Re: Can't get RemoteIpValve to work
Thanks, yes I think my problem never was with the RemoteIpValve, and the other project I copied configuration from actually didn't work despite me thinking it did ;) kr Leon On Wed, Mar 29, 2023 at 6:45 AM Mark Thomas wrote: > On 28/03/2023 21:08, Leon Rosenberg wrote: > > Sorry it took a little longer. Turns out that the actual RemoteIpValve > > works correctly, but the *Access Log Valve *doesn't. We were > > primarily looking into the localhost_access*logs, hence the confusion: > > > > Headers with RemoteIpValue on: > > header: host; value: api.myhost.com > > header: user-agent; value: PostmanRuntime/7.29.2 > > header: accept; value: */* > > header: postman-token; value: 16abea85-a8de-44d2-8885-c92e0eed7d9f > > header: accept-encoding; value: gzip, deflate, br > > header: cookie; value: JSESSIONID=5F8CF7FE92569665C1F1BD08FBEC3F22 > > header: x-forwarded-host; value: api.myhost.com > > header: x-forwarded-server; value: api.myhost.com > > header: connection; value: Keep-Alive > > > > remote host: 77.178.32.184 > > remote ip: 77.178.32.184 > > > > > > Headers with RemoteIpValue off: > > header: host; value: api.myhost.com > > header: user-agent; value: PostmanRuntime/7.29.2 > > header: accept; value: */* > > header: postman-token; value: a3e6b8cc-d2e2-45b7-86d7-2f0d4ce16c96 > > header: accept-encoding; value: gzip, deflate, br > > header: cookie; value: JSESSIONID=A76B5E16C7566DFFF764C43CF34742ED > > header: x-forwarded-for; value: 77.178.32.184 > > header: x-forwarded-host; value: api.myhost.com > > header: x-forwarded-server; value: api.myhost.com > > header: connection; value: Keep-Alive > > remote host: 10.138.0.3 > > remote ip: 10.138.0.3 > > > > > > however, the AccessLogValue, which is configured as: > > > > directory="logs" > > prefix="localhost_access_log" suffix=".txt" > > pattern="%{X-Forwarded-For}i %a %l %u %t %r > %s %b" /> > > > > Prints the local address as %a. We added %{X-Forwarded-For}i as > workaround, > > so it works for now, but I'd expect %a to print the 'real' ip address > > instead of the local one. Same config works on 8.5 interestingly enough. > > I think Konstantin mentioned this earlier in the thread. Look at the > requestAttributesEnabled attribute for the AccessLogValve > > https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Access_Log_Valve > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Can't get RemoteIpValve to work
Sorry it took a little longer. Turns out that the actual RemoteIpValve works correctly, but the *Access Log Valve *doesn't. We were primarily looking into the localhost_access*logs, hence the confusion: Headers with RemoteIpValue on: header: host; value: api.myhost.com header: user-agent; value: PostmanRuntime/7.29.2 header: accept; value: */* header: postman-token; value: 16abea85-a8de-44d2-8885-c92e0eed7d9f header: accept-encoding; value: gzip, deflate, br header: cookie; value: JSESSIONID=5F8CF7FE92569665C1F1BD08FBEC3F22 header: x-forwarded-host; value: api.myhost.com header: x-forwarded-server; value: api.myhost.com header: connection; value: Keep-Alive remote host: 77.178.32.184 remote ip: 77.178.32.184 Headers with RemoteIpValue off: header: host; value: api.myhost.com header: user-agent; value: PostmanRuntime/7.29.2 header: accept; value: */* header: postman-token; value: a3e6b8cc-d2e2-45b7-86d7-2f0d4ce16c96 header: accept-encoding; value: gzip, deflate, br header: cookie; value: JSESSIONID=A76B5E16C7566DFFF764C43CF34742ED header: x-forwarded-for; value: 77.178.32.184 header: x-forwarded-host; value: api.myhost.com header: x-forwarded-server; value: api.myhost.com header: connection; value: Keep-Alive remote host: 10.138.0.3 remote ip: 10.138.0.3 however, the AccessLogValue, which is configured as: Prints the local address as %a. We added %{X-Forwarded-For}i as workaround, so it works for now, but I'd expect %a to print the 'real' ip address instead of the local one. Same config works on 8.5 interestingly enough. Anyway, thanks for the help and sorry for the confusion. kr Leon On Fri, Mar 24, 2023 at 7:54 PM Mark Thomas wrote: > And if you dump out the headers and the value of > ServletRequest.getRemoteAddr() with (and without for completeness) the > RemoteIpValve ? > > Mark > > > On 24/03/2023 14:09, Leon Rosenberg wrote: > > Full log output (dumping out headers, without the valve): > > > > 6049752 2023-03-24 14:07:59,749 [http-apr-8080-exec-13] INFO > > n.a.c.extapi.ping.PingResource:38 - key: host; value: api.myhost.net > > 6049752 2023-03-24 14:07:59,749 [http-apr-8080-exec-13] INFO > > n.a.c.extapi.ping.PingResource:38 - key: user-agent; value: Wget/1.21.3 > > 6049754 2023-03-24 14:07:59,751 [http-apr-8080-exec-13] INFO > > n.a.c.extapi.ping.PingResource:38 - key: accept; value: */* > > 6049754 2023-03-24 14:07:59,751 [http-apr-8080-exec-13] INFO > > n.a.c.extapi.ping.PingResource:38 - key: accept-encoding; value: identity > > 6049755 2023-03-24 14:07:59,752 [http-apr-8080-exec-13] INFO > > n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-for; value: > > 217.110.113.178 > > 6049756 2023-03-24 14:07:59,753 [http-apr-8080-exec-13] INFO > > n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-host; value: > > api.myhost.net > > 6049757 2023-03-24 14:07:59,754 [http-apr-8080-exec-13] INFO > > n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-server; value: > > api.myhost.net > > 6049758 2023-03-24 14:07:59,755 [http-apr-8080-exec-13] INFO > > n.a.c.extapi.ping.PingResource:38 - key: connection; value: Keep-Alive > > > > > > 217.110.113.178 is my ip, so the value is correct. > > > > On Fri, Mar 24, 2023 at 3:07 PM Leon Rosenberg > > > wrote: > > > >> yeah, interestingly enough removing ipvalve and adding access log magic, > >> puts the X-Forwarded-For in the localhost_access.log ... but strange > >> nevertheless. > >> > >> On Fri, Mar 24, 2023 at 11:44 AM Mark Thomas wrote: > >> > >>> Maybe try commenting out the RemoteIpValve in Tomcat and retest so you > >>> can see exactly what headers Tomcat is seeing. Alternatively, since > this > >>> is over http, Wireshark or similar could help. > >>> > >>> Mark > >>> > >>> > >>> On 24/03/2023 10:29, Leon Rosenberg wrote: > >>>> Hi, > >>>> > >>>> we have following setup > >>>> apache 2.4 on a ubuntu host, in front of docker-container with tomcat9 > >>> (on > >>>> same host). > >>>> Connection is via apache mod_http/proxy. > >>>> > >>>> Internal IP of the host is 10.138.0.3 (where httpd and docker are > >>> running). > >>>> In localhost_access log we see always 10.138.0.3 address. If going > >>> through > >>>> port 8080 directly, without httpd, we see the correct IP-Address. > >>>> > >>>> We have added RemoteIpValve to server xml. > >>>> >>>> remoteIpHeader="X-Forwarded-For" > >>>> p
Re: Can't get RemoteIpValve to work
Full log output (dumping out headers, without the valve): 6049752 2023-03-24 14:07:59,749 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: host; value: api.myhost.net 6049752 2023-03-24 14:07:59,749 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: user-agent; value: Wget/1.21.3 6049754 2023-03-24 14:07:59,751 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: accept; value: */* 6049754 2023-03-24 14:07:59,751 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: accept-encoding; value: identity 6049755 2023-03-24 14:07:59,752 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-for; value: 217.110.113.178 6049756 2023-03-24 14:07:59,753 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-host; value: api.myhost.net 6049757 2023-03-24 14:07:59,754 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-server; value: api.myhost.net 6049758 2023-03-24 14:07:59,755 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: connection; value: Keep-Alive 217.110.113.178 is my ip, so the value is correct. On Fri, Mar 24, 2023 at 3:07 PM Leon Rosenberg wrote: > yeah, interestingly enough removing ipvalve and adding access log magic, > puts the X-Forwarded-For in the localhost_access.log ... but strange > nevertheless. > > On Fri, Mar 24, 2023 at 11:44 AM Mark Thomas wrote: > >> Maybe try commenting out the RemoteIpValve in Tomcat and retest so you >> can see exactly what headers Tomcat is seeing. Alternatively, since this >> is over http, Wireshark or similar could help. >> >> Mark >> >> >> On 24/03/2023 10:29, Leon Rosenberg wrote: >> > Hi, >> > >> > we have following setup >> > apache 2.4 on a ubuntu host, in front of docker-container with tomcat9 >> (on >> > same host). >> > Connection is via apache mod_http/proxy. >> > >> > Internal IP of the host is 10.138.0.3 (where httpd and docker are >> running). >> > In localhost_access log we see always 10.138.0.3 address. If going >> through >> > port 8080 directly, without httpd, we see the correct IP-Address. >> > >> > We have added RemoteIpValve to server xml. >> > > > remoteIpHeader="X-Forwarded-For" >> > protocolHeader="X-Forwarded-Proto" >> > internalProxies="10\.138\.0\.3"/> >> > >> > http config also has ProxyAddHeaders on, also I understand that to be >> > default anyway: >> >ProxyPass / http://10.138.0.3:8080/ >> >ProxyPassReverse / http://10.138.0.3:8080/ >> >ProxyErrorOverride Off >> >ProxyAddHeaders On >> > >> > Require all granted >> > ProxyAddHeaders On >> > >> > >> > When we print out all headers in a request, the X-Forwarded-For is >> missing, >> > so obviously tomcat does something with it, but doesn't trust the >> httpd? So >> > probably the line internalProxies="10\.138\.0\.3" is wrong, bug I can't >> get >> > my head around it. >> > >> > any help would be highly appreciated >> > kr >> > Leon >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>
Re: Can't get RemoteIpValve to work
yeah, interestingly enough removing ipvalve and adding access log magic, puts the X-Forwarded-For in the localhost_access.log ... but strange nevertheless. On Fri, Mar 24, 2023 at 11:44 AM Mark Thomas wrote: > Maybe try commenting out the RemoteIpValve in Tomcat and retest so you > can see exactly what headers Tomcat is seeing. Alternatively, since this > is over http, Wireshark or similar could help. > > Mark > > > On 24/03/2023 10:29, Leon Rosenberg wrote: > > Hi, > > > > we have following setup > > apache 2.4 on a ubuntu host, in front of docker-container with tomcat9 > (on > > same host). > > Connection is via apache mod_http/proxy. > > > > Internal IP of the host is 10.138.0.3 (where httpd and docker are > running). > > In localhost_access log we see always 10.138.0.3 address. If going > through > > port 8080 directly, without httpd, we see the correct IP-Address. > > > > We have added RemoteIpValve to server xml. > > > remoteIpHeader="X-Forwarded-For" > > protocolHeader="X-Forwarded-Proto" > > internalProxies="10\.138\.0\.3"/> > > > > http config also has ProxyAddHeaders on, also I understand that to be > > default anyway: > >ProxyPass / http://10.138.0.3:8080/ > >ProxyPassReverse / http://10.138.0.3:8080/ > >ProxyErrorOverride Off > >ProxyAddHeaders On > > > > Require all granted > > ProxyAddHeaders On > > > > > > When we print out all headers in a request, the X-Forwarded-For is > missing, > > so obviously tomcat does something with it, but doesn't trust the httpd? > So > > probably the line internalProxies="10\.138\.0\.3" is wrong, bug I can't > get > > my head around it. > > > > any help would be highly appreciated > > kr > > Leon > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Can't get RemoteIpValve to work
Hi Konstantin, Server version: Apache Tomcat/9.0.64 Server built: Jun 2 2022 19:08:46 UTC Server number: 9.0.64.0 OS Name:Linux OS Version: 5.4.0-1092-gcp Architecture: amd64 JVM Version:1.8.0_332-b09 JVM Vendor: Temurin kr Leon On Fri, Mar 24, 2023 at 1:17 PM Konstantin Kolinko wrote: > пт, 24 мар. 2023 г. в 13:30, Leon Rosenberg : > > > > Hi, > > > > we have following setup > > apache 2.4 on a ubuntu host, in front of docker-container with tomcat9 > (on > > same host). > > Connection is via apache mod_http/proxy. > > > > Internal IP of the host is 10.138.0.3 (where httpd and docker are > running). > > In localhost_access log we see always 10.138.0.3 address. > > Your version of Tomcat = ? > > If access log is all that you care about, you should note that the default > value > of requestAttributesEnabled attribute of AccessLogValve is false. > > > https://tomcat.apache.org/tomcat-10.1-doc/config/valve.html#Access_Log_Valve > > Best regards, > Konstantin Kolinko > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Can't get RemoteIpValve to work
Hi, we have following setup apache 2.4 on a ubuntu host, in front of docker-container with tomcat9 (on same host). Connection is via apache mod_http/proxy. Internal IP of the host is 10.138.0.3 (where httpd and docker are running). In localhost_access log we see always 10.138.0.3 address. If going through port 8080 directly, without httpd, we see the correct IP-Address. We have added RemoteIpValve to server xml. http config also has ProxyAddHeaders on, also I understand that to be default anyway: ProxyPass / http://10.138.0.3:8080/ ProxyPassReverse / http://10.138.0.3:8080/ ProxyErrorOverride Off ProxyAddHeaders On Require all granted ProxyAddHeaders On When we print out all headers in a request, the X-Forwarded-For is missing, so obviously tomcat does something with it, but doesn't trust the httpd? So probably the line internalProxies="10\.138\.0\.3" is wrong, bug I can't get my head around it. any help would be highly appreciated kr Leon
Re: Tomcat doesn't pick up RemoteIp from RemoteIpValve Configuration
and to add a quick note to that, the log-output when I am using trustedProxies is "skip" for nearly everything: 15-Jun-2021 00:22:09.543 FINE [ajp-nio-8013-exec-23] org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for request /api/v1/loginpixel/B:0BB57BE90B9C750FE773604354BF6E4D1920EF76D5500AE8673BD599D668983223A8666226FED1087E61D0E99A19F6EBEB8E64DB0BEE6BC3A5F20DCDC06FE4C27EFEE1B535C49367BCFB034E176AF8E40EE0A43F54C1D0D4DEFAAE38C9C2426DD6E585F2A7548076C577D291011712E3BDEEE4D8DCBAE7D5B7A144B0B06011E9 with originalRemoteAddr '198.41.242.13' 15-Jun-2021 00:22:09.544 FINE [ajp-nio-8013-exec-7] org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for request /photos/b/EA01F2D2BB616202A4F4A55E650D684D/300/ with originalRemoteAddr '198.41.242.13' 15-Jun-2021 00:22:09.544 FINE [ajp-nio-8013-exec-9] org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for request /photos/d/1390B1ED751C81B39B21785D818F4570/300/ with originalRemoteAddr '198.41.242.13' 15-Jun-2021 00:22:09.544 FINE [ajp-nio-8013-exec-18] org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for request /static-int/js/extRegUpdatePassword.js with originalRemoteAddr '198.41.242.13' 15-Jun-2021 00:22:09.547 FINE [ajp-nio-8013-exec-15] org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for request /static-int/js/websocket/websocket.js with originalRemoteAddr '198.41.242.49' 15-Jun-2021 00:22:09.544 FINE [ajp-nio-8013-exec-16] org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for request /photos/d/531BD3EA43EC8662E9BA9967689AEEBC/300/ with originalRemoteAddr '198.41.242.13' 15-Jun-2021 00:22:09.548 FINE [ajp-nio-8013-exec-12] org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for request /static-int/img/avatars/no_avatar_woman_1_lg.png with originalRemoteAddr '198.41.242.73' 15-Jun-2021 00:22:09.549 FINE [ajp-nio-8013-exec-6] org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for request /static-int/img/avatars/no_avatar_woman_4_lg.png with originalRemoteAddr '198.41.242.119' 15-Jun-2021 00:22:09.640 FINE [ajp-nio-8013-exec-24] org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for request /static-int/img/avatars/no_avatar_woman_5_lg.png with originalRemoteAddr '198.41.242.153' 15-Jun-2021 00:22:09.651 FINE [ajp-nio-8013-exec-3] org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for request /static-ext/firebase/firebase-messaging.js.map with originalRemoteAddr '198.41.242.13' 15-Jun-2021 00:22:09.666 FINE [ajp-nio-8013-exec-8] org.apache.catalina.valves.RemoteIpValve.invoke Skip RemoteIpValve for request /static-ext/firebase/firebase-app.js.map with originalRemoteAddr '198.41.242.13' On Tue, Jun 15, 2021 at 12:19 AM Leon Rosenberg wrote: > ok, quick update: it didn't work with 198\.41\..* or .* at first, but it > worked after I changed attribute name from trustedProxies to > internalProxies. > kr > Leon > > On Mon, Jun 14, 2021 at 11:52 PM Leon Rosenberg > wrote: > >> >> >> On Mon, Jun 14, 2021 at 10:57 PM Christopher Schultz < >> ch...@christopherschultz.net> wrote: >> >>> Leon, >>> >>> On 6/14/21 16:26, Leon Rosenberg wrote: >>> > Thanks for the response Mark, >>> > >>> > quick question, do I have to add all cloudflare ips? They kindof >>> > distributed along the world... Can I mark the thrustworthlyness by a >>> header >>> > instead? >>> > kr >>> > Leon >>> > >>> > On Mon, Jun 14, 2021 at 9:45 PM Mark Thomas wrote: >>> > >>> >> On 14/06/2021 17:01, Leon Rosenberg wrote: >>> >>> hi, >>> >>> I have a tomcat 8.5.15 behind an apache behind cloudflare. I am >>> trying to >>> >>> "see" the user's ip in my logs. When I print out the headers I see >>> that I >>> >>> have headers in the request >>> >>> CF-Connecting-IP >>> >>> and >>> >>> X-Forwarded-For >>> >>> with real user's up, say 93.72.251.122. But when I make a request to >>> >>> request.getRemoteAddr() it returns 162.158.103.188 which is >>> cloudflare's >>> >>> ip address, not the real one. >>> >>> I added to the server.xml the remoteipvalue in different >>> configuration >>> >> und >>> >>> "Host", i.e.: >>> >>>>> >>> remoteIpHeader="x-forwarded-for" >>> >>> protocolHeader="x-forwarded-proto" >>> >>> /> >>> >>> >>> >>>>> >>> remoteIpHeader="X-Forwarded-For"
Re: Tomcat doesn't pick up RemoteIp from RemoteIpValve Configuration
ok, quick update: it didn't work with 198\.41\..* or .* at first, but it worked after I changed attribute name from trustedProxies to internalProxies. kr Leon On Mon, Jun 14, 2021 at 11:52 PM Leon Rosenberg wrote: > > > On Mon, Jun 14, 2021 at 10:57 PM Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> Leon, >> >> On 6/14/21 16:26, Leon Rosenberg wrote: >> > Thanks for the response Mark, >> > >> > quick question, do I have to add all cloudflare ips? They kindof >> > distributed along the world... Can I mark the thrustworthlyness by a >> header >> > instead? >> > kr >> > Leon >> > >> > On Mon, Jun 14, 2021 at 9:45 PM Mark Thomas wrote: >> > >> >> On 14/06/2021 17:01, Leon Rosenberg wrote: >> >>> hi, >> >>> I have a tomcat 8.5.15 behind an apache behind cloudflare. I am >> trying to >> >>> "see" the user's ip in my logs. When I print out the headers I see >> that I >> >>> have headers in the request >> >>> CF-Connecting-IP >> >>> and >> >>> X-Forwarded-For >> >>> with real user's up, say 93.72.251.122. But when I make a request to >> >>> request.getRemoteAddr() it returns 162.158.103.188 which is >> cloudflare's >> >>> ip address, not the real one. >> >>> I added to the server.xml the remoteipvalue in different configuration >> >> und >> >>> "Host", i.e.: >> >>>> >>> remoteIpHeader="x-forwarded-for" >> >>> protocolHeader="x-forwarded-proto" >> >>> /> >> >>> >> >>>> >>> remoteIpHeader="X-Forwarded-For" >> >>> protocolHeader="X-Forwarded-Proto" >> >>> /> >> >>> >> >>> or assuming for defaults: >> >>>> >>> /> >> >>> >> >>> or even: >> >>>> >>> remoteIpHeader="CF-Connecting-IP" >> >>> /> >> >>> >> >>> but none of them give me the getRemoteAddr properly. Is there a trick >> to >> >>> this configuration? >> >> >> >> You need to tell Tomcat that 162.158.103.188 is trusted. Setting >> >> trustedProxies="162\.158.103\.188" should do the trick. >> >> >> >> There is debug logging in that Valve so you can set >> >> >> >> org.apache.catalina.valves.RemoteIpValve.level=FINE >> >> >> >> in $CATALINA_BASE/conf/logging.properties to get debug logging which >> >> should help you see what is going on. >> >> >> >> Mark >> >> trustedProxies=".*" ?? >> >> > Hi Chris, > > >> What happens if someone connects to your origin server directly? Would >> you trust an X-Forwarded-For header from them? >> > > That's an excellent question, Chris! I don't know the answer yet, the only > thing we need the ip for is to have something in case of payment-fraud, and > since you can't get any physical goods on this site I guess it would be ok > to trust it. > kr > leon > > >> >> -chris >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>
