Re: Number of Web Applications in one Tomcat: THANKS!

[Igal Sapir]

Chris,

On Thu, Nov 1, 2018 at 10:13 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

>
> On 11/1/18 12:06, Igal Sapir wrote:
> > On Thu, Nov 1, 2018 at 7:39 AM André Warnier (tomcat)
> >  wrote:
> >
> >> On 01.11.2018 14:51, Christopher Schultz wrote:
> >>> We assign each dev a number and each application a number. Each
> >>> pair of dev+app yields an actual port number. This works great
> >>> in development so nobody ever steps on anyone's toes. In other
> >>> environments (test, prod, etc.) there is only ever one "dev
> >>> number" and that's "the deployer".
>  
> >
> > This new feature from BZ 61171 might make life easier for
> > deployments of such setups: Add port offset attribute (portOffset?)
> > to Server configuration
> > https://bz.apache.org/bugzilla/show_bug.cgi?id=61171
>
> Yup. We don't happen to use that feature, but that's just because we
> baked everything into our deployment scripts back in 2003. :)
>

Right, given the fact that it was only added to dev a few hours ago
(r1845482) I don't expect anyone to be using it yet ;)

I like your idea of `port = dev + app`.  In development, I often find
myself disabling the AJP and SHUTDOWN ports to avoid binding conflicts.  In
production, one of the organizations for which I provide support has about
200 different applications, with deployment scripts that sets the different
ports and map the web server accordingly.

Come 9.0.13 the new portOffset feature can make such deployment a little
easier.

Best,

Igal

Re: Debugging tomcat native connector

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 11/1/18 11:51, Mark A. Claassen wrote:
> Thanks for the reply.  I am using 
> "org.apache.coyote.http11.Http11AprProtocol" in Tomcat 9.
> 
> The NIO connectors worked fine when we tried them, but the native 
> ones seem to start up, but then don’t work.
> 
> Interestingly, we found out that these connectors do eventually
> start working!  We tried to connect a few hours later and they were
> working fine. We are now trying to determine exactly how long it
> takes for them to accept connections in hopes that this will help
> us figure out what is going on.
> 
> Having a way to debug this better would be helpful.
Are you getting log entries in catalina.out similar to these?

INFO: Starting ProtocolHandler ["ajp-nio-8215"]
Oct 10, 2018 4:23:38 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-nio-127.0.0.1-8217"]
Oct 10, 2018 4:23:38 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 6819 ms

??

If so, there should also be some timing information for initializing
certain things. For example, if the server doesn't have much entropy
in the entropy pool, then you can get a slow-startup while the crypto
engine starts. This may be worse with the APR connector than for the
NIO connectors as the source of randomness may be different by default
(e.g. /dev/urandom for Java, /dev/random for APR). That may not
actually be *true*, but it's a possibility.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvbNXYACgkQHPApP6U8
pFhXkBAAny/RjuglPB38vMd1HZ45+9ifW4zRVgGY+2VjtJLSCJKf8+bouMdr6ZWY
5MbE9ru4WYNnIE7J01gYK7vjGfrotjxNLVAsY52qiCAf9u6Q+hsZb00T5B9Fog+z
9lFm2J4alHUMTe758vBJDtuuCqiB3I3SaY2f5rp5TiCWYVExrbNDQUe50ClbqFmB
+/e0XIybWXMCPsgylfyqQIZLwJ3t/Q+1eocQUIst86+tMrJdv2PWu+b7+J2y752Y
8dy3LqUjLQ218nDaXe1DXnWajunhuwAunK0/y1fL4pqlwJYDf6GTuWbW+AVDkBZh
3Q1o74QmM230FVyBhll2HSh9wi+rOON7MnjQD8Buks8LeTzyHRdGPRnFXoZm4H99
Re5uDXHLsJ0pweucVc4hqfE+2BxW33GT36FHUjGVAijMO6V3NX4CYhiOD7XkSlaz
uvoC+3ibhZZrgmc1AkM122u0YciSLDLb5iqGoVP/cOGJ0JVEwlEPMrpwSSe0ZTXz
BB6mTRu9WzN9j4YboTNmuiYnBx6wDAEWu+f9CjFptw7qGcwrzqrFyLp+/QuYzf4l
3iEVDlXPjF0bFsuJOvTChxfVm7s5NrxUBf2hJfMxmuKjeKKPZElgnWYtyoKokCHW
GNUD+HIGvJmc5bICo+WRzyf7zu1bsVoATcNvzM+K9WF1TBsrS+I=
=7fqB
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Number of Web Applications in one Tomcat: THANKS!

