing that's having the problem.  Everything
else works (and this is a massive app).

We've also seen the applet work for some people, all of whom were
using IE but not others who may be using IE, Firefox or Chrome.

We've played with TLS/SSL settings in IE and Firefox.  That can
change the error message but it still fails.

Again, it works fine when connecting directly to Apache httpd and
bypassing the load balancer.  We've been forced to open up direct
access to the ports for that so that our customers can print.  We
don't like that because we lose the advantages of load balancing
and the SSL load is now on our web servers instead of the expensive
dedicated hardware that's supposed to be doing that for us.

My current suspicion is that the load balancer hardware is going bad.

It has two server pools.  One is to cover customers in one hemisphere
(mostly Australia) and one for the other hemisphere (mostly US/GB/IE).
We only updated the servers in the pool for the eastern hemisphere to
Tomcat 7.  We have the two different pools so that we can have down time
during low activity periods.

It's just weird that it happened to start having this problem right
after we upgraded to Tomcat 7 and only on the pool that got upgraded
to Tomcat 7.

Rebooting the load balancer involves kicking everyone off of both
pools, which means that no matter when we do it, it will be during
some non-trivial number of customers prime activity time.

We should have gotten completely different load balancers for each
pool.  Sigh.  Mr. CEO, can I please have $25,000-$50,000?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

ApacheCon North America, Denver, April 7-11

[Rich Bowen]

Hello Tomcat enthusiasts,

as you are no doubt aware, ApacheCon North America will be held in 
Denver, Colorado starting on April 7th. Tomcat will be represented there 
by a full day of content in the following talks: 
http://apacheconnorthamerica2014.sched.org/overview/type/tomcat


We would love to see you in Denver next month. Register soon, as prices 
go up on March 14th. http://na.apachecon.com/


--
Rich Bowen - rbo...@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Websockets timing out

[Bob Mancarella]

I didn't implement programmatic.


On Tue, Mar 4, 2014 at 3:52 PM, Mark Thomas  wrote:

> On 04/03/2014 20:50, David kerber wrote:
> > On 3/4/2014 3:46 PM, Bob Mancarella wrote:
> >> could you try this.
> >> http://dev.bizunite.com/inlook/echo.html
> >>
> >> click on annotation API then Connect and see if you stay connected.
> >
> > Seems to be working fine for me.
>
> I get an immediate close with the programmatic API but no issues with
> the annotation API.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Websockets timing out

[Bob Mancarella]

Ugh. Looks like I need to use wss in my environment. I just found this.

"If an encrypted WebSocket Secure connection (wss://) is used, then in the
case of transparent proxy servers, the browser is unaware of the proxy
server, so no HTTPCONNECT is sent. However, since the wire traffic is
encrypted, intermediate transparent proxy servers may simply allow the
encrypted traffic through, *so there is a much better chance that the
WebSocket connection will succeed if an encrypted WebSocket connection is
used.*"

Thanks everyone for your help.



On Tue, Mar 4, 2014 at 3:50 PM, David kerber  wrote:

> On 3/4/2014 3:46 PM, Bob Mancarella wrote:
>
>> could you try this.
>> http://dev.bizunite.com/inlook/echo.html
>>
>> click on annotation API then Connect and see if you stay connected.
>>
>
> Seems to be working fine for me.
>
>
>
>
>>
>> On Tue, Mar 4, 2014 at 3:44 PM, Mark Thomas  wrote:
>>
>>  On 04/03/2014 20:36, Bob Mancarella wrote:
>>>
 OK, this is strange. If I go here http://www.websocket.org/echo.html
 I get the same results. Click on Connect but don't hit Send and I get a
 Disconnected message soon after.
 If I use TLS it seems to work. If I hit Send immediately after Connect
 it
 seems to work.

 Anyone else seeing this?

>>>
>>> Not here.
>>>
>>> Mark
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Websockets timing out

[Mark Thomas]

On 04/03/2014 20:50, David kerber wrote:
> On 3/4/2014 3:46 PM, Bob Mancarella wrote:
>> could you try this.
>> http://dev.bizunite.com/inlook/echo.html
>>
>> click on annotation API then Connect and see if you stay connected.
> 
> Seems to be working fine for me.

I get an immediate close with the programmatic API but no issues with
the annotation API.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Websockets timing out

[David kerber]

On 3/4/2014 3:46 PM, Bob Mancarella wrote:

could you try this.
http://dev.bizunite.com/inlook/echo.html

click on annotation API then Connect and see if you stay connected.


Seems to be working fine for me.





On Tue, Mar 4, 2014 at 3:44 PM, Mark Thomas  wrote:


On 04/03/2014 20:36, Bob Mancarella wrote:

OK, this is strange. If I go here http://www.websocket.org/echo.html
I get the same results. Click on Connect but don't hit Send and I get a
Disconnected message soon after.
If I use TLS it seems to work. If I hit Send immediately after Connect it
seems to work.

Anyone else seeing this?


Not here.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Websockets timing out

[Bob Mancarella]

could you try this.
http://dev.bizunite.com/inlook/echo.html

click on annotation API then Connect and see if you stay connected.


On Tue, Mar 4, 2014 at 3:44 PM, Mark Thomas  wrote:

> On 04/03/2014 20:36, Bob Mancarella wrote:
> > OK, this is strange. If I go here http://www.websocket.org/echo.html
> > I get the same results. Click on Connect but don't hit Send and I get a
> > Disconnected message soon after.
> > If I use TLS it seems to work. If I hit Send immediately after Connect it
> > seems to work.
> >
> > Anyone else seeing this?
>
> Not here.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Websockets timing out

[Mark Thomas]

On 04/03/2014 20:36, Bob Mancarella wrote:
> OK, this is strange. If I go here http://www.websocket.org/echo.html
> I get the same results. Click on Connect but don't hit Send and I get a
> Disconnected message soon after.
> If I use TLS it seems to work. If I hit Send immediately after Connect it
> seems to work.
> 
> Anyone else seeing this?

Not here.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat 6 refuses mod_jk connections after server runs for a couple of days

[Daniel Mikusa]

On Mar 4, 2014, at 1:55 PM, Isaac Gonzalez  wrote:

> Dan,
> 
> 
> From: Daniel Mikusa [dmik...@gopivotal.com]
> Sent: Tuesday, March 04, 2014 6:20 AM
> To: Tomcat Users List
> Subject: Re: tomcat 6 refuses mod_jk connections after server runs for a 
> couple of days
> 
> On Mar 4, 2014, at 6:32 AM, Rainer Jung  wrote:
> 
>> On 27.02.2014 23:06, Isaac Gonzalez wrote:
>>> Hi Christopher(and Konstantin), attached is a couple of thread dumps of 
>>> when we experienced the issue again today. I also noticed we get this 
>>> message right before the problem occurs:
>>> Feb 27, 2014 12:47:15 PM 
>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run
>>> SEVERE: Caught exception (java.lang.OutOfMemoryError: unable to create new 
>>> native thread) executing 
>>> org.apache.jk.common.ChannelSocket$SocketAcceptor@177ddea, terminating 
>>> thread
>> 
>> Is it a 32Bit system? You have 2GB of heap plus Perm plus native memory
>> needed by the process plus thread stacks. Not unlikely, that you ran out
>> of memory address space for a 32 bit process.
>> 
>> The only fixes would then be:
>> 
>> - switch to a 64 bit system
>> 
>> - reduce heap if the app can work with less
>> 
>> - improve performance or eliminate bottlenecks so that the app works
>> with less threads
>> 
>> - limit you connector thread pool size. That will still mean that if
>> requests begin to queue because of performance problems, the web server
>> can't create additional connections, but you won't get in an irregular
>> situation as you experience now. In that case you would need to
>> configure a low idle timeout for the connections on the JK and TC side.
> 
> It may also be possible to lower the thread stack size with the -Xss option.
> 
> Ok so we are 64 bit Linux with 1024k in the 64-bit VMwould lowering it to 
> 64k be a bit too low? What sort of repercussions would we run into?
> Very helpful information by the way.

It depends on your apps, so you’ll need to test and see.  If you go too low, 
you’ll get StackOverflow exceptions.  If you see those, just gradually increase 
until they go away.

Dan


> 
> -Isaac
> 
>  http://www.oracle.com/technetwork/java/hotspotfaq-138619.html#threads_oom
> 
> Might buy you some room for a few additional threads.
> 
> Dan
> 
>> 
>> Regards,
>> 
>> Rainer
>> 
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Websockets timing out

[Bob Mancarella]

OK, this is strange. If I go here http://www.websocket.org/echo.html
I get the same results. Click on Connect but don't hit Send and I get a
Disconnected message soon after.
If I use TLS it seems to work. If I hit Send immediately after Connect it
seems to work.

Anyone else seeing this?



On Tue, Mar 4, 2014 at 3:22 PM, Bob Mancarella  wrote:

> JSR356
>

Re: Websockets timing out

[Bob Mancarella]

JSR356

Re: Websockets timing out

[Mark Thomas]

On 04/03/2014 16:16, Bob Mancarella wrote:
> Tomcat 7.0.52 on Ubuntu 14.04
> 
> Websocket connection closes automatically after about 10 seconds. The
> browser creates the initial connection. OnOpen is called on the server.
> After 10 seconds OnClose is called and the connection is closed.
> I have tried changing connectionTimeout="-1" on Connector.
> Also tried session.setMaxIdleTimeout(-1); Neither has any effect.
> 
> On my Windows 7 dev machine the connection stays up until told to close.
> Also when I used apt-get to install Tomcat these files were missing...
> tomcat7-wobsocket.jar and websocket-api.jar. I copied them into
> /usr/share/tomcat7/lib which seemed to work.

Which WebSocket implementation are you trying to use? The JSR356 one or
the deprecated Tomcat proprietary one?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Websockets timing out

[Bob Mancarella]

Thats the strange thing. The code isnt doing anything. It connects,
receives the onopen message and then the onclose with the 1006 return code
within a few seconds.



On Tue, Mar 4, 2014 at 3:04 PM, Bob Mancarella  wrote:

> More info.
> This is the return code to the browser
>  1006CLOSE_ABNORMAL *Reserved.* Used to indicate that a connection was
> closed abnormally (that is, with no close frame being sent) when a status
> code is expected.
>
>
> On Tue, Mar 4, 2014 at 2:41 PM, Bob Mancarella  wrote:
>
>> sorry, target is actually
>>
>> target = 'ws://' + window.location.host + '/inlook/websocket/
>> echoAnnotation ';
>>
>>
>

Re: Can I use jmx to see jdbc pool variables/properties in Tomcat 6?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Charles,

On 3/4/14, 2:56 PM, Charles Richard wrote:
> On Tue, Mar 4, 2014 at 3:17 PM, Christopher Schultz < 
> ch...@christopherschultz.net> wrote:
> 
> Charles,
> 
> On 3/4/14, 2:10 PM, Charles Richard wrote:
 The tomcat version is 6.0.30.
> 
> You should look at the changelog and security reports. I think
> you're going to want to upgrade.
> 
> 
>> That  is something that would be the next priority after
>> understanding our connection pooling issues. If upgrading Tomcat
>> would help with this as well, we would definitely try to
>> fasttrack it. We usually try to change one thing at a time on our
>> production environment.

A very good policy. No, I don't think this will help you with your
DataSource stuff. But you will want to get this into testing ASAP.
Honestly, you should probably be looking at Tomcat 7 or even Tomcat 8
for getting into your development and/or testing environments.

 Can we still use Hibernate in our Spring application if we 
 configure the Data Source through a context.xml?
> 
> Yup. You just need to tell Hibernate that you already have a 
> DataSource. I'm not exactly sure how to do that, but I'm confident
> it can be done. You posted only the DataSource configuration itself
> and it didn't have a name (other than the "id"). You'll need to
> figure out how to get Hibernate to use an existing (external)
> DataSource rather than configuring it yourself as you have done.
> 
>> I'm really not sure how that could be done either but hopefully
>> the developers here could help me with this.

They should be able to do that.

 We are not using a context.xml right now, can I use the 
 context.xml in $TOMCAT_HOME/conf?
> 
> No! That's the system-wide defaults for all web applications
> deployed to the container. You want META-INF/context.xml within
> your WAR file (or exploded WAR-dir).
> 
 Our server.xml, the config is as follows:
 
 >>> unpackWARs="true" autoDeploy="true"> >>> docBase="" reloadable="true" />
> 
> You should not have a  element at all in your server.xml. 
> It's a wonder that your application even works with a path of ""
> and a docBase of "". I'll bet you have a WEB-INF directory directly
> in your webapps/ directory, right?
> 
> 
> 
> 
> We've got a WEB-INF folder in our appBase folder reference 
> (/ourpath/WEB-INF).
> 
> 
> 
> Sounds like you've got a mess on your hands.
> 
> 
>> I guess.
> 
> 
> Move that  into META-INF/context.xml, remove the
> "docBase" and "path" attributes, and then add a  as a
> child to configure your DataSource. You'll also need to move your
> JDBC driver from WEB-INF/lib into Tomcat's lib/ directory.
> 
> 
>> In our /ourpath/META-INF, there is no context.xml, just a
>> MANIFEST.MF file. I can create one if that's what I'm supposed to
>> do.

Yep, just create a new one.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFjIbAAoJEBzwKT+lPKRYwQQQAKPQcw5OxRC5QrTAkUJc+Ufa
AACDkSG//El3gDjh/WG1Yg+KfcNObZzqiZF4K7YI1AMWy/pHVohGJs/+r0LaAV3I
klhm+d/Js/WSOyMwhA5fCul6fTGtGuYqA5gFGds1MkMlKruAKrnwWP3kthY+b1do
HboVX8yKrS+2Z9AsukD0fYXBkiexOopSa0PuZj3ILrFHYgVRNS7hAbqa7zzrbcgZ
T3xe8SyEStMA3txrhbD3BRxYFbigPe82LDjNcbu2ayRFI5YrMjMpob5BQOvPIi5x
MoQOKsRN2AzD6LO7+mQy8m8XqIgKvIQHG+hMSuVoc1xA3a7q30LQgayHPCecUoub
BIhiSnS5loaLR/tAwnO5HTNLJhsLF2seoA5qnK5gh/KChkk4wHrTxksTfC7nP35E
d20WQn5N9UnnDMkh8WZRGXPhaZa+Rxt8uz3gZiUXX+yjS2i672A/i2Rorr8g0YKM
mztF6rDqn/DDTkT+QusA+uJGrMLMwwKDeL5DCiJbWmUwE+r+BUGU7JZtu4oP1W/5
mONSMxC68AyujvJmgWImElMQhaWqfvZyrLU3mphLvJVCm0VLlQd3LqQaArpP+DTG
6jdYFAWcWpD25E2mViDJ04w2RKO4D9Z8VrwEwpGGO8Nj8TjpbW0nhJF96J6DR1eK
g1jKPjempIalNA57JCDP
=4uS/
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Websockets timing out

[Bob Mancarella]

More info.
This is the return code to the browser
1006CLOSE_ABNORMAL*Reserved.* Used to indicate that a connection was closed
abnormally (that is, with no close frame being sent) when a status code is
expected.


