Re: tomcat 7.0.40 - http sessions not expiring

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Stephen,

On 6/3/16 8:47 PM, Stephen Bhadran wrote:
> *Linux version:*  2.6.32-279.5.2.el6.x86_64 ( 
> mockbu...@c6b10.bsys.dev.centos.org) (gcc version 4.4.6 20120305
> (Red Hat 4.4.6-4) (GCC) ) *Java Version:  *1.7.0_55 *Tomcat
> Version: *7.0.40 *Session Timeout: *30 minutes
> 
> Hi, Two of our servers reached max heap and we had to restart to
> resolve the issue.
> 
> In troubleshooting, we noticed Http Sessions had stopped expiring
> 05/12th and reached 25K over a period of 11 days. I noticed the
> same behavior in both servers, the session expiration seem to have
> stopped on both of them around the same time. I'm saying this
> because from looking at the monitoring graphs (NewRelic) I notice
> the http sessions starting to climb on both servers around the same
> time frame.
> 
> I am thinking, the issue could be two folds: #1 - The session
> expiration stopped working -OR #2 - The sessions themselves were
> created with TTLs way into the future
> 
> I suspected #1. I looked that tomcat 7.0.40 source code, extracted
> all session/manager error messages and searched for them in the
> logs and didn't find any hits. I was hoping to find something about
> "Session expiration stopped working", but didn't find any.
> 
> Can you please advise how to troubleshoot this issue? I'd very
> much appreciate the help.

Were there any errors around the 12th? I've found that in rare cases,
the server hits an OOME while the BackgroundProcessor thread is
running, which kills the BackgroundProcessor.

Guess which thread is responsible for triggering the session-cleaner?

If the BackgroundProcessor died, it should have dumped an error to a
log file. As I said, it's pretty rare, but it does happen and then
it's only a matter of time before your sessions bust your heap.

You can manually-trigger the session-cleaner via JMX of you absolutely
have to, but I'd personally prefer to bounce a Tomcat instance in that
case.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXUid5AAoJEBzwKT+lPKRYJfYQAKA2ditjB7B2vLbm0po83Tr0
YD2EjqLBrF4O/3Wu6enIDRAQEIGgXmTr2bgPlMvu+6aoDopiCSKltRxWQFlTMyIP
8ura/0YlS5sX3yGPPKN5nrZnOz2dvrgPncHLNVfuM9BEm+8QZPeKNZVDhMH53m1v
4YcLCM5IjswAS4FrVeG9A0gcZplBd53WUuypnRYQMUcS1sACdItoZ3TLAwb/WBg/
T9yoyftEXJVtP6lovkaWka3yw3v382P6HmSV6/TtCWjogB/tBdCsEPmGEQ0j7k8y
9dLmmTBawDdckaxiGf1M1M/5R+f7XqU4e02Dnhk9v4umysmu5EH+VQFO4kfi5qX+
DvaoS13lluyN1LGMyuwHkYFHXxlgZhR/XAW9Cn/0D/NDCQks6lHG9Sby+T/kvLSO
YNSBV78SX9wsJ/fH9MxrcTarxyUYsxnHdNkcarkmcrQIkhda/vBXQobXpYVL9poR
HmxNGNOujCTojqPJzlpgAaUVUq6pEUcN3u1vkCqXNQGVo983PHz2JhfEBGYihKBk
icbuFxfIy2Dv6KwuPPMV9Y7nVRNVBrVEpieZuAc7Sj9/U3kUgPUznUSbRFUCnGd1
YI/kq9rn/qj/aqhaJdMF0Ci4+ieJMorKNUE1PWOjbnya8XoyBxXfPd5iV6n7elEw
V6qNyO6n46isrAiVEu5c
=MyIX
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

tomcat 7.0.40 - http sessions not expiring

[Stephen Bhadran]

*Linux version:*  2.6.32-279.5.2.el6.x86_64 (
mockbu...@c6b10.bsys.dev.centos.org) (gcc version 4.4.6 20120305 (Red Hat
4.4.6-4) (GCC) )
*Java Version:  *1.7.0_55
*Tomcat Version: *7.0.40
*Session Timeout: *30 minutes

Hi,
Two of our servers reached max heap and we had to restart to resolve the
issue.

In troubleshooting, we noticed Http Sessions had stopped expiring 05/12th
and reached 25K over a period of 11 days. I noticed the same behavior in
both servers, the session expiration seem to have stopped on both of them
around the same time. I'm saying this because from looking at the
monitoring graphs (NewRelic) I notice the http sessions starting to climb
on both servers around the same time frame.

I am thinking, the issue could be two folds:
#1 - The session expiration stopped working -OR
#2 - The sessions themselves were created with TTLs way into the future

I suspected #1. I looked that tomcat 7.0.40 source code, extracted all
session/manager error messages and searched for them in the logs and didn't
find any hits. I was hoping to find something about "Session expiration
stopped working", but didn't find any.

Can you please advise how to troubleshoot this issue? I'd very much
appreciate the help.

thanks,
Stephen

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

[Hardibo Pierre-Jean]

there's the tuto :
https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
use sha2 root and intermediate and for the last use my_certificate
here's the repo :

https://certs.godaddy.com/repository/

Le 04/06/2016 00:18, Hardibo Pierre-Jean a écrit :
gdig2.crt is intermediate my_certificate must be the last to configure 
so i think bundle may be the root.




Le 04/06/2016 00:13, Conor Skyler a écrit :

Hello Pierre,

Yes, I contacted the technical support at GoDaddy and then basically 
told

me that I'm on my own and that I should find someone that knows how to
handle the configuration -- that's all the aid they gave me.

