Re: Tomcat connection reset

[tomcat]

On 02.05.2016 22:10, Gokulnath wrote:

Hi,


Getting frequent connection reset from the oracle db, there is no firewall or 
issue with the db.


- that last item may be a bit premature
- connection reset by whom ?
- where exactly do you see this ? (in what logfile.. ?)
- can you post the exact message(s) ?



The connect resets and unable to connect when for the foray few attempts and 
then connection but stable with intermittent resets.



The above phrase, as it stands, is almost impossible to understand. Can you retry 
explaining this ? preferably with some real example.



Please let me know if anyone has seen a similar issue.

I have seen earlier posts for connection resets and the validation query from 
select dual is not helping either.

Running tomcat 6 with sun jdk 6 on rhel 6.7.


Precise Tomcat version (6.y.z) would be more helpful.
Configuration details of whatever is being used to connect to the Oracle db 
also.

[...]

General remark :
With a description as vague as the one you provide above, not many people would be able to 
help.  The piece of code which ultimately makes the connection to the Oracle DB, is likely 
to be an Oracle driver. As per a lot of guesswork - unavoidable due to the paucity of 
details in your post - if a "connection reset" happens, it is likely to be in the course 
of executing that code. And it is also likely to be due to some network issues, or issues 
with the Oracle db server.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 9 Java version required

[Mark Thomas]

On 02/05/2016 22:23, Taylor, Larry wrote:
> 
> Hi ,
> 
> I downloaded and configured Tomcat 9  - what version of Java does this 
> version require?

http://tomcat.apache.org/whichversion.html

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

re: Tomcat 9 Java version required

[Taylor, Larry]

Hi ,

I downloaded and configured Tomcat 9  - what version of Java does this version 
require?

I have installed:
java version "1.7.0_95"
OpenJDK Runtime Environment (rhel-2.6.4.0.el6_7-x86_64 u95-b00)
OpenJDK 64-Bit Server VM (build 24.95-b01, mixed mode)



With:



JRE_HOME=/usr/mware/jdk1.7.0_17/jre



My OS is:  Red Hat Enterprise Linux Server release 6.5 (Santiago) 64bit

On startup.sh  now getting:

Exception in thread "main" java.lang.UnsupportedClassVersionError: 
org/apache/catalina/startup/Bootstrap : Unsupported major.minor version 52.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:791)
at 
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:423)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:356)
at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:482)

thanks for any information.

Larry Taylor

Tomcat connection reset

[Gokulnath]

Hi,


Getting frequent connection reset from the oracle db, there is no firewall or 
issue with the db.

The connect resets and unable to connect when for the foray few attempts and 
then connection but stable with intermittent resets.

Please let me know if anyone has seen a similar issue.

I have seen earlier posts for connection resets and the validation query from 
select dual is not helping either.

Running tomcat 6 with sun jdk 6 on rhel 6.7.

-Gokul

Sent from iPhone
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat accept count tuning

[Rallavagu]

Tomcat 7.0.47 running on Linux

I have started investigating after noticing following messages from 
"dmesg" output on a production server.



"possible SYN flooding on port 28080. Sending cookies."

Started looking into this as the connections to this server are timing 
out (Connect Timeout errors). Upon further investigation, it appears to 
me that Linux's kernel maintain two different queues one for SYN and one 
for ESTABLISHED/accept connections. Both are determined by following 
parameters.


$ cat /proc/sys/net/ipv4/tcp_max_syn_backlog
2048

$ cat /proc/sys/net/core/somaxconn
128

Also, it appears that the second parameter (accept count) is determined 
by the application. For tomcat it defaults to 100. As per this document 
- http://blog.dubbelboer.com/2012/04/09/syn-cookies.html above two 
parameters could be tuned to increase the accepted connections. 
Wondering if Tomcat's "acceptCount" 
(http://tomcat.apache.org/tomcat-7.0-doc/config/http.html) parameter is 
related to "somaxconn" for tuning.


Thanks in advance for your comments.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

8.0.33 unencrypted websockets not generating correct HTTP CONNECT when using proxies?

