RE: loss of connection with mod_jk(tomcat connector)

[Rathore, Rajendra]

Hi Mark,

We configure multiple tomcat and based on the configuration start other tomcat, 
since one tomcat running fine but after some time it will stop communicating, 
this problem we face from Tomcat Connector 1.2.46 version onwards, for 1.2.43 
it works fine, please let me know if I need to enable extra loggers that will 
help out to understand the problem better,

Thanks and Regards,
Rajendra Rathore
9922701491

-Original Message-
From: Mark Thomas  
Sent: 17 January 2019 05:05 AM
To: Tomcat Users List 
Subject: Re: loss of connection with mod_jk(tomcat connector)

External email from: users-return-29-rarathore=ptc@tomcat.apache.org

On 16/01/2019 12:26, Rathore, Rajendra wrote:
> Hi Team,
> 
>  
> 
> we are using Apache Http server with basic authentication, when we try 
> to send some request to apache for authentication it will fail with 
> 401 error and when we check the JK Status,
> 
> we found that status was not proper means instead of 'OK' state it was 
> 'Awaiting..'. We are facing this issue with tomcat connector 1.2.46, 
> it worked with 1.2.43. I attached our log files for your reference, 
> please let me know if you need anything else.

Logs show the Tomcat instances aren't listening on the configured host/ports.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: loss of connection with mod_jk(tomcat connector)

[Mark Thomas]

On 16/01/2019 12:26, Rathore, Rajendra wrote:
> Hi Team,
> 
>  
> 
> we are using Apache Http server with basic authentication, when we try
> to send some request to apache for authentication it will fail with 401
> error and when we check the JK Status,
> 
> we found that status was not proper means instead of 'OK' state it was
> 'Awaiting..'. We are facing this issue with tomcat connector 1.2.46, it
> worked with 1.2.43. I attached our log files for your reference, please
> let me know if you need anything else.

Logs show the Tomcat instances aren't listening on the configured
host/ports.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: After updating to Tomcat V7.0.78 from V7.0.54 JSP compilation fails due to 65535 bytes limit

[Mark Thomas]

On 16/01/2019 11:59, Rahul Singh wrote:
> Hi Tomcat Team,
> 
> Thanks for your always support and guidance !!
> 
> In one of the web application Tomcat is migrated from V7.0.54 to V7.0.78. 
> After update one phenomena is reported regarding JSP file compilation at run 
> time.
> 
> 
> From stack trace analysis it is evident that JSP to JAVA compilation is 
> surpassing the 65535 bytes limit.
> 
> After analysis we have found some solution, but we would like to know in 
> which version this change is introduced between Tomcat 7.0.54 and Tomcat 
> 7.0.78. If possible we would like to know what changes has been done in 
> tomcat that leads to this phenomena.

Generally, it is all related to tag handling and tag pooling.

https://tomcat.apache.org/tomcat-7.0-doc/changelog.html

7.0.71 - See Jasper section. Tag error handling. Added code.
7.0.74 - Bugs 60497 (added code)
7.0.76 - See Jasper section. Optimizations. Reduced code volume but
 cumulative effect was still an increase.

> JFYI, Same JSP was successfully executed and compiled in Tomcat 7.0.54. and 
> no information is mentioned in changelogs and release notes related to this 
> phenomena.

It is all in the change log. There are also quite a few references in
the archives of this mailing list around the time the change was introduced.

For future reference with similar issues, a diff between the Java source
code generated by 7.0.54 and that generated by 7.0.78 would have pointed
you in the right direction.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Deployment issues with multiple instance of Tomcat sharing web-apps directory

[Mark Thomas]

On 16/01/2019 10:26, Vinu Vibhu Sobhana wrote:
> Hai,
> 
> Iam new to mailing list and I apologize in advance if this is not the
> correct place..

Welcome to the Tomcat community. No need to apologise. And you are in
the right place.

