Re: Tomcat connection reset
On 02.05.2016 22:10, Gokulnath wrote: Hi, Getting frequent connection reset from the oracle db, there is no firewall or issue with the db. - that last item may be a bit premature - connection reset by whom ? - where exactly do you see this ? (in what logfile.. ?) - can you post the exact message(s) ? The connect resets and unable to connect when for the foray few attempts and then connection but stable with intermittent resets. The above phrase, as it stands, is almost impossible to understand. Can you retry explaining this ? preferably with some real example. Please let me know if anyone has seen a similar issue. I have seen earlier posts for connection resets and the validation query from select dual is not helping either. Running tomcat 6 with sun jdk 6 on rhel 6.7. Precise Tomcat version (6.y.z) would be more helpful. Configuration details of whatever is being used to connect to the Oracle db also. [...] General remark : With a description as vague as the one you provide above, not many people would be able to help. The piece of code which ultimately makes the connection to the Oracle DB, is likely to be an Oracle driver. As per a lot of guesswork - unavoidable due to the paucity of details in your post - if a "connection reset" happens, it is likely to be in the course of executing that code. And it is also likely to be due to some network issues, or issues with the Oracle db server. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 9 Java version required
On 02/05/2016 22:23, Taylor, Larry wrote: > > Hi , > > I downloaded and configured Tomcat 9 - what version of Java does this > version require? http://tomcat.apache.org/whichversion.html Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
re: Tomcat 9 Java version required
Hi , I downloaded and configured Tomcat 9 - what version of Java does this version require? I have installed: java version "1.7.0_95" OpenJDK Runtime Environment (rhel-2.6.4.0.el6_7-x86_64 u95-b00) OpenJDK 64-Bit Server VM (build 24.95-b01, mixed mode) With: JRE_HOME=/usr/mware/jdk1.7.0_17/jre My OS is: Red Hat Enterprise Linux Server release 6.5 (Santiago) 64bit On startup.sh now getting: Exception in thread "main" java.lang.UnsupportedClassVersionError: org/apache/catalina/startup/Bootstrap : Unsupported major.minor version 52.0 at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:791) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at java.net.URLClassLoader.defineClass(URLClassLoader.java:449) at java.net.URLClassLoader.access$100(URLClassLoader.java:71) at java.net.URLClassLoader$1.run(URLClassLoader.java:361) at java.net.URLClassLoader$1.run(URLClassLoader.java:355) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:354) at java.lang.ClassLoader.loadClass(ClassLoader.java:423) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) at java.lang.ClassLoader.loadClass(ClassLoader.java:356) at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:482) thanks for any information. Larry Taylor
Tomcat connection reset
Hi, Getting frequent connection reset from the oracle db, there is no firewall or issue with the db. The connect resets and unable to connect when for the foray few attempts and then connection but stable with intermittent resets. Please let me know if anyone has seen a similar issue. I have seen earlier posts for connection resets and the validation query from select dual is not helping either. Running tomcat 6 with sun jdk 6 on rhel 6.7. -Gokul Sent from iPhone - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat accept count tuning
Tomcat 7.0.47 running on Linux I have started investigating after noticing following messages from "dmesg" output on a production server. "possible SYN flooding on port 28080. Sending cookies." Started looking into this as the connections to this server are timing out (Connect Timeout errors). Upon further investigation, it appears to me that Linux's kernel maintain two different queues one for SYN and one for ESTABLISHED/accept connections. Both are determined by following parameters. $ cat /proc/sys/net/ipv4/tcp_max_syn_backlog 2048 $ cat /proc/sys/net/core/somaxconn 128 Also, it appears that the second parameter (accept count) is determined by the application. For tomcat it defaults to 100. As per this document - http://blog.dubbelboer.com/2012/04/09/syn-cookies.html above two parameters could be tuned to increase the accepted connections. Wondering if Tomcat's "acceptCount" (http://tomcat.apache.org/tomcat-7.0-doc/config/http.html) parameter is related to "somaxconn" for tuning. Thanks in advance for your comments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
8.0.33 unencrypted websockets not generating correct HTTP CONNECT when using proxies?