Re: Tomcat doesn't pick up RemoteIp from RemoteIpValve Configuration
On Mon, Jun 14, 2021 at 10:57 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Leon, > > On 6/14/21 16:26, Leon Rosenberg wrote: > > Thanks for the response Mark, > > > > quick question, do I have to add all cloudflare ips? They kindof > > distributed along the world... Can I mark the thrustworthlyness by a > header > > instead? > > kr > > Leon > > > > On Mon, Jun 14, 2021 at 9:45 PM Mark Thomas wrote: > > > >> On 14/06/2021 17:01, Leon Rosenberg wrote: > >>> hi, > >>> I have a tomcat 8.5.15 behind an apache behind cloudflare. I am trying > to > >>> "see" the user's ip in my logs. When I print out the headers I see > that I > >>> have headers in the request > >>> CF-Connecting-IP > >>> and > >>> X-Forwarded-For > >>> with real user's up, say 93.72.251.122. But when I make a request to > >>> request.getRemoteAddr() it returns 162.158.103.188 which is > cloudflare's > >>> ip address, not the real one. > >>> I added to the server.xml the remoteipvalue in different configuration > >> und > >>> "Host", i.e.: > >>> >>> remoteIpHeader="x-forwarded-for" > >>> protocolHeader="x-forwarded-proto" > >>> /> > >>> > >>> >>> remoteIpHeader="X-Forwarded-For" > >>> protocolHeader="X-Forwarded-Proto" > >>> /> > >>> > >>> or assuming for defaults: > >>> >>> /> > >>> > >>> or even: > >>> >>> remoteIpHeader="CF-Connecting-IP" > >>> /> > >>> > >>> but none of them give me the getRemoteAddr properly. Is there a trick > to > >>> this configuration? > >> > >> You need to tell Tomcat that 162.158.103.188 is trusted. Setting > >> trustedProxies="162\.158.103\.188" should do the trick. > >> > >> There is debug logging in that Valve so you can set > >> > >> org.apache.catalina.valves.RemoteIpValve.level=FINE > >> > >> in $CATALINA_BASE/conf/logging.properties to get debug logging which > >> should help you see what is going on. > >> > >> Mark > > trustedProxies=".*" ?? > > Hi Chris, > What happens if someone connects to your origin server directly? Would > you trust an X-Forwarded-For header from them? > That's an excellent question, Chris! I don't know the answer yet, the only thing we need the ip for is to have something in case of payment-fraud, and since you can't get any physical goods on this site I guess it would be ok to trust it. kr leon > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat doesn't pick up RemoteIp from RemoteIpValve Configuration
Thanks for the response Mark, quick question, do I have to add all cloudflare ips? They kindof distributed along the world... Can I mark the thrustworthlyness by a header instead? kr Leon On Mon, Jun 14, 2021 at 9:45 PM Mark Thomas wrote: > On 14/06/2021 17:01, Leon Rosenberg wrote: > > hi, > > I have a tomcat 8.5.15 behind an apache behind cloudflare. I am trying to > > "see" the user's ip in my logs. When I print out the headers I see that I > > have headers in the request > > CF-Connecting-IP > > and > > X-Forwarded-For > > with real user's up, say 93.72.251.122. But when I make a request to > > request.getRemoteAddr() it returns 162.158.103.188 which is cloudflare's > > ip address, not the real one. > > I added to the server.xml the remoteipvalue in different configuration > und > > "Host", i.e.: > >> remoteIpHeader="x-forwarded-for" > > protocolHeader="x-forwarded-proto" > > /> > > > >> remoteIpHeader="X-Forwarded-For" > > protocolHeader="X-Forwarded-Proto" > > /> > > > > or assuming for defaults: > >> /> > > > > or even: > >> remoteIpHeader="CF-Connecting-IP" > > /> > > > > but none of them give me the getRemoteAddr properly. Is there a trick to > > this configuration? > > You need to tell Tomcat that 162.158.103.188 is trusted. Setting > trustedProxies="162\.158.103\.188" should do the trick. > > There is debug logging in that Valve so you can set > > org.apache.catalina.valves.RemoteIpValve.level=FINE > > in $CATALINA_BASE/conf/logging.properties to get debug logging which > should help you see what is going on. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Tomcat doesn't pick up RemoteIp from RemoteIpValve Configuration
hi, I have a tomcat 8.5.15 behind an apache behind cloudflare. I am trying to "see" the user's ip in my logs. When I print out the headers I see that I have headers in the request CF-Connecting-IP and X-Forwarded-For with real user's up, say 93.72.251.122. But when I make a request to request.getRemoteAddr() it returns 162.158.103.188 which is cloudflare's ip address, not the real one. I added to the server.xml the remoteipvalue in different configuration und "Host", i.e.: or assuming for defaults: or even: but none of them give me the getRemoteAddr properly. Is there a trick to this configuration? kr Leon
Re: Tomcat Bandwidth Utilization Tool
MoSKito (http://www.moskito.org) does visualize the stats from GlobalRequestProcessor: http://burgershop-hamburg.demo.moskito.org/burgershop/moskito-inspect/mskShowProducer?pProducerId=GlobalRequestProcessor You can see the bytes sent/received from every connector. regards Leon On Fri, Aug 30, 2019 at 2:36 AM Michael Duffy wrote: > There is a " Bytes received: 0.00 MB Bytes sent: 12.03 MB" in the Tomcat > Manager; however, the received count does not change and the sent count > seems low. > > On Thu, Aug 29, 2019 at 7:09 PM Michael Duffy wrote: > > > Is there a simple tool that will show bandwidth utilization to and from > > the Tomcat server? > > > > I am looking for something that will provide an exact byte count of the > > TCP/IP packets. > > > > I would have thought this would be an easy find; however, after hours of > > Googling around I have not yet been successful. > > > > There are some options here: > > https://www.comparitech.com/net-admin/free-bandwidth-monitoring-tools/ > ,but > > none of them specifically mention integration with Tomcat. > > > > At the application level, if I just measure the byte flow into and out of > > my application, I will miss the bytes in the TCP/IP headers. > > > > Any suggestions would be greatly appreciated. > > > > Thx. > > > > Mike > > > > > > >
Re: [OT] Question about the longevity of Java ..
Hi John, personally I do not believe that this will ever happen, but for the sake of an argument lets assume someone finally builds the skynet and assigns to it the task to calculate PI with most precision. The skynet then takes over and diverts all resources in the universe to PI calculation (killing or enslaving all humans in the process) and calculates happily forever. In such a case it will most definitely come up with another means of communication as http, which is outdated even by human standards. This new communication protocol will be implemented by something, which can be called TomCat by coincidence, but will more likely be called something 0x234abe456d. So no, there is no place for tomcat in the future ai. As for your second question, tomcat to java is nothing close to what java is to C. Tomcat is one of trillions of programs written with the language, albeit a very useful and successful one. If you want something to be to java as java to c, that would be scala (or something new yet to arise). regards Leon On Mon, Mar 25, 2019 at 9:25 AM John Dale wrote: > Greetings; > > Generally speaking, how would folks feel about an AI taking over > programming roles (and eventually requirements authoring)? > > My deepest curiosity may be this - at some point in the future, will > AI use Tomcat as we do now, and does Tomcat get embedded deeply into > some AI subsystem as a wholly complete heuristic collection (note > lower case collection)? > > Or, does the low-level hardware finally climb its way up to Java, the > most expressive programming language known to mankind, and relegate > .NET, PHP, etc to their proper statio in life? > > Additionally, as such, in the future, when you buy your new computer > from Wal Mart, it is a matter of deciding which Java/Tomcat flavor you > want to have; I game, I porn, I database, I quilt, I skype, I like > turtles? > > Second to lastly, is Tomcat to Java as is Java to C? Will C > eventually harden to static state and service Java like a good wife? > Like .. a really good wife? > > I think these issues presently concern users of Java. > > Note: I have a B.A. in Philosophy with a Computer Science Minor, an MS > MIS with Concentration in Entrepreneurship. > > Lastly, if you are immune to contextually relevant humor, perhaps you > should reconsider that US H1B. > > Sincerely, > > John Dale, MS MIS/Entrepreneurship > > PS: Have a great week everyone. Think hard this week (that's what she > said). > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Number of tomcat downloads
A little background on the original question: we have some legal issues with a client, among other things, he claims that our code isn't documented well, because he run checkstyle on it, and it showed 6000 errors. My argumentation was that default checkstyle settings aren't telling anything about code quality (unless agreed upon upfront). I run checkstyle with default settings on tomcat code base and it showed 85.412 errors using sun code checks (yes, those from 1996). Most of them are like: AbstractFramedStreamSourceChannel this line produces multiple warnings, for example ',' not followed by a whitespace and such. if(attachments == null) - if not followed by a whitespace etc. Hence if such a mature product like tomcat (with 10.000.000 installations) contains 85412 errors and is considered well documented, he is using the wrong tool for the task. regards Leon On Tue, Feb 5, 2019 at 11:25 AM Leon Rosenberg wrote: > Thank you very much Igal, Marc and Emmanuel. > > regards > Leon > > On Tue, Feb 5, 2019 at 11:23 AM Emmanuel Bourg wrote: > >> Le 05/02/2019 à 00:48, Leon Rosenberg a écrit : >> >> > I vaguely remember Marc naming some figures for number of tomcat >> downloads >> > sofar, but I couldn't find anything in the state of the cat slides. >> > I checked on the website, but all I found was this: >> > >> > " Tomcat has been downloaded more than 10 million times: assuming even >> a 1% >> > production adoption rate results in more than 10 installations. " >> > But this is from 2014 and I assume there should be a better number by >> now. >> > >> > Anyone? Asking for a friend ;-) >> >> Some numbers, from Debian: >> >> >> https://qa.debian.org/popcon-graph.php?packages=tomcat9+tomcat8+tomcat7+tomcat6_installed=on_legend=on_ticks=on_date=_date=_date=_fmt=%25Y-%25m=1 >> >> around 2400 installations reported by popcon, rather stable over the >> years. >> >> From Ubuntu: >> >> https://popcon.ubuntu.com/by_inst >> >> tomcat6 15785 >> tomcat72122 >> tomcat8 117 >> >> And from Netcraft: >> >> >> https://news.netcraft.com/archives/2018/12/17/december-2018-web-server-survey.html >> >> Netcraft reported ~60 domains served by Tomcat. >> >> Emmanuel Bourg >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>
Re: Number of tomcat downloads
Thank you very much Igal, Marc and Emmanuel. regards Leon On Tue, Feb 5, 2019 at 11:23 AM Emmanuel Bourg wrote: > Le 05/02/2019 à 00:48, Leon Rosenberg a écrit : > > > I vaguely remember Marc naming some figures for number of tomcat > downloads > > sofar, but I couldn't find anything in the state of the cat slides. > > I checked on the website, but all I found was this: > > > > " Tomcat has been downloaded more than 10 million times: assuming even a > 1% > > production adoption rate results in more than 10 installations. " > > But this is from 2014 and I assume there should be a better number by > now. > > > > Anyone? Asking for a friend ;-) > > Some numbers, from Debian: > > > https://qa.debian.org/popcon-graph.php?packages=tomcat9+tomcat8+tomcat7+tomcat6_installed=on_legend=on_ticks=on_date=_date=_date=_fmt=%25Y-%25m=1 > > around 2400 installations reported by popcon, rather stable over the years. > > From Ubuntu: > > https://popcon.ubuntu.com/by_inst > > tomcat6 15785 > tomcat72122 > tomcat8 117 > > And from Netcraft: > > > https://news.netcraft.com/archives/2018/12/17/december-2018-web-server-survey.html > > Netcraft reported ~60 domains served by Tomcat. > > Emmanuel Bourg > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Number of tomcat downloads
Hi, I vaguely remember Marc naming some figures for number of tomcat downloads sofar, but I couldn't find anything in the state of the cat slides. I checked on the website, but all I found was this: " Tomcat has been downloaded more than 10 million times: assuming even a 1% production adoption rate results in more than 10 installations. " But this is from 2014 and I assume there should be a better number by now. Anyone? Asking for a friend ;-) regards Leon
[OT] Happy New Year
I wish a happy and sound new year to all of the tomcat family! See, Hear and Read all of you next year! Leon
Re: insufficient memory for the Java Runtime Environment to continue
You should provide at least Java version. Out of the blue you should have at least 2Gb for the OS, so if your server is having 16 Gb, your Xmx and MaxPermSize shouldn't be more then 14 G TOGETHER. Of course this only applies to versions of java below 1.8, because there is no permspace in modern jvms anymore (called metaspace now) and in this case this setting doesn't do anything. Still, you should reduce Xmx to 13 or less. Leon On Sat, Dec 22, 2018 at 1:35 PM Dhaval Jaiswal wrote: > I am facing issue of crashing JAVA process and log files attached for the > same. > > Server total RAM is 16 GB. > > catalina.sh having following setting. > export JAVA_MEM_OPTS="-Xms1g -Xmx15g -XX:MaxPermSize=1536m" > > Can some one help where could be the problem? Which threads are consuming > memory. How can i get rid out of this issue. > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Compression for Resources served through DefaultServlet
On Mon, Nov 26, 2018 at 10:27 PM Mark Thomas wrote: > On 26/11/2018 21:19, Leon Rosenberg wrote: > > Good time of the day, > > > > I am debugging bad page insights reported by google for a mobile versus > > desktop version of our site and I'm seeing that the static resources, > > served by the DefaultServlet (aka files) aren't compressed, versus to > > dynamic resources served by a servlet. > > Tomcat version in question 8.5.15 and 8.5.31 (tested on both) > > http://tomcat.apache.org/tomcat-8.5-doc/config/http.html > > Search for sendfile. > > ? > I thought sendfile is NIO only, this was probably the mistake. Thank you. Leon > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Compression for Resources served through DefaultServlet
Good time of the day, I am debugging bad page insights reported by google for a mobile versus desktop version of our site and I'm seeing that the static resources, served by the DefaultServlet (aka files) aren't compressed, versus to dynamic resources served by a servlet. Tomcat version in question 8.5.15 and 8.5.31 (tested on both) Connector setting: There is a loadbalancer in front of the connector, but its transparent, doesn't change anything. Now when I request a resource like this: https://www.mysite.com/rd/V-2.0.0-SNAPSHOT_2018-11-22T13:39:22,000/static-ext/bootstrap.css (where rd is mapping to a servlet) the result is shown in inspect tab of chrome as 18.K (obviously compressed) and the response headers indicate that the file is gziped: HTTP/1.1 200 Last-Modified: Tue, 31 Jul 02018 11:42:50 GMT Expires: Tue, 26 Nov 02019 21:15:04 GMT Content-Type: text/css Transfer-Encoding: chunked Content-Encoding: gzip Vary: Accept-Encoding Date: Mon, 26 Nov 2018 21:15:04 GMT If I make a request to a static file the file is not gziped: https://www.mysite.com/static-ext/css/bootstrap.css HTTP/1.1 200 Accept-Ranges: bytes ETag: W/"131194-1539850288000" Last-Modified: Thu, 18 Oct 2018 08:11:28 GMT Content-Type: text/css Content-Length: 131194 Date: Mon, 26 Nov 2018 20:53:37 GMT Are there any specific settings to the default servlet to enable it to support compression? Both files are css, hence they should be covered by default compression types. Are there any other settings to try? regards Leon
Re: Number of Web Applications in one Tomcat
Clearly one webapp per tomcat. Makes everything easier. Also, if your apps aren't really tiny, the memory overhead of tomcat is minimal compared to the advantages. Leon On Mon, Oct 29, 2018 at 9:00 AM Ahmed, Tarek wrote: > Hi all, > > TLDR? Do you deploy one web application per tomcat instance or several? > > --- > > The long story: > > I'd like to sound out your opinion regarding the number of web > applications deployed in one tomcat instance. The reason is, that at my > place of work the developers prefer one webapp per tomcat, the admins would > rather have as many webapps as possible in one tomcat instance (yeah, > that's devops at its finest ;-) ). As a developer I'm probably prejudiced, > but the argument goes as follows: > > > OPS (one tomcat, many webapps): > > - Saves memory (each tomcat has a memory footprint even without a web > application running) > > - Saves extra file systems for each tomcat (logs, tomcat installation, > temp directory) > > - Saves nagios monitoring configuration > > - Saves separate ports (security considerations) > > - Saves work distributing security patches > > > DEV (one webapp per tomcat) > > - Start-up time of "fat tomcats" multiplies, which leads to worsened > availablity (e.g., our fattest tomcat contains 32 web services. It takes 4 > minutes to start) > > - If one webapp goes haywire, it may crash the rest of them (OOM, no more > threads, etc.) > > - For bug fixes in one application, you may need to restart the complete > tomcat instance. Auto (re)deploy takes you only so far, since loaded > classes may not always be unloaded cleanly, threads not closed etc. This is > not always something that can be solved in your own code, third party > libraries may cause problems, too (we had some issues with quartz and > infinispan here). > > - If you ever need to profile your application in production, there is > much less noise when analysing heap, thread dumps, cpu usage etc. > > - I might even think there is some improved security if webapps are > isolated in several processes vs. being deployed in one VM (security > arguments always work well with OPS :-) ) > > > So, I want to get away from the one-tomcat-multiple-webapps scenario. One > thing I started doing to subvert this policy is using spring boot with > embedded tomcats which is cool in a lot of ways but not always feasible. > > What are your practices? Are there further pros and cons for one way or > the other? Thanks so much for any input, > > many greetings, > > tarek > > -- > Tarek Ahmed > Softwareentwicklung > > > DIMDI > Deutsches Institut für > Medizinische Dokumentation und Information > Waisenhausgasse 36-38a > 50676 Köln > > Tel.: +49 221 4724-268 > Fax: +49 221 4724-444 > tarek.ah...@dimdi.de > www.dimdi.de > > [image: tick] Das DIMDI unterstützt die Vereinbarkeit von Beruf und > Familie und ist entsprechend zertifiziert. > > > Das DIMDI ist ein Institut im Geschäftsbereich des Bundesministeriums für > Gesundheit (BMG). >
