Re: Certificate issued by GeoTrust Global CA is not appearing at client browser's side
Hello, It works. Thanks. markt-2 wrote: On 17/11/2011 16:48, rosiere wrote: Hello, Thanks for your hint. I made a copy of my keystore. Then I changed alias: my private key now uses the alias mykey. I changed our certificate's alias to tomcat, by keytool's -changealias command. Now this is my certificate (the third one that differs from INTER and ROOT) Alias name: tomcat Entry type : trustedCertEntry Owner : CN=$myCN OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)11, OU=$myOrganizationalUnit, O=$myOrganization, C=FR, SERIALNUMBER=$mySerialNumber Issuer : CN=RapidSSL CA, O=GeoTrust, Inc., C=US In my server.xml I changed keyAlias from tomcat to mykey and referenced the new keystore file. However at last I still could not show GeoTrust or RapidSSL as certificate issuer when I browsed to Tomcat welcome page. The certificate returned to my web browser was still a self-signed one. Do I have to rebuild my keystore from scratch and request another certificate from our CA, just because of a mistake in my old alias? No. Try the following. 1. Take copies of everything. 2. Delete everything from the keystore apart from the private key. 3. Ensure the private key has the alias tomcat. 4. Import the CA cert and the intermediate as you did before. 5. Import your new cert *using the alias tomcat*. Yes I know this is the same as the private key. No, it isn't a mistake. 6. Configure your server.xml to use the alias tomcat. Mark markt-2 wrote: On 17/11/2011 15:26, rosiere wrote: My colleagues concluded that all the necessary certificates were imported, but none was actually used by Tomcat. Wrong. When you imported your new certificate, you should have specified tomcat as the alias rather than $myAlias. I suggest you take some backups of your key stores in case you mess things up and then try again. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Certificate-issued-by-GeoTrust-Global-CA-is-not-appearing-at-client-browser%27s-side-tp32855051p32870249.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JvmRoute must be unique?
Il 18/11/2011 16:09, Christopher Schultz ha scritto: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 a. on node01, jvmroute=istance01_node01 and instance02_node01 for instance01 and istance02, respectively; b. on node01, jvmroute=istance01_node02 and instance02_node02 for instance01 and istance02, respectively. I see a lot of typos istance instead of instance. Are you sure you have everything spelled correctly in your configuration? Yes, instances reported here were just for an example. istance were a missplelled... So my Apache configuration for stickysession is as follow: - ProxyPass /myApp/ balancer://balance-this/myApp/ Proxy balancer://balance-this BalancerMember ajp://node01:10505 route=instance01_node01 BalancerMember ajp://node01:10505 route=instance02_node01 BalancerMember ajp://node02:10505 route=instance01_node02 BalancerMember ajp://node02:10505 route=instance02_node02 ProxySet stickysession=JSESSIONID nofailover=On/Proxy - And this works fine! Good. BUT, if I have jvmroute parameter configured with the same value for all my tomcat instance (e.g. jvmroute=myRoute) and so apache configured as follow [...] it still works!!! I do not lose my session! Why??? Have to jvmroute be unique or not??? That's probably because you are only being directed to a single Tomcat backend. mod_proxy_ajp probably picks the first worker that matches the jvmRoute and it doesn't care that they are all the same. If you run a load test against the cluster, I suspect that you'll end up with 100% of the load going to a single Tomcat backend. Exactly, I ran more load test and all end up on the first tomcat instance Thanks for the reply. Francesco. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7GdREACgkQ9CaO5/Lv0PBALQCeO3zJLwIYGo9E9zxkCPlt52ld QwMAn2O4DKFQqtflvsWZPoa4XnLybJsO =7T22 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- -- Francesco Sordillo CINECA - System and Technologies Department e-mail: f.sordi...@cineca.it phone: (0039) 051 6171 874 - CINECA - Inter University Computing Center via Magnanelli 6/3 Casalecchio di Reno - 40033 - (BO) www.cineca.it - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to get the tomcat internal log out?
Hello all: I compile tomcat 5.5.30 and import it to eclipse as a project, to research how the tomcat load class , I need to view the running log ,after reading through this post(http://tomcat.apache.org/tomcat-5.5-doc/logging.html) and adding below log4j.properties to the direcotry 'common/classes' and log4j-1.26.jar to common/lib, logs turned out not to be generated when I debug the tomcat starting from class Catalina. No idea about it, I've tried many times.log4j.rootLogger=DEBUG,R log4j.appender.R=org.apache.log4j.RollingFileAppender log4j.appender.R.File=k:\\logs\\tomcat.log log4j.appender.R.MaxFileSize=10MB log4j.appender.R.MaxBackupIndex=10 log4j.appender.R.layout=org.apache.log4j.PatternLayout log4j.appender.R.layout.ConversionPattern=%p%t%c-%m%n log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost]=DEBUG, R log4j.logger.org.apache.catalina.core=DEBUG, R log4j.logger.org.apache.catalina.session=DEBUG, R And the program parameter I use is 'start', vm parameter is '-Dcatalina.home="I:\My Documents\program\java\projects\eclipse\mye9.0\TOMCAT_5_5_30\mybuild-5.5.30"' Any ideas? Thanks Kurt Xu
Re: where to put static files?