On Tue, Mar 4, 2014 at 2:41 PM, Bob Mancarella  wrote:

> sorry, target is actually
>
> target = 'ws://' + window.location.host + '/inlook/websocket/
> echoAnnotation ';
>
>

Re: Websockets timing out

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Bob,

On 3/4/14, 2:39 PM, Bob Mancarella wrote:
> Just using the EchoAnnotation code
> 
> ///
>
> 
// client code
> ///
>
> 
if (window.location.protocol == 'http:')
> { // target = 'ws://' + window.location.host + '../websocket/ 
> connect.ws'; target = 'ws://' + window.location.host +
> '/inlook/websocket/ connect.ws'; } else { target = 'wss://' +
> window.location.host + '../websocket/ connect.ws'; } if
> ('WebSocket' in window) { ws = new WebSocket(target); } else if
> ('MozWebSocket' in window) { ws = new MozWebSocket(target); } else 
> { alert('WebSocket is not supported by this browser.'); return; } 
> ws.onopen = function () { console.log('onopen'); }; ws.onmessage =
> function (event) { console.log('onmessage start'); }; ws.onclose =
> function () { console.log('onclose'); };
> 
> ///
>
> 
// server code
> ///
>
> 
@ServerEndpoint("/websocket/echoAnnotation")
> public class EchoMessage { @OnOpen public void onOpen(Session
> session) { System.out.println("New connection with client"); }
> 
> @OnMessage public void echoMessage(Session session, String msg) { 
> System.out.println("echoTextMessage: " + msg); }
> 
> @OnClose public void onClose(Session session) { 
> System.out.println("Close connection for client"); }
> 
> @OnError public void onError(Throwable exception, Session session) 
> { System.out.println("Error for client"); }
> 
> }

So both your client and server code do absolutely nothing. Where are
you actually sending a message? What events do you see occurring?

You are providing very little information, here.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFjGQAAoJEBzwKT+lPKRYrxAQAMeqEASzf5kjKeb8mA/G6PoC
4ZSlKEdzvHjZ6WogB2+zDsTrAB2qz7wkruCa+Vfwa1dEmbR+PgV96/PtfkrYyWrY
FR0Hq+sf2+tVHcAUiQEbo/g33UTVj4dGVJCcJkeinnsBIwHueH+nlielyYS1FGt1
BqFJ7AuC6GxrgDHrAm+fh+5wJGWPO2WxtMSRjEO4M0H/S7FCr+UqPlqrBpBwTKlc
UEuBCMfqzhdbRLpQciI7ZAaLN+8Wak4NyNp2e6+wr1WIRO9l3hlu8OYQYLTOCmm2
DfNG3oGWx3l9FZvnSq6GvJ96pw74G2TLSCaj9cGZL/BkCsWDTQvONVn/tmwKAuMh
FumyuqPhlVdnMLZBcd0MxCNbuY8MdY5G8Cda3KJtBsLtkwGUeifQVRrmKKOUJ9OS
79oSW2zmLs110XfTXgjYeGs4YMg7+WxNAHJzQmKuRcyKk3/9d2onv+4p9dwrmMy+
x1m8yR1YnPtkR2dI2BSZfdnPttWOsCLshmx2f1AaFA5VJ9XFC4Nb3bJxbSTBx52f
dap6urFuggIa9RKsHL3MDmL91U4gnuyTAbkAhapdpxTinQjpng+lBv07DGhCGIFc
/8B3zOrdgjB1VNJJmZPswdOLpdQpmVkHN3Gj5unT2lSzjv3Y6j+vxX0NbWkUU2Bj
TnakA5hZfnXWTnAaZ2Jx
=+Pb5
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: secure reverse proxy to my tomcat server HELP NEEDED

[Jeff Haferman]

Christopher Schultz wrote:
>
> Jeff,
>
> On 3/3/14, 6:25 PM, Jeff Haferman wrote:
>> What actually happens is that, just for https://my.webserver.com/,
>> I get served the pages that are at the apache root, *not* what is
>> being served by tomcat at port 8443.
>
> Ok. Let's take a look at your original configuration you posted:
>
>> 
>> 
>> ServerName my.webserver.com ProxyPass /
>> http://my.webserver.com:8080/ ProxyPassReverse /app
>> http://localhost:8080/
>> 
>> 
>> 
>> 
>> 
>> SSLEngine on SSLProxyEngine on SSLCertificateFile
>> /path/to/server.crt SSLCertificateKeyFile /path/to/server.key 
>> ServerName my.webserver.com ProxyPass /
>> http://my.webserver.com:8443/ ProxyPassReverse /app
>> http://localhost:8443/
>> 
>> 
>
> You also had  elements outside of the above. Those are
> configured differently than the ProxyPass/ProxyPassReverse you have
> above. What were those  elements supposed to do?
>
> Also, you are likely confusing yourself id you are using ProxyPass and
> ProxyPassReverse with different URL prefixes (/ vs /app). Why are you
> doing that?

Chris -
This came up in a previous response, when I edited my domain name in my 
posting, I actually fat-fingered a couple of things... the config looks like

Listen 80
ProxyRequests Off
ProxyPreserveHost on


ServerName my.webserver.com
ProxyPass / http://my.webserver.com:8080/
ProxyPassReverse / http://localhost:8080/
  

http://my.webserver.com:8080/>
AllowOverride None
Order Deny,Allow
Allow from all


Listen 443


SSLEngine on
SSLProxyEngine on
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
ServerName my.webserver.com
ProxyPass / https://my.webserver.com:8443/
ProxyPassReverse / https://localhost:8443/


https://my.webserver.com:8443/>
AllowOverride None
Order Deny,Allow
Allow from all


>
>> I do get the tomcat pages if I explicitly add the port, i.e.
>> https://my.webserver.com:8443/ So, the reverse proxy seems to be
>> broken for https only.
>
> Sounds plausible.
>
>> The reverse proxy works fine for http, i.e.
>> http://my.webserver.com/ gets the tomcat pages served at
>> http://my.webserver.com:8080/
>
> You don't have multiple interfaces (IP addresses) on this machine, do you?
>

No, I do not.

> - -chris

Jeff


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Can I use jmx to see jdbc pool variables/properties in Tomcat 6?

[Charles Richard]

On Tue, Mar 4, 2014 at 3:17 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Charles,
>
> On 3/4/14, 2:10 PM, Charles Richard wrote:
> > The tomcat version is 6.0.30.
>
> You should look at the changelog and security reports. I think you're
> going to want to upgrade.
>

That  is something that would be the next priority after understanding our
connection pooling issues. If upgrading Tomcat would help with this as
well, we would definitely try to fasttrack it. We usually try to change one
thing at a time on our production environment.

>
>
> Can we still use Hibernate in our Spring application if we
> > configure the Data Source through a context.xml?
>
> Yup. You just need to tell Hibernate that you already have a
> DataSource. I'm not exactly sure how to do that, but I'm confident it
> can be done. You posted only the DataSource configuration itself and
> it didn't have a name (other than the "id"). You'll need to figure out
> how to get Hibernate to use an existing (external) DataSource rather
> than configuring it yourself as you have done.
>
> I'm really not sure how that could be done either but hopefully the
developers here could help me with this.


> > We are not using a context.xml right now, can I use the
> > context.xml in $TOMCAT_HOME/conf?
>
> No! That's the system-wide defaults for all web applications deployed
> to the container. You want META-INF/context.xml within your WAR file
> (or exploded WAR-dir).
>
> > Our server.xml, the config is as follows:
> >
> >  > autoDeploy="true">  > />
>
> You should not have a  element at all in your server.xml.
> It's a wonder that your application even works with a path of "" and a
> docBase of "". I'll bet you have a WEB-INF directory directly in your
> webapps/ directory, right?
>



> We've got a WEB-INF folder in our appBase folder reference
> (/ourpath/WEB-INF).
>


> Sounds like you've got a mess on your hands.
>

I guess.

>
> Move that  into META-INF/context.xml, remove the "docBase"
> and "path" attributes, and then add a  as a child to
> configure your DataSource. You'll also need to move your JDBC driver
> from WEB-INF/lib into Tomcat's lib/ directory.
>

 In our /ourpath/META-INF, there is no context.xml, just a MANIFEST.MF
file. I can create one if that's what I'm supposed to do.

Thanks for the help and my apologies for not replying inline on the first
reply!


> - -chris
>

Cheers,
Charles


> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTFibgAAoJEBzwKT+lPKRYyzQP/RNazj5VESUpXcPqblaGV0Yt
> PD7s3BmTNkYhrkKk2MMCIvLThySKtVUsKxEH6UfsCpKoJCUUR8mfmLCd+edTwIFK
> EEm/4XfaxNcY4wh0OcVPKO7onVaJJ012rFkh74s8sGfThr9+wiyiBc43+vs9YwJ7
> LpRBLxNuQp2d8HpMAqc87k1AS6A/nYdL8rCfOBQxDZ9c3/8e957P0+5Lf86u/ePj
> 1ckPrh/LUX3fy+JDaNOyGK2+9jg2E5g+QsZt/x4Wd6p30UnPdYDHd9pxibmyxOhb
> Guj5Y8ZW5+4OfQ5l2oGGYzyawIiM5HXgdB6FoRZGOG3SvEwWtI+uUBOGRR8oAGTY
> Bjm5/I0Y6gC9m2g24nAo5VSJu4cMvj7icsT557xGcIMIQyoAFaLziG8IyVzTlTjV
> IlCijFxfMFzv/imMMQFcKbLSD6LfyRqQtxPbK+K0CKYGkZnsVasL+24RDr5L61SK
> of/2WSR4rMnd+wcMR9LZJXJhR3X8I8MSdCk1535WssG3kjvQWqD7nHYCjRcWrdXs
> pXMZaoNFcoby+fkl1omqF9XLUC3Bi4sslJPopnef+pvyzroY/jxznJqas8HnMWyK
> RtIrDsWF+aU5k5o+y1SikOl4pZgQ/abwD4r0eGiSqD0vdnHpiX4MOg3UL1so+yQ5
> we5YkJL9UklDrYT7mARZ
> =6gLB
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Websockets timing out

[Bob Mancarella]

sorry, target is actually

target = 'ws://' + window.location.host +
'/inlook/websocket/echoAnnotation
';

Re: Websockets timing out

[Bob Mancarella]

Just using the EchoAnnotation code

///
// client code
///
if (window.location.protocol == 'http:')
{
// target = 'ws://' + window.location.host + '../websocket/
connect.ws';
target = 'ws://' + window.location.host + '/inlook/websocket/
connect.ws';
}
else
{
target = 'wss://' + window.location.host + '../websocket/
connect.ws';
}
if ('WebSocket' in window)
{
ws = new WebSocket(target);
}
else if ('MozWebSocket' in window)
{
ws = new MozWebSocket(target);
}
else
{
alert('WebSocket is not supported by this browser.');
return;
}
ws.onopen = function ()
{
console.log('onopen');
};
ws.onmessage = function (event)
{
console.log('onmessage start');
};
ws.onclose = function ()
{
console.log('onclose');
};

///
// server code
///
@ServerEndpoint("/websocket/echoAnnotation")
public class EchoMessage
{
@OnOpen
public void onOpen(Session session)
{
System.out.println("New connection with client");
}

@OnMessage
public void echoMessage(Session session, String msg)
{
System.out.println("echoTextMessage: " + msg);
}

@OnClose
public void onClose(Session session)
{
System.out.println("Close connection for client");
}

@OnError
public void onError(Throwable exception, Session session)
{
System.out.println("Error for client");
}

}


On Tue, Mar 4, 2014 at 2:29 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Bob,
>
> On 3/4/14, 11:16 AM, Bob Mancarella wrote:
> > Tomcat 7.0.52 on Ubuntu 14.04
> >
> > Websocket connection closes automatically after about 10 seconds.
> > The browser creates the initial connection. OnOpen is called on the
> > server. After 10 seconds OnClose is called and the connection is
> > closed. I have tried changing connectionTimeout="-1" on Connector.
> > Also tried session.setMaxIdleTimeout(-1); Neither has any effect.
>
> HttpSession has no impact on Websocket. Neither does
> connectionTimeout... that's all about HTTP connections, etc. Once you
> are in Websocket land, everything changes.
>
> Can you post some sample code -- like what your client and server code
> look like?
>
> > On my Windows 7 dev machine the connection stays up until told to
> > close. Also when I used apt-get to install Tomcat these files were
> > missing... tomcat7-wobsocket.jar and websocket-api.jar. I copied
> > them into /usr/share/tomcat7/lib which seemed to work.
>
> Please post your  configuration. Are you using APR at all?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTFimqAAoJEBzwKT+lPKRYnhAP/22raw7aVia8fEF9Sg9xANVV
> 0mYm/DoZWAY+xwN6TtHwiCHHXD1H0mfNXNpvcwBjVCheBPOdrrGAoJ+dg/w5BBey
> 98MaJ3aeyZ/J17wDW6ya3BgVomWkWOjDyqOtuMbOM8dZiCcOEwr/tqgQCnT5ClUH
> eqKPnZ4uRC5dx6+bpDkX2IzMZxKzPgdXV5b2n/k6ruGzarLbFCXtzyC4Jgi9wl1I
> 8a/1RwAAQSpRawEVjkHMhlzGUpHjRm/8m4HwZiVlRp6xWDn082Ag0DlcJODo5SH/
> ACOk0dH3oG/1QyRUxUWtlqMB5Be/34V8iomyo2GZAD3EvXurl8dpyc4FspU144sK
> m3hNwyYRtwbYjVplvbsCYAnVzLzY/I3FMt1Q0GFQLbs9pmY66RVVIelT/v5Dzd8s
> RS8Z0aZV6jSQIuYEfPzSmm///0TKVVKarGGpMeHzrw4wsRvkFnTCy2SvOundjqAa
> WzwCUCbFCjMPpp/mTVmU8xFFr1dkmsg1qsWz/mrk0ZK/f4ZSXP0eIK88gdi7NvXX
> lUJsntlEAmOzhBYP19G6qgicN4EQQa9qj7FWyzJg+dw7r/tWHBVp8zxCaGilv7He
> Ca2DacMamtq/fjyz5eyL9DNBZ6aEy4kk0xUWDATQAH0HdYD+/qg7iMs8gw9ASEfR
> Nt2GNqjUlcRBwLTML7bD
> =4vu+
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Shutdown port on Windows Service installation

[David kerber]

On 3/4/2014 2:08 PM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

David,

On 3/4/14, 10:47 AM, David kerber wrote:

On 3/4/2014 10:34 AM, André Warnier wrote:

David kerber wrote:


...