Re: Tomcat Binary Connector
Hey Anthony, your last comment seems to indicate that you disagree with tomcat being fixed requirement. Personally I feel opening a port and implementing all the protocol handling completely negates of advantages of having tomcat in your application. So maybe you should force a change in your requirements instead of undermining them, if you feel they are nonsense. That being said, if you need a binary protocol on top of http you might want to check grpc. I am not sure how well it works with tomcat, there might be issues, since they use netty for default. The advantage of grpc would be multi-language support, http2 features, and the convenience that no-one ever got fired for using google technology. regards Leon On Sat, Sep 22, 2018 at 2:49 AM anthony berglas wrote: > We would like to run a binary protocol in a Tomcat container, so that > binary sent to a specific port all ends up in a specific servlet. This is > not AJP, we do not want Tomcat itself to look at the bits, just pass them > through. > > So in Tomcat parlance we need a special Connector. > > Does such a thing exist or do we need to write it ourselves? > > Tomcat itself is a fixed requirement for the container architecture. Just > having a process listening on a port is not considered to be enterprisy > enough. > > Thanks, > > Anthony > > -- > > Dr Anthony Berglas, anth...@berglas.org Mobile: +61 4 4838 8874 > Just because it is possible to push twigs along the ground with ones nose > does not necessarily mean that that is the best way to collect firewood. >
Re: ApacheCon NA is in just under 3 weeks
I think that would be nice. Leon On Wed, Sep 5, 2018 at 12:40 PM Mark Thomas wrote: > All, > > ApacheCon North America starts in Montréal in just under three weeks. > There are 2 days of Tomcat content starting on the Monday. If you > haven't registered, now would be a good time to do so ;) > > The evening schedule is already looking pretty packed but Monday evening > has been set aside for project gatherings and there are still rooms > available. > > Thoughts on booking a room for a Tomcat related session? > > I've no firm thoughts on an agenda other than talk Tomcat stuff for an > hour or so followed by moving to the hotel bar / coffee shop / somewhere > with lots of comfy seats to continue chatting. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: [OT] What can prevent sessions from timeouting apart from real requests
Hi, actually the issue got resolved. The system in question wasn't tomcat but jboss (hence the offtopic) and in particular undertow. Undertow seems to have completely different session expiration handling than tomcat, they actually prolong expiration timestamp every time an attribute is accessed... Thanks for the insights! Leon On Mon, Aug 27, 2018 at 9:07 AM Jäkel, Guido wrote: > Dear Leon, > > I suggest to use the Tomcat Manager Application to investigate the session > data: > > * Use the Session Display (/manager/html/sessions?path=/foo) to take a > look on the different Timers (Creation Time, Last Accessed Time, Used Time, > Inactive Timemm,TTL) or even the session data > > * Use the Connector Scoreborads on the Server Status Display > (/manager/status) to detect stuck requests. I'm not sure if a stuck request > may prevent a session cleanup (especially of "other" sessions) > > Another approach may be to snapshot a memory dump and investigate the > session objects, e.g. with the Eclipse Memory Analyze Tool (aka MAT). > > Greetings > > Guido > > >-Original Message- > >From: Leon Rosenberg [mailto:rosenberg.l...@gmail.com] > >Sent: Friday, August 24, 2018 11:25 AM > >To: Tomcat Users List > >Subject: [OT] What can prevent sessions from timeouting apart from real > requests > > > >Hi, > > > >one of the systems we are consulting has encountered a strange problem. > The > >sessions will build up indefinitely but never expire. Then, at one point > >(at 02am in the night, 19K sessions would drop at once). > >Of course the simplest explanation would be that someone is actively > >requests something every 15 minutes (session timeout) keeping track of the > >JSESSIONID. We are trying to track this through the access_log and such. > >However, my question, is it possible to prevent session from timeouting by > >doing something stupid code-wise? Like storing a session in a hashmap > >somewhere, and accessing some attributes from time to time? My > >understanding was that the session timeout is solely dependent on incoming > >requests and handled by the container, but I was not 100% sure ;-) > > > >Thanks in advance > >Leon >
[OT] What can prevent sessions from timeouting apart from real requests
Hi, one of the systems we are consulting has encountered a strange problem. The sessions will build up indefinitely but never expire. Then, at one point (at 02am in the night, 19K sessions would drop at once). Of course the simplest explanation would be that someone is actively requests something every 15 minutes (session timeout) keeping track of the JSESSIONID. We are trying to track this through the access_log and such. However, my question, is it possible to prevent session from timeouting by doing something stupid code-wise? Like storing a session in a hashmap somewhere, and accessing some attributes from time to time? My understanding was that the session timeout is solely dependent on incoming requests and handled by the container, but I was not 100% sure ;-) Thanks in advance Leon
Re: Tomcat stop and start using bash script
use -force option bin/shutdown.sh -force regards Leon On Wed, Jun 27, 2018 at 5:51 PM dhanesh1212121212 wrote: > Hi All, > > Trying to stop and start tomcat in production using bash script for war > deployment. > > If tomcat not stopped properly then how we can kill the correct process and > make sure it's stopped correctly. > > Regards, > Dhanesh M. >
Re: tomcat 6 vulnerability scan default error page help
Hi Mark, I agree with you that the complaint about version number is rather a minor one, however, I've had the same situation as one of our projects had to pass through a PCI Compliance test, and this is what they really test for. regards Leon On Wed, May 2, 2018 at 9:42 PM, Mark Thomaswrote: > On 02/05/18 20:27, Berneburg, Cris J. - US wrote: > > We are getting dinged by a vulnerability scan for the default not-found > error page being returned by Tomcat for a Status 404. > > > > On my dev server when requesting an invalid URL, Tomcat returns a Status > 404 page that displays the Tomcat version. Right, I need to do something > about that. > > > > However, I can't find where the error-page for 404 is defined. It's not > defined in: > > - webapps/ROOT/WEB-INF/web.xml > > - conf/web.xml > > - conf/server.xml > > - conf/context.xml > > > > Also, I can't find a notFound or error page either. > > > > How do I get rid of or override the default error / 404 / not-found page > if I can't find it or where it is currently defined? Also, how is Tomcat > returning the default 404 error page if it does not exist? I hope it's not > hardcoded in a servlet response. > > > > FYI, we're going to remove the ROOT, docs, and examples folders to > mitigate other scan findings. > > > > And we're using Tomcat 6.0.37 (ahem). > > And you are worried about returning the version number? Have you seen > how many real security issues (as opposed to this version number > non-issue) there are in 6.0.37? I can't help but think your priorities > are all wrong. > > Hiding the version info is trivial > Create the following directory structure: > $CATALINA_HOME/lib/org/apache/catalina/util > > Download this file: > https://svn.apache.org/viewvc/tomcat/archive/tc6.0.x/trunk/ > java/org/apache/catalina/util/ServerInfo.properties? > revision=1803960=co > > Place it in that directory and modify the three properties to whatever > value you like. > > Restart Tomcat. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: tomcat 6 vulnerability scan default error page help
Hi Cris, try to add following to your web.xml 404 /error404.html regards Leon On Wed, May 2, 2018 at 9:27 PM, Berneburg, Cris J. - USwrote: > We are getting dinged by a vulnerability scan for the default not-found > error page being returned by Tomcat for a Status 404. > > On my dev server when requesting an invalid URL, Tomcat returns a Status > 404 page that displays the Tomcat version. Right, I need to do something > about that. > > However, I can't find where the error-page for 404 is defined. It's not > defined in: > - webapps/ROOT/WEB-INF/web.xml > - conf/web.xml > - conf/server.xml > - conf/context.xml > > Also, I can't find a notFound or error page either. > > How do I get rid of or override the default error / 404 / not-found page > if I can't find it or where it is currently defined? Also, how is Tomcat > returning the default 404 error page if it does not exist? I hope it's not > hardcoded in a servlet response. > > FYI, we're going to remove the ROOT, docs, and examples folders to > mitigate other scan findings. > > And we're using Tomcat 6.0.37 (ahem). > > -- > Cris Berneburg > CACI Lead Software Engineer > >
Re: [ANN] TomcatCon Schedules Announced
Hey Mark et al, I noticed that for the roadshow only the general track is published but not times for the single tracks... do you know any details? Also concerning the length of a talk, is it also 45 minutes? regards Leon On Mon, Apr 30, 2018 at 11:10 AM, Mark Thomaswrote: > All, > > I am delighted to announce the schedules are now available for: > > TomcatCon Berlin 13-14 June, 2018: > http://apachecon.com/euroadshow18/tomcat-schedule.html > > TomcatCon Montréal 24-25 September, 2018: > http://apachecon.dukecon.org/acna/2018/#/schedule/2018-09-24 > > Full details, including registration links are available on the Tomcat > website: > http://tomcat.apache.org/conference.html > > See you there! > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: WebApp Caching Broken
Hello, can you explain what you mean by 'caching' ? regards Leon On Mon, Mar 5, 2018 at 10:26 PM, Kenneth Taylor < kenneth.tay...@dataexpress.com> wrote: > We are having a serious problem with Tomcat (8.5). Twice it has decided > to PERMANENTLY cache one of our webapps. We are unable to update that > webapp. We’ve tried everything imaginable, short of uninstalling Tomcat, > which is the next step. > > > > Where is this cache and how do we turn it off? > > > > Why in the world would anyone want Tomcat to work this way? This is a > fatal flaw worthy of a Darwin Award. > > > > Frustrated. > > > > Ken > > > > Disclaimer: This email from DMBGroup LLC, DMB Consulting Services LLC, or > the personnel associated with either entity (collectively "*DMB*") and > attachments, contain *CONFIDENTIAL, PRIVILEGED AND PROPRIETARY *information > for exclusive use of the addressee individual(s) or entity. Unauthorized > viewing, copying, disclosure, distribution or use of this e-mail or > attachments may be subject to legal restriction or sanction. If received in > error, notify sender immediately by return e-mail and delete original > message and attachments. Nothing contained in this e-mail or attachments > shall satisfy the requirements for a writing unless specifically stated. > Nothing contained herein shall constitute a contract or electronic > signature under the Electronic Signatures in Global and National Commerce > Act, any version of the Uniform Electronic Transactions Act or any other > statute governing electronic transactions. Opinions and statements > expressed in this e-mail and any attachments are those of the individual > sender and not necessarily of DMB. DMB does not guarantee this e-mail > transmission is secured, error or virus-free. Neither DMB nor the sender of > this e-mail accepts liability for errors or omissions in the contents of > this e-mail, which arise as a result of e-mail transmission. . >
Re: Requests for Tomcat-related topics for ApacheCon North America (Montréal, 24-27 Sept 2018)
On Mon, Feb 26, 2018 at 4:07 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > All, > > The CFP is open through the end of March, so if anyone is interested > in giving a talk in Montréal, please don't be shy and sign-up. > > I've never known anyone's proposal to be declined, so don't feel as if > there is some kind of bar you have to clear to be considered. I bet, I know someone who'd be the first ;-) regards Leon
Re: GC allocation failure
On Mon, Jan 8, 2018 at 10:26 AM, Mark Thomaswrote: > On 08/01/18 15:16, Christopher Schultz wrote: > > > > >> Therefore, the first time that the GC runs, the process can take > >> longer. Also, the heap is more likely to be fragmented and require > >> a heap compaction. To avoid that, till now my strategy is to: - > >> Start application with the minimum heap size that application > >> requires - When the GC starts up, it runs frequently and > >> efficiently because the heap is small > > > > I think this is a reasonable expectation for someone who doesn't > > understand the Black Art of Garbage Collection, but I'm not sure it's > > actually true. I'm not claiming that I know any better than you do, > > but I suspect that the collector takes its parameters very seriously, > > and when you introduce artificial constraints (such as a smaller > > minimum heap size), the GC will attempt to respect those constraints. > > The reality is that those constraints are completely unnecessary; you > > have only imposed them because you think you know better than the GC > > algorithm. > > Generally, the more memory available, the more efficient GC is. The > general rule is you can optimise for any two of the following at the > expense of the third: > - low pause time > - high throughout > - low memory usage > > It has been a few years since I listened to the experts talk about it > but a good rule of thumb used to be that you should size your heap 3-5 > times bigger than the minimum heap used once the application memory > usages reaches steady state (i.e. the minimum value of the sawtooth on > the heap usage graph) > > Actually G1, which is very usable with java8 and default in jdk9, doesn't produce the sawtooth graph anymore. I also think the amount of memory has less influence on GC Performance in G1 or Shenandoah, but instead influence if they would perform a STW phase (which of course is also performance related, but differently). But I am not an expert either, so I might be wrong here. As for OP's original statement: "When the GC starts up, it runs frequently and efficiently because the heap is small", I don't think it is correct anymore, especially not for G1, as long as the object size is reasonable (not Humongous). Leon
Re: GC allocation failure
On Mon, Jan 8, 2018 at 10:16 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Suvendu, > > On 1/5/18 6:46 AM, Suvendu Sekhar Mondal wrote: > > I really never found any explanation behind this "initial=max" heap > > size theory until I saw your mail; although I see this type of > > configuration in most of the places. It will be awesome if you can > > tell more about benefits of this configuration. > > It's really just about saving the time it takes to resize the heap. > Because the JVM will never shrink the heap (at least not in any JVMs > I'm familiar with), a long-running server-side process will (likely) > eventually use all of the heap you allow it to use. Basically, memory > exists to be used, so why not use all of it immediately? > > > I usually do not set initial and max heap size to same value > > because garbage collection is delayed until the heap is full. > > The heap is divided into sections. The first heap to be GC'd after JVM > launch is likely to be the eden space which is relatively small, and > few objects will survive the GC operation (lots of temporary String > objects, etc. will die without being tenured). The only spaces that > take a "long" time to clean are the tenured generation and the (until > recently named/replaced) permanent generation (which isn't actually > permanent). Cleaning those spaces is long, but a GC to clean those > spaces should not happen for a long time after the JVM starts. > > Also, most collector algorithms/strategies have two separate types of > operation: a short/minor GC and a long/full GC. As long as short/minor > GC operations take place regularly, you should not experience > application-pauses while the heap is reorganized. > > Finally, application pauses are likely to be long if the entire heap > must be re-sized because then *everything* must be re-located. > > > Therefore, the first time that the GC runs, the process can take > > longer. Also, the heap is more likely to be fragmented and require > > a heap compaction. To avoid that, till now my strategy is to: - > > Start application with the minimum heap size that application > > requires - When the GC starts up, it runs frequently and > > efficiently because the heap is small > > I think this is a reasonable expectation for someone who doesn't > understand the Black Art of Garbage Collection, but I'm not sure it's > actually true. I'm not claiming that I know any better than you do, > but I suspect that the collector takes its parameters very seriously, > and when you introduce artificial constraints (such as a smaller > minimum heap size), the GC will attempt to respect those constraints. > The reality is that those constraints are completely unnecessary; you > have only imposed them because you think you know better than the GC > algorithm. > > > - When the heap is full of live objects, the GC compacts the heap. > > If sufficient garbage is still not recovered or any of the other > > conditions for heap expansion are met, the GC expands the heap. > > > > Another thing, what if I know the server load varies a lot(from 10s > > in night time to 1s during day time) during different time > > frame, does "initial=max heap" apply for that situation also? > > My position is that initial==heap is always the right recipe for a > server-side JVM, regardless of the load profile. Setting initial < max > may even cause an OOM at the OS level in the future if the memory is > over-committed (or, rather, WILL BE over-committed if/when the heap > must expand). > > > To add some 2 cents to what christoph said (which was a very correct explanation already), the only valid exception to the initial=heap rule in my eyes, is when you actually not sure how much memory your process will need. And if you have a bunch of microservices on one machine, you may want not to spend all the memory without need. So start a little bit lower but give room for expansion in case the process need it. For example I have a VM with 13 'small' JMVs on it. The difference between ms and mx would be about 5 GB. In this specific case I suppose it is ok, to provide different values at least for some time, and adjust later. However, reading gc logs or using tools like jclarity can help you find the proper pool size for your collector/jvm version/application better. Unless you release and change your memory usage pattern every week or so, in this case using xms!=xmx seems ok to me, as a safety net. regards Leon
[OT] JavaOne anyone?