S Ahmed wrote: I have a spring project (web app), in my project where should I be putting my static files like images/css/javascript? In my WEB-INF like: /WEB-INF/Assets {images/css/js} I know when I go in production I will have nginx map to this folder to serve the static files, which, as far as I understand your planned setup, would be a really bad idea. See the note in bold here : http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html This is also applicable for other front-end webservers. but I just want to know where I can put them for development/testing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Connection pooling issue with MySQLNonTransientConnectionException and Java webapp
Hello I don't think this is a Tomcat issue but I thought I would post here just in case. I have a Java, JSP and MySQL application running under Apache Tomcat 6.0.26 which I've been testing with JMeter. What I find is that for a simple test having 10 users logging in and displaying a JSP which is populated from several database reads, everything is fine. But when I increase the number of users in JMeter to 20+, logging in starts to fail with HTTP request 500. Checking the logs I find that I am getting large numbers of MySQLNonTransientConnectionExceptions as follows: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server. Attempted reconnect 3 times. Giving up. So this indicates that there's an issue either with the connection pooling through Apache Tomcat 6.0.26 or MySQL Community Server 5.X. The relevant part of the application's context.xml file in the project reads as follows: Resource auth=Container driverClassName=com.mysql.jdbc.Driver logAbandoned=true maxActive=-1 maxIdle=30 maxWait=1 minEvictableIdleTimeMillis=3 name=jdbc/myApp numTestsPerEvictionRun=5 password=XX removeAbandoned=true removeAbandonedTimeout=120 testOnBorrow=true testOnReturn=false testWhileIdle=true timeBetweenEvictionRunsMillis=-1 type=javax.sql.DataSource url=jdbc:mysql://localhost:3306/myApp?autoReconnect=true username=XX validationQuery=select 1/ I've set maxActive above to -1 on the understanding that this is unlimited. I think that the MySQL error is because MySQL is refusing the connections. Am I correct here? Can anyone suggest a workaround or advise? Typically, my database operations are as follows: // Gets an ArrayList of Datasets. public static ArrayListDataset getDatasets() { ConnectionPool_DB pool = ConnectionPool_DB.getInstance(); Connection connection = pool.getConnection(); PreparedStatement ps = null; ResultSet rs = null; String query = (SELECT * + FROM Dataset + WHERE Active = ' + Valid.TRUE + ';); try { ps = connection.prepareStatement(query); rs = ps.executeQuery(); ArrayListDataset datasets = new ArrayListDataset(); while (rs.next()) { datasets.add(mapDataset(rs)); } return datasets; } catch(Exception ex) { logger.error(Error getting list of Datasets\n, ex); return null; } finally { Database_Utils.closeResultSet(rs); Database_Utils.closeStatement(ps); pool.freeConnection(connection); } } And there can be quite a few of these per page. Thanks Martin O'Shea - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: where to put static files?
On 21 Nov 2011, at 03:15, S Ahmed sahmed1...@gmail.com wrote: I have a spring project (web app), in my project where should I be putting my static files like images/css/javascript? In my WEB-INF like: /WEB-INF/Assets {images/css/js} You can't serve files directly from WEB-INF. I know when I go in production I will have nginx map to this folder to serve the static files, but I just want to know where I can put them for development/testing. How about somewhere sensible? /images /scripts /styles p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp
On 21 Nov 2011, at 09:28, app...@dsl.pipex.com app...@dsl.pipex.com wrote: Hello I don't think this is a Tomcat issue but I thought I would post here just in case. I have a Java, JSP and MySQL application running under Apache Tomcat 6.0.26 which I've been testing with JMeter. What I find is that for a simple test having 10 users logging in and displaying a JSP which is populated from several database reads, everything is fine. But when I increase the number of users in JMeter to 20+, logging in starts to fail with HTTP request 500. Checking the logs I find that I am getting large numbers of MySQLNonTransientConnectionExceptions as follows: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server. Attempted reconnect 3 times. Giving up. So this indicates that there's an issue either with the connection pooling through Apache Tomcat 6.0.26 or MySQL Community Server 5.X. The relevant part of the application's context.xml file in the project reads as follows: Resource auth=Container driverClassName=com.mysql.jdbc.Driver logAbandoned=true maxActive=-1 maxIdle=30 maxWait=1 minEvictableIdleTimeMillis=3 name=jdbc/myApp numTestsPerEvictionRun=5 password=XX removeAbandoned=true removeAbandonedTimeout=120 testOnBorrow=true testOnReturn=false testWhileIdle=true timeBetweenEvictionRunsMillis=-1 type=javax.sql.DataSource url=jdbc:mysql://localhost:3306/myApp?autoReconnect=true username=XX validationQuery=select 1/ I've set maxActive above to -1 on the understanding that this is unlimited. I think that the MySQL error is because MySQL is refusing the connections. Am I correct here? Can anyone suggest a workaround or advise? Typically, my database operations are as follows: // Gets an ArrayList of Datasets. public static ArrayListDataset getDatasets() { ConnectionPool_DB pool = ConnectionPool_DB.getInstance(); Connection connection = pool.getConnection(); Usually the connection is initialised as null and then assigned inside the try block. What happens if the method above throws an error after a connection is removed from the pool? p PreparedStatement ps = null; ResultSet rs = null; String query = (SELECT * + FROM Dataset + WHERE Active = ' + Valid.TRUE + ';); try { ps = connection.prepareStatement(query); rs = ps.executeQuery(); ArrayListDataset datasets = new ArrayListDataset(); while (rs.next()) { datasets.add(mapDataset(rs)); } return datasets; } catch(Exception ex) { logger.error(Error getting list of Datasets\n, ex); return null; } finally { Database_Utils.closeResultSet(rs); Database_Utils.closeStatement(ps); pool.freeConnection(connection); } } And there can be quite a few of these per page. Thanks Martin O'Shea - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: APR SSL error: Socket bind failed: [98] Address already in use
On 21 Nov 2011, at 02:44, Eric Kemp cruisingat90...@gmail.com wrote: Below is my entire server.xml (minus commented lines) ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SecretCommand Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 URIEncoding=UTF-8 redirectPort=8443 / !-- Adding the connector below causes the Socket bind failed: [98] Address already in use error to appear in catalina.out... and https does not work. -- What happens if you use 8444 instead? p Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS SSLEnabled=true SSLCertificateKeyFile=/etc/apache2/ssl/myDomain.com.key SSLCACertificateFile=/etc/apache2/ssl/myDomain.com.ca.crt / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine /Service /Server Thanks On Sun, Nov 20, 2011 at 4:18 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Eric Kemp [mailto:cruisingat90...@gmail.com] Subject: Re: APR SSL error: Socket bind failed: [98] Address already in use Any other ideas would still be appreciated. As others have noted, the conflict is likely on some port other than 8443. Post your entire server.xml, preferably with comments removed, so we can see all of the ports declared there. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: APR SSL error: Socket bind failed: [98] Address already in use
2011/11/21 Eric Kemp cruisingat90...@gmail.com: Below is my entire server.xml (minus commented lines) Good to know. Can you post the logs? (catalina.date.log file). Clear them first then try starting Tomcat. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to get the tomcat internal log out?