That's what I was hoping Mark, Chuck or one of the other
committers could answer definitively.


If you use "-1" as the shutdown port, it will be entirely disabled.
Come on, guys.. that's right in the documentation ;)


I think I knew that somewhere in the back of my head.  My original 
question was whether or not it was safe to do so in a Windows service 
installation, or if the service shutdown might use it.  That has been 
answered.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Websockets timing out

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Bob,

On 3/4/14, 11:16 AM, Bob Mancarella wrote:
> Tomcat 7.0.52 on Ubuntu 14.04
> 
> Websocket connection closes automatically after about 10 seconds.
> The browser creates the initial connection. OnOpen is called on the
> server. After 10 seconds OnClose is called and the connection is
> closed. I have tried changing connectionTimeout="-1" on Connector. 
> Also tried session.setMaxIdleTimeout(-1); Neither has any effect.

HttpSession has no impact on Websocket. Neither does
connectionTimeout... that's all about HTTP connections, etc. Once you
are in Websocket land, everything changes.

Can you post some sample code -- like what your client and server code
look like?

> On my Windows 7 dev machine the connection stays up until told to
> close. Also when I used apt-get to install Tomcat these files were
> missing... tomcat7-wobsocket.jar and websocket-api.jar. I copied
> them into /usr/share/tomcat7/lib which seemed to work.

Please post your  configuration. Are you using APR at all?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFimqAAoJEBzwKT+lPKRYnhAP/22raw7aVia8fEF9Sg9xANVV
0mYm/DoZWAY+xwN6TtHwiCHHXD1H0mfNXNpvcwBjVCheBPOdrrGAoJ+dg/w5BBey
98MaJ3aeyZ/J17wDW6ya3BgVomWkWOjDyqOtuMbOM8dZiCcOEwr/tqgQCnT5ClUH
eqKPnZ4uRC5dx6+bpDkX2IzMZxKzPgdXV5b2n/k6ruGzarLbFCXtzyC4Jgi9wl1I
8a/1RwAAQSpRawEVjkHMhlzGUpHjRm/8m4HwZiVlRp6xWDn082Ag0DlcJODo5SH/
ACOk0dH3oG/1QyRUxUWtlqMB5Be/34V8iomyo2GZAD3EvXurl8dpyc4FspU144sK
m3hNwyYRtwbYjVplvbsCYAnVzLzY/I3FMt1Q0GFQLbs9pmY66RVVIelT/v5Dzd8s
RS8Z0aZV6jSQIuYEfPzSmm///0TKVVKarGGpMeHzrw4wsRvkFnTCy2SvOundjqAa
WzwCUCbFCjMPpp/mTVmU8xFFr1dkmsg1qsWz/mrk0ZK/f4ZSXP0eIK88gdi7NvXX
lUJsntlEAmOzhBYP19G6qgicN4EQQa9qj7FWyzJg+dw7r/tWHBVp8zxCaGilv7He
Ca2DacMamtq/fjyz5eyL9DNBZ6aEy4kk0xUWDATQAH0HdYD+/qg7iMs8gw9ASEfR
Nt2GNqjUlcRBwLTML7bD
=4vu+
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: secure reverse proxy to my tomcat server HELP NEEDED

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jeff,

On 3/3/14, 6:25 PM, Jeff Haferman wrote:
> What actually happens is that, just for https://my.webserver.com/,
> I get served the pages that are at the apache root, *not* what is
> being served by tomcat at port 8443.

Ok. Let's take a look at your original configuration you posted:

> 
> 
> ServerName my.webserver.com ProxyPass /
> http://my.webserver.com:8080/ ProxyPassReverse /app
> http://localhost:8080/
> 
> 
> 
> 
> 
> SSLEngine on SSLProxyEngine on SSLCertificateFile
> /path/to/server.crt SSLCertificateKeyFile /path/to/server.key 
> ServerName my.webserver.com ProxyPass /
> http://my.webserver.com:8443/ ProxyPassReverse /app
> http://localhost:8443/
> 
> 

You also had  elements outside of the above. Those are
configured differently than the ProxyPass/ProxyPassReverse you have
above. What were those  elements supposed to do?

Also, you are likely confusing yourself id you are using ProxyPass and
ProxyPassReverse with different URL prefixes (/ vs /app). Why are you
doing that?

> I do get the tomcat pages if I explicitly add the port, i.e.
> https://my.webserver.com:8443/ So, the reverse proxy seems to be
> broken for https only.

Sounds plausible.

> The reverse proxy works fine for http, i.e.
> http://my.webserver.com/ gets the tomcat pages served at
> http://my.webserver.com:8080/

You don't have multiple interfaces (IP addresses) on this machine, do you?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFikFAAoJEBzwKT+lPKRYUP8P/2PV9XctTcAKp8p0ISguxoey
NmvD9vhhv7f9tBMhWCCe95gTp5NWIFGV5O7vc0F0ooUPzScuu2SsVurz0CO2J5RG
kld4tt3E8kJ+d68UvpiqL3UGBjxgShMjKUSgh6dW1UgKV3WYk56unWm7HDDEjS0E
zjuGwa0u9agncP6Ipyv8sxwZDflyYdAv0qmlZ0f3YUAR+vCCKN5Byn/4BqvFFfUa
2iMhJLQeVb9if7AHc7J97hNpZf1djNO4WgFYfrXshKaASz+YwGig29Yy2qqMcZPB
v9YRBqpZdObshTJuQGnb2NrDNMuoBfpIrUrRETlNLh2odvNjUhUKlrTpgF/JOI9H
eBw1PE/ymHyTZSltgvAMsuQoykJcbbm05xKuWIGVWcq81iqsKfBoEVgxufIMLrXs
C+MP2xDbidU24tGI3n/ZONwEV152no9CUKI3N7avDgkRb20AGh6+85zRYGyCMWcJ
PFMJl8djBVwsddlGYTcBuhyUZxVaYheQr0wVxfkn4syG70YtyO/lUMy5zSb3NJtg
CmrsCHMGnX83ApW0HivGi6REvn7gdZ6vn3YWYQd2IxhbuTUOtRrNgG4gIjAK0dRE
M2ahASYv2AYa3u00PW/918lbubXn34waHI3yOYi2wz+UzWW12wqjkku3DazzwmcB
x5/3VgLt7ha2rd0Sybn5
=eEVb
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Bill,

On 3/4/14, 2:14 PM, Bill Davidson wrote:
> On 3/4/2014 11:01 AM, Christopher Schultz wrote:
>> On 3/4/14, 1:26 PM, Bill Davidson wrote:
>>> I realized that I forgot a lot of info:
>>> 
>>> Tomcat 7.0.47 on RHEL 5.10 Apache httpd 2.2.25
>>> 
>>> It worked fine with Tomcat 6.0.37
>>> 
>>> The applet is bit-for-bit identical.  It's built with Java 1.1 
>>> compatibility mode.
>>> 
>>> It's some sort of combination of the load balancer and Tomcat 7
>>> not getting along with each other, but there's nothing to
>>> indicate that in catalina.out or mod_jk.log or error.log.
>> So you have client (applet) -> Cisco LB -> Tomcat? Or, are there
>> other components in the mix? Does Cisco LB speak AJP13?
> 
> See above.  I have Apache httpd 2.2.25 in there.  It's the same
> httpd I was using with Tomcat 6.
> 
>> 
>> What component is handling the SSL handshake on the server side?
> 
> Apache httpd.
> 
>> Just to clarify, the applet works when connecting /directly/ to
>> Tomcat - -- without the load-balancer in between? How can the
>> client (applet) connect directly to Tomcat if you only have an
>> AJP connector?
> 
> I don't think it can connect directly to Tomcat.  Only have the
> AJP connector and it's only enabled on the loopback, which the load
> balancer has no access to.
> 
> Only httpd can talk to Tomcat; by design.

Aah, sorry, I had missed that. So, the only change was Tomcat? No
upgrade to mod_jk or anything like that? OpenSSL upgrade? Upgraded
Java on the client? Everything else *absolutely* the same?

If you aren't using SSL at all in Tomcat, then Tomcat isn't likely to
be the problem, here.

Can other command-line tools connect -- take the applet out of the
picture? Try something like curl, wget, or even OpenSSL's s_client
tool. s_client will give you lots of good information about the SSL
connection state, too.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFifwAAoJEBzwKT+lPKRY2CYP/RmfLmBtQfQfWkwYq/bmdhEy
wW4/JqcP+q6tJHHWwZy5Ns6q88ojMzOaTHUEAVDf2at//GAYqhDo9zhfd/sVrdlj
2fdI7Bwo+m6YuvuM4MsBKCorhQtfwlLhYziUFFOthR4tbM/J1KQA7Xi0Zst6O0B+
gmfSEv4+boa6UvUATUg5qNFI5CWUQ7HM9Zft9uNbQRwm8sAOLXbojRc2SCX8ZOK4
vJnSc+mULrJflK9B/+IN4EqbK0sDwSkflBCr8SIqYIhT+k2zcAXrJn3wx9ft3Vru
xK5U/9tut6/WZ+VO+z1ND36kO9+/jwvQCMNZWGT+0oPKe2qBvI0PRn1V47TE+8sG
6ZjY1MZjsGFBoCH0ujWORP0Hwv3Cw/yf4YLznipfgl326+15uqGNnbNXqPU/cQU7
7+1UE1S5gnmOHv8rf+yz+CoIChP3Acyyv402GcyOcxB4LKWfk8RWhkITC1ihS0v4
C90cwPf0awEKcAMv0371QSXX/KNbg3NAmssP44e/8CUQopTfnfQ6Z6N9jQbxf/8h
eW/TTY7lh81mrpypzYoShIkbktzPYMLkAzNBqP/I29XwJxG+unf93pTXiCrjrJCq
ZLemxOij6N3Ffzkx0xbYJlpL9cMugenV0cCrYi81AkDpsN6uVjaw8840hVRTzvcq
W/KSNdTJJLmqT1G8o+DY
=RYpm
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Can I use jmx to see jdbc pool variables/properties in Tomcat 6?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Charles,

On 3/4/14, 2:10 PM, Charles Richard wrote:
> The tomcat version is 6.0.30.

You should look at the changelog and security reports. I think you're
going to want to upgrade.

> Can we still use Hibernate in our Spring application if we
> configure the Data Source through a context.xml?

Yup. You just need to tell Hibernate that you already have a
DataSource. I'm not exactly sure how to do that, but I'm confident it
can be done. You posted only the DataSource configuration itself and
it didn't have a name (other than the "id"). You'll need to figure out
how to get Hibernate to use an existing (external) DataSource rather
than configuring it yourself as you have done.

> We are not using a context.xml right now, can I use the
> context.xml in $TOMCAT_HOME/conf?

No! That's the system-wide defaults for all web applications deployed
to the container. You want META-INF/context.xml within your WAR file
(or exploded WAR-dir).

> Our server.xml, the config is as follows:
> 
>  autoDeploy="true">  />

You should not have a  element at all in your server.xml.
It's a wonder that your application even works with a path of "" and a
docBase of "". I'll bet you have a WEB-INF directory directly in your
webapps/ directory, right?

Sounds like you've got a mess on your hands.

Move that  into META-INF/context.xml, remove the "docBase"
and "path" attributes, and then add a  as a child to
configure your DataSource. You'll also need to move your JDBC driver
from WEB-INF/lib into Tomcat's lib/ directory.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFibgAAoJEBzwKT+lPKRYyzQP/RNazj5VESUpXcPqblaGV0Yt
PD7s3BmTNkYhrkKk2MMCIvLThySKtVUsKxEH6UfsCpKoJCUUR8mfmLCd+edTwIFK
EEm/4XfaxNcY4wh0OcVPKO7onVaJJ012rFkh74s8sGfThr9+wiyiBc43+vs9YwJ7
LpRBLxNuQp2d8HpMAqc87k1AS6A/nYdL8rCfOBQxDZ9c3/8e957P0+5Lf86u/ePj
1ckPrh/LUX3fy+JDaNOyGK2+9jg2E5g+QsZt/x4Wd6p30UnPdYDHd9pxibmyxOhb
Guj5Y8ZW5+4OfQ5l2oGGYzyawIiM5HXgdB6FoRZGOG3SvEwWtI+uUBOGRR8oAGTY
Bjm5/I0Y6gC9m2g24nAo5VSJu4cMvj7icsT557xGcIMIQyoAFaLziG8IyVzTlTjV
IlCijFxfMFzv/imMMQFcKbLSD6LfyRqQtxPbK+K0CKYGkZnsVasL+24RDr5L61SK
of/2WSR4rMnd+wcMR9LZJXJhR3X8I8MSdCk1535WssG3kjvQWqD7nHYCjRcWrdXs
pXMZaoNFcoby+fkl1omqF9XLUC3Bi4sslJPopnef+pvyzroY/jxznJqas8HnMWyK
RtIrDsWF+aU5k5o+y1SikOl4pZgQ/abwD4r0eGiSqD0vdnHpiX4MOg3UL1so+yQ5
we5YkJL9UklDrYT7mARZ
=6gLB
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet

[Bill Davidson]

On 3/4/2014 11:01 AM, Christopher Schultz wrote:

On 3/4/14, 1:26 PM, Bill Davidson wrote:

I realized that I forgot a lot of info:

Tomcat 7.0.47 on RHEL 5.10 Apache httpd 2.2.25

It worked fine with Tomcat 6.0.37

The applet is bit-for-bit identical.  It's built with Java 1.1
compatibility mode.

It's some sort of combination of the load balancer and Tomcat 7 not
getting along with each other, but there's nothing to indicate that
in catalina.out or mod_jk.log or error.log.

So you have client (applet) -> Cisco LB -> Tomcat? Or, are there other
components in the mix? Does Cisco LB speak AJP13?


See above.  I have Apache httpd 2.2.25 in there.  It's the same httpd
I was using with Tomcat 6.



What component is handling the SSL handshake on the server side?


Apache httpd.


Just to clarify, the applet works when connecting /directly/ to Tomcat
- -- without the load-balancer in between? How can the client (applet)
connect directly to Tomcat if you only have an AJP connector?


I don't think it can connect directly to Tomcat.  Only have the AJP connector 
and
it's only enabled on the loopback, which the load balancer has no access to.

Only httpd can talk to Tomcat; by design.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Can I use jmx to see jdbc pool variables/properties in Tomcat 6?