Hi, is anyone from the list at the java1? regards Leon
Re: [ANN] Webinar: Tomcat and MoSKito
Thanks Mark! Leon > On 24. Aug 2017, at 15:36, Mark Thomas <ma...@apache.org> wrote: > > Final reminder - this will be starting in just over 20 minutes. > > Do join us if you can. > > Mark > > >> On 03/08/17 15:18, Mark Thomas wrote: >> All, >> >> The Tomcat community is hosting a webinar by Leon Rosenberg: >> >> Monitoring your tomcat web-application in production with MoSKito. Get >> full control of threads, memory and execution time usage of the JVM and >> your code. >> >> Topic: Tomcat and MoSKito >> Time: Aug 24, 2017 14:00 UTC >> 15:00 London, Dublin >> 16:00 Amsterdam, Berlin, Rome, Stockholm, Vienna >> >> Join from PC, Mac, Linux, iOS or Android: >> https://pivotal.zoom.us/j/949439493 >> >> The webinar will be recorded and the recording made available on the >> Tomcat YouTube channel shortly afterwards. >> >> Hope to see you there. >> >> Mark >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Where Tomcat webapp contexts live on Debian
On Tue, Aug 22, 2017 at 10:55 PM, Emmanuel Bourg <ebo...@apache.org> wrote: > On 08/16/2017 09:24 AM, Leon Rosenberg wrote: > > Debian has a long tradition of doing things in a very special way when it > > comes to java. Long enough they shipped GnuJ as standard JVM with a > debian > > distribution, a piece of garbage that wasn't able to start simplest of > java > > programs. > > GCJ has been superseded by OpenJDK a lng time ago as the default > Java runtime on Debian. > > > But there has been an as long tradition to reply to every question about > > tomcat behaviour on a specific distribution by suggesting to throw the > crap > > away and download the vanilla tomcat form the one and only legal source > ;-) > > (at least in the past, to which debian belongs). > > FWIW, there is now a Tomcat committer maintaining the Tomcat package in > Debian and controlling its quality. If you think there is something > crappy about the packaging feel free to send a mail to me or to the > debian-j...@lists.debian.org and I'll be happy to help. > Thank you. Mea culpa. My information seems outdated. Leon > > Emmanuel Bourg > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat server apparently bouncing up and down
Since you told the context is rather huge, have you checked gc times? A long running full gc can block the machine completely resulting in the up/down behaviour from outside. GC options depend on JVM version I use: export JAVA_OPTS="$JAVA_OPTS -XX:+DisableExplicitGC -verbose:GC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -Xloggc:logs/gc.log " alternatively moskito would also show you avg response times and gcs ;-) regards Leon On Fri, Aug 18, 2017 at 11:13 PM, James H. H. Lampert < jam...@touchtonecorp.com> wrote: > On 8/18/17, 1:41 PM, Christopher Schultz wrote: > > You say that you aren't running it as a service. How then are you >> running Tomcat? >> > > startup.sh and shutdown.sh from a command line. > > Just starting catalina.sh from the CLI directly? If >> you run it in the background, are you running it with nohup? If not, >> your console closing might be killing the Java process. Hmm... but you >> said that Tomcat does in fact shut down when you login and stop it. >> Probably not a SIGHUP killing the process. >> > > When it's unresponsive, it's apparently still running. But it's not just > our context that's unresponsive; manager is also unresponsive. And we run > with autodeploy disabled: aside from being a huge context that takes a > while to deploy, it's also one that often needs to be stopped, have > instance-specific values set in its web.inf, and then get restarted, before > it can function normally. > > If you stop Tomcat (when it's unresponsive), then re-start it, does it >> appear to work correctly right away, or do you need to do anything >> else to get it to work again? >> > > It opens up the port immediately, and serves a sign-on page for our webapp > as soon as it's had a chance to initialize. > > I looked in the latest localhost access log, and no sign of anything > suspicious there. > > -- > JHHL > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat memory
Fady, one thing, analyzing heap dumps is hard especially a 10GB dump, you will need at least 40 Gb of memory an about 10 hours to start jhat. What is fast is analyzing a histogram. A histogram is a list of all classes in your JVM and amount of memory they use. It is very easy to use: jmap -histo:live >outputfile the :live parameter is important, otherwise you will see dead objects as well. Keep in mind a major gc will be triggered. The output looks like this: num #instances #bytes class name -- 1: 98573 13165976 [C 2: 4376 11325928 [B 3: 965262316624 java.lang.String 4: 405221296704 java.util.HashMap$Node 5: 10954 807552 [Ljava.lang.Object; 6: 7494 781480 java.lang.Class 7: 6778 655464 [Ljava.util.HashMap$Node; ... 3103: 1 16 sun.util.locale.provider.TimeZoneNameUtility$TimeZoneNameGetter 3104: 1 16 sun.util.resources.LocaleData 3105: 1 16 sun.util.resources.LocaleData$LocaleDataResourceBundleControl Total456560 37330672 This won't point you to exact direction of memory leak or resource consumption, but you will see what classes are consuming memory. So if you find out that class foo.bar.XYZBean has 10.000.000 instances and occupies 2 gb of memory, you know where to look. Keep in mind that only memory directly used by a class is counted, so every string will appear twice, as string and as byte array. If you see that the used memory amount is growing, take multiple histograms, every 10 minutes or so and analyse the differences. I wrote a little script years ago for myself ( https://github.com/dvayanu/ldt/blob/c8b3c2b6f61de5c583db503f6fd5e2d8aa8b9aa0/java/ldt/histo/HistoDiffReader.java) that takes two histograms and prints out the differences. This way you can see if new instances of a specific class(es) are accumulated over time. In this case you have a memory leak. regards Leon On Thu, Aug 17, 2017 at 12:09 PM, André Warnier (tomcat)wrote: > On 17.08.2017 11:21, Fady Haikal wrote: > >> Team, >> Please i need some help her >> > > Maybe start here ? http://lmgtfy.com/?q=analyse+tomcat+heap+dump > > (and this looks like it might help you : > http://docs.oracle.com/javase/7/docs/technotes/tools/share/jhat.html) > > To restate the obvious : > - this list here is manned by volunteers, who donate their time trying to > help people who have problems with Tomcat, and who are doing their best, but > - the list works best with people who also help themselves > - we do not have access to your system, and we do not know your > applications > - we can only try to help, on the base of the information which you provide > - there are 3 (possible) components to your problem : > a) the Java JVM which runs Tomcat > b) Tomcat itself, which runs your applications > c) the applications themselves > Of these : > a) is controlled entirely by you, and is in fact the one which > ultimately uses all that memory (but we do not know why either). Below you > are showing the startup parameters of the JVM. They are not the default > settings. So where do these parameters come from, and do you understand > them ? (if you don't, you first need help with Java, not with Tomcat) > b) That is really the focus of this list. And we know that Tomcat, by > itself, does not use 60GB or 10GB of memory, nor anywhere near it > c) we know nothing about, but it is likely that it is something there, > which causes Tomcat (and Java) to use all that memory > And about (c), maybe it is normal that it/they use this gigantic amount of > memory. Maybe one of the applications allocates some gigantic array of data > over time. Maybe one of these applications is really badly programmed and > causes enormous "memory leaks". How would we know ? Are these your > applications ? If not, have you contacted the people responsible for these > applications, and described your problem to them ? > (because again, with 99& probability, that is where the problem is) > > Try to collect some more specific data, and when you have it, post it > here, and maybe someone will have an idea. But as it is, the only thing > known so far is that on your system, the Java JVM which runs tomcat is > using up a lot of memory, increasingly over time, and that it ends up > crashing with an OOM. > That is not enough information for us to be able to help you. > > If you are desperate and in a hurry, maybe you need first to find a Java > JVM specialist, who can help you poinpoint the problem more specifically. > > > > >> Regards, >> >> >> On Thu, Aug 17, 2017 at 9:46 AM, Fady Haikal >> wrote: >> >> @Suvendu, >>> I took a heap dump from Java VisualVM but honestly i didnt know how i >>> should analyse it, please some help here >>> >>> also please
Re: [OT] Re: Where Tomcat webapp contexts live on Debian
se, and even Windows). I do not remember why we initially chose > Debian as our main platform, but we now have some 40 servers with it. We > are "comfortable" with it (today as well as previously), we have no > particular problem with it, and it would be costly and time-consuming to > change to another main platform. Over time, we have learned how Debian (and > other platforms) install things and where, and we have documented it. Our > usage of Tomcat may be simple, but I cannot recall exactly how many years > ago we last had a Tomcat issue which had to do with how Debian installs it > on the disk. > Other people's mileage may vary, but I thought it was worth mentioning > this, to provide a balancing opinion. > > > > On 16.08.2017 09:24, Leon Rosenberg wrote: > >> Debian has a long tradition of doing things in a very special way when it >> comes to java. Long enough they shipped GnuJ as standard JVM with a debian >> distribution, a piece of garbage that wasn't able to start simplest of >> java >> programs. >> But there has been an as long tradition to reply to every question about >> tomcat behaviour on a specific distribution by suggesting to throw the >> crap >> away and download the vanilla tomcat form the one and only legal source >> ;-) >> (at least in the past, to which debian belongs). >> >> regards >> Leon >> >> On Wed, Aug 16, 2017 at 7:43 AM, Peter Kreuser <l...@kreuser.name> wrote: >> >> I'd assume the service that starts tomcat sets the bin-Dir, that contains >>> a setenv.sh, that has the CATALINA_HOME and BASE env-Varaibles, where you >>> find the context-Files that have a docbase. >>> >>> I'd like to repeat the question: who did this setup? >>> >>> Peter Kreuser >>> >>> Am 15.08.2017 um 23:45 schrieb James H. H. Lampert < >>>> >>> jam...@touchtonecorp.com>: >>> >>>> >>>> I think I've mentioned before that I have a Tomcat server on a Google >>>> >>> Compute Debian instance, that I installed with an "apt-get," rather than >>> from an Apache download. >>> >>>> >>>> I had to apt-get manager separately, which is odd to begin with. >>>> >>>> And things ended up in unexpected places. >>>> >>>> Some stuff (like the Catalina directory) wound up in /etc/tomcat7. Other >>>> >>> stuff (like the bin and lib directories) wound up in /usr/share/tomcat7. >>> >>>> >>>> But the weirdest thing is where the webapp contexts wound up. The >>>> >>> default ROOT context (which doesn't look quite like the default ROOT >>> context of anything I've installed from an Apache download) is in >>> /var/lib/tomcat7/webapps/ROOT. But the manager and host-manager webapps >>> are >>> in /usr/share/tomcat7-admin/manager and /usr/share/tomcat7-admin/host- >>> manager. >>> >>>> >>>> Setting aside any questions of why whoever set this up for Debian did it >>>> >>> this way, all of this still raises a very big question: >>> >>>> >>>> How is Tomcat finding all of this? >>>> >>>> -- >>>> JHHL >>>> >>>> - >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Where Tomcat webapp contexts live on Debian
Debian has a long tradition of doing things in a very special way when it comes to java. Long enough they shipped GnuJ as standard JVM with a debian distribution, a piece of garbage that wasn't able to start simplest of java programs. But there has been an as long tradition to reply to every question about tomcat behaviour on a specific distribution by suggesting to throw the crap away and download the vanilla tomcat form the one and only legal source ;-) (at least in the past, to which debian belongs). regards Leon On Wed, Aug 16, 2017 at 7:43 AM, Peter Kreuserwrote: > I'd assume the service that starts tomcat sets the bin-Dir, that contains > a setenv.sh, that has the CATALINA_HOME and BASE env-Varaibles, where you > find the context-Files that have a docbase. > > I'd like to repeat the question: who did this setup? > > Peter Kreuser > > > Am 15.08.2017 um 23:45 schrieb James H. H. Lampert < > jam...@touchtonecorp.com>: > > > > I think I've mentioned before that I have a Tomcat server on a Google > Compute Debian instance, that I installed with an "apt-get," rather than > from an Apache download. > > > > I had to apt-get manager separately, which is odd to begin with. > > > > And things ended up in unexpected places. > > > > Some stuff (like the Catalina directory) wound up in /etc/tomcat7. Other > stuff (like the bin and lib directories) wound up in /usr/share/tomcat7. > > > > But the weirdest thing is where the webapp contexts wound up. The > default ROOT context (which doesn't look quite like the default ROOT > context of anything I've installed from an Apache download) is in > /var/lib/tomcat7/webapps/ROOT. But the manager and host-manager webapps are > in /usr/share/tomcat7-admin/manager and /usr/share/tomcat7-admin/host- > manager. > > > > Setting aside any questions of why whoever set this up for Debian did it > this way, all of this still raises a very big question: > > > > How is Tomcat finding all of this? > > > > -- > > JHHL > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Automatically compressing localhost_access_log after rotation
On Thu, Aug 3, 2017 at 8:16 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Martin, > > On 8/3/17 5:47 AM, Martin Knoblauch wrote: > > is there a way to compress the localhost_access_log.#.txt file > > automatically after rotation? > > Not really. The file is rotated *during* log events, and stalling to > compress a log file is probably not a great solution. > > > Alternatively/preferably is there a way to put the access logging > > under "log4j"? > > Also not really, but if you are willing to write code, you can do it. > The AccessLogValve handles its own logging to a file, but if you were > to subclass AccessLogValve and override the "open" method and assign a > value to the AccessLogValve.writer member that writes to a log4j > logger, then I think you could probably do this. > > I believe that log4j will stall your access log during the > compression, though, so you might want to think about whether or not > you want to implement it this way. > > I think at least logback is performing file operations asynchronously to log events so maybe using slf4j over logback would be a more reliable way. regards Leon
Re: Tomcat on macOS
On Sat, May 20, 2017 at 8:56 AM, Israel Timoteowrote: > > > I have an additional question: > > 1) Would there be any recommendations for not having one Tomcat instance > per physical server? > Only if your application can't utilise resources properly. If your application fails to scale, fails to use all available cores or memory, you should have multiple instances. Also if your total memory is insanely high, like way above 64 Gb, you'd be better off with multiple instances. Also if your app uses a lot of synchronisation, having multiple tomcats can help. However, all of that is pretty improbable with a mac mini. Rule of thumb: if you can bring your app with tomcat to near 100% CPU or memory usage, no need for multiple instances. HTH Leon P.S. kudos to you for hosting on macs ;-) Crazy but fun ;-)
Re: TomcatCon Meetup (UPDATE)
Awesome, thanks! Sent from my iPhone > On 18. May 2017, at 14:58, Huxing Zhangwrote: > > Hi All, > > The pic for the meetup yesterday can be found here: > > https://www.dropbox.com/s/vu02lnrs77up5mc/IMG_0591.JPG > >> On Wed, May 17, 2017 at 8:46 PM, Coty Sutherland wrote: >> Sorry I had to run off, hopefully you guys had a productive meeting :) >> >>> On May 17, 2017 7:02 PM, "Coty Sutherland" wrote: >>> >>> We're sitting next to the pool. The room is occupied :( >>> >>> On May 17, 2017 9:12 AM, "Christopher Schultz" < >>> ch...@christopherschultz.net> wrote: >>> All, Let's move the Meetup to "immediately following the Lightning Talks", since that is a popular event at the conference. -chris > > All, > > For those of you at ApacheCon in Miami, here are the details for the Tomcat Meetup. Come and meet fellow members of the community, committers, and new friends. > > Time: 18:00 EDT > Place: Escorial Conference Room (where all TomcatCon sessions are being held) > > All are welcome to the meetup, and also the inevitable dinner and drinks to follow. > > Thanks, > -chris > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] ApacheCon anyone?
On Fri, May 12, 2017 at 7:25 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Leon, > > On 5/12/17 6:04 AM, Leon Rosenberg wrote: > > Just wondering if there are any plans for an informal get-together > > at the apache con in Miami next week? I know that Mark, Christopher > > and some others are there as speakers, so maybe an informal meetup, > > where non-commiters buy commiters a pizza or burger and have some > > chat? > > Hello Chris ;-) > Wait... you are coming and not giving a talk on MosKito?!? > Yeah, strange isn't it? Unfortunately I haven't submitted and my decision to come to apache con was rather spontaneous... But, know what Chris ? You'll be there, I'll be there and my notebook will be there too, so you can have a private presentation anytime you want ;-))) And everyone else who's interested too ;-) So how about MoSkito-private-hour? ;-) regards Leon P.S. and thanks for organisation efforts, I will keep all evenings free ;-) Looking forward to meet you guys in person, after so many years ;-) > >
[OT] ApacheCon anyone?
Just wondering if there are any plans for an informal get-together at the apache con in Miami next week? I know that Mark, Christopher and some others are there as speakers, so maybe an informal meetup, where non-commiters buy commiters a pizza or burger and have some chat? regards Leon
Re: Strange wait time in my application - Tomcat 7.0.67
Hi Tullio, well I am biased of course, but there are multiple. First, profiles are never used in production, MoSKito is aimed for production use. Not test lab, not dev machine, production, hardcore on all servers you've got. Than MoSKito also offers analysis tools, thresholds, alerts, charts etc. Finally MoSKito allows you to integrate business data into monitoring, things like registration count, checkout, gender of user, and so on... 'standard profiler' - is something designed to be used in the development environment. moskito is an apm tool. hope that helps regards Leon On Mon, Oct 3, 2016 at 4:21 PM, Tullio Bettinazzi <tullio0...@live.it> wrote: > Please help me to understand diffrences beween Moskito and standard > profilers. > > Tks > > Tullio > > > ____ > Da: Leon Rosenberg <rosenberg.l...@gmail.com> > Inviato: lunedì 3 ottobre 2016 14.29 > A: Tomcat Users List > Oggetto: Re: Strange wait time in my application - Tomcat 7.0.67 > > Hi Tullio, > > you could download and integrate MoSKito -> http://www.moskito.org. After > Health and Performance Monitoring for Java Applications | MoSKito< > http://www.moskito.org/> > www.moskito.org > MoSKito: Health and Performance Monitoring for Java applications. Complete > ecosystem for DevOps. Free and open source > > > > integration as described here > blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/ or > here: http://www.moskito.org/integration.html you can start your > Integration for MoSKito, the Open Source Health and Performance Monitoring > System for Java Applications<http://www.moskito.org/integration.html> > www.moskito.org > MoSKito Integration > > > > application and setup a tracer. > A tracer, explained here: > http://blog.anotheria.net/msk/newest-hottest-tracers/, can be used to > automatically trace all requests passing a specific point and compare the > execution times. It will keep the longest requests along with the execution > time in each monitored component. > So if there is some part of code you have, that lasts longer from time to > time, the tracer will find it. > > regards > Leon > > > On Mon, Oct 3, 2016 at 2:12 PM, Mark Thomas <ma...@apache.org> wrote: > > > On 03/10/2016 11:19, Tullio Bettinazzi wrote: > > > I already use Yourkit but it doesn't seems a load problem. > > > > > > The delay is not spread over all operaions but concentred in only one > or > > two and allways takes 4 secs more than the normal operation time. > > > > > > Could You suggest how to use Yourkit in this schenario ? > > > > I'd look at GC activity and detailed CPU profiling. > > > > Mark > > > > > > > > Tks > > > > > > Tullio > > > > > > > > > > > > Da: Mark Thomas <ma...@apache.org> > > > Inviato: lunedì 3 ottobre 2016 10.39 > > > A: Tomcat Users List > > > Oggetto: Re: Strange wait time in my application - Tomcat 7.0.67 > > > > > > On 03/10/2016 08:56, Tullio Bettinazzi wrote: > > >> I've an application under tomcat. > > >> When only a one or two users works on it everithing is ok. > > >> When the number of users grows the application slows down. > > >> Is not a memory nor a cpu problem : using top I see the system > > resources quite free. > > >> I don't see relevant garbage collection : heap size and permgen have > > correct dimentions. > > >> No other applications are running on the system. > > >> I log more or less every relevant operation in my system (db query and > > so on) and I see that every slowdown is concentered in a single > operation. > > >> I mean all operations take "normal" time but one or two of them take 4 > > seconds more. > > >> The "slowing" operations are not the same in different executions, and > > theydo not have a specific type (not only DB query, not only DB stored > > procedures, not only.). > > >> It seems like if the thread is frozen for a fixed amount fo time (4 > > seconds more or less) and then it restarts. > > >> I don't think it's a "queue" problem because otherwise the wait time > > would be unperdictable and not a "fixed" 4 seconds time. > > >> I don't know any parameter impacting on that behaviour. > > >> I use Tomcat 7.0.32 with JVM 1.7.0.67 on a Linux server. > > >> Could someone suggest a solution for my problem or, at least
Re: Strange wait time in my application - Tomcat 7.0.67
Hi Tullio, you could download and integrate MoSKito -> http://www.moskito.org. After integration as described here blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/ or here: http://www.moskito.org/integration.html you can start your application and setup a tracer. A tracer, explained here: http://blog.anotheria.net/msk/newest-hottest-tracers/, can be used to automatically trace all requests passing a specific point and compare the execution times. It will keep the longest requests along with the execution time in each monitored component. So if there is some part of code you have, that lasts longer from time to time, the tracer will find it. regards Leon On Mon, Oct 3, 2016 at 2:12 PM, Mark Thomaswrote: > On 03/10/2016 11:19, Tullio Bettinazzi wrote: > > I already use Yourkit but it doesn't seems a load problem. > > > > The delay is not spread over all operaions but concentred in only one or > two and allways takes 4 secs more than the normal operation time. > > > > Could You suggest how to use Yourkit in this schenario ? > > I'd look at GC activity and detailed CPU profiling. > > Mark > > > > > Tks > > > > Tullio > > > > > > > > Da: Mark Thomas > > Inviato: lunedì 3 ottobre 2016 10.39 > > A: Tomcat Users List > > Oggetto: Re: Strange wait time in my application - Tomcat 7.0.67 > > > > On 03/10/2016 08:56, Tullio Bettinazzi wrote: > >> I've an application under tomcat. > >> When only a one or two users works on it everithing is ok. > >> When the number of users grows the application slows down. > >> Is not a memory nor a cpu problem : using top I see the system > resources quite free. > >> I don't see relevant garbage collection : heap size and permgen have > correct dimentions. > >> No other applications are running on the system. > >> I log more or less every relevant operation in my system (db query and > so on) and I see that every slowdown is concentered in a single operation. > >> I mean all operations take "normal" time but one or two of them take 4 > seconds more. > >> The "slowing" operations are not the same in different executions, and > theydo not have a specific type (not only DB query, not only DB stored > procedures, not only.). > >> It seems like if the thread is frozen for a fixed amount fo time (4 > seconds more or less) and then it restarts. > >> I don't think it's a "queue" problem because otherwise the wait time > would be unperdictable and not a "fixed" 4 seconds time. > >> I don't know any parameter impacting on that behaviour. > >> I use Tomcat 7.0.32 with JVM 1.7.0.67 on a Linux server. > >> Could someone suggest a solution for my problem or, at least, an > investigation strategy. > > > > https://www.yourkit.com/java/profiler/features/ > > Performance and Memory Java Profiler - YourKit Java Profiler< > https://www.yourkit.com/java/profiler/features/> > > www.yourkit.com > > Easy to use performance and memory profiler for .NET framework. Supports > ASP.NET, Silverlight, .NET Windows services and more. > > > > > > > > > > Mark > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: question on Java / Tomcat / GC
On Thu, Jul 14, 2016 at 9:15 PM, Anthony Biaccowrote: > On Thu, Jul 14, 2016 at 11:41 AM, André Warnier (tomcat) > wrote: > > > > Well, i'm not a GC expert by any stretch of the imagination, but i think > with your PrintGC options the "GC (System.gc())" and the "Full GC > (System.gc())" are the same GC. > Since they're consistent at every hour, the application may be calling the > System.gc > You may want to check the code if you have access to it. > > -Tony > If you don't have access to the code you could just disable the gc (recommended anyway): -XX:+DisableExplicitGC Since the app is running in tomcat6 it must be old, and a lot has been happening with the gc since tomcat6 time. Btw, you may want to add -XX:+PrintGCDetails for more insights into spaces. Also shouldn't -XX:+UseParallelGC be default since 1.7? regards leon
Re: Memory Problem
Well the most obvious way to determine it is to lower your settings unless it works, then lower it a little bit more. regards Leon On Mon, May 9, 2016 at 6:13 PM, Edwin Quijadawrote: > I am getting this error on my server > Java HotSpot(TM) 64-Bit Server VM warning: INFO: > os::commit_memory(0x7fe63ff4, 262144, 0) failed; error='Cannot > allocate memory' (errno=12) > # > # There is insufficient memory for the Java Runtime Environment to > continue. > # Native memory allocation (mmap) failed to map 262144 bytes for > committing reserved memory. > # An error report file with more information is saved as: > # /var/lib/tomcat8/bin/hs_err_pid14264.log > Java HotSpot(TM) 64-Bit Server VM warning: INFO: > os::commit_memory(0x7fe64b5f8000, 12288, 0) failed; error='Cannot > allocate memory' (errno=12) > [thread 140627084805888 also had an error] > > > My server has 2 GB memory and I have 1024mb for Maxmen in catalina.opts > > How must be the memory amount ? > > > TIA >
Re: OT if/else or not if/else
On Mon, Apr 25, 2016 at 5:21 PM, Dougherty, Gregory T., M.S. < dougherty.greg...@mayo.edu> wrote: > > > Yes, we do, because, well, it is more informative. :-) > > if (a) Š > else if (b) Š > else if (c) Š > > Says you have three mutually exclusive options, and implies that a is more > likely / more important than b, than c. > > Or, if ³a" is a method call, possibly that ³a² has some setup needed for > ³b² and ³c². > > All of this is lost with multiple if statements. > > > Then there¹s the everlasting wisdom of Knuth¹s comment about "premature > optimization is the root of all evil². > Exactly my point. if (a) Š if (b) Š if (c) Š shorter and therefore easier than the other one ;-) if-else-if is just a premature optimization to the above statement ;-)
Re: OT if/else or not if/else
On Mon, Apr 25, 2016 at 4:13 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Leon, > > On 4/22/16 12:24 PM, Leon Rosenberg wrote: > > Hi guys, > > > > I would always choose the case with the elses. > > First, I think it's more clear: if you expect that only one branch of > the code will run, and no others, then the elses tell the reader that > fact without any further commentary. The zero-else case might help you > catch some logic errors (because for example you can log each entry > into a branch) but there are of course other ways to do that. > > Second, it's more efficient, regardless of what type of processor you > have. Let's take an example where there are more than 3 branches. How > about something like a million branches (just to accentuate the > point)? If one of the branches runs, the others are skipped. If all > branches have an equal change of being chosen, then the CPU has to > perform on average 50 predicates. If you put the common cases at > the top, you can do even better. Let's assume the 80/20 rule applies, > here, and you can take a guess that, on average, the CPU will only > have to perform 10 predicates on average. > I don't think the example is valid (even if machines with 100.000 cpus and more actually exist). But I remember from days of my study, which lies way way back, that languages that are optimized for parallel processing would be able to tell the compiler to execute all ifs in parallel. So if we stick with a number of ifs which is less than the number of available cores/pipes we could run it all in parallel. I don't think it is possible with if else, unless it is transformed into something else. The other thing that made me wonder is that most people on the list (or all except me) actually considered if-else-if-else more readable. It not only creates a more complex structure (visually and syntactically (more letters)). But also the semantics of an *else* are different as of an *if*. This is like North Carolina ;-) if (man){ do_man_thing; } else { do_woman_thing(); } doesn't work anymore, even it worked 20 years ago. Talking about maintaining :-) regards Leon > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlceJg8ACgkQ9CaO5/Lv0PAODQCfRCBvVgM2HSM2/CBEGtlBe0Pg > MrcAn2OdBYKJR0OSApcBFfONJHOlKGY0 > =YeMH > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
OT if/else or not if/else
Hi guys, this is completely off-topic ;-) I was wondering if using if/else is not actually slowing down your code. Lets say I have three possible conditions, A, B and C, which are exclusive. My native approach would be: if (A){...} if (B){...} if (C){...} now some people would 'optimize' it as if (A){ ...} else if (B) {} else if (C) { } and I think in the world of single-cpu computers this optimization could work. But what is now, given that compilers can optimize stuff like this and tell the processor to calculate all 3 branches simultaneously, which is not possible for ifelse. Which one would you choose? Equally important, which one do you think is more readable? I would say if else is hard to read, but this can be just personal impression. regards Leon
Re: [OT] Monitoring Tomcat
On Tue, Mar 29, 2016 at 4:57 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Leon, > > On 3/28/16 6:34 PM, Leon Rosenberg wrote: > > Of course MoSKito: http://www.moskito.org > > > > Take a look at the step by step guide (start with step 1 not 0). > > blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/ > > You > > > should come to ApacheCon and give a presentation about MoSKito > sometime. I'd love to see it. > Thanks for the invitation, I'd actually love to;-) When is the next one (and where;-)) Leon > >
Re: Monitoring Tomcat
Of course MoSKito: http://www.moskito.org Take a look at the step by step guide (start with step 1 not 0). blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/ regards Leon On Tue, Mar 29, 2016 at 12:23 AM, Edwin Quijadawrote: > Hi! > I have an app with Tomcat+Grails+Vaadin+PostgreSQL and I wanna monitor the > speed and resources of this. I add to 1024mb to Tomcat because the app and > DB is in the same server. > > What application can I use to monitor performance of this Tomcat ? > > > TIA >
Re: Why the tomcat source code uses obsolete ant build configuration? why not maven or gradle?