2011/11/21 Kurt fxbird1...@163.com: Hello all: I compile tomcat 5.5.30 and import it to eclipse as a project, to research how the tomcat load class , I need to view the running log ,after reading through this post(http://tomcat.apache.org/tomcat-5.5-doc/logging.html) and adding below log4j.properties to the direcotry 'common/classes' and log4j-1.26.jar to common/lib, logs turned out not to be generated when I debug the tomcat starting from class Catalina. No idea about it, I've tried many times. log4j.rootLogger=DEBUG,R log4j.appender.R=org.apache.log4j.RollingFileAppender log4j.appender.R.File=k:\\logs\\tomcat.log log4j.appender.R.MaxFileSize=10MB log4j.appender.R.MaxBackupIndex=10 log4j.appender.R.layout=org.apache.log4j.PatternLayout log4j.appender.R.layout.ConversionPattern=%p%t%c-%m%n log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost]=DEBUG, R log4j.logger.org.apache.catalina.core=DEBUG, R log4j.logger.org.apache.catalina.session=DEBUG, R And the program parameter I use is 'start', vm parameter is '-Dcatalina.home=I:\My Documents\program\java\projects\eclipse\mye9.0\TOMCAT_5_5_30\mybuild-5.5.30' Any ideas? Thanks 1. Is there a reason why you are trying to use log4j? That is not default configuration for Tomcat logging. The default one is JULI. (Though you have to remove log4.jar from Tomcat if you want JULI to work). 2. Why are you trying to start Catalina? The entry point is org.apache.catalina.startup.Bootstrap. 3. You need to use -Djava.util.logging.manager= and -Djava.util.logging.config.file= vm options to configure JULI, like catalina.sh/catalina.bat does it. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: where to put static files?
Hello, when I started my project others told me to use apache for static content and tomcat for java/jsp. It works quite good. Tomcat is hidden under reverse proxy (mod_ajp). So static content gives apache, dynamic tomcat. Jan. I have a spring project (web app), in my project where should I be putting my static files like images/css/javascript? In my WEB-INF like: /WEB-INF/Assets {images/css/js} I know when I go in production I will have nginx map to this folder to serve the static files, but I just want to know where I can put them for development/testing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp
Usually the connection is initialised as null and then assigned inside the try block. What happens if the method above throws an error after a connection is removed from the pool? To try to answer this, the sample code provided is illustrative of my DAO classes generally. The following is a listing of my connection pool class: package visualRSS.database; import java.sql.*; import javax.sql.DataSource; import javax.naming.InitialContext; import org.apache.log4j.Logger; import visualRSS.entity_misc_classes.PropertiesFile; public class ConnectionPool_DB { static final Logger logger = Logger.getLogger(ConnectionPool_DB.class.getName()); private static ConnectionPool_DB pool = null; private static DataSource dataSource = null; public synchronized static ConnectionPool_DB getInstance() { if (pool == null) { pool = new ConnectionPool_DB(); } return pool; } private ConnectionPool_DB() { try { InitialContext ic = new InitialContext(); dataSource = (DataSource) ic.lookup(PropertiesFile.getProperty(visualRSS, DATASOURCE)); // dataSource = (DataSource) ic.lookup(java:/comp/env/jdbc/visualRSS); } catch(Exception ex) { logger.error(Error getting a connection pool's datasource\n, ex); } } public void freeConnection(Connection c) { try { c.close(); } catch (Exception ex) { logger.error(Error terminating a connection pool connection\n, ex); } } public Connection getConnection() { try { return dataSource.getConnection(); } catch (Exception ex) { logger.error(Error getting a connection pool connection\n, ex); return null; } } } For a typical error, I get a chain of stacktrace as follows: ERROR|21 11 2011|12 49 53|http-8080-7|visualRSS.database.ConnectionPool_DB| - Error getting a connection pool connection com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server. Attempted reconnect 3 times. Giving up. at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAcces sorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstruc torAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at com.mysql.jdbc.Util.handleNewInstance(Util.java:409) at com.mysql.jdbc.Util.getInstance(Util.java:384) at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1015) at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:989) at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:984) at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:929) at com.mysql.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:2226) at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2127) at com.mysql.jdbc.ConnectionImpl.init(ConnectionImpl.java:774) at com.mysql.jdbc.JDBC4Connection.init(JDBC4Connection.java:49) at sun.reflect.GeneratedConstructorAccessor11.newInstance(Unknown Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstruc torAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at com.mysql.jdbc.Util.handleNewInstance(Util.java:409) at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:375) at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:289) at org.apache.tomcat.dbcp.dbcp.DriverConnectionFactory.createConnection(DriverC onnectionFactory.java:38) at org.apache.tomcat.dbcp.dbcp.PoolableConnectionFactory.makeObject(PoolableCon nectionFactory.java:294) at org.apache.tomcat.dbcp.pool.impl.GenericObjectPool.borrowObject(GenericObjec tPool.java:1148) at org.apache.tomcat.dbcp.dbcp.AbandonedObjectPool.borrowObject(AbandonedObject Pool.java:84) at org.apache.tomcat.dbcp.dbcp.PoolingDataSource.getConnection(PoolingDataSourc e.java:96) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.ja va:880) at visualRSS.database.ConnectionPool_DB.getConnection(ConnectionPool_DB.java:47 ) at visualRSS.database.User_DB.get(User_DB.java:127) at visualRSS.database.Dataset_DB.mapDataset(Dataset_DB.java:580)
Re: Tomcat recycling