[Charles Richard]

The tomcat version is 6.0.30.

Can we still use Hibernate in our Spring application if we configure the
Data Source through a context.xml? We are not using a context.xml right
now, can I use the context.xml in $TOMCAT_HOME/conf?

Our server.xml, the config is as follows:




Thanks,
Charles



On Tue, Mar 4, 2014 at 2:57 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Charles,
>
> On 3/4/14, 1:03 PM, Charles Richard wrote:
> > Hi,
> >
> > I am testing the jdbc pool to replace the c3p0 pool we were using
> > for our Tomcat connection pool. We are also using Spring 2.0 and
> > Hibernate (and Tomcat 6).
> >
> > When I put this in my hibernate-context.xml, our application is
> > using the jdbc pool and appears to work:
> >
> >  > class="org.apache.tomcat.jdbc.pool.DataSource"
> > destroy-method="close">  > value="com.mysql.jdbc.Driver" />  > value="jdbc:mysql://${db.host}/${db.name}" />  > name="username" value="${db.user}" />  > value="${db.pwd}" /> 
> >   > name="removeAbandoned" value="true" />  > name="removeAbandonedTimeout" value="1800" />  > name="logAbandoned" value="true" />  > value="true" />  >
> value="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReportJmx(threshold=1)"
> >
> >
> />
> > 
> >
> > However, when using jmx locally, I don't see any beans that I can
> > use to monitor the connections used in the pool. I tried doing as
> > per this article:
> >
> >
> http://stackoverflow.com/questions/3865445/cant-see-jmx-entries-in-jconsole-when-using-tomcat-jdbc-connection-pool
> >
> >  This doesn't work for me.
> >
> > Any suggestions on what I'm missing here?
>
> Tomcat version? (be specific)
>
> If you are using Hibernate to create the DataSource, then it will not
> likely be registered with the JMX server. If you use a DataSource
>  configured in your webapp's context.xml, then all will be
> well and you should be able to discover your DataSource via JMX. Just
> tell Hibernate what the JNDI DataSource's name is and it should work fine.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTFiIXAAoJEBzwKT+lPKRYbyMQAMjNMVExzKobz/IiRDJGZq7Q
> uxik9/v05jmTUBuOU9eA3F/qCT/nFcObp+B9AsaUaI9FxuIQVJSV2lD6BjDSEoId
> Hzkf6d2uYMy+6bGS717T/4vbZn6x02CmeSHSlJjW11C5UJjYcn/GPjv35Jf8bXE4
> bnALGdMUhLxRGCCNTLgU5WycYNTaXB/5H4wZf4Q3rldMVB5oqQEQ+9j1tnroU1fC
> YN+/K9sEER8EYDYjX3c10Ag1PIh35akdeJQYTGO30dEXo2zLRF7Xy1tayOkhBHfZ
> e2bZsheUaTbcnC3W82kkLm+WbSZ7SKIP1GvP7GQBwisdQfEYs7XprYwYituhn0nQ
> 2lgWXe/f+e1HN7ySkLA9o/AL8szpU4SHUYHYeDaPn3VbkM6Wqx4lPuhIIChzHwiD
> 3h4Hin+cQl1JzuBvmp4pBE3cAY9sco0T6t9BTGf9U2xwjyhwQ94njyGdIRwksNKG
> OIC4BpmYXzHXdss5XXU/Ci7woX0iGdOTMXy5dLACo1TOjoHBsE/y3Xg1LsZygXfi
> 19zZ2XRsOwnGmgXZBbM+tkuWF7uMUK/ViVkHEwfgu7IQ5QK3OZuorMTVDAgowvzm
> 74AV6MS3e69/TWVsALtI4mcOjVBFtz4b5pFhJgjCqGrSacoj1tAqVxi4jCA/bD0/
> 1XVnQ/pn5O9wsmycn0y/
> =Fg28
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Shutdown port on Windows Service installation

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

David,

On 3/4/14, 10:47 AM, David kerber wrote:
> On 3/4/2014 10:34 AM, André Warnier wrote:
>> David kerber wrote:
>>> I am running several instances of TC 7 as services on a Windows
>>> Server 2008 R2.  Each instance has its own set of ports, and I
>>> have both the data port and shutdown ports configured in
>>> server.xml.  They are currently running only HTTP.
>>> 
>>> My questions:
>>> 
>>> 1.  Does the shutdown port serve any purpose on a windows
>>> service installation?  I thought I had read that it did not,
>>> but some searching didn't turn up a definitive answer.
>> 
>> I don't really know either, but just for the fun of it, let's
>> proceed by logical induction.
>> 
>> In a Windows Service scenario, the JVM that runs Tomcat, itself
>> runs under a "wrapper" (tomcatX.exe).  That wrapper is a generic
>> program for Java processes, and has no particular knowledge of
>> Tomcat.  But it is that wrapper which would get the Windows
>> message "Stop Service", and would have to forward this to the JVM
>> in some way, to ask the JVM itself to exit. The JVM has no
>> specific knowledge of Tomcat either, nor of its shutdown port and
>> what it is there for.  So if the JVM must stop Tomcat before 
>> stopping itself, it must be doing it via another way. My guess
>> would thus be that Tomcat inserts some "callback hook" in the 
>> JVM, so that it is notified when the JVM has been asked to stop
>> itself.
> 
> Shutdown hook, maybe?  I just used my first one yesterday in a
> cmd-line java app...
> 
> 
>> And when this callback is called by the JVM, Tomcat initiates its
>> own shutdown.  And when this callback returns, the JVM proceeds
>> to shut itself down (or Tomcat just does a system.exit()).  And
>> when that is done, the wrapper knows and can tell Windows that
>> the Service is shut down, and then exit itself.
> 
> That was my reasoning as well, but I'm not as well-versed in this
> stuff as I would like to be.
> 
> 
>> 
>> Conclusion : no, the Tomcat shutdown port is not used when
>> running as a Windows Service.
>> 
>> Now the question is : if you do not specify a shutdown port, does
>> Tomcat nevertheless set one up by default ?
> 
> That's what I was hoping Mark, Chuck or one of the other
> committers could answer definitively.

If you use "-1" as the shutdown port, it will be entirely disabled.
Come on, guys.. that's right in the documentation ;)

>>> 2.  I may need to start using HTTPS for my data transfer for at
>>> least one of the instances.  If that instance is going to allow
>>> only HTTPS (and not HTTP), can I just make the current HTTP
>>> port into HTTPS?
>> 
>> I cannot think of why not. You can comment out the HTTP
>> Connector, and just leave the HTTPS Connector (and change its
>> port).
> 
> That's what I thought.

There's nothing magical about port numbers: you can use them for
whatever you want. Most people expect HTTP to be available on 80 and
HTTPS to be available on 443. But if you have a reverse proxy
somewhere that uses those standard ports, you can use 1234 for HTTP
and 559 for HTTPS or whatever. Or 16234. Your choice.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFiTHAAoJEBzwKT+lPKRYA/YP/i6Gn01NPI2+hKp6Q81Cc/80
jC/mLqEtLKPsb8d2bo79JFx4iV3zX0JJNGzOToISZisHxAvg+iZmIb1WLeVN4bK/
x56UT21ZahXnQt3tcpgxuLDySxH7Kn9qM3MSpdJrkTki8ukZIbbkiOadM55ieekS
uMu30qc2ivEZ4Iodd1Yyxg7Y+uzebsXlWYlnr8eno4Ph/v1Cf8z+nZTGXdjWF7f8
xMO55s/W4n1vpNRzLAv8mk1lJ5ThZwMjuQg2GyBEJK4gaWzxyQ4QrbWsAx1juKt5
zcNI9DQJMJQGOXNLB6MdiD5kXOhgGOU1j1WTFcAm/+v83gNukQYQv/X5m5Cwp6VW
X8Vzgv4BTlCPAxsd1YgsXCUrFm696pU5zSA3wWyTkvzfxJpVBfOyesQ2P+5aV7kk
+jxShzcbaK6yXISwPr7PWyo9oSxLmMbnNpGZAXsAm7wOHQUZnNygNOFBsaxDQvs/
bgI8Dz/4a8duwTyb9hiNn3Xr/KPh5359nMX8sfKX7vm1IjkKuLDeFYbp1EB0jnw2
KOS54lGNxdMJ62q9hzdBoztPDJnjcOnovheudHMX3blYla6ouRAueb3QrLopF1NT
SJ0fC2rEhohmSO8yROcXdkv0PVTWljWrSUKCXJ5Cj0SGqhj9YlYCKnXQ/qjTy0CX
C6MtQ2ltCH7uZDMjl23b
=3gTs
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Configuring mod_jk with multiple Apache HTTPD Virtual Hosts

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Doug,

On 3/4/14, 11:51 AM, Doug Strick wrote:
> I went over the documentation multiple times and the light bulb
> finally went on after everyone's input.  Most of the mod_jk configs
> were built by the Coldfusion web server config tool so that's why
> it's so cluttered.  I made the configuration work by putting the
> below in httpd.conf:
> 
>  JkWorkersFile
> /apps/httpd/conf.d/modjk/workers.properties JkShmFile
> /weblogs/mod_jk.jk_shm 
> 
> Then I stripped out everything from the virtual host config besides
> the docroot and log configs like below which managed to start
> getting me responses.

Good.

> I also found there were major environment issues compounding my 
> experience because the F5 wasn't always sending traffic to this
> apache host which is why I was banging my head most of the time
> trying to figure out why I wasn't seeing anything in my logs.

Sounds fun. Anything that might be useful to folks searching the list
archives for help?

> Now that my apache config is good I need to figure out why
> coldfusion is returning a 302 for GET /.

GET / probably returns a 302 for /index.cfm, since you set the
DirectoryIndex to be index.cfm. What does the whole response look like?

>  JkMountFile
> /apps/httpd/conf.d/modjk/app1.uriworkermap.properties

The contents of this file might be useful, too.

> # Where to put jk logs JkLogFile /weblogs/mod_jk.app1.dev5.log #
> custom environment variables JkEnvVar REDIRECT_URL JkEnvVar
> REDIRECT_REMOTE_HOST JkEnvVar REDIRECT_PATH JkEnvVar
> REDIRECT_QUERY_STRING JkEnvVar REDIRECT_HTTP_ACCEPT JkEnvVar
> REDIRECT_HTTP_USER_AGENT JkEnvVar REDIRECT_REMOTE_ADDR JkEnvVar
> REDIRECT_SERVER_NAME JkEnvVar REDIRECT_SERVER_PORT JkEnvVar
> REDIRECT_SERVER_SOFTWARE

I'm not entirely sure you need all these JkEnvVar directives, but I
wouldn't remove them unless you are sure they are useless.

> # Where to put jk shared memory #JkShmFile
> /weblogs/app1.dev5.jk_shm # Set the jk log level
> [debug/error/info] JkLogLevel debug # Select the timestamp log
> format JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " JkOptions
> +ForwardDirectories

Are you sure you want to do that?

> AddHandler jakarta-servlet .cfm .cfml .cfc .cfr .cfswf

It's still odd to me that you are using an explicit map but then also
doing the AddHandler.

> DirectoryIndex index.cfm  Order allow,deny Deny
> from all  

- -chris

-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFiO2AAoJEBzwKT+lPKRYZ+cP/jQJNPR+fHixhbUy7Ct/2mkf
/pnqzOJ/+AUb0mu2N+7+c7sl3+hSd3+p7bi2GIEOMVa3jzXNvWctONPwsn2+A8/d
nijlO38E34AOj3RuDcIOYrAdz94TPncFkwQOT2Z4TOR1YRQrZe0rVJwRAD5To/xU
M+aYzeXJhTrSXLyZ9vurDkt7JYOO4rEKvQyTN0qbqfbNHuhrpruZDj2WPyuTr4xG
0Y08TmPW+e4Hp/M6zFsgo5LY3PZpNXtkNq6g34OINqGfF64FPO9Y6Ps5IVeozP6G
iWmFEtwD5HrZEmgbICZeaOwy+UjhzrpiUF7krSLp2igKlEcGiuMzSJlmY+MEvQ8f
JocGehFrY/VYdIYIdQKvkJtervlWUGTjFXZbeQSZgdArhCn7qpFHzI64nzR5y4KC
jyjOVCZ36+5LT1+41yNVnq1lTrUUHZ6ODGxJ5+AMaFPXgoOu/H2w1+4hx4f8Q4Bn
1eI8wpJ8IvLYyvaJ+Qmu5Sr+qhgPaFpru+Y38Eu2uH1cgKVz6Cya92sbXRY5yZ3U
ChGGhedSFLpt99raUc8Tk9c1+NbNPzTrs9MKn2QBnRkCZTNKaHp71xc9TA1oFvGg
YfEgBiazCBMxiEs864V4IcwWeqxqH0rS9vr62E5p6xkt7JSW7KvP55eT3m+bUEHa
jOdWslaH0H/syNMdfhsy
=mR2i
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Bill,

On 3/4/14, 1:26 PM, Bill Davidson wrote:
> On 3/4/2014 9:40 AM, Bill Davidson wrote:
>> We tried to upgrade a production server to Tomcat 7 yesterday and
>> it broke our printing applet that we use to control a printer in
>> its native printer language.
>> 
>> This seemed odd to us because it worked perfectly in testing.
>> When we go direct to our production servers (bypassing the Cisco
>> load balancer which is doing SSL for us), it also works fine in
>> production.
>> 
>> The only thing that's changed is using Tomcat 7.
>> 
>> We only have one connector in server.xml
>> 
>> > redirectPort="443" connectionTimeout="60" maxThreads="1000" 
>> maxPostSize="5242880" maxParameterCount="66000" />
>> 
> 
> I realized that I forgot a lot of info:
> 
> Tomcat 7.0.47 on RHEL 5.10 Apache httpd 2.2.25
> 
> It worked fine with Tomcat 6.0.37
> 
> The applet is bit-for-bit identical.  It's built with Java 1.1 
> compatibility mode.
> 
> It's some sort of combination of the load balancer and Tomcat 7 not
> getting along with each other, but there's nothing to indicate that
> in catalina.out or mod_jk.log or error.log.

So you have client (applet) -> Cisco LB -> Tomcat? Or, are there other
components in the mix? Does Cisco LB speak AJP13?

What component is handling the SSL handshake on the server side?