[Rich Carreiro]

I am running Tomcat 8.0.33.  In my webapp I need to make outbound
websocket connections (i.e. be a client endpoint) through a HTTP proxy.

Outbound encrypted websockets (wss://foo.bar) work fine, but
unencrypted ones (ws://foo.bar) fail.

What I am seeing (in WsWebSocketContainer.createProxyRequest())
is that when there is no explicit port in the websocket URL, the container
does not put in an explicit port when building the CONNECT string.

So both ws://foo.bar and wss://foo.bar turn into
CONNECT foo.bar HTTP/1.1 [etc]

The proxy (reasonably, IMHO) assumes that a connect request
with no explicit port is going to port 443 on the destination host,
and thus the failure.  (And of course, if the proxy assumed no
explicit port meant port 80, then the problem would simply
be happening in the opposite way where ws:// would work
but wss:// would not).

If I add an explicit port to the ws:// URL (so ws://foo.bar:80) then
the websocket works fine through the proxy.

By contrast, Tyrus always puts an explicit port number in the
CONNECT request even when the ws:// and wss:// URLs do not
have explicit port numbers.

I've been looking at RFC 6455 and to my reading it says that a
websocket client should include the port when asking the proxy
to make a connection to the ultimate destination host.

Is this a known bug?  An acceptable difference in interpretation
of the RFC?

-- 
Rich Carreiro rlc...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat connector settings

[Michael Fox]

Chris,

I ultimately want to have a Tomcat application protected  by our university's 
system for authentication, which is SiteMinder.  They have told me that they 
can't protect Tomcat directly, but if user communications can be passed through 
a web server then they can protect the server with SiteMinder.  I have a 
working Tomcat application if I uncomment the non-SSL HTTP/1.1 protocol in the 
Tomcat, but I believe I need all communication to pass through the Apache web 
server.  Let me know if you need more information and, if so, what that would 
be.

Thanks,
Mike

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Friday, April 29, 2016 9:14 PM
To: Tomcat Users List 
Subject: Re: Tomcat connector settings

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Michael,

On 4/29/16 4:25 PM, Michael Fox wrote:
> I have an Apache web server(2.4.6) which is accessible at http or 
> https at DNS_hostname, and a Tomcat server (9.0.0.M1)with an 
> application available at DNS_hostname:8080/app_name.
> 
> I then disabled the non-SSL HTTP/1.1 connector on port 8080 and 
> enabled HTTP/2 in the Tomcat server.xml, using the certificate key 
> file and certificate where generated using the openssl (1.0.2g) 
> commands and used on the Apache web server.
> 
> The Apache ssl.conf file is set to listen on port 8443 for https, and 
> the only virtual host is set for IP_address:8443 and servername set to 
> DNS_hostname
> 
> In the file /etc/httpd/conf/workers.properties,
> worker.worker1.host is set to DNS_hostname and worker.worker1.port is 
> set to 8443.
> 
> Netstat -tamp shows httpd listening on port 8443 and java listening on 
> port 8009.
> 
> Are these settings proper and correct?

It doesn't look like it.

> What should the URL look like in order to access the Tomcat 
> application via Apache?

That depends upon what you are actually trying to do.

> Any help and/or guidance would most appreciated.

You have an HTTPS server listening on port 443 (httpd).
You have mod_jk (workers.properties) configured to connect to
host:8443 (which is the same host listening for HTTPS requests on port
8443) using AJP13 (not HTTP). So, if a client makes a call to host:8443, mod_jk 
will proxy the request through to host:8443. If the protocol were correct (it 
isn't), you'd have an infinite loop of request s.

Can you explain what you are actually trying to do and maybe we can help ?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlckBuQACgkQ9CaO5/Lv0PCD7ACeK1EIVKHIImbX0XFqGgZrrnbe
Ng8Ani4YEpoSQO5ySueAGuTg+UrdAAYP
=3AaB
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Locky Attack

[Olaf Kock]

I can't say how I "have dealt" with it. Only how I plan to in case it
hits: Restore backups, educate colleagues. If it hasn't hit yet, there's
an argument to have watchdogs that watch out for suspicious massive file
changes on file servers. But I'm not sure if they already exist, and if
they're able to signal the infected client to shut down immediately.