Hello, is there any way how to tell tomcat: Recycle after X minutes OR Y requests like it is eg. on the IIS server? IIS can reboot itself after N requests? That's awesome. What could possibly go wrong? Yes, IIS can do recycling See eg. at http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/1652e79e-21f9-4e89-bc4b-c13f894a0cfe.mspx?mfr=true It is a quite easy to setup it in the configuration. I might file an enhancement request for Tomcat... If you have already done it, can I vote it for? If I add my own script containing /etc/init.d/tomcat restart to the crontab I loose the user sessions and users have to relogin. Yes... because you restarted the server! As Chris Schultz wrote it is possible to persist sessions over tomcat restarts. I chagned my session objects to be serializable and It works. I experience some problems with OutOfMemory error. Wouldn't it be better to understand and fix the OOM, rather than just rebooting the server frequently? Yes, it is allways better to solve the cause than the consequence of a problem. But not allways man can have enough time or means to solve it. When an error occurs at production it is better to setup some kind of recovery (eg. recycling) and than solve it at pre-production / devel environment. You can use a third party lib with an error. Particulary in my case, my app consists of a one single cycle where I download a CRL, parse it using BouncyCastle lib and retrieve serial numbers of revoked certificates. So the problem can rather in third party lib than in my small piece of code. I've tried to profile memory consuption but have not found out nothing. Maybe I had had not enough memory for java virtual machine. I've set it from 128 MB to 512 MB and the problem have not occured yet. On tomcat I run a periodic thread that downloads CRLs and I suspect this of memory leaks. Why? Can't you fix that? If we forget the OOM exception, I was forced to make a ShutDownHook. I use spring quartz scheduler and my job can run quite a long time. So I had to add some notification to stop job correctly. Tomcat was complainting about possible memory leaks when ending quartz job-worker threads when I was stopping app for redeploy my app. In a single process model (crontab) I could afford to kill -9 the process and I could rely on transactionality in the database which I'm using. At the end I'd like to make a little comparision. Recently I've used .NET + native calls of dlls, php + custom made php modules (native dlls), jsp+java. .NET and php have possibilities for some kind of recoveries. It's almost imposible to crash Apache like a whole (control + x worker processes). So .NET and php seems me they're more stable than tomcat because they have some possibilites. I haven't studied recovery options in other java app. servers, but I'd really appriciate something in Tomcat. Jan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat recycling
Hello, -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jan, On 11/18/11 10:35 AM, Jan Vávra wrote: is there any way how to tell tomcat: Recycle after X minutes OR Y requests like it is eg. on the IIS server? Tomcat does not come with any mechanism for doing that. IIS has hacks to work-around horrible programming; Tomcat has some workarounds (ThreadLocal purging, etc.) but generally not. As I wrote I think I'd would be a good enhancement of Tomcat. If I add my own script containing /etc/init.d/tomcat restart to the crontab I loose the user sessions and users have to relogin. Then you need to fix your app. Unless you have changed the default, Tomcat will persist sessions across restarts. This doesn't work if your webapp puts non-serilizable objects into the session. Remember, just marking a class as implements Serializable might not be enough. Thanks for a good hint. It works. I experience some problems with OutOfMemory error. Fix your webapp. On tomcat I run a periodic thread that downloads CRLs and I suspect this of memory leaks. Certificate Revocation Lists? What do you do with them? Why just guess at the cause of your memory leak when you can fairly easily look at the objects that are taking up lots of room? Get a memory profiler and take a look. If you want to validate a certificate that is outdated but comes with a timestamp, you need to have a historical crl to judge whether the cert was or wasn't revoked during it's validity period. Some authorities are deleting outdated certs from their crl. Jan I consider to cut out this to a standalone process called via crontab. That would be my preference. I believe timer threads have no business running inside a servlet container, but there are many who disagree with me. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7Gu74ACgkQ9CaO5/Lv0PA9EwCgrJQWqZuyAJMu1BuOHazSJDeR 8GEAnArB7wYhJ5KVsAGqT4h9UhzCyee6 =HKqZ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: where to put static files?
On Mon, 2011-11-21 at 01:41 -0800, Pid * wrote: On 21 Nov 2011, at 03:15, S Ahmed sahmed1...@gmail.com wrote: I have a spring project (web app), in my project where should I be putting my static files like images/css/javascript? In my WEB-INF like: /WEB-INF/Assets {images/css/js} You can't serve files directly from WEB-INF. Not Tomcat related, but if you're using a recent version of Spring (i.e. 3.0.x), you could use the mvc:resources / tag. http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/mvc.html#mvc-static-resources I know when I go in production I will have nginx map to this folder to serve the static files, but I just want to know where I can put them for development/testing. How about somewhere sensible? /images /scripts /styles Otherwise, I second this approach. Dan
Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp
On 1:59 PM, Martin O'Shea wrote: Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Data source rejected establishment of connection, message from server: Too many connections I'd check into this. -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp
Thanks Terence. Yes, I have been. Increasing the number of connections in MySQL, the max_connections parameter, seems to have helped somewhat. Is there an optimum number of connections that the 'equivalent' Tomcat maxActive should have? -Original Message- From: Terence M. Bandoian [mailto:tere...@tmbsw.com] Sent: 21 Nov 2011 16 11 To: Tomcat Users List Subject: Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp On 1:59 PM, Martin O'Shea wrote: Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Data source rejected establishment of connection, message from server: Too many connections I'd check into this. -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with wmv file in tomcat 7
Konstantin, * * *Thanks for the info. I believe it is related to that HttpOnly flag as you said because in access log it shows that in response to fetching the video file it sends the same amount of bytes as my login screen. I set the useHttpOnly flag to false in app context but that didn't help. Have I done it the right way?* * * *Thanks,* * * *Al *
Re: Problem with wmv file in tomcat 7
Another thing I realized is that the whole wmv file is sent to the browser per it's request. So why doesn't it hand off the file to windows media player and why does windows media player requests the file again? Thanks, Al
Re: where to put static files?