Just to clarify, the applet works when connecting /directly/ to Tomcat
- -- without the load-balancer in between? How can the client (applet)
connect directly to Tomcat if you only have an AJP connector?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFiLuAAoJEBzwKT+lPKRYZmkQAJupzPC7OcI3UA7xpESGq86z
60O1Usjcn/vdAotfB5GrpWQYaOPmjGuAvHS+LnNt2MkwrxA9UEaJjsTy2y1Fyszl
wQ1W4fzAcnAOnXu5QSjpkQYkQEEq/52LD00TwnlAgBOPGc3EtfnTGm0XAaqcLQA+
F4fFOmxRFHq3tppckL6BRjgeWk0NGIiznPzWl+p37JRm4XmDoQxg5J7lcTpzaZzn
jPVTXuKZRqfzl0fnXRZ4bJxqVEm/RNeus/xHWVsctPiAy0Mo5PZgVUOoLoFH0Z5f
3q3T2BpnvCvRwYi6c+SF6NeA1/wqluid3HqHO6I4SD/f/9PBjHoxOxWygQTXlnST
k3Ux/LfBWeAC//tY7a6b++cVc83v8EMFY4j1x5WHvVkXtFaLn5Pbwr2hfkGIpSqQ
X6j83Ab4MrjeRCBP3F7vllV9f7sr0trPGNATs7vLOBqP57FGFmEaW5ogKqEAtR/9
yLzuvBcj7jT12n1yHk1cbNPFFDKHifaXHmxt4qJOQLfI7AXIC6ISCdbtjv0XGIF6
ozqRsFDvB/D/xXp57nGrBbanN9qr+XooK+Wu97jVtvjvaW4UnPfRxQoCwrKxsNCS
Pz/swqhho6HUIMP/LQueWRGy9prOckqUmTQ+VjJE/BO/gC9FWh+co2f5aq2063Gl
kebB/efHZ0JhsG+b7UuO
=IEW4
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Can I use jmx to see jdbc pool variables/properties in Tomcat 6?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Charles,

On 3/4/14, 1:03 PM, Charles Richard wrote:
> Hi,
> 
> I am testing the jdbc pool to replace the c3p0 pool we were using
> for our Tomcat connection pool. We are also using Spring 2.0 and
> Hibernate (and Tomcat 6).
> 
> When I put this in my hibernate-context.xml, our application is
> using the jdbc pool and appears to work:
> 
>  class="org.apache.tomcat.jdbc.pool.DataSource" 
> destroy-method="close">  value="com.mysql.jdbc.Driver" />  value="jdbc:mysql://${db.host}/${db.name}" />  name="username" value="${db.user}" />  value="${db.pwd}" />  
>   name="removeAbandoned" value="true" />  name="removeAbandonedTimeout" value="1800" />  name="logAbandoned" value="true" />  value="true" />  value="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReportJmx(threshold=1)"
>
> 
/>
> 
> 
> However, when using jmx locally, I don't see any beans that I can
> use to monitor the connections used in the pool. I tried doing as
> per this article:
> 
> http://stackoverflow.com/questions/3865445/cant-see-jmx-entries-in-jconsole-when-using-tomcat-jdbc-connection-pool
>
>  This doesn't work for me.
> 
> Any suggestions on what I'm missing here?

Tomcat version? (be specific)

If you are using Hibernate to create the DataSource, then it will not
likely be registered with the JMX server. If you use a DataSource
 configured in your webapp's context.xml, then all will be
well and you should be able to discover your DataSource via JMX. Just
tell Hibernate what the JNDI DataSource's name is and it should work fine.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFiIXAAoJEBzwKT+lPKRYbyMQAMjNMVExzKobz/IiRDJGZq7Q
uxik9/v05jmTUBuOU9eA3F/qCT/nFcObp+B9AsaUaI9FxuIQVJSV2lD6BjDSEoId
Hzkf6d2uYMy+6bGS717T/4vbZn6x02CmeSHSlJjW11C5UJjYcn/GPjv35Jf8bXE4
bnALGdMUhLxRGCCNTLgU5WycYNTaXB/5H4wZf4Q3rldMVB5oqQEQ+9j1tnroU1fC
YN+/K9sEER8EYDYjX3c10Ag1PIh35akdeJQYTGO30dEXo2zLRF7Xy1tayOkhBHfZ
e2bZsheUaTbcnC3W82kkLm+WbSZ7SKIP1GvP7GQBwisdQfEYs7XprYwYituhn0nQ
2lgWXe/f+e1HN7ySkLA9o/AL8szpU4SHUYHYeDaPn3VbkM6Wqx4lPuhIIChzHwiD
3h4Hin+cQl1JzuBvmp4pBE3cAY9sco0T6t9BTGf9U2xwjyhwQ94njyGdIRwksNKG
OIC4BpmYXzHXdss5XXU/Ci7woX0iGdOTMXy5dLACo1TOjoHBsE/y3Xg1LsZygXfi
19zZ2XRsOwnGmgXZBbM+tkuWF7uMUK/ViVkHEwfgu7IQ5QK3OZuorMTVDAgowvzm
74AV6MS3e69/TWVsALtI4mcOjVBFtz4b5pFhJgjCqGrSacoj1tAqVxi4jCA/bD0/
1XVnQ/pn5O9wsmycn0y/
=Fg28
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Websockets timing out

[Bob Mancarella]

Besides what I mentioned where would i find that?


On Tue, Mar 4, 2014 at 1:54 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Bob,
>
> On 3/4/14, 1:15 PM, Bob Mancarella wrote:
> > Ubuntu 13.04 and Tomcat 8
> >
> > Same issue. Client makes the connection fine. Tomcat closes the
> > connection in 10 seconds.
>
> What's the client timeout on the server side? Perhaps you are...
> timing out.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTFiFrAAoJEBzwKT+lPKRY8/YQAIeHKuk+XbixExR5xgAZIqTN
> IouEC+qFsiw9KAwI5eTPjyLiGOvO6qxAwQgrfiQntoaDsdGot7ruqRn33lfLqtZR
> KL44Fy/gkkPDgcBeLwqDUU5gkcbcfWzT0gW6SGWLGV6C9ByOs0LVVpkPmKKBJqB5
> nbyr2LLbNuv5/4/JKKOSVgxx4IZO1nI3jrKeqnem3iRTwlTlxu6pCmr3XoETMPGn
> WykiuuVro74txdv2pM7nuJeoZpphjC260ZVHwv6xkGAOzvZP+yYI0Fb77uSegPLv
> rGgon5WIa3ubS5WeEwSvpeX+gwgRpV9s0n3/Jn6x+yYuj8gIDTOUVBduGxiFPfeF
> d2i2Mc0p0Hpsc13TDgLazMDhT3585Ut/M7QUEIyyTEQnE9U7mhma/tPkJ6nUahGk
> 9caL+AtZqH4LNaMQ2SL8HFnWpqzlpIPSX42jG7jPwcvTKE8JdrzlRY1kKPdbupAH
> f7XP3FF12uQkBvTcvBCUjQ+tfEVTcDyuBGzhKoxUMxArNGDYMfS+N9S+sjrm3Kw8
> Q1huNLAvUMsu5SWx2+Z8u5ezSgaAds/Zss+5rH3NdYNUpe80Kau5BS73oUNkpTyT
> vLMUv6rkuff4ftssCS8EHrjnrkWObsfOWzCUgqQelT+kMB8kXNoqGmQrsBC4LbcR
> NSWG46brPPG2vzUJf61r
> =v2j+
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

RE: tomcat 6 refuses mod_jk connections after server runs for a couple of days

[Isaac Gonzalez]

Dan,


From: Daniel Mikusa [dmik...@gopivotal.com]
Sent: Tuesday, March 04, 2014 6:20 AM
To: Tomcat Users List
Subject: Re: tomcat 6 refuses mod_jk connections after server runs for a couple 
of days

On Mar 4, 2014, at 6:32 AM, Rainer Jung  wrote:

> On 27.02.2014 23:06, Isaac Gonzalez wrote:
>> Hi Christopher(and Konstantin), attached is a couple of thread dumps of when 
>> we experienced the issue again today. I also noticed we get this message 
>> right before the problem occurs:
>> Feb 27, 2014 12:47:15 PM 
>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run
>> SEVERE: Caught exception (java.lang.OutOfMemoryError: unable to create new 
>> native thread) executing 
>> org.apache.jk.common.ChannelSocket$SocketAcceptor@177ddea, terminating thread
>
> Is it a 32Bit system? You have 2GB of heap plus Perm plus native memory
> needed by the process plus thread stacks. Not unlikely, that you ran out
> of memory address space for a 32 bit process.
>
> The only fixes would then be:
>
> - switch to a 64 bit system
>
> - reduce heap if the app can work with less
>
> - improve performance or eliminate bottlenecks so that the app works
> with less threads
>
> - limit you connector thread pool size. That will still mean that if
> requests begin to queue because of performance problems, the web server
> can't create additional connections, but you won't get in an irregular
> situation as you experience now. In that case you would need to
> configure a low idle timeout for the connections on the JK and TC side.

It may also be possible to lower the thread stack size with the -Xss option.

Ok so we are 64 bit Linux with 1024k in the 64-bit VMwould lowering it to 
64k be a bit too low? What sort of repercussions would we run into?
Very helpful information by the way.

-Isaac

  http://www.oracle.com/technetwork/java/hotspotfaq-138619.html#threads_oom

Might buy you some room for a few additional threads.

Dan

>
> Regards,
>
> Rainer
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Websockets timing out

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Bob,

On 3/4/14, 1:15 PM, Bob Mancarella wrote:
> Ubuntu 13.04 and Tomcat 8
> 
> Same issue. Client makes the connection fine. Tomcat closes the
> connection in 10 seconds.

What's the client timeout on the server side? Perhaps you are...
timing out.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFiFrAAoJEBzwKT+lPKRY8/YQAIeHKuk+XbixExR5xgAZIqTN
IouEC+qFsiw9KAwI5eTPjyLiGOvO6qxAwQgrfiQntoaDsdGot7ruqRn33lfLqtZR
KL44Fy/gkkPDgcBeLwqDUU5gkcbcfWzT0gW6SGWLGV6C9ByOs0LVVpkPmKKBJqB5
nbyr2LLbNuv5/4/JKKOSVgxx4IZO1nI3jrKeqnem3iRTwlTlxu6pCmr3XoETMPGn
WykiuuVro74txdv2pM7nuJeoZpphjC260ZVHwv6xkGAOzvZP+yYI0Fb77uSegPLv
rGgon5WIa3ubS5WeEwSvpeX+gwgRpV9s0n3/Jn6x+yYuj8gIDTOUVBduGxiFPfeF
d2i2Mc0p0Hpsc13TDgLazMDhT3585Ut/M7QUEIyyTEQnE9U7mhma/tPkJ6nUahGk
9caL+AtZqH4LNaMQ2SL8HFnWpqzlpIPSX42jG7jPwcvTKE8JdrzlRY1kKPdbupAH
f7XP3FF12uQkBvTcvBCUjQ+tfEVTcDyuBGzhKoxUMxArNGDYMfS+N9S+sjrm3Kw8
Q1huNLAvUMsu5SWx2+Z8u5ezSgaAds/Zss+5rH3NdYNUpe80Kau5BS73oUNkpTyT
vLMUv6rkuff4ftssCS8EHrjnrkWObsfOWzCUgqQelT+kMB8kXNoqGmQrsBC4LbcR
NSWG46brPPG2vzUJf61r
=v2j+
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Optimization on simple requests

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

John,

On 3/4/14, 1:17 PM, John Smith wrote:
> Tomcat 7.0.42 on RHEL6.
> 
> Assume that Tomcat is serving only one jsp page. Say it just
> rewrites a parameter value from the querystring to the html within
> the jsp.
> 
> Also assume that there are ~200,000 users attempting to access that
> page - say "almost simultaneously".
> 
> What are the most relevant optimizations I can make to a single
> instance of tomcat for this scenario?

So you want the highest-performance solution to the above scenario?

As for Tomcat configuration, I would use the NIO connector with a
large number of max connections (you'll have to see what practical
size to give it) and a large number of threads in your thread pool
(i.e. executor).

NIO gets you the benefit of not blocking waiting for a second (or
third, etc.) keepalive request to arrive over a connection before that
thread can be used to do some real work. If all connections are
"Connection:close" then this is less of an issue.

If you have a big, beefy CPU relative to your Internet connection's
bandwidth, you should probably enable compression on the connector:
that will help you push bytes back to the client faster. You'll have
to test whether or not this actually helps you in your particular
situation, because you are trading CPU time for I/O time.

Define only one  element in your server.xml, and name it
whatever your public hostname is: there is a slight optimization in
the mapper that works slightly faster if you have exactly one 
element, and if that name matches the "Host" header from the request.
(There is an even faster case for where there are no elements in the
host list, then the default is used, but I'm not sure how to get a
zero-element host list and yet still have a default host).

Don't add any s or s that you don't absolutely need.

I would remove any intermediate proxies that don't absolutely need to
be there (like Apache httpd, Microsoft IIS, nginx, etc.). Tomcat
itself comes fairly well-configured for performance out of the box
(except for the use of the BIO connector, which gets the job done and
it very stable and reliable, but certainly does not win any speed
contests).

If you want to optimize the hell out of the experience, you'll want to
dump JSP: there's a lot of setup that goes into creating the
environment in which a JSP page runs, and you don't mention that you
need any of it above.

If you just need to write HEADER + some value from query string +
FOOTER, then try to do that all in 3 I/O writes, like this would be in
a servlet:

static final String HEADER = "My Fast
PageMy Fast PageYour parameter value
is ";
static final String FOOTER = "";

void doGet(request, response) {

  ServletOutputStream out = response.getOutputStream();
  out.print(HEADER);
  out.print(request.getParameter("key"));
  out.print(FOOTER);
}

To save network bandwidth, remove any non-essential whitespace from
your text as I have done above.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFiFPAAoJEBzwKT+lPKRYR5wP/iiaEcMIFxKBE9Rr9EP6ZhA+
+fxznQ1QED232LlhvAAcAiAjnOOv/dzLxmC62dai9EZoV0/24WcMpYaEjaRo2jZu
jIyeGb4Dn4ommJj7aPG+yesPRRTBY6j23SIauWbnRNBCggn/YCpOnjERuUHPtjMO
G4kDeZaHGGjfirwTuPYCKxiKlYow6C4H8HUzLH84BvuktPPCgO16qbtCSCI0st+b
av4pza4lzKSO3YsjS3PBNa7eI9q7zvLYqTeB7TziyLq7Jf5OOWPL73qUVJUgb54A
M6GzvsdIYWHCigGZff0iHT3oNbDEteSVK7TPLP8+XzI8x8F+xsn5G8yv5wXhStDH
44g2E2hZLwLhaaSiJqtxKGb2kTwoJA+CX33MnbngOkMGUO7SmRMlkx77d08GiYoA
uvOKep8zz7R4Is8EZu5sdzUQSxPx2Y59uzQNMiBeER47d+hfu4aOl241QUrN2osO
NsddzzXB6i9auvdhDdGUkNwbT2Iy8NtMKPBUvM+LWz2GC+8+/WyVeRjhQ5N3BUwc
5YHCKrHVEgZR/NO7j6HvsqXBdUnbt8JNFp0O6XtkCUtlilDabki50wIqVXn/jEmc
rG9YJKYDFDQdxJSEnpeZEw5+iDmORkSyIOEMw5htqVCCgeBRp2jeATVWKpdcM76G
EJD/P6bdni3Vj7kthhjs
=ADJI
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: tomcat 6 refuses mod_jk connections after server runs for a couple of days

[Isaac Gonzalez]

Rainer,


From: Rainer Jung [rainer.j...@kippdata.de]
Sent: Tuesday, March 04, 2014 3:32 AM
To: Tomcat Users List
Subject: Re: tomcat 6 refuses mod_jk connections after server runs for a couple 
of days

On 27.02.2014 23:06, Isaac Gonzalez wrote:
> Hi Christopher(and Konstantin), attached is a couple of thread dumps of when 
> we experienced the issue again today. I also noticed we get this message 
> right before the problem occurs:
> Feb 27, 2014 12:47:15 PM 
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run
> SEVERE: Caught exception (java.lang.OutOfMemoryError: unable to create new 
> native thread) executing 
> org.apache.jk.common.ChannelSocket$SocketAcceptor@177ddea, terminating thread

Is it a 32Bit system? You have 2GB of heap plus Perm plus native memory
needed by the process plus thread stacks. Not unlikely, that you ran out
of memory address space for a 32 bit process.

