Re: Tomcat 7.0.28 ignoring context copyXML attribute and web-fragments
Upgrading the package solves these issues, but other appear: the xml file not being actually copied. "dpkg -s tomcat7" still returns 7.0.28. So it is quite probably not correct anymore. Now we know that manual installation is the way to go, thanks! On Mon, Sep 28, 2015 at 9:18 AM, Fernando Gonzálezwrote: > Yeah, normally I install "real Tomcat" but this server is not under my > control. I'll try to update the Debian package and/or to a manually > installed one and report back if the issues are gone. > > Many many thanks for the hint! > > On Mon, Sep 28, 2015 at 2:10 AM, Caldarale, Charles R < > chuck.caldar...@unisys.com> wrote: > >> > From: Fernando González [mailto:fergo...@gmail.com] >> > Subject: Tomcat 7.0.28 ignoring context copyXML attribute and >> web-fragments >> >> > I am using Tomcat 7.0.28 and I am deploying a .war with a context.xml >> > that sets the copyXML attribute to "true". >> >> That version is over three years old and does not include copyXML in a >> element. Not keeping up with current releases opens your website >> up to attacks fixed in later versions. >> >> > when I copy the war to the webapps folder, I get the following >> > message in catalina.out: >> >> > "Setting property 'copyXML' to 'true' did not find a matching property." >> >> As you should. >> >> > and the context.xml will not be copied to conf/Catalina/localhost/. >> >> You can set copyXML in the element if you insist on running old >> software. >> >> > The o.s. is a Debian 7 and the administrator said he just installed >> tomcat from the debian >> > package. The command "dpkg -s tomcat7" gives me version 7.0.28. >> >> Which may or may not be correct, since third-party distributions often >> cherry-pick changes to include, along with generally corrupting the >> standard Tomcat file layout. >> >> I strongly recommend that you deinstall the Debian package and use a >> current, real Tomcat from tomcat.apache.org. >> >> - Chuck >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is thus for use only by the intended recipient. If you >> received this in error, please contact the sender and delete the e-mail and >> its attachments from all computers. >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
Re: Need help understanding support for Unix Domain Sockets in Tomcat 7.0.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Frederik, On 9/28/15 11:13 AM, Frederik Nosi wrote: > Hi, On 09/26/2015 02:04 AM, Christopher Schultz wrote: Graham, > > On 9/25/15 7:23 PM, Graham Leggett wrote: On 25 Sep 2015, at 10:33 PM, Christopher Schultzwrote: > While I obviously agree with the sentiment, I do feel bad > for the OP who has to fight this battle. It is important however to clarify that this isn’t a typical scenario, lest someone cites this thread as to why they should be doing the same thing. > 1. All the code we currently have in tcnative uses APR for > everything, and I'm not sure if APR supports AF_UNIX > sockets, or even if it would have to support them to do > this. The as-yet-unreleased v1.6 of APR does support unix domain sockets, although the docs for it don’t appear to be very clear. > 2. The plumbing required to configure an AF_UNIX socket is > non-trivial, and it's currently all wired-around using > AF_INET sockets, so it's got hostname, port, etc. I suppose > we could stuff the inode's name into the hostname and > ignore the port number or something like that, but it's > fairly hacky. Currently APR seems to accept the UDS filename where the IP address would otherwise be provided. > So this is a non-trivial amount of work, here. > > Srini, is there any chance your employer would pay someone > to write this code? Patches are always welcome, and Tomcat > is otherwise completely free… If there was a push for unix domain sockets from Tomcat it would definitely help working out whether the APR_UNIX implementation does what it needs to do, and gets properly documented and v1.6 released. > I don't really see this happening. > > I'm fairly sure that the widespread use of HTTP/2 is going to kill > AJP forever, leaving only mod_proxy_http(2) as a viable long-term > connector. Nobody is ever going to bother writing an AF_UNIX > connector for HTTP/2, so I think this idea is very likely to die in > this