Hi Raja, I think this question arises on this user list every now and then. I even think there have been some effort to create a pom.xml for tomcat, but without great success (after few replies you can imagine why). Personally I totally understand you. From what I see ant is totally gone and has been replaced by maven virtually everywhere. Also the tool support for maven is much better as for ant. However, there are reasons why maven has been so successful, and it is one of the reasons, why it still not used here. 1) maven has an absolutely superior dependency management to what ant ever had to offer, with or without ivy. 2) and more important, maven is not only a build tool, it defines the project layout, the build cycles and how you have to work with the project (meaning releases, branching etc). All of that is missing completely in ant, ant lets you create whatever development system you want, but you have to do it all the way alone. Maven gives you one, and if you agree to use it, you will safe a lot of time and can put your effort in things that matter more. Now, see, this is exactly the problem. Tomcat as a project was there long before maven team layed out how they imagine people should work. And since tomcat is doing stuff it's own way, it will be a huge portion of work to make it work with a pom. So if you want to work with a pom and maven, you maybe start your work exactly there ;-) regards Leon P.S. The opinion that "ant is gone" is of course solely mine and based on personal experience only ;-) No flame please. On Mon, Mar 28, 2016 at 5:57 PM, Raja Anbazhagan < raja.anbazhagan1...@gmail.com> wrote: > I'm new to tomcat project and I wanted to take a look at the code base to > see if I can contribute in any which ways. But after going through the > build process and setting up every other tools used to build ant, I'm a bit > frustrated. > > Why didnt we migrated this project to a better build tool like maven or > gradle so that the contributor can spend less time setting up the code and > more time on actually working on the contribution part.? > > - Raja >
Re: Monitoring Connections
On Wed, Oct 7, 2015 at 11:59 PM, Aurélien Terrestriswrote: > Hi Jamie, > > > If you enjoy live monitoring, you need to have a look on Christopher's > presentation ( > > http://events.linuxfoundation.org/sites/events/files/slides/Monitoring%20Apache%20Tomcat%20with%20JMX.pdf > ) who posts many answers to this mailing list. > > > or if you want to go deeper, try MoSKito (http://www.moskito.org) regards Leon > >
Re: [Hardening] Running tomcat under a specific account
Hello Jan, that would be better yes. For example some time ago, there were a virus that would place a modified jsp in a webapp and try to access further data from it. If the user, the tomcat runs under, would have limited permission, such a malware would have less chances to actually do something harmful. As for my personal opinion and 10++ years of experience with different tomcat version in production environment, (attention, flame war can start here), an apache httpd in front of tomcat does _not_ increase the security _at_all_. In fact I would argue that it adds its buffer overflows and bugs to the bugs that could exists in tomcats code. regards Leon On Wed, Feb 25, 2015 at 11:13 PM, Jan Tosovsky j.tosov...@email.cz wrote: Dear All, there are plenty resources mentioning it is a must to run tomcat as a dedicated user with limited permissions. Is it still true when tomcat doesn't run standalone, but via Apache web server connected via AJP? That webserver already runs in the restrictive mode. Thanks, Jan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need Help!
On Wed, Jan 28, 2015 at 8:48 PM, David kerber dcker...@verizon.net wrote: On 1/28/2015 2:03 PM, Hyder Hashmi wrote: Hi, I am working on a small project and need your help in this. I have a java program in which I read and write in a file that is located in the current folder. Now I have written a few servlets and trying to use the previous code along with servlets. Tomcat is searching for the file in its bin folder and giving FileNotFoundException. To Tomcat, the /bin folder is it's current directory. Not quite right, the directory you started from is your current directory. Which can be TOMCAT_HOME or TOMCAT_HOME/bin etc. Leon If I use my java code without the servlet it is checking for the file in current folder (which is my requirment). It looks like you need to refactor your code to allow you to specify where to find the file when you call the method that does the work. Then the servlet and your pure java code can both specify as needed. Of course, a servlet may not have permissions to anything outside of its own hierarchy, but that's a separate issue. I want to ensure that when I use my java code along with servlets, it should read and write in the file from current folder(Project folder in tomcat's webapps). I am not using any IDE, the code is written in Notepad and being executed from CommandLine. I have spent long time on Internet to find the resolution but in vain. Request to help me with this situation . Hoping for a positive reply. Thanks for in advance for all the help. Regards, Hyder. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SAML 2.0 with container managed authentication in Tomcat
On Thu, Sep 11, 2014 at 2:26 PM, Maarten van Hulsentop maar...@vanhulsentop.nl wrote: Dear Tomcat-users, We are investigating the best way to support SAML 2.0 (SP) authentication with our application. Our application is using container managed authentication provided by Tomcat, and works very well with basic authentication, form authentication, SPnego and others. My expectation would be that it should be possible to add a Valve and a Realm and have a 3rd party tool supply the SAML2 Relying Party implementation. So far, we have identified a couple of possible candidates. - Apache CXF Fediz. This project still seems young, but the integration would be as i expect. - Spring security might be possible to wrap into a Valve and Realm? - Picketlink? As stated on https://docs.jboss.org/author/display/PLINK/SAML+Authenticators+(Tomcat,JBossAS) I have used picketlink with tomcat as SP and jboss wildfly as IDP and it worked very well. Picketlink works great but the support is rather thin. You may also want to check WSO2. regards Leon P.S. Both provide Filters not Valves.
Re: Question on Thread Local
From practical point of view ThreadLocal is a huge hashmap directly in the ThreadClass where you can store a map of variables. Something like Thread.MapThreadId, MapString, Object, in which you can access variables that are 'attached' logically to the current Thread. In practice its a nice way to pass information through layers of code without adding it explicitly as parameter to every function on the way. regards Leon P.S. of course there are some technical aspects like ability to be passed to the spawned threads etc, which I didn't mention :-) On Tue, Sep 2, 2014 at 9:47 PM, Leo Donahue donahu...@gmail.com wrote: I've been reading about using Thread Local in web applications and the general use case is to generate a transaction id in a filter so that the rest of the web application running in the thread local will have access to that transaction id. Thread Local is essentially a way to create a global variable so that you don't have to create a bean that generates said global data and pass that bean around to other classes, or inject it into the other classes? I am not sure I understand the difference between per-thread requests and servlet requests that already run in their own thread. In other words, what is the difference between using a Thread Local variable vs any other variable that is created inside a filter, or during a normal servlet request?
Re: Question on Thread Local
no :-) Allow me to provide an example. This class : MoSKitoWebUIContext.java ( https://github.com/anotheria/moskito/blob/master/moskito-webui/src/main/java/net/anotheria/moskito/webui/MoSKitoWebUIContext.java ) Is a ThreadLocal that is used to store some information, for example HttpSession. In the beginning of the processing I am calling MoSKitoWebUIContext.getCallContextAndReset(); //that initializes the context and than MoSKitoWebUIContext .getCallContext().setCurrentSession(HttpSession currentSession); from this time on the link to current session is stored in the ThreadLocal variable, and whereever in the call I need it, I can simply call MoSKitoWebUIContext .getCallContext().getCurrentSession() and obtain it, without explicitly passing it through call trees. This allows me to pass parameters from a very beginning of the processing to the very end of the processing (or just everywhere) without passing them around and having them in each and every method. Another popular example would be to store the Locale the user is in for i18n. HTH Leon P.S. of course you need to clean up the thread locals at the end of processing (at least in theory) and so on. On Tue, Sep 2, 2014 at 10:22 PM, Leo Donahue donahu...@gmail.com wrote: On Tue, Sep 2, 2014 at 3:00 PM, Leon Rosenberg rosenberg.l...@gmail.com wrote: From practical point of view ThreadLocal is a huge hashmap directly in the ThreadClass where you can store a map of variables. Something like Thread.MapThreadId, MapString, Object, in which you can access variables that are 'attached' logically to the current Thread. In practice its a nice way to pass information through layers of code without adding it explicitly as parameter to every function on the way. regards Leon At some point in the web application, a ThreadLocal is instantiated and its properties are set and then retrieved in a Filter. Am I on track here? How is that different or more helpful than instantiating any other POJO with property setters? A POJO will be instantiated on every servlet request whereas the ThreadLocal is only created once?
Re: VERY HIGH TRAFFIC TUNING
answering only to the one directed at me (or so I think): On Thu, Jul 10, 2014 at 4:09 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Leon, If you have very fast connections, go for a smaller amount. If you have keepalive and slow connections, remember that every connection can hold 1-2 threads without doing anything at all. Hmm? If you have keepalive enabled, then every client will held an open connection for some period of time. Depending on browser brand and version, the browser will typically hold 1-2 connections to the server. So for every logged in users that is clicking or issuing a request regularly (maybe once a minute or so), you can end up having one or two threads, dependending on how many connections the browsers holds. Those threads would be idle most of the time, but still not available to your threadpool. Usually they show up as Runnable somewhere in socket.read in the thread dump. So if you have 100 users with 150 connections and 151 threads in your threadpool you can end up with a completely blocked server with zero cpu usage. regards Leon
Re: VERY HIGH TRAFFIC TUNING
On Wed, Jul 9, 2014 at 4:47 AM, Hernán Marsili her...@cmsmedios.com wrote: Hi, Hello Hernán, For the past 4 years we has been working with a 'stable' configuration in which we put APACHE in front of TOMCAT7 (previously Tomcat6) with mod_jk connector. We usually serve high traffic sites with about 7000 to 10.000 concurrent users per box (8gb RAM / 4 vcpu) (50.000 active users total). We are OK with the performance, but sometimes we notice Tomcat stops responding normally while there are at least 2 full CPU left to be consumed (JAVA memory is fine). Hard to tell from here, but dropping performance while still having resources is often an indicator for synchronization issues. You should analyze your thread usage. You could do it with jstack (save multiple stacks in short slots, like every 10 seconds for 2-3 minutes). Check what threads are in what states: - do you have any threads in BLOCKED state? If yes, what they are waiting for? - what are you RUNNABLE threads doing? Are they waiting for something, even not blocked - for example reading the database or reading the incoming request. - is your amount of TIMED_WAITING threads sufficient? If you have non, your thread pool is probably out of threads. This is the configuration we use for the connector: Connector port=8009 protocol=AJP/1.3 address=127.0.0.1 emptySessionPath=true redirectPort=8443 maxThreads=1024 minSpareThreads=32 enableLookups=false request.registerRequests=false / Generally removing apache httpd can increase performance. I assume you have a hardware loadbalancer in front of things, so httpd doesn't do you any good. I have a couple of questions: 1) should we set a particular connector or let Tomcat7 decide? I understand using protocol=AJP/1.3 the auto-switch kicks in. But, for non-SSL high concurrency sites maybe is best to fixed on APR? Warning, flame war is about to begin, but personally I always found that the plain old java connector is the best option for speed. And the simplest to use too. If you insist of having apache httpd in front, you may want to try mod_proxy (or was it mod_proxy_ajp?) instead. 2) how many THREADS can we have? can we go beyond the 1024? Depends on your OS. On modern linuxes sky is the limit. However context switches can kill you too. If you have very fast connections, got for a smaller amount. If you have keepalive and slow connections, remember that every connection can hold 1-2 threads without doing anything at all. But you can go up to 4096 without second thought, if you are really out of threads. However, if your problem are blocked threads or a slow DB, you will make things much much much worse. 3) is there any advantage on using processorCache? 4) We are not defining a CONNECTION TIMEOUT not a KEEP ALIVE. Any advice on this one? The average user session is 7 minutes. If playing with CONNECTION_TIMEOUT, than better on OS level. But again that depends on what is really happening within your application and with the connections. You could monitor it with netstat and see if you have too many CLOSE_WAITs or something. That it's easier to decide what to do. Thanks for the help! Hernán. Leon. P.S. needless to say, but having a monitoring tool like http://www.moskito.org will help either ;-)
Re: CATALINA_PID != real PID
Hello Arseniy, I don't know why it doesn't work for you, it works for me: export CATALINA_PID=/opt/app/tomcat7/pid */opt/app/tomcat7*$ more pid 5856 ps aux | grep 5856: thales5856 0.0 43.6 642472 228788 ? Sl Apr28 29:19 /opt/java/jdk1.7.0_45/bin/java -Djava.util.logging.config.file=/opt/app/tomcat7/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -server -Xmx256m -Djava.endorsed.dirs=/opt/app/tomcat7/endorsed -classpath /opt/app/tomcat7/bin/bootstrap.jar:/opt/app/tomcat7/bin/tomcat-juli.jar -Dcatalina.base=/opt/app/tomcat7 -Dcatalina.home=/opt/app/tomcat7 -Djava.io.tmpdir=/opt/app/tomcat7/temp org.apache.catalina.startup.Bootstrap start I am using CATALINA_PID solely to be able to use the force opton: bin/shutdown.sh -force for automatical releases from jenkins (the only way I know to wait until shutdown is finished). Maybe you have a wrapper script that starts another script, that starts tomcat, and this is why your pid differ? regards Leon On Fri, May 23, 2014 at 12:03 PM, Арсений Зинченко setev...@gmail.comwrote: Hi, guys. I set: $ export CATALINA_PID=$CATALINA_HOME/conf/catalina.pid Started *Tomcat*: $ ./bin/startup.shUsing CATALINA_BASE: /home/tomcats/apache-tomcat-7.0.53Using CATALINA_HOME: /home/tomcats/apache-tomcat-7.0.53Using CATALINA_TMPDIR: /home/tomcats/apache-tomcat-7.0.53/tempUsing JRE_HOME: /usr/java/jdk1.6.0_45/jre/Using CLASSPATH: /home/tomcats/apache-tomcat-7.0.53/bin/bootstrap.jar:/home/tomcats/apache-tomcat-7.0.53/bin/tomcat-juli.jarUsing CATALINA_PID: /home/tomcats/apache-tomcat-7.0.53/conf/catalina.pidTomcat started. Checked pid-file: $ cat /home/tomcats/apache-tomcat-7.0.53/conf/catalina.pid28461 But - there is no process 28461: $ ps aux | grep 28461 tomcats 28599 0.0 0.0 103240 872 pts/0S+ 12:50 0:00 grep 28461 $ ps -p 28461 PID TTY TIME CMD And Tomcat's JVM runs with other PID: $ ps u | grep tomcat | grep java | grep -v grep | cut -d -f 330133 So - for what exactly CATALINA_PID variable needs or - why it's return wrong number? From *Tomcat the Definitive Guide* of *Jason Brittain* book we know that: CATALINA_PID This variable may optionally hold the path to the process ID file that Tomcat should use when starting up and shutting down. None Use: $ cat /etc/redhat-releaseCentOS release 6.4 (Final) Thanks for advice.