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Igal,

On 11/1/18 12:06, Igal Sapir wrote:
> On Thu, Nov 1, 2018 at 7:39 AM André Warnier (tomcat)
>  wrote:
> 
>> On 01.11.2018 14:51, Christopher Schultz wrote:
>>> We assign each dev a number and each application a number. Each
>>> pair of dev+app yields an actual port number. This works great
>>> in development so nobody ever steps on anyone's toes. In other 
>>> environments (test, prod, etc.) there is only ever one "dev
>>> number" and that's "the deployer".
>> 
>> I don't know if this is original or a system that is aready
>> well-known in this industry, but that sounds like a really clever
>> idea to me. Our own context is bit different, but I'm sure there
>> is a way for us to re-use this.
>> 
> 
> +1
> 
> This new feature from BZ 61171 might make life easier for
> deployments of such setups: Add port offset attribute (portOffset?)
> to Server configuration 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=61171

Yup. We don't happen to use that feature, but that's just because we
baked everything into our deployment scripts back in 2003. :)

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvbNDsACgkQHPApP6U8
pFiPhxAAqayojWGqEYrW6K10n7HNXb3OBK7Wzjm02JoB9kiiHn1io7APMpkoKTVg
hL/LhDPpqClJ0Mdq1VRmfG2qICQe2hQXSrIjiB1v+sbuL9c/5xFc9e+6gzG8jWSL
mZmP+aUqV6aAcG0b7cPulTF8YREH0clkSfFQp6eAxVCm7YETPGt0gC5MuYlY4jB2
yK3PiXmoPnRjz87nrFccw3tYpJYbGc3QnOiDfJp6Z6hsYvuE+i0zygU3mjyiFvfL
W7rLq0tkfWwNmiLgFhk4IRiGiiUbjKKeCupcSiMdTDp5vP7507ZACAGED+4kdail
JQ3Tafc608vXuLk78aw6+1e5tHURcB/3HojD1Rwa7iy3E3sNke1ToVWjNZ/z82aN
pJNX8vBYroTHgQU7ZFpF3+UiS6Hh4+nMgn78Gl0yBELBxQVOcqIF91ZjST85zFSZ
Zw2AV8d7ekqzo3tX+5+9vEbTreGdepBwrsF/t35RlwUTXYCZpLuFAdifhseIOnXJ
lCCryd7FsaplhJaKZWEAYqUDle/u7BUclxykKiQXXaJl7TT7xtWDlk0aZ++/S5q9
nncMkc0CeL7xruPSxbamDyrNQCvrB2mNAj/zj4Xa+xjFoY09vdqVt3MVm8HrTYeq
+i2NrdXPf3ucs62cTLMa4tdI5ev26nrLk5SUEEcq+N6Jl2X5wPQ=
=5tQt
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Number of Web Applications in one Tomcat: THANKS!

[Igal Sapir]

On Thu, Nov 1, 2018 at 7:39 AM André Warnier (tomcat)  wrote:

> On 01.11.2018 14:51, Christopher Schultz wrote:
> > We assign each dev a number and each application a number. Each pair
> > of dev+app yields an actual port number. This works great in
> > development so nobody ever steps on anyone's toes. In other
> > environments (test, prod, etc.) there is only ever one "dev number"
> > and that's "the deployer".
>
> I don't know if this is original or a system that is aready well-known in
> this industry,
> but that sounds like a really clever idea to me. Our own context is bit
> different, but I'm
> sure there is a way for us to re-use this.
>

+1

This new feature from BZ 61171 might make like easier for deployments of
such setups:
Add port offset attribute (portOffset?) to Server configuration
https://bz.apache.org/bugzilla/show_bug.cgi?id=61171

Igal

RE: Debugging tomcat native connector

[Mark A. Claassen]

Thanks for the reply.  I am using "org.apache.coyote.http11.Http11AprProtocol" 
in Tomcat 9.

The NIO connectors worked fine when we tried them, but the native ones seem to 
start up, but then don’t work. 
 
Interestingly, we found out that these connectors do eventually start working!  
We tried to connect a few hours later and they were working fine.  
We are now trying to determine exactly how long it takes for them to accept 
connections in hopes that this will help us figure out what is going on.

Having a way to debug this better would be helpful.


Mark Claassen
Senior Software Engineer

Donnell Systems, Inc.
130 South Main Street
Leighton Plaza Suite 375
South Bend, IN  46601
E-mail: mailto:mclaas...@ocie.net
Voice: (574)232-3784
Fax: (574)232-4014

Disclaimer:
The opinions provided herein do not necessarily state or reflect 
those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and 
assumes no legal liability or responsibility for the posting. 
-Original Message-
From: Roger Brechbühl  
Sent: Wednesday, October 31, 2018 5:25 PM
To: Tomcat Users List 
Subject: Re: Debugging tomcat native connector

with which connector do you have problems? nio, nio2 or apr?

I ask because we have problems with nio2-openssl when ssl session is reused 
e.g. when a request is proxied with nginx.

kind regards,
Roger

Mark A. Claassen  schrieb am Mi. 31. Okt. 2018 um 15:32:

> Is there a way to debug the native connectors?  Specifically, we are 
> having some problems getting the native openssl connector working on Ubuntu.
> Doing an strace on the process shows a lot of FUTEX_WAIT_PRIVATE, but 
> we don't know why.  We were hoping that there was some way to get more 
> information.
>
> Thanks,
>
> Mark Claassen
> Senior Software Engineer
>
> Donnell Systems, Inc.
> 130 South Main Street
> Leighton Plaza Suite 375
> South Bend, IN  46601
> E-mail: mailto:mclaas...@ocie.net
> Voice: (574)232-3784
> Fax: (574)232-4014
>
> Disclaimer:
> The opinions provided herein do not necessarily state or reflect those 
> of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes 
> no legal liability or responsibility for the posting.
>
>

Re: Number of Web Applications in one Tomcat: THANKS!

