Re: Tomcat 7 SSL Setup: ERR_CONNECTION_REFUSED
Mavenpol, On 16.9.2013 22:47, Mavenpol Saulon wrote: This server where I imported the certificates and has been encountering errors is just one of the servers that are configured to run SSL. All of the other servers have the same setup except for the keytool -delete.. that I used in this particular erring server. Other servers are OK in SSL. I'm worried that the keytool delete might have caused the problem? (On this list it is standard to put your text below the quote.) What is the content of your Java keystore now? You should have PrivateKeyEntry with valid certificate chain. Check it using keytool -list -v You may also check if the certificate chain is served properly to the client using openssl: openssl s_client -connect server.example.com:443 -showcerts Other than that, you may try to turn on TLS/SSL Java debugging using VM option: -Djavax.net.debug=all These commands/option will give you some insight what is wrong with keystore and TLS/SSL handshake. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Filtering HTTP OPTIONS request method from logs?
Jim Barber wrote: All, On 16/09/2013 10:52 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Felix, On 9/16/13 10:25 AM, Felix Schumacher wrote: Am Montag, den 16.09.2013, 10:02 -0400 schrieb Christopher Schultz: Jim, On 9/16/13 3:42 AM, Jim Barber wrote: I'm hoping someone on this list can help me since I've been reading docs, mailing lists, FAQs, and so on for hours now, and I'm not having much luck finding an answer to my question. I am using Tomcat version 7.0.42 as packaged in Debian Linux. In front of my Tomcat servers, I am using haproxy for load balancing. The haproxy load balancers are using the HTTP OPTIONS request method to check if the Tomcat servers are alive and healthy. This results in log entries like the following in the Tomcat accesslog file: 10.122.32.4 - - [16/Sep/2013:17:12:49 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:12:51 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:12:53 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:12:55 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:12:57 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:12:59 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:13:01 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:13:03 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:13:05 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:13:07 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:13:09 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:13:11 +1000] OPTIONS / HTTP/1.0 200 - At the moment I'm getting one of these every 2seconds, but I haven't enabled the second load balancer for HA purposes yet. When I do that, I'll be getting twice as many hits of this type. This is going to result in rather large log files full of noise that I'm not interested in. Playing the devil's advocate here a bit... Why wouldn't you be interested in getting these logs? They are requests being handled by your web server. They require (a small amount of) time and resources to process, and indicate that your lb is still reaching-out to determine the status of the app server. My recommendation would be to leave those logs in there (they accurately describe a real request) and filter them out if you want to do some kind of analytics against your log files and consider those OPTIONS requests to be noise. I have had one case where I wanted to get rid of those requests too, so I can understand the OP. But I have to admint I had a scary feeling about it. Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=%h %l %u %t quot;%rquot; %s %b / Specifically adding the condition=VALUE attribute, but I have no idea what to set VALUE to. It's not that simple: if you want to use condition, then you have a write a Valve (can't be a Filter, since it must run *before* the AccessLogValve) that tests the request and sets a request attribute that will then trigger this condition. That is not true, you can use a filter, since the logging will happen *after* the request and can and will check the request attribute then. Thanks for pointing that out. After I had sent my message, I realized that and decided not to post a followup after reading yours. - -chris Thank you all for your responses. It looks like I'll just have to put up with these messages. There seems to be no easy way to filter them out. Actually, based on earlier responses and on the URLrewrite filter (http://http://tuckey.org/urlrewrite/), there may be a solution after all, which does not involve additional Java programming, as long as you are willing to do some research by yourself. (Short intro : the URLrewrite filter is a bit of a workhorse, simioar to mod_rewrite for Apache httpd, and which can do a multitude of things when it comes to filter/modify HTTP requests in Tomcat) First, get the URLrewrite User's Manual at http://urlrewritefilter.googlecode.com/svn/trunk/src/doc/manual/4.0/index.html and then search for : condition element (see method and remote-addr) and set element (see request (default)) : The same as request.setAttribute([name], [value]) (note, name must be set). So, the requests that you want to not log look like this : 10.122.32.4 - - [16/Sep/2013:17:12:49 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:12:51 +1000] and thus they address the / (default) webapp, originate from the client IP 10.122.32.4, and have the method OPTIONS. And on the other hand, the AccessLogValve has an attribute which allows you to specify that if the request has an attribute (e.g.) nolog set, it will not be logged. So, by configuring your ROOT (default) webapp to include the URLrewrite filter, and configuring this filter properly, you should be able to attain your goal. Enough tips now, get to work.. (And
[ANN] Apache Tomcat Native 1.1.28 released
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.1.28 stable. Please refer to the change log for the list of changes: http://tomcat.apache.org/native-doc/miscellaneous/changelog.html Downloads: http://tomcat.apache.org/download-native.cgi The Apache Tomcat Native Library provides portable API for features not found in contemporary JDK's. It uses Apache Portable Runtime as operating system abstraction layer and OpenSSL for SSL networking and allows optimal performance in production environments. Thank you, -- The Apache Tomcat Team - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 SSL Setup: ERR_CONNECTION_REFUSED