 No we are running on 64 bit


The only fixes would then be:

- switch to a 64 bit system

- reduce heap if the app can work with less
  I'd like to keep the heap the same...most of our apps need it.

- improve performance or eliminate bottlenecks so that the app works
with less threads
 Can you give an example of such a bottleneck? Ie: open unfinished 
connections to the backend database from tomcat?

- limit you connector thread pool size. That will still mean that if
requests begin to queue because of performance problems, the web server
can't create additional connections, but you won't get in an irregular
situation as you experience now. In that case you would need to
configure a low idle timeout for the connections on the JK and TC side.

  I'm not sure I want to do this because that would cause hiccups on 
the client UI and not allow them to connect. It would keep active ones open I 
imagine. I already have a 5 minute idle timeout on JK and TC...Guess I need to 
lower it down to like a minute or so... Just wondering if that would be too low.

-Isaac

Regards,

Rainer


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Websockets timing out

[Bob Mancarella]

Ubuntu 13.04 and Tomcat 8

Same issue. Client makes the connection fine. Tomcat closes the connection
in 10 seconds.

RE: Andr? Warnie (was Re: secure reverse proxy to my tomcat server)

[Caldarale, Charles R]

> From: Jeff Haferman [mailto:j...@haferman.com] 
> Subject: Andr? Warnie (was Re: secure reverse proxy to my tomcat server)

> Oh geez... really?  We're going to have a top-post vs bottom-post flame-war??

No, people who consistently violate the published rules for the list simply get 
ignored.

http://tomcat.apache.org/lists.html#tomcat-users

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: $CATALINA_HOME/conf/context.xml .. restrict a context?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ravi,

On 3/3/14, 5:53 PM, Ravi Gupta wrote:
> Any idea if the same would work for JBOSS 5.X (uses tomcat under
> the hood)? perhaps it is not the same, but I tried putting 
> admin-console.xml under
> jboss-5.1.0.GA/server/default/deploy/jbossweb.sar it contains 
>   className="org.apache.catalina.valves.RemoteAddrValve" deny="*" /> 
> 
> 
> But I was still able to access http://localhost:8080/admin-console
> after a bounce?
> 
> Any suggestions would be apreciated

Take a look at the documentation for RemoteAddrValve, particularly the
"deny" attribute. You have configured this incorrectly.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTFhy0AAoJEBzwKT+lPKRYAvYP/jfH/uFLLSthgf6O+rGh6/Dy
nCYOOmsxG2O8Pc7g26mm75Zz7n1zctq7Bsbz/UNM0nwBbAI3kVwCAJIlQqHb5CxY
qdaZu/B2YqB6xzMAYbdtrQ8io0i3uVPBqKM2K8pvccFhxdWlvfQtbTWIDtlbofaP
Y9cRKWqQFge6BQKQDjeHFgA01htZcwD6+Tm6ckjjQfDGxFXoWIbKEWNxwROhu0zn
6gD97iO9DNAmDbTfrMDX4QfT9jvu2RgtZ+MilUHHEXpKAnVagMmznvbG0pt3CzoL
1g6oGLZJMtiJkNMDQEfU9gtxR/avYBiNCc+UcNz7n+Lb08CzeWrNT5rn/baPV+84
HHXNvw/qCihy0VSKVwnBQ/iewTKysRW5rmO4b8tGR1vvx46kignONMnP74ySL/xC
wjTFIOMcoHTdrLVj3QwifxZqHtxsYF2MGbXjhLfFaqsgKiCneP5oT9BfvoDPUCel
AX4+J/8V3bFZhpdG/5yzQgMkzQOfqCYbkpdfoJIn3PPXJoyAamCe2PeIQ9bgKrnb
SDUgQQoEIuIqYqxLTF+cfT25FDrRrJmwc/z9z8+FLnPp+ld7t5jNdN38L4CW98TO
vuIdXRPT0fEq2WW/XQLG1xDtO4RUJfZUVHCy4N2EGxrC+jiLVH5YKRDD6it+4sOW
T6Bhqe9hES30N5SQ1HSo
=v1We
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Can I use jmx to see jdbc pool variables/properties in Tomcat 6?

[Charles Richard]

Hi,

I am testing the jdbc pool to replace the c3p0 pool we were using for our
Tomcat connection pool. We are also using Spring 2.0 and Hibernate (and
Tomcat 6).

When I put this in my hibernate-context.xml, our application is using the
jdbc pool and appears to work:















However, when using jmx locally, I don't see any beans that I can use to
monitor the connections used in the pool. I tried doing as per this article:

http://stackoverflow.com/questions/3865445/cant-see-jmx-entries-in-jconsole-when-using-tomcat-jdbc-connection-pool

This doesn't work for me.

Any suggestions on what I'm missing here?

Thanks,
Charles

Re: Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet

[Bill Davidson]

On 3/4/2014 9:40 AM, Bill Davidson wrote:

We tried to upgrade a production server to Tomcat 7 yesterday and it
broke our printing applet that we use to control a printer in its native
printer language.

This seemed odd to us because it worked perfectly in testing. When we
go direct to our production servers (bypassing the Cisco load balancer
which is doing SSL for us), it also works fine in production.

The only thing that's changed is using Tomcat 7.

We only have one connector in server.xml





I realized that I forgot a lot of info:

Tomcat 7.0.47 on RHEL 5.10
Apache httpd 2.2.25

It worked fine with Tomcat 6.0.37

The applet is bit-for-bit identical.  It's built with Java 1.1 compatibility 
mode.

It's some sort of combination of the load balancer and Tomcat 7 not getting
along with each other, but there's nothing to indicate that in catalina.out or
mod_jk.log or error.log.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Optimization on simple requests

[John Smith]

Tomcat 7.0.42 on RHEL6.

Assume that Tomcat is serving only one jsp page. Say it just rewrites a
parameter value from the querystring to the html within the jsp.

Also assume that there are ~200,000 users attempting to access that page -
say "almost simultaneously".

What are the most relevant optimizations I can make to a single instance of
tomcat for this scenario?

TIA,
Alec

Andr? Warnie (was Re: secure reverse proxy to my tomcat server)

[Jeff Haferman]

Oh geez... really?  We're going to have a top-post vs bottom-post flame-war??  
Netiquette dictates that you email me privavtely if your
posting is off-topic...

André Warnier wrote:
> Hi.
>
> On this list, it is preferred (strongly) if you do not top-post, but respond 
> in the text 
> or below the question.  It just makes it easier to follow what is going on.
> I have moved your previous response, to the logival order.
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet

[Bill Davidson]

We tried to upgrade a production server to Tomcat 7 yesterday and it
broke our printing applet that we use to control a printer in its native
printer language.

This seemed odd to us because it worked perfectly in testing.  When we
go direct to our production servers (bypassing the Cisco load balancer
which is doing SSL for us), it also works fine in production.

The only thing that's changed is using Tomcat 7.

We only have one connector in server.xml



The Java console is giving an SSLHandshakeException

v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to 

cache: Initialize resource manager: 
com.sun.deploy.cache.ResourceProviderImpl@c77c8
basic: Added progress listener: sun.plugin.util.ProgressMonitorAdapter@a2bfd5
basic: Plugin2ClassLoader.addURL parent called for 
https://myhost.mydomain/myapp/applets/print.jar
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured
network: Cache entry not found [url: 
https://myhost.mydomain/myapp/applets/print.jar, version: null]
network: Connecting https://myhost.mydomain/myapp/applets/print.jar with 
proxy=DIRECT
network: Cache entry not found [url: 
file:/C:/Program%20Files%20(x86)/Java/jre7/lib/ext/sunec.jar, version: null]
network: Cache entry not found [url: 
file:/C:/Program%20Files%20(x86)/Java/jre7/lib/ext/sunjce_provider.jar, 
version: null]
network: Connecting http://myhost.mydomain:443/ with proxy=DIRECT
javax.net.ssl.SSLHandshakeException: Remote host closed connection during 
handshake
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown 
Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown 
Source)
at 
sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown 
Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown 
Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown 
Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown 
Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown 
Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown 
Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.(Unknown 
Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown 
Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(Unknown Source)
... 41 more

Any ideas?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Shutdown port on Windows Service installation

[David kerber]

On 3/4/2014 12:04 PM, Jeffrey Janner wrote:

-Original Message-
From: David kerber [mailto:dcker...@verizon.net]
Sent: Tuesday, March 04, 2014 8:17 AM
To: Tomcat Users List
Subject: Shutdown port on Windows Service installation

I am running several instances of TC 7 as services on a Windows Server
2008 R2.  Each instance has its own set of ports, and I have both the
data port and shutdown ports configured in server.xml.  They are
currently running only HTTP.

My questions:

1.  Does the shutdown port serve any purpose on a windows service
installation?  I thought I had read that it did not, but some searching
didn't turn up a definitive answer.


The shutdown port is not needed for a Windows service, but it is usable if 
configured.
In other words, assuming the default configuration, if someone were to send 
"SHUTDOWN" to the localhost port 8005, then Tomcat would shutdown.


Ok, I think I'll disable that.  We always use the service controls.




I couldn't tell from the documentation 
(http://tomcat.apache.org/tomcat-7.0-doc/config/server.html), but I seem to recall that the 
"port" attribute is required on the  tag.  For all my Windows 
installations, I just set it to -1 and let the Commons Daemon implementation (tomcat.exe) take 
care of the shutdown task.
FYI: Tomcat implements the Java Daemon API, which is the mechanism that the 
Apache Commons Daemon (http://commons.apache.org/proper/commons-daemon/) 
executables use to communicate with the Tomcat. The ACD is a C program that 
loads the JVM and tells it to run the Tomcat bootstrap. Then it just listens 
for system signals.  There is a Windows version (procrun) and a Unix/Linux 
version (jsvc).  This is a separate utility that you can use if you have 
standalone Java programs you need to run as a service.
BTW: The JVM exits when Tomcat issues a System.exit() call.


So -1 disables the shutdown port, right?





2.  I may need to start using HTTPS for my data transfer for at least
one of the instances.  If that instance is going to allow only HTTPS
(and not HTTP), can I just make the current HTTP port into HTTPS?  Or
do I need to configure an additional port?  If I need an additional
port, and the shutdown port isn't needed, I could just turn the
shutdown port into the HTTPS port, right?


You don't mention your setup, but I would use the standard HTTPS port of 443 
and actually provide both the HTTP and HTTPS connectors, then configure the 
application to force HTTPS where necessary via the web.xml directives.
But then again, it depends on your implementation.


The ports are different for each TC instance, but I can give each 
instance an extra port if needed.






I understand that there are significant configuration changes needed
for HTTPS, and will be back if I run into issues with it, but for now
I'm only asking about the TCP ports.

Thanks!
Dave


Be careful of whether you are also running with the native/APR library.  The 
SSL configuration requirements are different if doing so.  It is all well 
documented in the Tomcat documentation.



Thanks for the comments, Jeff.  I'll definitely be running the native 
lib for performance reasons.  A couple  of the instances get around 4M 
transactions per day, and we total well over 10M per day across all the 
instances.  So I want to keep the load as small as I reasonably can.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Shutdown port on Windows Service installation

[Jeffrey Janner]

> -Original Message-
> From: David kerber [mailto:dcker...@verizon.net]
> Sent: Tuesday, March 04, 2014 8:17 AM
> To: Tomcat Users List
> Subject: Shutdown port on Windows Service installation
> 
> I am running several instances of TC 7 as services on a Windows Server
> 2008 R2.  Each instance has its own set of ports, and I have both the
> data port and shutdown ports configured in server.xml.  They are
> currently running only HTTP.
> 
> My questions:
> 
> 1.  Does the shutdown port serve any purpose on a windows service
> installation?  I thought I had read that it did not, but some searching
> didn't turn up a definitive answer.
> 
The shutdown port is not needed for a Windows service, but it is usable if 
configured.
In other words, assuming the default configuration, if someone were to send 
"SHUTDOWN" to the localhost port 8005, then Tomcat would shutdown.
I couldn't tell from the documentation 
(http://tomcat.apache.org/tomcat-7.0-doc/config/server.html), but I seem to 
recall that the "port" attribute is required on the  tag.  For all my 
Windows installations, I just set it to -1 and let the Commons Daemon 
implementation (tomcat.exe) take care of the shutdown task.  
FYI: Tomcat implements the Java Daemon API, which is the mechanism that the 
Apache Commons Daemon (http://commons.apache.org/proper/commons-daemon/) 
executables use to communicate with the Tomcat. The ACD is a C program that 
loads the JVM and tells it to run the Tomcat bootstrap. Then it just listens 
for system signals.  There is a Windows version (procrun) and a Unix/Linux 
version (jsvc).  This is a separate utility that you can use if you have 
standalone Java programs you need to run as a service.
BTW: The JVM exits when Tomcat issues a System.exit() call.

> 2.  I may need to start using HTTPS for my data transfer for at least
> one of the instances.  If that instance is going to allow only HTTPS
> (and not HTTP), can I just make the current HTTP port into HTTPS?  Or
> do I need to configure an additional port?  If I need an additional
> port, and the shutdown port isn't needed, I could just turn the
> shutdown port into the HTTPS port, right?
> 
You don't mention your setup, but I would use the standard HTTPS port of 443 
and actually provide both the HTTP and HTTPS connectors, then configure the 
application to force HTTPS where necessary via the web.xml directives.
But then again, it depends on your implementation.