I think that there two separate problems here.
First one, the mismatch between the files I receive zipped and the ones
referred in the website when it reads:

"The file names for your root and intermediate certificates depend on 
your

signature algorithm.

- SHA-1 root certificate: gd_class2_root.crt
- SHA-2 root certificate: gdroot-g2.crt
- SHA-1 intermediate certificate: gd.intermediate.crt
- SHA-2 intermediate certificate: gdig2.crt
- (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt"

But the files I get when I unzip the downloaded archive are:

my_certificate.crt
gd_bundle-g2-g1.crt
gdig2.crt

So first thing here is that I don't how to use them when following the
instructions stated on the site (the only one I can identify is
my_certificate.crt).

With the second issue my guess is that it might be related to the 
KeyStore

file not holding the private key:
I wasn't given the original tomcat.keystore file (following the 
example on
GoDaddy's website) so here I'm starting from the scratch, generating 
a new

KeyStore.
What I have though is a PEM file from the person I presume the .csr 
request
file; is there a way to add it to the KeyStore file I create when 
following

the instructions on GoDaddy's site?

Thank you very much for stepping in!
-Conor



On Fri, Jun 3, 2016 at 6:09 PM, Hardibo Pierre-Jean 


wrote:


there's all here no ?

https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 



Le 03/06/2016 22:37, Conor Skyler a écrit :


Hi again,

At this point I don't know what else to try: I carefully gone 
through the

process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by
GoDaddy
doesn't match the certificates you download)  but the result was 
the same

as before, it didn't work.

Early today I found this post in StackOverflow:

http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr 

which somehow brought some hope to me as the title states literally 
the

issue I'm having: '

http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt 


'

Sadly after trying everything what's shown there and reading tons 
of stuff

I still can't make the KeyStore work with my Tomcat server.

Any help will be greatly appreciated.
-Conor



On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler 
wrote:

Hi Daniel,

Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.

Warm regards,
-Conor


On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa 
wrote:

On Mon, May 30, 2016 at 11:26 PM, Conor Skyler 


wrote:

Hello list,
I'm trying to install the certificates I bought from GoDaddy 
into my



Tomcat


server, however so far I've been unsuccessful to achieve this.

My system specs are:
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)

To install the certificates I followed this tutorial from GoDaddy


website:



https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 



which explains how to create a KeyStore and configure the 


in
the server.xml file.

Follow these instructions.


Now, judging from the official Tomcat documentation in

https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated


that I


first need to conver the .crt files provided by GoDaddy to PKCS12


format --


I wonder then why the instructions in GoDaddy's website state other


thing!
There's more than one way to do this.  If you started out by 
following

the
GoDaddy instructions to generate your CSR, then continue to 
follow them

to
import your signed certificate.


But then I read this piece of documentation that left me completely

bewildered:
To import an existing certificate signed by your own CA into a 
PKCS12

keystore using OpenSSL you would execute a command like:

openssl pkcs12 -export -in mycert.crt -inkey mykey.key
 -out mycert.p12 -name tomcat 

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

[Hardibo Pierre-Jean]

gdig2.crt is intermediate my_certificate must be the last to configure so i 
think bundle may be the root.



Le 04/06/2016 00:13, Conor Skyler a écrit :

Hello Pierre,

Yes, I contacted the technical support at GoDaddy and then basically told
me that I'm on my own and that I should find someone that knows how to
handle the configuration -- that's all the aid they gave me.

I think that there two separate problems here.
First one, the mismatch between the files I receive zipped and the ones
referred in the website when it reads:

"The file names for your root and intermediate certificates depend on your
signature algorithm.

- SHA-1 root certificate: gd_class2_root.crt
- SHA-2 root certificate: gdroot-g2.crt
- SHA-1 intermediate certificate: gd.intermediate.crt
- SHA-2 intermediate certificate: gdig2.crt
- (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt"

But the files I get when I unzip the downloaded archive are:

my_certificate.crt
gd_bundle-g2-g1.crt
gdig2.crt

So first thing here is that I don't how to use them when following the
instructions stated on the site (the only one I can identify is
my_certificate.crt).

With the second issue my guess is that it might be related to the KeyStore
file not holding the private key:
I wasn't given the original tomcat.keystore file (following the example on
GoDaddy's website) so here I'm starting from the scratch, generating a new
KeyStore.
What I have though is a PEM file from the person I presume the .csr request
file; is there a way to add it to the KeyStore file I create when following
the instructions on GoDaddy's site?

Thank you very much for stepping in!
-Conor



On Fri, Jun 3, 2016 at 6:09 PM, Hardibo Pierre-Jean 
wrote:


there's all here no ?

https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239

Le 03/06/2016 22:37, Conor Skyler a écrit :


Hi again,

At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by
GoDaddy
doesn't match the certificates you download)  but the result was the same
as before, it didn't work.

Early today I found this post in StackOverflow:

http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
which somehow brought some hope to me as the title states literally the
issue I'm having: '

http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
'

Sadly after trying everything what's shown there and reading tons of stuff
I still can't make the KeyStore work with my Tomcat server.

Any help will be greatly appreciated.
-Conor



On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler 
wrote:

Hi Daniel,

Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.

Warm regards,
-Conor


On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa 
wrote:

On Mon, May 30, 2016 at 11:26 PM, Conor Skyler 

wrote:

Hello list,

I'm trying to install the certificates I bought from GoDaddy into my


Tomcat


server, however so far I've been unsuccessful to achieve this.