thread. > >> Not sure on this, as AJP is quite handy. Expecialy load balancing >> java webapps and i find mod_jk quite good at this. Remember, it's not mod_jk doing the load-balancing, it's Apache httpd. mod_jk is simply providing the channel over which the proxying is being done. In a thread on the dev list, I'm a little more defensive of AJP because of its ability to pass data out-of-band with respect to the tunneled HTTP message. There definitely is utility there. >> Out of curiosity, why do you think so? What does offer HTTP/2 >> that can be handy in a reverse proxy scenario? Compression / >> streams? It's not that I think HTTP/2 offers a particular advantage over AJP, but HTTP/2 *will* be implemented and it offers a number of advantages over AJP (specifically, encryption as part of the HTTPS protocol). Currently, AJP doesn't support the connection-oriented web protocols like Websocket, and it just seems like it will be a huge effort to get AJP to be able to tunnel everything that both HTTP and HTTP/2 offer. Since HTTP/2 is going to (eventually) have to support all this, and httpd is going to (eventually) implement HTTP/2 proxying, I'm not sure I see a great benefit to continuing to maintain AJP and mod_jk along with it. mod_jk was great when proxying was otherwise very complicated with Apache httpd. That's no longer the case, and I think it makes sense to push mod_proxy_http to support all the great features that AJP/mod_jk is currently providing. There is no great need to maintain two components that do pretty much the same thing, when one of those components (mod_jk) has a very narrow use-case and the other (mod_proxy_http) has very wide applicability. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWCWY6AAoJEBzwKT+lPKRYVboP/3t1DbLZ3IgizG6ISeuQmDJC kxlFnxhKZ5EErI3o9BUIs/e65/iWqVNNhY6AMJOPcMKEfLDc7SsF0Vu5+Y/Si4K8 5Y+s1l1t5peLJB6eNxAGaCEULE3DwBtCF2Zwok99OdGWEzXI8NzHpCUIPdJ2Uh0g ezeaY1MAkYTzs1JGsN+m7u4Z04h6khnhS6hSseFoCKyF1nFHTb+f7xjBbT9dN2CO kBANTK+CjT/WtOw3pjb9EMJ7AbRO4AgoT2gfuuol+LDTeQZiWcwQpLXLIxKN84ra rStt1ijPGVUbar4q/DHq+gbUk4CeDQwcpVqTBeos2r+GSV2BqWiGrqdTstA6qUXl evn61o0PTOA9raNTn8PIhxWhJOuKn6gQOGvW2NQzVuqAzLTqeqep8cCsvcQkjQkj NlbjSrCJR5iiP0V/Q68cqX6qgJvZcMjQ4EFHxswKxS19xg4NhHU3wW1CuhzShZxa DUfxVDTT1Jnk36CaX2ijIY/q7oxQMDfuuLub4Tmg974o4HcPuNG/c0Y72A7yZbaZ mxwfxezGGu9QAwyVzAg1EF7QOaCgO1tvIjfimuG6ye27bJeX6WTT6FDvdHFYsCjk H6e/j5qv3OLff217Y73g+LLiDlbqO+RbowBSzGNBTZtnMKaxrqG0tYObfJmk5stY mIYPp6B/CrsY3fSlPDna =QplG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need help understanding support for Unix Domain Sockets in Tomcat 7.0.x
Hi, On 09/26/2015 02:04 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Graham, On 9/25/15 7:23 PM, Graham Leggett wrote: On 25 Sep 2015, at 10:33 PM, Christopher Schultzwrote: While I obviously agree with the sentiment, I do feel bad for the OP who has to fight this battle. It is important however to clarify that this isn’t a typical scenario, lest someone cites this thread as to why they should be doing the same thing. 1. All the code we currently have in tcnative uses APR for everything, and I'm not sure if APR supports AF_UNIX sockets, or even if it would have to support them to do this. The as-yet-unreleased v1.6 of APR does support unix domain sockets, although the docs for it don’t appear to be very clear. 2. The plumbing required to configure an AF_UNIX socket is non-trivial, and it's currently all wired-around using AF_INET sockets, so it's got hostname, port, etc. I suppose we could stuff the inode's name into the hostname and ignore the port number or something like that, but it's fairly hacky. Currently APR seems to accept the UDS filename where the IP address would otherwise be provided. So this is a non-trivial amount of work, here. Srini, is there any chance your employer would pay someone to write this code? Patches are always welcome, and Tomcat is otherwise completely free… If there was a push for unix domain sockets from Tomcat it would definitely help working out whether the APR_UNIX implementation does what it needs to do, and gets properly documented and v1.6 released. I don't really see this happening. I'm fairly sure that the widespread use of HTTP/2 is going to kill AJP forever, leaving only mod_proxy_http(2) as a viable long-term connector. Nobody is ever going to bother writing an AF_UNIX connector for HTTP/2, so I think this idea is very likely to die in this thread. Not sure on this, as AJP is quite handy. Expecialy load balancing java webapps and i find mod_jk quite good at this. Out of curiosity, why do you think so? What does offer HTTP/2 that can be handy in a reverse proxy scenario? Compression / streams? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWBeEhAAoJEBzwKT+lPKRYzU0QAIKV6imgl5CIyQW60QaTxERY 92VX4/s305D02r1Pp2Mji/kxmnylLgRq1ZQEwq7Jnygcm8NKPjHQQtOieSlSTHEO S/OvB8p57arsY8N5JRcf2+mequYcNx5CbeWSSbqp2DS7KEli8FKyDHKpeioNVmZX qWaWqG1mADxQBoLOgsk0opa82R18VadRQL4iKk+K28S3QLIFoIlOpi5pWOaothiV RHBPQ282FfSJMfwhqmtirS3ZyqNu9Tve/e21kz1eCeBh/9L9sOI6E2EFKcF2Mq1Q 2PPoY3EuxSIlUeVKQgZZL+QPUy3UDcWmlsm6WNxCLQRIkpSXLfmJr2JpAwJaL2if 6Ssd9nVizP29WcnKQa8qWC50vrlbOROb9OaI/2t/zjdAWFKRdyG2FKHJQB+lolxV +A+xiHIaATrcLTtkbbwm+dcUl6KFx/UMKmCLdK7+m19RDmTdeYeUSEvNXidZopb8 mZe4T87KbOrwMpqAjlehlqSOY3B993ZQu3bQdB+S1H0AdjXAL+C7umtzNX3qFb1C KmJBpmt6AhIzaLYCiwHK3sYEp0BW5PYTMrM6MNJErheGvbxmfo7yPTYsVgfmTsMM VS6kZqCXogj/FPaIna8X3UJr4BSEP5Dwx5AUZXS4qd1EcFT7gSKYD5+1vApsfUGh cjAzQL+QFx/pl3DEtG8w =whRf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Parallel Deployment: Can I request a specific webapp version?
>> You have competing requirements: >> >> 1. All servers are the same >> >2. Some subset users get a different version of the application >> > >All servers would have all versions of the app, thats the whole point >:) >I.e. >Instead of >Server 1 - 3: App Version 001 >Server 4 - 6: App Version 002 > >I would have >Server 1-6: App Version 001 + 002 > >Parallel deployment makes this possible and simple to use. As far as I understand (and use it on a daily basis), parallel deployment allows to upgrade a webapp to a new version with no downtime, new sessions being handled by the newest version and existing ones beinig handled by the version already handling them. That the only case where I see parallel deployment using multiple versions. And so I see no case where new sessions arr handled by two different versions. So, it seems to me that // deployment is not a fit for your requirements. I find them interesting anyway, as I would really like to be able to have a finer control on the selection of the "current" version. This would allow transparent downgrades, without removing or stopping a version and help solve a stupid problem I had several times : // deployment sort versions alphabetically. So, version 1.1.9 is prefered to 1.1.10, for instance... Ludovic - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.28 ignoring context copyXML attribute and web-fragments
Yeah, normally I install "real Tomcat" but this server is not under my control. I'll try to update the Debian package and/or to a manually installed one and report back if the issues are gone. Many many thanks for the hint! On Mon, Sep 28, 2015 at 2:10 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Fernando González [mailto:fergo...@gmail.com] > > Subject: Tomcat 7.0.28 ignoring context copyXML attribute and > web-fragments > > > I am using Tomcat 7.0.28 and I am deploying a .war with a context.xml > > that sets the copyXML attribute to "true". > > That version is over three years old and does not include copyXML in a > element. Not keeping up with current releases opens your website > up to attacks fixed in later versions. > > > when I copy the war to the webapps folder, I get the following > > message in catalina.out: > > > "Setting property 'copyXML' to 'true' did not find a matching property." > > As you should. > > > and the context.xml will not be copied to conf/Catalina/localhost/. > > You can set copyXML in the element if you insist on running old > software. > > > The o.s. is a Debian 7 and the administrator said he just installed > tomcat from the debian > > package. The command "dpkg -s tomcat7" gives me version 7.0.28. > > Which may or may not be correct, since third-party distributions often > cherry-pick changes to include, along with generally corrupting the > standard Tomcat file layout. > > I strongly recommend that you deinstall the Debian package and use a > current, real Tomcat from tomcat.apache.org. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail and > its attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Parallel Deployment: Can I request a specific webapp version?
