Re: Queries related to Tomcat Web Servers for which a new web-application needs to deployed on Production Environment
Hai Mark,
Please find my comments on the reply sent earlier as some points are
still remain unclear.
> I have been assigned a new project that requires a web application to
> be hosted using Tomcat-Cluster, as it is expected to receive high
> traffic.
High traffic may be a justification for load-balancing. It is not a
justification for session replication.
>>> Since we would be receiving high traffic it was decided to go with multiple
>>> instances of tomcat using a load-balancer.
Why 2 instances per VM rather than one larger instance per VM?
>>> So for this point it is understood that it is best that we put only one
>>> instance per VM (with large hardware resource). Iam I correct. Will the
>>> same scenario be applicable while using physical machine. ie one Tomcat
>>> instance per machine. What about the resource limitation (ie. any memory
>>> allocation pool for a JVM, etc.) required that must be noted.
> Point 1
Don't use any clustering at all.
>>> This point was not clear at all. Are you suggesting that we configure
>>> Tomcat instances without cluster and configure the load balancer with
>>> session management and stickiness features to manage sessions??
> Point 2
N/A since clustering is not required.
>>> If clustering is required for other scenarios, then please comment on this
>>> point how should we deploy applications using Tomcat Manager App on
>>> FarmWarDeployer folder
> Point 3
No.
>>> This means that there is mo method to collect the errors for individual
>>> domain when VirtualHost element is enabled. If there is any work-around
>>> please suggest. Also will the catalina.out log contains errors for these
>>> VirtualHost element?
> Point 8
Configure the load-balancer to use sticky sessions. You'll need to do
that anyway if clustering is removed.
>>> With respect to my project specification mentioned in point 8, you have
>>> suggested to go with a load-balancer serving 2 tomcat instances, each
>>> running on two separate VMs with enough resources. Moreover, these tomcat
>>> instances are NOT to be in Clustered State and the session must be managed
>>> by an external Load-balancer using Stick bit mode enable. Is it correct?.
>>> Is Tomcat CPU intrinsic or Memory?
--
Thank You
Vinu VS
On Mon, Jan 28, 2019 at 3:00 PM Mark Thomas wrote:
>
> On 28/01/2019 07:25, Vinu Vibhu Sobhana wrote:
> > Hai
> >
> > First of all Iam new to Tomcat-Cluster and hence I apologize if my
> > doubts are wrong.
> >
> > I have been assigned a new project that requires a web application to
> > be hosted using Tomcat-Cluster, as it is expected to receive high
> > traffic.
>
> High traffic may be a justification for load-balancing. It is not a
> justification for session replication.
>
> > So, I have configured a Tomcat-Cluster with 4 Tomcat
> > instances (ie 2 - Tomcat instances running on 2 VMs each), where they
> > shall receive hits its through a load-balancer. As I new to
> > Tomcat-Cluster, I have to clear some points before approving the
> > project to go on-line.
>
> Why 2 instances per VM rather than one larger instance per VM?
>
> >
> > My queries are :
> >
> > 1. The Clustering of Tomcat currently configured is using the Delta
> > Manger for managing session replications. Is it the correct choice or
> > should I go for Backup Manger or any third party session management
> > software such as memcache or redis.
>
> Don't use any clustering at all.
>
> > 2. While using Tomcat-Cluster, can we use/configure the Tomcat Manager
> > App to deploy applications on FarmWarDeployer folder or is there any
> > other method to do so.
>
> N/A since clustering is not required.
>
> > 3. Virtual Host entry has been implemented for our project domain
> > "webportal.xyz.in" where only the access logs are getting logged to
> > "webportal.xyz.in_access_log". Is there any means by which I can
> > receive the error-logs also for this domain on a separate file.
>
> No.
>
> > 4. Is there any method to tune/tweak my current server.xml file so
> > that clustering method can be done globally rather than applying
> > individually on every Host entry with different ports.