My system specs are:
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)

To install the certificates I followed this tutorial from GoDaddy


website:




https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239


which explains how to create a KeyStore and configure the 
in
the server.xml file.

Follow these instructions.


Now, judging from the official Tomcat documentation in

https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated


that I


first need to conver the .crt files provided by GoDaddy to PKCS12


format --


I wonder then why the instructions in GoDaddy's website state other


thing!
There's more than one way to do this.  If you started out by following
the
GoDaddy instructions to generate your CSR, then continue to follow them
to
import your signed certificate.


But then I read this piece of documentation that left me completely

bewildered:
To import an existing certificate signed by your own CA into a PKCS12
keystore using OpenSSL you would execute a command like:

openssl pkcs12 -export -in mycert.crt -inkey mykey.key
 -out mycert.p12 -name tomcat -CAfile myCA.crt
 -caname root -chain

In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of 

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

[Conor Skyler]

Hello Pierre,

Yes, I contacted the technical support at GoDaddy and then basically told
me that I'm on my own and that I should find someone that knows how to
handle the configuration -- that's all the aid they gave me.

I think that there two separate problems here.
First one, the mismatch between the files I receive zipped and the ones
referred in the website when it reads:

"The file names for your root and intermediate certificates depend on your
signature algorithm.

   - SHA-1 root certificate: gd_class2_root.crt
   - SHA-2 root certificate: gdroot-g2.crt
   - SHA-1 intermediate certificate: gd.intermediate.crt
   - SHA-2 intermediate certificate: gdig2.crt
   - (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt"

But the files I get when I unzip the downloaded archive are:

my_certificate.crt
gd_bundle-g2-g1.crt
gdig2.crt

So first thing here is that I don't how to use them when following the
instructions stated on the site (the only one I can identify is
my_certificate.crt).

With the second issue my guess is that it might be related to the KeyStore
file not holding the private key:
I wasn't given the original tomcat.keystore file (following the example on
GoDaddy's website) so here I'm starting from the scratch, generating a new
KeyStore.
What I have though is a PEM file from the person I presume the .csr request
file; is there a way to add it to the KeyStore file I create when following
the instructions on GoDaddy's site?

Thank you very much for stepping in!
-Conor



On Fri, Jun 3, 2016 at 6:09 PM, Hardibo Pierre-Jean 
wrote:

> there's all here no ?
>
> https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>
> Le 03/06/2016 22:37, Conor Skyler a écrit :
>
>> Hi again,
>>
>> At this point I don't know what else to try: I carefully gone through the
>> process stated at GoDaddy's website once again trying different
>> combinations with the certificates (as the instructions provided by
>> GoDaddy
>> doesn't match the certificates you download)  but the result was the same
>> as before, it didn't work.
>>
>> Early today I found this post in StackOverflow:
>>
>> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
>> which somehow brought some hope to me as the title states literally the
>> issue I'm having: '
>>
>> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
>> '
>>
>> Sadly after trying everything what's shown there and reading tons of stuff
>> I still can't make the KeyStore work with my Tomcat server.
>>
>> Any help will be greatly appreciated.
>> -Conor
>>
>>
>>
>> On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler 
>> wrote:
>>
>> Hi Daniel,
>>>
>>> Thank you very much for stepping in, I’m processing a new set of
>>> certificates that I hope to try tomorrow.
>>>
>>> Warm regards,
>>> -Conor
>>>
>>>
>>> On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa 
>>> wrote:
>>>
>>> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler 
 wrote:

 Hello list,
>
> I'm trying to install the certificates I bought from GoDaddy into my
>
 Tomcat

> server, however so far I've been unsuccessful to achieve this.
>
> My system specs are:
> OS: Amazon Linux (fully updated)
> Tomcat version: 8.0.32, installed from the repos
> Java version: $ java -version
> openjdk version "1.8.0_91"
> OpenJDK Runtime Environment (build 1.8.0_91-b14)
> OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
>
> To install the certificates I followed this tutorial from GoDaddy
>
 website:

>
>
 https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239

> which explains how to create a KeyStore and configure the 
> in
> the server.xml file.
>
> Follow these instructions.


 Now, judging from the official Tomcat documentation in
> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
>
 that I

> first need to conver the .crt files provided by GoDaddy to PKCS12
>
 format --

> I wonder then why the instructions in GoDaddy's website state other
>
 thing!
 There's more than one way to do this.  If you started out by following
 the
 GoDaddy instructions to generate your CSR, then continue to follow them
 to
 import your signed certificate.


 But then I read this piece of documentation that left me completely
> bewildered:
> To import an existing certificate signed by your own CA into a PKCS12
> keystore using OpenSSL you would execute a command like:
>
> openssl pkcs12 -export -in mycert.crt -inkey mykey.key
> -out mycert.p12 -name tomcat -CAfile myCA.crt
> 

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

[Hardibo Pierre-Jean]

there's all here no ?
https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239

Le 03/06/2016 22:37, Conor Skyler a écrit :

Hi again,

At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by GoDaddy
doesn't match the certificates you download)  but the result was the same
as before, it didn't work.

Early today I found this post in StackOverflow:
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
which somehow brought some hope to me as the title states literally the
issue I'm having: '
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
'

Sadly after trying everything what's shown there and reading tons of stuff
I still can't make the KeyStore work with my Tomcat server.

Any help will be greatly appreciated.
-Conor



On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler  wrote:


Hi Daniel,

Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.

Warm regards,
-Conor


On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa  wrote:


On Mon, May 30, 2016 at 11:26 PM, Conor Skyler 
wrote:


Hello list,

I'm trying to install the certificates I bought from GoDaddy into my

Tomcat

server, however so far I've been unsuccessful to achieve this.