Hi. What we are trying to say is this : The WEB-INF and META-INF sub-directories of a Tomcat webapp, are supposed to contain files that should NOT be accessed by the users. For example, in the WEB-INF and META-INF subdirectories, there are files (like WEB-INF/web.xml) which may contain private information (such as, e.g., passwords to access a database system). For that reason, Tomcat itself forbids access to the content of these directories. If you try to access Tomcat directly via a URL like http://myhost.company.com/mywebapp/WEB-INF/somefile;, you will get a Forbidden response. Always. But if on the same host, you run another webserver (Apache, nginx,..), and you allow this webserver to access the content of the Tomcat ../webapps/mywebapp/WEB-INF directory, then you bypass the Tomcat security and make it useless. That means that a user, with a well-crafted URL, will be able to access and display the content of those files. This is a big security hole. You can configure the front-end webserver to also forbid this, but it requires additional configuration, and you will forget to do it, or do it wrong. So don't do that. If you have static resources that need to be accessed via links in your pages, put them in a subdirectory of your webapp, but /not/ in WEB-INF or META-INF. For example, in ../webapps/mywebapp/images/*.jpg or ../webapps/mywebapp/css/*.css Tomcat will server static resources just fine, usually as fast as Apache or nginx would. If you insist that you must serve this static content directly from the front-end webserver, and not ask Tomcat to do it, then place them somewhere under the DocumentRoot of the front-end webserver (which should /NOT/ be the same as the Tomcat webapps directory), and use the proxy instructions so that these requests are /not/ forwarded to Tomcat, but served locally. For example : ProxyPass /mywebapp/images ! ProxyPass /mywebapp/css ! ProxyPass /mywebapp ajp://tomcat:8009/mywebapp will proxy all requests for /mywebapp to Tomcat, *except* for the /images and /css subdirectories. Jan Vávra wrote: Hello, when I started my project others told me to use apache for static content and tomcat for java/jsp. It works quite good. Tomcat is hidden under reverse proxy (mod_ajp). So static content gives apache, dynamic tomcat. Jan. I have a spring project (web app), in my project where should I be putting my static files like images/css/javascript? In my WEB-INF like: /WEB-INF/Assets {images/css/js} I know when I go in production I will have nginx map to this folder to serve the static files, but I just want to know where I can put them for development/testing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat recycling
On 21 Nov 2011, at 13:24, Jan Vávra va...@602.cz wrote: Hello, is there any way how to tell tomcat: Recycle after X minutes OR Y requests like it is eg. on the IIS server? IIS can reboot itself after N requests? That's awesome. What could possibly go wrong? Yes, IIS can do recycling See eg. at http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/1652e79e-21f9-4e89-bc4b-c13f894a0cfe.mspx?mfr=true It is a quite easy to setup it in the configuration. I might file an enhancement request for Tomcat... If you have already done it, can I vote it for? If I add my own script containing /etc/init.d/tomcat restart to the crontab I loose the user sessions and users have to relogin. Yes... because you restarted the server! As Chris Schultz wrote it is possible to persist sessions over tomcat restarts. I chagned my session objects to be serializable and It works. I experience some problems with OutOfMemory error. Wouldn't it be better to understand and fix the OOM, rather than just rebooting the server frequently? Yes, it is allways better to solve the cause than the consequence of a problem. But not allways man can have enough time or means to solve it. When an error occurs at production it is better to setup some kind of recovery (eg. recycling) and than solve it at pre-production / devel environment. You can use a third party lib with an error. Particulary in my case, my app consists of a one single cycle where I download a CRL, parse it using BouncyCastle lib and retrieve serial numbers of revoked certificates. So the problem can rather in third party lib than in my small piece of code. I've tried to profile memory consuption but have not found out nothing. Maybe I had had not enough memory for java virtual machine. I've set it from 128 MB to 512 MB and the problem have not occured yet. On tomcat I run a periodic thread that downloads CRLs and I suspect this of memory leaks. Why? Can't you fix that? If we forget the OOM exception, I was forced to make a ShutDownHook. I use spring quartz scheduler and my job can run quite a long time. So I had to add some notification to stop job correctly. Tomcat was complainting about possible memory leaks when ending quartz job-worker threads when I was stopping app for redeploy my app. Yes, Tomcat is helping you by warning you about a potential problem. The last time I looked at Quartz the shutdown process didn't actually wait for threads to finish before returning. I had a little success with Thread.yield() but I suspect that it would not be effective for multiple jobs or a longer process. In a single process model (crontab) I could afford to kill -9 the process and I could rely on transactionality in the database which I'm using. I'm not sure how that relates to this discussion. At the end I'd like to make a little comparision. Recently I've used .NET + native calls of dlls, php + custom made php modules (native dlls), jsp+java. .NET and php have possibilities for some kind of recoveries. I'm not sure what that means. It's almost imposible to crash Apache like a whole (control + x worker processes). So .NET and php seems me they're more stable than tomcat because they have some possibilites. I completely disagree. You're comparing two languages with an application server, for a start. I haven't studied recovery options in other java app. servers, but I'd really appriciate something in Tomcat. I think the harm this function would do would outweigh any perceived benefits. If you want to reboot Tomcat periodically employ cron and the service wrapper. p Jan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with wmv file in tomcat 7
Konstantin, I was wrong. It is working after I added the useHttpOnly=false to the context. Thanks a lot for the help. Al.
Re: where to put static files?