Hello, On 27 September 2015 at 23:55, Christopher Schultz < ch...@christopherschultz.net> wrote: > > You have competing requirements: > > 1. All servers are the same > 2. Some subset users get a different version of the application > All servers would have all versions of the app, thats the whole point :) I.e. Instead of Server 1 - 3: App Version 001 Server 4 - 6: App Version 002 I would have Server 1-6: App Version 001 + 002 Parallel deployment makes this possible and simple to use. > Sounds like they can't co-exist without some kind of compromise. We > are offering one that works with currently-available software. > Please elaborate /Linus > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJWCGXOAAoJEBzwKT+lPKRYi5sQAJ9A8eJrs4kxIXIECSl/bbtd > wdEWpDc2QxJ7eZ/o999ZfDfABylZAt0opRGCyqrxt4humh1TJvECWl2HGNiLjdR7 > ciD+4dtjDTCpv7yfEfCJXn4YL60RK35lJ5lXBGsBClmVg2y5vwdqng8KGg/pVotN > AIe6BHBsiTLuY5Kep6K9RElYPab/71noN/U4j1N12Jf5puKDU+Spbc07Fy5OGsCl > 5p0s7HsysHeFDiWY9uMIgtF2pJSgoFFF6+S2RHu+wON9m4OciNvZJlh2IYzgM24W > lJOYm4jqqyHR6Bx3UoXIOFc4HAXwoX13xxPLYbLuILTW7DyFFzkBltTAFqFvC5Fn > moAGs3jgFqdxlexJ49UjMSO+CCdMCnwvH9zOLM/HDZEN1UItwsCVeU0hiXLC6a8Y > 5aHjNkLo71IeZq7sjOxw1h/3fMvazbBYwu+VZE//4WKBSaqE//KlKOJBUgPZ2R2R > S5+MjW97+sgj4wpsZRlt8jmMpcugfn6lWMtpvGj4/NXykoomYnpmsF7cJhgH47S+ > 3fdeRymyw9BnsNvJNULbfjXZoUL9XFpH6WQb5127cYzBrapIYOSoTYn+H/SaeGgi > pXMJspKz8qb8W9f3yBekQFM7kGcP1cBvp6JTAGwbsTx8VM5oJlffNi7RAVEO6DeV > IqyVpqOKOnu2GwhpzIs5 > =6+bn > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- *Linus Brimstedt * CTO +46 70 - 683 98 54 linus.brimst...@viskan.se *Viskan Distanshandel System AB* Druveforsvägen 8 504 33 Borås, Sweden +46 33 - 20 60 20 www.viskan.se
Re: NIO2 SSL Handshake usage
On 28/09/2015 11:50, kamalakannan chandrakumar wrote: > I'm not talking about Handler classes in SecureNIOChannel. > It is for SecureNIO2Channel. Those are internal Tomcat classes. They are not designed for re-use outside of Tomcat. Mark > > Regards, > Kamal. > > > On Mon, Sep 28, 2015 at 3:58 PM, Rémy Maucheratwrote: > >> 2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar < >> chandrakumarkamalakan...@gmail.com>: >> >>> Hi, >>> Please let me why there is no way to set Handler class or Future task >> is not returned for SSL handshake in SecureNIO2Channel. How to use those classes for >> writing client code ? This was working fine with NIO code (SecureNIOChannel). >>> >>> I don't understand. Can you clarify what is this handler you are talking >> about in the SecureNioChannel class ? >> >> Rémy >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: NIO2 SSL Handshake usage
On 28/09/2015 11:50, kamalakannan chandrakumar wrote: > I'm not talking about Handler classes in SecureNIOChannel. > It is for SecureNIO2Channel. Those are internal Tomcat classes. They are not designed for re-use outside of Tomcat. Mark > > Regards, > Kamal. > > > On Mon, Sep 28, 2015 at 3:58 PM, Rémy Maucheratwrote: > >> 2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar < >> chandrakumarkamalakan...@gmail.com>: >> >>> Hi, >>> Please let me why there is no way to set Handler class or Future task >> is not returned for SSL handshake in SecureNIO2Channel. How to use those classes for >> writing client code ? This was working fine with NIO code (SecureNIOChannel). >>> >>> I don't understand. Can you clarify what is this handler you are talking >> about in the SecureNioChannel class ? >> >> Rémy >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: NIO2 SSL Handshake usage