> I understand that there are significant configuration changes needed
> for HTTPS, and will be back if I run into issues with it, but for now
> I'm only asking about the TCP ports.
> 
> Thanks!
> Dave

Be careful of whether you are also running with the native/APR library.  The 
SSL configuration requirements are different if doing so.  It is all well 
documented in the Tomcat documentation.
Jeff


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Configuring mod_jk with multiple Apache HTTPD Virtual Hosts

[Doug Strick]

I went over the documentation multiple times and the light bulb finally
went on after everyone's input.  Most of the mod_jk configs were built by
the Coldfusion web server config tool so that's why it's so cluttered.  I
made the configuration work by putting the below in httpd.conf:


JkWorkersFile /apps/httpd/conf.d/modjk/workers.properties
JkShmFile /weblogs/mod_jk.jk_shm


Then I stripped out everything from the virtual host config besides the
docroot and log configs like below which managed to start getting me
responses.  I also found there were major environment issues compounding my
experience because the F5 wasn't always sending traffic to this apache host
which is why I was banging my head most of the time trying to figure out
why I wasn't seeing anything in my logs.  Now that my apache config is good
I need to figure out why coldfusion is returning a 302 for GET /.



  JkMountFile /apps/httpd/conf.d/modjk/app1.uriworkermap.properties
  # Where to put jk logs
  JkLogFile /weblogs/mod_jk.app1.dev5.log
  # custom environment variables
  JkEnvVar REDIRECT_URL
  JkEnvVar REDIRECT_REMOTE_HOST
  JkEnvVar REDIRECT_PATH
  JkEnvVar REDIRECT_QUERY_STRING
  JkEnvVar REDIRECT_HTTP_ACCEPT
  JkEnvVar REDIRECT_HTTP_USER_AGENT
  JkEnvVar REDIRECT_REMOTE_ADDR
  JkEnvVar REDIRECT_SERVER_NAME
  JkEnvVar REDIRECT_SERVER_PORT
  JkEnvVar REDIRECT_SERVER_SOFTWARE
  # Where to put jk shared memory
  #JkShmFile /weblogs/app1.dev5.jk_shm
  # Set the jk log level [debug/error/info]
  JkLogLevel debug
  # Select the timestamp log format
  JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
  JkOptions +ForwardDirectories
  AddHandler jakarta-servlet .cfm .cfml .cfc .cfr .cfswf
  DirectoryIndex index.cfm

  Order allow,deny
  Deny from all





On Mon, Mar 3, 2014 at 1:57 PM, André Warnier  wrote:

> Doug Strick wrote:
>
>> Hello,
>>
>> I'm currently working on a project where we're migrating from Adobe
>> Coldfusion 8 to CF 10.  Adobe CF10 now uses tomcat as the underlying
>> server
>> and mod_jk is the standard connector used.  On our test environment we
>> have
>> a single apache httpd instance serving multiple domains with each going to
>> a different CF instance.  We really only want specific workers enabled for
>> specific virtual hosts like below.
>>
>> test1.abc.com --> HTTPD test1 VirtualHost --> CF Test1
>> test2.abc.com --> HTTPD test2 VirtualHost --> CF Test2
>> test3.abc.com --> HTTPD test3 VirtualHost --> CF Test3
>>
>> Each CF instance is on a separate host. A developer has managed to get a
>> config working on their local desktop where CF10 runs under windows and
>> apache runs under a linux VM.  The real dev environment is a lot more
>> complicated with multiple virtual hosts.  CF is the only one where we're
>> going to use mod_jk (CF 8 used mod_jrun22) so this is the first time using
>> mod_jk in our environment.  Using the below config I keep getting
>> "JkWorkersFile cannot occur within  section".  Does anyone
>> have any suggestions as to what I need to do to make this work?
>>
>
> See http://tomcat.apache.org/connectors-doc/reference/apache.html
>
> quote
>
> JkWorkersFile
>
> The name of a worker file for the Tomcat servlet containers.
> This directive is only allowed once. It must be put into the global part
> of the configuration.
> [...]
>
> unquote
>
> And the same for the "JkShmFile" directive.
>
> The "global part of the configuration" refers to the main (or default)
> Apache httpd configuration file (apache2.conf or httpd.conf e.g.),
> *outside* of any  section.
>
> The "JkWorkersFile" file defines *all* the "workers" (in mod_jk parlance,
> a "worker" is usually "one back-end Tomcat instance"). So in your case, you
> would have 3 workers (Test1, Test2 and Test3).
>
> Then inside of each  section, you would use "JkMount"
> directives, to indicate *for this VirtualHost* which URI's should be
> proxied to which of the known workers.
> For example,
> in 
>JkMount /myapp/ Test1
>JkMount /myapp/* Test1
>
> in 
>JkMount /myapp/ Test2
>JkMount /myapp/* Test2
>
> in 
>JkMount /myapp/ Test3
>JkMount /myapp/* Test3
>
>
> Also, it does not really make much sense to have both "JkMount" directives
> directly in your configuration, *and* a "JkMountFile" directive. Usually,
> one uses the one or the other. It is less confusing, because both specify
> lists of URI's which should be/should not be proxied to Tomcat.
>
> Another configuration directive which should only be there once, and in
> the main httpd configuration section (not in ) is
> > LoadModule jk_module  /apps/httpd/modules/mod_jk.so
> It is probably ignored when it occurs in a VirtualHost section.
> See http://httpd.apache.org/docs/2.2/mod/mod_so.html#loadmodule
>
> There are some other things

Websockets timing out

[Bob Mancarella]

Tomcat 7.0.52 on Ubuntu 14.04

Websocket connection closes automatically after about 10 seconds. The
browser creates the initial connection. OnOpen is called on the server.
After 10 seconds OnClose is called and the connection is closed.
I have tried changing connectionTimeout="-1" on Connector.
Also tried session.setMaxIdleTimeout(-1); Neither has any effect.

On my Windows 7 dev machine the connection stays up until told to close.
Also when I used apt-get to install Tomcat these files were missing...
tomcat7-wobsocket.jar and websocket-api.jar. I copied them into
/usr/share/tomcat7/lib which seemed to work.

Re: Shutdown port on Windows Service installation

[David kerber]

On 3/4/2014 10:34 AM, André Warnier wrote:

David kerber wrote:

I am running several instances of TC 7 as services on a Windows Server
2008 R2.  Each instance has its own set of ports, and I have both the
data port and shutdown ports configured in server.xml.  They are
currently running only HTTP.

My questions:

1.  Does the shutdown port serve any purpose on a windows service
installation?  I thought I had read that it did not, but some
searching didn't turn up a definitive answer.


I don't really know either, but just for the fun of it, let's proceed by
logical induction.

In a Windows Service scenario, the JVM that runs Tomcat, itself runs
under a "wrapper" (tomcatX.exe).  That wrapper is a generic program for
Java processes, and has no particular knowledge of Tomcat.  But it is
that wrapper which would get the Windows message "Stop Service", and
would have to forward this to the JVM in some way, to ask the JVM itself
to exit.
The JVM has no specific knowledge of Tomcat either, nor of its shutdown
port and what it is there for.  So if the JVM must stop Tomcat before
stopping itself, it must be doing it via another way.
My guess would thus be that Tomcat inserts some "callback hook" in the
JVM, so that it is notified when the JVM has been asked to stop itself.


Shutdown hook, maybe?  I just used my first one yesterday in a cmd-line 
java app...




And when this callback is called by the JVM, Tomcat initiates its own
shutdown.  And when this callback returns, the JVM proceeds to shut
itself down (or Tomcat just does a system.exit()).  And when that is
done, the wrapper knows and can tell Windows that the Service is shut
down, and then exit itself.


That was my reasoning as well, but I'm not as well-versed in this stuff 
as I would like to be.





Conclusion : no, the Tomcat shutdown port is not used when running as a
Windows Service.

Now the question is : if you do not specify a shutdown port, does Tomcat
nevertheless set one up by default ?


That's what I was hoping Mark, Chuck or one of the other committers 
could answer definitively.







2.  I may need to start using HTTPS for my data transfer for at least
one of the instances.  If that instance is going to allow only HTTPS
(and not HTTP), can I just make the current HTTP port into HTTPS?


I cannot think of why not. You can comment out the HTTP Connector, and
just leave the HTTPS Connector (and change its port).


That's what I thought.




Or do

I need to configure an additional port?  If I need an additional port,
and the shutdown port isn't needed, I could just turn the shutdown
port into the HTTPS port, right?


You mean using the same port number, that you are currently using for
the shutdown port ? If so, yes, depending on the answer to the question
above.


Right, that's what I thought.



Note that this would not be the standard HTTPS port (443), so the
clients would need to specifiy the port number explicitly, in addition
to the "https://"; prefix.
That may or may not bother you, depending on the scenario.


That is expected in this particular scenario; it's an automated data 
collection system with no human interface.  The http port is also 
non-standard.







I understand that there are significant configuration changes needed
for HTTPS, and will be back if I run into issues with it, but for now
I'm only asking about the TCP ports.

Thanks!
Dave



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Shutdown port on Windows Service installation

[André Warnier]

David kerber wrote:
I am running several instances of TC 7 as services on a Windows Server 
2008 R2.  Each instance has its own set of ports, and I have both the 
data port and shutdown ports configured in server.xml.  They are 
currently running only HTTP.


My questions:

1.  Does the shutdown port serve any purpose on a windows service 
installation?  I thought I had read that it did not, but some searching 
didn't turn up a definitive answer.


I don't really know either, but just for the fun of it, let's proceed by 
logical induction.

In a Windows Service scenario, the JVM that runs Tomcat, itself runs under a "wrapper" 
(tomcatX.exe).  That wrapper is a generic program for Java processes, and has no 
particular knowledge of Tomcat.  But it is that wrapper which would get the Windows 
message "Stop Service", and would have to forward this to the JVM in some way, to ask the 
JVM itself to exit.
The JVM has no specific knowledge of Tomcat either, nor of its shutdown port and what it 
is there for.  So if the JVM must stop Tomcat before stopping itself, it must be doing it 
via another way.
My guess would thus be that Tomcat inserts some "callback hook" in the JVM, so that it is 
notified when the JVM has been asked to stop itself.  And when this callback is called by 
the JVM, Tomcat initiates its own shutdown.  And when this callback returns, the JVM 
proceeds to shut itself down (or Tomcat just does a system.exit()).  And when that is 
done, the wrapper knows and can tell Windows that the Service is shut down, and then exit 
itself.


Conclusion : no, the Tomcat shutdown port is not used when running as a Windows 
Service.

Now the question is : if you do not specify a shutdown port, does Tomcat nevertheless set 
one up by default ?




2.  I may need to start using HTTPS for my data transfer for at least 
one of the instances.  If that instance is going to allow only HTTPS 
(and not HTTP), can I just make the current HTTP port into HTTPS?  


I cannot think of why not. You can comment out the HTTP Connector, and just leave the 
HTTPS Connector (and change its port).


Or do
I need to configure an additional port?  If I need an additional port, 
and the shutdown port isn't needed, I could just turn the shutdown port 
into the HTTPS port, right?


You mean using the same port number, that you are currently using for the shutdown port ? 
If so, yes, depending on the answer to the question above.
Note that this would not be the standard HTTPS port (443), so the clients would need to 
specifiy the port number explicitly, in addition to the "https://"; prefix.

That may or may not bother you, depending on the scenario.



I understand that there are significant configuration changes needed for 
HTTPS, and will be back if I run into issues with it, but for now I'm 
only asking about the TCP ports.


Thanks!
Dave

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 7.0.52 stops after hours on our Sun Sparc with SunOS 5.10

[Jay]

Hi Konstantin,

For your questions:

1. What is different with regards to similar question that you asked a week
ago?
A: As you suggested, we upgraded to the latest Java version and the latest
Tmocat 7.x.

2. Have you read the FAQ that I mentioned?
http://wiki.apache.org/tomcat/FAQ/Linux_Unix#Q3
A: yes. In our situation, after started the Tomcat runs from hours to a day
then stops randomly no matter if logout or terminating from the terminal.

3. Are you using nohup?
A: Not yet. will try. 
It seems the issue only on this Sun Sparc platform and Tomcat 7 seems ok
without using nohup on other Sun Sparc machines. 

Do you have suggestion where we can capture the stop reason?

Thanks,
Jay

-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] 
Sent: Monday, March 03, 2014 5:29 PM
To: Tomcat Users List
Subject: Re: Tomcat 7.0.52 stops after hours on our Sun Sparc with SunOS
5.10