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ognjen, On 9/17/13 4:37 AM, Ognjen Blagojevic wrote: Mavenpol, On 16.9.2013 22:47, Mavenpol Saulon wrote: This server where I imported the certificates and has been encountering errors is just one of the servers that are configured to run SSL. All of the other servers have the same setup except for the keytool -delete.. that I used in this particular erring server. Other servers are OK in SSL. I'm worried that the keytool delete might have caused the problem? (On this list it is standard to put your text below the quote.) What is the content of your Java keystore now? You should have PrivateKeyEntry with valid certificate chain. Check it using keytool -list -v You may also check if the certificate chain is served properly to the client using openssl: openssl s_client -connect server.example.com:443 -showcerts Other than that, you may try to turn on TLS/SSL Java debugging using VM option: -Djavax.net.debug=all These commands/option will give you some insight what is wrong with keystore and TLS/SSL handshake. It also would be helpful for OP to: a) Specify the version of Tomcat you are using b) Provide the Connector configuration from your conf/server.xml (without any sensitive material such as passwords) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSOFwPAAoJEBzwKT+lPKRYBWMQAIAE5pRZHe0xyCPBV5hMH81H ZNz9k94I/+vSdLOgBzFT0biT2jd+LUHU9jv8SMpwJ8UCDtz5HGCc/QGWZF1gpZ/3 0WzHx5dDMXLgKmV1ht82xWWNVrTvzFRob8vwRIFse3bc/GjavX/aTnrKKArkJKs+ Vl+IxLwtvcrdbUNefIBNFSvNbMb33BM0hy6vvAYgGbMVwavImn54FnXO9Ud+V3nr GXTwD7Wt4Es9ZgQDPIWJWPNKSjA8xhpvh90pZEIXw7/MBGUZbcbCYhPKOEVaHS1y 8gWVGnnbh1MsW2ZAUD1Z3UWVE7UIVDAca1YH7VOGjmuF4iGWAlsPaDWqj9cOzc8D GpE66qdDFvotvGN0uTBe+QHLoyh95u9i1BgBPy6aI4BQRQZS9gz0L9s+vjVGMBQ/ 8YJoGBdIyLe1zrHgIFJBi/lYhzNzUh9Ozh/+X+EEDd1S3NuqokELI/WsnPkHdoGO dg3ubzt6IEYWMu/5QJCfWneI+cbbgB/E/iLWUK0vmK4F/C6Li1Fi3WNB/8qoy5Ot ib5lVTIOhS1ovGclQd3E2Zl/JRms84gt1YuTa/AaV3swwDUz7g4nnbhs9ozDtnp5 2RYdkUKVeqKNC3GFQma119hCR55xQu8P/91IkVrR/kHLLIaklGLSlXnbqlH4wnBk GnvW4oyilc0IjjLwif9b =ociN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: Atcafe.loopmobile.in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Poonam, On 9/16/13 7:35 PM, Poonam Vishal wrote: -- Forwarded message -- From: Poonam Vishal poonam...@gmail.com Date: Tue, Sep 17, 2013 at 11:19 AM Subject: Atcafe.loopmobile.in To: users@tomcat.apache.org Hi I am using Mobile and when ever I open Web browser with our without integer it opens the link page http://atcafe.loopmobile.in/ Kindly advise why is it happening. .. how do I stop and start it in my mobile. I'm not sure what you're really asking. Can you clarify it a bit? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSOFuaAAoJEBzwKT+lPKRYWboQAJmDtUeEIgkLj1lbwoWsh56K bjHtdyaH83tvBU5eokhYm9CM7Urc4IgnwPJI4MO6hZ/Tnl6UDQNhWxdXvUmuTDKg yObGqcSyBYQ9ie65qGAd0RGm9J7qKgD4lna6Iz0BB9O8WoCcBdqxQQrYi3g8oJwe fGIIims2JJCi49uNzT3p+rW6NEh/34djDWr3apoMDyTIFVb5Jrz8iLwEQWB9tmkk ZAqrlOSzfmhd+CcL2efCL90K5VBhpcXrm5Z7GuW8/T/5Mk9LNRTQBILFR7zIpXHv BKoiATcb/eQbp8/L3NNTdQl+hbUd+hczW/Sa2RNv0Ei2emyU8WliKnmpTVDOE/qi JmqaBr+uPWC+GpD1Ts7JN0JlkyXAU4XQfXE5wttRVpYrhZsRQYfUOGh1jzaES49p PNt6+jO2xhUnayS285uXEXzKGgP0nxok+uL7jcrTk4qhe71zUssKQFuF5juHqYpe 5jNqlygVyiET9w+f6p77G/8L5JTowh4JVe/Ma/Kl+ez3VHsPt8xOGdIOmQqxgLT6 0jftuWfo8RwF6AcA0tC3MFPJAebTaWKV3b4BZqbBQp8Gyt29449VxDl4K2zezZk/ /IcBlio+2fVLC16mH3uzk/Mk5jQmWC2TxiPTSACOZrYZVWyN6EI4ruSQRY+lQcjS KRSbaxJ8l3/SWeBMPMej =v2lq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multi-URL Access 1 Webapp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 9/16/13 3:42 PM, Chris Arnold wrote: Chris, If you just need 1 deployed webapp, then simply change your webapp to sniff the client's name from the URL. You don't need to change anything: you still only need one (default) virtual host in Tomcat, and you can do whatever you want (e.g. single virtual host) in httpd. Maybe i need to give a summary of the existing setup and how we use it: tomcat runs on port 8080 apache runs on port 80 Got it: no surprises here. Someone requests http://share.domain.tld. This request lands on our apache server. Apache has to know where to send the http://share.domain.tld request, so i assume a vhost will need to tell apache where to send that request. Yes, but the default vhost will do just fine: all requests will go to the same vhost. The web app is alfresco and i am not sure how to have alfresco sniff out the request. Your way sounds the easiest but i am not sure how to go about it. Can you share any examples? I didn't know you were running a 3rd-party application. Do you need the application to behave differently given a particular client? If not, there's nothing to do. If so, you probably need to ask the Alfresco folks how to do that. I personally know nothing about Alfresco, though there may be some folks on the list who do and might reply here. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSOFymAAoJEBzwKT+lPKRYxRoP/iMNI1ueS99p2Jmb0qlRSMkb W50eBkReFvNGJZov9bEXmQGnZBQ+UpBVpczvhyWUos5Bhk+ra/2CRztdVssjTohU 8/rDwHpDF0qW1/tHhTMxGfrIH5Dn3Pr00vjFkMxlmuZKS5Ot4IwOF+VUa5sVdm0P tTsyGRquQmqi1WHr+ey5/5V6wHoq0EBjmVwdSTdUKiyCxQcfDDdgouhBiJ7td513 nBZvgo3Zx/ZHKnZkC2UrJP9Xu2bAxofogTcmVl9BOSVcUGVAD/YhzTO896zMitn4 4xOYZWIHrPzm9mU46RsCIne0mck2Xy5dA8Xe2PhJuC6CjjOJtI+qLaFJi95ESNih 3+6MQBEpzJGC8HmcVr+qZpw8bb7t4/UEJspAvXlA9fVoK4NBvyFq+Tlt3MiCaIMF fI1DBeyMTe6e5GjV4dIpq3JOxeb8X1NoF73aMdiVLtj/lSWPu0Kf7r5HVDjZc/Ch weRpgngEODzT1HwSXiE5Y+VbVjyQKqsQ72BKna4rmhLQkVe87Wf0JGZVHO6+3qLL f/xiipIi/PPGfTveHuQOeQCSACAjTUl52lz24SnDvFZuT/Yhy6gWuEvAG158cIh5 UkQHCNlJsr5ksiBwsGjHd6sjSd8d6+0uDWsbMzrpL8PjLrUtaWzfh4lJhYQ0SDCy uMzVJRrXJ5ZZMCHR7QTz =m8LV -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Problems with Clustering / Session Replication