> I am a system administrator and my development team creates application
> in JAVA that are been hosted on tomcat web-servers. While hosting the
> application, I was asked to explore the feasibility on the below
> points
> 
> 1. Can I have centralized web-apps directory for multiple tomcat
> instances hosted on the same or different servers. ie tomcat1 running
> on server1 and tomcat2 running on server2. Both servers are been
> assigned a common storage folder (via NFS) named "webstore" which has
> been mapped to both servers webapps directories. Now my query is upon
> starting tomcat instances on both servers, I should receive a working
> instance of my application on both servers.>
> Is this possible in any way or is there any other recommended method
> that I should follow. Providing individual webapps folder to all
> tomcat instances would be a waste of storage space for our project as
> our application warsize is large. I have searched the internet and
> found nothing clarifying my point. Hence I though to post here and
> collect your vaild comments.

It is possible but not generally recommended.

Experience of shared network storage is that it is not 100% reliable. If
the Tomcat server's connection to the shared server drops, then all the
applications will be undeployed on that Tomcat instance.

Reliable network storage is available but it is generally significantly
more expensive to purchase and even more expensive to maintain than
simply buying a few TB of local disk storage for each Tomcat instance.

Other factors to bear in mind:
- running from a WAR is slower than running from an unpacked directory
- you can't have multiple Tomcat instances unpacking WARs into the same
  shared storage
- your options are:
  1) Run web apps from WARs on shared storage (slow plus see above)
  2) Run web apps from unpacked diretcories on shared storage
 (see above)
  3) Have the web apps in shares storage but have each Tomcat instance
 unpack them to local disk (may as well use local disk in the first
 place)

> 2. Deploying a patched/updated web application to the current live
> production tomcat server should require least deployment time. For us,
> it takes too long to update the web application war file on most of
> our servers. Hence we have to shutdown the server, update the new war
> file and then starts up tomcat. Is there any best practices that I
> should follow so that I can reduce the deployment time to minimum.

Parallel deployment should help with that.

http://tomcat.apache.org/tomcat-9.0-doc/config/context.html

Roughly it works like this:

- deploy app##001.war
- users get directed to version 001
- deploy app##002.war
- once that web application starts any new users (i.e. new HTTP
  sessions) will be directed to version 002. Users with sessions in
  version 001 will continue to be directed to version 001.
- undeploy version 001 once all the sessions have expired (Tomcat can do
  this for you automatically)
- repeat for app##003.war, app##004.war etc

It also works in a cluster.

HTH,

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Hanging requests with nio2/openssl connector

[Rémy Maucherat]

On Wed, Jan 16, 2019 at 1:53 PM Roger Brechbühl 
wrote:

> Hello,
>
> When using Nio2 connector with OpenSSL we sometimes had hanging requests
> which finally ended in a timeout. This behaviour was not reproducable with
> single requests (e.g. via Browser, with curl etc) but while doing some
> research we were able to find a pattern and could reproduce this with some
> tools/software [5]:
>
> Pattern: first request ok, all other were hanging until timeout
>
> Gatling Performance-Tool with activated http client sharing (which is
> default) [3]
> => with using disableClientSharing we could get around it.
>
> When using Nginx as a proxy between client and Tomcat, with activated
> ssl_session_reuse [4].
> => setting proxy_ssl_session_reuse to off, no hanging requests.
>
> When using HAProxy (we were not able to configure to make it work)
>
> As it always works with other connector configurations (NIO/OpenSSL and
> APR/OpenSSL) we assume that the problem must be in Tomcat/Nio2/OpenSSL
> implementation related to ssl session reuse.


There are relevant changes in newer Tomcat releases regarding some harder
to reproduce OpenSSL problems.
Also, although the proxies probably use HTTP/1.1 and it may not be
relevant, APR and NIO2 have HTTP/2 ALPN enabled while NIO does not.

Rémy

Hanging requests with nio2/openssl connector

[Roger Brechbühl]

Hello,

When using Nio2 connector with OpenSSL we sometimes had hanging requests
which finally ended in a timeout. This behaviour was not reproducable with
single requests (e.g. via Browser, with curl etc) but while doing some
research we were able to find a pattern and could reproduce this with some
tools/software [5]:

Pattern: first request ok, all other were hanging until timeout

Gatling Performance-Tool with activated http client sharing (which is
default) [3]
=> with using disableClientSharing we could get around it.

When using Nginx as a proxy between client and Tomcat, with activated
ssl_session_reuse [4].
=> setting proxy_ssl_session_reuse to off, no hanging requests.