On 21 Nov 2011, at 18:52, André Warnier a...@ice-sa.com wrote: Hi. What we are trying to say is this : The WEB-INF and META-INF sub-directories of a Tomcat webapp, are supposed to contain files that should NOT be accessed by the users. For example, in the WEB-INF and META-INF subdirectories, there are files (like WEB-INF/web.xml) which may contain private information (such as, e.g., passwords to access a database system). For that reason, Tomcat itself forbids access to the content of these directories. If you try to access Tomcat directly via a URL like http://myhost.company.com/mywebapp/WEB-INF/somefile;, you will get a Forbidden response. Always. But if on the same host, you run another webserver (Apache, nginx,..), and you allow this webserver to access the content of the Tomcat ../webapps/mywebapp/WEB-INF directory, then you bypass the Tomcat security and make it useless. That means that a user, with a well-crafted URL, will be able to access and display the content of those files. This is a big security hole. You can configure the front-end webserver to also forbid this, but it requires additional configuration, and you will forget to do it, or do it wrong. So don't do that. Tomcat will server static resources just fine, usually as fast as Apache or nginx would. If you insist that you must serve this static content directly from the front-end webserver, and not ask Tomcat to do it, then place them somewhere under the DocumentRoot of the front-end webserver (which should /NOT/ be the same as the Tomcat webapps directory), and use the proxy instructions so that these requests are /not/ forwarded to Tomcat, but served locally. +1. I would use stronger terms: never allow DocumentRoot and tomcat/webapps to overlap. p For example : ProxyPass /mywebapp/images ! ProxyPass /mywebapp/css ! ProxyPass /mywebapp ajp://tomcat:8009/mywebapp will proxy all requests for /mywebapp to Tomcat, *except* for the /images and /css subdirectories. Jan Vávra wrote: Hello, when I started my project others told me to use apache for static content and tomcat for java/jsp. It works quite good. Tomcat is hidden under reverse proxy (mod_ajp). So static content gives apache, dynamic tomcat. Jan. I have a spring project (web app), in my project where should I be putting my static files like images/css/javascript? In my WEB-INF like: /WEB-INF/Assets {images/css/js} I know when I go in production I will have nginx map to this folder to serve the static files, but I just want to know where I can put them for development/testing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp
On 21 Nov 2011, at 16:11, Terence M. Bandoian tere...@tmbsw.com wrote: On 1:59 PM, Martin O'Shea wrote: Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Data source rejected establishment of connection, message from server: Too many connections I'd check into this. I agree. I am interested in whether connections are being created but not returned to the pool, hence my question... p -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp
On 21 Nov 2011, at 16:25, Martin O'Shea app...@dsl.pipex.com wrote: Thanks Terence. Yes, I have been. Increasing the number of connections in MySQL, the max_connections parameter, seems to have helped somewhat. If you are leaking connections it will just delay the problem, even make it worse. Connect VisualVM to Tomcat and monitor the connection pool, (assuming you have configured the pool as a Resource). If it keeps increasing in size, outgrowing the Connector threads, you have a leak. p Is there an optimum number of connections that the 'equivalent' Tomcat maxActive should have? -Original Message- From: Terence M. Bandoian [mailto:tere...@tmbsw.com] Sent: 21 Nov 2011 16 11 To: Tomcat Users List Subject: Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp On 1:59 PM, Martin O'Shea wrote: Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Data source rejected establishment of connection, message from server: Too many connections I'd check into this. -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Manager WebApp authentication
On November 18, 2011 16:17 , Leo Donahue - PLANDEVX leodona...@mail.maricopa.gov wrote: Is is possible to ... or some other independent source for role information? A sample using JNDI and active directory in the archives. http://www.mail-archive.com/users@tomcat.apache.org/msg74641.html And a SQL server DataSource Realm example also: http://www.mail-archive.com/users@tomcat.apache.org/msg75265.html Last post. The solutions at those links perform both authentication and role-based authorization. I need just the ability to perform role-based authorization when tomcatAuthentication=false for a connector. Am I missing something described in one of the messages linked above? I turned on all logging for catalina realms and authenticators and found that when tomcatAuthentication=true then in org.apache.catalina.realm.RealmBase hasResourcePermission(), request.getPrincipal() returns an object of class GenericPrincipal, but when tomcatAuthentication=false it returns an object of class CoyotePrincipal. And the CoyotePrincipal class does not support roles. Any advice on how to solve this problem? I need Tomcat 6 to use the authentication performed by the front-end webserver without breaking the roles required by the Tomcat Manager webapp. Here is what happens when tomcatAuthentication=true and the Tomcat Manager webapp works: Nov 21, 2011 1:35:08 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Calling authenticate() Nov 21, 2011 1:35:08 PM org.apache.catalina.authenticator.AuthenticatorBase register FINE: Authenticated 'markmont' with type 'BASIC' Nov 21, 2011 1:35:08 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Calling accessControl() Nov 21, 2011 1:35:08 PM org.apache.catalina.realm.RealmBase hasResourcePermission FINE: Checking roles GenericPrincipal[markmont(admin,manager,)] Nov 21, 2011 1:35:08 PM org.apache.catalina.realm.RealmBase hasResourcePermission FINE: Role found: manager And here is what happens when tomcatAuthentication=false and the Tomcat Manager webapp breaks: Nov 21, 2011 1:27:49 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Calling authenticate() Nov 21, 2011 1:27:49 PM org.apache.catalina.authenticator.BasicAuthenticator authenticate FINE: Already authenticated 'markmont' Nov 21, 2011 1:27:49 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Calling accessControl() Nov 21, 2011 1:27:49 PM org.apache.catalina.realm.RealmBase hasResourcePermission FINE: Checking roles CoyotePrincipal[markmont] Nov 21, 2011 1:27:49 PM org.apache.catalina.realm.RealmBase hasResourcePermission FINE: No role found: manager Nov 21, 2011 1:27:49 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Failed accessControl() test -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
FW: Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp
Are you able to provide any more information about what I am actually looking for in VisualVM?
Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp
Well, I hope I'm reading VisualVM correctly, because when I run the JMeter test first time around, I see 40 'connector' threads created in VisualVM, all of which run for so long and then return to a wait state. And if I run the test again several times in succession, the number of connector threads remains the same: they run, and then wait. JMeter also indicates a clean run with no errors reported.