Hello, I'm setting up clustering/replication on Tomcat 7 on my local machine, to evaluate it for use with my environment/codebase, and sessions don't appear to be replicating. Hopefully I've provided enough information below, but please let me know if you have any more questions. ___Setup___ I have two identical tomcat servers in sibling directories running on different ports. I have httpd listening on two other ports and connecting to the two tomcat instances as VirtualHosts. I can access and interact with both environments on the configured ports; everything is working as expected. The tomcat servers have clustering enabled like this, in server.xml: Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4001 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster and I added the distributable tag to the very beginning of web.xml: web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd; version=3.0 distributable / (lots more...) /web-app ___What's working___ When the servers start, they log Sep 16, 2013 1:44:23 PM org.apache.catalina.ha.tcp.SimpleTcpCluster startInternal INFO: Cluster is about to start Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.transport.ReceiverBase getBind FINE: Starting replication listener on address:10.0.0.100 Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.transport.ReceiverBase bind INFO: Receiver Server Socket bound to:/10.0.0.100:4001 Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.membership.McastServiceImpl setupSocket INFO: Setting cluster mcast soTimeout to 500 Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:4 Sep 16, 2013 1:44:24 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:4 Sep 16, 2013 1:44:24 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:8 Sep 16, 2013 1:44:25 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:8 When the second server starts up, the first one logs Sep 16, 2013 2:17:30 PM org.apache.catalina.tribes.group.interceptors.TcpFailureDetector messageReceived FINE: Received a failure detector packet:ClusterData[src=org.apache.catalina.tribes.membership.MemberImpl[tcp://{10, 0, 0, 100}:4000,{10, 0, 0, 100},4000, alive=112208, securePort=-1, UDP Port=-1, id={118 6 107 -67 88 98 72 95 -73 41 4 -108 58 -5 -127 -41 }, payload={}, command={}, domain={}, ]; id={25 110 120 -2 -25 6 78 -97 -84 -34 2 -11 49 -62 -8 -56 }; sent=2013-09-16 14:17:30.139] Sep 16, 2013 2:17:30 PM org.apache.catalina.tribes.transport.nio.NioReplicationTask remoteEof FINE: Channel closed on the remote end, disconnecting Sep 16, 2013 2:17:30 PM org.apache.catalina.tribes.membership.McastServiceImpl memberDataReceived FINE: Mcast add member org.apache.catalina.tribes.membership.MemberImpl[tcp://{10, 0, 0, 100}:4001,{10, 0, 0, 100},4001, alive=1010, securePort=-1, UDP Port=-1, id={82 -45 -109 -56 -110 -5 78 -10 -103 61 -40 -59 -36 -79 104 120 }, payload={}, command={}, domain={}, ] Sep 16, 2013 2:17:30 PM org.apache.catalina.ha.tcp.SimpleTcpCluster memberAdded INFO: Replication
Re: Problems with Clustering / Session Replication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nicholas, On 9/17/13 9:59 AM, Nicholas Violi wrote: Hello, I'm setting up clustering/replication on Tomcat 7 on my local machine, to evaluate it for use with my environment/codebase, and sessions don't appear to be replicating. Hopefully I've provided enough information below, but please let me know if you have any more questions. ___Setup___ I have two identical tomcat servers in sibling directories running on different ports. I have httpd listening on two other ports and connecting to the two tomcat instances as VirtualHosts. I can access and interact with both environments on the configured ports; everything is working as expected. The tomcat servers have clustering enabled like this, in server.xml: I have to admit that I've never set up Tomcat for clustering, but I wonder if you'd have better luck configuring with a Unicast membership model to begin... it seems a bit more straightforward, and has the added benefit that it will work even if multicast isn't working on your machine for some reason. [...] so I know they're aware of each other. Hmm. Finally, when I use the Cluster/Operations MBean in jconsole to try to set property foo to bar, jconsole reports method successfully invoked, and the server logs Sep 16, 2013 2:30:18 PM org.apache.catalina.ha.tcp.SimpleTcpCluster setProperty WARNING: Dynamic setProperty(foo,value) has been disabled, please use explicit properties for the element you are trying to identify I'm not too worried about that error; mostly included to demonstrate that setProperty creates a log statement. ___What's not working___ As far as I can tell, no session information is being replicated in my app. The tomcat manager only lists sessions started on the server it's monitoring, and not the other one in the cluster. I'm under the impression that whenever the app calls HttpSession.setAttribute, that attribute should be replicated to the other cluster nodes, and I would expect that some record of that would be logged. My app includes this line: public static void saveBillingInfo(IPageContext pageContext, BillingInfo billingInfo) { pageContext.getSession().setAttribute(billingInfo, billingInfo); //etc... } where BillingInfo is a Serializable class containing only one field, a HashMap of information about the billing info. No log statements are written when this or any other line processes, and I don't see any evidence that session information is actually being shared. I believe the DeltaManager will replicate those attributes that have been set during the whole request. So, instead of sending one message per call to session.setAttribtue, you'll get one big message with all of the mutations together. But I agree you should be getting *something*. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSOGVLAAoJEBzwKT+lPKRY5P4P/0K9f4mTyWKG/MYVP6YOMkRY XCYLsFJzR4vX8SVSi1gF/ae71qE3cJbkMaXp/Lr6VAJsvJfRepw8aE8lP53N3OUo CTLMgx1Ud0cGf2iivwWUksRvPzqBg2UKTSG23wp6av0ZhJ5Qhqujh1NPdJ/91tq/ bXBlXx+/XYo6s9dYo6VhOYl+lM3VMusNJwUg6Yjb67onXzZ8LvFwXigMCVIJ2n5T c+8VJ66Jz5iOiGIWabh7mGKsDbHNsEImATLDhAxk3dyuFyQb9e/hVzXqxZoclb8N ImwDbWmEgZRew2bpXLUlGWmHt8PDxknF6D3cI7YyAw0bQ66Yw27TnEMdFx/y7yrJ YGlScXPs17ghzg3WkCHpJ0lt37TOXAdUQMcwHRg0GyiWsdoXrAfLlbkLLUnxPidr bRBswNurZQ1j4JoVYojWOhwKB3tLdeXHmNNxfjNRfi1cpnjJ1Tdumdg+Iq0LjT// nM0DciBdFEPw/jM50yR6klg8srMvPhW3HP3i6KXugcoRv4E2/9JvOTwlbJslxZD5 KHrlBTQZegkxPIuu2Bx+QIoAWtU51d2plkTGH+Kq8nGlo9o9YD3DQ0B5r1I+0R9o pAVyD42bCf/eHDNttcLqRFzXMkJftW4MloL6SuCAeu7L3pyZd42DPiw5E6+qw7uh 5zfC+mgFBJwtDgFJ7+tJ =0MQ8 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
any update on an anticipated release date for 7.0.43?