[tomcat]

On 01.11.2018 14:51, Christopher Schultz wrote:

We assign each dev a number and each application a number. Each pair
of dev+app yields an actual port number. This works great in
development so nobody ever steps on anyone's toes. In other
environments (test, prod, etc.) there is only ever one "dev number"
and that's "the deployer".


I don't know if this is original or a system that is aready well-known in this industry, 
but that sounds like a really clever idea to me. Our own context is bit different, but I'm 
sure there is a way for us to re-use this.

Thanks.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Number of Web Applications in one Tomcat: THANKS!

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

George,

On 10/31/18 14:17, George Stanchev wrote:
> This is an interesting discussion. Are there any guides to 
> alleviating management work of such deployments?

It's a little out of scope for this community (formally), but there
may be people here who can share their stories.

> For example, how do you deal with the port mapping?
We assign each dev a number and each application a number. Each pair
of dev+app yields an actual port number. This works great in
development so nobody ever steps on anyone's toes. In other
environments (test, prod, etc.) there is only ever one "dev number"
and that's "the deployer".

> Or logs - do you collect at a common location or let each app log
> in its corner ?

We use separate logs, but many logging systems allow for log
aggregation. I know e.g. log4j has a SysLogAppender and you can do
*anything* with that.

> Can you share configuration across instances such as SSL, JNDI 
> configuration, etc?
We use revision-control for that kind of thing with replaceable
parameters for things like relocatable resources (e.g. database URLs)
and sensitive information (e.g. passwords).

We use "ant" for deployment, which merges the configuration(s) under
revision-control with a set of local settings to build a working
configuration.

> Any blogs to such approach?

Not that I have personally written. Configuration-management and
deployment strategies are typically very environment-specific.

- -chris

> -Original Message- From: Christopher Schultz
>  Sent: Wednesday, October 31, 2018
> 9:29 AM To: users@tomcat.apache.org Subject: Re: Number of Web
> Applications in one Tomcat: THANKS!
> 
> Guido,
> 
> On 10/31/18 05:14, Jäkel, Guido wrote:
>>> Has anyone ever attacked one of your web applications? There
>>> are some fun ways to make an application use a huge amount of
>>> memory. Just because the applications themselves are behaving
>>> doesn't mean that all the users are behaving.
>>> 
>>> For example, do you have a max POST size set for your
>>> application? If not, I can send your login form a username that
>>> is so long it might exhaust your heap. 2147483647 characters is
>>> a LOT of characters.
>>> 
>>> If you have a max POST size, maybe you don't filter-out PUT
>>> requests, and have Tomcat parsing those for you. Same problem,
>>> there.
> 
>> Dear Chris,
> 
>> But that's no argument for or against running more than one 
>> application per Tomcat: If you're not aware of such things, one
>> may attack your other Tomcats in the same way because of
>> identical configuration.
> 
> Yes and no.
> 
> Presumably, more than one application means more resources required
> in general. Since each application might experience "peak" usage
> simultaneously, you must over-provision *for both*. That actually 
> *helps* you against the kind of attack I proposed (more memory is
> slightly more difficult to fill than less).
> 
> On the other hand, each application has different requirements. 
> Perhaps one application needs to be able to accept file uploads
> while the other one does not. That means that the application which
> need not accept large POST requests is now vulnerable because of a
> shared resource 9memory) which the other application can allow
> attackers to consume.
> 
>> Of course, if you plan to run a couple of applications per
>> Tomcat, you may also plan to spread it to more than instance to
>> have a fail-over or load balancing . But even if you use a
>> HA-cluster with one App per cluster member: If one is able to
>> crash the Application by a Request on one cluster member, this
>> might be repeated on the other members without noteworthy costs.
> 
> Cascade failures can indeed be a serious problem.
> 
> It's generally more difficult to crash a Tomcat instance with a
> single request. It usually requires multiple requests (sometimes 
> concurrently) and so that provides the admin more opportunities at
> mitigation.
> 
> -chris
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvbBOUACgkQHPApP6U8
pFjJKg/+KOX+zbD+fIIPDmUToZYCFgCt8fjWUsoUVStfsMzhLCrQ6j0c6iRkIOMl
9SuaorrIhVAPRDJ3M/7tqij5a/Mf2QdVeTEtdCp9VpHeIREmOewtwDPO5ZgW89P0
QECvZ5VyqgXkWqViWE2l8xxCBj4R/3U9oeUkAMBF56HJQSHogr/LYlsiJx8EU116
tmh9QVDZrStD22qG4Lvj997ePJ9qHCePfprerlNjszS9iZr5CmigSB3mC3YZSj1Z
L202zj65BABHTvN5uk3pnJ+xsWzdf/55+nnMCleww0LeV3fV9EUaoE9ch44u0T1E
Is62vgkPS6IASYnQMc6MPMFqHgcePKuAPMnYmmc8/mId4839h7RYZnaXF75e8Lzk

Re: RemoteAddrValve | IP Subnet

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

André,

On 11/1/18 09:23, André Warnier (tomcat) wrote:
> On 01.11.2018 13:34, Mark Thomas wrote:
>> On 01/11/2018 12:23, André Warnier (tomcat) wrote:
>>> On 01.11.2018 12:35, Madhur Khurana wrote:
 Hi,
 
 I am using tomcat8 and would like to configure ip address
 with subnet in RemoteAddrValve for IP whitelisting (Example:
 0.0.0.0/0). Can anyone help in how to configure subnet in
 allow field.
 