Tomcat dependency setup
Hi, I'm looking for a resource for how to set dependencies on tomcat. I'm using SBT and looking to replace Jetty with Tomcat in the test/build phase. I already deploy to tomcat in prod. Here's the jetty dependency. 15 org.eclipse.jetty % jetty-webapp % 7.4.5.v20110725 % container, 16 javax.servlet % servlet-api % 2.5 % provided Where would I look to get the equivalent dependency for tomcat? Thanks in advance
Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp
On 21 Nov 2011, at 20:09, Martin O'Shea app...@dsl.pipex.com wrote: Are you able to provide any more information about what I am actually looking for in VisualVM? Depends how you defined the Db. Did you define a global Resource in server.xml? Or perhaps in conf/context.xml? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Manager WebApp authentication
Mark Montague wrote: ... Any advice on how to solve this problem? I need Tomcat 6 to use the authentication performed by the front-end webserver without breaking the roles required by the Tomcat Manager webapp. I know that it does not answer your question, but may I ask why ? If you already do the user authentication in the front-end Apache httpd, can you not do a role-equivalent check there too, before you proxy the call to Tomcat ? Like Location /manager Require group manager ProxyPass ajp://tomcat:8009 /Location (and remove the Tomcat auth constraints) (Not sure it's so easy, but may be worth a try) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp
On 21 Nov 2011, at 21:25, Martin O'Shea app...@dsl.pipex.com wrote: Well, I hope I’m reading VisualVM correctly, because when I run the JMeter test first time around, I see 40 ‘connector’ threads created in VisualVM, all of which run for so long and then return to a wait state. I always forget to tell people to get the plugins, apologies. There is a JConsole Mbean plugin for it that you can use to inspect various of Tomcats internals. And if I run the test again several times in succession, the number of connector threads remains the same: they run, and then wait. JMeter also indicates a clean run with no errors reported. The list strips attachments and embedded. If you created a DataSource and a connection pool, then you will find values indicating the pool size etc. You are aiming to monitor the pool size during the test. p
Re: Tomcat Manager WebApp authentication
On November 21, 2011 17:35 , André Warnier a...@ice-sa.com wrote: Mark Montague wrote: Any advice on how to solve this problem? I need Tomcat 6 to use the authentication performed by the front-end webserver without breaking the roles required by the Tomcat Manager webapp. I know that it does not answer your question, but may I ask why ? If you already do the user authentication in the front-end Apache httpd, can you not do a role-equivalent check there too, before you proxy the call to Tomcat ? Like Location /manager Require group manager ProxyPass ajp://tomcat:8009 /Location (and remove the Tomcat auth constraints) I have not tried your suggestion, but I think it will work. The reason why I have not done that is because I was looking at the general case of other applications that may have auth constraints, not just Tomcat Manager. Especially if the auth constraints are more complex than the ones Tomcat Manager has. Plus, by understanding what is happening and why, I learn more about Tomcat. Right now, I am experimenting with implementing my own realm; I think it may be possible to get the desired functionality under Tomcat that way. If this does not work or if it is too hard for me, I will use your suggestion. But I am new to both Java and Tomcat, and so I wonder if there is yet another way of which I am ignorant. Thank you for your help! -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: APR SSL error: Socket bind failed: [98] Address already in use
I understand you want to use APR, but just for troubleshooting purposes, try using the same server.xml but changing the SSL connector from protocol=org.apache.coyote.http11.Http11AprProtocol to protocol=org.apache.coyote.http11.Http11NioProtocol If that works, then your problem is with APR, most likely with the installation rather than a bug in APR itself. I'd try recompiling APR (and installing the recompiled version). =Jeremy= On Sun, Nov 20, 2011 at 6:44 PM, Eric Kemp cruisingat90...@gmail.comwrote: Below is my entire server.xml (minus commented lines) ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SecretCommand Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / [snip] Service name=Catalina Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 URIEncoding=UTF-8 redirectPort=8443 / !-- Adding the connector below causes the Socket bind failed: [98] Address already in use error to appear in catalina.out... and https does not work. -- Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS SSLEnabled=true SSLCertificateKeyFile=/etc/apache2/ssl/myDomain.com.key SSLCACertificateFile=/etc/apache2/ssl/myDomain.com.ca.crt / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine /Service /Server Thanks
RE: Tomcat Causes Server to go Panic/Crash
Hi Charles, Thanks for the advice. apologies for being stubborn. I'll change the JVM and set the CATALINA_OPTS in the setenv.sh Best regards, Adrian Caldarale, Charles R chuck.caldar...@unisys.com 11/19/2011 01:18 AM Please respond to Tomcat Users List users@tomcat.apache.org To Tomcat Users List users@tomcat.apache.org cc Subject RE: Tomcat Causes Server to go Panic/Crash From: Adrian Zara [mailto:adrian.z...@aonhewitt.com] Subject: Re: Tomcat Causes Server to go Panic/Crash I just learned that the JVM I am using is Java HotSpot (TM) Client VM (build 1.4.2_19-b04, mixed mode) Which hasn't been supported for many years. (1.5 is also not supported, unless you pay Oracle.) You really, really need to upgrade everything. So I go back again to my drwaing board to analyze the issue. Please advise again. Let's repeat: 1) put catalina.sh back to its original form, as distributed by Tomcat 2) set CATALINA_OPTS in setenv.sh for a reasonable heap size - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
Re: APR SSL error: Socket bind failed: [98] Address already in use
Problem resolved! Thanks so much for all the helpful hints. I had been going to the end of the catalina.out file and seeing this error message in the last ~60 lines of text, and thought it represented the latest restart errors. What I failed to notice, was that there WERE previous errors above the clean looking lines. They indicated tomcat was unable to read the certificate files. A quick chmod fixed that, and now SSL works. Clear them first was what got me to see what I had been missing. Thanks again. On Mon, Nov 21, 2011 at 5:54 AM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2011/11/21 Eric Kemp cruisingat90...@gmail.com: Below is my entire server.xml (minus commented lines) Good to know. Can you post the logs? (catalina.date.log file). Clear them first then try starting Tomcat. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dependency setup
On 21 Nov 2011, at 22:09, John Hinnegan john.hinne...@gmail.com wrote: Hi, I'm looking for a resource for how to set dependencies on tomcat. I'm using SBT and looking to replace Jetty with Tomcat in the test/build phase. (SBT is a build tool written in Scala - I had to look it up) http://catb.org/~esr/faqs/*smart*-*questions*.html I already deploy to tomcat in prod. Here's the jetty dependency. Ugly. That's presumably a Maven reference? 15 org.eclipse.jetty % jetty-webapp % 7.4.5.v20110725 % container, 16 javax.servlet % servlet-api % 2.5 % provided Where would I look to get the equivalent dependency for tomcat? Tomcat's Maven components are under group org.apache.tomcat - the rest varies by the bits you need and the version. Have a browse of the repo. p Thanks in advance
tomcat http connector
Hi, Is there any document which I can refer to which states if tomcat's built in http connector (Coyote) can be used for production ? And also a comparison between http connector and AJP one. Thanks, Asha