When using HAProxy (we were not able to configure to make it work)

As it always works with other connector configurations (NIO/OpenSSL and
APR/OpenSSL) we assume that the problem must be in Tomcat/Nio2/OpenSSL
implementation related to ssl session reuse.
Considering the fact that nobody else in the world mentioned this problem
we also accept when we broke something in our environment, but at the
moment we don't know what we could do.
Currently it's not mission criticial for us but I'm still curious what
could be wrong.

Any hint is appreciated.

Kind regards,
Roger


[1] Versions
Tomcat 8.5.34
Tomcat Native  1.2.18
APR1.6.3
RedHatLinux7.5
OpenSSL1.0.2p
Java   1.8.0_192

[2] Tomcat startup log
see attachment

[3] Reference and test example for Gatling
Documentation: https://gatling.io/docs/2.3/http/http_protocol/

  val httpProtocol = http
.baseURL("https://tomcat:7073";)
.inferHtmlResources()
.acceptHeader("*/*")
.userAgentHeader("curl/7.49.1")
//.disableClientSharing

[4] Nginx proxy configuration
  location /nio2 {
proxy_pass https://tomcat7073/;
proxy_ssl_session_reuse on/off;
  }

[5] Ouptput of test programm (doing two requests with curl via nginx proxy,
e.g. curl http://nginx.loc/nio2/tomcat85/simpleServlet)

NIO: testing http://nginx.loc/nio/tomcat85/simpleServlet
1st request: https-openssl-nio-XXX.XX.XXX.X-7071-exec-7 simpleservlet
2nd request: https-openssl-nio-XXX.XX.XXX.X-7071-exec-9 simpleservlet

APR: testing http://nginx.loc/apr/tomcat85/simpleServlet
1st request: https-openssl-apr-XXX.XX.XXX.X-7075-exec-7 simpleservlet
2nd request: https-openssl-apr-XXX.XX.XXX.X-7075-exec-8 simpleservlet

NIO2: testing http://nginx.loc/nio2/tomcat85/simpleServlet
1st request: https-openssl-nio2-XXX.XX.XXX.X-7073-exec-1 simpleservlet
2nd request: 502 Bad Gateway (from nginx)
16-Jan-2019 11:01:33.445 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log System property:   
java.runtime.name = Java(TM) SE Runtime Environment
16-Jan-2019 11:01:33.446 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log System property:   
java.runtime.version = 1.8.0_192-b12
16-Jan-2019 11:01:33.446 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log System property:   
java.specification.name = Java Platform API Specification
16-Jan-2019 11:01:33.446 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log System property:   
java.specification.vendor = Oracle Corporation
16-Jan-2019 11:01:33.446 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log System property:   
java.specification.version = 1.8
()
16-Jan-2019 11:01:33.453 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based 
Apache Tomcat Native library [1.2.18] using APR version [1.6.3].
16-Jan-2019 11:01:33.453 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: 
IPv6 [true], sendfile [true], accept filters [false], random [true].
16-Jan-2019 11:01:33.453 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL 
configuration: useAprConnector [true], useOpenSSL [true]
16-Jan-2019 11:01:33.457 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL 
successfully initialized [OpenSSL 1.0.2p  14 Aug 2018]
16-Jan-2019 11:01:33.697 INFO [main] org.apache.coyote.AbstractProtocol.init 
Initializing ProtocolHandler ["http-nio-XXX.XX.XXX.X-7070"]
16-Jan-2019 11:01:33.708 INFO [main] 
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared 
selector for servlet write/read
16-Jan-2019 11:01:33.714 INFO [main] org.apache.coyote.AbstractProtocol.init 
Initializing ProtocolHandler ["https-openssl-nio-XXX.XX.XXX.X-7071"]
16-Jan-2019 11:01:33.923 INFO [main] 
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared 
selector for servlet write/read
16-Jan-2019 11:01:33.924 INFO [main] org.apache.coyote.AbstractProtocol.init 
Initializing ProtocolHandler ["http-nio2-XXX.XX.XXX.X-7072"]
16-Jan-2019 11:01:33.938 INFO [main] 
org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The 
["https-openssl-nio2-XXX.XX.XXX.X-7073"] connector has been configured to 
support negotia

After updating to Tomcat V7.0.78 from V7.0.54 JSP compilation fails due to 65535 bytes limit

[Rahul Singh]

Hi Tomcat Team,

Thanks for your always support and guidence !!

In one of the web application Tomcat is migrated from V7.0.54 to V7.0.78. After 
update one phenomena is reported regarding JSP file compilation at run time.


>From stack trace analysis it is evident that JSP to JAVA compilation is 
>surpassing the 65535 bytes limit.

After analysis we have found some solution, but we would like to knowin which 
version this chnage is introduced BW Tomcat 7.0.54 and Tomcat 7.0.78. If 
possible we would like to know what chnages has been done in tomcat that leads 
to this phenomena.

JFYI, Same JSP was succesfully executed and compiled in Tomcat 7.0.54. and no 
information is mentioned in chnagelogs and relase notes related to this 
phenomena.

Your eraly response is highly appriciated !!


Regards,

Rahul kumar Singh

Deployment issues with multiple instance of Tomcat sharing web-apps directory

[Vinu Vibhu Sobhana]

Hai,

Iam new to mailing list and I apologize in advance if this is not the
correct place..

Iam a system administrator and my development team creates application
in JAVA that are been hosted on tomcat web-servers. While hosting the
application, I was asked to explore the feasibility on the below
points

1. Can I have centralized web-apps directory for multiple tomcat
instances hosted on the same or different servers. ie tomcat1 running
on server1 and tomcat2 running on server2. Both servers are been
assigned a common storage folder (via NFS) named "webstore" which has
been mapped to both servers webapps directories. Now my query is upon
starting tomcat instances on both servers, I should receive a working
instance of my application on both servers.

Is this possible in any way or is there any other recommended method
that I should follow. Providing individual webapps folder to all
tomcat instances would be a waste of storage space for our project as
our application warsize is large. I have searched the internet and
found nothing clarifying my point. Hence I though to post here and
collect your vaild comments.

2. Deploying a patched/updated web application to the current live
production tomcat server should require least deployment time. For us,
it takes too long to update the web application war file on most of
our servers. Hence we have to shutdown the server, update the new war
file and then starts up tomcat. Is there any best practices that I
should follow so that I can reduce the deployment time to minimum.

-- 
Thank You

Best regards
Vinu Vibhu Sobhana

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to Disable / turn off the ETag header of Tomcat 7.0.92

[Ravi Kumar]

Hi Chris  & Mark,

This is what I am doing in my web.xml file:-


 NoEtagFilter
 com.tibco.administrator.TestETagFilter
 


 NoEtagFilter
 default>
 REQUEST
 FORWARD
 

I don't have any code snippet in place in my Servlet Filter .
Could you please suggest me further to disable this ETag header ?

Query no. 2:-  Is there any way to set

*Header unset EtagFileETag none*

in which of the Tomcat configuration file ? I am using Tomcat 7.0.92.

Please suggest .

