Apache Tomcat 9.0.0-M4 and http/2 on Mac OS X 10.11.4
Hi, I am trying to get http/2 working on Mac OS X 10.11.4 - these are the steps I used: 1. Install Brew: http://brew.sh/ 2. Download Apache Tomcat 9 https://tomcat.apache.org/download-90.cgi 3. Download Xcode command line tools by opening the terminal and execute “xcode-select —install” 4. Download Xcode from the AppStore 5. Create a symlink for the xctoolchain: sudo ln -s /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain 6. Install APR and OPENSSL with “brew install openssl” and “brew install apr” 7. Install tomcat native by extracting bin/tomcat-native.tar.gz and run “./configure --with-ssl=/usr/local/Cellar/openssl/1.0.2g --prefix=/Applications/apache-tomcat-9.0.0.M4 --with-apr=/usr/local/Cellar/apr/1.5.2 && make && make install” in tomcat-native-1.2.5-src/native - see https://tomcat.apache.org/tomcat-9.0-doc/apr.html 8. export JAVA_OPTS=-Djava.library.path=/usr/local/apr/lib 9. Create pem files in conf folder: /usr/local/Cellar/openssl/1.0.2g/bin/openssl genrsa -des3 -out localhost-rsa-key 1024 /usr/local/Cellar/openssl/1.0.2g/bin/openssl genrsa -out localhost-key 1024 /usr/local/Cellar/openssl/1.0.2g/bin/openssl rsa -in localhost-rsa-key -out localhost-key /usr/local/Cellar/openssl/1.0.2g/bin/openssl req -new -key localhost-key -out localhost-csr /usr/local/Cellar/openssl/1.0.2g/bin/openssl x509 -req -days 365 -in localhost-csr -signkey localhost-key -out localhost-crt cat localhost-key localhost-crt > localhost-rsa-cert.pem cat localhost-rsa-cert.pem > localhost-rsa-chain.pem cat localhost-rsa-key > localhost-rsa-key.pem 10. Uncomment the http/2 connector in the server.xml I am currently facing those issues (out of the log): 02-Apr-2016 09:15:13.415 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/Applications/apache-tomcat-9.0.0.M4/temp 02-Apr-2016 09:15:13.415 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library 1.2.5 using APR version 1.4.8. 02-Apr-2016 09:15:13.415 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 02-Apr-2016 09:15:13.418 SEVERE [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform at org.apache.tomcat.jni.SSL.initialize(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:284) at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:136) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:94) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:401) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:104) at org.apache.catalina.startup.Catalina.load(Catalina.java:606) at org.apache.catalina.startup.Catalina.load(Catalina.java:629) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494) 02-Apr-2016 09:15:13.655 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"] 02-Apr-2016 09:15:13.683 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read 02-Apr-2016 09:15:13.686 INFO [main] org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The ["https-apr-8443"] connector has been configured to support negotiation to [h2] via ALPN 02-Apr-2016 09:15:13.686 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-apr-8443"] 02-Apr-2016 09:15:13.706 WARNING [main] org.apache.tomcat.util.net.openssl.OpenSSLEngine. Failed getting cipher list java.lang.Exception: Not implemented at org.apache.tomcat.jni.SSL.newSSL(Native Method) at org.apache.tomcat.util.net.openssl.OpenSSLEngine.(OpenSSLEngine.java:81) at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:363) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:798) at
Re: Monitoring Tomcat
Anthony, On 3/31/16 8:56 PM, Anthony Biacco wrote: > On Wed, Mar 30, 2016 at 5:23 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> Anthony, >> >> On 3/30/16 6:08 PM, Anthony Biacco wrote: >>> On Wed, Mar 30, 2016 at 9:13 AM, Christopher Schultz < >>> ch...@christopherschultz.net> wrote: >>> >>> Edwin, >>> >>> >>> For my money, I wouldn't enable JMX because, for monitoring, JMX is a >>> heavy-handed protocol: you either have to maintain a persistent >>> connection to the server or you need to launch a whole JVM and connect >>> over JMX to get e.g. a single sample value (such as current throughput). >>> >>> I would recommend enabling the JMXProxyServlet through the manager >>> application, and then locking-down the manager application so you can >>> only access it from localhost. Also use a non-trivial password for >>> HTTP authentication for the manager. >>> >>> +1 i was using the jmxquery jar pulled from nagios and was slooow compared >> to the manager's jmxproxy (as would be expected). i just used the the perl script from https://wiki.apache.org/tomcat/FAQ/Monitoring and assigned a user to >> the manager-jmx security role in tomcat. >> >> Nice to see someone else is using it ;) >> >> Feel free to contribute to it or just complain about anything you need. >> I'd like for that tool to be widely-useful. I use it a lot at $work, but >> it should be universally useful. >> >> -chris >> > > I only changed some minor things. > I removed the requirement for the -w and -c parameters, because i didn't > need them. I just wanted the data. Sure I could have have just put in bogus > values for them on the command line, but it just cluttered it up. Gotcha. > One problem i have is with returned data that's a number with a decimal in > it (like 'OK - Attribute get 'java.lang:type=OperatingSystem' - > ProcessCpuLoad = 0.009808796275369524'). It returned a Bad Response because > $num was null. I tried a different regex for it, but i'm not very good with > regex. :D > I ended up just doing a "split ' = ', $content" to get the number. What regular expression did you try? How about this one: ^OK.*=\s*([0-9.]+)$ -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