>>> 
>>> The page at 
>>> http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_Add
ress_Valve
>>>
>>>
>>> 
looks pretty easy to understand.
>> 
>> https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_CID
R_Valve
>>
>>
>>
>> 
might be a better match for what the OP is looking for.
> 
> With a slight critic of that section though : it states "This
> valve mimicks Apache's Order, Allow from and Deny from
> directives..". That was Apache httpd up to 2.2, which is
> end-of-life since 2018/01/01. Apache httpd 2.4 (the current
> version) has changed that syntax (and the underlying logic) quite a
> bit, and Order, Allow/Deny are now deprecated and replaced by 
> Require [not] IP (with a wide variety of expressions for IP) See
> https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html
> 
> Iow, the reference to "Apache" might best be removed, lest it
> confuses more than enlightens the casual reader.

Perhaps. Why not just patch it, then? ;)

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvbA50ACgkQHPApP6U8
pFh4OBAAwgK7C7wprX6ylW98GKnOY1QwWcW6si9EIYTRgNjTvzPIHXJY78R7ZmZW
VcPC5TeoeWoEeE/Ekz3GRRkAaiJAL2pmU+4qVFIErNjN5CfQheGgPFt9agDFxT8t
I0g3hSYCNdcrd9B6Gb2mQpmk6I7CXwyGKaRtwhghGB+iGBaFOkRpKvboZCUKGF2j
AMnvwTEaRU5w5Q1lP/pDoaun/yYXo8eE9N5kKBVQW41UHdg40hhE4XEvq2mdsMw0
exM2Yt3Dx3MtfSUVl0u/kxTxZ5dXTBTAhXhY7oIqPSFmpr+UFEOJSyUr1bU541uv
Ui7+xoBu8/mEjMQztEIkE/0sWM/Txj7tnfGkm8PDAcMxMATfwFyZG15/ps4Jsec3
6TbFeW8HLLRU73hr6NrqxTeXL0Fw8mClY07FUKskeRtVRy/8dFAv1q2E7KBF0QGs
OauRf3bVsdKhxWhb+RHSa5kG0DmOICy7emjcnKFzpwJ6KRYZctY62iC6uD593nW8
Vpj3fM0XMXeeRGbflxvE2TN63KX7ZQ0PkNfi+E5mTrMpHATdXypmycglVam+J8IK
+TAeEgYD+FxpeGbAp+Iz2EUlfb7Je41Tx/1+QzBHAhVgr3jzu9xSPwkEEJSRI9r1
mlOUCLwkCwn0BY2s4Tp9NWXeBWhEA/vf3H+OAJHusURinDewz0A=
=KpvG
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: RemoteAddrValve | IP Subnet

[tomcat]

On 01.11.2018 13:34, Mark Thomas wrote:

On 01/11/2018 12:23, André Warnier (tomcat) wrote:

On 01.11.2018 12:35, Madhur Khurana wrote:

Hi,

I am using tomcat8 and would like to configure ip address with subnet
in RemoteAddrValve for IP whitelisting (Example: 0.0.0.0/0). Can
anyone help in how to configure subnet in allow field.



The page at
http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_Address_Valve
looks pretty easy to understand.


https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_CIDR_Valve

might be a better match for what the OP is looking for.


With a slight critic of that section though : it states "This valve mimicks Apache's 
Order, Allow from and Deny from directives..".

That was Apache httpd up to 2.2, which is end-of-life since 2018/01/01.
Apache httpd 2.4 (the current version) has changed that syntax (and the underlying logic) 
quite a bit, and Order, Allow/Deny are now deprecated and replaced by

Require [not] IP
(with a wide variety of expressions for IP)
See https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html

Iow, the reference to "Apache" might best be removed, lest it confuses more than 
enlightens the casual reader.




Mark



Example 1 provides the syntax you are looking for.

By combining "allow" and "deny" attributes with the appropriate regular
expressions, you can allow or deny access (aka whitelist or blacklist)
from any range of client IP addresses.
Without a precise indication of which IP addresses/subnets you want to
"whitelist", there is not much else anyone here can tell you.

Is it (a) the "regular expression" part that you are having problems
with, or (b) the IP address format, or (c) the definition of a "subnet",
or .. ?

For (a), see for example :
http://www.vogella.com/tutorials/JavaRegularExpressions/article.html
For (b) and (c), start perhaps here :
https://en.wikipedia.org/wiki/Subnetwork




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: precompile JSPs failure issue - Tomcat community

[Rathore, Rajendra]

Hi Chao,

We already tried it and it still failing.