2014-03-03 21:29 GMT+04:00 Jay :
> Hello,
>
> We newly installed Solaris 10 with all default settings on our Sun 
> Sparc machine (sun4u sparc SUNW,UltraAX-i2 64-bit sparcv9 kernel modules).
> The OS Version: SunOS hostname 5.10 Generic_147147-26 sun4u sparc 
> SUNW,UltraAX-i2.
>
> We downloaded and installed JDK packages as follows:
> jdk-7u51-solaris-sparc.z
> jdk-7u51-solaris-sparcv9.z
>
> The Java in the environment:
> java version "1.7.0_51"
> Java(TM) SE Runtime Environment (build 1.7.0_51-b13) Java HotSpot(TM) 
> Client VM (build 24.51-b03, mixed mode, sharing)
>
> We downloaded the  apache-tomcat-7.0.52.tar.gz and just unpacked it in 
> /export/home/tester.
> Then we started the Tomcat server just using ./startup.sh without 
> change of any default settings.
> The Tomcat is started ok listening at 8080 and we can see the Tomcat 
> main page on Web Browser at the port 8080.
> But after several hours it stops itself without obvious reason (not 
> manually killed). and It seems it was not a Shutdown command as there 
> is no message of "A valid shutdown command was received via the 
> shutdown port." in the log.
>
> Is anyone aware about this issue?
> Is it a configuration issue or environment issue?
>
> Can you please provide any clues or check points?
>
> Thanks,
> Jay
>
> PS. Here are the outputs from the logs:
> #
> # cat catalina.out
> Feb 28, 2014 4:12:09 PM org.apache.catalina.core.AprLifecycleListener 
> init
> INFO: The APR based Apache Tomcat Native library which allows optimal 
> performance in production environments was not found on the
> java.library.path: /usr/jdk/packages/lib/sparc:/lib:/usr/lib
> Feb 28, 2014 4:12:12 PM org.apache.coyote.AbstractProtocol init
> INFO: Initializing ProtocolHandler ["http-bio-8080"] Feb 28, 2014 
> 4:12:12 PM org.apache.coyote.AbstractProtocol init
> INFO: Initializing ProtocolHandler ["ajp-bio-8009"] Feb 28, 2014 
> 4:12:12 PM org.apache.catalina.startup.Catalina load
> INFO: Initialization processed in 5782 ms Feb 28, 2014 4:12:12 PM 
> org.apache.catalina.core.StandardService
> startInternal
> INFO: Starting service Catalina
> Feb 28, 2014 4:12:12 PM org.apache.catalina.core.StandardEngine
> startInternal
> INFO: Starting Servlet Engine: Apache Tomcat/7.0.52 Feb 28, 2014 
> 4:12:12 PM org.apache.catalina.startup.HostConfig
> deployDirectory
> INFO: Deploying web application directory 
> /export/home/tester/apache-tomcat-7.0.52/webapps/manager
> Feb 28, 2014 4:12:16 PM org.apache.catalina.startup.HostConfig
> deployDirectory
> INFO: Deploying web application directory 
> /export/home/tester/apache-tomcat-7.0.52/webapps/docs
> Feb 28, 2014 4:12:17 PM org.apache.catalina.startup.HostConfig
> deployDirectory
> INFO: Deploying web application directory 
> /export/home/tester/apache-tomcat-7.0.52/webapps/examples
> Feb 28, 2014 4:12:21 PM org.apache.catalina.startup.HostConfig
> deployDirectory
> INFO: Deploying web application directory 
> /export/home/tester/apache-tomcat-7.0.52/webapps/ROOT
> Feb 28, 2014 4:12:21 PM org.apache.catalina.startup.HostConfig
> deployDirectory
> INFO: Deploying web application directory 
> /export/home/tester/apache-tomcat-7.0.52/webapps/host-manager
> Feb 28, 2014 4:12:22 PM org.apache.coyote.AbstractProtocol start
> INFO: Starting ProtocolHandler ["http-bio-8080"] Feb 28, 2014 4:12:22 
> PM org.apache.coyote.AbstractProtocol start
> INFO: Starting ProtocolHandler ["ajp-bio-8009"] Feb 28, 2014 4:12:22 
> PM org.apache.catalina.startup.Catalina start
> INFO: Server startup in 10031 ms
> Mar 01, 2014 2:00:50 AM org.apache.coyote.AbstractProtocol pause
> INFO: Pausing ProtocolHandler ["http-bio-8080"] Mar 01, 2014 2:00:50 
> AM org.apache.coyote.AbstractProtocol pause
> INFO: Pausing ProtocolHandler ["ajp-bio-8009"] Mar 01, 2014 2:00:50 AM 
> org.apache.catalina.core.StandardService
> stopInternal
> INFO: Stopping service Catalina
> Mar 01, 2014 2:00:50 AM org.apache.coyote.AbstractProtocol stop
> INFO: Stopping ProtocolHandler ["http-bio-8080"] Mar 01, 2014 2:00:50 
> 

Re: tomcat 6 refuses mod_jk connections after server runs for a couple of days

[Daniel Mikusa]

On Mar 4, 2014, at 6:32 AM, Rainer Jung  wrote:

> On 27.02.2014 23:06, Isaac Gonzalez wrote:
>> Hi Christopher(and Konstantin), attached is a couple of thread dumps of when 
>> we experienced the issue again today. I also noticed we get this message 
>> right before the problem occurs:  
>> Feb 27, 2014 12:47:15 PM 
>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run
>> SEVERE: Caught exception (java.lang.OutOfMemoryError: unable to create new 
>> native thread) executing 
>> org.apache.jk.common.ChannelSocket$SocketAcceptor@177ddea, terminating thread
> 
> Is it a 32Bit system? You have 2GB of heap plus Perm plus native memory
> needed by the process plus thread stacks. Not unlikely, that you ran out
> of memory address space for a 32 bit process.
> 
> The only fixes would then be:
> 
> - switch to a 64 bit system
> 
> - reduce heap if the app can work with less
> 
> - improve performance or eliminate bottlenecks so that the app works
> with less threads
> 
> - limit you connector thread pool size. That will still mean that if
> requests begin to queue because of performance problems, the web server
> can't create additional connections, but you won't get in an irregular
> situation as you experience now. In that case you would need to
> configure a low idle timeout for the connections on the JK and TC side.

It may also be possible to lower the thread stack size with the -Xss option.

  http://www.oracle.com/technetwork/java/hotspotfaq-138619.html#threads_oom

Might buy you some room for a few additional threads.

Dan

> 
> Regards,
> 
> Rainer
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Shutdown port on Windows Service installation

[David kerber]

I am running several instances of TC 7 as services on a Windows Server 
2008 R2.  Each instance has its own set of ports, and I have both the 
data port and shutdown ports configured in server.xml.  They are 
currently running only HTTP.


My questions:

1.  Does the shutdown port serve any purpose on a windows service 
installation?  I thought I had read that it did not, but some searching 
didn't turn up a definitive answer.


2.  I may need to start using HTTPS for my data transfer for at least 
one of the instances.  If that instance is going to allow only HTTPS 
(and not HTTP), can I just make the current HTTP port into HTTPS?  Or do 
I need to configure an additional port?  If I need an additional port, 
and the shutdown port isn't needed, I could just turn the shutdown port 
into the HTTPS port, right?


I understand that there are significant configuration changes needed for 
HTTPS, and will be back if I run into issues with it, but for now I'm 
only asking about the TCP ports.


Thanks!
Dave

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat JDBC Connection Pool Resource Name Issue

[Daniel Mikusa]

On Mar 3, 2014, at 7:04 PM, Scott Dudley  wrote:

> 
> I'm using the Tomcat JDBC connection pool on apache-tomcat-7.0.30.
> 
> My context xml resource name is as follows:
> 
>  
> When running under Tomcat, calling ConnectionPool.getName() from my custom 
> JdbcInterceptor returns "Tomcat Connection Pool[1-992158371]”.  

This appears to be the default name used by the pool.

  
https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PoolProperties.java

> Under JSE (a stand-alone main), it returns the expected value "jdbc/mypool”.

How are you configuring it?  Did you call “setName” when configuring it?

> Why is my resource name ignored or otherwise not used when running under the 
> container?

This seems to be the default behavior for jdbc-pool.  Have you tried setting 
the “object_name” attribute to “jdbc/mypool” on your Resource tag?  Looking at 
the DataSourceFactory code, this seems to call “setName” with that value.

https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/DataSourceFactory.java

Dan


> 
> Thanks.
> 
> -- 
> 
> Scott Dudley | Senior Developer
> 
> Telesoft | 1661 E. Camelback Road, Suite 300 | Phoenix, AZ 85016
> P: 602.308.1115 | F: 602.308.1300 | W: www.telesoft.com 
> 
> 
> TEM Edge Blog 
> 
>  | LinkedIn  | Twitter 
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat 6 refuses mod_jk connections after server runs for a couple of days

[Rainer Jung]

On 27.02.2014 23:06, Isaac Gonzalez wrote:
> Hi Christopher(and Konstantin), attached is a couple of thread dumps of when 
> we experienced the issue again today. I also noticed we get this message 
> right before the problem occurs:  
> Feb 27, 2014 12:47:15 PM 
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run
> SEVERE: Caught exception (java.lang.OutOfMemoryError: unable to create new 
> native thread) executing 
> org.apache.jk.common.ChannelSocket$SocketAcceptor@177ddea, terminating thread

Is it a 32Bit system? You have 2GB of heap plus Perm plus native memory
needed by the process plus thread stacks. Not unlikely, that you ran out
of memory address space for a 32 bit process.

The only fixes would then be:

- switch to a 64 bit system

- reduce heap if the app can work with less

- improve performance or eliminate bottlenecks so that the app works
with less threads

- limit you connector thread pool size. That will still mean that if
requests begin to queue because of performance problems, the web server
can't create additional connections, but you won't get in an irregular
situation as you experience now. In that case you would need to
configure a low idle timeout for the connections on the JK and TC side.

Regards,

Rainer


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Use javax.ws.rs.core.Application from embedded Tomcat 7

[Apyrael]

Hi

I am using the following:

Tomcat 7.0.52
Windows 7
IntelliJ 13 Ultimate
JUnit 4.11
Jersey 2.5.1
Maven

My REST Api makes minimal use of the web.xml file and instead I
extended the javax.ws.rs.core.Application class with my own class.

@ApplicationPath("/")
public class RestApiApplication extends Application {

/**
 * Get a set of root resource, provider and {@link
javax.ws.rs.core.Feature feature} classes.
 *
 * @return a set of root resource and provider classes. Returning
{@code null}
 * is equivalent to returning an empty set.
 */
@Override
public Set> getClasses() {

System.out.print("*\n\n\n\n\n\n**\n\n\n*");
final Set> resourceClasses = new HashSet>();

// api classes
resourceClasses.add(SendFileToUsers.class);

// required for jason
resourceClasses.add(JacksonJsonProvider.class);

// required for multipart form uploads
resourceClasses.add(MultiPartFeature.class);
return resourceClasses;
}
}


I am trying to do some integration testing using the embedded tomcat
7. Everything seems to be working except that I cannot figure out how
to tell tomcat to use my RestApiApplication class. When I deploy to an
instance of tomcat it automatically scans and finds this class and the
getClasses() method is called. I do not know how to do this from code.
So far I have this:


 try {
String webappDirLocation = "rest_api/src/main/webapp/";
Tomcat tomcat = new Tomcat();
tomcat.setPort(8080);
tomcat.enableNaming();

Context ctx = tomcat.addWebapp("", new
File(webappDirLocation).getAbsolutePath());
tomcat.start();
tomcat.getServer().await();
} catch (Exception e) {
e.printStackTrace();
}

This starts up my tomcat fine. I just need some help on setting it up
to call the Application getClasses().


Please help.
Richard

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: Assertion failed

[Howard W. Smith, Jr.]

On Mar 4, 2014 2:49 AM, "Dmitry Batiyevskiy" 
wrote:
>
> Howard,
> My connector config is the following (i've already posted that):
>
> maxThreads="15000"
>  enableLookups="false" disableUploadTimeout="true"
>  acceptCount="100" scheme="https" secure="true"
>  SSLEnabled="true"
>  compression="off"
>  SSLCertificateFile="/opt/tomcat/mycompany.com.crt"
>  SSLCertificateKeyFile="/opt/tomcat/mycompany.com.key" />
>

Okay, thanks.

> Also -Dhttps.protocols=TLSv1 option is passed to java machine
>
> The reason for me to use apr connector is https performance, isn't NIO
much
> slower in that?
>

Chris recommended NIO. I'll let him answer your question.

> Regards,
>
> Dmitry Batiyevskiy
>
> Ardas Group Inc.
>
> www.ardas.dp.ua
>
>
> 2014-03-04 2:04 GMT+02:00 Howard W. Smith, Jr. :
>
> > On Mon, Mar 3, 2014 at 11:22 AM, Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > > Dmitry,
> > >
> > > On 3/3/14, 6:06 AM, Dmitry Batiyevskiy wrote:
> > > > Can you advice how we can find the problem in app/environment like
> > > > this? What are possible ways to debug this?
> > >
> > > Honestly, I'd try switching to the NIO connector and resume your
> > > testing. If all is well, it may point to a bug in the APR connector
> > > and/or tcnative itself. If you are having similar problems with the
> > > pure-Java connectors, then the problem is likely something you are
> > > doing in your application that is causing an invalid state. You'll
> > > probably get better information from the Java stack trace than from an
> > > assertion-failure.
> > >
> > > Give that a try and let us know how things go.
> >
> >
> > +1 Chris
> >
> > I have found much /continued/ success using NIO connector across tomcat
and
> > atmosphere versions.
> >

Re: secure reverse proxy to my tomcat server HELP NEEDED

[André Warnier]

Hi.

On this list, it is preferred (strongly) if you do not top-post, but respond in the text 
or below the question.  It just makes it easier to follow what is going on.

I have moved your previous response, to the logival order.

Jeff Haferman wrote:


Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jeff,

On 3/3/14, 5:11 PM, Jeff Haferman wrote:

Yes, for development httpd and tomcat are on the same physical
machine. Eventually they will be on different machines. But, even
if I try browser <--- HTTPS --> httpd <-- HTTP --> Tomcat by just
changing the ProxyPass and ProxyPassReverse directives to use the
unencrypted URLs as follows

 SSLEngine on SSLProxyEngine on 
SSLCertificateFile /path/to/server.crt SSLCertificateKeyFile

/path/to/server.key ServerName my.webserver.com ProxyPass /
http://my.webserver.com:8080/ ProxyPassReverse /
http://my.webserver.com:8080/ 

the reverse proxy still does not serve the tomcat pages as I would
expect.

Given the above setup, what /actually/ happens when you try to request
a resource that should go to Tomcat? "does not serve pages as I
expect" is not a good description.




Oh, and everyone posting NEEDS HELP to it's not necessary to add "HELP
NEEDED" or similar text to your subjects.


> Hi Chris -
> Sorry for the "HELP NEEDED".
>
> What actually happens is that, just for https://my.webserver.com/, I get served the 
pages that are

> at the apache root, *not* what is being served by tomcat at port 8443.
>
> I do get the tomcat pages if I explicitly add the port, i.e. 
https://my.webserver.com:8443/
> So, the reverse proxy seems to be broken for https only.
>
> The reverse proxy works fine for http, i.e. http://my.webserver.com/ gets the tomcat 
pages served

> at http://my.webserver.com:8080/
>

Ok, that is bizarre.  I am sure that we are missing some piece of the puzzle here, because 
if it was a real bug, it would have come out by now.


According to the symptoms, the Apache mod_proxy module either is not activated for that 
HTTPS VirtualHost, or it is activated but decides not to proxy these calls to Tomcat.

Which on the face of it, shouldn't happen.
It could also be that the requests are not being processed by the httpd VirtualHost which 
you think is processing them.  Under Apache httpd, the first configured VirtualHost (from 
top to bottom of the includes-assembled configuration file), is the default host, which 
catches all requests that arrive there, but where the ServerName doesn't match any of the 
configured ones.


Referring to the configuration in your original post, I would try to simplify it, by first 
removing the unnecessary/potentially confusing bits.

I would first remove these sections :
http://my.webserver.com:8080/>
AllowOverride None
Order Deny,Allow
Allow from all

https://my.webserver.com:8443/>
AllowOverride None
Order Deny,Allow
Allow from all


because they are for *forward* proxying, which is not what you are trying to do here (and 
you correctly have "ProxyRequests Off" anyway).

(See http://httpd.apache.org/docs/2.2/mod/mod_proxy.html)

Also, I would remove the "ProxyPreserveHost on" line. See 
"http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost";.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org