I am running Tomcat 8.0.33. In my webapp I need to make outbound websocket connections (i.e. be a client endpoint) through a HTTP proxy. Outbound encrypted websockets (wss://foo.bar) work fine, but unencrypted ones (ws://foo.bar) fail. What I am seeing (in WsWebSocketContainer.createProxyRequest()) is that when there is no explicit port in the websocket URL, the container does not put in an explicit port when building the CONNECT string. So both ws://foo.bar and wss://foo.bar turn into CONNECT foo.bar HTTP/1.1 [etc] The proxy (reasonably, IMHO) assumes that a connect request with no explicit port is going to port 443 on the destination host, and thus the failure. (And of course, if the proxy assumed no explicit port meant port 80, then the problem would simply be happening in the opposite way where ws:// would work but wss:// would not). If I add an explicit port to the ws:// URL (so ws://foo.bar:80) then the websocket works fine through the proxy. By contrast, Tyrus always puts an explicit port number in the CONNECT request even when the ws:// and wss:// URLs do not have explicit port numbers. I've been looking at RFC 6455 and to my reading it says that a websocket client should include the port when asking the proxy to make a connection to the ultimate destination host. Is this a known bug? An acceptable difference in interpretation of the RFC? -- Rich Carreiro rlc...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat connector settings
Chris, I ultimately want to have a Tomcat application protected by our university's system for authentication, which is SiteMinder. They have told me that they can't protect Tomcat directly, but if user communications can be passed through a web server then they can protect the server with SiteMinder. I have a working Tomcat application if I uncomment the non-SSL HTTP/1.1 protocol in the Tomcat, but I believe I need all communication to pass through the Apache web server. Let me know if you need more information and, if so, what that would be. Thanks, Mike -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, April 29, 2016 9:14 PM To: Tomcat Users ListSubject: Re: Tomcat connector settings -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 4/29/16 4:25 PM, Michael Fox wrote: > I have an Apache web server(2.4.6) which is accessible at http or > https at DNS_hostname, and a Tomcat server (9.0.0.M1)with an > application available at DNS_hostname:8080/app_name. > > I then disabled the non-SSL HTTP/1.1 connector on port 8080 and > enabled HTTP/2 in the Tomcat server.xml, using the certificate key > file and certificate where generated using the openssl (1.0.2g) > commands and used on the Apache web server. > > The Apache ssl.conf file is set to listen on port 8443 for https, and > the only virtual host is set for IP_address:8443 and servername set to > DNS_hostname > > In the file /etc/httpd/conf/workers.properties, > worker.worker1.host is set to DNS_hostname and worker.worker1.port is > set to 8443. > > Netstat -tamp shows httpd listening on port 8443 and java listening on > port 8009. > > Are these settings proper and correct? It doesn't look like it. > What should the URL look like in order to access the Tomcat > application via Apache? That depends upon what you are actually trying to do. > Any help and/or guidance would most appreciated. You have an HTTPS server listening on port 443 (httpd). You have mod_jk (workers.properties) configured to connect to host:8443 (which is the same host listening for HTTPS requests on port 8443) using AJP13 (not HTTP). So, if a client makes a call to host:8443, mod_jk will proxy the request through to host:8443. If the protocol were correct (it isn't), you'd have an infinite loop of request s. Can you explain what you are actually trying to do and maybe we can help ? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlckBuQACgkQ9CaO5/Lv0PCD7ACeK1EIVKHIImbX0XFqGgZrrnbe Ng8Ani4YEpoSQO5ySueAGuTg+UrdAAYP =3AaB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Locky Attack