>
> No. Each instance needs to be configured individually. You can use
> templating. With careful configuration you can have a commons server.xml
> with ${...} property replacement for all the instance specific settings
> that are then configured in catalina.properties
>
> > 5. How to enable SSL for Tomcat-Cluster. Should I need to install SSL
> > Certificates on all 4 tomcat instances or only on the Load-balancer.
>
> Either works. The right solution depends on your security requirements.
> Note: If you terminate TLS at the load-balancer you need to be very
> careful to make sure that the Tomcat instances are able to determine
> which requests were received over TLS and which were not else you are
> likely to have a bunch of security holes - mainly around cookie/session
> handling.
>
> > 6. What all parameters needs to be checked/considered
Eclipse freezes with Tomcat using request-character-encoding
We have a huge problem with Eclipse trying to simply handle Unicode characters in form submissions with Tomcat. As we discussed in a separate thread, a modern browser will submit `application/x-www-form-urlencoded` forms with octects encoded from UTF-8 bytes (as it should as per HTML5), but the outdated Java Servlet 4 specification requires the servlet container to interpret the octects as ISO-8859-1 bytes. The Servlet 4 mandated way to work around this is to add the following to the `WEB-INF/web.xml` file. (See https://stackoverflow.com/a/54098750/421049 if you need to refresh your memory.) UTF-8 Basically if we don't do that, _the page will be broken, the submission will not be HTML5 compliant, and content will be corrupted_! That's pretty bad, in my opinion. Unfortunately adding the above line to `WEB-INF/web.xml` seems to completely freeze Eclipse and generate a lot of errors. I won't include the whole stack trace here, but it stems from: org.eclipse.emf.ecore.xmi.FeatureNotFoundException: Feature 'request-character-encoding' not found. I've filed [Eclipse Bug 543377](https://bugs.eclipse.org/bugs/show_bug.cgi?id=543377), but they are ignoring it. If anyone could contact someone at Eclipse and relate to them the importance of this, I'd appreciate it. Garret P.S. Sometimes it boggles my mind that fundamental pieces of the web infrastructure completely break with anything but ASCII—in 2019! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Queries related to Tomcat Web Servers for which a new web-application needs to deployed on Production Environment
On 28/01/2019 07:25, Vinu Vibhu Sobhana wrote:
> Hai
>
> First of all Iam new to Tomcat-Cluster and hence I apologize if my
> doubts are wrong.
>
> I have been assigned a new project that requires a web application to
> be hosted using Tomcat-Cluster, as it is expected to receive high
> traffic.
High traffic may be a justification for load-balancing. It is not a
justification for session replication.
> So, I have configured a Tomcat-Cluster with 4 Tomcat
> instances (ie 2 - Tomcat instances running on 2 VMs each), where they
> shall receive hits its through a load-balancer. As I new to
> Tomcat-Cluster, I have to clear some points before approving the
> project to go on-line.
Why 2 instances per VM rather than one larger instance per VM?
>
> My queries are :
>
> 1. The Clustering of Tomcat currently configured is using the Delta
> Manger for managing session replications. Is it the correct choice or
> should I go for Backup Manger or any third party session management
> software such as memcache or redis.
Don't use any clustering at all.
> 2. While using Tomcat-Cluster, can we use/configure the Tomcat Manager
> App to deploy applications on FarmWarDeployer folder or is there any
> other method to do so.
N/A since clustering is not required.
> 3. Virtual Host entry has been implemented for our project domain
> "webportal.xyz.in" where only the access logs are getting logged to
> "webportal.xyz.in_access_log". Is there any means by which I can
> receive the error-logs also for this domain on a separate file.
No.
> 4. Is there any method to tune/tweak my current server.xml file so
> that clustering method can be done globally rather than applying
> individually on every Host entry with different ports.
No. Each instance needs to be configured individually. You can use
templating. With careful configuration you can have a commons server.xml
with ${...} property replacement for all the instance specific settings
that are then configured in catalina.properties
> 5. How to enable SSL for Tomcat-Cluster. Should I need to install SSL
> Certificates on all 4 tomcat instances or only on the Load-balancer.
Either works. The right solution depends on your security requirements.
Note: If you terminate TLS at the load-balancer you need to be very
careful to make sure that the Tomcat instances are able to determine
which requests were received over TLS and which were not else you are
likely to have a bunch of security holes - mainly around cookie/session
handling.
> 6. What all parameters needs to be checked/considered for tuning the
> Tomcat / Tomcat-Cluster instance while hosting any Project on
> Production environment.
All of them. Each application is unique. There is no "makeItFaster"
attribute.
> 7. Is there any service reload option present for tomcat, ie. similar
> to the one present in apache where the sessions doesn't get
> invalidated while tuning/updating the server config files.
Yes. It is enabled by default.
http://tomcat.apache.org/tomcat-9.0-doc/config/manager.html#Persistence_Across_Restarts
> 8. One of the issue noted was that one of the security feature
> implemented for this projects stopped working while moving to
> Tomcat-Cluster environment.
>
> Our application uses java spring mvc
> "4.3.5.RELEASE,
> 4.2.0.RELEASE"
> where it is configured to allow only one time login for all users
> until their current login session expires or have been invalidated.
> ie. if multiple logins are done, only the last login will be active
> all the rest gets automatically logged-out. it was implemented for
> some customer security reasons. This was working fine while running on
> a single Tomcat instance. But while deploying on a Clustered instance
> it is not working unless if the same user logs into the same tomcat
> instance of the cluster. Is there any solution to this problem or
> should the developers needs to reconfigure the application to meets
> Tomcat-Clusters concepts.
Configure the load-balancer to use sticky sessions. You'll need to do
that anyway if clustering is removed.
Mark
>
> Please find the server.xml and context.xml for one of my Tomcat
> instances present in Cluster mentioned below.
>
> server.xml
> #
>
>
>
>
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
> />
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
> />
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> />
>
>type="org.apache.catalina.UserDatabase" description="User database
> that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
>
>
>
>
>
>
> className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase" />
>
> autoDeploy="true">
>
> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
>
Re: 502 errors in Google Clod Platform Load Balancing with Tomcat Servers
On 25/01/2019 13:11, Abin Joseph wrote: > Hi Team, > > Our application is deployed in google cloud and the back end instances are > tomcat servers. Now our load balancer is returning 502 errors with status > details “backend-timeout” for some requests and it is impacting our > production in a huge way. The instances are healthy when the error occurs > and google cloud configurations seem to be fine. The server version is > apache-tomcat-8.0.30 and the operating system is Ubuntu 14.04.5 LTS. Tomcat 8.0.30 is 3+ years old with known security vulnerabilities and has been EOL for more than a year. > I am not sure whether we need to consider any tomcat specific settings or > parameters for scaling in GCP and to fix this issue. Any help on this is > highly appreciated. Providing your current Connector configuration and your load-balancing configuration would be a good place to start. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Sessions hanging around . . . apparently left by a health-check
On 25/01/2019 23:11, James H. H. Lampert wrote: > This is also about our clustered Tomcat 8 application running on Google > Cloud. > > The Report sub-cluster runs BIRT. And the default landing page is the > Eclipse BIRT viewer default landing page, the one that shows an Eclipse > logo, and says "BIRT viewer has been installed." > > I've got a health-check on that sub-cluster, that polls the default > landing page of ROOT periodically. Up until a few days ago, it was > polling it every 5 seconds; earlier this week, I cut it down to every 5 > minutes (the maximum); now I've got it at every 30 seconds. > > If I open the Manager context, I find that it shows (currently) around > 180 sessions for the ROOT context. When it was going every 5 minutes, it > was showing 18 sessions; when it was going every 5 seconds, it was up to > over a thousand. > > The other two sub-clusters don't have any dangling sessions from their > health-checks; why would this one? > > I'd like the sessions from all this health-check polling to expire a bit > more quickly; can anybody here suggest a way to accomplish that? http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Crawler_Session_Manager_Valve Set the crawler user agent and/or crawler IP appropriately so your load-balancer is treated as a web-crawler and all those health-checks will be associated with a single session. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