RE: tomcat http connector
From: Asha K S [mailto:a...@adobe.com] Subject: tomcat http connector Is there any document which I can refer to which states if tomcat's built in http connector (Coyote) can be used for production ? What an odd question. Of course it can be used for production. And also a comparison between http connector and AJP one. Read the Tomcat docs: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat http connector
HI Chuck, Sorry I am newbie here :) .My question was mainly regarding which one is recommended for production . Thanks, Asha -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, November 22, 2011 12:29 PM To: Tomcat Users List Subject: RE: tomcat http connector From: Asha K S [mailto:a...@adobe.com] Subject: tomcat http connector Is there any document which I can refer to which states if tomcat's built in http connector (Coyote) can be used for production ? What an odd question. Of course it can be used for production. And also a comparison between http connector and AJP one. Read the Tomcat docs: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp
On 21 Nov 2011, at 16:25, Martin O'Sheaapp...@dsl.pipex.com wrote: Thanks Terence. Yes, I have been. Increasing the number of connections in MySQL, the max_connections parameter, seems to have helped somewhat. If you are leaking connections it will just delay the problem, even make it worse. Connect VisualVM to Tomcat and monitor the connection pool, (assuming you have configured the pool as a Resource). If it keeps increasing in size, outgrowing the Connector threads, you have a leak. p Is there an optimum number of connections that the 'equivalent' Tomcat maxActive should have? -Original Message- From: Terence M. Bandoian [mailto:tere...@tmbsw.com] Sent: 21 Nov 2011 16 11 To: Tomcat Users List Subject: Re: Connection pooling issue with MySQLNonTransientConnectionException and Java webapp On 1:59 PM, Martin O'Shea wrote: Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Data source rejected establishment of connection, message from server: Too many connections I'd check into this. -Terence Bandoian Hi, Martin- I agree with Pid that you should ensure you're not leaking connections. In addition to what he suggested, you can check the MySQL status variables using the 'show global status' statement from the MySQL command-line shell. Interesting variables might include Connections, Max_used_connections and possibly Threads_connected. The error message was generated by the MySQL server so, once you're sure the connections are handled correctly by your software, I would think max_connections is the right setting to adjust, as you've already been doing. -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat http connector
From: Asha K S [mailto:a...@adobe.com] Subject: RE: tomcat http connector My question was mainly regarding which one is recommended for production . Both, depending on what you need to do. If you are using httpd for something useful (and just serving static content isn't one of those things), then most people connect Tomcat to it via mod_jk or mod_proxy_ajp. If you have no specific need for httpd, then use Tomcat directly and avoid the complexity and performance impact. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat http connector
Is there any performance comparison document available already between http and AJP Thanks, Asha -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, November 22, 2011 12:40 PM To: Tomcat Users List Subject: RE: tomcat http connector From: Asha K S [mailto:a...@adobe.com] Subject: RE: tomcat http connector My question was mainly regarding which one is recommended for production . Both, depending on what you need to do. If you are using httpd for something useful (and just serving static content isn't one of those things), then most people connect Tomcat to it via mod_jk or mod_proxy_ajp. If you have no specific need for httpd, then use Tomcat directly and avoid the complexity and performance impact. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat http connector
On 22 Nov 2011, at 07:15, Asha K S a...@adobe.com wrote: Is there any performance comparison document available already between http and AJP Please don't top-post. Post your questions below the answers so it's possible to read the conversation without jumping up and down the page. The AJP and HTTP connectors serve different purposes - you choose based on whether you are integrating with Apache HTTPD or not, rather than on performance. On performance: 95+% of the performance will come from getting your app design and code right. The rest is made up from choosing the right amount of memory and garbage collector settings, a modern JVM, testing more testing, not having resource pools that are too small, etc. (I'm deliberately ignoring hardware.) If you're new to this you are extremely unlikely to notice the difference between the different Tomcat Connectors performance. p The answer is: use the NIO implementations if you really need speed from Tomcat. Thanks, Asha -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, November 22, 2011 12:40 PM To: Tomcat Users List Subject: RE: tomcat http connector From: Asha K S [mailto:a...@adobe.com] Subject: RE: tomcat http connector My question was mainly regarding which one is recommended for production . Both, depending on what you need to do. If you are using httpd for something useful (and just serving static content isn't one of those things), then most people connect Tomcat to it via mod_jk or mod_proxy_ajp. If you have no specific need for httpd, then use Tomcat directly and avoid the complexity and performance impact. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RemoveIpValve and valve execution order
Hi, I'm trying to configure the RemoteIp in combination with AccessLogValve. request.getRemoteAddr() return the correct remote-ip from X-Forwarded-For header, but AccessLogValve still logs the unmodified (proxy) ip-address. Can this be related to the execution order of valves? Can I enforce the order somehow? Version = 7.0.22, valves: Valve className=org.apache.catalina.valves.RemoteIpValve remoteIpHeader=X-Forwarded-For protocolHeader=X-Forwarded-Proto/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=${instanceId}_access. suffix=.log pattern=%h %{Host}i %t quot;%rquot; %s %b %{klm_tracking_id}c %S %D / Richard -- View this message in context: http://old.nabble.com/RemoveIpValve-and-valve-execution-order-tp32872128p32872128.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat http connector
Hello, I use ajp, because on tomcat I make authentication based on client certificate. That you cannot do via http connector. Jan. Hi, Is there any document which I can refer to which states if tomcat's built in http connector (Coyote) can be used for production ? And also a comparison between http connector and AJP one. Thanks, Asha - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoveIpValve and valve execution order
2011/11/22 rswart rjsw...@gmail.com: Hi, I'm trying to configure the RemoteIp in combination with AccessLogValve. request.getRemoteAddr() return the correct remote-ip from X-Forwarded-For header, but AccessLogValve still logs the unmodified (proxy) ip-address. Can this be related to the execution order of valves? Can I enforce the order somehow? No. It is not related to their order. If you need AccessLogValve to use information from RemoteIpValve you have to enable that explicitly. See requestAttributesEnabled in the documentation. http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html Version = 7.0.22, valves: Valve className=org.apache.catalina.valves.RemoteIpValve remoteIpHeader=X-Forwarded-For protocolHeader=X-Forwarded-Proto/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=${instanceId}_access. suffix=.log pattern=%h %{Host}i %t quot;%rquot; %s %b %{klm_tracking_id}c %S %D / Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org