Re: Tomcat logging, request
André Warnier a...@ice-sa.com wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 10/25/13, 7:18 AM, André Warnier wrote: For example, a utility such as logrotate, in the sysadmin world, is like a gift of God. Most server-like programs allow logrotate to rotate their logfiles, compress old ones, remove even older ones, etc. to keep things running smoothly over time. It's a simple thing, but it saves many hours that would otherwise have to be dedicated to monitoring and reacting to such repetitive occurrences. Tomcat, at this moment, does not really allow that. It does, but it's not terribly obvious how to do it. Here are some ways to do it: 1. Modify catalina.sh to pipe | instead of redirect 2. Use catalina.sh start | chronolog or whatever 3. Configure logrotate to copy-and-truncate 4. Set CATALINA_OUT=/dev/null before launching 5. Set up a named pipe and set CATALINA_OUT to it before launching (Plus have another process drain that pipe) That is because there is no simple mechanism to tell Tomcat to relinquish control of its current logfiles for a moment, short of stopping Tomcat completely and restarting it (which interrupts the service, sometimes for a significant amount of time). What happens in httpd if I write a module that writes to stdout instead of the proper httpd-provided logging mechanisms? The module's stdout/stderr is redirected to the Apache error log. So my request is simple (at least to express) : can someone among the Tomcat luminaries not imagine a mechanism by which Tomcat would, on request from an external program or script, do something like the Apache httpd does during a soft reload : wait for the current requests to terminate, close all logfiles and re-open them ? For example : there already exist a shutdown port, and a bunch of Listeners. Could there not be a logs rotate port or a logrotate listener ? It seems like this could be done via the manager webapp. I am not underestimating the possible difficulty of the task, and probably tackling such an issue is ultimately less rewarding for a developer than implementing the latest in webapp or HTTP technology. But many sysadmins worldwide would be grateful if this came to pass and I am sure that it would do a great deal to increase the popularity of Tomcat among them. Honestly, the only time this is really a problem is when catalina.out is filling-up with junk, right? It's always awkward when that happens. Yes, but the point is : the sysadmins do not generally control the code of the webapps. They are just told to run them. And there are a lot of webapps that write to stdout. That's precisely the case of the last OP who posted about this. But not only /his/ problem, by any means. Would this help solve the problem? https://issues.apache.org/bugzilla/show_bug.cgi?id=53930 If so, the number of votes for an enhancement is one of the factors I take into account when trying to figure out which enhancement request to look at next. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 8 Websockets configuration
Hi, I've just started looking at the javax.websocket implementation in tomcat 8 and I have a question about how one integrates an endpoint with application code. Using servlets as an analogy, web.xml allows configuration information to be passed to servlets when they are initialized. Is there an equivalent in the javax.websocket world? If not, are there any suggested practices for achieving this? Neil - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8 Websockets configuration
I've just started looking at the javax.websocket implementation in tomcat 8 and I have a question about how one integrates an endpoint with application code. Using servlets as an analogy, web.xml allows configuration information to be passed to servlets when they are initialized. Is there an equivalent in the javax.websocket world? If not, are there any suggested practices for achieving this? and i have a follow up question about this, with a servlet or a filter you can do: getServletContext() then you have access to the resources of the web application and stuff like that How is that possible in an websocket endpoint? If i want to load in a file that is in the current webapps WEB-INF dir how do i do that? How do i get an url or inputstream (getResource() call) to that file? johan
[ANN] Apache Tomcat 7.0.47 released
The Apache Tomcat team announces the immediate availability of Apache Tomcat 7.0.47. Apache Tomcat is an open source software implementation of the Java Servlet, JavaServer Pages and Java Expression Language technologies. This release contains a number of bug fixes and improvements compared to version 7.0.42. The notable changes include: - Back-port the JSR-356 Java WebSocket 1.0 implementation from Apache Tomcat 8. - Deprecate the Apache Tomcat proprietary WebSocket API in favour of the new JSR-356 implementation. - Add a drawing board example to the WebSocket examples. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html Note: This version has 4 zip binaries: a generic one and three bundled with Tomcat native binaries for Windows operating systems running on different CPU architectures. Note: Use of the JSR-356 Java WebSocket 1.0 implementation requires Java 7. Note: If you use the APR/native AJP or HTTP connector you *must* upgrade to version 1.1.29 or later of the APR/native library. Downloads: http://tomcat.apache.org/download-70.cgi Migration guides from Apache Tomcat 5.5.x and 6.0.x: http://tomcat.apache.org/migration.html
Secure Tomcat With SSL
Tomcat 7.0.42 on SLES11. I am following http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration to secure tomcat. I have uncommented the SSL HTTP section. The configuration section of that doc, importing the certificate: i have a go daddy bundle in crt format. I can download the cert bundle from go daddy for tomcat but it also is a crt file. Do i have to run this exact command: openssl pkcs12 -export -in mycert.crt -inkey mykey.key \ -out mycert.p12 -name tomcat -CAfile myCA.crt \ -caname root -chain - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure Tomcat With SSL
Chris, On 26.10.2013 23:39, Chris Arnold wrote: Tomcat 7.0.42 on SLES11. I am following http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration to secure tomcat. I have uncommented the SSL HTTP section. The configuration section of that doc, importing the certificate: i have a go daddy bundle in crt format. I can download the cert bundle from go daddy for tomcat but it also is a crt file. Do i have to run this exact command: openssl pkcs12 -export -in mycert.crt -inkey mykey.key \ -out mycert.p12 -name tomcat -CAfile myCA.crt \ -caname root -chain It looks ok to me. Does it work for you? It will create PKCS#12 keystore file (mycert.p12), so you may: 1. add parameter keystoreType=pkcs12 to your HTTPS connector, and use that file, or 2. convert PKCS#12 keystore to Java Keystore format, and use default keystore type (JKS). This is both possible, only if you plan to use either BIO or NIO HTTP connector. If you plan to use APR, connector configuration is completely different. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure Tomcat With SSL
Chris, On 26.10.2013 23:39, Chris Arnold wrote: Tomcat 7.0.42 on SLES11. I am following http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration to secure tomcat. I have uncommented the SSL HTTP section. The configuration section of that doc, importing the certificate: i have a go daddy bundle in crt format. I can download the cert bundle from go daddy for tomcat but it also is a crt file. Do i have to run this exact command: openssl pkcs12 -export -in mycert.crt -inkey mykey.key \ -out mycert.p12 -name tomcat -CAfile myCA.crt \ -caname root -chain It looks ok to me. Does it work for you? It doesn't look like it will work as i do not have a ca file. It will create PKCS#12 keystore file (mycert.p12), so you may: 1. add parameter keystoreType=pkcs12 to your HTTPS connector, and use that file, or 2. convert PKCS#12 keystore to Java Keystore format, and use default keystore type (JKS). This is both possible, only if you plan to use either BIO or NIO HTTP connector. If you plan to use APR, connector configuration is completely different. Not sure what either of these are. I just need secure tomcat - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org