Thanks ! If it is not for external purpose, pl let me know which API should I look to use NIO2 SSL implementation. This is for testing java client code to communicate with server. Regards, Kamal. On Mon, Sep 28, 2015 at 4:49 PM, Mark Thomaswrote: > On 28/09/2015 12:16, kamalakannan chandrakumar wrote: > > Mark, > > > > Thanks! Just curious to know how it is used internally for NIO2. > > I understand that it is internal, but please let me know the details. > > Try reading the source code. > > There is no API to set the completion handler because that is handled > internally to the class. Look at handshakeReadCompletionHandler and > handshakeWriteCompletionHandler. > > Mark > > > > > > Regards, > > Kamal. > > > > On Mon, Sep 28, 2015 at 4:44 PM, Mark Thomas wrote: > > > >> On 28/09/2015 11:50, kamalakannan chandrakumar wrote: > >>> I'm not talking about Handler classes in SecureNIOChannel. > >>> It is for SecureNIO2Channel. > >> > >> Those are internal Tomcat classes. They are not designed for re-use > >> outside of Tomcat. > >> > >> Mark > >> > >>> > >>> Regards, > >>> Kamal. > >>> > >>> > >>> On Mon, Sep 28, 2015 at 3:58 PM, Rémy Maucherat > wrote: > >>> > 2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar < > chandrakumarkamalakan...@gmail.com>: > > > Hi, > > > >> > >> Please let me why there is no way to set Handler class or Future > task > is > >> not returned for > >> SSL handshake in SecureNIO2Channel. How to use those classes for > writing > >> client code ? > >> This was working fine with NIO code (SecureNIOChannel). > > > > I don't understand. Can you clarify what is this handler you are > >> talking > about in the SecureNioChannel class ? > > Rémy > > >>> > >> > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: NIO2 SSL Handshake usage
Mark, Thanks! Just curious to know how it is used internally for NIO2. I understand that it is internal, but please let me know the details. Regards, Kamal. On Mon, Sep 28, 2015 at 4:44 PM, Mark Thomaswrote: > On 28/09/2015 11:50, kamalakannan chandrakumar wrote: > > I'm not talking about Handler classes in SecureNIOChannel. > > It is for SecureNIO2Channel. > > Those are internal Tomcat classes. They are not designed for re-use > outside of Tomcat. > > Mark > > > > > Regards, > > Kamal. > > > > > > On Mon, Sep 28, 2015 at 3:58 PM, Rémy Maucherat wrote: > > > >> 2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar < > >> chandrakumarkamalakan...@gmail.com>: > >> > >>> Hi, > >>> > > Please let me why there is no way to set Handler class or Future task > >> is > not returned for > SSL handshake in SecureNIO2Channel. How to use those classes for > >> writing > client code ? > This was working fine with NIO code (SecureNIOChannel). > >>> > >>> I don't understand. Can you clarify what is this handler you are > talking > >> about in the SecureNioChannel class ? > >> > >> Rémy > >> > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: NIO2 SSL Handshake usage
On 28/09/2015 12:16, kamalakannan chandrakumar wrote: > Mark, > > Thanks! Just curious to know how it is used internally for NIO2. > I understand that it is internal, but please let me know the details. Try reading the source code. There is no API to set the completion handler because that is handled internally to the class. Look at handshakeReadCompletionHandler and handshakeWriteCompletionHandler. Mark > > Regards, > Kamal. > > On Mon, Sep 28, 2015 at 4:44 PM, Mark Thomaswrote: > >> On 28/09/2015 11:50, kamalakannan chandrakumar wrote: >>> I'm not talking about Handler classes in SecureNIOChannel. >>> It is for SecureNIO2Channel. >> >> Those are internal Tomcat classes. They are not designed for re-use >> outside of Tomcat. >> >> Mark >> >>> >>> Regards, >>> Kamal. >>> >>> >>> On Mon, Sep 28, 2015 at 3:58 PM, Rémy Maucherat wrote: >>> 2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar < chandrakumarkamalakan...@gmail.com>: > Hi, > >> >> Please let me why there is no way to set Handler class or Future task is >> not returned for >> SSL handshake in SecureNIO2Channel. How to use those classes for writing >> client code ? >> This was working fine with NIO code (SecureNIOChannel). > > I don't understand. Can you clarify what is this handler you are >> talking about in the SecureNioChannel class ? Rémy >>> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: NIO2 SSL Handshake usage
2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar < chandrakumarkamalakan...@gmail.com>: > Hi, > > > > > Please let me why there is no way to set Handler class or Future task is > > not returned for > > SSL handshake in SecureNIO2Channel. How to use those classes for writing > > client code ? > > This was working fine with NIO code (SecureNIOChannel). > > I don't understand. Can you clarify what is this handler you are talking about in the SecureNioChannel class ? Rémy
Re: NIO2 SSL Handshake usage
I'm not talking about Handler classes in SecureNIOChannel. It is for SecureNIO2Channel. Regards, Kamal. On Mon, Sep 28, 2015 at 3:58 PM, Rémy Maucheratwrote: > 2015-09-28 12:17 GMT+02:00 kamalakannan chandrakumar < > chandrakumarkamalakan...@gmail.com>: > > > Hi, > > > > > > > > Please let me why there is no way to set Handler class or Future task > is > > > not returned for > > > SSL handshake in SecureNIO2Channel. How to use those classes for > writing > > > client code ? > > > This was working fine with NIO code (SecureNIOChannel). > > > > I don't understand. Can you clarify what is this handler you are talking > about in the SecureNioChannel class ? > > Rémy >
Re: NIO2 SSL Handshake usage
Hi, > > Please let me why there is no way to set Handler class or Future task is > not returned for > SSL handshake in SecureNIO2Channel. How to use those classes for writing > client code ? > This was working fine with NIO code (SecureNIOChannel). > > Regards, > Kamal. > > > > > >
Re: Parallel Deployment: Can I request a specific webapp version?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Linus, On 9/28/15 2:37 AM, Linus Brimstedt wrote: > On 27 September 2015 at 23:55, Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> >> You have competing requirements: >> >> 1. All servers are the same >> > 2. Some subset users get a different version of the application >> > > All servers would have all versions of the app, thats the whole > point :) I.e. Instead of Server 1 - 3: App Version 001 Server 4 - > 6: App Version 002 > > I would have Server 1-6: App Version 001 + 002 > > Parallel deployment makes this possible and simple to use. Sure, you can push multiple versions of your application to all your servers, but the caveat is that all new users will be using the new application: you can't upgrade selected users (like your own QA testers, for instance). So this isn't an ideal solution, regardless of how simple it is. >> Sounds like they can't co-exist without some kind of compromise. >> We are offering one that works with currently-available >> software. >> > > Please elaborate We've already explained: 1. Upgrade some load-balanced nodes 2. wait (???) 3. Profit If you want your QA team to be able to use the new version of the application but none of your "real" users, then try something like this: 1. Remove N/f from your load-balancer and upgrade using parallel deplyment (N = # of nodes and f=some factor of nodes you want to use for testing) (Existing users will still see version V-1 while new users will see version V. The lb will not send new users to these servers, so nobody will see version V at all.) 2. Configure your QA team's browsers so that the lb allows them to go to the servers you have upgraded, and get version V 3. Proceed with testing 4. When you are satisfied, put the nodes from step #1 back into the lb normal rotation 5. Upgrade the remaining nodes whenever you feel comfortable This means that, for a time, not all servers are identical. But you do achieve your primary objective: blue/green production deployment with a private interstitial testing phase. Your prior use of parallel deployment did not meet your primary criterion: namely that it upgrades too many people at once. I think you have to decide which requirement is more important: the private testing phase (which my proposal achieves) or the consistent configuration of all servers (which your proposal achieves). I still believe your requirements are at odds with each other. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWCbxDAAoJEBzwKT+lPKRY1vsP/iu70XKXfhZVM4sTA+VsK220 keAIjTUESeSKCF3IZoOtMR/xaC+3rsgCGlVjtyS8JOOkQ5/nHvD+e3XktXL8WZo0 dvynCuFeLFBj89PY3pnDcYnr8AOxnbzlgvKC2dsvE1qKrII1/au9yz3juM2EpO5c x4avtBklG7/+8hU7sTjpykOK5/7pMXLv5KsmeX6mzoJJky9f5WXuZ6K20jKc7m2b zdjdgXG6hPvwoOh33ybO/vPPx0h0Ih6eflQqhqEblo2xb+XYWCeSTgMwrOR0nXWK LXZh2Yyyt7AIozvI1abp97m6kFB9KLSX9QRIb1EmiAnfnkQYCfhWpAPeUcc3ZV/h yh2h1qON8bCTeed97GWdpPu9o5l1l4EXIKgOk+iLV4rS0CjMQ/ybl6ePOrGApQs9 q7vncmX3V4fZGdYf1qXj7ME7RcgE7U+TwRuR40wPB8McU+BVtI3d/S4I5W+9DBF7 q9+B+EmZ1jCjrwzEot57TuYxM+oT8Lsykm43Esic3CeOxOBdp8phwe65AmZHTxJV IIhTOdFuwZzL/n2dZx0dNspjc54Df1dgPoGw0OBa8c8BHPBz8ImskLONBQHZwRvy ejwS00Pps7B/DeiquuZLOUilJo4UP5fS8NbpLPMt/5sBb4L9pgQRXs7jFwxQ0A1y b6nF/Y5moFILPkWAfuB8 =w+9s -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: NIO2 SSL Handshake usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kamal, On 9/28/15 7:47 AM, kamalakannan chandrakumar wrote: > Thanks ! If it is not for external purpose, pl let me know which > API should I look to use NIO2 SSL implementation. This is for > testing java client code to communicate with server. Are you trying to use an NIO2 client as a test against Tomcat? Or are you trying to test Tomcat's NIO2 connector, and you don't really care what the client is? ApacheBench ("ab") from the httpd project is a fairly good client, though it's got some threading issues which make it non-ideal. It is very easy to use, though. Apache JMeter is a great client, but requires more in the way of setup. If you want to use NIO2 for writing your own client, I you're going to have to adapt the code to meet your needs... probably by liberally stealing the code and not trying to use an "API" that Tomcat doesn't actually provide. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWCbpIAAoJEBzwKT+lPKRYZVcP/0S4QtCIqMzVu9I+spYHZOkJ gVsa+RAJ3/nF8T4W1o6K2qE+J84fAkblyH/GzdAdCXC79QNMwOOenqVYXKdlZeCx oA4QgaOUgGtGGKrtHW1tsBCKQYofK4INX68l+8SLMVEmDKroIsbz77xx9ZGFzuJc urqKSGtRLdP1QkYfcmVMn8sU123rEozQ4bujfxly6VR2x+i3Rm5MfjmnT5UUgY4z QxVyFfoYXRvG7bPLN+DhdHjqIOyPVqEckiHQw14rzrcT6c8HcYwRFwNZqMTerDWB 4IrEc+DwrPu5AbZkhv84qQwBw4+QoHZ9wZtABbYVuBbQTy4AhOst7O/T+k8wAWAU kNr9w+5f6oSeAOIzEmaBuDdAlm1qfmyHiYOyGTS97UKKh7Rk71xJdBQ7od/hPDYv Bq4LBeaTT1DGJEwiBu7781hHvNKxn7QjY2vpwe9R0Vyg1JqYnrSopaWGCDp48htm xVlV+sp1ZevnyhGIUXhwg7sh0UwDxYlZemcDfwYKJoKgwMWxDwMKG0K2HOKyxXpm pu+OPV72xQWykCB8OtufvEnnQ9FSquuJ6GYusqM71jCaERasoKKR2ZJv307s7P8k k7MyaE7TEgBuvp+VxGi12rO82Ksmyg+ErcWLbnutyKJHeBA9De4S09omTAYTqhRu gGo9L1iN7lfQWitjj5Qc =7Otz -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need help understanding support for Unix Domain Sockets in Tomcat 7.0.x
On 28.09.2015 18:09, Christopher Schultz wrote: ... Not sure on this, as AJP is quite handy. Expecialy load balancing java webapps and i find mod_jk quite good at this. Remember, it's not mod_jk doing the load-balancing, it's Apache httpd. mod_jk is simply providing the channel over which the proxying is being done. I don't think that's true. In the case of mod_proxy_ajp, it is mod_proxy and mod_proxy_balancer who do the load-balancing. But mod_proxy* are not used with mod_jk; it does its own balancing. In a thread on the dev list, I'm a little more defensive of AJP because of its ability to pass data out-of-band with respect to the tunneled HTTP message. There definitely is utility there. +1. Passing Apache httpd's "environment variables" for instance, becoming "request attributes" in Tomcat. ... - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org