I can't say how I "have dealt" with it. Only how I plan to in case it hits: Restore backups, educate colleagues. If it hasn't hit yet, there's an argument to have watchdogs that watch out for suspicious massive file changes on file servers. But I'm not sure if they already exist, and if they're able to signal the infected client to shut down immediately. The time is over where people can be ignorant about attacks - "What would they want from me?" - the answer nowadays is: "Your money". And it's real. As I like to state when I'm in system administration trainings: You are only allowed to call something a backup, if you've *recently* *demonstrated* that you're able to *restore* to a totally new system with what you intend to call a backup. Otherwise it's a random set of data, copied from your live system, not a backup. Olaf Am 02.05.2016 um 15:18 schrieb Thess Bermudez: > Hi, > > Has anyone been attacked by a ransomware named Locky? Our company was hit > with the encryption of the js files running in our Apache Tomcat 7.0. Good > thing that we have daily app backups that made us not give in to the > "ransom" requirement. We also reinstalled everything in our server.. > Databases are intact but the corrupted/encrypted webapp files were replaced > by files with .locky extension. > > Would appreciate if anyone can share similar experience and how you've > dealt with it. > > Thank you, > > Thess > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Locky Attack
How did they get in? what security hole was used there? On 2 May 2016 at 15:18, Thess Bermudezwrote: > Hi, > > Has anyone been attacked by a ransomware named Locky? Our company was hit > with the encryption of the js files running in our Apache Tomcat 7.0. Good > thing that we have daily app backups that made us not give in to the > "ransom" requirement. We also reinstalled everything in our server.. > Databases are intact but the corrupted/encrypted webapp files were replaced > by files with .locky extension. > > Would appreciate if anyone can share similar experience and how you've > dealt with it. > > Thank you, > > Thess > -- Johan Compagner Servoy
Locky Attack
Hi, Has anyone been attacked by a ransomware named Locky? Our company was hit with the encryption of the js files running in our Apache Tomcat 7.0. Good thing that we have daily app backups that made us not give in to the "ransom" requirement. We also reinstalled everything in our server.. Databases are intact but the corrupted/encrypted webapp files were replaced by files with .locky extension. Would appreciate if anyone can share similar experience and how you've dealt with it. Thank you, Thess
Re: Apache Tomcat8 blocked once reached max thread(s) count
On 5/2/2016 3:33 AM, Kapilan A wrote: Hi Folks I am facing one issue with Apache Tomcat 8. In 32 GB machine, four instances of tomcat is running and every tomcat has memory as 512-1024. In the SQl server, a particular table called "MetaData". Third party engine will post a http request through tomcat. it accepts max thread as 150. Savings will happen in MetaData table which is around 8 million records. After 12 hours continuously posting, then one of the tomcat is freeze. Its not accepting any more connections from third party Without knowing anything about your app, I'd guess you have a statement or connection leak, causing the db to not accept any more connections. and not creating sql connections too. What kind of optimum configurations should i follow up in production machine ? Please guide me to solve this problem soon. Thanks & Regards Kapilan A - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat8 blocked once reached max thread(s) count
On 02/05/2016 08:33, Kapilan A wrote: > I am facing one issue with Apache Tomcat 8. Which version? > After 12 hours continuously posting, then one of the tomcat is freeze. Its > not accepting any more connections from third party What do the logs show? What about a thread dump? Ideally, you should take 3 thread dumps ~15s apart and compare them. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache Tomcat8 blocked once reached max thread(s) count
Hi Folks I am facing one issue with Apache Tomcat 8. In 32 GB machine, four instances of tomcat is running and every tomcat has memory as 512-1024. In the SQl server, a particular table called "MetaData". Third party engine will post a http request through tomcat. it accepts max thread as 150. Savings will happen in MetaData table which is around 8 million records. After 12 hours continuously posting, then one of the tomcat is freeze. Its not accepting any more connections from third party and not creating sql connections too. What kind of optimum configurations should i follow up in production machine ? Please guide me to solve this problem soon. Thanks & Regards Kapilan A