The time is over where people can be ignorant about attacks - "What
would they want from me?" - the answer nowadays is: "Your money". And
it's real.

As I like to state when I'm in system administration trainings: You are
only allowed to call something a backup, if you've *recently*
*demonstrated* that you're able to *restore* to a totally new system
with what you intend to call a backup. Otherwise it's a random set of
data, copied from your live system, not a backup.

Olaf

Am 02.05.2016 um 15:18 schrieb Thess Bermudez:
> Hi,
>
> Has anyone been attacked by a ransomware named Locky? Our company was hit
> with the encryption of the js files running in our Apache Tomcat 7.0. Good
> thing that we have daily app backups that made us not give in to the
> "ransom" requirement. We also reinstalled everything in our server..
> Databases are intact but the corrupted/encrypted webapp files were replaced
> by files with .locky extension.
>
> Would appreciate if anyone can share similar experience and how you've
> dealt with it.
>
> Thank you,
>
> Thess
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Locky Attack

[Johan Compagner]

How did they get in?
what security hole was used there?


On 2 May 2016 at 15:18, Thess Bermudez  wrote:

> Hi,
>
> Has anyone been attacked by a ransomware named Locky? Our company was hit
> with the encryption of the js files running in our Apache Tomcat 7.0. Good
> thing that we have daily app backups that made us not give in to the
> "ransom" requirement. We also reinstalled everything in our server..
> Databases are intact but the corrupted/encrypted webapp files were replaced
> by files with .locky extension.
>
> Would appreciate if anyone can share similar experience and how you've
> dealt with it.
>
> Thank you,
>
> Thess
>



-- 
Johan Compagner
Servoy

Locky Attack

[Thess Bermudez]

Hi,

Has anyone been attacked by a ransomware named Locky? Our company was hit
with the encryption of the js files running in our Apache Tomcat 7.0. Good
thing that we have daily app backups that made us not give in to the
"ransom" requirement. We also reinstalled everything in our server..
Databases are intact but the corrupted/encrypted webapp files were replaced
by files with .locky extension.

Would appreciate if anyone can share similar experience and how you've
dealt with it.

Thank you,

Thess

Re: Apache Tomcat8 blocked once reached max thread(s) count

[David kerber]

On 5/2/2016 3:33 AM, Kapilan A wrote:

Hi Folks

I am facing one issue with Apache Tomcat 8.



In 32 GB machine, four instances of tomcat is running and every tomcat has
memory as 512-1024.



In the SQl server, a particular table called "MetaData".



Third party engine will post a http request through tomcat. it accepts max
thread as 150. Savings will happen in MetaData table which is around 8
million records.



After 12 hours continuously posting, then one of the tomcat is freeze. Its
not accepting any more connections from third party


Without knowing anything about your app, I'd guess you have a statement 
or connection leak, causing the db to not accept any more connections.





and not creating sql connections too.



What kind of optimum configurations should i follow up in production machine
?



Please guide me to solve this problem soon.





Thanks & Regards



Kapilan A





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat8 blocked once reached max thread(s) count

[Mark Thomas]

On 02/05/2016 08:33, Kapilan A wrote:
> I am facing one issue with Apache Tomcat 8.

Which version?



> After 12 hours continuously posting, then one of the tomcat is freeze. Its
> not accepting any more connections from third party 

What do the logs show?

What about a thread dump? Ideally, you should take 3 thread dumps ~15s
apart and compare them.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Apache Tomcat8 blocked once reached max thread(s) count

[Kapilan A]

Hi Folks

I am facing one issue with Apache Tomcat 8.



In 32 GB machine, four instances of tomcat is running and every tomcat has
memory as 512-1024.

 

In the SQl server, a particular table called "MetaData".

 

Third party engine will post a http request through tomcat. it accepts max
thread as 150. Savings will happen in MetaData table which is around 8
million records.

 

After 12 hours continuously posting, then one of the tomcat is freeze. Its
not accepting any more connections from third party 

and not creating sql connections too.

 

What kind of optimum configurations should i follow up in production machine
?

 

Please guide me to solve this problem soon.

 

 

Thanks & Regards

 

Kapilan A