Thanks and Regards,
Rajendra Rathore
9922701491

-Original Message-
From: Guang Chao  
Sent: 01 November 2018 06:07 PM
To: Tomcat Users List 
Subject: Re: precompile JSPs failure issue - Tomcat community

On Thu, Nov 1, 2018 at 7:13 PM Rathore, Rajendra  wrote:

> Hi Mark,
>
> I am suspecting the same in 8.5.33 tomcat, do you still won't me to 
> check it on tomcat 8.5.33?
>

How about increasing your perm memory?


>
> Thanks and Regards,
> Rajendra Rathore
> 9922701491
>
> -Original Message-
> From: Guang Chao 
> Sent: 01 November 2018 03:41 PM
> To: Tomcat Users List 
> Subject: Re: precompile JSPs failure issue - Tomcat community
>
> On Thu, Nov 1, 2018 at 5:33 PM Mark Thomas  wrote:
>
> > On 01/11/2018 09:21, Rathore, Rajendra wrote:
> > > Hi Team,
> > >
> > >
> > >
> > > We have precompileJSPs tests that include compilation of around 
> > > 4000 jsp files. After upgrading to Tomcat *8.5.34* from Tomcat 
> > > *8.5.32* we are facing an *Error:*/java.lang.OutOfMemoryError: 
> > > unable to create new native thread /
> > >
> > >
> > >
> > > The machines on which tests were executed have *16GB* of RAM, out 
> > > of which around *13GB* was free.
> > >
> > > The precompileJSPs tests were executed on Tomcat *8.5.34* by 
> > > setting ANT_OPTS from -Xmx4096m to -Xmx10240m, But Still the 
> > > result was /OutOfMemoryError./
> > >
> > > / /
> > >
> > > However, We successfully tested precompileJSPs tests for Tomcat
> > > *8.5.32 *with ANT_OPTS as -Xmx384m
> > >
> > >
> > >
> > > Can someone please have a look into this issue?
> >
> > Have you looked at the change log for the changes between 8.5.32 and
> > 8.5.34 that might be relevant?
> >
>
> It could be changelog in 8.5.33
>
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbz.ap
> ache.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D53011data=02%7C01%7Crar
> athore%40ptc.com%7Cc0bce30fc877421ebd6808d63ff6f1f2%7Cb9921086ff774d0d
> 828acb3381f678e2%7C0%7C0%7C636766727188877636sdata=diEmx1WNaWPvH%
> 2FGMd8Ex%2B4AgZCaGxcC6fez5UD%2FEF1c%3Dreserved=0
>
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbz.ap
> ache.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D53492data=02%7C01%7Crar
> athore%40ptc.com%7Cc0bce30fc877421ebd6808d63ff6f1f2%7Cb9921086ff774d0d
> 828acb3381f678e2%7C0%7C0%7C636766727188877636sdata=rl1N7m5upe4E7A
> 3zTAx4oht2cjUHfuDoNCWoOHKfkrs%3Dreserved=0
>
>
>
> >
> > Have you tried testing with 8.5.33 to narrow down the version in 
> > which the issue first appears?
> >
> > Mark
> >
> > 
> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>
> --
> Guang <
> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjavade
> vnotes.com%2Fjava-string-to-datedata=02%7C01%7Crarathore%40ptc.co
> m%7Cc0bce30fc877421ebd6808d63ff6f1f2%7Cb9921086ff774d0d828acb3381f678e
> 2%7C0%7C0%7C636766727188877636sdata=lEQmu2kFIquRsA5rAeVw17HYosy6O
> 03GGZvt6d6CWCA%3Dreserved=0
> >
>


--
Guang 

Re: precompile JSPs failure issue - Tomcat community

[Guang Chao]

On Thu, Nov 1, 2018 at 7:13 PM Rathore, Rajendra  wrote:

> Hi Mark,
>
> I am suspecting the same in 8.5.33 tomcat, do you still won't me to check
> it on tomcat 8.5.33?
>

How about increasing your perm memory?