My system specs are:
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)

To install the certificates I followed this tutorial from GoDaddy

website:



https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239

which explains how to create a KeyStore and configure the  in
the server.xml file.


Follow these instructions.



Now, judging from the official Tomcat documentation in
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated

that I

first need to conver the .crt files provided by GoDaddy to PKCS12

format --

I wonder then why the instructions in GoDaddy's website state other

thing!
There's more than one way to do this.  If you started out by following the
GoDaddy instructions to generate your CSR, then continue to follow them to
import your signed certificate.



But then I read this piece of documentation that left me completely
bewildered:
To import an existing certificate signed by your own CA into a PKCS12
keystore using OpenSSL you would execute a command like:

openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain

In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.


This has to do with the way that you generated the CSR.  The GoDaddy
instructions have you using keytool and a keystore.  In this case, your
private key will exist in the keystore, so you won't have a .key file and
that's OK.



I tried contacting their support and well, they weren't any helpful at
all, they pointed me to the repository where all the certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(

Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.


Follow the GoDaddy instructions.  They should work.  If you get stuck on a
specific step, let us know.

Dan



What I'm not sure though is what part or steps I'm missing, I believe
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.

Thank you very much for taking the time to read this n00b's help scream.

Best regards,
-Conor






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

AW: AW: AW: How to cancel download on the server side

[Steffen Heil (Mailinglisten)]

Hi


>  throw new ServletException();

That was the difference. I threw a IllegalStateException(), so tomcat sent 
"0\r\n".
I changed my code to throw a ServletException() and now it works.
Thanks for that.


One very little thing left: Is there a way to suppress the logged exception:
Jun 03, 2016 11:00:18 PM org.apache.catalina.core.StandardWrapperValve invoke
SCHWERWIEGEND: Servlet.service() for servlet [Stream] in context with path [] 
threw exception [null] with root cause
javax.servlet.ServletException
...
at com.osiris4.http.servlets.Stream.doRequest(Stream.java:36)
at com.osiris4.http.servlets.Base.service(Base.java:36)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at 
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
at 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
at 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673)
at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1526)
at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1482)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

BTW: Why does it say "exception [null]"?


As I regard closing a connection a valid result of processing a request, I 
would have expected a way to cleanly terminate a connection without logging a 
severe exception.


Regards,
   Steffen



smime.p7s
Description: S/MIME cryptographic signature

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

[Hardibo Pierre-Jean]

godaddy didn't give you instructions ?

Le 03/06/2016 22:37, Conor Skyler a écrit :

Hi again,

At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by GoDaddy
doesn't match the certificates you download)  but the result was the same
as before, it didn't work.

Early today I found this post in StackOverflow:
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
which somehow brought some hope to me as the title states literally the
issue I'm having: '
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
'

Sadly after trying everything what's shown there and reading tons of stuff
I still can't make the KeyStore work with my Tomcat server.

Any help will be greatly appreciated.
-Conor



On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler  wrote:


Hi Daniel,

Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.

Warm regards,
-Conor


On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa  wrote:


On Mon, May 30, 2016 at 11:26 PM, Conor Skyler 
wrote:


Hello list,

I'm trying to install the certificates I bought from GoDaddy into my

Tomcat

server, however so far I've been unsuccessful to achieve this.

My system specs are:
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)

To install the certificates I followed this tutorial from GoDaddy

website:



https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239

which explains how to create a KeyStore and configure the  in
the server.xml file.


Follow these instructions.



Now, judging from the official Tomcat documentation in
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated

that I

first need to conver the .crt files provided by GoDaddy to PKCS12

format --

I wonder then why the instructions in GoDaddy's website state other

thing!
There's more than one way to do this.  If you started out by following the
GoDaddy instructions to generate your CSR, then continue to follow them to
import your signed certificate.



But then I read this piece of documentation that left me completely
bewildered:
To import an existing certificate signed by your own CA into a PKCS12
keystore using OpenSSL you would execute a command like:

openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain

In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.


This has to do with the way that you generated the CSR.  The GoDaddy
instructions have you using keytool and a keystore.  In this case, your
private key will exist in the keystore, so you won't have a .key file and
that's OK.



I tried contacting their support and well, they weren't any helpful at
all, they pointed me to the repository where all the certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(

Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.


Follow the GoDaddy instructions.  They should work.  If you get stuck on a
specific step, let us know.

Dan



What I'm not sure though is what part or steps I'm missing, I believe
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.

Thank you very much for taking the time to read this n00b's help scream.

Best regards,
-Conor






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)

[Conor Skyler]

Hi again,

At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by GoDaddy
doesn't match the certificates you download)  but the result was the same
as before, it didn't work.

Early today I found this post in StackOverflow:
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
which somehow brought some hope to me as the title states literally the
issue I'm having: '
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
'

Sadly after trying everything what's shown there and reading tons of stuff
I still can't make the KeyStore work with my Tomcat server.

Any help will be greatly appreciated.
-Conor



On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler  wrote:

> Hi Daniel,
>
> Thank you very much for stepping in, I’m processing a new set of
> certificates that I hope to try tomorrow.
>
> Warm regards,
> -Conor
>
>
> On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa  wrote:
>
>> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler 
>> wrote:
>>
>> > Hello list,
>> >
>> > I'm trying to install the certificates I bought from GoDaddy into my
>> Tomcat
>> > server, however so far I've been unsuccessful to achieve this.
>> >
>> > My system specs are:
>> > OS: Amazon Linux (fully updated)
>> > Tomcat version: 8.0.32, installed from the repos
>> > Java version: $ java -version
>> > openjdk version "1.8.0_91"
>> > OpenJDK Runtime Environment (build 1.8.0_91-b14)
>> > OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
>> >
>> > To install the certificates I followed this tutorial from GoDaddy
>> website:
>> >
>> >
>> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>> > which explains how to create a KeyStore and configure the  in
>> > the server.xml file.
>> >
>>
>> Follow these instructions.
>>
>>
>> >
>> > Now, judging from the official Tomcat documentation in
>> > https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
>> that I
>> > first need to conver the .crt files provided by GoDaddy to PKCS12
>> format --
>> > I wonder then why the instructions in GoDaddy's website state other
>> thing!
>> >
>>
>> There's more than one way to do this.  If you started out by following the
>> GoDaddy instructions to generate your CSR, then continue to follow them to
>> import your signed certificate.
>>
>>
>> >
>> > But then I read this piece of documentation that left me completely
>> > bewildered:
>> > To import an existing certificate signed by your own CA into a PKCS12
>> > keystore using OpenSSL you would execute a command like:
>> >
>> > openssl pkcs12 -export -in mycert.crt -inkey mykey.key
>> >-out mycert.p12 -name tomcat -CAfile myCA.crt
>> >-caname root -chain
>> >
>> > In this example there's a reference to a 'mykey.key' file that I don't
>> > have a clue how to obtain it or from where it comes since when I
>> > download the certificates provided by GoDaddy, there's no such .key
>> > file: I can download several different types of certificates in .crt
>> > format but there isn't any .key file to download.
>> >
>>
>> This has to do with the way that you generated the CSR.  The GoDaddy
>> instructions have you using keytool and a keystore.  In this case, your
>> private key will exist in the keystore, so you won't have a .key file and
>> that's OK.
>>
>>
>> >
>> > I tried contacting their support and well, they weren't any helpful at
>> > all, they pointed me to the repository where all the certificates are
>> > stored and told me to 'find someone that knows how to handle them' --
>> > thanks for nothing :(
>> >
>> > Finally I want to say that I have Tomcat running smooth at port 8080,
>> > I even configured an administrator user to access the status page
>> > which works perfectly, my problem is that I just can't find how to
>> > properly install and configure the SSL.
>> >
>>
>> Follow the GoDaddy instructions.  They should work.  If you get stuck on a
>> specific step, let us know.
>>
>> Dan
>>
>>
>> >
>> > What I'm not sure though is what part or steps I'm missing, I believe
>> > this has to be much more simpler that it's been so far for me but
>> > seriously I can't wrap my mind around it.
>> >
>> > Thank you very much for taking the time to read this n00b's help scream.
>> >
>> > Best regards,
>> > -Conor
>> >
>>
>
>

Re: memory-leak in org.apache.jasper.compiler.Mark|Node$TemplateText

[Mark Thomas]

On 03/06/2016 17:14, devz...@web.de wrote:

You are NOT observing a memory leak.



> Regardless we have set "development" to true or false in
> conf/web.xml, , whenever i recursively crawl our website with wget
> (cleaning work dir before to make sure each page is being compiled
> again), i can easily trigger an out-of-memory condition in the JVM.
> When development=false, then i cannot trigger it when i did
> re-compile every jsp in several steps (with restarting tomcat).

You are not correctly configuring development to false. I have confirmed
the expected behaviour with a profiler when development is  set to false.

> With VisualVM (part of jdk) i found that after wget -r crawl, there
> are 13 million instances of the following classes:
> 
> org.apache.jasper.compiler.Mark 
> org.apache.jasper.compiler.Node$TemplateText

That will only happen if development is true.

> My understanding from a compile run is, that it`s something which is
> done once and then it`s ready and done and nothing is left in
> memory.

That is not the case when development is false. The results of the
parsing are retaining in memory to aid the generation of useful error
reports.

> We have some ten-thousands JSPs, i`m not sure how many being crawled
> with wget, but i don`t get the point why i see ressources being
> allocated from org.apache.jasper.compiler and not being freed after
> compile run.
> 
> Does anybody have a clue ? Is this to be expected, and if yes - why
> ?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: minSpareThreads for AJP connector

[Anthony Biacco]

On Tue, May 31, 2016 at 11:44 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Anthony,
>
> On 5/27/16 3:54 PM, Anthony Biacco wrote:
> > On Fri, May 27, 2016 at 7:34 AM, Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > Tony,
> >
> > On 5/26/16 4:22 PM, Anthony Biacco wrote:
>  On Thu, May 26, 2016 at 2:19 PM, Anthony Biacco
>   wrote:
> 
> > I have this property set under 8.0.35, but it only hits the
> > value I set when i make that many requests. Should it not
> > allocate threads of the value I set on startup?
> >
> >
>  btw, i'm using org.apache.coyote.ajp.AjpNioProtocol
> >
> > Can you post your complete Connector configuration?
> >
> >
> >> Sure..
> >
> >>  >> protocol="org.apache.coyote.ajp.AjpNioProtocol" maxThreads="400"
> >> backlog="25" maxPostSize="4194304" enableLookups="false"
> >> connectionTimeout="12" keepAliveTimeout="1"
> >> redirectPort="8443" acceptorThreadCount="2"
> >> pollerThreadCount="2" processorCache="400" minSpareThreads="25"
> >> useComet="false" />
>
> You should:
>
> 1. Use an  instead of specifying your threading config in
> 
> 2. Set prestartminSpareThreads="true" on your 
>
> I think you'll get the behavior you are expecting.
>
>
So this worked well, except now, under my consistent load, the threads in
the executor don't time out after their set idle time (maxIdleTime="6").
If i run a load test, they do after the test finishes, so i'm assuming it's
FIFO based.
If it is, then my threads will likely never idle out. Maybe we should have
an option to make this LIFO?