Has a decision (even tentative) been made on when 7.0.43 GA (w/ jsr 356) will release? Just curious if this will be before the end of September. Thanks, Bob - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with Clustering / Session Replication
Hi Daniel, Thanks for the response. It seems that the ports (you're correct, 4000 and 4001) aren't open; telnet reports Connection refused and nmap lists the ports as closed. Shouldn't tomcat be opening them? I'm not running a firewall or anything. I'll come back to your questions about my apache config if we get stuck, but I suspect that's not the issue. Thanks, Nick On Tue, Sep 17, 2013 at 10:52 AM, Daniel Mikusa dmik...@gopivotal.comwrote: On Sep 17, 2013, at 9:59 AM, Nicholas Violi nvi...@globalgiving.org wrote: Hello, I'm setting up clustering/replication on Tomcat 7 on my local machine, to evaluate it for use with my environment/codebase, and sessions don't appear to be replicating. Hopefully I've provided enough information below, but please let me know if you have any more questions. ___Setup___ I have two identical tomcat servers in sibling directories running on different ports. Good. Out of curiosity, are they listening on HTTP or AJP? I have httpd listening on two other ports and connecting to the two tomcat instances as VirtualHosts. This sounds a little weird, can you explain further? - Why are you listening on two ports? Is one HTTP and one HTTPS? - Where and why are you using VirtualHosts? That's unnecessary for a simple clustering setup and is probably just complicating things. - How are you connecting to your Tomcat instances? mod_proxy or mod_jk? Can you include the config? I can access and interact with both environments on the configured ports; everything is working as expected. The tomcat servers have clustering enabled like this, in server.xml: Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4001 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster Are you trying to setup sticky sessions? If so, what are you setting for jvmRoute? and I added the distributable tag to the very beginning of web.xml: web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd; version=3.0 distributable / (lots more...) /web-app ___What's working___ When the servers start, they log Sep 16, 2013 1:44:23 PM org.apache.catalina.ha.tcp.SimpleTcpCluster startInternal INFO: Cluster is about to start Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.transport.ReceiverBase getBind FINE: Starting replication listener on address:10.0.0.100 Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.transport.ReceiverBase bind INFO: Receiver Server Socket bound to:/10.0.0.100:4001 Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.membership.McastServiceImpl setupSocket INFO: Setting cluster mcast soTimeout to 500 Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:4 Sep 16, 2013 1:44:24 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:4 Sep 16, 2013 1:44:24 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:8 Sep 16, 2013 1:44:25 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
Re: Problems with Clustering / Session Replication
On Sep 17, 2013, at 9:59 AM, Nicholas Violi nvi...@globalgiving.org wrote: Hello, I'm setting up clustering/replication on Tomcat 7 on my local machine, to evaluate it for use with my environment/codebase, and sessions don't appear to be replicating. Hopefully I've provided enough information below, but please let me know if you have any more questions. ___Setup___ I have two identical tomcat servers in sibling directories running on different ports. Good. Out of curiosity, are they listening on HTTP or AJP? I have httpd listening on two other ports and connecting to the two tomcat instances as VirtualHosts. This sounds a little weird, can you explain further? - Why are you listening on two ports? Is one HTTP and one HTTPS? - Where and why are you using VirtualHosts? That's unnecessary for a simple clustering setup and is probably just complicating things. - How are you connecting to your Tomcat instances? mod_proxy or mod_jk? Can you include the config? I can access and interact with both environments on the configured ports; everything is working as expected. The tomcat servers have clustering enabled like this, in server.xml: Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4001 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster Are you trying to setup sticky sessions? If so, what are you setting for jvmRoute? and I added the distributable tag to the very beginning of web.xml: web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd; version=3.0 distributable / (lots more...) /web-app ___What's working___ When the servers start, they log Sep 16, 2013 1:44:23 PM org.apache.catalina.ha.tcp.SimpleTcpCluster startInternal INFO: Cluster is about to start Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.transport.ReceiverBase getBind FINE: Starting replication listener on address:10.0.0.100 Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.transport.ReceiverBase bind INFO: Receiver Server Socket bound to:/10.0.0.100:4001 Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.membership.McastServiceImpl setupSocket INFO: Setting cluster mcast soTimeout to 500 Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:4 Sep 16, 2013 1:44:24 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:4 Sep 16, 2013 1:44:24 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:8 Sep 16, 2013 1:44:25 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:8 When the second server starts up, the first one logs Sep 16, 2013 2:17:30 PM org.apache.catalina.tribes.group.interceptors.TcpFailureDetector messageReceived FINE: Received a failure detector packet:ClusterData[src=org.apache.catalina.tribes.membership.MemberImpl[tcp://{10, 0, 0, 100}:4000,{10, 0, 0, 100},4000, alive=112208, securePort=-1, UDP Port=-1, id={118 6 107 -67 88 98 72 95 -73 41 4 -108 58 -5 -127 -41 }, payload={}, command={}, domain={}, ]; id={25 110 120 -2 -25 6 78
Re: Problems with Clustering / Session Replication
On Sep 17, 2013, at 11:10 AM, Nicholas Violi nvi...@globalgiving.org wrote: Hi Daniel, Please don't top post. Either reply at the bottom or reply inline. That is the convention we try to follow on this list. Thanks for the response. It seems that the ports (you're correct, 4000 and 4001) aren't open; telnet reports Connection refused and nmap lists the ports as closed. Can your run netstat and see if anything is listening on those ports? netstat -tln should work on Linux or netstat -an | grep LISTEN on Mac. Sorry I'm not sure about the command on Windows. You should see something which lists the ports. Example from my Mac. tcp4 0 0 192.168.0.6.4001 *.*LISTEN tcp4 0 0 192.168.0.6.4000 *.*LISTEN tcp46 0 0 *.8080 *.*LISTEN tcp46 0 0 *.8081 *.*LISTEN ... Shouldn't tomcat be opening them? Yes it should and the logs indicate that it appears to be doing so. Output from netstat should confirm. Dan I'm not running a firewall or anything. I'll come back to your questions about my apache config if we get stuck, but I suspect that's not the issue. Thanks, Nick On Tue, Sep 17, 2013 at 10:52 AM, Daniel Mikusa dmik...@gopivotal.comwrote: On Sep 17, 2013, at 9:59 AM, Nicholas Violi nvi...@globalgiving.org wrote: Hello, I'm setting up clustering/replication on Tomcat 7 on my local machine, to evaluate it for use with my environment/codebase, and sessions don't appear to be replicating. Hopefully I've provided enough information below, but please let me know if you have any more questions. ___Setup___ I have two identical tomcat servers in sibling directories running on different ports. Good. Out of curiosity, are they listening on HTTP or AJP? I have httpd listening on two other ports and connecting to the two tomcat instances as VirtualHosts. This sounds a little weird, can you explain further? - Why are you listening on two ports? Is one HTTP and one HTTPS? - Where and why are you using VirtualHosts? That's unnecessary for a simple clustering setup and is probably just complicating things. - How are you connecting to your Tomcat instances? mod_proxy or mod_jk? Can you include the config? I can access and interact with both environments on the configured ports; everything is working as expected. The tomcat servers have clustering enabled like this, in server.xml: Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4001 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster Are you trying to setup sticky sessions? If so, what are you setting for jvmRoute? and I added the distributable tag to the very beginning of web.xml: web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd; version=3.0 distributable / (lots more...) /web-app ___What's working___ When the servers start, they log Sep 16, 2013 1:44:23 PM org.apache.catalina.ha.tcp.SimpleTcpCluster startInternal INFO: Cluster is about to start Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.transport.ReceiverBase getBind FINE: Starting replication listener on address:10.0.0.100 Sep 16, 2013 1:44:23 PM org.apache.catalina.tribes.transport.ReceiverBase bind INFO: Receiver Server
Re: Tomcat 7 SSL Setup: ERR_CONNECTION_REFUSED
Maybe it'd helpful not using the java key store (JKS). Personally on Linux Tomcat installations without native APR I use the .p12 files with this config Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=${catalina.home}/ssl/serverkey.p12 keystorePass=**PASS** keystoreType=pkcs12 / Jan Good Day! Everything was followed perfectly from this URL: http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html. I've done this setup a lot of times already and mostly I have been successful. Until our security team noticed that the installed root CA is incorrect. Instead of just importing the correct root CA, I deleted all the imported certificates (originally 2 certificates) using the keytool -delete -alias certificate nicknames -keystore .keystore. Afterwards, I imported the 2 certificates again. Now when I access https://mydomain:8443, it gives me a webpage not found with ERR_CONNECTION_REFUSED error in Chrome and ssl_error_no_cypher_overlap in Firefox. Could anyone please let me know what I must have did wrong? Thank you in advance. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with Clustering / Session Replication
On Tue, Sep 17, 2013 at 11:25 AM, Daniel Mikusa dmik...@gopivotal.comwrote: Please don't top post. Either reply at the bottom or reply inline. That is the convention we try to follow on this list. Sorry thanks. Can your run netstat and see if anything is listening on those ports? netstat -tln should work on Linux or netstat -an | grep LISTEN on Mac. Sorry I'm not sure about the command on Windows. Yep, I see them: tcp4 0 0 192.168.1.243.4000 *.*LISTEN tcp4 0 0 192.168.1.243.4001 *.*LISTEN If it matters, the apache and tomcat ports are running with a wildcard IP: tcp46 0 0 *.8082 *.*LISTEN tcp46 0 0 *.8080 *.*LISTEN tcp46 0 0 *.8081 *.*LISTEN tcp46 0 0 *.8083 *.*LISTEN Thanks, Nick
Re: Problems with Clustering / Session Replication
On Sep 17, 2013, at 11:32 AM, Nicholas Violi nvi...@globalgiving.org wrote: On Tue, Sep 17, 2013 at 11:25 AM, Daniel Mikusa dmik...@gopivotal.comwrote: Please don't top post. Either reply at the bottom or reply inline. That is the convention we try to follow on this list. Sorry thanks. Can your run netstat and see if anything is listening on those ports? netstat -tln should work on Linux or netstat -an | grep LISTEN on Mac. Sorry I'm not sure about the command on Windows. Yep, I see them: tcp4 0 0 192.168.1.243.4000 *.*LISTEN tcp4 0 0 192.168.1.243.4001 *.*LISTEN Good! Since Tomcat is listening on the ports, you just need to figure out why you can't connect to them. You should be able to telnet to the ports. Try: telnet 192.168.1.243 4000 and telnet 192.168.1.243 4001. Are you sure you don't have a firewall? Dan If it matters, the apache and tomcat ports are running with a wildcard IP: tcp46 0 0 *.8082 *.*LISTEN tcp46 0 0 *.8080 *.*LISTEN tcp46 0 0 *.8081 *.*LISTEN tcp46 0 0 *.8083 *.*LISTEN Thanks, Nick - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: any update on an anticipated release date for 7.0.43?