Re: CATALINA_PID != real PID
The usual Heisenbug. regards Leon On Fri, May 23, 2014 at 1:24 PM, Арсений Зинченко setev...@gmail.comwrote: Hi, Leon. Thanks for replay. Don't know why - but now it works good :-)
Re: Application monitoring
David, I already asked you why you are reinventing the wheel, but it seems, for fun, which is a perfectly ok reason though. However, maybe you'll find some insights on how other people do it here: http://blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-6-moskito-control/and here: http://blog.anotheria.net/msk/case-study-monitoring-a-cluster-of-java-daemon-processes/ regards Leon On Mon, May 19, 2014 at 2:42 PM, David kerber dcker...@verizon.net wrote: On 5/19/2014 8:27 AM, Neven Cvetkovic wrote: On Mon, May 19, 2014 at 8:11 AM, David kerber dcker...@verizon.net wrote: I've uploaded code examples and the JmxExample.war: https://wiki.apache.org/tomcat/Example%20Application% 20Exposing%20Internals%20Using%20JMX So, just deploy JmxExample.war to your Tomcat instance, open up JMX console through JVisualVM or JConsole, and find the MBean, e.g. JmxExampleApp:type=Counter You will see that the internal instance of MyCounter is exposed through JMX, and you will be able to set the name, initial count, reset the counter, etc... The trick was to use @WebListener that registers the MBean instance with your MBeanServer upon application deployment. Your MBean instance will wrap around any of your application internals you would with to expose. What kind of performance hit does this wrapper cause? A couple of my app's instances take more than 4M transactions per day, up to several hundred per second at peak times. So I can't afford much added work per request. Thanks! Hey David, Well, that depends what do you do for every transaction (request). In the above example with @WebListener, the app's performance should not be affected significantly, all it does it registers a JMX MBean at app deployment, and exposes the attributes and operations (getters/setters + other public methods) to JMX clients invoke this MBean. Once you undeploy the app, it unregisters the MBean. Ok, that sounds promising. I was worried that every request might have to go through the filter/wrapper before getting to my core processing code. If the MBean classes only need to make (for example) getCounter() calls into my app's existing counters when needed, then that shouldn't be a problem. Sure, performance will depend on how often you call JMX, and that might shave few OS cycles away from standard app operations (4M tx per day), if for example you want to make JMX calls every microsecond/second to plot some charts, etc... that might put a dent in your app performance. Few questions for you: - What kind of attributes/operations would you like to expose in your application, by using JMX? I am already keeping some counters and other information and exposing it through a browser interface into each instance (a .jsp). But as the number of instances has grown from 3 to 12, monitoring each instance's status has become burdensome. Hence my desire to consolidate the monitoring of all instances into a single location, and present the same information through the new interface I'm discussing here. That data plus some startup parameters (the location of each app's various resources mostly) are all that I am looking to expose for now. - What would you like to manage using JMX? If by managing, you mean controlling (changing settings, etc), I don't plan on doing any of that. At least not for now. It would be great to get some performance metrics and see how that affects your application! Keep us posted :) Cheers! n. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Application monitoring
Hello David, yes there is. And I sent you two links to blog entries about exactly that. Did you read them? regards Leon P.S. in the examples the app specific info is monitored directly and not via jmx, because that saves a lot of overhead, but reading jmx beans is also supported. On Mon, May 19, 2014 at 3:01 PM, David kerber dcker...@verizon.net wrote: On 5/19/2014 8:52 AM, Leon Rosenberg wrote: David, I already asked you why you are reinventing the wheel, but it seems, for fun, which is a perfectly ok reason though. However, maybe you'll find some insights on how other people do it here: http://blog.anotheria.net/msk/the-complete-moskito- integration-guide-step-6-moskito-control/and here: http://blog.anotheria.net/msk/case-study-monitoring-a- cluster-of-java-daemon-processes/ Leon - I don't want to re-invent the wheel if there's already something that will do what I need, but I don't see what you're getting at. Is there an already-existing tool that will let me look into multiple identical but independent tomcat apps, read various MBeans from each one and display that data in a single window? The data I want to display is application-specific, and not generic stuff like heap usage, GC info, etc. I understand that I should be able to connect to any one app and read its MBeans with some standard JMX tool/interface, but that's essentially what I'm doing now (though without using JMX) and am trying to get away from. Dave regards Leon On Mon, May 19, 2014 at 2:42 PM, David kerber dcker...@verizon.net wrote: On 5/19/2014 8:27 AM, Neven Cvetkovic wrote: On Mon, May 19, 2014 at 8:11 AM, David kerber dcker...@verizon.net wrote: I've uploaded code examples and the JmxExample.war: https://wiki.apache.org/tomcat/Example%20Application% 20Exposing%20Internals%20Using%20JMX So, just deploy JmxExample.war to your Tomcat instance, open up JMX console through JVisualVM or JConsole, and find the MBean, e.g. JmxExampleApp:type=Counter You will see that the internal instance of MyCounter is exposed through JMX, and you will be able to set the name, initial count, reset the counter, etc... The trick was to use @WebListener that registers the MBean instance with your MBeanServer upon application deployment. Your MBean instance will wrap around any of your application internals you would with to expose. What kind of performance hit does this wrapper cause? A couple of my app's instances take more than 4M transactions per day, up to several hundred per second at peak times. So I can't afford much added work per request. Thanks! Hey David, Well, that depends what do you do for every transaction (request). In the above example with @WebListener, the app's performance should not be affected significantly, all it does it registers a JMX MBean at app deployment, and exposes the attributes and operations (getters/setters + other public methods) to JMX clients invoke this MBean. Once you undeploy the app, it unregisters the MBean. Ok, that sounds promising. I was worried that every request might have to go through the filter/wrapper before getting to my core processing code. If the MBean classes only need to make (for example) getCounter() calls into my app's existing counters when needed, then that shouldn't be a problem. Sure, performance will depend on how often you call JMX, and that might shave few OS cycles away from standard app operations (4M tx per day), if for example you want to make JMX calls every microsecond/second to plot some charts, etc... that might put a dent in your app performance. Few questions for you: - What kind of attributes/operations would you like to expose in your application, by using JMX? I am already keeping some counters and other information and exposing it through a browser interface into each instance (a .jsp). But as the number of instances has grown from 3 to 12, monitoring each instance's status has become burdensome. Hence my desire to consolidate the monitoring of all instances into a single location, and present the same information through the new interface I'm discussing here. That data plus some startup parameters (the location of each app's various resources mostly) are all that I am looking to expose for now. - What would you like to manage using JMX? If by managing, you mean controlling (changing settings, etc), I don't plan on doing any of that. At least not for now. It would be great to get some performance metrics and see how that affects your application! Keep us posted :) Cheers! n. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr
Re: Tomcat dependency on application server
Really, there are about 1 gazzillion valid ways to setup an application consisting of n number of tomcats and m number of jbosses, running in same or separate processes/vms/datacenters and doing stuff. Maybe you should first find out, what your deployment architecture is, and what your app does. Probably ps is a good way to start to find out what is really running on your machine and where. Leon On Sat, May 17, 2014 at 11:35 AM, Randhir Singh randhir.si...@sterlite.comwrote: I have 1 observation. In our developmental environment, I killed the Tomcat process and started the Tomcat it worked. But in the production environment, starting Tomcat was not enough and I had to restart JBoss Tomcat in sequence for Tomcat to be up. Could it mean that JVM is crashing or something because of OOME in Tomcat. I could try to increase the heap Permgen memory in Tomcat, would that help? Requesting a reply. Regards -Original Message- From: Randhir Singh [mailto:randhir.si...@sterlite.com] Sent: Saturday, May 17, 2014 11:00 AM To: 'Tomcat Users List' Subject: RE: Tomcat dependency on application server Thanks Chris for your answer. There were separate PID's on Linux for JBoss Tomcat and I killed the Tomcat process. Would killing a Tomcat process also kill the JVM process? I had another related question of how to know the number of JVM's running, I mean the count of the number of JVM's. I hope, my query has been put across correctly. Requesting a reply. Regards -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Saturday, May 17, 2014 1:59 AM To: Tomcat Users List Subject: Re: Tomcat dependency on application server -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randhir, On 5/15/14, 3:17 AM, Randhir Singh wrote: Hi, We have JBoss as the application server Tomcat as the web server in our production developmental setup which is on Red Hat Linux 5.X. We have tomcat 6.X. My query is that if I need to restart tomcat, do I need to restart JBoss Tomcat both or just restarting Tomcat would be enough. I am asking this query because I had killed the tomcat process using kill -9 and while restarting tomcat it was not starting but when I killed JBoss tomcat and then restarted, Tomcat was up. I hope my query is clear whether Tomcat is dependent on JBoss. I'm fairly sure that there is only a single JVM for JBoss/Tomcat. If you killed one, you've killed the other. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTdnUaAAoJEBzwKT+lPKRYnH8QALfeHn4XVXB6KANb0hmAPEL3 7pNRaUW0AypQQjujzr7X4DKv3MOnMwWfIaiVcazNbtC7j+W3Mi6khksZIq1cz0At o9K0CDdJhAg5be9a68T7E5ko4mdy+rjX2ZsuX2LDdp5wyQaYWEXRWd3+hfBL2Gk7 D+225vxnMUeB9gHLaVUQ4k/3TOZvO/DYT9TCnxOlviP1+QEek5chN6a9XDJpQKpg O/EVBudYmDMLu9QKbOJJ5jomKUUa/VPsjhwz4O32+2Zok5VWLIrct5joF3r2ej+p 5RfHLnijRcCX5QkZOAYM9mdvFuFb1+lNAUGKPJwZU47SI7delyJZwxqGJYmo495e Q2nGMqepgXlQhOtwuTMdSh9gFV6LqJeaWcW6ZpyMNXbkNSSRSIy3hgcZqRycsSUa dvBRg6j57MMhNiCDx9IVtxF+OqKbiiLNdb9tJRArSXdoSx3a1EYbRbmye3xWbrUv SYadbr14KBqTXxaK2qJBb7E3j/fn1J5NKEARQbM/ML5Q/0TaNIRMlmjbOt2yccYG pNRtC8FRkHWaN3eYtpM0vMNCZ/Cl/atzr3StoN/EX5bWjba6eaaXBaeKdG3FypyY jL0nQu7P0Ir1ASrcxlQeN5snLmI2G4AoFjenOhEsCDDQKixSiryzZRR6ZVqCPZ/k Bi3P3ZPYqngg8oU6s6b6 =bJS6 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- *STL Disclaimer:* The content of this message may be legally privileged and confidential and are for the use of the intended recipient(s) only. It should not be read, copied and used by anyone other than the intended recipient(s). If you have received this message in error, please immediately notify the sender, preserve its confidentiality and delete it. Before opening any attachments please check them for viruses and defects. No employee or agent is authorised to conclude any binding agreement on behalf of Sterlite Technologies Limited with another party by email without express written confirmation by authorised person. Visit us at www.sterlitetechnologies.com Please consider environment before printing this email ! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Application monitoring
Hello David, I will not ask you why you are reinventing the wheel (ok, I lied, why are you reinventing the wheel?). You have multiple options available: 1) You could use jmx and publish your information as jmx beans. 2) You could use rmi between you 'collector' and the target apps. 3) You could use simple http (preferably json), but in that case I would advice to setup a separate collector for it. For any of the above options there are numbers of classes and utilities you can use. For example jersey as jax-rs implementation is perfect for exchange of json data, for rmi you could use DistributeMe ( http://www.distributeme.org) or spring-remote, and so on. But yet again, why reinventing the wheel? regards Leon On Wed, May 14, 2014 at 6:28 PM, David kerber dcker...@verizon.net wrote: I am working on a small Tomcat servlet to monitor other tomcat-based applications running on the same physical machine, and am trying to figure out the best way to communicate between the monitoring app, and the monitored apps. My setup has several tomcat instances of a single application, each running from its own directory, and listening on its own TCP port. So there is no direct communication between the instances. I'm trying to monitor various data about the application, not about tomcat itself or the JVM. So I want to collect such things as the number of requests it has processed, the last data received, etc, and not things like memory and cpu usage. It is my app, so I can (and expect to need to) add methods or servlets to return the information I want to collect. My question is, what is the best way to make the request to get the data? Would URL request from the monitoring app to the monitored app be appropriate, and then parse the response out for display in a browser? If so, what java class is likely to be useful for this communication? I will have all the information needed to connect to the application instance (server, port, etc), but want it to be portable across OS types. Thanks! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Slow page response time in tomcat 8.0.5
Hello Hariprasad, you could embed moskito webui into your application, annotate your tags with @Monitor and you would see how long they execute and what is the execution path, which tags are called during an http request how often and how long they execute. You can follow this link for more information on the integration: blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/ MoSKito itself: http://www.moskito.org regards Leon On Thu, May 15, 2014 at 7:04 PM, Hariprasad Manchi hariprasad...@gmail.comwrote: Hi, We are trying to use apache-tomcat 8.0.5 for our web application and have encountered performance issue with respect to the page response time. However, once the application is deployed in 8.0.5 we see a longer delay in response time from the server for the login page itself. With older version of tomcat i.e., tomcat 7.x(7.0.53), 6.x(6.0.18) we did not see such delay. We have 270 custom tags defined across 6 tld files in our application and have the tag pooling feature turned off in conf/web.xml (enablepooling is set to false; since this is a requirement for the application we had to turn it off). We tried to root cause the issue and used fidller tool to monitor the requests and response times. The browsers - both IE 11 and Chrome - were firing the requests quickly but were waiting for the response from the server. We do not know what is the actual cause for this delay. We have captured the traffic for both IE and Chrome and could send them if needed. Could you please advise how to proceed to identify the root cause for this delay? Or could you confirm this as already a known issue? Any help would be highly appreciated. We are not clear to which group the question should be posted, hence sending this email to both users and taglib-users email list. Regards, Hariprasad
Test Mail, Please Ignore
I am wondering that I don't see any mails for a whole day on the list, this is pretty unusual, so I try with a TestMail Leon
Re: No activity on tomcat.users since Tues?
I have even checked my email settings. But I've got some mails that google bounces back some of the tomcat-user's emails. I am not sure if its just me or google or the list. regards Leon On Sat, May 10, 2014 at 8:54 PM, Tim Watts t...@cliftonfarm.org wrote: Markmail seems to confirm this but kind of remarkable, huh? I think the user community should get a promotion in recognition of our quantum leap in tomcat problem-solving skills! (Or perhaps everyone's just busy reading the manual?) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: catalina.out is 13G
Hello Randhir, whatever revert means. However, if you remove the file the place will be occupied on most *'nix system until a process restart. You will probably have to restart your server to free this mount point's storage anyway. regards Leon On Tue, Apr 22, 2014 at 4:20 PM, Randhir Singh randhir.si...@sterlite.comwrote: Hi, I have a immediate concern as the mount point on which Tomcat is placed is 99% and on checking I found that catalina.out is 13GB. I wanted to implement a solution for this but am not sure, can I take a backup of catalina.out and truncate catalina.out on the running application? Humbly requesting a revert on an immediate basis on whether I can truncate catalina.out after taking a backup on a running tomcat application. Regards -- *STL Disclaimer:* The content of this message may be legally privileged and confidential and are for the use of the intended recipient(s) only. It should not be read, copied and used by anyone other than the intended recipient(s). If you have received this message in error, please immediately notify the sender, preserve its confidentiality and delete it. Before opening any attachments please check them for viruses and defects. No employee or agent is authorised to conclude any binding agreement on behalf of Sterlite Technologies Limited with another party by email without express written confirmation by authorised person. Visit us at www.sterlitetechnologies.com Please consider environment before printing this email !
Re: Performance - Java Profiler, JVM instrmentation
On Tue, Apr 15, 2014 at 4:51 PM, Shanti Suresh sha...@umich.edu wrote: Greetings, Hello Shanti, Chris' presentation on monitoring Tomcat is really nice work. I found that quite useful. Taking it one step further, could I request some recommendations on how we might profile Java code running inside Tomcat? Often, I am stuck with finding out why an application is slow. It could be a consistent, progressive or a sudden problem. These applications do not expose metrics via MBeans. Say, for e.g., a vendor application which has been heavily customized in-house. Some metrics that I find useful during these times are things like concurrent invocations, stall counts on components, call-stack, response-rate etc. Java Melody has a nice built-in dashboard of metrics. Co-relating metrics like that is powerful and helps isolate relatively easy problems. I find that the metrics skim the surface of more involved problems. In Tomcat, is there a way to go deeper into the performance of the code for root-cause analysis and isolate a section of the code or a flow in the code for troubleshooting? How would one go about getting to that place? Let's say, there is no budget for purchasing tools in that space. I find Chris' example on writing filters to map to URL patterns for response-time metrics relevant. I would also like stall counts, concurrent invocations etc. There are tools that are doing exactly that for about 7 years out now. You can go to http://newrelic.com and get it for as much as 150 USD per server. Or you can get all the same for free from http://www.moskito.org. And more. regards Leon Greatly appreciate your thoughts and opinions. Thanks, -Shanti
Re: Performance - Java Profiler, JVM instrmentation
On Tue, Apr 15, 2014 at 7:58 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Shanti, On 4/15/14, 10:51 AM, Shanti Suresh wrote: Taking it one step further, could I request some recommendations on how we might profile Java code running inside Tomcat? Often, I am stuck with finding out why an application is slow. It could be a consistent, progressive or a sudden problem. These applications do not expose metrics via MBeans. Say, for e.g., a vendor application which has been heavily customized in-house. You need to use a Profiler for that. There are a number of fine Profilers available for Java. I use YourKit because they give free licenses to ASF committers. Hello Chris, et al, last time I tried to use a profile on a production site it killed it within a second. Usually the performance overhead of a profiler is so huge, that you have no chance to run it in production. And real problems do not occur in test labs ;-) Leon
Re: How to monitor performance of tomcat
How about http://www.moskito.org ? It has everything you need including full control of jmx beans, memory management, threads, your beans/pojos/classes, filters, urls, what not... regards Leon On Tue, Apr 8, 2014 at 1:05 PM, Randhir Singh randhir.si...@sterlite.comwrote: We have an application which has JBoss as the application server with Tomcat as the web server, our application has Oracle 11g as the database. I would give some further background to the issue we are facing, since the last 1 1/2 months, the application slows down. Sometimes it comes back to normal, specially on week-ends. But other times we restart JBoss Tomcat to bring back the application to normal. We have been using jconsole to monitor tomcat like jconsole 10.101.17.79:8891 which monitors our tomcat for a work order system. If the memory usage does not show spike and shows constant reading, the GC button is clicked to invoke the garbage collector. I checked out on the net and got some clue as below: 1) Javamelody - It seems to be a 3rd party tool which is not recommended. 2) There is a command mentioned to see the admin console, http://IP:port/ but it is not displaying the required page. Please give your inputs whether jconsole should be a help in the right direction or some other way to monitor the performance of Tomcat. Regards -- *STL Disclaimer:* The content of this message may be legally privileged and confidential and are for the use of the intended recipient(s) only. It should not be read, copied and used by anyone other than the intended recipient(s). If you have received this message in error, please immediately notify the sender, preserve its confidentiality and delete it. Before opening any attachments please check them for viruses and defects. No employee or agent is authorised to conclude any binding agreement on behalf of Sterlite Technologies Limited with another party by email without express written confirmation by authorised person. Visit us at www.sterlitetechnologies.com Please consider environment before printing this email !
Re: The Service Component
Hello, I do use multiple connectors but one service. Multiple connectors to separate user traffic from admin/management traffic. For example if due to overload no threads are available to server http request on the 'main' connector, I still can look into the app, to see what is going on, over my administrative connector. Leon On Fri, Mar 7, 2014 at 5:44 PM, Leo Donahue donahu...@gmail.com wrote: Who uses more than one Service in their server.xml and why? I get that you can have multiple Connectors if you have multiple Service components but why use multiple connectors? Are there any docs on the use cases for these features? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
Hello Leo, On Fri, Mar 7, 2014 at 6:49 PM, Leo Donahue donahu...@gmail.com wrote: On Fri, Mar 7, 2014 at 9:01 AM, Leon Rosenberg rosenberg.l...@gmail.com wrote: Hello, I do use multiple connectors but one service. Multiple connectors to separate user traffic from admin/management traffic. For example if due to overload no threads are available to server http request on the 'main' connector, I still can look into the app, to see what is going on, over my administrative connector. Leon You are just changing the port number then in your administrative connector, in the same Service element? yes: for example Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 / Connector executor=tomcatThreadPool port=8180 protocol=HTTP/1.1 connectionTimeout=2 / I would then point the front loadbalancer to 8080 and keep 8180 accessible from the administration network only. regards Leon - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: sudden increase in tomcat sessions..?
Hello Kumar, can't you just ask your Ops guys to get your the load balancer config? That would be much easier as guessing. Usually you can configure how many samples the load balancer must try to get and what is the timeout. For example if the setting is 3 with timeout of 15 seconds, 3 requests would be send, and after a total of 45 seconds the server would be marked as down and receive no more traffic. But(!) this is subject of the specific configuration of your load balancer. So why not just get it and check? regards Leon On Tue, Feb 11, 2014 at 5:56 PM, Kumar Muthuramalingam kumarkm...@gmail.com wrote: what I mean is if I am supposed to get a response for that Update.jsp file and I didn't get it for a while. Will the load balancer will check for it connectivity? Is there any timeout set for load balancer to get response. Thanks, Kumar. On Tue, Feb 11, 2014 at 8:13 AM, Daniel Mikusa dmik...@gopivotal.com wrote: On Feb 10, 2014, at 7:22 PM, Kumar Muthuramalingam kumarkm...@gmail.com wrote: Before that can you tell me one thing please. Suppose if a page request (eg. /UpdateQuery.JSP) is coming from a load balancer to tomcat and the UpdateQuery.JSP is connected to some third party server. Assume if the tomcat is not getting any reply from the Query server for some seconds. Will the load balancer will send ping requests to tomcat to verify the connection of the application ? I've never seen a load balancer that works like that. Usually they just request a singe resource on a repeating cycle, like every second or two. I guess it really depends on your load balancer though. Dan Thanks Kumar. On Mon, Feb 10, 2014 at 4:21 PM, Daniel Mikusa dmik...@gopivotal.com wrote: On Feb 10, 2014, at 4:07 PM, Kumar Muthuramalingam kumarkm...@gmail.com wrote: Yes its the load balancer. and recently I found in the log that there was a memory leak exception while the tomcat server was restarted.The session increase problem started from this particular date . Could this be a cause for the tomcat to hang up and DOS occurred? Can you include the message you saw? Otherwise it's tough to say. One more question. I see this memory leak exception in only one tomcat catalina log file. I didn't see this in other servers log file. One tomcat can handle 200 sessions. So once if it reaches the limit will the requests will get diverted to other available servers so that the server sessions also will increase? If so how to find that redirection in log file. You'd want to look at how your load balancer is setup. Tomcat just handles the requests that you send to it. If you want to control how requests are delivered to multiple Tomcat servers then you need to do that before the requests hit your Tomcat servers, like with your load balancer. Dan Sorry if I 'm crazy. Thanks, Kumar On Mon, Feb 10, 2014 at 2:19 PM, Daniel Mikusa dmik...@gopivotal.com wrote: On Feb 10, 2014, at 1:59 PM, Kumar Muthuramalingam kumarkm...@gmail.com wrote: Thanks for the reply. I accept this remedy will clear the issue. But my question is how to verify the root cause of this DOS attack that occurred earlier? As previously directed, look at your access logs. That should show you who is requesting this JSP file. If it's your load balancer (or some other trusted IP), then problem solved. Just correct the JSP. If it's a third party then in additional to fixing the JSP, you'll probably want to investigate why they're calling that JSP so much. I suppose you could even go so far as to blocking them with your firewall or a filter, but that's up to you. Dan What ever steps suggested above is to take a precaution or solve the issue. please help me. Thanks, Kumar. On Mon, Feb 10, 2014 at 12:06 PM, Daniel Mikusa dmik...@gopivotal.com wrote: On Feb 10, 2014, at 11:56 AM, Kumar Muthuramalingam kumarkm...@gmail.com wrote: Thanks for your reply. I have 3 applications running under the tomcat and only one application got a ping.jsp file others don't. And also I could see from the access logs that only the application that has got ping.jsp file was pinged others were not. And the sessions are high only for this particular application. Now I got something else in my mind. Is ping.jsp is a mandatory file for tomcat. We got nothing in that ping.jsp. It 's an empty file with %=OK%. Seems like this could be the problem. This JSP file is going to create a session every time you ping it, since JSP files will create a session by default. If you're client, whatever is requesting this JSP, doesn't maintain the session then it'll end up creating a new session every time it requests
Re: sudden increase in tomcat sessions..?