Thanks,
Ravi


On Wed, Jan 16, 2019 at 2:18 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Ravi,
>
> On 1/15/19 09:41, Ravi Kumar wrote:
> > Please find my web.xml configuration file attached.
>
> I don't see anything configured that looks like it might be an
> "ignoreETagFilter". Did you configure it somewhere else?
>
> - -chris
>
> > On Tue, Jan 15, 2019 at 7:44 PM Christopher Schultz
> >  > > wrote:
> >
> > Mark,
> >
> > On 1/15/19 06:12, Mark Thomas wrote:
> >> On 15/01/2019 10:43, Ravi Kumar wrote:
> >>> Hi All,
> >>>
> >>> I am facing an issue. It is kind of Security issue as Tomcat's
> >>> ETag header in Response header can reveal vital info.
> >
> >> What vital info? The ETag is constructed from the content length
> >> and the last modified date.
> >
> >>> We want to disable / turnoff this ETag header of Tomcat
> >>> webserver. Referred this link :-
> >>> https://serverfault.com/questions/232763/how-to-disable-etag-headers
> - -
> >
> >>>
> in-tomcat
> >  in-tomcat
> 
> >
> >>>
> >>>
> >
> >
> but couldn't get success to disable this ETag.
> >>>
> >>> Appreciate your help !
> >
> >> The approached described in that link won't work if the response
> >> is sufficiently large that the response has already been
> >> committed. You'd need to wrap the response, override
> >> setHeader(String, String) and NO-OP and calls that try to set the
> >> "ETag" header.
> >
> > That's what Tim's SO answer suggests.
> >
> > Ravi, I suspect that you haven't mapped the filter to your servlet
> > correctly. Can you post your configuration for your ,
> > , and the URL you are trying to request?
> >
> > -chris
> >
> > -
> >
> >
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >  For additional
> > commands, e-mail: users-h...@tomcat.apache.org
> > 
> >
> >
> >
> > -
> >
> >
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlw+RyYACgkQHPApP6U8
> pFjJrw//Sb1Y/Y6HXu5UQJLxtcacZgHI9jbXHcJFLVJmd//WmqQlmiGpWQ69NlgI
> /d8R2DU934DDWAihRhKAl054VNILvYG52yhyUHBYmAdB6z1Y/xAmSdIgM3YCS5e+
> NAaZXexrZKllWe9KUII00iaMfp+fP/kEH3v0nY7qrdKg3LELaM/wjgLtdrXcvjFP
> 4VQOeSRt6AnXOfUiyOTRXOwhe9S28vM3lZwv98da4+iwor8X2HJgIXwIScnu/Nxc
> 6EMrNMwgR2htsR92a31vDf2R111BaajrLgIBN7jzdEQlcFxwU4/SrS50Ha4NWEYB
> C39t8Bvymrdmqn9+WXm4ht9JX8872BqXH8G0zhMxqufRYZ+zWru7FKSxWI0d2QJ/
> QdUUH11GgEfueYM+sGUQRbQ6hlWAILPCTqAz7ClrNRzdJAbxpTmwOzuyGyTzQ4Ew
> cvSQCNxWkF9Cu1R+lPyEf3A7SIJmrEBeoD6RNKrn+kxOcgDuHCYqL3/7CjHiV6UX
> upI3D7bqYAhR5hpa+7G6YoaFx2MeotYoUVwKy2L7B+kiUVN/8vJwVNEOhHziDDw/
> JOg07wifi31GnJ1L+i/4aCNCx9uCxT+IHz+5ZfHE7rheaJY/Q2BAYtzpzf36J/QS
> nOiM7Mz6CH7FdXOjSVlWHcLwBR2dJISh9O7esYHW5h5FaFKtdHo=
> =4WKz
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat 8.5 Error related to Encoding Detector

[prasoon sharma]

Hi
Please check version details
Server version: Apache Tomcat/8.5.37
Server built:   Dec 12 2018 12:07:02 UTC
Server number:  8.5.37.0
OS Name:Linux
OS Version: 2.6.32-754.9.1.el6.x86_64
Architecture:   amd64
JVM Version:1.8.0_191-b12
JVM Vendor: Oracle Corporation
CENTOS 6.10 kvm [server]
There are no web apps deployed.
Host manager itself is not getting opened




On Wed, Jan 16, 2019 at 2:59 AM Mark Thomas  wrote:

> On 15/01/2019 12:31, prasoon sharma wrote:
> > Hi
> > I used the tutorial at
> >
> https://www.rosehosting.com/blog/how-to-install-tomcat-8-on-a-centos-6-vps/
> and
> > some tips from
> >
> https://www.openprogrammer.info/2015/06/14/how-to-install-java-8-and-tomcat-8-on-centos-6-as-service/
> > I have configured it at 8081 port
>
> Which Tomcat version did you install?
>
> Are you sure the download was not corrupted?
>
> Does the manifest of $CATALINA_HOME/lib/jasper.jar show the same version?
>
> Does your web application include any Tomcat JARs in WEB-INF/lib?
>
> Mark
>
> >
> >
> > On Tue, Jan 15, 2019 at 4:14 PM Mark Thomas  wrote:
> >
> >> On 15/01/2019 10:33, prasoon sharma wrote:
> >>> Hi
> >>> I am facing issue with Tomcat 8.5 on my Centos Server.
> >>>
> >>> I am getting HTTP 500 error as
> >>>
> >>> javax.servlet.ServletException: java.lang.NoClassDefFoundError: Could
> >>> not initialize class org.apache.jasper.compiler.EncodingDetector
> >>>
> >>>
> >>> Check the detailed description at
> >>>
> >>
> https://stackoverflow.com/questions/54076418/java-lang-noclassdeffounderror-could-not-initialize-class-org-apache-jasper-com
> >>
> >> What steps did you take to install Apache Tomcat?
> >>
> >> Mark
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>