-Tony




> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJXTc1tAAoJEBzwKT+lPKRYMpsQAIm5jmGuNFEbhQOLqQYWvquy
> WglEnM4QGsquyAU5Mfb5qsds9uu7f81c0CIw7M1fT76kvC8xC9aaTxAk8qSG+TTR
> FN+UiNr91IfyKHdq/qoOjxHbtISLhlE1IA7/Z3AQdtZ+Rvf3TioFULEVgZryt9Wo
> e1GioN5plkkYJlf4dxYpBXpfProuwsKDMsmISXAjPSZM8IzYggO2axBoKxIx2JHL
> /rkY6zZPhgaf6NWhEoFB0a/+Pfbug5eodPS93ph57BYxHOCCfGiRQ9kpua/k9rIh
> OKauwZefuSV2MxtMr40A6ckfMSkeW/4fq73JSvZFuGiTe7Yuij85lIPR9s7BCaON
> XH/tMJScecTcmREN5Ki+GMGfnssihlfUu78zw/DVFlIwkZQIoG7VqBUBVKJ6pboo
> AJjzZGkogskEK/ailaeRY/jITNfsGbxVHxE7qqhOaBOfWXRipxHeu4e08FFToLxv
> OWgUmcyB4bOzz8d3XXbl/NtIyY4wNl0SNywalW527r/uv86cUTtBBKEuMmJXVjt5
> Z7MLigAk5SvPaUtv2iP2ddmp1GTxcUXbjUJrpM20pKlyPum1bUysxX4I3mwdYNJ4
> EboTSZeiDq/eCbutoKb8Gk8yZ8c35/3utqmp88xNksmGrDxy17WplUf4tvcWhX/f
> Kb+DU9C1eBH78TNfhjKP
> =NNCM
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

memory-leak in org.apache.jasper.compiler.Mark|Node$TemplateText

[devzero]

hi, 

we have a problem with our website for a while.

I tracked it down to a memory-ressource-issue due to memory-requirements for 
compiling.

We can throw memory at the problem to circumvent it, but it looks weird to me.

Regardless we have set "development" to true or false in conf/web.xml, , 
whenever i recursively crawl our website with wget (cleaning work dir before to 
make sure each page is being compiled again), i can easily trigger an 
out-of-memory condition in the JVM. When development=false, then i cannot 
trigger it when i did re-compile every jsp in several steps (with restarting 
tomcat).

With VisualVM (part of jdk) i found that after wget -r crawl, there are 13 
million instances of the following classes: 

org.apache.jasper.compiler.Mark
org.apache.jasper.compiler.Node$TemplateText

My understanding from a compile run is, that it`s something which is done once 
and then it`s ready and done and nothing is left in memory.

We have some ten-thousands JSPs, i`m not sure how many being crawled with wget, 
but i don`t get the point why i see ressources being allocated from 
org.apache.jasper.compiler and not being freed after compile run.

Does anybody have a clue ? Is this to be expected, and if yes - why ?

Maybe the following bugreport is interesting in this context:

https://bz.apache.org/bugzilla/show_bug.cgi?id=44383

regards
Roland

ps:
Tomcat 7.0.42 and 8.0.32

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Clustering and Context Container setup

[Daniel Savard]

Hi everyone,

I am reviewing a clustering implementation I have done and after reading
the documentation for Tomcat 8, which is the version I am using (8.0.35 +
Oracle JDK1.8.0_92) I ran into the distributable attribute.

I saw in my configuration the distributable="true" attribute is set at the
Context container definition level rather than having a 
element in the web.xml of each web application in the cluster.

I cannot find this attribute documented in the Context container
documentation. Is it an omission or the attribute is deprecated or what?

I also saw in this documentation page:
http://tomcat.apache.org/tomcat-8.0-doc/config/cluster.html

The Context element should specify the
className="org.apache.catalina.ha.context.ReplicatedContext" in order to
enable the Context replication.

I am wondering if distributable="true" is equivalent to setting the
className to the value above or not? If not, what is the difference? I am
asking, because I did not set the className to this value and so far, it
seems to work.

What is the proper way with Tomcat 8 to setup the Context for clustering?

I also saw the sample configuration in the Clustering HOWTO documentation (
http://tomcat.apache.org/tomcat-8.0-doc/cluster-howto.html) and the
Interceptor MessageDispatch15Interceptor defined in this document is
deprecated and MessageDispatchInterceptor should be used instead. Which
make me doubt if this documentation is accurate or not. I found the
deprecated class while searching for the different values for
channelSendOptions.

Here:
http://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/tribes/group/interceptors/MessageDispatch15Interceptor.html

So, a little clarification would be appreciated.

Regards,
-
Daniel Savard

Re: AW: AW: How to cancel download on the server side

[Mark Thomas]

On 03/06/2016 15:14, Mark Thomas wrote:
> On 01/06/2016 23:08, Steffen Heil (Mailinglisten) wrote:
 That's another story.
 I tried that. And the internet explorer as well as curl report an error, 
 if the download stops without the ending 0\r\n.

 But I had to set "Connection: close" and "Transfer-Encoding: chunked" 
 myself and encode the chunk headers myself.
 If I leave these two headers out, tomcat managed the transfer-encoding (as 
 I set no Content-Length header) which I would prefer.
 However then I find no way to close the connection. If I call "close()" on 
 the OutputStream tomcat sends 0\r\n.
 Even if I throw an exception, tomcat "correctly" closes the stream.
 I did not find any way to close it without that.