Hello, I think some things are mixed up here. Since you are behind a load balancer, its unlikely that you experience ping (icmp) DoS, at least that it goes through till your server. First, setup access logs in server.xml !-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern=common -- Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=%h %{X-Forwarded-For}i %l %u %t quot;%rquot; %s %b / Note: usually, if the load balancer is configured properly, tomcat will see the IP of the original request. If not, it will be send in a header field (in example X-Forwarded-For). If your load balancer doesn't send a header field - change its configuration to send one, you will need it anyway. Check that the page your loadbalancer uses to check whether tomcat behind is available doesn't create a new session (session=false if its a jsp, don't use request.getSession() if its a servlet). If that doesn't help, download and install moskito following this guide: http://blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-1/ This will allow you to make charts of your sessions, you will see if there are any patterns in session increase/decrease, maybe also together with other values like users or requests. If you have multiple tomcats you can setup moskito-control and put all the sessions from all tomcats into one chart: http://blog.anotheria.net/msk/the-complete-moskito-integration-guide-step-6-moskito-control/ good luck. regards Leon. On Sun, Feb 9, 2014 at 6:22 AM, Kumar Muthuramalingam kumarkm...@gmail.comwrote: Thanks for your reply. What happened actually was there was a sudden increase in invalid sessions as I said before and we manually deleted those sessions using the tomcat manager. And then it appeared to be normal. But then it occurred three times in last two weeks. It' s a production environment. My question is not how to stop some thing so that it could stop the ping requests but I would like to know what could be the cause for it and how can I find the cause? Please help me. Thanks, Kumar. On Sat, Feb 8, 2014 at 9:01 PM, Martin Gainty mgai...@hotmail.com wrote: DOS (Denial of Service) Attack one type is endless ping if someone is running a endless loop of ping attacks on your TC server you can disable ICMP on TC server https://www.serverintellect.com/support/windowsserversecurity/disable-icmp-requests/ DOC attack usually results in TROJ_MDROPPER.* on system NAV and McAfee can detect these malware attachments on Word Docs http://blog.trendmicro.com/trendlabs-security-intelligence/trojanized-doc-files-in-targeted-attack/ HTH Martin Date: Sat, 8 Feb 2014 19:54:32 -0500 Subject: Re: sudden increase in tomcat sessions..? From: kumarkm...@gmail.com To: users@tomcat.apache.org Hi David, Thanks for your reply. How can I verify that it is a DOC attack? which log i should refer.please guide me. Thanks, Kumar. On Sat, Feb 8, 2014 at 7:42 PM, David Kerber dcker...@verizon.net wrote: On 2/8/2014 7:08 PM, Kumar Muthuramalingam wrote: Hi, I 'm using tomcat version 6 and 7. One day there was a sudden increase in number of sessions in both tomcats. And all the sessions had no username, same lastaccessed time, same created time and the inactive time was 00:00:00. It is not happening always but it happens some times on some day. Can't predict. And We have set the idle timeout as -1 because we have to. When I try to dig the log. It showed that the load balancer IP was sending many ping requests to our application. Can anybody tell why this is happening and how can I find the cause? DOS attack? Thanks, Kumar. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat classloader memory leak when an object is stored into session
On Thu, Feb 6, 2014 at 11:58 PM, David Kerber dcker...@verizon.net wrote: On 2/6/2014 3:13 PM, Michal Botka wrote: When an application stores an object into the session and then the application is reloaded using Tomcat Web Application Manager, the classloader cannot be garbage collected. As a result, the OutOfMemoryError: PermGen space error occurs after several reloads. This is true. What is your question? I think the OP states, that this shouldn't be the case. Personally I'm struggling with this one. But since I don't use the reloading anyway I will relax and wait for enlightenment that is sure to come from Chuck ;-) regards Leon
Re: Tomcat classloader memory leak when an object is stored into session
On Fri, Feb 7, 2014 at 12:45 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Leon Rosenberg [mailto:rosenberg.l...@gmail.com] Subject: Re: Tomcat classloader memory leak when an object is stored into session When an application stores an object into the session and then the application is reloaded using Tomcat Web Application Manager, the classloader cannot be garbage collected. As a result, the OutOfMemoryError: PermGen space error occurs after several reloads. I think the OP states, that this shouldn't be the case. Personally I'm struggling with this one. But since I don't use the reloading anyway I will relax and wait for enlightenment that is sure to come from Chuck ;-) Since you insist... Thank you! I knew we can always count on you (now seriously) ;-) best regards Leon Start with the Wiki: http://wiki.apache.org/tomcat/MemoryLeakProtection - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat classloader memory leak when an object is stored into session
On Fri, Feb 7, 2014 at 8:38 AM, Michal Botka mr.bo...@gmail.com wrote: Is there a way how to avoid this leak? I would like to develop an application which can be safely deployed/undeployed without restarting the server. OK, now I know that my application cannot store it's objects into session, but that is very strong requirement which the most of the applications don't meet. Thanks for help. But do you have to serialize your sessions? Switching off session serialization might help. regards Leon 2014-02-06 22:58 GMT+01:00 David Kerber dcker...@verizon.net: On 2/6/2014 3:13 PM, Michal Botka wrote: When an application stores an object into the session and then the application is reloaded using Tomcat Web Application Manager, the classloader cannot be garbage collected. As a result, the OutOfMemoryError: PermGen space error occurs after several reloads. This is true. What is your question? To illustrate the issue, you can find an example below. Thanks in advance :-) 1. The EvilClass class whose instances are stored into the session: public class EvilClass implements Serializable { // Eat 100 MB from the JVM heap to see that the class is not garbage collected protected static final byte[] MEM = new byte[100 20]; private String value; public String getValue() { return value; } public void setValue(String value) { this.value = value; } } 2. Servlet which stores EvilClass instances into session public class TestServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { EvilClass obj = new EvilClass(); obj.setValue(req.getRequestURI()); req.getSession().setAttribute(test, obj); getServletContext().log(Attribute stored to session + obj); } } 3. web.xml part which maps the servlet to an URL servlet servlet-nameTestServlet/servlet-name servlet-classtest.TestServlet/servlet-class /servlet servlet-mapping servlet-nameTestServlet/servlet-name url-pattern/*/url-pattern /servlet-mapping Steps to reproduce the issue: 1. Copy application WAR to the webapps directory. 2. Start Apache Tomcat. 3. Hit TestServlet. 4. Check Heap/PermGen size using Java VisualVM. 5. Reload the application thru Tomcat Web Application Manager. 6. Hit TestServlet again. 7. Perform GC and check Heap/PermGen size again. Environment: Apache Tomcat version: 7.0.50 OS: Windows 7 64 JVM: Java HotSpot(TM) 64-Bit Server VM (23.6-b04, mixed mode) Java: version 1.7.0_10, vendor Oracle Corporation - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Java to JavaScript RMI framework available.
Hello Igor, this looks really promising, I will take a deeper look in next year ;-) Btw, Happy New Year to Everyone ;-) Leon On Tue, Dec 31, 2013 at 1:55 AM, Igor Urisman igor.uris...@gmail.comwrote: Folks, I needed to write this for something I am working on and thought there might be a wider audience for it. Tomcat 8 supports standard compliant Websockets, which provide convenient asynchronous full-duplex server to client data transport. The framework I am offering builds on top of that a feature rich remote method invocation paradigm. Please check it out. https://github.com/iurisman/FERMI Apache 2.0 license. Happy coding. Igor.
Re: [OT] Garbage Collectors
Hello, On Thu, Dec 19, 2013 at 12:11 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I was recently discussing garbage collectors with a friend (yes, an exciting conversation) and I was wondering what the folks in the Tomcat community were using for their garbage collection needs. I'd like to run an informal poll. Feel free to reply to just me directly if you'd like to protect your reputation or not clog the list or to the whole list if you'd prefer. I know there are lots of lurkers on the list who rarely post and I'd encourage them to reply as well even if they don't feel like they are running anything of any importance. I have too many (or consult many) but I will take the most visited. So, here are my questions: 1. What JVM are you using? [ ] Sun/Oracle/OpenJDK Java 1.5 [ ] IBM Java 1.5 [ ] Sun/Oracle/OpenJDK Java 1.6 [ ] IBM Java 1.6 [x] Sun/Oracle/OpenJDK Java 1.7 [ ] IBM Java 1.7 [ ] Sun/Oracle/OpenJDK Java 1.8 [ ] Something else - please specify: 2. What kind of web application are you running? [ ] A toy, a research project, or something with virtually no use [ ] A moderately busy web site (1M requests/mo/server) [ ] A moderately busy web site (10M requests/mo/server) [ ] A busy web site (10M - 100M requests/mo/server) [x] A super-busy web site 3. What is your total heap size? 14 GB 4. Are you explicitly specifying a Garbage Collector? If not, just say so and skip the rest of the questions. CMS + Options 5. What led you to use [GC X] instead of the JVM's default collector? GC pauses 6. Did you do any actual performance testing to see if the switch from the default to [GC X] made any difference? Yes 6. Have you spent a lot of time tuning [GC X]? Yes :-) 7. Did your tuning exercise yield any useful results? 45 sec pauses eliminated 8. Did your users notice any difference after you implemented [GC X], or just your own load-testing team? I assume so, we had servers taken out of the pool by lb due to connection timeouts. If you think there's anything else I should know about your experience with [GC X], please let me know. Well, it changes from version to version, so each new jdk version means start from beginning. Some of the options in Java 6 do not make sense in Java 7 and so on. But in general CMS is my personal choice for low-pause collector, I haven't yet seen working G1. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSsiu1AAoJEBzwKT+lPKRYdAsQAKWytJHCv3Kj8p8vWoDsCgEO LZd6Yq/j8j5uID+UM4pq8FgRN03TmmjujOZaQ769ljZqtd9w+VFf2+zPbt7gPqGI SDFACw+VtQxEmVUDhE4H0tBfz7h7SZ8QOPTyScx384mDAvRzJKaeGPwrbJBogvaW cvyzNtgFDywpNTCjyKT3JLoUfjm+CjLryK6bo3+6I7I3ikhyHVsYZHuls5DG9LNf mYJ2KGOeYN332VcJWaCElLiK2HQrFY+BxfJ+f7mH6ztmq0iawulg8bApUo+vllwD r2Ble1kc0pgwMn4jOoRAP1R9IaFSsPX8a87T1uFtnRS0vdW4BRy6O5xE1wjFQPuq 52jcFf7i5ZiFYIXO1/vWw9FjZ2DBXnjMuEEdPf5laHNXKJIMCnulKOC6W48eS6Rq E7hRa7h+RQ0CVk9Pjp2NGdiPAeRL44LRDWaPWmTH7iXUcaWg2IxC3OXXyezP6aPE 7DrKhW9jjxbQG/H3GXzX9Sptee+osfPUaU6sOND8EYUYLojg6b6XLxfbjLpedrsh eHC1zksbc0WkZxhnXDSPZV4+4y0djC0X+tNX/DPCs/wPpXEqmqeGSXc7sbnXoLYf 49jGRa6pz8MR1da5D78lSCxm407+UNJzbJuGfHFzjYqxjQEULKJTug4Z7Hs0MGne XzAqLyKxfgW0/4P5QzD6 =EFcD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Garbage Collectors
On Thu, Dec 19, 2013 at 12:51 AM, Howard W. Smith, Jr. smithh032...@gmail.com wrote: On Wed, Dec 18, 2013 at 6:11 PM, Christopher Schultz ch...@christopherschultz.net wrote: 3. What is your total heap size? -Xms4096m -Xmx4096m -XX:MaxPermSize=384m (will share this as well, just because) but I think I can change to -Xms/-Xmx1250m, because heap used seem to max out at (+/-)1024m. Don't, GC works best if used heap is half of allowed heap. So keep at least 2G (You know that you can specify 4G instead of 4096M, right? :-)) Leon
[OT] Symantic has a first tomcat worm ;-)
Morning everyone, what can be greater start in the morning as reading about first tomcat worm found by symantec ;-) http://www.symantec.com/connect/blogs/all-your-tomcat-are-belong-bad-guys Enjoy your caffe. Leon
Re: Tomcat restart utility
Hello Vicky, et al, I think the easiest way to give the developers the restart capabilities is to get them ssh access to the user that is running tomcat. This is easy, secure and convenient. regards Leon On Thu, Nov 14, 2013 at 4:50 AM, vicky vicky007aggar...@yahoo.co.in wrote: Thanks Chris, I'm looking for restart capability only. Actually I have dozen of tomcat instances running on Linux machines, I want to give the restart capability to the developers team, can you please explain a bit that how I can achieve that . Many thanks again for responding sharing the knowledge From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, 13 November 2013 7:58 PM Subject: Re: Tomcat restart utility -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Vicky, On 11/13/13, 5:52 PM, vicky wrote: Is there any other tool/utility with which we can do the deployment tomcat restart like PSI-PROBE. I'm having issues with PSI-PROBE ,restart functionality is not available over there following message is coming on restart screen :- This JVM is not controlled by Java Service Wrapper Unable to figure out how to fix this Looks like PsiProbe only allows restart capabilities when you are using jsvc. In any case, using jsvc is probably the easiest way to control your JVM if you intend to make it restartable. If you're on Windows, just use the Windows Service and use the service controller to restart Tomcat. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org/ Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJShC4oAAoJEBzwKT+lPKRYUCIP/3+Mcq+8a1Nve4OUWQrMkKsz EqRwgFDuCdHLwiqBoDFQDufiH3cKOL2h19FVPopNkf6eA4lnZjZF9bjGaPH7W/m7 dLF53o1eeeDdFHYLvuO4I5ysJ5a3csx9VgCk7R+GHrw09z8LWsU3rS5pU4EyEy4i cbQo00h21Q2PlYZElRj35pCnQzVz1FmpDNqQ802gxyzDXDaexQQEnjEz/yMUg7VG 2d0igYnzu2Llzc2isNIdvbHb9FjpIJn713P1C093jAEOYtKUPwjvBn98QH7EJMvL 61QSKx85g+QT+r4k2BJ9MrqQ6BB90NojIYYfNdc8SySM7WRcNJvanGAuoPI0+uka MSZby7pji7UqIr/eLWNid42yJ57DJ0zbnaBHjkXH31QPwn3MWBZEwfAnI55ixyAJ +M9ZnjeNRxNRJoUjd/t5Amn4eB/Tv6tD2Sk1DTr5vZ2EWYi1mmp6CAAL6yjf1W2+ nc2UhTwz3s0yNXiIQOfGI4jUpuoMZ0vJDFnkqyWOeMUjBhmLeAG9fF8xDuU2Uvhs Y8mfZjGdY6l+WxWfvrgMbrsindQ30RoNBxE+g3rLOEWC3AxV0W3l4Hg7l5MZ9b7H qx2GWZ5zCDbsHhwtS9N4qX2cxXtxVb7BlZegLh33CiCsyCU54OuY1rqUzK0E2xFC dSvhXBb6CNNaW5rljS38 =3Bpd -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] [Fwd: TomEE Professional Support]
I got it too. I think its easier to delete and forget it, as to debate about it. ;-) regards Leon On Wed, Nov 13, 2013 at 2:15 PM, André Warnier a...@ice-sa.com wrote: Hi. I got the following email in my personal email inbox. Isn't there some rule, or at least some matter of self-control, in not using email addresses collected on this list for commercial promotion ? Original Message From: - Wed Nov 13 13:48:37 2013 X-Mozilla-Status: 0001 X-Mozilla-Status2: Return-Path: bounce-mc.us3_22715643.227889-aw=ice-sa.com@mail173. us4.mcsv.net X-Original-To: a...@ice-sa.com Delivered-To: andre.warn...@ice-sa.com Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=205.201.128.173; helo=mail173.us4.mcsv.net; envelope-from=bounce-mc.us3_22715643.227889-aw=ice-sa.com@ mail173.us4.mcsv.net; receiver=a...@ice-sa.com Received: from mail173.us4.mcsv.net (mail173.us4.mcsv.net[205.201.128.173]) by tor.combios.es (Postfix) with ESMTP id DCFAB3C0AD2 for a...@ice-sa.com; Wed, 13 Nov 2013 13:48:25 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d= mail173.us4.mcsv.net; h=Subject:From:Reply-To:To:Date:Message-ID:List- Unsubscribe:Sender:Content-Type:MIME-Version; i=gurkanerdogdu=3Dyahoo.com@ mail173.us4.mcsv.net; bh=Mxp5nGTBAhJ4tiDlAEgNxpJYWwM=; b=Ocyx3ymgzmK11vA3/+524g885jWe0hlVlLQwFLGw052EepxX/u3JqrGTIZv6+afps8yWKhHqpMRz DR1JqSg9JPIfmn6xVzPvr5X/5Ve5g78ZKmZm5BmxmCRNyqB4fIc5+iLuIas31KKRImjm5cpEh8P5 RAauIo5RquVVHcBgVbU= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d= mail173.us4.mcsv.net; b=BmLvRK7R5zl2/VRFdLZ09BJy50nOQFBXLcUoHLPQqfO o7DkgQbmi8Ug7bwNHNpotAwBLuXBIp2sW w8nzt6XeIcHys59itcvcLBKCt6zoR1 vBv1RFw1OMSwlwuilV8u0zcNtNcav+LdWoW8zAnksyWOWL /knOPWkSMr9PbtPhtB4=; Received: from (127.0.0.1) by mail173.us4.mcsv.net id hgdqg0174lg1 for a...@ice-sa.com; Wed, 13 Nov 2013 12:47:58 + (envelope-from bounce-mc.us3_22715643.227889-aw=ice-sa@mail173.us4.mcsv.net) Subject: TomEE Professional Support From: Apache TomEE Support gurkanerdo...@yahoo.com Reply-To: Apache TomEE Support gurkanerdo...@yahoo.com To: a...@ice-sa.com Date: Wed, 13 Nov 2013 12:47:58 + Message-ID: 9781cf0ccdac7604f1f7fd52ea052bfdbb3.20131113124746@mail173. us4.mcsv.net X-Mailer: MailChimp Mailer - **CID105b909b64a052bfdbb3** X-Campaign: mailchimp9781cf0ccdac7604f1f7fd52e.105b909b64 X-campaignid: mailchimp9781cf0ccdac7604f1f7fd52e.105b909b64 X-Report-Abuse: Please report abuse for this campaign here: http://www.mailchimp.com/abuse/abuse.phtml?u=9781cf0ccdac7604f1f7fd52eid= 105b909b64e=a052bfdbb3 X-MC-User: 9781cf0ccdac7604f1f7fd52e x-accounttype: ff List-Unsubscribe: mailto:unsubscribe-9781cf0ccdac7604f1f7fd52e- 105b909b64-a052bfd...@mailin1.us2.mcsv.net?subject=unsubscribe, http://blogspot.us3.list-manage.com/unsubscribe?u= 9781cf0ccdac7604f1f7fd52eid=b75a8245a1e=a052bfdbb3c=105b909b64 Sender: Apache TomEE Support gurkanerdogdu=yahoo.com@ mail173.us4.mcsv.net x-mcda: FALSE Content-Type: multipart/alternative; boundary=_--=_MCPart_ 1458955636 MIME-Version: 1.0 20% off TomEE Support from Java EE Guru Gurkan Erdogdu. He really knows Apache Tomcat, TomEE and related Java EE projects in source code level! Email not displaying correctly? View it in your browser (http://us3.campaign-archive1.com/?u= 9781cf0ccdac7604f1f7fd52eid=105b909b64e=a052bfdbb3) . ** Support for Apache TomEE (http://blogspot.us3.list- manage1.com/track/click?u=9781cf0ccdac7604f1f7fd52eid= bceee0c9bae=a052bfdbb3) Funs BUY NOW (http://blogspot.us3.list-manage.com/track/click?u= 9781cf0ccdac7604f1f7fd52eid=6a24f4ee0ee=a052bfdbb3) ** TomEE Support : 20% Off ** professional TomEE Support with NO HIDDEN COST! divimg src=http://blogspot.us3.list-manage.com/qr/coupon?e= a052bfdbb3data=eyJjaWQiOiIxMDViOTA5YjY0IiwidW lkIjoiOTc4MWNmMGNjZGFjNzYwNGYxZjdmZDUyZSIsImNvZGUiOiIzYzE0OT g3NDIxIiwidGV4dCI6IjIwJSBvZmYgMSBUb21FRSBTdXBwb3J0IiwidGlkIj oiOTcxMDJlZDgyNiIsInVzZXMiOjF9s=2 alt=20% off 1 TomEE Support title=20% off 1 TomEE Supporta href=http://9781cf0ccdac7604f1f7fd52e. 105b909b64.list-manage.com/3c14987421 alt= style=display:none;margin- left:-px;/a/div http://blogspot.us3.list-manage.com/track/click?u= 9781cf0ccdac7604f1f7fd52eid=909133d7cde=a052bfdbb3 ** TomEE Support Discount Would you like to get Apache TomEE professional support from Java EE guru with no hidden cost! As a founder of the project Apache OpenWebBeans and several other big Java EE projects, Gurkan Erdogdu knows the Apache Tomcat and TomEE and related projects in source code level. For initial subscribers, we will apply 20% discount.
Re: Tomcat Monitoring - Thread usage - currentThreadCount or currentThreadBusy
Hello Vikram, if you are working on a monitoring solution for tomcat I suggest you take a look at moskito: http://www.moskito.org. regards Leon On Thu, Aug 15, 2013 at 3:42 AM, Vikram Jain rahulvi...@gmail.com wrote: Hi Team, I'm Vikram Jain. My first query to Tomcat user group, looking forward to hear from you. :) I am working on Tomcat monitoring solution for a project and when it comes to monitoring 'Thread usage', I am wondering whether I should be comparing 'currentThreadCount' or 'currentThreadBusy' attribute against 'maxThread' to generate an alert. Is currentThreadBusy the actual represntation of the activeThread count ? If currentThreadCount increases when there is an increase in need of request processing threads and once the requests are processed, whether the currentThreadCount drops ? Please assist. If you find it relevant, please also update the docs to the benefit of other users :) Regards, Vikram
Re: javaagent is messing with webapp classpath
Hello, yes, your java agent is probably not well coded :-) regards Leon On Thu, Aug 1, 2013 at 8:33 PM, Alberto SOUZA alots@gmail.com wrote: Hi, I have a javaagent that changes some specific classes of my project. But, when i start the server using the agent I get a lot of ClassNotFoundException for a lot of classes... Like ServletContextListener. When I don't use the javaagent argument everything goes fine. Does anyone have an idea? Thanks!!
Re: Tomcat and IP transparency
Hello Joan, I fear I have to disappoint you. If I understand you correctly you want to manipulate the packets on the IP level, setting the source ip address to the ip address of the originator of the packet, similar to what a loadbalancer would do. It is possible technically, but it's a very different kind of soup compared to http proxy and really hard to implement in java, just because native access to the network interface isn't something java was made for. And since it's not unfamiliar to the attack vector known as IP Spoofing, it will only work in close distance (network-wise). But last time I was programming something on ip leveI is about 15 years ago, so I may be wrong. However, you other side, should be able to retrieve the contents of the X-FORWARDED-FOR header and return it in the getRemoteAddress call to its application. At least tomcat would do. So the question is, how much access do you have to your blackbox? If you have access to the machine you could do it with apache httpd and mod_proxy or mod_proxy_ajp. If not I would ask the provider of the blackbox, how they handle proxies in general (and if they do it at all). I they support some kind of proxy behavior, all you need to do is mimic one, if not... well find another provider ;-) It sounds a bit like SEO, and there are a lot of SEO providers with better tech ;-) regards Leon On Wed, Jul 31, 2013 at 9:04 PM, Joan Balagueró Ventus Proxy joan.balagu...@ventusproxy.com wrote: Hello, I already asked this question to the Apache HttpClient Forum. They don't know if this is possible with java/Tomcat. I have developed a proxy servlet with an xml cache, running in a Tomcat 6.0.37 on Linux Centos6.4. When the incoming xml request (sent from an external client) is not found in the proxy cache, I use HttpClient 4.2.5 to create a new http request and redirect it to the provider application servers to get the xml response. So far, everything worked ok with all our clients. But now we've a provider that needs ip transparency. Then, the request created by httpclient needs to carry the origin ip address (that from the external client), not the proxy ip. My proxy gets correctly the external IP (using request.getRemoteAddr()), but when the provider application reads the IP provided by the http client using request.getRemoteAddr(), they obviously get the proxy IP. The provider software is a blackbox, then reading ips with 'request.getRemoteAddr()' is something that they cannot change now. Therefore, things like adding a 'X-Forwarded-for' header cannot be implemented in this scenario. Is it possible tot achieve this at Tomcat level? Has anyone found an scenario like this? Thanks in advance, Joan.
Re: Multiple instances of Tomcat 7.0 on one server
Hello Mr. Random, as usual there is no easy answer here. I think the most correct answer would be RATHER NOT. There is rather no performance to be gained but running multiple instances of the same app in multiple tomcats on the same physical machine except for: * you need a lot of heap per session. In this case you will probably be able to save gc time and performance. So in case you need more than 12 Gb Heap separation would make sense. * you have multiple physical resources your app can't use properly. For example if you could give each instance its own database or its own file system. * you have concurrency issues in your application. Drawbacks: - Database. If you have one. You will have more connections and evtl. more locks. And both are limited resources. If you want a more detailed answer, you should tell us a bit about your app. Or, better, you start to monitor your app, run one physical server with one instance and another one with two and compare. By using a monitoring tool like moskito: http://www.moskito.org. regards Leon On Fri, Jul 19, 2013 at 7:37 PM, Tomcat Random tomcat.ran...@gmail.comwrote: We currently are setting a site that receives fairly heavy traffic (5000 simultaneous users). We have two physical servers. As a general idea, is there performance to be gained by running multiple instances of Tomcat 7.0? For example, two instances on one physical server and two instances on the other physical server? Assume all are running the same webapp. TIA
Re: JSP in Static Resources
Hello Alireza, what exactly was wrong with putting contentType=text/css;charset=UTF-8 on top of your css-jsps? Actually each page should have content-type, so why not the css jsps? Leon On Sun, Jul 14, 2013 at 12:43 PM, Alireza Fattahi afatt...@yahoo.comwrote: Well, If we want to follow up that post , then we should belive that: Setting the mime type is not working for css So we should use other ways to solve it. Is that true?! ~Regards, ~~Alireza Fattahi From: André Warnier a...@ice-sa.com To: Tomcat Users List users@tomcat.apache.org Sent: Sunday, 14 July 2013, 12:00 Subject: Re: JSP in Static Resources Alireza Fattahi wrote: Guys please concentrate on the main issue !! I believe that the main issue was already answered thoroughly by Konstantin earlier. Did you not read it ? I ask again: When you set jsp servlet to process the css files by adding: servlet-mapping servlet-namejsp/servlet-name url-pattern*.css/url-pattern /servlet-mapping The tomcat does not set the CSS file extension mime type to text/css. Although below line is set in localhost-config/web.xml mime-mapping extensioncss/extension mime-typetext/css/mime-type /mime-mapping When you manually set the content mime type %@page contentType=text/css % every thing will work fine ~Regards, ~~Alireza Fattahi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Monitoring Tomcat - In-depth details
Hello, check http://www.moskito.org out. MoSKito is an open source project that has been around since 2007. It supports most of the things you mentioned except byte-code instruction yet (an agent is currently in development, but its not that easy to implement ;-)). But you can integrate it along spring-bean, cdi-beans with decorators, filters, java proxies etc pp. Check https://confluence.opensource.anotheria.net/display/MSK/Integration+Guidefor details. regards Leon P.S. Feel free to ask directly or on moskito mailing list for support. On Tue, Jul 2, 2013 at 4:11 PM, Shanti Suresh sha...@umich.edu wrote: All, For lack of funds initially and now for a stalemate in the project, we do not have a JVM monitoring tool yet. JavaMelody was recently discussed. I like the fact that there is a dashboard and history of metrics. In looking at it, I find JavaMelody lacking in in-depth diagnostics of the JVM. Top-N SQL statements, Transaction Tracing, metrics co-relation, call-back tree, thresholds and alerting are a few. Are there are any OpenSource projects that instrument the JVM at byte-code and provide detailed metrics more than what JMX offers? Or am I missing something with JavaMelody? Thanks! -Shanti
Re: Exeptions after upgrading to tomcat 7
Hello Manuel, On Sat, May 25, 2013 at 10:41 PM, Manuel LeNormand manuel.lenorm...@gmail.com wrote: Hello all, I have a Solr instance running on a Tomcat 6 servlet, everything worked fine. While upgrading to Tomcat 7.0.34, I get exceptions I'm having a hard time to deal with. Two kind of exceptions occur on shutdown of service: 1. Memory leak due to threads that do not close - I understand it is not severe, and maybe on previous version was not monitored. Still, is there anything that is done on the servlet side that might resolve it, and what might be sides effects of this? Remove following lines from server.xml: !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / They do no good unless you are hotdeploying new versions of wars in running production servers, and no one does that ;-) regards Leon 2. Instance of MBeans that cannot be destroyed - btw, the MBean instance is initiated under CATALINA_OPTS. Thanks in advance, Manuel Here are the LOGS: INFO: A valid shutdown command was received via the shutdown port. Stopping the Server instance. May 13, 2013 4:22:32 PM org.apache.coyote.AbstractProtocol pause INFO: Pausing ProtocolHandler [http-bio-8080] May 13, 2013 4:22:32 PM org.apache.coyote.AbstractProtocol pause INFO: Pausing ProtocolHandler [ajp-bio-8009] May 13, 2013 4:22:32 PM org.apache.catalina.core.StandardService stopInternal INFO: Stopping service Catalina May 13, 2013 4:22:35 PM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/solr] appears to have started a thread named [localhost-startStop-1-SendThread(zookeeper2:2181)] but has failed to stop it. This is very likely to create a memory leak. May 13, 2013 4:22:35 PM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/solr] appears to have started a thread named [localhost-startStop-1-EventThread] but has failed to stop it. This is very likely to create a memory leak. May 13, 2013 4:22:35 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks SEVERE: The web application [/solr] created a ThreadLocal with key of type [org.apache.solr.schema.DateField.ThreadLocalDateFormat] (value [org.apache.solr.schema.DateField$ThreadLocalDateFormat@19c212b0]) and a value of type [org.apache.solr.schema.DateField.ISO8601CanonicalDateFormat] (value [org.apache.solr.schema.DateField$ISO8601CanonicalDateFormat@6b2ed43a]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. May 13, 2013 4:22:35 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks SEVERE: The web application [/solr] created a ThreadLocal with key of type [org.apache.solr.schema.DateField.ThreadLocalDateFormat] (value [org.apache.solr.schema.DateField$ThreadLocalDateFormat@19c212b0]) and a value of type [org.apache.solr.schema.DateField.ISO8601CanonicalDateFormat] (value [org.apache.solr.schema.DateField$ISO8601CanonicalDateFormat@6b2ed43a]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. May 13, 2013 4:22:35 PM org.apache.coyote.AbstractProtocol stop INFO: Stopping ProtocolHandler [http-bio-8080] May 13, 2013 4:22:35 PM org.apache.coyote.AbstractProtocol stop INFO: Stopping ProtocolHandler [ajp-bio-8009] May 13, 2013 4:22:35 PM org.apache.coyote.AbstractProtocol destroy INFO: Destroying ProtocolHandler [http-bio-8080] May 13, 2013 4:22:35 PM org.apache.coyote.AbstractProtocol destroy INFO: Destroying ProtocolHandler [ajp-bio-8009] May 13, 2013 4:22:35 PM org.apache.catalina.util.LifecycleMBeanBase unregister WARNING: Failed to unregister MBean with name [Catalina:type=Executor,name=tomcatThreadPool] during component destruction javax.management.InstanceNotFoundException: Catalina:type=Executor,name=tomcatThreadPool at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean(Unknown Source) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.exclusiveUnregisterMBean(Unknown Source) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.unregisterMBean(Unknown Source) at com.sun.jmx.mbeanserver.JmxMBeanServer.unregisterMBean(Unknown Source) at org.apache.catalina.util.LifecycleMBeanBase.unregister(LifecycleMBeanBase.java:194) at org.apache.catalina.util.LifecycleMBeanBase.destroyInternal(LifecycleMBeanBase.java:73) at org.apache.catalina.core.StandardThreadExecutor.destroyInternal(StandardThreadExecutor.java:150) at org.apache.catalina.util.LifecycleBase.destroy(LifecycleBase.java:305) at
Re: Exeptions after upgrading to tomcat 7
On Sun, May 26, 2013 at 3:14 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Leon Rosenberg [mailto:rosenberg.l...@gmail.com] Subject: Re: Exeptions after upgrading to tomcat 7 Remove following lines from server.xml: !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / This is akin to burying one's head in the sand. It would be much better to fix the actual problem by shutting down the auxiliary thread with an appropriate listener. Sloppy programming should not be encouraged. Chuck, with all respect, this is easier said than done. First we are talking about a ThreadLocal, not Thread. It's tomcat who shuts the threads done due to shutdown, not the app and not the library. Now what is the negative impact of leaving a not-cleaned-up ThreadLocal? - Memory footprint? Well, we are talking about few small objects, if the app has millions of threads it probably has other problems. - Garbage? Yes, but not more than any other Thread variable, it will be collected by the GC once the Thread is collected. - Reentrance? Any lib or code that uses ThreadLocals should initialize them properly. On the other hand efforts to clean it up. You have to provide your own mechanism to clean up ThreadLocals someone else created, because most libs aren't written for redeployment and simple don't care. If they did, they would provide cleanup interfaces to their libs, making them harder to use, but what for? Cleaning ThreadLocals up is a bit like writing destructors. Further, where is the safe place to actually clean up a ThreadLocal The same you created it? So if you want to ensure that you have your threadlocal where you need it, you would set it up in filter, before chain.doFilter() and clean it up in the finally block? Wait, what about forwarded calls? They do not pass a filter, so your code would have to care how it's been called. So RequestListener remains and it will surely have it gotcha's too ;-) All in one, a lot of hustle and bustle, and what for? To clean up 200 bytes faster? Maybe I'm missing something here, but I never seen how ThreadLocal does real harm, neither I can imagine it, please enlighten me ;-) regards Leon - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Monitoring Tomcat - Delta Values
Hello Shanti, On Fri, May 3, 2013 at 10:57 PM, Shanti Suresh sha...@umich.edu wrote: I am interested in trending of the metrics - so data for four months, let's say. - Does moskito have a way of storing data? yes it does: https://confluence.opensource.anotheria.net/display/MSK/MoSKito+Central https://confluence.opensource.anotheria.net/display/MSK/HowTo+Run+moskito-central+in+embedded+mode - What time-interval granularity have people found useful with JMX, without overloading the servers? I collect some JMX stats in 1 minute intervals, but really would like every second. every second is maybe a little overkill, but possible. What amount of traffic does your application serve, that you need so detailed data? regards Leon Thanks. -Shanti
Re: getting the request that created the session
Hello Andre, On Mon, Apr 29, 2013 at 10:13 AM, André Warnier a...@ice-sa.com wrote: Leon, I apologise for insisting, but your initial post said : Background, I want to count sessions by top level domains... Yes, but @Runtime. Means that I want to know how many sessions from each tld are active _now_. Parsing http log continuously and instantly would be an overkill in my opinion. And I don't see a way to see a session expiry in access log ;-) kind regards Leon
Re: getting the request that created the session
On Mon, Apr 29, 2013 at 3:49 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Leon, So your initial implementation was a Filter that marked each HttpSession with the origin IP address (so you could get the TLD of the user) and then a Listener to keep track of the sessions? What's wrong with that? It seemed to complicated. I now could strip it down to 1 file, that is both HttpSession and ServletRequest- Listener: http://svn.anotheria.net/opensource/moskito/trunk/moskito-web/java/net/anotheria/moskito/web/session/SessionByTldListener.java The drawback is, I can count only from second request, because the session is created later. And I don't want to create sessions on all requests. I'm thinking about moving (duplicating) the call in requestDestroyed. Output for http://localhost:8080/moskitodemo/mui/mskShowAllProducers: Request 1 created /moskitodemo/mui/mskShowAllProducers Session created 4B842C774B30EE7886CC7243758C7D38 Request 2 created /moskitodemo/mui/mskCSS Session? true Session 4B842C774B30EE7886CC7243758C7D38 new? true Request 3 created /moskitodemo/img/moskito_webui_logo.gif Session? true Session 4B842C774B30EE7886CC7243758C7D38 new? true Request 4 created /moskitodemo/js/wz_tooltip.js Session? true Session 4B842C774B30EE7886CC7243758C7D38 new? true Request 5 created /moskitodemo/js/jquery-1.4.min.js Session? true Session 4B842C774B30EE7886CC7243758C7D38 new? true Request 6 created /moskitodemo/js/function.js Session? true Session 4B842C774B30EE7886CC7243758C7D38 new? true Request 6 destroyed /moskitodemo/js/function.js Request 5 destroyed /moskitodemo/js/jquery-1.4.min.js Request 4 destroyed /moskitodemo/js/wz_tooltip.js Request 3 destroyed /moskitodemo/img/moskito_webui_logo.gif That does appear a little odd to me. Can you show an HTTP protocol trace of that interaction? I'd be interested to see what request was what and exactly what it held (and whether they were keepalives, etc.). The request that occur simultaneously in chrome(only) are pictures and js, replied with 304: 1. Request URL: http://localhost:8080/moskitodemo/js/wz_tooltip.js 2. Request Method: GET 3. Status Code: 304 Not Modified 4. Request Headersview source 1. Accept: */* 2. Accept-Encoding: gzip,deflate,sdch 3. Accept-Language: en-US,en;q=0.8 4. Cache-Control: max-age=0 5. Connection: keep-alive 6. Cookie: JSESSIONID=71474A695869D2494E2135CBCEAF 7. Host: localhost:8080 8. If-Modified-Since: Sat, 27 Apr 2013 21:49:44 GMT 9. If-None-Match: W/35082-1367099384000 10. Referer: http://localhost:8080/moskitodemo/mui/mskShowAllProducers 11. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.65 Safari/537.36 5. Response Headersview source 1. Date: Mon, 29 Apr 2013 14:24:36 GMT 2. ETag: W/35082-1367099384000 3. Server: Apache-Coyote/1.1 Even, the requests are keepalived they look to me as if they were executed parallel. At least from the chrome timeline. But its hard to tell without further investigation. You can check yourself: http://server04.test.anotheria.net:8080/moskitodemo/mui/mskShowAllProducers The TestListener code: http://svn.anotheria.net/opensource/moskito/trunk/moskito-web/java/net/anotheria/moskito/web/session/TestListener.java regards Leon - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRfnpjAAoJEBzwKT+lPKRYp1AP/15ijJOAxMkT8ZvVLm3r8jb8 w30OVaIOerFINsE3DL74mngd8pcNR/d2SQoYkMLM3oT42Z/p/Qufy9sLfuti9vkR RAYq9Q0PUmUGTGilWL3eraEqPfXUo1ZVQrC3W9MyvzGraq1sIaJqqWb8fm/N3z9d n0LHenBcjmt8OfySFWSQ8uTfSjdE+KhO0Nqca0sMIUQsGjbrklVwgkyJ8F+auLaY CwS4gSR7I6i785ITNu2XHnGeQLQRonYPTQHiXueEniBKbvCQp4In4antwpPVihrO 2oTUHP2eORe+WvRrUzHDkuZRFhXIHKI5NWuN7HtLsy0xLDgZVJRBys78GI0ulCrG M1KYEpkQFXgHFCZdV3foRkW9XNcCBKdX4ExjZcjoE1pLL2yk5sAePrWeYNS9Bfv0 JKLwdI8J+ofnmJc2ZJazYmA+Ig7PAG74sa02j3izEuRV8B4saUc7mJvUkXusc/qC +qxwQY779ucf77LCY5OIvN/KZU1NOsrDrIrUYyFgjK5m8r7PIvRg8l77z1Bh74na n70/3dTNWmYC1w5WW1WLEUyXJXcrPeQsijWbfnoY8sBvVvLbxOvb/w5dU7WiwxdD 3wxOYNc4TQoaAVsoMS9xs1V1+llxVZXDW/cJeBlgotCNoZNYk8MAZhsuHw1PkyqF FgADHu45Qxy/bKZbEN7S =HgoD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org