On 17/09/2013 15:53, Bob DeRemer wrote: Has a decision (even tentative) been made on when 7.0.43 GA (w/ jsr 356) will release? Just curious if this will be before the end of September. The native release this was blocked by has now happened. Running the unit tests has identified a series of problems with WebSocket and the APR/native connector on Windows. I think these are fixed but I need to wait for the unit test runs to complete. Literally as I typed the last sentence the Windows tests finished and they passed. Woot! I'll be tagging 8.0.0-RC2 in the next few hours. I expect Violeta will be tagging 7.0.43 either later today or early tomorrow. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Problems with Clustering / Session Replication
From: Daniel Mikusa [mailto:dmik...@gopivotal.com] Subject: Re: Problems with Clustering / Session Replication Are you sure you don't have a firewall? Remember that a firewall could be on the server, the client, or anywhere in between. The OP should first see if a connection can be made from the same system Tomcat is running on. If that doesn't work, the server firewall is blocking it. If it does work, keep looking farther up the network. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 SSL Setup: ERR_CONNECTION_REFUSED
Thank you all for your help. It just came to a point where I just had to delete the old keystore and create a new one, and request for new certificates. Now everything's working. On Tue, Sep 17, 2013 at 9:58 AM, Jan Vávra va...@602.cz wrote: Maybe it'd helpful not using the java key store (JKS). Personally on Linux Tomcat installations without native APR I use the .p12 files with this config Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=${catalina.home}/**ssl/serverkey.p12 keystorePass=**PASS** keystoreType=pkcs12 / Jan Good Day! Everything was followed perfectly from this URL: http://tomcat.apache.org/**tomcat-7.0-doc/ssl-howto.htmlhttp://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html. I've done this setup a lot of times already and mostly I have been successful. Until our security team noticed that the installed root CA is incorrect. Instead of just importing the correct root CA, I deleted all the imported certificates (originally 2 certificates) using the keytool -delete -alias certificate nicknames -keystore .keystore. Afterwards, I imported the 2 certificates again. Now when I access https://mydomain:8443, it gives me a webpage not found with ERR_CONNECTION_REFUSED error in Chrome and ssl_error_no_cypher_overlap in Firefox. Could anyone please let me know what I must have did wrong? Thank you in advance. --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: any update on an anticipated release date for 7.0.43?
-Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Tuesday, September 17, 2013 11:49 AM To: Tomcat Users List Subject: Re: any update on an anticipated release date for 7.0.43? On 17/09/2013 15:53, Bob DeRemer wrote: Has a decision (even tentative) been made on when 7.0.43 GA (w/ jsr 356) will release? Just curious if this will be before the end of September. The native release this was blocked by has now happened. Running the unit tests has identified a series of problems with WebSocket and the APR/native connector on Windows. I think these are fixed but I need to wait for the unit test runs to complete. Literally as I typed the last sentence the Windows tests finished and they passed. Woot! I'll be tagging 8.0.0-RC2 in the next few hours. I expect Violeta will be tagging 7.0.43 either later today or early tomorrow. Awesome - thx for the update! -bob Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Deploy a website downloaded from internet using wget (Tomcat 8.0 RC)
Hi I downloaded a website say test.org using wget utility. Now I want to deploy in Apache Tomcat 8.0 RC. That I have done it. But I want to do in this manner that I want to access test.org locally from my browser as if I am browsing on the internet because links in the test.org refers to itself. Because when I click any link it goes to Internet and not to my locally saved website. I do not know how to do this. I also searched in the Internet. Please help Thanks Vikram
Re: Problems with Clustering / Session Replication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chuck, On 9/17/13 12:25 PM, Caldarale, Charles R wrote: From: Daniel Mikusa [mailto:dmik...@gopivotal.com] Subject: Re: Problems with Clustering / Session Replication Are you sure you don't have a firewall? Remember that a firewall could be on the server, the client, or anywhere in between. The OP should first see if a connection can be made from the same system Tomcat is running on. If that doesn't work, the server firewall is blocking it. If it does work, keep looking farther up the network. While the above is true, OP originally said that everything was on localhost. Most software firewalls allow localhost communication by default, so I would be surprised if that's the problem. It's obviously possible that the problem is non-default firewall rules. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSOIVfAAoJEBzwKT+lPKRYSKIQAJRdVrmB4LofRLqsAPMsEzAY 8o9X+SLOxJ71lmK55G1WYOr6tzx1uEPShzuey49zEYrfd8GNa3G1/IXBLUnpO9mU 0bbCDTleCFWcpZ5JFIvd0LStcqLxH6C2y5YxIeMZgSZmB4e79jIEaPJIGZAOpsx+ NhyaV9EGwc7cwFqr983PCEwT36DeEaLs8xaVO0hx/pqHrm7XhdiEKaYb7IGIZyqv PG4J0WlDkydZhFKFyWiJwCam+ngjMd61j2LiXtN4AZFo0WUu3cLh+r1gm+1JAiY3 K577fHThrjg+Pb28tkP+m6ywY3tyGC9MoKn1RhAg4spT22YJhHADoY4l2XhAt1Iw SNAq2NV13SBmPpiyBo2p+E2uE9kpYYPGPdOppqSoTU37wiAqBEra1S/iERibtZF2 UCC5yz++vSzpH2DtkCehdp5fkymg+PciMrRbM9wg6d8GzWCB/6EIP2lAqnjT4i2u qlcfbbqQEyxhgVNQhCqoZuxA650Efl7UDUayYr6TnMgFbC2IcnascQiOSLl0HdKh mEdM/Jd042IUgY0EFtwoueEiCIyHQZW3Vy46b8eO++wzufRUeOz8BVmh9yQQyvJa LliM+vwYDjNEyEp25KTEUVJER3l+eeL4Ow6k5Nj4cJ7lIg/GmBwy32VeqZJQ+FvS 3pAHCPfYvEHyYDIXfrD9 =wFB0 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with Clustering / Session Replication
On Tue, Sep 17, 2013 at 12:08 PM, Daniel Mikusa dmik...@gopivotal.comwrote: Good! Since Tomcat is listening on the ports, you just need to figure out why you can't connect to them. You should be able to telnet to the ports. Try: telnet 192.168.1.243 4000 and telnet 192.168.1.243 4001. telnet connects fine... Are you sure you don't have a firewall? Double checked that my mac's firewall is switched off and sudo ipfw list returns 65535 allow ip from any to any Thanks, Nick
RE: Problems with Clustering / Session Replication
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Problems with Clustering / Session Replication While the above is true, OP originally said that everything was on localhost. Note the IP address reported by the OP's netstat: 192.168.1.243. That's decidedly not localhost and may be subject to firewall restrictions. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Problems with Clustering / Session Replication
From: Nicholas Violi [mailto:nvi...@globalgiving.org] Subject: Re: Problems with Clustering / Session Replication telnet connects fine... ??? Previously, you stated: telnet reports Connection refused. Which is it? Are you sure you don't have a firewall? Double checked that my mac's firewall is switched off and sudo ipfw list returns 65535 allow ip from any to any Good to get that out of the way. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Deploy a website downloaded from internet using wget (Tomcat 8.0 RC)