 Is there any way to do so?
>>>
>>> Tomcat version?
>>
>> 8.0.26
> 
> There was a change back in 8.0.9 that I thought addressed this. I need
> to do a little digging.

OK. I've confirmed that the fix back in 8.0.9 did what I thought it did
with a simple test.

The GET method of my test Servlet looks like this:

protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
resp.setContentType("text/plain");
resp.setCharacterEncoding("UTF-8");
resp.getWriter().write("OK\n");
resp.flushBuffer();
resp.getWriter().write("OK\n");
resp.flushBuffer();
throw new ServletException();
}

The client receives a chunked response that looks like this:

HTTP/1.1 200
Content-Type: text/plain;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 03 Jun 2016 14:30:33 GMT

3
OK


The client should be able to work out the response is incomplete because
there is no end chunk ("0\r\n\r\n"). There isn't much else Tomcat can
do. It can't change the headers because the response is committed.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting HttpServletRequest in Login Module

[Mark Thomas]

On 03/06/2016 05:23, saurabh.su...@rbs.com.INVALID wrote:
> I want it to get the IP address in the Login module.
> 
> In JBoss 6 i got so:
> 
> 
> 1.private String getIP() throws PolicyContextException {
> 2.  HttpServletRequest request = (HttpServletRequest) 
> PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
> 3.  return request.getRemoteHost()
> 4.}
> 
> In Tomcat ,  i get an error: IllegalArgumentException: No 
> PolicyContextHandler for key=javax.servlet.http.HttpServletRequest
> 
> When scanning, I found that there are only two keys: CallbackHandler and 
> SubjectHandler...
> 
> 
> Thanks for you answers!

The answer hasn't changed from when you asked this question two weeks ago.


Unless you write some custom Tomcat code, no. You'd need to extend the
JAASRealm and the JAASCallbackHandler at a minimum.


Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AW: AW: How to cancel download on the server side

[Mark Thomas]

On 01/06/2016 23:08, Steffen Heil (Mailinglisten) wrote:
>>> That's another story.
>>> I tried that. And the internet explorer as well as curl report an error, if 
>>> the download stops without the ending 0\r\n.
>>>
>>> But I had to set "Connection: close" and "Transfer-Encoding: chunked" 
>>> myself and encode the chunk headers myself.
>>> If I leave these two headers out, tomcat managed the transfer-encoding (as 
>>> I set no Content-Length header) which I would prefer.
>>> However then I find no way to close the connection. If I call "close()" on 
>>> the OutputStream tomcat sends 0\r\n.
>>> Even if I throw an exception, tomcat "correctly" closes the stream.
>>> I did not find any way to close it without that.
>>>
>>> Is there any way to do so?
>>
>> Tomcat version?
> 
> 8.0.26

There was a change back in 8.0.9 that I thought addressed this. I need
to do a little digging.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to cancel download on the server side

[Olaf Kock]

Am 03.06.2016 um 15:51 schrieb Steffen Heil (Mailinglisten):
> NO. We want to stream the results to the client... It usually is
> several times bigger than the memory at hand.
I can think of three options right now:
* Know the content-length upfront (which you don't) - with that clients
could detect incomplete downloads.
* If you're in control of the application that processes the download,
tag some bytes to the end that clearly mark the file as valid (or
invalid) and check for these marker's presence or nonpresence before
processing the file
* Process a hash or signature during transmission (server side) and
store it - this way the file can be validated later and you only need to
store a small hash value on the server once the download has completed.

However, when you don't store the file temporarily, you also can't
continue the download after a network failure (e.g. after partial
download) - if that's not an issue for you: fine. If you're sending it
through a public network that might fail, you might want to be prepared
for such an event and be able to recover. I'd expect disk space (esp.
temporarily) to not be too prohibitive (you can start streaming while
you store the file to disk on the server)

Hope it helps,
Olaf


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

AW: AW: How to cancel download on the server side

[Steffen Heil (Mailinglisten)]

Hi


> > Yes, we thought about that. However it still leaves the problem of a
> > lot of storage on the server that is used for no reason and increasing
> > the time to download the backup..
> So it's better to buffer the huge download in memory instead of on the disk? 
> Maybe I don't understand the use case.

NO.
We want to stream the results to the client...
It usually is several times bigger than the memory at hand.


> It sounds like Mark may have a solution for you in another branch of this 
> thread, anyway.

Did I miss a message on the list? So far I only got his question about the 
tomcat version...


Regards,
   Steffen



smime.p7s
Description: S/MIME cryptographic signature

Re: Tomcat 8.5.2 Beta and HTTP/2

[Mark Thomas]

On 02/06/2016 01:23, Sven Schleier wrote:
> True, you are right. Do you have any suggestion or sample configuration that 
> should work you can share, or anyone else?

https://www.youtube.com/watch?v=oCFwgMvouis

You can use 8.5.x where you see 9.0.x.

Setting
org.apache.coyote.http2.level = FINE
in logging.properties will show you what is going on.