>
> Thanks and Regards,
> Rajendra Rathore
> 9922701491
>
> -Original Message-
> From: Guang Chao 
> Sent: 01 November 2018 03:41 PM
> To: Tomcat Users List 
> Subject: Re: precompile JSPs failure issue - Tomcat community
>
> On Thu, Nov 1, 2018 at 5:33 PM Mark Thomas  wrote:
>
> > On 01/11/2018 09:21, Rathore, Rajendra wrote:
> > > Hi Team,
> > >
> > >
> > >
> > > We have precompileJSPs tests that include compilation of around 4000
> > > jsp files. After upgrading to Tomcat *8.5.34* from Tomcat *8.5.32*
> > > we are facing an *Error:*/java.lang.OutOfMemoryError: unable to
> > > create new native thread /
> > >
> > >
> > >
> > > The machines on which tests were executed have *16GB* of RAM, out of
> > > which around *13GB* was free.
> > >
> > > The precompileJSPs tests were executed on Tomcat *8.5.34* by setting
> > > ANT_OPTS from -Xmx4096m to -Xmx10240m, But Still the result was
> > > /OutOfMemoryError./
> > >
> > > / /
> > >
> > > However, We successfully tested precompileJSPs tests for Tomcat
> > > *8.5.32 *with ANT_OPTS as -Xmx384m
> > >
> > >
> > >
> > > Can someone please have a look into this issue?
> >
> > Have you looked at the change log for the changes between 8.5.32 and
> > 8.5.34 that might be relevant?
> >
>
> It could be changelog in 8.5.33
>
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbz.apache.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D53011data=02%7C01%7Crarathore%40ptc.com%7Cb925903f163440c0623908d63fe25fc4%7Cb9921086ff774d0d828acb3381f678e2%7C0%7C0%7C636766638847501834sdata=0pWCHhvlD%2FBKThN%2FvGEbfDE1%2F4SSXHYOaQIx028%2Fk9Q%3Dreserved=0
>
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbz.apache.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D53492data=02%7C01%7Crarathore%40ptc.com%7Cb925903f163440c0623908d63fe25fc4%7Cb9921086ff774d0d828acb3381f678e2%7C0%7C0%7C636766638847501834sdata=jzH4WEv0RTY%2BvJYmGvNIKS%2FFM6OSO4Kc8ZFRX4hmt2s%3Dreserved=0
>
>
>
> >
> > Have you tried testing with 8.5.33 to narrow down the version in which
> > the issue first appears?
> >
> > Mark
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>
> --
> Guang <
> https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjavadevnotes.com%2Fjava-string-to-datedata=02%7C01%7Crarathore%40ptc.com%7Cb925903f163440c0623908d63fe25fc4%7Cb9921086ff774d0d828acb3381f678e2%7C0%7C0%7C636766638847501834sdata=S2z9J%2Bb75VYOsUR0aeRgyXIAjBTUVPvMxM7BU%2FGCDQ0%3Dreserved=0
> >
>


-- 
Guang 

Re: RemoteAddrValve | IP Subnet

[Mark Thomas]

On 01/11/2018 12:23, André Warnier (tomcat) wrote:
> On 01.11.2018 12:35, Madhur Khurana wrote:
>> Hi,
>>
>> I am using tomcat8 and would like to configure ip address with subnet
>> in RemoteAddrValve for IP whitelisting (Example: 0.0.0.0/0). Can
>> anyone help in how to configure subnet in allow field.
>>
> 
> The page at
> http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_Address_Valve
> looks pretty easy to understand.

https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_CIDR_Valve

might be a better match for what the OP is looking for.

Mark

> 
> Example 1 provides the syntax you are looking for.
> 
> By combining "allow" and "deny" attributes with the appropriate regular
> expressions, you can allow or deny access (aka whitelist or blacklist)
> from any range of client IP addresses.
> Without a precise indication of which IP addresses/subnets you want to
> "whitelist", there is not much else anyone here can tell you.
> 
> Is it (a) the "regular expression" part that you are having problems
> with, or (b) the IP address format, or (c) the definition of a "subnet",
> or .. ?
> 
> For (a), see for example :
> http://www.vogella.com/tutorials/JavaRegularExpressions/article.html
> For (b) and (c), start perhaps here :
> https://en.wikipedia.org/wiki/Subnetwork
> 
> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: precompile JSPs failure issue - Tomcat community

[Mark Thomas]

On 01/11/2018 11:13, Rathore, Rajendra wrote:
> Hi Mark,
> 
> I am suspecting the same in 8.5.33 tomcat, do you still won't me to check it 
> on tomcat 8.5.33?

I'm simply providing some pointers to help you figure out what the
problem is. Which, if any, of those pointers you choose to follow is up
to you.

Mark


> Thanks and Regards,
> Rajendra Rathore
> 9922701491
> 
> -Original Message-
> From: Guang Chao  
> Sent: 01 November 2018 03:41 PM
> To: Tomcat Users List 
> Subject: Re: precompile JSPs failure issue - Tomcat community
> 
> On Thu, Nov 1, 2018 at 5:33 PM Mark Thomas  wrote:
> 
>> On 01/11/2018 09:21, Rathore, Rajendra wrote:
>>> Hi Team,
>>>
>>>
>>>
>>> We have precompileJSPs tests that include compilation of around 4000 
>>> jsp files. After upgrading to Tomcat *8.5.34* from Tomcat *8.5.32* 
>>> we are facing an *Error:*/java.lang.OutOfMemoryError: unable to 
>>> create new native thread /
>>>
>>>
>>>
>>> The machines on which tests were executed have *16GB* of RAM, out of 
>>> which around *13GB* was free.
>>>
>>> The precompileJSPs tests were executed on Tomcat *8.5.34* by setting 
>>> ANT_OPTS from -Xmx4096m to -Xmx10240m, But Still the result was 
>>> /OutOfMemoryError./
>>>
>>> / /
>>>
>>> However, We successfully tested precompileJSPs tests for Tomcat 
>>> *8.5.32 *with ANT_OPTS as -Xmx384m
>>>
>>>
>>>
>>> Can someone please have a look into this issue?
>>
>> Have you looked at the change log for the changes between 8.5.32 and
>> 8.5.34 that might be relevant?
>>
> 
> It could be changelog in 8.5.33
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbz.apache.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D53011data=02%7C01%7Crarathore%40ptc.com%7Cb925903f163440c0623908d63fe25fc4%7Cb9921086ff774d0d828acb3381f678e2%7C0%7C0%7C636766638847501834sdata=0pWCHhvlD%2FBKThN%2FvGEbfDE1%2F4SSXHYOaQIx028%2Fk9Q%3Dreserved=0
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbz.apache.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D53492data=02%7C01%7Crarathore%40ptc.com%7Cb925903f163440c0623908d63fe25fc4%7Cb9921086ff774d0d828acb3381f678e2%7C0%7C0%7C636766638847501834sdata=jzH4WEv0RTY%2BvJYmGvNIKS%2FFM6OSO4Kc8ZFRX4hmt2s%3Dreserved=0
> 
> 
> 
>>
>> Have you tried testing with 8.5.33 to narrow down the version in which 
>> the issue first appears?
>>
>> Mark
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> 
> --
> Guang 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: RemoteAddrValve | IP Subnet