Why not create a local copy with the links converted ? Take a look at http://stackoverflow.com/questions/6348289/download-a-working-local-copy-of-a-webpage On Wed, Sep 18, 2013 at 12:09 AM, Vikram Singh vsp1...@gmail.com wrote: Hi I downloaded a website say test.org using wget utility. Now I want to deploy in Apache Tomcat 8.0 RC. That I have done it. But I want to do in this manner that I want to access test.org locally from my browser as if I am browsing on the internet because links in the test.org refers to itself. Because when I click any link it goes to Internet and not to my locally saved website. I do not know how to do this. I also searched in the Internet. Please help Thanks Vikram -- Do not pursue the past. Do not lose yourself in the future. The past no longer is. The future has not yet come. Looking deeply at life as it is in the very here and now, the practitioner dwells in stability and freedom. (Thich Nhat Hanh)
Re: Problems with Clustering / Session Replication
On Tue, Sep 17, 2013 at 1:16 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: telnet connects fine... ??? Previously, you stated: telnet reports Connection refused. Which is it? Apologies for not specifying. My first test was telnet localhost 4000, which refused the connection. After seeing the result of netstat I tried telnet 192.168.1.143 4000 which connected correctly. I guess it makes sense that telnet would bind to the external IP, but the cluster sibling should also be able to connect on this IP, so I'm still at a loss for what's failing. Thanks, Nick
Re: Deploy a website downloaded from internet using wget (Tomcat 8.0 RC)
Hi Vikram, But I want to do in this manner that I want to access test.org locally from my browser as if I am browsing on the internet because links in the test.org refers to itself. Because when I click any link it goes to Internet and not to my locally saved website. You should be able to edit your hosts file by adding a line like 127.0.0.1 test.org which will override the dns lookup to test.org's true IP address. See http://en.wikipedia.org/wiki/Hosts_file for the location of the hosts file on your platform.
Re: Problems with Clustering / Session Replication
On Sep 17, 2013, at 1:21 PM, Nicholas Violi nvi...@globalgiving.org wrote: On Tue, Sep 17, 2013 at 1:16 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: telnet connects fine... ??? Previously, you stated: telnet reports Connection refused. Which is it? Apologies for not specifying. My first test was telnet localhost 4000, which refused the connection. After seeing the result of netstat I tried telnet 192.168.1.143 4000 which connected correctly. I guess it makes sense that telnet would bind to the external IP, but the cluster sibling should also be able to connect on this IP, so I'm still at a loss for what's failing. How do you have HTTPD configured? It's important to get this right. Dan Thanks, Nick - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with Clustering / Session Replication
On Sep 17, 2013, at 3:08 PM, Nicholas Violi nvi...@globalgiving.org wrote: On Tue, Sep 17, 2013 at 2:34 PM, Daniel Mikusa dmik...@gopivotal.comwrote: How do you have HTTPD configured? It's important to get this right. The tomcats are running on 8081 and 8083 and apache is listening on 8080 and 8082, with each one proxied to the corresponding tomcat instance. I think these are the relevant parts of httpd.conf, but let me know if there's something else you want to see: Listen 8080 Listen 8082 [...] NameVirtualHost *:8080 NameVirtualHost *:8082 [...] VirtualHost *:8080 DocumentRoot /var/www/ ServerName local.mysite.com ScriptAlias /cgi-bin/ /var/www/cgi-bin/ [...] ProxyPass/dy http://localhost:8081/dy max=100 ProxyPassReverse /dy http://localhost:8081/dy max=100 /VirtualHost VirtualHost *:8082 DocumentRoot /var/www/ ServerName local.mysite.com ScriptAlias /cgi-bin/ /var/www/cgi-bin/ [...] ProxyPass/dy http://localhost:8083/dy max=100 ProxyPassReverse /dy http://localhost:8083/dy max=100 /VirtualHost What is your purpose with this configuration and with this setup? It's a legit setup, but may not be doing what you want. Typically you would use mod_proxy mod_proxy_balancer (or mod_jk) to front a cluster of Tomcat servers. Something like this should balance load across the two nodes in your cluster with mod_proxy. Proxy balancer://mycluster BalancerMember http://localhost:8081 BalancerMember http://localhost:8083 /Proxy ProxyPass /dy balancer://mycluster/dy Dan Thanks, Nick - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with Clustering / Session Replication
On Tue, Sep 17, 2013 at 2:34 PM, Daniel Mikusa dmik...@gopivotal.comwrote: How do you have HTTPD configured? It's important to get this right. The tomcats are running on 8081 and 8083 and apache is listening on 8080 and 8082, with each one proxied to the corresponding tomcat instance. I think these are the relevant parts of httpd.conf, but let me know if there's something else you want to see: Listen 8080 Listen 8082 [...] NameVirtualHost *:8080 NameVirtualHost *:8082 [...] VirtualHost *:8080 DocumentRoot /var/www/ ServerName local.mysite.com ScriptAlias /cgi-bin/ /var/www/cgi-bin/ [...] ProxyPass/dy http://localhost:8081/dy max=100 ProxyPassReverse /dy http://localhost:8081/dy max=100 /VirtualHost VirtualHost *:8082 DocumentRoot /var/www/ ServerName local.mysite.com ScriptAlias /cgi-bin/ /var/www/cgi-bin/ [...] ProxyPass/dy http://localhost:8083/dy max=100 ProxyPassReverse /dy http://localhost:8083/dy max=100 /VirtualHost Thanks, Nick
Re: Problems with Clustering / Session Replication
On Sep 17, 2013, at 3:39 PM, Nicholas Violi nvi...@globalgiving.org wrote: On Tue, Sep 17, 2013 at 3:21 PM, Daniel Mikusa dmik...@gopivotal.comwrote: What is your purpose with this configuration and with this setup? It's a legit setup, but may not be doing what you want. Typically you would use mod_proxy mod_proxy_balancer (or mod_jk) to front a cluster of Tomcat servers. In production we have a dedicated hardware load balancer in front of standalone servers that each run one instance of apache connected to one tomcat, so when I was looking to extend that for local testing, I just added another VirtualHost. Since apache is not concerned with load balancing in production, I don't need to complicate my local system with that detail. I would disagree with this conclusion. In your test setup you absolutely need this. In production, you don't need HTTPD because you have a dedicated hardware load balancer. Unless you have one of those on your desk, you need HTTPD to perform that role. Dan Thanks, Nick - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with Clustering / Session Replication
On Tue, Sep 17, 2013 at 3:21 PM, Daniel Mikusa dmik...@gopivotal.comwrote: What is your purpose with this configuration and with this setup? It's a legit setup, but may not be doing what you want. Typically you would use mod_proxy mod_proxy_balancer (or mod_jk) to front a cluster of Tomcat servers. In production we have a dedicated hardware load balancer in front of standalone servers that each run one instance of apache connected to one tomcat, so when I was looking to extend that for local testing, I just added another VirtualHost. Since apache is not concerned with load balancing in production, I don't need to complicate my local system with that detail. Thanks, Nick
Re: Problems with Clustering / Session Replication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nicholas, On 9/17/13 3:39 PM, Nicholas Violi wrote: On Tue, Sep 17, 2013 at 3:21 PM, Daniel Mikusa dmik...@gopivotal.comwrote: What is your purpose with this configuration and with this setup? It's a legit setup, but may not be doing what you want. Typically you would use mod_proxy mod_proxy_balancer (or mod_jk) to front a cluster of Tomcat servers. In production we have a dedicated hardware load balancer in front of standalone servers that each run one instance of apache connected to one tomcat, so when I was looking to extend that for local testing, I just added another VirtualHost. Since apache is not concerned with load balancing in production, I don't need to complicate my local system with that detail. If you want a less complicated setup, then take Apache httpd out of the equation entirely. If you already have load-balancing out front, what is httpd doing for you? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSOL9dAAoJEBzwKT+lPKRYVwoP/iuZYLTFbW7XRg9f5UYZNef7 RGe12De3v5uKMdLo7XjZlgszQfel/pCgBjzU21/QKJ+dZrdfgWPJ+FEQJJp+qSek MIuYhXzpnvOgmht3aYIud1SI+JwcvZO5Gbx3sDq+7tEzVzBS6u3WrtbUq51Vh2Dq lvdxLcr3qEB3tjEsCDjDpKZ7gHp5ZlXzPJz1UwBxZKTM2hBB1mP+uAaU0xjvQFyO eU8iJT48t9I8p6nNqLNoERt8mO81CTBcQw5Amc7c5VXHsJ1jaICDbOPazAU+uPkI ywWtBDw9E+c29qPftZqN2e7gnj3+pH0oqJBWxyG0mnMgMnAqO+KneUz9uzbqUrS0 1NPraHXB0EU3K4/hmHxjIRPLo3rrOt2akFppZzkVd0l0AvEnk5bS/d2DFcdGIvZR bnB3Ats2JWuKsjhDQNuXqaQeG6FcbGIZRbwUn4pkRvczDkQpwTkZGQCjPBdwAqWL 2wDYnERW5kJ4AnJjpx1MmKyZguWxCdj678TYx2m4pCKM6/rInPTtovRLTACeA1vX uyWdGxqet5r1DD168RGr1hU9wIGsqBGS1BVvS6LnFSz6Y1JMnw/hni+vn+adMTmh w9YDlzxb3i2kmsGaaqXM7EjmTfwNl5kJmQlZZSlj1BLvhN/NmE/L8EpNfdO/53vn rQeSn7qrM+RaWF6CNQuT =yCjK -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with Clustering / Session Replication
On Tue, Sep 17, 2013 at 4:18 PM, Daniel Mikusa dmik...@gopivotal.comwrote: I would disagree with this conclusion. In your test setup you absolutely need this. In production, you don't need HTTPD because you have a dedicated hardware load balancer. Unless you have one of those on your desk, you need HTTPD to perform that role. Since this is just for testing, my plan was to use the two alternate ports to mimic load balancing: I can interact with tomcat A on port 8080, then switch to 8082 and hopefully see the same session data on tomcat B. What benefit does apache load balancing bring to my testing of the clustering features?
Re: Problems with Clustering / Session Replication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nicholas, On 9/17/13 4:33 PM, Nicholas Violi wrote: On Tue, Sep 17, 2013 at 4:18 PM, Daniel Mikusa dmik...@gopivotal.comwrote: I would disagree with this conclusion. In your test setup you absolutely need this. In production, you don't need HTTPD because you have a dedicated hardware load balancer. Unless you have one of those on your desk, you need HTTPD to perform that role. Since this is just for testing, my plan was to use the two alternate ports to mimic load balancing: I can interact with tomcat A on port 8080, then switch to 8082 and hopefully see the same session data on tomcat B. What benefit does apache load balancing bring to my testing of the clustering features? If you wanted to mimic load-balancing (meaning that you as a human arbitrarily choose which back-end instance to contact) then you didn't need Apache httpd in the mix: you can simply connect directly to whichever Tomcat you want. I think we're getting off-topic, though, as it seems the cluster membership is the problem and not loca-balancing and/or app-server-selection. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSOL/UAAoJEBzwKT+lPKRYITUQAMYsZ2jxr/9j8ECtNpR94mS0 jaNzkqHizcUm2B0RFMlqArrdZX6W+7IaaE4L2ZVTDvlBtXP8bYwkLFq/Irvv+g2E Y13SIzN9IIfR3+ZsYjOkDKeiEGo3z7nYaEhbB+wu3EIFjLIV4K88QTpcdCu8Q+uo D6OLtKOmqzUUJk/aLPCBV0OmiwK/BVdoLUMGG/prFaQohId+5ay7DFrukjKusDAb EtOtJe6nNdciAsj5jaQhpybOozoKHICiPJT4zURRfoXCUjD8nlCt6SwlMaKVCSVC 5HoO4LtVYbkUG3j8MeUiLXGoGqvNEmg+vEFB5MyAzeCqzzVokpvUi4Mfmj0k2/HQ IRSCoqZsrarFjT4JsUnMUV+r79xzJZpiz864F4Jyhatztb6dZpOZ3ZLUb0e8/0ft SUiK+a8Ao1m29LsEtSC9JrsDM6+NqOIk28c8hKl73dGOeYGhxDpJkpE09wlUcEB1 qEO/LOGFsdOBZuVOhFj6r9dYdWVvBMvGcm8BdDIhdlteGNcFJgoqFsXRAhDvORck DLDsvKSfT4DxyKcgnkBMcDg9x1JjVjk1Z9dZRMl/9fdhGCQFZhMin9ORTtsp2fx5 4bc5qs/NRUdtc1g4uNcAqUw9yAV++afpIhygLnN7JWtvjMVf63C4wtvR0oQPTE8H usbZAJrT1/yN/7ZBnZrf =2SwC -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with Clustering / Session Replication
On Sep 17, 2013, at 4:18 PM, Daniel Mikusa dmik...@gopivotal.com wrote: On Sep 17, 2013, at 3:39 PM, Nicholas Violi nvi...@globalgiving.org wrote: On Tue, Sep 17, 2013 at 3:21 PM, Daniel Mikusa dmik...@gopivotal.comwrote: What is your purpose with this configuration and with this setup? It's a legit setup, but may not be doing what you want. Typically you would use mod_proxy mod_proxy_balancer (or mod_jk) to front a cluster of Tomcat servers. In production we have a dedicated hardware load balancer in front of standalone servers that each run one instance of apache connected to one tomcat, so when I was looking to extend that for local testing, I just added another VirtualHost. Since apache is not concerned with load balancing in production, I don't need to complicate my local system with that detail. I would disagree with this conclusion. In your test setup you absolutely need this. In production, you don't need HTTPD because you have a dedicated hardware load balancer. Unless you have one of those on your desk, you need HTTPD to perform that role. Dan Disregard this. For some reason I was thinking HTTPD is necessary. Chris is right as usual, it's not necessary for a simple test. Tried a quick two node setup on my Mac w/out HTTPD and it worked OK. Go to one Tomcat instance's port in chrome, it increments the counter in my app. Refresh a few times. Open a second tab, go to the second Tomcat instance's port. The counter picks up where it left off and continues incrementing. Flipping back and forth between tabs / servers works fine. Here's the cluster config that I used in case it helps. Cluster channelSendOptions=8 className=org.apache.catalina.ha.tcp.SimpleTcpCluster Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership address=228.0.0.4 className=org.apache.catalina.tribes.membership.McastService dropTime=3000 frequency=500 port=45564/ Receiver address=auto autoBind=100 className=org.apache.catalina.tribes.transport.nio.NioReceiver maxThreads=6 port=4000 selectorTimeout=5000/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster Beyond that, have you tried increasing the log levels? Dan Thanks, Nick - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache Tomcat 8.0.0-RC2
I'm trying out the new Apache Tomcat 8.0.0-RC2 with some existing web applications that work fine under Apache Tomcat 8.0.0-RC1. I am now seeing literally thousands of warning messages at start up time: 17-Sep-2013 20:19:40.346 WARNING [hostname-startStop-1] org.apache.catalina.webresources.Cache.getResource Unable to add the resource at [{0}] to the cache because there was insufficient free space available after evicting expired cache entries - consider increasing the maximum size of the cache (Note that the [{0}] is the actual text, which suggests a secondary problem.) Are these messages the result of the Context configuration elements cacheMaxSize, cacheObjectsMaxSize, cacheTTL, and cachingAllowed? Would it be better to not omit these messages at catalina start up if they are for static resources which have been requested by clients? Thanks! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
WebSocket message size limits
Dear All, I am looking for help in understanding why the size of the inbound WebSocket message is limited to 125 bytes. I realize that this may not even be the right place for my question, but am still hoping for a clue. From looking at the RFC 6455, Sec. 5.2 Base Framing Protocol, I am making two conclusions: 1. There's nothing in it to suggest a payload length asymmetry between inbound and outbound messages. Yet, although I am able to send very large messages to the browser, an attempt to send anything over 125 bytes results in error and a connection shutdown. (I tried FF and Chrome on a Mac). 2. It's easy to see from the wire protocol why 125 is the simplest payload length but other sizes up to unsigned 64 bit int are supported. So, browser's failure to transmit more than 125 bits indicates both, the most restrictive payload size AND lack of support for fragmented messages. The error that FF gives reads The decoded text message was too big for the output buffer and the endpoint does not support partial messages which to me reads like they are saying that Tomcat did not indicate during handshake that it accepts multi-part messages. True? I can't speak for others, but for my project 125 bytes is unacceptably small. So, fundamentally what I need to know is this: do I need to implement my own fragmenting or am I missing something? Many thanks in advance, -Igor.
Re: Filtering HTTP OPTIONS request method from logs?
On 17/09/2013 5:05 PM, André Warnier wrote: Jim Barber wrote: All, On 16/09/2013 10:52 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Felix, On 9/16/13 10:25 AM, Felix Schumacher wrote: Am Montag, den 16.09.2013, 10:02 -0400 schrieb Christopher Schultz: Jim, On 9/16/13 3:42 AM, Jim Barber wrote: I'm hoping someone on this list can help me since I've been reading docs, mailing lists, FAQs, and so on for hours now, and I'm not having much luck finding an answer to my question. I am using Tomcat version 7.0.42 as packaged in Debian Linux. In front of my Tomcat servers, I am using haproxy for load balancing. The haproxy load balancers are using the HTTP OPTIONS request method to check if the Tomcat servers are alive and healthy. This results in log entries like the following in the Tomcat accesslog file: 10.122.32.4 - - [16/Sep/2013:17:12:49 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:12:51 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:12:53 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:12:55 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:12:57 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:12:59 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:13:01 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:13:03 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:13:05 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:13:07 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:13:09 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:13:11 +1000] OPTIONS / HTTP/1.0 200 - At the moment I'm getting one of these every 2seconds, but I haven't enabled the second load balancer for HA purposes yet. When I do that, I'll be getting twice as many hits of this type. This is going to result in rather large log files full of noise that I'm not interested in. Playing the devil's advocate here a bit... Why wouldn't you be interested in getting these logs? They are requests being handled by your web server. They require (a small amount of) time and resources to process, and indicate that your lb is still reaching-out to determine the status of the app server. My recommendation would be to leave those logs in there (they accurately describe a real request) and filter them out if you want to do some kind of analytics against your log files and consider those OPTIONS requests to be noise. I have had one case where I wanted to get rid of those requests too, so I can understand the OP. But I have to admint I had a scary feeling about it. Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=%h %l %u %t quot;%rquot; %s %b / Specifically adding the condition=VALUE attribute, but I have no idea what to set VALUE to. It's not that simple: if you want to use condition, then you have a write a Valve (can't be a Filter, since it must run *before* the AccessLogValve) that tests the request and sets a request attribute that will then trigger this condition. That is not true, you can use a filter, since the logging will happen *after* the request and can and will check the request attribute then. Thanks for pointing that out. After I had sent my message, I realized that and decided not to post a followup after reading yours. - -chris Thank you all for your responses. It looks like I'll just have to put up with these messages. There seems to be no easy way to filter them out. Actually, based on earlier responses and on the URLrewrite filter (http://http://tuckey.org/urlrewrite/), there may be a solution after all, which does not involve additional Java programming, as long as you are willing to do some research by yourself. (Short intro : the URLrewrite filter is a bit of a workhorse, simioar to mod_rewrite for Apache httpd, and which can do a multitude of things when it comes to filter/modify HTTP requests in Tomcat) First, get the URLrewrite User's Manual at http://urlrewritefilter.googlecode.com/svn/trunk/src/doc/manual/4.0/index.html and then search for : condition element (see method and remote-addr) and set element (see request (default)) : The same as request.setAttribute([name], [value]) (note, name must be set). So, the requests that you want to not log look like this : 10.122.32.4 - - [16/Sep/2013:17:12:49 +1000] OPTIONS / HTTP/1.0 200 - 10.122.32.4 - - [16/Sep/2013:17:12:51 +1000] and thus they address the / (default) webapp, originate from the client IP 10.122.32.4, and have the method OPTIONS. And on the other hand, the AccessLogValve has an attribute which allows you to specify that if the request has an attribute (e.g.) nolog set, it will not be logged. So, by configuring your ROOT (default) webapp to include the URLrewrite filter, and configuring this filter properly, you should be able to attain your