Mark


> 
> 
> On 1/6/16, 9:13 PM, "Mark Thomas"  wrote:
> 
>> On 01/06/2016 14:07, Sven Schleier wrote:
>>> Yes. That’s possible. I am just missing the “HTTP/1.1 101 Switching 
>>> Protocols” so it’s not switching to HTTP/2.
>>
>> You'll only get that if you try to use HTTP/2 over a non-TLS channel.
>>
>> When using TLS, ALPN is used to negotiate the protocol.
>>
>> Mark
>>
>>
>>>
>>>
>>> On 1/6/16, 7:04 PM, "Mark Thomas"  wrote:
>>>
 On 01/06/2016 03:16, Sven Schleier wrote:
> Hi mailinglist,
>
> I just want to play around with the new HTTP/2 implementation of Tomcat
> 8.5.2 Beta. The tomcat instance is up and running and the h2 support is
> activated, according to the log during startup:
>
> 01-Jun-2016 01:57:52.544 INFO [main]
> org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol
> The ["https-openssl-apr-8443"] connector has been configured to support
> negotiation to [h2] via ALPN
>
>
> But when I try to connect via nghttp (command line client for HTTP/2),
> it tells me that h2 is not available.
>
> ➜  apache-tomcat-8.5.2 nghttp -v https://127.0.0.1:8443
> 

 Can you connect via https + HTTP/1.1

 Mark


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5.2 Beta and HTTP/2

[Sven Schleier]

Hi Chris,

➜  apache-tomcat-8.5.2 nghttp -v https://127,0.0.1:8443
[  0.000] Connected
[ERROR] HTTP/2 protocol was not selected. (nghttp2 expects h2)
Some requests were not processed. total=1, processed=0

I am not getting more information. Same behavior with hostname 

Thanks and cheers,

Sven 


On 3/6/16, 5:14 AM, "Christopher Schultz"  wrote:

>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>Sven,
>
>On 6/1/16 8:23 PM, Sven Schleier wrote:
>> True, you are right. Do you have any suggestion or sample 
>> configuration that should work you can share, or anyone else?
>
>$ nghttp -v https://127.0.0.1:8443/
>
>??
>
>What if you use the hostname of the machine instead of the IP address?
>
>- -chris
>
>> On 1/6/16, 9:13 PM, "Mark Thomas"  wrote:
>> 
>>> On 01/06/2016 14:07, Sven Schleier wrote:
 Yes. That’s possible. I am just missing the “HTTP/1.1 101
 Switching Protocols” so it’s not switching to HTTP/2.
>>> 
>>> You'll only get that if you try to use HTTP/2 over a non-TLS
>>> channel.
>>> 
>>> When using TLS, ALPN is used to negotiate the protocol.
>>> 
>>> Mark
>>> 
>>> 
 
 
 On 1/6/16, 7:04 PM, "Mark Thomas"  wrote:
 
> On 01/06/2016 03:16, Sven Schleier wrote:
>> Hi mailinglist,
>> 
>> I just want to play around with the new HTTP/2
>> implementation of Tomcat 8.5.2 Beta. The tomcat instance is
>> up and running and the h2 support is activated, according
>> to the log during startup:
>> 
>> 01-Jun-2016 01:57:52.544 INFO [main] 
>> org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradePr
>otocol
>>
>> 
>The ["https-openssl-apr-8443"] connector has been configured to support
>> negotiation to [h2] via ALPN
>> 
>> 
>> But when I try to connect via nghttp (command line client
>> for HTTP/2), it tells me that h2 is not available.
>> 
>> ➜  apache-tomcat-8.5.2 nghttp -v https://127.0.0.1:8443 
>> 
> 
> Can you connect via https + HTTP/1.1
> 
> Mark
> 
> 
> ---
>- --
>
> 
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail:
> users-h...@tomcat.apache.org
> 
 
 
 
>- -

 
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
>>> 
>>> 
>>> -
>>>
>>> 
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>> 
>> 
>> 
>> -
>>
>> 
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>-BEGIN PGP SIGNATURE-
>Comment: GPGTools - http://gpgtools.org
>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
>iQIcBAEBCAAGBQJXUKGoAAoJEBzwKT+lPKRYc74QAI7Dejl+7A3NbioSF5kdK/gz
>rmCj04+ni19aiB1Tsn7AuHoVQDB7fGd9AafC3qTHo0tr3BlKHDPHzlaNk61iwElD
>R4apbbXxDfnFZCnBAulLlFGXcYjJz7XJ2yNAOa1wLChhOmVV+HZmtI8z/HfenDFu
>lTFb6V+/NZOV3Si2kYuc8UmzOdo7claa7LuCZLPKzYp0KPMEW98xY3rQFXWE6VXG
>5A4gME4hB3nXc90JztDKjCVZClrM/GwDJ2IYJlW1foYLKFfRuE+eR3Cny72+41DU
>LtoMrl6Zg1tX75OneNroHU/MUB7Kec3hYanolCXVMxlyk8vjvY+WLglWCzyVtDNB
>/xazJDse7x98KntFjNWGZmWNu0dQFBXGvrLzFh49IKgyfqq+f4n4TD8nmz3kMWEI
>YllV2MWV3sh15XNQ2JkB7FOxxdQzKViSwncUclVQJpIVF7lB0AB09idcwkY4mm6E
>0mzBAGuAZ/Orf32Q0MP5+f6584YFpC8jV2+DHb1kxVu1mpXzDmp34jJ8yrYQlSEA
>rTG6zYUXE9nrJlLWliNOSJSNXW6AcLpDuGrSEqLlFgmvhlR/wURLjmEydu0Ln2tO
>g6FXzWh1qGd7uq3d9GkdMYMc32MetR3Vnkxh7gsWjzUTZrqX05sRx+3d8paman2Q
>O6Tq0FIbMLL9FopoPh96
>=6s4p
>-END PGP SIGNATURE-
>
>-
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: users-h...@tomcat.apache.org
>