[tomcat]

On 01.11.2018 12:35, Madhur Khurana wrote:

Hi,

I am using tomcat8 and would like to configure ip address with subnet in 
RemoteAddrValve for IP whitelisting (Example: 0.0.0.0/0). Can anyone help in 
how to configure subnet in allow field.



The page at http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_Address_Valve 
looks pretty easy to understand.


Example 1 provides the syntax you are looking for.

By combining "allow" and "deny" attributes with the appropriate regular expressions, you 
can allow or deny access (aka whitelist or blacklist) from any range of client IP addresses.
Without a precise indication of which IP addresses/subnets you want to "whitelist", there 
is not much else anyone here can tell you.


Is it (a) the "regular expression" part that you are having problems with, or (b) the IP 
address format, or (c) the definition of a "subnet", or .. ?


For (a), see for example : 
http://www.vogella.com/tutorials/JavaRegularExpressions/article.html

For (b) and (c), start perhaps here : https://en.wikipedia.org/wiki/Subnetwork




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RemoteAddrValve | IP Subnet

[Madhur Khurana]

Hi,

I am using tomcat8 and would like to configure ip address with subnet in 
RemoteAddrValve for IP whitelisting (Example: 0.0.0.0/0). Can anyone help in 
how to configure subnet in allow field.

Thanks,
Madhur

=
Please refer to http://www.aricent.com/email-disclaimer
for important disclosures regarding this electronic communication.
=

RE: precompile JSPs failure issue - Tomcat community

[Rathore, Rajendra]

Hi Mark,

I am suspecting the same in 8.5.33 tomcat, do you still won't me to check it on 
tomcat 8.5.33?

Thanks and Regards,
Rajendra Rathore
9922701491

-Original Message-
From: Guang Chao  
Sent: 01 November 2018 03:41 PM
To: Tomcat Users List 
Subject: Re: precompile JSPs failure issue - Tomcat community

On Thu, Nov 1, 2018 at 5:33 PM Mark Thomas  wrote:

> On 01/11/2018 09:21, Rathore, Rajendra wrote:
> > Hi Team,
> >
> >
> >
> > We have precompileJSPs tests that include compilation of around 4000 
> > jsp files. After upgrading to Tomcat *8.5.34* from Tomcat *8.5.32* 
> > we are facing an *Error:*/java.lang.OutOfMemoryError: unable to 
> > create new native thread /
> >
> >
> >
> > The machines on which tests were executed have *16GB* of RAM, out of 
> > which around *13GB* was free.
> >
> > The precompileJSPs tests were executed on Tomcat *8.5.34* by setting 
> > ANT_OPTS from -Xmx4096m to -Xmx10240m, But Still the result was 
> > /OutOfMemoryError./
> >
> > / /
> >
> > However, We successfully tested precompileJSPs tests for Tomcat 
> > *8.5.32 *with ANT_OPTS as -Xmx384m
> >
> >
> >
> > Can someone please have a look into this issue?
>
> Have you looked at the change log for the changes between 8.5.32 and
> 8.5.34 that might be relevant?
>

It could be changelog in 8.5.33
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbz.apache.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D53011data=02%7C01%7Crarathore%40ptc.com%7Cb925903f163440c0623908d63fe25fc4%7Cb9921086ff774d0d828acb3381f678e2%7C0%7C0%7C636766638847501834sdata=0pWCHhvlD%2FBKThN%2FvGEbfDE1%2F4SSXHYOaQIx028%2Fk9Q%3Dreserved=0
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbz.apache.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D53492data=02%7C01%7Crarathore%40ptc.com%7Cb925903f163440c0623908d63fe25fc4%7Cb9921086ff774d0d828acb3381f678e2%7C0%7C0%7C636766638847501834sdata=jzH4WEv0RTY%2BvJYmGvNIKS%2FFM6OSO4Kc8ZFRX4hmt2s%3Dreserved=0



>
> Have you tried testing with 8.5.33 to narrow down the version in which 
> the issue first appears?
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

--
Guang 

Re: precompile JSPs failure issue - Tomcat community

[Guang Chao]

On Thu, Nov 1, 2018 at 5:33 PM Mark Thomas  wrote:

> On 01/11/2018 09:21, Rathore, Rajendra wrote:
> > Hi Team,
> >
> >
> >
> > We have precompileJSPs tests that include compilation of around 4000 jsp
> > files. After upgrading to Tomcat *8.5.34* from Tomcat *8.5.32* we are
> > facing an *Error:*/java.lang.OutOfMemoryError: unable to create new
> > native thread /
> >
> >
> >
> > The machines on which tests were executed have *16GB* of RAM, out of
> > which around *13GB* was free.
> >
> > The precompileJSPs tests were executed on Tomcat *8.5.34* by setting
> > ANT_OPTS from -Xmx4096m to -Xmx10240m, But Still the result was
> > /OutOfMemoryError./
> >
> > / /
> >
> > However, We successfully tested precompileJSPs tests for Tomcat *8.5.32
> > *with ANT_OPTS as -Xmx384m
> >
> >
> >
> > Can someone please have a look into this issue?
>
> Have you looked at the change log for the changes between 8.5.32 and
> 8.5.34 that might be relevant?
>

It could be changelog in 8.5.33
https://bz.apache.org/bugzilla/show_bug.cgi?id=53011
https://bz.apache.org/bugzilla/show_bug.cgi?id=53492



>
> Have you tried testing with 8.5.33 to narrow down the version in which
> the issue first appears?
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 
Guang 

Re: precompile JSPs failure issue - Tomcat community

[Mark Thomas]

On 01/11/2018 09:21, Rathore, Rajendra wrote:
> Hi Team,
> 
>  
> 
> We have precompileJSPs tests that include compilation of around 4000 jsp
> files. After upgrading to Tomcat *8.5.34* from Tomcat *8.5.32* we are
> facing an *Error:*/java.lang.OutOfMemoryError: unable to create new
> native thread /
> 
>  
> 
> The machines on which tests were executed have *16GB* of RAM, out of
> which around *13GB* was free.
> 
> The precompileJSPs tests were executed on Tomcat *8.5.34* by setting
> ANT_OPTS from -Xmx4096m to -Xmx10240m, But Still the result was
> /OutOfMemoryError./
> 
> / /
> 
> However, We successfully tested precompileJSPs tests for Tomcat *8.5.32
> *with ANT_OPTS as -Xmx384m
> 
>  
> 
> Can someone please have a look into this issue?

Have you looked at the change log for the changes between 8.5.32 and
8.5.34 that might be relevant?

Have you tried testing with 8.5.33 to narrow down the version in which
the issue first appears?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

precompile JSPs failure issue - Tomcat community

[Rathore, Rajendra]

Hi Team,

We have precompileJSPs tests that include compilation of around 4000 jsp files. 
After upgrading to Tomcat 8.5.34 from Tomcat 8.5.32 we are facing an Error: 
java.lang.OutOfMemoryError: unable to create new native thread

The machines on which tests were executed have 16GB of RAM, out of which around 
13GB was free.
The precompileJSPs tests were executed on Tomcat 8.5.34 by setting ANT_OPTS 
from -Xmx4096m to -Xmx10240m, But Still the result was OutOfMemoryError.

However, We successfully tested precompileJSPs tests for Tomcat 8.5.32 with 
ANT_OPTS as -Xmx384m

Can someone please have a look into this issue?


Thanks and Regards,
Rajendra Rathore
9922701491

  
  


  



  

  





!+! EXITING FROM ANTCALL WITHIN PreCompileJsps[preCompileJsps.xml]

 [echo] FAILED to compile temp.jsp
 [echo] 
 [echo] The following error occurred while executing this line:
 [echo] preCompileJsps.xml: The following error occurred while executing 
this line:
 [echo] preCompileJsps.xml: java.lang.OutOfMemoryError: unable to create 
new native thread
  [antcall] Exiting preCompileJsps.xml.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: web.xml mime-mappings

[Luis Rodríguez Fernández]

Hello Baron,

There are no dumb questions, no worries :)

Are you referring to the $CATALINA_BASE/conf/web.xml by chance? This is the
default web.xml [1] that defines default values for all the webapps
deployed in your tomcat server. Me personally I rarely modify it.

 Me, as a sample web.xml I usually take either the one distributed in the
always good $CATALINA_BASE/webapps/examples/WEB-INF/web.xml or the one from
the classic "hello, world" app [2]

Hope it helps,

Luis

[1] https://tomcat.apache.org/tomcat-9.0-doc/default-servlet.html
[2] https://tomcat.apache.org/tomcat-9.0-doc/appdev/sample/






El jue., 1 nov. 2018 a las 3:01, Baron Fujimoto ()
escribió:

> Apologies in advance if this is a dumb question.
>
> I usually base our config files off of the sample config files as a
> starting point.
>
> The sample web.xml contains many mime-mapping elements (1000+ I think). Is
> there any good reason to include these if your application isn't going to
> use the vast majority of these mime-types? I.e., is it recommended to edit
> it down to just those that the application is likely to use? It seems like
> it would be less unwieldy if I did this, but I just want to make sure
> there's no compelling downside to it.
>
> --
> Baron Fujimoto  :: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett