Persistance on Tomcat 8.0 and Cluster
Hello, I have to build a two node failover cluster with 2 tomcats 8.0.15 servers. This cluster is on AWS Cloud, so technical we cannot use Mulicast etc. so we have to use Persistance stored the Session information in a database. The application was in grails and was delivered as a war file tot he tomcat. But what I get is this error message in the nodes: WARNING [localhost-startStop-1] org.apache.catalina.ha.tcp.SimpleTcpCluster.registerManager Manager [ org.apache.catalina.session.PersistentManager[]] does not implement ClusterManager, addition to cluster has been aborted. In the global /conf/context.xml is this: Resource name=jdbc/sessions auth=Container type=javax.sql.DataSource username=username password=password driverClassName=net.sourceforge.jtds.jdbc.Driver url=jdbc:jtds:Sqlserver://sqlservername:1433/databasename_sessioncontainer; maxActive=1000 maxIdle=30 maxWait=3600 validationQuery=select 1 removeAbandoned=true removeAbandonedTimeout=60/ Manager className=org.apache.catalina.session.PersistentManager distributable=true processExpiresFrequency=3 saveOnRestart=true minIdleSwap=1800 maxIdleSwap=3600 maxInactiveInterval=3600 maxIdleBackup=0 Store className=org.apache.catalina.session.JDBCStore dataSourceName=jdbc/sessions sessionAppCol=app_name sessionDataCol=session_data sessionIdCol=session_id sessionLastAccessedCol=last_access sessionMaxInactiveCol=max_inactive sessionTable=tomcat_sessions sessionValidCol=valid_session / /Manager And in server.xml we use globally: Inside the engine tag Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 /Cluster What do we wrong? Greetings Alexander
AW: Persistance on Tomcat 8.0 and Cluster
Hello Daniel, That you for your reply. You mean, that session persistance was enabled and a failover was recordnized by the loadbalancer and the session was still available on the remaining node? Thank you. -Ursprüngliche Nachricht- Von: Daniel Mikusa [mailto:dmik...@pivotal.io] Gesendet: Freitag, 27. Februar 2015 14:21 An: Tomcat Users List Betreff: Re: Persistance on Tomcat 8.0 and Cluster On Fri, Feb 27, 2015 at 8:15 AM, Alexander Diedler adied...@tecracer.de wrote: Hello, I have to build a two node failover cluster with 2 tomcats 8.0.15 servers. This cluster is on AWS Cloud, so technical we cannot use Mulicast etc. so we have to use Persistance stored the Session information in a database. The application was in grails and was delivered as a war file tot he tomcat. But what I get is this error message in the nodes: WARNING [localhost-startStop-1] org.apache.catalina.ha.tcp.SimpleTcpCluster.registerManager Manager [ org.apache.catalina.session.PersistentManager[]] does not implement ClusterManager, addition to cluster has been aborted. In the global /conf/context.xml is this: Resource name=jdbc/sessions auth=Container type=javax.sql.DataSource username=username password=password driverClassName=net.sourceforge.jtds.jdbc.Driver url=jdbc:jtds:Sqlserver://sqlservername:1433/databasename_sessioncontainer; maxActive=1000 maxIdle=30 maxWait=3600 validationQuery=select 1 removeAbandoned=true removeAbandonedTimeout=60/ Manager className=org.apache.catalina.session.PersistentManager distributable=true processExpiresFrequency=3 saveOnRestart=true minIdleSwap=1800 maxIdleSwap=3600 maxInactiveInterval=3600 maxIdleBackup=0 Store className=org.apache.catalina.session.JDBCStore dataSourceName=jdbc/sessions sessionAppCol=app_name sessionDataCol=session_data sessionIdCol=session_id sessionLastAccessedCol=last_access sessionMaxInactiveCol=max_inactive sessionTable=tomcat_sessions sessionValidCol=valid_session / /Manager And in server.xml we use globally: Inside the engine tag Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 /Cluster What do we wrong? If you're using session persistence like a DB to share your sessions across multiple nodes, you don't need the Cluster / tag. That's only necessary if you're replicating sessions directly between your cluster nodes. Dan Greetings Alexander
AW: Persistance on Tomcat 8.0 and Cluster
Hello Christian, The minimum requirement was tob e redirected to a working node after the current node where I am on are failing. - This was covered by a Loadbalancer whicht is doing health checks. The maximum of user friedly was to be stayed logged in into the failover node and not to have re-login into the application. Best regards Alexander -Ursprüngliche Nachricht- Von: Christopher Schultz [mailto:ch...@christopherschultz.net] Gesendet: Freitag, 27. Februar 2015 15:39 An: Tomcat Users List Betreff: Re: Persistance on Tomcat 8.0 and Cluster -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 2/27/15 9:24 AM, Daniel Mikusa wrote: On Fri, Feb 27, 2015 at 8:35 AM, Alexander Diedler adied...@tecracer.de wrote: Hello Daniel, That you for your reply. You mean, that session persistance was enabled and a failover was recordnized by the loadbalancer and the session was still available on the remaining node? No. I'm just talking about your configuration. You have two conflicting things configured. 1.) You have a session store created. This is going to store your sessions into the database. It's *not* clustering (at least by the definition Tomcat uses), but can be an effective way to share sessions across multiple Tomcat instances. 2.) You have a cluster defined. This is going to tell Tomcat to replicate session data directly between your Tomcat nodes. As you pointed out previously, this can be problematic on AWS where they don't support multicast. It's also conflicting with #1, which is what the error you reported is telling you. In short, remove the Cluster/ tag, the error should go away. Are you sure that's best? If the goal is uninterrupted fail-over, then perhaps using the BackupManager or DeltaManager with static membership is the better strategy. I guess the real question is for the OP: do you need clustering (i.e. session replication between nodes) or is it okay if a user has to login again and possibly re-start a workflow if they get failed-over to another node? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU8IGMAAoJEBzwKT+lPKRY5SQQAIPfDPyKNssUyEOJw5ouA9Qw 7chcfdhWVjiF83ecdXbZSxzS9hRi0l4pNdXVmU/LLQGNGfg+idtusrrG+fa4A4iE xrs36Wt5DCN2+ejCFlWbrW1Ixk58DTLVdXMJ+F67QTIEp59MmKpGOdTXWlWKs8HI Xgpq8hEJPMJbaUcEPu87iJbLviVoeWJD9i0TEeA/dcjdl0sR+WdH/VGBtS0TaAkX ZMaR0Tkp/Fx4hLWUwe2s5QFrQ6n8Mpeggr76owXuSSD2+J0PYPkezs/ctvssn7OJ YhHWPV5OQ52/YY3FFI5e8pEJZeX2D+FT+XS0CzI7EKsJ+UD9RgU/RVRv/iuKnLA9 GImVr2aAAycCnqGZzDyOrMpO0MfHw9SqLttLdliX8HI383WODYNbrKoON6KaAQRK MSwqbZ/YJcDczXVjzHxJZnggvhg2IYupQ89quSpf47kKL6bBw3607feiURegvSd5 +xiONk3OifRDbcEv/Q3fGwU5rMYzPaf3f/6Jx0/j9jq/ijVKDUI0fvkqaZnCAev4 o7p67AT6iyH31haRtLL72XFWm6/63hLXQ94qecOKyneAxu8/eWh+ajltAi28mMbk GFI4iqQCcij9gjcGX++dDoNoe9qGsDj5ZIhVTWXC4hEnsZF64yQG+KHJ+Gss9JV7 rbRTDWfS/YlVI/sBMiUz =KZKi -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Persistance on Tomcat 8.0 and Cluster
Hello, Thanks for your ideas and best practises. This solution is for a bank and this peoples are very reserved about hip technologies. The only goal ist o have High Availability, not load balancing. So we put the session information in a different Microsoft SQL 2008 database, that is independent from the application database. Best regards Alexander -Ursprüngliche Nachricht- Von: Daniel Mikusa [mailto:dmik...@pivotal.io] Gesendet: Freitag, 27. Februar 2015 16:01 An: Tomcat Users List Betreff: Re: Persistance on Tomcat 8.0 and Cluster On Fri, Feb 27, 2015 at 9:39 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 2/27/15 9:24 AM, Daniel Mikusa wrote: On Fri, Feb 27, 2015 at 8:35 AM, Alexander Diedler adied...@tecracer.de wrote: Hello Daniel, That you for your reply. You mean, that session persistance was enabled and a failover was recordnized by the loadbalancer and the session was still available on the remaining node? No. I'm just talking about your configuration. You have two conflicting things configured. 1.) You have a session store created. This is going to store your sessions into the database. It's *not* clustering (at least by the definition Tomcat uses), but can be an effective way to share sessions across multiple Tomcat instances. 2.) You have a cluster defined. This is going to tell Tomcat to replicate session data directly between your Tomcat nodes. As you pointed out previously, this can be problematic on AWS where they don't support multicast. It's also conflicting with #1, which is what the error you reported is telling you. In short, remove the Cluster/ tag, the error should go away. Are you sure that's best? My intent was just to answer the question that was asked. I was trying to stay out of this part of the discussion :) If the goal is uninterrupted fail-over, then perhaps using the BackupManager or DeltaManager with static membership is the better strategy. +1 I generally prefer session replication and if static membership will work I'd agree that's the way to go. Sometimes that is tricky on AWS because the IP addresses can change, then your config needs updated and it can get messy. On the subject of what's better, when using a shared storage approach for sessions you'd probably want to go with Redis or Memcached and not a JDBC backed store. Performance should be much better. Dan I guess the real question is for the OP: do you need clustering (i.e. session replication between nodes) or is it okay if a user has to login again and possibly re-start a workflow if they get failed-over to another node? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU8IGMAAoJEBzwKT+lPKRY5SQQAIPfDPyKNssUyEOJw5ouA9Qw 7chcfdhWVjiF83ecdXbZSxzS9hRi0l4pNdXVmU/LLQGNGfg+idtusrrG+fa4A4iE xrs36Wt5DCN2+ejCFlWbrW1Ixk58DTLVdXMJ+F67QTIEp59MmKpGOdTXWlWKs8HI Xgpq8hEJPMJbaUcEPu87iJbLviVoeWJD9i0TEeA/dcjdl0sR+WdH/VGBtS0TaAkX ZMaR0Tkp/Fx4hLWUwe2s5QFrQ6n8Mpeggr76owXuSSD2+J0PYPkezs/ctvssn7OJ YhHWPV5OQ52/YY3FFI5e8pEJZeX2D+FT+XS0CzI7EKsJ+UD9RgU/RVRv/iuKnLA9 GImVr2aAAycCnqGZzDyOrMpO0MfHw9SqLttLdliX8HI383WODYNbrKoON6KaAQRK MSwqbZ/YJcDczXVjzHxJZnggvhg2IYupQ89quSpf47kKL6bBw3607feiURegvSd5 +xiONk3OifRDbcEv/Q3fGwU5rMYzPaf3f/6Jx0/j9jq/ijVKDUI0fvkqaZnCAev4 o7p67AT6iyH31haRtLL72XFWm6/63hLXQ94qecOKyneAxu8/eWh+ajltAi28mMbk GFI4iqQCcij9gjcGX++dDoNoe9qGsDj5ZIhVTWXC4hEnsZF64yQG+KHJ+Gss9JV7 rbRTDWfS/YlVI/sBMiUz =KZKi -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Basic auth and spring security
Hello, I have a question to combine the usage of an application wih spring security inside and a JavaMelody monitoring, that should be protected with basc auth credentials from tomcat-users.xml. At the moment, although we have defined a filter for /monitoring in the web.xml of JMelody, we get the basic authentication box in the application, that uses the spring framework with security. How we can get both running ? Best regards Alexander Diedler
Multiple Tomcats on the Machine
Hello We have three instances of Tomcat on a Windows Server and want to access on every instance several applications through the Manager app. In every /Catalina/[hostname]/manager.xml is Context docBase=${catalina.home}/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false /Context Could it be a problem, that the catalina.home only can point to one location and this could occour some errors? What is the best practices? Alex smime.p7s Description: S/MIME cryptographic signature
mod_jk connection timeouts
Hello all, We have a new cluster with 2 servers. Every server contains 2 instances of Tomcat 6.0.32. Every node has an Aapche 2.2.21 installed an mod_jk is configured. In front of the these cluster there is a hardware loadbalancer cluster for HA. Several times we get in the status manager of the mod_jk, that one or more worker get the state ERR, and then they get back. In the mod_jk log there are entries like (worker2) Tomcat is down. or (worker1) connection to Tomcat failed. But these worker are locally on the same server as the mod_jk! More stupid is, that the mod_jk of the other node don´t recordnized, that the node on the other physical server is down. Is there a big bug in my config? In server.xml of Node 1 / TC1 Membership Address:228.0.0.4 Bind:172.30.5.78 (local IP of the server) Port: 45564 Frequency:500 dropTime:3000 Receiver Address:172.30.5.78 Port:4000 autoBind=100 selectorTimeout:5000 maxThreads:6 In server.xml Node 1 / TC2 Membership Address:228.0.0.4 Bind:172.30.5.78 (local IP of the server) Port: 45574 Frequency:500 dropTime:3000 Receiver Address:172.30.5.78 Port:4000 autoBind=100 selectorTimeout:5000 maxThreads:6 In server.xml Node 2 / TC 1 Membership Address:228.0.0.4 Bind:172.30.5.77 (local IP of the server) Port: 45564 Frequency:500 dropTime:3000 Receiver Address:172.30.5.77 Port:4000 autoBind=100 selectorTimeout:5000 maxThreads:6 In server.xml / Node 2 / TC 2 Membership Address:228.0.0.4 Bind:172.30.5.77 (local IP of the server) Port: 45574 Frequency:500 dropTime:3000 Receiver Address:172.30.5.77 Port:4000 autoBind=100 selectorTimeout:5000 maxThreads:6 worker.properties: # List the workers name worker.list= loadbalancer,loadbalancertc,jkstatus,worker3,worker4,worker11,worker12 worker.maintain= 60 # # First worker - LB # worker.worker1.port=8010 worker.worker1.host=172.30.5.78 worker.worker1.type=ajp13 worker.worker1.lbfactor=100 worker.worker1.route=worker1 worker.worker1.connection_pool_timeout=600 worker.worker1.activation=active # # Second worker - LB # worker.worker2.port=8010 worker.worker2.host=172.30.5.77 worker.worker2.type=ajp13 worker.worker2.lbfactor=100 worker.worker2.route=worker2 worker.worker2.connection_pool_timeout=600 worker.worker2.activation=active # # Third worker - Standalone # worker.worker3.port=8010 worker.worker3.host=172.30.5.77 worker.worker3.type=ajp13 worker.worker3.lbfactor=100 worker.worker3.activation=active # # fourth worker - Standalone # worker.worker4.port=8010 worker.worker4.host=172.30.5.78 worker.worker4.type=ajp13 worker.worker4.lbfactor=100 worker.worker4.activation=active # # sixth worker TC2010 - LB # worker.worker6.port=8012 worker.worker6.host=172.30.5.78 worker.worker6.type=ajp13 worker.worker6.lbfactor=100 worker.worker6.activation=active worker.worker6.route=worker6 worker.worker6.connection_pool_timeout=600 # # seventh worker TC3110 - LB # worker.worker7.port=8012 worker.worker7.host=172.30.5.77 worker.worker7.type=ajp13 worker.worker7.lbfactor=100 worker.worker7.activation=active worker.worker7.route=worker7 worker.worker7.connection_pool_timeout=600 ##BBMAGK0 # # eleventh worker TC2010 - Standalone # worker.worker11.port=8012 worker.worker11.host=172.30.5.78 worker.worker11.type=ajp13 worker.worker11.lbfactor=100 worker.worker11.activation=active ##BBMAGK1 # # twelfth worker TC2010 - Standalone # worker.worker12.port=8012 worker.worker12.host=172.30.5.77 worker.worker12.type=ajp13 worker.worker12.lbfactor=100 worker.worker12.activation=active # -- # Load Balancer worker # -- worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=worker1,worker2 worker.loadbalancer.sticky_session=true worker.loadbalancer.sticky_session_force=false worker.loadbalancer.method=Request worker.loadbalancer.retries=5 worker.loadbalancer.secret=t # -- # Load Balancer worker tc # --
AW: mod_jk Avoid loadbalancing
Hello, Yes, it was an option to solve my problem. But what about the performance? My opinion was to forward only necessary requests to the Tomcat (jsp, java etc) and let the Apache HTTPD deliver the static content (CSS,JS,Images etc). Best regards Alexander -Ursprüngliche Nachricht- Von: Pid [mailto:p...@pidster.com] Gesendet: Dienstag, 15. November 2011 12:41 An: Tomcat Users List Betreff: Re: mod_jk Avoid loadbalancing On 14/11/2011 10:42, Alexander Diedler wrote: Hello It is possible in a three node TC 6.0 / TC7.0 Cluster to avoid the loadbalancing between these three nodes? We only need the session replication. The Loadbalancing with failover will be done by a Big-IP F5, so we don´t need a double balanced request, first time by the HW-balancer and second time by the Apache mod_jk himself. So don't put httpd+mod_jk in front - just point the F5 at the Tomcats. p -- [key:62590808] smime.p7s Description: S/MIME cryptographic signature
Include NEtwork path into Tomcat - urgent
Hello, I have a Tomcat 6.0 application, that references their pictures as http://www.test.de/pictures/test.png. /pictures is a network path on a storage, so I try to make it as a Context within the server.xml Host Tag Context path=/pictures docBase=\\storage\share\pictures / but it throws a 404 error if I test it. Has somebody any idea to get out of this troube? Greetings Alexander smime.p7s Description: S/MIME cryptographic signature
AW: Include NEtwork path into Tomcat - urgent
Hello, This is no option, this solution means, that the windows session must still remain opened with a logged in user. Alex -Ursprüngliche Nachricht- Von: Ilya Kazakevich [mailto:ilya.kazakev...@jetbrains.com] Gesendet: Dienstag, 15. November 2011 14:32 An: 'Tomcat Users List' Betreff: RE: Include NEtwork path into Tomcat - urgent Not sure Java IO supports windows UNC. Try to do the following: 1) mount this share as disk: (in cmd type net use z: \\storage\share\pictures) 2) configure tomcat to work with z:\ Ilya Kazakevich, Developer JetBrains Inc http://www.jetbrains.com http://www.jetbrains.com/ Develop with pleasure! _ From: Alexander Diedler [mailto:adied...@tecracer.de] Sent: Tuesday, November 15, 2011 5:27 PM To: users@tomcat.apache.org Subject: Include NEtwork path into Tomcat - urgent Hello, I have a Tomcat 6.0 application, that references their pictures as http://www.test.de/pictures/test.png. /pictures is a network path on a storage, so I try to make it as a Context within the server.xml Host Tag Context path=/pictures docBase=\\storage\share\pictures / but it throws a 404 error if I test it. Has somebody any idea to get out of this troube? Greetings Alexander smime.p7s Description: S/MIME cryptographic signature
AW: Include NEtwork path into Tomcat - urgent
Yes, http://www.test.de/pictures/test.png throws 404 error. Alex -Ursprüngliche Nachricht- Von: Daniel Mikusa [mailto:dmik...@vmware.com] Gesendet: Dienstag, 15. November 2011 15:13 An: Tomcat Users List Betreff: RE: Include NEtwork path into Tomcat - urgent Not sure Java IO supports windows UNC. A quick test worked for me. I was able to list the contents of a SMB share on my network. Windows XP, Java 1.6.0_29. public class Test { public static void main(String[] args) { for (String fileName : new File(server\\share).list()) { System.out.println(fileName); } } } Maybe try running a quick test like this from your machine? but it throws a 404 error if I test it. How are you testing it? Are you directly accessing a file on that share or are you trying to get a directory listing? By default, Tomcat will not display a directory listing (it'll display a 404 error). Dan On Tue, 2011-11-15 at 05:48 -0800, Ilya Kazakevich wrote: You need user ssesion to access windows station via SMB anyway. You can set this script as log in script using group policies in windows for the user your tomcat runs as. Ilya Kazakevich, Developer JetBrains Inc http://www.jetbrains.com Develop with pleasure! -Original Message- From: Alexander Diedler [mailto:adied...@tecracer.de] Sent: Tuesday, November 15, 2011 5:39 PM To: Tomcat Users List Subject: AW: Include NEtwork path into Tomcat - urgent Hello, This is no option, this solution means, that the windows session must still remain opened with a logged in user. Alex -Ursprüngliche Nachricht- Von: Ilya Kazakevich [mailto:ilya.kazakev...@jetbrains.com] Gesendet: Dienstag, 15. November 2011 14:32 An: 'Tomcat Users List' Betreff: RE: Include NEtwork path into Tomcat - urgent Not sure Java IO supports windows UNC. Try to do the following: 1) mount this share as disk: (in cmd type net use z: \\storage\share\pictures) 2) configure tomcat to work with z:\ Ilya Kazakevich, Developer JetBrains Inc http://www.jetbrains.com http://www.jetbrains.com/ Develop with pleasure! _ From: Alexander Diedler [mailto:adied...@tecracer.de] Sent: Tuesday, November 15, 2011 5:27 PM To: users@tomcat.apache.org Subject: Include NEtwork path into Tomcat - urgent Hello, I have a Tomcat 6.0 application, that references their pictures as http://www.test.de/pictures/test.png. /pictures is a network path on a storage, so I try to make it as a Context within the server.xml Host Tag Context path=/pictures docBase=\\storage\share\pictures / but it throws a 404 error if I test it. Has somebody any idea to get out of this troube? Greetings Alexander - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: mod_jk Avoid loadbalancing
Hello, I want to avoid, that Level1 LB routes to HTTPD1 and HTTPD1 (on same server as TC1) also balance to TC2 on level 2. So the next request from Level 1 go to HTTD2 (on same server as TC2) and so I have double load on the same server. Or is my understanding not right? If a Tomcat (TC3) give up.. the Level 1 LB should recordnized that and should redirect only to the functional Tomcats. The Failover functionality should be provided only by the Level 1 LB. -Ursprüngliche Nachricht- Von: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Gesendet: Dienstag, 15. November 2011 16:01 An: 'Tomcat Users List' Betreff: RE: mod_jk Avoid loadbalancing Alexander - From reading your emails, it sounds like you have the following setup F5 HW-balancer | / \ / \ Level 1 balancing / \ HTTPD1 HTTPD2 | | Level 2 balancing | | | TC1 TC2TC3 Is that correct? You state that you want to eliminate Level 2. However, from a performance standpoint, why would you? Without the Level 2 balancing, it is conceivable that one of the 3 Tomcats could end up processing the bulk the JSP requests. However, Pid is correct. If you are worried about performance, you could drop the HTTPD servers and balance directly to the Tomcat servers. Tomcat is just as fast at delivering static content as HTTPD, and it simplifies deployment. Jeff -Original Message- From: Alexander Diedler [mailto:adied...@tecracer.de] Sent: Tuesday, November 15, 2011 5:56 AM To: Tomcat Users List; p...@pidster.com Subject: AW: mod_jk Avoid loadbalancing Hello, Yes, it was an option to solve my problem. But what about the performance? My opinion was to forward only necessary requests to the Tomcat (jsp, java etc) and let the Apache HTTPD deliver the static content (CSS,JS,Images etc). Best regards Alexander -Ursprüngliche Nachricht- Von: Pid [mailto:p...@pidster.com] Gesendet: Dienstag, 15. November 2011 12:41 An: Tomcat Users List Betreff: Re: mod_jk Avoid loadbalancing On 14/11/2011 10:42, Alexander Diedler wrote: Hello It is possible in a three node TC 6.0 / TC7.0 Cluster to avoid the loadbalancing between these three nodes? We only need the session replication. The Loadbalancing with failover will be done by a Big-IP F5, so we don´t need a double balanced request, first time by the HW-balancer and second time by the Apache mod_jk himself. So don't put httpd+mod_jk in front - just point the F5 at the Tomcats. p -- [key:62590808] __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
mod_jk Avoid loadbalancing
Hello It is possible in a three node TC 6.0 / TC7.0 Cluster to avoid the loadbalancing between these three nodes? We only need the session replication. The Loadbalancing with failover will be done by a Big-IP F5, so we don´t need a double balanced request, first time by the HW-balancer and second time by the Apache mod_jk himself. Best regards Alexander smime.p7s Description: S/MIME cryptographic signature
mod_jk - Browser displays HTML Sourcecode
Hello, Something goes wrong. I have a Apache 2.2.1 with mod_jk and a Tomcat 6.0.32. So if I connect to the website http://www.test.de/ everything is ok, site was displayed. If I try to access http://www.test.de/xyz i get the source code from the site it should be displayed, but it was not rendered by the browser. If I connect to the tomcat directly with port 8080, the sites will be delivered fine to the browser. In the Apache access log: xxx.xxx.214.145 - - [08/Nov/2011:14:44:08 +0100] GET / HTTP/1.1 200 23281 ##OK xxx.xxx.214.145 - - [08/Nov/2011:14:44:11 +0100] GET /go/VV4QB69WO9F01A9KGBSYVGNVGHY6T95J HTTP/1.1 200 88572##Not ok, sorcecode displayed. In the virtual-host.conf: ## Tomcatanbindung JkMount /* loadbalancer JkOptions +ForwardURICompatUnparsed AllowEncodedSlashes On Greetings Alexander smime.p7s Description: S/MIME cryptographic signature
AW: mod_jk - Browser displays HTML Sourcecode
Hello That most probably means that the URL mappings for mod_jk are not correct, and that Apache httpd is serving that content directly. Look at (or show here) the JkMount lines that should be somewhere in your Apache configuration. Was attached in the post: JkMount /* loadbalancer So everything would be served by tomcat. At a second level, it also means that you are doing something that is really not recommended : allow Apache httpd access to the Tomcat application directories. That bypasses any security that you may have in Tomcat. Your current problem is a perfect example : Apache now shows the source code of your JSP pages. Hopefully there is no secret password in there. Test : (http://www.test.de/xyz)/WEB-INF/web.xml Yes you are right, I can read the web.xml from the browser. How we can avoid it? Greetings Alexander In the Apache access log: xxx.xxx.214.145 - - [08/Nov/2011:14:44:08 +0100] GET / HTTP/1.1 200 23281 ##OK xxx.xxx.214.145 - - [08/Nov/2011:14:44:11 +0100] GET /go/VV4QB69WO9F01A9KGBSYVGNVGHY6T95J HTTP/1.1 200 88572##Not ok, sorcecode displayed. In the virtual-host.conf: ## Tomcatanbindung JkMount /* loadbalancer JkOptions +ForwardURICompatUnparsed AllowEncodedSlashes On Greetings Alexander - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: AW: mod_jk - Browser displays HTML Sourcecode
Ok, But would be the better way (of life) for this? HTTPD vhost.conf: VirtualHost 192.168.100.40:80 ServerAdmin xxx@yyy DocumentRoot D:/www/apps/app1/ROOT Directory D:/www/apps/app1/ROOT Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all /Directory ... /VirtualHost Server.xml: Host name=app1 appBase= D:/www/apps/app1/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=app1_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host ROOT.xml in /conf/ ?xml version=1.0 encoding=UTF-8? Context docBase= D:/www/apps/app1/ROOT privileged=true reloadable=true unpackWAR=true antiJARLocking=true Resource name=jdbc/jTDS auth=Container type=javax.sql.DataSource maxActive=100 maxIdle=30 maxWait=1 username=xxx password=xxx removeAbandoned=true removeAbandonedTimeout=60 logAbandoned=true driverClassName=net.sourceforge.jtds.jdbc.Driver url=jdbc:jtds:sqlserver://db:1433/;charset=UTF-8 / /Context Greetings Alexander -Ursprüngliche Nachricht- Von: Pid [mailto:p...@pidster.com] Gesendet: Dienstag, 8. November 2011 16:21 An: Tomcat Users List Betreff: Re: AW: mod_jk - Browser displays HTML Sourcecode On 08/11/2011 15:12, Alexander Diedler wrote: Hello That most probably means that the URL mappings for mod_jk are not correct, and that Apache httpd is serving that content directly. Look at (or show here) the JkMount lines that should be somewhere in your Apache configuration. Was attached in the post: JkMount /* loadbalancer So everything would be served by tomcat. At a second level, it also means that you are doing something that is really not recommended : allow Apache httpd access to the Tomcat application directories. +1 I'd go further: *never* publish a Tomcat application docBase as an HTTPD DocumentRoot. That bypasses any security that you may have in Tomcat. Your current problem is a perfect example : Apache now shows the source code of your JSP pages. Hopefully there is no secret password in there. Test : (http://www.test.de/xyz)/WEB-INF/web.xml Yes you are right, I can read the web.xml from the browser. How we can avoid it? Don't publish a Tomcat application docBase as an HTTPD DocumentRoot. Simples. p Greetings Alexander In the Apache access log: xxx.xxx.214.145 - - [08/Nov/2011:14:44:08 +0100] GET / HTTP/1.1 200 23281 ##OK xxx.xxx.214.145 - - [08/Nov/2011:14:44:11 +0100] GET /go/VV4QB69WO9F01A9KGBSYVGNVGHY6T95J HTTP/1.1 200 88572##Not ok, sorcecode displayed. In the virtual-host.conf: ## Tomcatanbindung JkMount /* loadbalancer JkOptions +ForwardURICompatUnparsed AllowEncodedSlashes On Greetings Alexander - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] smime.p7s Description: S/MIME cryptographic signature
Cluster - No faulty members identified
Hello @ll, I have two Tomcat instances (6.0.32 x64 on Windows) on the same server. Both servers make their own clustering with the other physical node independent from each other on the same machine. I get during start of the 2nd Tomcat on the same node the following error: INFO: Receiver Server Socket bound to:/172.30.5.77:4001 04.11.2011 13:32:37 org.apache.catalina.tribes.membership.McastServiceImpl setupSocket INFO: Attempting to bind the multicast socket to /228.0.0.4:45574 04.11.2011 13:32:37 org.apache.catalina.tribes.membership.McastServiceImpl setupSocket INFO: Binding to multicast address, failed. Binding to port only. 04.11.2011 13:32:37 org.apache.catalina.tribes.membership.McastServiceImpl setupSocket INFO: Setting multihome multicast interface to:/178.30.5.77 04.11.2011 13:32:37 org.apache.catalina.ha.tcp.SimpleTcpCluster start SCHWERWIEGEND: Unable to start cluster. org.apache.catalina.tribes.ChannelException: java.net.SocketException: The requested address is not valid in its context; No faulty members identified. What could it be?? Here server.xml from the first tomcat: [.] Engine name=Catalina defaultHost=extranet jvmRoute=worker2 Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 bind=172.30.5.77 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector / Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15In terceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster [.] And here the second tomcat: [.] Engine name=Catalina defaultHost=localhost jvmRoute=worker7 Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 bind=178.30.5.77 port=45574 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector / Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15In terceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/
AW: AW: ISAPI Redicect - Request Entitiy too large
Yes, that´s it. We changed the size to 12k and everything works fine. It is a lot tricky, that the default value is not fitting in a default environment. Thanks to all for your help. BR Alex -Ursprüngliche Nachricht- Von: cjder...@gmail.com [mailto:cjder...@gmail.com] Im Auftrag von chris derham Gesendet: Mittwoch, 5. Oktober 2011 12:53 An: Tomcat Users List Betreff: Re: AW: ISAPI Redicect - Request Entitiy too large Alexander, If you are using authorisation header, then you are using SPNGEO. This header encodes the users group membership in the authorisation header. By default tomcat has an 8k maximum header, whilst users belonging to many groups can have an authorisation token that can swell to larger than this size. This explains why you see some people can login and others can't. Just change the maxHttpHeaderSize to something larger than the default 8k and you should be set. We used 32k Chris smime.p7s Description: S/MIME cryptographic signature
Preferred configuration with Hardware Loadbalancer
Hello, I am just planning a Application cluster for Tomcat. We have a big hardware loadbalancer (Cisco) and three virtual servers. We talked about several configurations, but it is not clear for us, how to build a Tomcat cluster, with Failover and Session-Replication, but without Loadbalancing? E.g. the LB redirect the request to node 1. The Apache Webserver redirects the request to node2. So we have a double load-balancing, what ne would avoid. Best regards Alexander smime.p7s Description: S/MIME cryptographic signature
AW: Preferred configuration with Hardware Loadbalancer
Hello, I mean a frontend Apache httpd and backend Tomcat server. Loadbalancing would be done by a hardware load balancer fronted to the Apache Webserver, so we should not balance the request two times. It should be only a Failovercluster. Best regards Alexander -Ursprüngliche Nachricht- Von: Ronald Klop (Mailing List) [mailto:ronald-mailingl...@base.nl] Gesendet: Donnerstag, 6. Oktober 2011 10:44 An: Tomcat Users List Betreff: Re: Preferred configuration with Hardware Loadbalancer What do you mean by Apache Webserver? Do you mean Apache Tomcat or Apache httpd? And do you want Failover (active-passive) or Loadbalancing (active-active)? Ronald. Op donderdag, 6 oktober 2011 10:36 schreef Alexander Diedler adied...@tecracer.de: Hello, I am just planning a Application cluster for Tomcat. We have a big hardware loadbalancer (Cisco) and three virtual servers. We talked about several configurations, but it is not clear for us, how to build a Tomcat cluster, with Failover and Session-Replication, but without Loadbalancing? E.g. the LB redirect the request to node 1. The Apache Webserver redirects the request to node2. So we have a double load-balancing, what ne would avoid. Best regards Alexander smime.p7s Description: S/MIME cryptographic signature
AW: Securing Tomcat cluster communication
Hello, Please search for secret in http://tomcat.apache.org/connectors-doc/reference/workers.html Only requests from members with the same secret word will be acceped. Greetings Alexander -Ursprüngliche Nachricht- Von: Afkham Azeez [mailto:afk...@gmail.com] Gesendet: Donnerstag, 6. Oktober 2011 16:18 An: Tomcat Users List Betreff: Securing Tomcat cluster communication Hi folks, Is there a way to do authentication in Tribes when new members try to join a cluster so that unauthorized nodes cannot join in? Also, when clustering messages are sent back forth, how do we ensure security? Thanks Azeez smime.p7s Description: S/MIME cryptographic signature
ISAPI Redicect - Request Entitiy too large
Hello @ll, I have installed a new Windows 2008 R2 x64 Server with IIS7 and Tomcat 6.0.32 x64 Edition. We use SSO Authentication from IIS to the Tomcat. Suddenly, we got on some clients, but not on every client (that´s stupid!) the following error: Request Entity Too large! The HTTP method does not allow the data transmitted, or the data volume exceeds the capacity limit. Jakarata/ISAPI/isapi_redirector/1.2.32 () The isapi.log contains the following messages in debug mode: [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] find_match::jk_uri_worker_map.c (863): Found a wildchar match '/jci/*=worker1' [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] HttpFilterProc::jk_isapi_plugin.c (1978): check if [/jci/] points to the web-inf directory [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] HttpFilterProc::jk_isapi_plugin.c (1994): [/jci/] is a servlet url - should redirect to worker1 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] HttpFilterProc::jk_isapi_plugin.c (2034): fowarding escaped URI [/jci/] [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] wc_maintain::jk_worker.c (339): Maintaining worker worker1 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3022): Reading extension header HTTP_TOMCATWORKER00018000: worker1 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3023): Reading extension header HTTP_TOMCATWORKERIDX00018000: 3 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3024): Reading extension header HTTP_TOMCATURI00018000: /jci/ [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3025): Reading extension header HTTP_TOMCATQUERY00018000: (null) [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3085): Applying service extensions [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Connection : Keep-Alive [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Content-Length : 0 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept : */* [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept-Encoding : gzip, deflate [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept-Language : de-DE [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Host : b0621s008 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header User-Agent : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727) [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3344): Service protocol=HTTP/1.1 method=GET host=fe80::3d83:4ce1:6ac:83dd%11 addr=fe80::3d83:4ce1:6ac:83dd%11 name=b0621s008 port=80 auth=Negotiate user=DOMAIN\USERNAME uri=/jci/ [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3356): Service request headers=8 attributes=0 chunked=no content-length=0 available=0 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] wc_get_worker_for_name::jk_worker.c (116): found a worker worker1 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] HttpExtensionProc::jk_isapi_plugin.c (2228): got a worker for name worker1 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] ajp_get_endpoint::jk_ajp_common.c (3161): acquired connection pool slot=0 after 0 retries [Fri Sep 30 15:06:08.460 2011] [3456:1540] [error] ajp_marshal_into_msgb::jk_ajp_common.c (469): failed appending the header value [Fri Sep 30 15:06:08.460 2011] [3456:1540] [info] ajp_service::jk_ajp_common.c (2431): Creating AJP message failed, without recovery [Fri Sep 30 15:06:08.460 2011] [3456:1540] [error] HttpExtensionProc::jk_isapi_plugin.c (2261): service() failed with http error 413 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] ajp_reset_endpoint::jk_ajp_common.c (807): (worker1) resetting endpoint with socket -1 (socket shutdown) [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] ajp_done::jk_ajp_common.c (3078): recycling connection pool slot=0 for worker worker1 smime.p7s Description: S/MIME cryptographic signature
AW: ISAPI Redicect - Request Entitiy too large
Hello, We use the IIS integrated (Windows) domain authentication, which is passed to the Tomcat and then we check the given String with our user database in the app and if username and password match, the user was automatically logged in (SSO). Greetings Alexander -Ursprüngliche Nachricht- Von: André Warnier [mailto:a...@ice-sa.com] Gesendet: Mittwoch, 5. Oktober 2011 10:15 An: Tomcat Users List Betreff: Re: ISAPI Redicect - Request Entitiy too large Alexander Diedler wrote: Hello @ll, I have installed a new Windows 2008 R2 x64 Server with IIS7 and Tomcat 6.0.32 x64 Edition. We use SSO Authentication from IIS to the Tomcat. Which SSO mechanism ? Suddenly, we got on some clients, but not on every client (that´s stupid!) the following error: Request Entity Too large! which does look strange, considering that there is a Content-length: 0 header below. It looks a bit as if a HTTP *header* in the request was too large. Repeat question : can you be a bot more specific about the authentication mechanism used ? Also, if you can determine a difference, what is the difference between the clients where it happens, and the ones where it does not ? The HTTP method does not allow the data transmitted, or the data volume exceeds the capacity limit. Jakarata/ISAPI/isapi_redirector/1.2.32 () The isapi.log contains the following messages in debug mode: [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] find_match::jk_uri_worker_map.c (863): Found a wildchar match '/jci/*=worker1' [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] HttpFilterProc::jk_isapi_plugin.c (1978): check if [/jci/] points to the web-inf directory [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] HttpFilterProc::jk_isapi_plugin.c (1994): [/jci/] is a servlet url - should redirect to worker1 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] HttpFilterProc::jk_isapi_plugin.c (2034): fowarding escaped URI [/jci/] [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] wc_maintain::jk_worker.c (339): Maintaining worker worker1 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3022): Reading extension header HTTP_TOMCATWORKER00018000: worker1 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3023): Reading extension header HTTP_TOMCATWORKERIDX00018000: 3 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3024): Reading extension header HTTP_TOMCATURI00018000: /jci/ [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3025): Reading extension header HTTP_TOMCATQUERY00018000: (null) [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3085): Applying service extensions [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Connection : Keep-Alive [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Content-Length : 0 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept : */* [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept-Encoding : gzip, deflate [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept-Language : de-DE [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Host : b0621s008 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header User-Agent : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727) [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3344): Service protocol=HTTP/1.1 method=GET host=fe80::3d83:4ce1:6ac:83dd%11 addr=fe80::3d83:4ce1:6ac:83dd%11 name=b0621s008 port=80 auth=Negotiate user=DOMAIN\USERNAME uri=/jci/ [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3356): Service request headers=8 attributes=0 chunked=no content-length=0 available=0 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] wc_get_worker_for_name::jk_worker.c (116): found a worker worker1 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] HttpExtensionProc::jk_isapi_plugin.c (2228): got a worker for name worker1 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] ajp_get_endpoint::jk_ajp_common.c (3161): acquired connection pool slot=0 after 0 retries [Fri Sep 30 15:06:08.460 2011] [3456:1540] [error
AW: AW: ISAPI Redicect - Request Entitiy too large
::jk_isapi_plugin.c (1978): check if [/jci/] points to the web-inf directory [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] HttpFilterProc::jk_isapi_plugin.c (1994): [/jci/] is a servlet url - should redirect to worker1 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] HttpFilterProc::jk_isapi_plugin.c (2034): fowarding escaped URI [/jci/] [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] wc_maintain::jk_worker.c (339): Maintaining worker worker1 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3022): Reading extension header HTTP_TOMCATWORKER00018000: worker1 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3023): Reading extension header HTTP_TOMCATWORKERIDX00018000: 3 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3024): Reading extension header HTTP_TOMCATURI00018000: /jci/ [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3025): Reading extension header HTTP_TOMCATQUERY00018000: (null) [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3085): Applying service extensions [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Connection : Keep-Alive [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Content-Length : 0 [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept : */* [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept-Encoding : gzip, deflate [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept-Language : de-DE [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Host : b0621s008 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header User-Agent : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727) [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3344): Service protocol=HTTP/1.1 method=GET host=fe80::3d83:4ce1:6ac:83dd%11 addr=fe80::3d83:4ce1:6ac:83dd%11 name=b0621s008 port=80 auth=Negotiate user=EUBATT\bamelas uri=/jci/ [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] init_ws_service::jk_isapi_plugin.c (3356): Service request headers=8 attributes=0 chunked=no content-length=0 available=0 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] wc_get_worker_for_name::jk_worker.c (116): found a worker worker1 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] HttpExtensionProc::jk_isapi_plugin.c (2228): got a worker for name worker1 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] ajp_get_endpoint::jk_ajp_common.c (3161): acquired connection pool slot=0 after 0 retries [Fri Sep 30 15:06:08.460 2011] [3456:1540] [error] ajp_marshal_into_msgb::jk_ajp_common.c (469): failed appending the header value [Fri Sep 30 15:06:08.460 2011] [3456:1540] [info] ajp_service::jk_ajp_common.c (2431): Creating AJP message failed, without recovery [Fri Sep 30 15:06:08.460 2011] [3456:1540] [error] HttpExtensionProc::jk_isapi_plugin.c (2261): service() failed with http error 413 [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] ajp_reset_endpoint::jk_ajp_common.c (807): (worker1) resetting endpoint with socket -1 (socket shutdown) [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] ajp_done::jk_ajp_common.c (3078): recycling connection pool slot=0 for worker worker1 -Ursprüngliche Nachricht- Von: André Warnier [mailto:a...@ice-sa.com] Gesendet: Mittwoch, 5. Oktober 2011 11:44 An: Tomcat Users List Betreff: Re: AW: ISAPI Redicect - Request Entitiy too large Addendum : can you increase the log level of isapi_redirect on the IIS server, and try again ? it may show us a bit more about what is happening. André Warnier wrote: Alexander Diedler wrote: Hello, We use the IIS integrated (Windows) domain authentication, which is passed to the Tomcat and then we check the given String with our user database in the app and if username and password match, the user was automatically logged in (SSO). Ok, basically thanks. I just wanted to know if the NTLM authentication dialog could explain some extra-large headers. But in this case, apparently not, since the authentication dialog happens between the browser and IIS, and should not even be seen in Tomcat. (Apart from the final Authorization: header). One item in your above explanation does not fit : username and password cannot be. There is no way that the IIS
AW: AW: Multiple Tomcat Servers connect to IIS
Hello, Yes thanks, with adding the vHost Name it works with one exception. I cannot access the Manager App. I get a auth Window, the credentials are correct, but I do not get into the Manager App. Uriworkermap.properties: /manager=worker1 /manager/*=worker1 /docs=worker1 /*=worker1 /go/*=worker1 /go=worker1 /show/*=worker1 # Mapping all URI which end with a common suffix: #*.jsp=worker1 ##vHosts for Tomcat 7.0.19 /SiteB.xxx.de/*=worker2 /SiteB.xxx.de *=worker2 /SiteB.xxx.de /manager/*=worker2 /SiteB.xxx.de /manager*=worker2 Best regards Alexander -Ursprüngliche Nachricht- Von: André Warnier [mailto:a...@ice-sa.com] Gesendet: Donnerstag, 11. August 2011 10:30 An: Tomcat Users List Betreff: Re: AW: Multiple Tomcat Servers connect to IIS Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander, On 8/10/2011 8:12 AM, Alexander Diedler wrote: my uriworkermap.properties /manager=worker1 Mapped /manager /manager/*=worker1 /docs=worker1 /*=worker1 /go/*=worker1 /go=worker1 /show/*=worker1 # Mapping all URI which end with a common suffix: *.jsp=worker1 /manager=worker2 Re-mapped /manager This re-mapping appears to happen for all URIs. I've never worked with IIS -- can you specify a uriworkermap.properties for each virtual host? I think that's what you want to do, but it looks like you're configured everything in a single set of files, here. Read the docs... ;-) It appears that for IIS and isapi_redirect (and differently from Apache+mod_jk), there is only one uriworkermap.properties files, being used for all the IIS virtual hosts (and its single path is in the Registry under a single key). However, in the (single) uriworkermap.properties, there is a way to specify the hostname, in addition to the URI being proxied. So you can actually have things like : /serverA.company.com/app1/*=tomcat1 /serverB.company.com/app1/*=tomcat2 I never tried it, but according to Alexander it works and solves his problem. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
Multiple Tomcat Servers connect to IIS
Hello, I know the way to conenct a single Tomcat to an IIS in Windows 2003 with isapi_redirect.dll, worker.properties and uriworkermap.properties. But, how we can connect two different Tomcats (e.g. Tomcat 6.0.32 and 7.0.19) to Websites in the same IIS ? Best regards Alexander smime.p7s Description: S/MIME cryptographic signature
AW: Multiple Tomcat Servers connect to IIS
Hello, Yes, but we do not map single Apps like /app1 /app2 ,,.. every App has it own Host in server.xml and conf/Catalina My new Worker.properties: worker.list=worker1,worker2 #Tomcat 6.0.32 worker.worker1.host=localhost worker.worker1.port=8009 worker.worker1.type=ajp13 #Tomcat 7.0.19 worker.worker2.host=localhost worker.worker2.port=8010 worker.worker2.type=ajp13 my uriworkermap.properties /manager=worker1 /manager/*=worker1 /docs=worker1 /*=worker1 /go/*=worker1 /go=worker1 /show/*=worker1 # Mapping all URI which end with a common suffix: *.jsp=worker1 /manager=worker2 /manager/*=worker2 /docs=worker2 /*=worker2 /go/*=worker2 /go=worker2 /show/*=worker2 # Mapping all URI which end with a common suffix: *.jsp=worker2 # Exclusions !*.cfm !/*/hbpo|/*=* Server.xml from TC 6.0 Server port=8005 shutdown=SHUTDOWN Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost jvmRoute=worker1 Host name=siteA.xxx.de AliasSiteA.xxx.de/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=siteA_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Server.xml from TC 7.0 Server port=8006 shutdown=SHUTDOWN Connector port=8010 protocol=AJP/1.3 redirectPort=8444 / Engine name=Catalina defaultHost=localhost jvmRoute=worker2 Host name=siteA.xxx.de AliasSiteB.xxx.de/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=siteB_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Now, if a browse http://siteA.xxx.de then I get a Tomcat 404 error from the TC7.0and if I browse the http://siteB.xxx.de I get a blank page.. I do not know where I was thrown. Best regards Alexander -Ursprüngliche Nachricht- Von: André Warnier [mailto:a...@ice-sa.com] Gesendet: Mittwoch, 10. August 2011 13:49 An: Tomcat Users List Betreff: Re: Multiple Tomcat Servers connect to IIS Alexander Diedler wrote: Hello, I know the way to conenct a single Tomcat to an IIS in Windows 2003 with isapi_redirect.dll, worker.properties and uriworkermap.properties. But, how we can connect two different Tomcats (e.g. Tomcat 6.0.32 and 7.0.19) to Websites in the same IIS ? For isapi_redirect/mod_jk, a Tomcat is designated as a worker. So, in short, just define an additional worker in the workers.properties for the additional Tomcat, and then map some URLs to that worker in uriworkermap.properties. Before : workers.list=worker1 worker.worker1.host=first-tomcat worker.worker1.port=8009 ... After : workers.list=worker1,worker2 worker.worker1.host=first-tomcat worker.worker1.port=8009 ... worker.worker2.host=second-tomcat worker.worker1.port=8010 ... and, in the new Tomcat, make the AJP Connector port match the one you used for worker2. There is a bit kore to it, but that should get you going. There are also examples in the docs. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: Multiple Tomcat Servers connect to IIS
Sorry, One mistake in the server.xml conf below, I correct them. -Ursprüngliche Nachricht- Von: Alexander Diedler Gesendet: Mittwoch, 10. August 2011 14:10 An: 'Tomcat Users List'; 'Tomcat Users List' Betreff: AW: Multiple Tomcat Servers connect to IIS Hello, Yes, but we do not map single Apps like /app1 /app2 ,,.. every App has it own Host in server.xml and conf/Catalina My new Worker.properties: worker.list=worker1,worker2 #Tomcat 6.0.32 worker.worker1.host=localhost worker.worker1.port=8009 worker.worker1.type=ajp13 #Tomcat 7.0.19 worker.worker2.host=localhost worker.worker2.port=8010 worker.worker2.type=ajp13 my uriworkermap.properties /manager=worker1 /manager/*=worker1 /docs=worker1 /*=worker1 /go/*=worker1 /go=worker1 /show/*=worker1 # Mapping all URI which end with a common suffix: *.jsp=worker1 /manager=worker2 /manager/*=worker2 /docs=worker2 /*=worker2 /go/*=worker2 /go=worker2 /show/*=worker2 # Mapping all URI which end with a common suffix: *.jsp=worker2 # Exclusions !*.cfm !/*/hbpo|/*=* Server.xml from TC 6.0 Server port=8005 shutdown=SHUTDOWN Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost jvmRoute=worker1 Host name=siteA.xxx.de AliasSiteA.xxx.de/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=siteA_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Server.xml from TC 7.0 Server port=8006 shutdown=SHUTDOWN Connector port=8010 protocol=AJP/1.3 redirectPort=8444 / Engine name=Catalina defaultHost=localhost jvmRoute=worker2 Host name=siteB.xxx.de AliasSiteB.xxx.de/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=siteB_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Now, if a browse http://siteA.xxx.de then I get a Tomcat 404 error from the TC7.0 (where only SiteB.xxx.de is known) and if I browse the http://siteB.xxx.de I get a blank page.. I do not know where I was thrown. Best regards Alexander -Ursprüngliche Nachricht- Von: André Warnier [mailto:a...@ice-sa.com] Gesendet: Mittwoch, 10. August 2011 13:49 An: Tomcat Users List Betreff: Re: Multiple Tomcat Servers connect to IIS Alexander Diedler wrote: Hello, I know the way to conenct a single Tomcat to an IIS in Windows 2003 with isapi_redirect.dll, worker.properties and uriworkermap.properties. But, how we can connect two different Tomcats (e.g. Tomcat 6.0.32 and 7.0.19) to Websites in the same IIS ? For isapi_redirect/mod_jk, a Tomcat is designated as a worker. So, in short, just define an additional worker in the workers.properties for the additional Tomcat, and then map some URLs to that worker in uriworkermap.properties. Before : workers.list=worker1 worker.worker1.host=first-tomcat worker.worker1.port=8009 ... After : workers.list=worker1,worker2 worker.worker1.host=first-tomcat worker.worker1.port=8009 ... worker.worker2.host=second-tomcat worker.worker1.port=8010 ... and, in the new Tomcat, make the AJP Connector port match the one you used for worker2. There is a bit kore to it, but that should get you going. There are also examples in the docs. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: AW: Multiple Tomcat Servers connect to IIS
YES, this works! I have to define the virtual host in die uriworkermap.properties. Best regards Alexander Diedler -Ursprüngliche Nachricht- Von: André Warnier [mailto:a...@ice-sa.com] Gesendet: Mittwoch, 10. August 2011 16:03 An: Tomcat Users List Betreff: Re: AW: Multiple Tomcat Servers connect to IIS Erratum: I meant in the section Virtual host integration - IIS André Warnier wrote: Apart from the stuff below, it looks as if you'll have to use (for uriworkermap.properties), the form that is mentioned here : http://tomcat.apache.org/connectors-doc/reference/uriworkermap.html in the section IIS (at least if I understand correctly what you are trying to do, and how this works with IIS) André Warnier wrote: There is something else wrong in your server.xml. It is not the cause of the problem, but it is confusing, so it's better to correct these issues right now. I) Server.xml from TC 6.0 Server port=8005 shutdown=SHUTDOWN Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost jvmRoute=worker1 Host name=siteA.xxx.de AliasSiteA.xxx.de/Alias a) If in the Engine, you have : defaultHost=localhost then you should have a Host name=localhost as the default Host. b) Host name=siteA.xxx.de and AliasSiteA.xxx.de/Alias is a duplication. Suggested correction : Server.xml from TC 6.0 Server port=8005 shutdown=SHUTDOWN Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost jvmRoute=worker1 Host name=localhost AliasSiteA.xxx.de/Alias (now it makes sense to have the Alias) II) Suggestion: Server.xml from TC 7.0 Server port=8006 shutdown=SHUTDOWN Connector port=8010 protocol=AJP/1.3 redirectPort=8444 / Engine name=Catalina defaultHost=localhost jvmRoute=worker2 Host name=loclhost AliasSiteB.xxx.de/Alias ... Then, a question : in IIS, you also have those 2 virtual sites defined, yes ? Alexander Diedler wrote: Sorry, One mistake in the server.xml conf below, I correct them. -Ursprüngliche Nachricht- Von: Alexander Diedler Gesendet: Mittwoch, 10. August 2011 14:10 An: 'Tomcat Users List'; 'Tomcat Users List' Betreff: AW: Multiple Tomcat Servers connect to IIS Hello, Yes, but we do not map single Apps like /app1 /app2 ,,.. every App has it own Host in server.xml and conf/Catalina My new Worker.properties: worker.list=worker1,worker2 #Tomcat 6.0.32 worker.worker1.host=localhost worker.worker1.port=8009 worker.worker1.type=ajp13 #Tomcat 7.0.19 worker.worker2.host=localhost worker.worker2.port=8010 worker.worker2.type=ajp13 my uriworkermap.properties /manager=worker1 /manager/*=worker1 /docs=worker1 /*=worker1 /go/*=worker1 /go=worker1 /show/*=worker1 # Mapping all URI which end with a common suffix: *.jsp=worker1 /manager=worker2 /manager/*=worker2 /docs=worker2 /*=worker2 /go/*=worker2 /go=worker2 /show/*=worker2 # Mapping all URI which end with a common suffix: *.jsp=worker2 # Exclusions !*.cfm !/*/hbpo|/*=* Server.xml from TC 6.0 Server port=8005 shutdown=SHUTDOWN Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost jvmRoute=worker1 Host name=siteA.xxx.de AliasSiteA.xxx.de/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=siteA_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Server.xml from TC 7.0 Server port=8006 shutdown=SHUTDOWN Connector port=8010 protocol=AJP/1.3 redirectPort=8444 / Engine name=Catalina defaultHost=localhost jvmRoute=worker2 Host name=siteB.xxx.de AliasSiteB.xxx.de/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=siteB_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Now, if a browse http://siteA.xxx.de then I get a Tomcat 404 error from the TC7.0 (where only SiteB.xxx.de is known) and if I browse the http://siteB.xxx.de I get a blank page.. I do not know where I was thrown. Best regards Alexander -Ursprüngliche Nachricht- Von: André Warnier [mailto:a...@ice-sa.com] Gesendet: Mittwoch, 10. August 2011 13:49 An: Tomcat Users List Betreff: Re: Multiple Tomcat Servers connect to IIS Alexander Diedler wrote: Hello, I know the way to conenct a single Tomcat to an IIS in Windows 2003 with isapi_redirect.dll, worker.properties and uriworkermap.properties. But, how we can connect two different Tomcats (e.g. Tomcat 6.0.32 and 7.0.19) to Websites in the same IIS ? For isapi_redirect/mod_jk, a Tomcat is designated as a worker. So, in short, just define an additional worker in the workers.properties for the additional Tomcat, and then map some URLs to that worker in uriworkermap.properties. Before : workers.list=worker1
Redeployment of war File stopps suddenly
Hello, We have a big problem with deployment over war in a Tomcat 6.0.32. If there is no application yet, the initial upload through the manger works. If we redeploy the running application again, the undeploy process fails and we have a half installation, in the Manager the application name is empty. To get free out of this situation, we have to click three times to undeploy and then all files are deleted and the Context Descriptor will be deleted. War File named ROOT.war resists in D:/tecracer/apps/apps1 The deployed file in /conf/Catalina/app1/ROOT.xml contains: ?xml version=1.0 encoding=UTF-8? Context path= docBase=D:/tecracer/apps/app1/ privileged=true reloadable=true unpackWAR=true antiJARLocking=true [.] In the Server.xml we have inside the Engine: Host name=app1 appBase=D:/tecracer/apps/app1 unpackWARs=true deployOnStartup=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=app1_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Do we make a thinking mistake in the understanding of automatical deployment? Greetings Alexander Diedler smime.p7s Description: S/MIME cryptographic signature
AW: Redeployment of war File stopps suddenly
Additionally the information from Tomcat doc: When using automatic deployment, the docBase defined by an XML http://tomcat.apache.org/tomcat-6.0-doc/config/context.html Context file should be outside of the appBase directory. If this is not the case, difficulties may be experienced deploying the web application or the application may be deployed twice. The deployIgnore attribute can be used to avoid this situation. Von: Alexander Diedler [mailto:adied...@tecracer.de] Gesendet: Mittwoch, 20. Juli 2011 08:59 An: users@tomcat.apache.org Betreff: Redeployment of war File stopps suddenly Hello, We have a big problem with deployment over war in a Tomcat 6.0.32. If there is no application yet, the initial upload through the manger works. If we redeploy the running application again, the undeploy process fails and we have a half installation, in the Manager the application name is empty. To get free out of this situation, we have to click three times to undeploy and then all files are deleted and the Context Descriptor will be deleted. War File named ROOT.war resists in D:/tecracer/apps/apps1 The deployed file in /conf/Catalina/app1/ROOT.xml contains: ?xml version=1.0 encoding=UTF-8? Context path= docBase=D:/tecracer/apps/app1/ privileged=true reloadable=true unpackWAR=true antiJARLocking=true [.] In the Server.xml we have inside the Engine: Host name=app1 appBase=D:/tecracer/apps/app1 unpackWARs=true deployOnStartup=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=app1_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Do we make a thinking mistake in the understanding of automatical deployment? Greetings Alexander Diedler smime.p7s Description: S/MIME cryptographic signature
Find out reason HEap Space Error
Hello, It is very tricky to find out why our server rans periodically (between 12 and 24 hours) into Java heap space errors. We have a virtual Windows 2003 Standard R2 Server 32-bit, with 4 GB physically RAM. Two Tomcats 6.0.32 (serve different webapps) 32 bit with a Apache 2.2.14 Frontend Webserver on the same server. We use the 1.6 Update 25 Server JVM 32 bit of Sun. The errormessages from catalina log are : SCHWERWIEGEND: Exception initializing page context java.lang.OutOfMemoryError: Java heap space 16.05.2011 23:59:37 org.apache.jasper.runtime.JspFactoryImpl internalGetPageContext SCHWERWIEGEND: Exception initializing page context java.lang.OutOfMemoryError: Java heap space 16.05.2011 23:59:37 org.apache.jasper.runtime.JspFactoryImpl internalGetPageContext SCHWERWIEGEND: Exception initializing page context java.lang.OutOfMemoryError: Java heap space 16.05.2011 23:59:49 org.apache.catalina.core.ApplicationDispatcher invoke SCHWERWIEGEND: Servlet.service() for servlet Controller threw exception java.lang.OutOfMemoryError: Java heap space 16.05.2011 23:59:49 org.apache.catalina.core.StandardWrapperValve invoke SCHWERWIEGEND: Servlet.service() for servlet default threw exception java.lang.OutOfMemoryError: Java heap space 16.05.2011 23:59:54 org.apache.catalina.core.StandardWrapperValve invoke SCHWERWIEGEND: Servlet.service() for servlet Controller threw exception java.lang.OutOfMemoryError: Java heap space 16.05.2011 23:59:55 org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor processChildren SCHWERWIEGEND: Exception invoking periodic operation: java.lang.OutOfMemoryError: Java heap space 16.05.2011 23:59:55 org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor processChildren SCHWERWIEGEND: Exception invoking periodic operation: java.lang.OutOfMemoryError: Java heap space 16.05.2011 23:59:55 org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor processChildren SCHWERWIEGEND: Exception invoking periodic operation: java.lang.OutOfMemoryError: Java heap space The Tomcat Java Opts Settings in the Console: -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled -XX:+CMSPermGenSweepingEnabled -Xms128m -Xmx1024m -XX:MaxPermSize=256m The windows process grow up and consuming 1020 MB of RAM. The 2nd Tomcat service was not started and we ran although in the Memory leak. What is the best way to find out the best parameters for the settings of Tomcat? Best regards Alexander Diedler smime.p7s Description: S/MIME cryptographic signature
AW: Find out reason HEap Space Error
, mmx, sse, sse2, sse3, mmxext, 3dnow, 3dnowext Memory: 4k page, physical 3931592k(2751028k free), swap 5861528k(4677564k free) vm_info: Java HotSpot(TM) Server VM (20.0-b11) for windows-x86 JRE (1.6.0_25-b06), built on Apr 14 2011 00:56:15 by java_re with MS VC++ 7.1 (VS2003) time: Tue May 17 08:53:38 2011 elapsed time: 1873 seconds -Ursprüngliche Nachricht- Von: Mikolaj Rydzewski [mailto:m...@ceti.pl] Gesendet: Dienstag, 17. Mai 2011 09:28 An: Tomcat Users List Betreff: Re: Find out reason HEap Space Error On Tue, 17 May 2011 09:12:55 +0200, Alexander Diedler wrote: java.lang.OutOfMemoryError: Java heap space Maybe your application is so demanding, that it simply requires more memory than you have. Maybe there's a memory leak in your application. Maybe both. There's nice tool - jvisualvm - which comes bundled with JDK. You can use it to try isolate the problem. -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
multiple Loadbalancer workers - found each other webapps?
Hello, Why see one tomcat the apps of another tomcat? We have two servers with two installed Apache Tomcats 6.0.32 and one Apache Webserver 2.2.14. Server A: Tomcat1 hosts App1 and App2 Tomcat2 hosts App3 Server B: Tomcat1 hosts App1 and App2 Tomcat2 hosts App3 In the worker.properties we define two loadbalancer worker, but it seems, that they found each other cluster. Message from catalina log : [ ] 13.05.2011 14:29:15 org.apache.catalina.startup.Catalina start INFO: Server startup in 5793 ms 13.05.2011 14:29:18 org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNUNG: Context manager doesn't exist:article_finder_admin# 13.05.2011 14:29:19 org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNUNG: Context manager doesn't exist:article_finder_admin# 13.05.2011 14:29:31 org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNUNG: Context manager doesn't exist:article_finder_admin# 13.05.2011 14:29:35 org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNUNG: Context manager doesn't exist:article_finder_admin# 13.05.2011 14:29:35 org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNUNG: Context manager doesn't exist:article_finder_admin# 13.05.2011 14:29:35 org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNUNG: Context manager doesn't exist:article_finder_admin# 13.05.2011 14:29:39 org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNUNG: Context manager doesn't exist:akademie# 13.05.2011 14:29:41 org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNUNG: Context manager doesn't exist:akademie# 13.05.2011 14:29:45 org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNUNG: Context manager doesn't exist:extranet# 13.05.2011 14:29:47 org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNUNG: Context manager doesn't exist:extranet# 13.05.2011 14:29:47 org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNUNG: Context manager doesn't exist:extranet# 13.05.2011 14:29:50 org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNUNG: Context manager doesn't exist:extranet# The Context Managers for article_Finder_admin, akademie and extranet are Virtual Hosts in LoadbalancerA and doesn´t exists in conf directory of Tomcat2. We define the Cluster Valve inside the Engine (remark, these block was eqal on every server.xml, or have we to customize these valve???) : Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector / Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15In terceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ !-- Deployer className=org.apache.catalina.ha.deploy.FarmWarDeployer tempDir=/tmp/war-temp/ deployDir=/tmp/war-deploy/ watchDir=/tmp/war-listen/ watchEnabled=false/ -- ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster Worker.properties: # # First worker # worker.worker1.port=8010 worker.worker1.host=192.168.100.1 worker.worker1.type=ajp13 worker.worker1.lbfactor=75 worker.worker1.route=worker1 #worker.worker1.connection_pool_size=250 #worker.worker1.connection_pool_minsize=126
AW: mod_jk Loadbalancer for 2 different tomcat Installations
Hello, So in my worker.properties I would have a section for App1 with w1 and w2 # List the workers name worker.list= loadbalancer,jkstatus,loadbalancer2 worker.maintain=60 # # First worker # worker.worker1.port=8010 worker.worker1.host=server1 worker.worker1.type=ajp13 worker.worker1.lbfactor=75 worker.worker1.route=worker1 worker.worker1.activation=active # # second worker # worker.worker2.port=8010 worker.worker2.host=server2 worker.worker2.type=ajp13 worker.worker2.lbfactor=100 worker.worker2.route=worker2 worker.worker2.activation=active # # Third worker # worker.worker3.port=8012 worker.worker3.host=server1 worker.worker3.type=ajp13 worker.worker3.lbfactor=75 worker.worker3.route=worker3 worker.worker3.activation=active # # fourth worker # worker.worker4.port=8012 worker.worker4.host=server2 worker.worker4.type=ajp13 worker.worker4.lbfactor=75 worker.worker4.route=worker4 worker.worker4.activation=active # -- # Load Balancer worker # -- worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=worker1,worker2 worker.loadbalancer.sticky_session=true worker.loadbalancer.sticky_session_force=false worker.loadbalancer.method=Busyness worker.loadbalancer.retries=3 worker.loadbalancer.secret= # Define a 'jkstatus' worker using status worker.jkstatus.type=status And an additional section with w3 and w4 for the second cluster # -- # Load Balancer worker new app # -- worker.loadbalancer2.type=lb worker.loadbalancer2.balance_workers= worker3,worker4 worker.loadbalancer2.sticky_session=true worker.loadbalancer2.sticky_session_force=false worker.loadbalancer2.method=Busyness worker.loadbalancer2.retries=3 worker.loadbalancer2.secret= Is this a good configuration? Greetings Alexander Diedler -Ursprüngliche Nachricht- Von: Felix Schumacher [mailto:felix.schumac...@internetallee.de] Gesendet: Montag, 9. Mai 2011 13:29 An: Tomcat Users List Betreff: Re: mod_jk Loadbalancer for 2 different tomcat Installations Hello Alexander, On Mon, 9 May 2011 11:48:54 +0200, Alexander Diedler wrote: Hello, I have a question about the configuration of loadbalancer with mod_jk for Apache 2.2. We have 2 physical servers. Both have 2 different Tomcat Installations. Tomcat 6.0.26 and 6.0.32. We make worker1 and worker2 for both servers Tomcat 6.0.26 (Serverport 8010) and define a loadbalancer worker with member worker1 and worker2. Today we install the new application, that will be served by a separate Tomcat (6.0.32) as a cluster. We define the worker 3 and worker4 for both servers Tomcat 6.0.32 (Serverport 8012) and add the workers to the existing loadbalancing worker as members. Is this a valid configuration or should we define a new loadbalancer worker called loadbalancer2 for the worker3 and worker4? Clusters of workers can be used only if all workers share the same apps. If you have four workers (w1, w2, w3 and w4) and have two different sets of applications - appset1 on w1 and w2; appset2 on w3 and w4 -, you must build two clusters and set the members to w1 and w2 or w3 and w4 respectively. Regards Felix Greetings Alexander Diedler - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
mod_jk Loadbalancer for 2 different tomcat Installations
Hello, I have a question about the configuration of loadbalancer with mod_jk for Apache 2.2. We have 2 physical servers. Both have 2 different Tomcat Installations. Tomcat 6.0.26 and 6.0.32. We make worker1 and worker2 for both servers Tomcat 6.0.26 (Serverport 8010) and define a loadbalancer worker with member worker1 and worker2. Today we install the new application, that will be served by a separate Tomcat (6.0.32) as a cluster. We define the worker 3 and worker4 for both servers Tomcat 6.0.32 (Serverport 8012) and add the workers to the existing loadbalancing worker as members. Is this a valid configuration or should we define a new loadbalancer worker called loadbalancer2 for the worker3 and worker4? Greetings Alexander Diedler smime.p7s Description: S/MIME cryptographic signature
AW: HowTo place Manager-App
Hello, Ok, so I have to place the context.xml in the conf-Base. But how I can use Valves, like Remote Adress filter to grant access to the Manager app only from localhost, 127.0.0.1 and IPs inside from corporate network? Greetings Alexander -Ursprüngliche Nachricht- Von: Thomas Freitag [mailto:tho...@freit.ag] Gesendet: Donnerstag, 5. Mai 2011 15:08 An: users@tomcat.apache.org Betreff: Re: HowTo place Manager-App -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Alexander, On 05/05/2011 10:53 AM, Alexander Diedler wrote: What´s the best place to make access to the manager-app? 1. Place a separate context for Manager in the Host-Tag in the server.xml 2. Place the manager.xml in the /conf/Catalina/[Hostname]/ path? Quoting the docs: For Tomcat 6, unlike Tomcat 4.x, it is NOT recommended to place Context elements directly in the server.xml file. This is because it makes modifying the Context configuration more invasive since the main conf/server.xml file cannot be reloaded without restarting Tomcat. (see: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html) I'd suggests option 2, even if the quoted argument does not really hold in your case... Regards, - -- Thomas Freitag -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk3CoRgACgkQGE5pHr3PKuW/jgCfabb3+XZVhi3unAyyFyiTWTEg NMEAn38mIhjuntCcC3Hd3kP6XZtFzjo/ =F8d0 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
HowTo place Manager-App
Hello, What´s the best place to make access to the manager-app? 1. Place a separate context for Manager in the Host-Tag in the server.xml 2. Place the manager.xml in the /conf/Catalina/[Hostname]/ path? Best regards Alexander smime.p7s Description: S/MIME cryptographic signature
AW: Restarting Tomcat remotely
If it is a Windows Server you can use the MMC vor Services to connect remotly to the Services and restart it. Gesendet von meinem Windows Phone - Ursprüngliche Nachricht - Von: Asha K S Gesendet: Dienstag, 3. Mai 2011 06:30 An: tomcat-u...@jakarta.apache.org Betreff: Restarting Tomcat remotely Hi, Can anybody please let me know if there is way to start/stop Tomcat remotely(Not start/stop of applications but server itself) Thanks, Asha - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Allocate JVM settings per instance
Hello, I have a windows server 2003 with three instances of Tomcat (2x6.0.26 and 1x6.0.32). Every Tomcat has it own dir and the services was installed through /bin/service install [service-name]. How can I change the JVM settings per instance? If I try to open the tomcat6w.exe, I got not the instance, that the tomcat6w.exe currently contains, instead of the first instance I have installed. Greetings Alexander Diedler smime.p7s Description: S/MIME cryptographic signature
Tomcat 6.0.x TEMP Directory
Hello everybody, Just a general question. Could it be a bottleneck, if we have millions of .tmp Files in the Tomcat tmp Folder? If we startup the Tomcat, during a period 15m the are no response from the Tomcat, if we try to open websites, hosted by the tomcat. Greetings Alexander Diedler smime.p7s Description: S/MIME cryptographic signature
FamWarDeployer - Just in development state
Hello, In some advanced trainings we talked about (and use!) the farm war deployer for Cluster Deployment. But in the documentation I cannot find much more about this feature. Is it not for production? Greetings Alexander smime.p7s Description: S/MIME cryptographic signature
IIS redirect http to https for Tomcat 6.0.29
Hello, Iam not sure i fit ist he right place for this topic, but I want to do a permanently redirect of every incoming http requeswt forwarded to https in IIS. SSL is required is enabled for the website and the isapi_redirect woking fine without this option enabled. Is there are any setting we have to do fort he server.xml to get working or is https only a function oft he IIS? Greetings Alexander smime.p7s Description: S/MIME cryptographic signature
AW: Tomcat IIS - Understanding Context definition to access Webapps
Hello, The target should be, to have the possibillity to restart every webapp through the Tomcat Manager. So for my understanding I have to map every App als path=/appname in the context file. In your configuration, I have to open for every App a dedicated manager to restart them? I will test your suggestions tomorrow in my lab. Greetings Alexander Von: Pid [...@pidster.com] Gesendet: Montag, 13. September 2010 23:15 An: Tomcat Users List Betreff: Re: Tomcat IIS - Understanding Context definition to access Webapps On 12/09/2010 22:09, Caldarale, Charles R wrote: From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Subject: Re: Tomcat IIS - Understanding Context definition to access Webapps I create in conf/Catalina/localhost a new file called webSiteA.xml with this content: try creating it in conf/Catalina/webSiteA Need to be more explicit; the file must be named ROOT.xml (case sensitive), in the above directory. Context path=/ reloadable=true docBase=C:\Inetpub\wwwroot\SiteA distributable=true The path element will be ignored. It's not valid at all when the Context element is in the above location. (For what it's worth, the value specified is completely illegal; a plain slash is never used.) Also, there is no distributable attribute for Context, so get rid of that as well. Also, be wary of publishing any part of this URL directly via IIS: C:\Inetpub\wwwroot\SiteA Any config errors and your app components are exposed. p THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat IIS - Understanding Context definition to access Webapps
Hello, I think I have a little issue in my configuration of the webserver. I have a Windows 2003 Webserver with IIS and Tomcat Connector and two webapps, that should be delivered through the IIS. But I only get the default Welcome Site from Tomcat. In my Tomcat 6.0.26 I have a Webapp A. It´s content is on C:\inetpub\wwwroot\SiteA I define in the server.xml in the Engine: --- !-- www.websiteA.de -- Host name=webSiteA Aliaswww.websiteA.de/Alias Aliaswww.websiteAandmore.de/Alias /Host --- I create in conf/Catalina/localhost a new file called webSiteA.xml with this content: --- ?xml version='1.0' encoding='utf-8'? Context path=/ reloadable=true docBase=C:\Inetpub\wwwroot\SiteA distributable=true Resource name=jdbc/jTDS auth=Container type=javax.sql.DataSource maxActive=100 maxIdle=30 maxWait=1 username=datauser password=XX removeAbandoned=true removeAbandonedTimeout=60 logAbandoned=true driverClassName=net.sourceforge.jtds.jdbc.Driver url=jdbc:jtds:sqlserver://127.0.0.1:1433/xxx_;charset=UTF-8; / /Context --- After Startup the tomcat, in the conf/Catalina Directory, a new directory WebSiteA appears with a host-manager.xml and manager.xml In the Tomcat Web Application Manager-App (http://localhost:8080/manager/html) I can see a new Application /webSiteA and If i go to http://localhost:8080/webSiteA I got the content of the Webapp. Everything is fine. But it seems, that the redirected requests from the IIS doesn´t have the right Header value and Tomcat doesn´t know where to redirect the request. Is my configuration ok or is there an issue or is it not the best practise for hosting many webapps on one Server? Greetings Alexander - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 6.0.29 W2K3 x64 isapi_redirect
Hello all, I have a problem, that i don´t understand why it not works. I have a new W2K3 (64-Bit) Server R2 with IIS and Tomcat 6.0.29 x64 installed and ISAPI 1.2.30 64 bit. But I got only white pages. If I connect the 32-Bit ISAPI-Connector I got Unzulässige Funktion. Or in english Invalid funtion. smime.p7s Description: S/MIME cryptographic signature
Best practise very secure system without any password in cleartext
Hello @ll, Some difficult task seems to be very strange to realize. We have to create an Application with an Offline Client based on Tomcat and SQL Server on Laptops. That means, that the Laptops has an local installed Webserver with Tomcat and a local installed SQL Server (Full oder Express Edition 2005). Now, in case to stolen laptops it is very unsecure to wrote the sa user with uncrypted password in some properties files. My idea was, to manage the whole communication direct with the SQL database instead of tomcat-users.xml. It is possible to make a full working system without any local stored password in the properties file? It is possible to use Windows internal Kerberos (etc) authentication with domain users etc and start the SQL Server and Tomcat Server with Serviceaccounts? Greetings Alexander
Default Configuration Cluster
Hello everybody, Is there are some information to set default a 2-node cluster with fronted Apache webserver 2.2.14 on one of the nodes? Specially timeouts, Threads, MPM worker etc.. What should be set, and what is bad to change?
AW: Missing files for mod_jk
Hello again, Under Windows, Apache has a single child, multi-threaded. In Alexander's configuration, the maximum number of threads for Apache is set at 1920 (?). That in itself already looks to me like a big number, but I don't know the real load of the server. The question here is whether ALL requests going through Apache get passed through to Tomcat via mod_jk, and whether there are requests to Tomcat that go directly to Tomcat without going through Apache. If the errors occours, we take a look at Windows process manager and make the Threads per process visible. The httpd.exe has 1922 Threads, so I can understand, if the Apache says no to incoming connection (ThreadLimit is 1920). But what is the reason for the longtime open connections. My understand is, that connections will be closed automatically after a period of seconds. We redirect EVERYTHING to the Tomcat JkMount /* loadbalancer and UnMount static content like gif,jpg,css,js,doc,xls,pdf etc. In normal workday there should be max 100 users per hour on this system. In the Apache server-status I can see: Apache StatusApache Server Status for 127.0.0.1 Server Version: Apache/2.2.14 (Win32) mod_jk/1.2.27 Server Built: Sep 28 2009 22:41:08 Current Time: Saturday, 06-Feb-2010 13:36:38 W. Europe Standard Time Restart Time: Friday, 05-Feb-2010 16:52:01 W. Europe Standard Time Parent Server Generation: 1 Server uptime: 20 hours 44 minutes 37 seconds Total accesses: 56596 - Total Traffic: 989.5 MB .758 requests/sec - 13.6 kB/second - 17.9 kB/request 681 requests currently being processed, 1239 idle workers CW_W _W__ __W___W_W___W__W Scoreboard Key: _ Waiting for Connection, S Starting up, R Reading Request, W Sending Reply, K Keepalive (read), D DNS Lookup, C Closing connection, L Logging, G Gracefully finishing, I Idle cleanup of worker, . Open slot with no current process But the order of the Sending Reply is very unusual. I know a random order of Sending reply in this view. -Ursprüngliche Nachricht- Von: André Warnier [mailto:a...@ice-sa.com] Gesendet: Freitag, 5. Februar 2010 18:16 An: Tomcat Users List Betreff: Re: Missing files for mod_jk Caldarale, Charles R wrote: From: Alexander Diedler [mailto:adied...@tecracer.de] Subject: AW: Missing files for mod_jk Sorry, it is 1024 KB, sure, just to fast tipped into the keyboard. So again, why did you change it from the default? worker.list= worker3,loadbalancer,jkstatus I see no declarations for worker3. ok, I adjust maxThreads to 1000 I'm certainly not an expert in configuring mod_jk, but don't you need to keep the AJP Connector maxThreads setting in sync with the worker.worker?.connection_pool_size setting? Picking arbitrary values will get you into trouble. From the mod_jk docs (workers.properties) : connection_pool_size : Usually this is the same as the number of threads per web server process. JK will discover this number for the Apache web server automatically and set the pool size to this value. Under Windows, Apache has
Missing files for mod_jk
Hello, We connect an apache 2.2.14 to a Tomcat 6.0.20. From time to time our cluster throws 502 in the Apache Accesslog. everything is ok-... xxx.xxx.108.1 - - [04/Feb/2010:21:16:57 +0100] GET /public/frame_doc_index.html?med_id=119638 HTTP/1.1 200 771 xxx.xxx.108.1 - - [04/Feb/2010:21:16:58 +0100] GET /public/frame_doc_top.html HTTP/1.1 304 - xxx.xxx.108.1 - - [04/Feb/2010:21:16:58 +0100] GET /img_aes/Header_doc_public.jpg HTTP/1.1 304 - xxx.xxx.108.1 - - [04/Feb/2010:21:16:59 +0100] GET /public/frame_doc_index.html?med_id=119638 HTTP/1.1 304 - xxx.xxx.108.1 - - [04/Feb/2010:21:16:59 +0100] GET /public/frame_doc_top.html HTTP/1.1 304 - [...] xxx.xxx.214.132 - - [04/Feb/2010:21:21:33 +0100] GET / HTTP/1.1 502 232 xxx.xxx.0.149 - - [04/Feb/2010:21:21:40 +0100] GET /favicon.ico HTTP/1.1 502 232 xxx.xxx.193.66 - - [04/Feb/2010:21:21:41 +0100] GET / HTTP/1.0 502 232 [...] Until I restart the Tomcat webserver. Where is the place to findout, what happens in this case of error? Greetings Alexander
AW: Missing files for mod_jk
Some additional information.. in Cataling Log we can see: SCHWERWIEGEND: Error allocating socket processor java.lang.OutOfMemoryError: unable to create new native thread at java.lang.Thread.start0(Native Method) at java.lang.Thread.start(Thread.java:597) at org.apache.tomcat.util.net.AprEndpoint$Worker.start(AprEndpoint.java:1550) at org.apache.tomcat.util.net.AprEndpoint.newWorkerThread(AprEndpoint.java:981) at org.apache.tomcat.util.net.AprEndpoint.createWorkerThread(AprEndpoint.java:960) at org.apache.tomcat.util.net.AprEndpoint.getWorkerThread(AprEndpoint.java:992) at org.apache.tomcat.util.net.AprEndpoint.processSocketWithOptions(AprEndpoint.java:1045) at org.apache.tomcat.util.net.AprEndpoint$Acceptor.run(AprEndpoint.java:1130) at java.lang.Thread.run(Thread.java:619) 04.02.2010 21:20:52 org.apache.tomcat.util.net.AprEndpoint processSocketWithOptions starting at the same time of 502 error Greetings Alexander Von: Alexander Diedler [adied...@tecracer.de] Gesendet: Freitag, 5. Februar 2010 12:36 An: users@tomcat.apache.org Betreff: Missing files for mod_jk Hello, We connect an apache 2.2.14 to a Tomcat 6.0.20. From time to time our cluster throws 502 in the Apache Accesslog. everything is ok-... xxx.xxx.108.1 - - [04/Feb/2010:21:16:57 +0100] GET /public/frame_doc_index.html?med_id=119638 HTTP/1.1 200 771 xxx.xxx.108.1 - - [04/Feb/2010:21:16:58 +0100] GET /public/frame_doc_top.html HTTP/1.1 304 - xxx.xxx.108.1 - - [04/Feb/2010:21:16:58 +0100] GET /img_aes/Header_doc_public.jpg HTTP/1.1 304 - xxx.xxx.108.1 - - [04/Feb/2010:21:16:59 +0100] GET /public/frame_doc_index.html?med_id=119638 HTTP/1.1 304 - xxx.xxx.108.1 - - [04/Feb/2010:21:16:59 +0100] GET /public/frame_doc_top.html HTTP/1.1 304 - [...] xxx.xxx.214.132 - - [04/Feb/2010:21:21:33 +0100] GET / HTTP/1.1 502 232 xxx.xxx.0.149 - - [04/Feb/2010:21:21:40 +0100] GET /favicon.ico HTTP/1.1 502 232 xxx.xxx.193.66 - - [04/Feb/2010:21:21:41 +0100] GET / HTTP/1.0 502 232 [...] Until I restart the Tomcat webserver. Where is the place to findout, what happens in this case of error? Greetings Alexander - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Missing files for mod_jk
Hello, No problem for more information: tomcat6w.exe: java options: -XX:+UseParallelGC Initial memory pool: 256 MB Maximum memory pool : 1024 MB Thread stack size : 1024 MB httpd.conf: (Only changes from default value): ThreadLimit 1920 ThreadsPerChild 1920 MaxRequestsPerChild 0 Include http-vhosts.conf server.xml Connector port=8010 protocol=AJP/1.3 connectionTimeout=3 redirectPort=8444 request.useSecret=true request.secret=x maxThreads=1 tcpNoDelay=true / At the moment there are two cluster nodes. Both are virtual machines and have installed a Windows 2003 Standard Server R2 in 32-Bit. There is a Apache 2.2.14, mod_jk Connector 32-Bit 1.2.27, JDK 1.6 Update 17 in 32 Bit, Tomcat 6.0.20 in 32 Bit with tc-native installed. All requests will be redirected from an hardware loadbalancer to the node 1, and this node depoly the requests with Apache mod_jk to the underlaying Tomcats on node1 or node2. -Ursprüngliche Nachricht- Von: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Gesendet: Freitag, 5. Februar 2010 15:43 An: Tomcat Users List Betreff: RE: Missing files for mod_jk From: Alexander Diedler [mailto:adied...@tecracer.de] Subject: AW: Missing files for mod_jk Some additional information.. in Cataling Log we can see: SCHWERWIEGEND: Error allocating socket processor java.lang.OutOfMemoryError: unable to create new native thread This is not a heap usage issue, despite the OOME being thrown. You're starting too many threads in the Tomcat process, either reaching the predefined limit for the OS, or running out of process space for the additional structures needed by a thread (e.g., stack space). Since you didn't tell us anything about the OS you're running on, the JVM you're using, or your Tomcat and mod_jk configs, there's not much more anyone can tell you. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Missing files for mod_jk
Hi, That's a problem - or a typo. A 1 GB thread stack size is not possible. Assuming you meant 1024 KB, why did you think it necessary to change it from the default? Sorry, it is 1024 KB, sure, just to fast tipped into the keyboard. # List the workers name worker.list= worker3,loadbalancer,jkstatus worker.maintain= 60 # # First worker # worker.worker1.port=8010 worker.worker1.host=k0.xxx.local #worker.worker1.host=xxx.xx.5.78 worker.worker1.type=ajp13 worker.worker1.lbfactor=75 worker.worker1.route=worker1 worker.worker1.activation=active # # Second worker # worker.worker2.port=8010 worker.worker2.host=k1.x.local #worker.worker2.host=xxx.xx.5.77 worker.worker2.type=ajp13 worker.worker2.lbfactor=100 worker.worker2.route=worker2 worker.worker2.activation=active # -- # Load Balancer worker # -- worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=worker1,worker2 worker.loadbalancer.sticky_session=true worker.loadbalancer.sticky_session_force=false worker.loadbalancer.method=Busyness worker.loadbalancer.retries=3 worker.loadbalancer.secret=x ok, I adjust maxThreads to 1000 Greetings Alexander Von: Caldarale, Charles R [chuck.caldar...@unisys.com] Gesendet: Freitag, 5. Februar 2010 16:07 An: Tomcat Users List Betreff: RE: Missing files for mod_jk From: Alexander Diedler [mailto:adied...@tecracer.de] Subject: AW: Missing files for mod_jk Thread stack size : 1024 MB That's a problem - or a typo. A 1 GB thread stack size is not possible. Assuming you meant 1024 KB, why did you think it necessary to change it from the default? Use JConsole or equivalent to monitor Tomcat while it's running and see if you have excess threads running around. Task Manager will also give you a thread count. httpd.conf: (Only changes from default value): And the mod_jk config? Connector port=8010 protocol=AJP/1.3 ... maxThreads=1 tcpNoDelay=true / That's an insane value for maxThreads; certainly no 32-bit OS will ever be able to create that many. You might be able to do it with a 64-bit one, but I can't imagine *any* environment where you need to process 10,000 concurrent requests on a single server. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat hangs up - Timeout
Hello, Our cluster (Apache 2.2.14 + mod_jk 1.2.27 + Tomcat 6.0.20) with two nodes sometimes hung up and doesn´t deliver anything. Just a rotating earth in IE =;o) So I think the connector lost communication to the node or other reasons. Worker.properties: # List the workers name worker.list= worker3,loadbalancer,jkstatus worker.maintain= 120 # # First worker # worker.worker1.port=8010 worker.worker1.host=k0.domain.local #worker.worker1.host=xxx.xx.5.78 worker.worker1.type=ajp13 worker.worker1.lbfactor=75 worker.worker1.route=worker1 worker.worker1.activation=active # # Second worker # worker.worker2.port=8010 worker.worker2.host=k1.domain.local #worker.worker2.host=xxx.xx.5.77 worker.worker2.type=ajp13 worker.worker2.lbfactor=100 worker.worker2.route=worker2 worker.worker2.activation=active # # qas worker # worker.worker3.port=8011 worker.worker3.host=k0.domain.local #worker.worker3.host=xxx.xx.5.78 worker.worker3.type=ajp13 worker.worker3.lbfactor=1 worker.worker3.activation=active # -- # Load Balancer worker # -- worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=worker1,worker2 worker.loadbalancer.sticky_session=true worker.loadbalancer.sticky_session_force=false worker.loadbalancer.method=Busyness worker.loadbalancer.retries=4 worker.loadbalancer.secret=X # Define a 'jkstatus' worker using status worker.jkstatus.type=status = Httpd.conf: LoadModule jk_module modules/mod_jk.so JkWorkersFile conf/worker.properties JkLogFile |D:/X/software/Apache/bin/rotatelogs.exe D:/X/logs/software/Apache/mod_jk.log 3600 # LEvel error|warn|debug JkLogLevel warn ThreadLimit 1920 ThreadsPerChild 1920 MaxRequestsPerChild 0 Include conf/extra/httpd-vhosts.conf == Httpd-vhosts.conf NameVirtualHost *:80 ### Default vHost ### VirtualHost *:80 ServerAdmin i...@xxx.demailto:i...@xxx.de DocumentRoot D:\XX\software\Apache\htdocs #ServerName k0.domain.local ServerName xxx.xx.5.78 # Add the jkstatus mount point JkMount /jkmanager/* jkstatus JkMount /probe/* loadbalancer #Enable the JK manager access from localhost only Location /jkmanager/ JkMount jkstatus Order deny,allow Deny from all Allow from 127.0.0.1 Allow from xxx.xxx.214.132 /Location /VirtualHost VirtualHost *:80 ServerAdmin i...@x.demailto:i...@x.de DocumentRoot D:\x\apps\extranet #ServerName k0.domain.local ServerName xxx.xx.5.78 ServerAlias k0.xxx-extra.net Directory D:\x\apps\extranet Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all /Directory ## Tomcatanbindung JkMount /* loadbalancer JkUnMount /*.gif loadbalancer JkUnMount /*.jpg loadbalancer JkUnMount /*.jpeg loadbalancer JkUnMount /*.png loadbalancer JkUnMount /*.css loadbalancer JkUnMount /*.js loadbalancer /VirtualHost VirtualHost *:80 ServerAdmin i...@.demailto:i...@.de DocumentRoot D:\\apps\akademie #ServerName k0.domain.local ServerName xxx.xx.5.78 ServerAlias dev.xxx.de ServerAlias staging.xxx.de Directory D:\x\apps\akademie Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all /Directory ## Tomcatanbindung JkMount /* loadbalancer JkUnMount /*.gif loadbalancer JkUnMount /*.jpg loadbalancer JkUnMount /*.jpeg loadbalancer JkUnMount /*.png loadbalancer JkUnMount /*.css loadbalancer JkUnMount /*.js loadbalancer /VirtualHost # Extra Instanz für QAS VirtualHost *:80 ServerAdmin i...@x.demailto:i...@x.de DocumentRoot D:\Tomcat_Apps\articlefinder_qas #ServerName k0.domain.local ServerName xxx.xx.5.78 ServerAlias qas..de ## Tomcatanbindung JkMount /* worker3 /VirtualHost # Articlefinder VirtualHost *:80 ServerAdmin i...@.demailto:i...@.de DocumentRoot D:\Tomcat_Apps\articlefinder #ServerName k0.domain.local ServerName xxx.xx.5.78 ServerAlias -.de ServerAlias xxx.xx.de ServerAlias gk0.xxx.de ## Tomcatanbindung JkMount /* loadbalancer /VirtualHost Server.xml Connectorport=8010 protocol=AJP/1.3
AW: AW: Tomcat Cluster 6.x and HTTP/1.1 503 Service Temporarily Unavailable
redirectPort=8444 request.useSecret=true request.secret=x maxThreads=1 tcpNoDelay=true / Greetings Alexander -Ursprüngliche Nachricht- Von: Mark Thomas [mailto:ma...@apache.org] Gesendet: Montag, 1. Februar 2010 11:51 An: Tomcat Users List Betreff: Re: AW: Tomcat Cluster 6.x and HTTP/1.1 503 Service Temporarily Unavailable On 01/02/2010 07:40, Alexander Diedler wrote: 44 requests currently being processed, 1656 idle workers I doubt you have that many AJP threads available on Tomcat. AJP connector config in server.xml? mod_jk config in httpd.conf? Looks like my guess was right. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: AW: AW: Tomcat Cluster 6.x and HTTP/1.1 503 Service Temporarily Unavailable
Hi, I changed the worker list to comma-separated list. My server.xml: Engine name=Catalina defaultHost=localhost jvmRoute=worker1 !--For clustering, please take a look at documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) -- Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster !-- The request dumper valve dumps useful debugging information about the request and response data received and sent by Tomcat. Documentation at: /docs/config/valve.html -- !-- Valve className=org.apache.catalina.valves.RequestDumperValve/ -- !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ !-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. -- Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false !-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html -- !-- Valve className=org.apache.catalina.authenticator.SingleSignOn / -- !-- Access log processes all example. Documentation at: /docs/config/valve.html -- Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Host name=extranet appBase=extranet Aliask0.xxx-x.net/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=extranet_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Host name=akademie appBase=akademie Aliask0.-akademie.de/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=akademie_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Host name=article_finder_admin appBase=article_finder_admin Alias-xxx.xx.de/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=article_finder_admin_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host /Engine My conf/Catalina/ Structure: (very host contain its own App) We make this to have the possibility to access Manager App to restart every context seperatly. Localhost Probe.xml Manager.xml Host-manager.xml Extranet ROOT.xml Probe.xml Manager.xml Akademie ROOT.xml Probe.xml
BestPractise Multiple Webapps
Hello, We have 3 different webapps based on d:\tomcat_apps\app1 ... app2 App3 on a Apache 2.2.14 and Tomcat 6.0.20. We want to have the possibility to reload every context/webapp separately without impact the others. So we have to open http://www.app1.de/manager/html/ to restart context for webapp1 So we have to open http://www.app2.de/manager/html/ to restart context for webapp2 So we have to open http://www.app3.de/manager/html/ to restart context for webapp3 It is possible to impact all these webapps into one manager app and restart contexts? But remember, in the Browser the user have to fill-in http://www.app1.de/ instead of http://www.app1.de/apps1 So we create in httpd-vhosts three VirtualHosts: http.conf: LoadModule jk_module modules/mod_jk.so JkWorkersFile conf/worker.properties JkLogFile mod_jk.log # LEvel error|warn|debug JkLogLevel warn Worker.properties worker.list=worker1 worker.worker1.port=8010 worker.worker1.host=k0.domain.local worker.worker1.type=ajp13 worker.worker1.lbfactor=100 worker.worker1.route=worker1 worker.worker1.activation=active = Httpd-vhosts.conf #app1 VirtualHost *:80 ServerAdmin i...@sss.de DocumentRoot D:\tomcat_apps\app1 ServerName k0.domain.local JkMount /* worker1 /VirtualHost #app2 VirtualHost *:80 ServerAdmin i...@sss.de DocumentRoot D:\tomcat_apps\app2 ServerName k0.domain.local JkMount /* worker1 /VirtualHost #app3 VirtualHost *:80 ServerAdmin i...@sss.de DocumentRoot D:\tomcat_apps\app3 ServerName k0.domain.local JkMount /* worker1 /VirtualHost SERVER.XML Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Host name=app1 appBase=app1 Aliaswww.app1.de/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=app1_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Host name=app2 appBase=app2 Aliaswww.app2.de/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=app2_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host Host name=app3 appBase=app3 Aliaswww.app3.de/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=app3_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host [Tomcat_HOME] /conf/Cartalina/app1/ ROOT.xml Manager.xml Content ROOT.xml: Context path=/ reloadable=true docBase=D:\tomcat_apps\app1 /Context Content manager.xml: Context docBase=${catalina.home}/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false Valve className=org.apache.catalina.valves.RemoteAddrValve allow=127.0.0.1/ /Context /conf/Cartalina/app2/ ROOT.xml Manager.xml Content ROOT.xml: Context path=/ reloadable=true docBase=D:\tomcat_apps\app2 /Context Content manager.xml: Context docBase=${catalina.home}/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false Valve className=org.apache.catalina.valves.RemoteAddrValve allow=127.0.0.1/ /Context /conf/Cartalina/app3/ ROOT.xml Manager.xml Content ROOT.xml: Context path=/ reloadable=true docBase=D:\tomcat_apps\app3 /Context Content manager.xml: Context docBase=${catalina.home}/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false Valve className=org.apache.catalina.valves.RemoteAddrValve allow=127.0.0.1/ /Context /conf/Cartalina/localhost/ Manager.xml Content manager.xml: Context docBase=${catalina.home}/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false Valve className=org.apache.catalina.valves.RemoteAddrValve allow=127.0.0.1/ /Context
AW: Tomcat Cluster 6.x and HTTP/1.1 503 Service Temporarily Unavailable
. -Ursprüngliche Nachricht- Von: Alexander Diedler [mailto:adied...@tecracer.de] Gesendet: Montag, 1. Februar 2010 08:40 An: Tomcat Users List Betreff: AW: Tomcat Cluster 6.x and HTTP/1.1 503 Service Temporarily Unavailable Hello, Server Version: Apache/2.2.14 (Win32) mod_jk/1.2.28 Server Built: Sep 28 2009 22:41:08 Server loaded APR Version: 1.3.9 Compiled with APR Version: 1.3.9 Server loaded APU Version: 1.3.9 Compiled with APU Version: 1.3.9 Module Magic Number: 20051115:23 Hostname/port: XXX.XXX.XXX.XXX:80 Timeouts: connection: 300keep-alive: 5 MPM Name: WinNT MPM Information: Max Daemons: 64 Threaded: yes Forked: no Server Architecture: 32-bit Server Root: D:/tecracer/software/Apache Config File: D:/tecracer/software/Apache/conf/httpd.conf Server Built With: -D APACHE_MPM_DIR=server/mpm/winnt -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D HTTPD_ROOT=/apache -D SUEXEC_BIN=/apache/bin/suexec -D DEFAULT_ERRORLOG=logs/error.log -D AP_TYPES_CONFIG_FILE=conf/mime.types -D SERVER_CONFIG_FILE=conf/httpd.conf Server Version: Apache/2.2.14 (Win32) mod_jk/1.2.28 Server Built: Sep 28 2009 22:41:08 Current Time: Monday, 01-Feb-2010 08:38:14 W. Europe Standard Time Restart Time: Monday, 01-Feb-2010 04:58:09 W. Europe Standard Time Parent Server Generation: 0 Server uptime: 3 hours 40 minutes 5 seconds Total accesses: 28126 - Total Traffic: 340.1 MB 2.13 requests/sec - 26.4 kB/second - 12.4 kB/request 44 requests currently being processed, 1656 idle workers Listing Load Balancing Worker (1 Worker) [Hide] [S|E|R] Worker Status for loadbalancer Type Sticky Sessions Force Sticky Sessions Retries LB Method Locking Recover Wait Time Error Escalation Time Max Reply Timeouts [Hide] lb True False 3 Busyness Optimistic 60 30 0 Good Degraded Bad/Stopped Busy Max Busy Next Maintenance Last Reset [Hide] 2 0 0 0 70 74/196 13277 Balancer Members [Hide] Name Type Hostname Address:Port Connection Pool Timeout Connect Timeout Prepost Timeout Reply Timeout Retries Recovery Options Max Packet Size [Hide] worker1 ajp13 k0.domain.local xxx.xxx.x.78:8010 0 0 0 0 2 0 8192 worker2 ajp13 k1.domain.local xxx.xxx.x.77:8010 0 0 0 0 2 0 8192 Name Act State D F M V Acc Err CE RE Wr Rd Busy Max Route RR Cd Rs LR LE [S|E|R] worker1 ACT OK 0 100 1 0 425 (1/sec) 0 0 0 264K (908 /sec) 1.6M (5.3K/sec) 0 5 worker1 0/0 298 [S|E|R] worker2 ACT OK 0 100 1 0 2257 (0/sec) 112 24 0 1.3M (104 /sec) 17M (1.3K/sec) 0 11 worker2 0/0 13277 Greetings Alexander Diedler -Ursprüngliche Nachricht- Von: Mark Thomas [mailto:ma...@apache.org] Gesendet: Sonntag, 31. Januar 2010 18:55 An: Tomcat Users List Betreff: Re: Tomcat Cluster 6.x and HTTP/1.1 503 Service Temporarily Unavailable On 31/01/2010 17:50, Alexander Diedler wrote: Hello, We spend a lot of time to investigate the mistake, but I would not be found by us. We have two Virtual Machines with Windows 2003 R2 Standard Edition and on every node there is a Apache 2.2.14 and Tomcat 6.0.20 (and tcnative installed) with mod_jk 1.2.28 (all 32 Bit) installed. After a period (hours up to a day) we receive on every application a 503 error through the Webserver. The Apache seems to work fine, jkmanager, htdocs, server-info and server-status can be opened and the apps seems can be accessed by HTTP Connector Port 8080. Is there are any idea, what is the problem in this case? Any suggestions, what we can improve to avoid this errors. Hard to tell with out any configuration info. At a guess, more httpd threads than AJP threads and unused connections not being closed quickly enough. Try fixing your timeouts or use JkOptions +DisableReuse Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: AW: Tomcat Cluster 6.x and HTTP/1.1 503 Service Temporarily Unavailable
Hi Mark, I attach my current settings: In httpd.conf: ThreadLimit 1920 ThreadsPerChild 1920 MaxRequestsPerChild 1 Worker.properties worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=worker1 worker2 worker.loadbalancer.sticky_session=true worker.loadbalancer.sticky_session_force=false worker.loadbalancer.method=Busyness worker.loadbalancer.retries=4 worker.loadbalancer.secret= server.xml: Connector port=8010 protocol=AJP/1.3 connectionTimeout=3 redirectPort=8444 request.useSecret=true request.secret=X maxThreads=1 tcpNoDelay=true / Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=/ Valve className=org.apache.catalina.ha.session.JvmRouteBinderValve/ ClusterListener className=org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster -Ursprüngliche Nachricht- Von: Mark Thomas [mailto:ma...@apache.org] Gesendet: Montag, 1. Februar 2010 11:51 An: Tomcat Users List Betreff: Re: AW: Tomcat Cluster 6.x and HTTP/1.1 503 Service Temporarily Unavailable On 01/02/2010 07:40, Alexander Diedler wrote: 44 requests currently being processed, 1656 idle workers I doubt you have that many AJP threads available on Tomcat. AJP connector config in server.xml? mod_jk config in httpd.conf? Looks like my guess was right. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Tomcat Cluster 6.x and HTTP/1.1 503 Service Temporarily Unavailable
Hello, Server Version: Apache/2.2.14 (Win32) mod_jk/1.2.28 Server Built: Sep 28 2009 22:41:08 Server loaded APR Version: 1.3.9 Compiled with APR Version: 1.3.9 Server loaded APU Version: 1.3.9 Compiled with APU Version: 1.3.9 Module Magic Number: 20051115:23 Hostname/port: XXX.XXX.XXX.XXX:80 Timeouts: connection: 300keep-alive: 5 MPM Name: WinNT MPM Information: Max Daemons: 64 Threaded: yes Forked: no Server Architecture: 32-bit Server Root: D:/tecracer/software/Apache Config File: D:/tecracer/software/Apache/conf/httpd.conf Server Built With: -D APACHE_MPM_DIR=server/mpm/winnt -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D HTTPD_ROOT=/apache -D SUEXEC_BIN=/apache/bin/suexec -D DEFAULT_ERRORLOG=logs/error.log -D AP_TYPES_CONFIG_FILE=conf/mime.types -D SERVER_CONFIG_FILE=conf/httpd.conf Server Version: Apache/2.2.14 (Win32) mod_jk/1.2.28 Server Built: Sep 28 2009 22:41:08 Current Time: Monday, 01-Feb-2010 08:38:14 W. Europe Standard Time Restart Time: Monday, 01-Feb-2010 04:58:09 W. Europe Standard Time Parent Server Generation: 0 Server uptime: 3 hours 40 minutes 5 seconds Total accesses: 28126 - Total Traffic: 340.1 MB 2.13 requests/sec - 26.4 kB/second - 12.4 kB/request 44 requests currently being processed, 1656 idle workers Listing Load Balancing Worker (1 Worker) [Hide] [S|E|R] Worker Status for loadbalancer Type Sticky Sessions Force Sticky Sessions Retries LB Method Locking Recover Wait Time Error Escalation Time Max Reply Timeouts [Hide] lb True False 3 Busyness Optimistic 60 30 0 Good Degraded Bad/Stopped Busy Max Busy Next Maintenance Last Reset [Hide] 2 0 0 0 70 74/196 13277 Balancer Members [Hide] Name Type Hostname Address:Port Connection Pool Timeout Connect Timeout Prepost Timeout Reply Timeout Retries Recovery Options Max Packet Size [Hide] worker1 ajp13 k0.domain.local xxx.xxx.x.78:8010 0 0 0 0 2 0 8192 worker2 ajp13 k1.domain.local xxx.xxx.x.77:8010 0 0 0 0 2 0 8192 Name Act State D F M V Acc Err CE RE Wr Rd Busy Max Route RR Cd Rs LR LE [S|E|R] worker1 ACT OK 0 100 1 0 425 (1/sec) 0 0 0 264K (908 /sec) 1.6M (5.3K/sec) 0 5 worker1 0/0 298 [S|E|R] worker2 ACT OK 0 100 1 0 2257 (0/sec) 112 24 0 1.3M (104 /sec) 17M (1.3K/sec) 0 11 worker2 0/0 13277 Greetings Alexander Diedler -Ursprüngliche Nachricht- Von: Mark Thomas [mailto:ma...@apache.org] Gesendet: Sonntag, 31. Januar 2010 18:55 An: Tomcat Users List Betreff: Re: Tomcat Cluster 6.x and HTTP/1.1 503 Service Temporarily Unavailable On 31/01/2010 17:50, Alexander Diedler wrote: Hello, We spend a lot of time to investigate the mistake, but I would not be found by us. We have two Virtual Machines with Windows 2003 R2 Standard Edition and on every node there is a Apache 2.2.14 and Tomcat 6.0.20 (and tcnative installed) with mod_jk 1.2.28 (all 32 Bit) installed. After a period (hours up to a day) we receive on every application a 503 error through the Webserver. The Apache seems to work fine, jkmanager, htdocs, server-info and server-status can be opened and the apps seems can be accessed by HTTP Connector Port 8080. Is there are any idea, what is the problem in this case? Any suggestions, what we can improve to avoid this errors. Hard to tell with out any configuration info. At a guess, more httpd threads than AJP threads and unused connections not being closed quickly enough. Try fixing your timeouts or use JkOptions +DisableReuse Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat Clsuter 6.0.18 White sites
Hi everybody, We have some issues with a Tomcat Cluster. Sometimes (after a few hours without restart of services) , the webserver doesn´t deliver the complete content to the browser. It means, in the browser ther appear the header and some parts of the website, but then only blank and white website. In the source code in HTML view it is the same leak. Only after a restart of the services the content will be completely delivered. It is a Win 2003 Server with JDK 1.6, the Server jvm.dll is called from Tomcat. It is a 2 node cluster with Apache 2.2.14 and Tomcat 6.0.20 and mod_jk 1.2.28. In front of these cluster there is a Hardware loadbalanacer BigIP from F5. Somebody any idea, why the cluster stops delivering of contents after a period of hours? Greetings Alexander
Tomcat Cluster 6.0.20 White sites
Hi everybody, We have some issues with a Tomcat Cluster. Sometimes (after a few hours without restart of services) , the webserver doesn´t deliver the complete content to the browser. It means, in the browser ther appear the header and some parts of the website, but then only blank and white website. In the source code in HTML view it is the same leak. Only after a restart of the services the content will be completely delivered. It is a Win 2003 Server with JDK 1.6 32-Bit, the Server jvm.dll is called from Tomcat. It is a 2 node cluster with Apache 2.2.14 and Tomcat 6.0.20 and mod_jk 1.2.28. In front of these cluster there is a Hardware loadbalanacer BigIP from F5. Somebody any idea, why the cluster stops delivering of contents after a period of hours? Greetings Alexander
HowTo restart VHosts on 6.0.20
Hello, We have created a 2 node cluster with Apache 2.2.14 and Tomcat 6.0.20. In the Tomcat install path there are a lot of VHosts (it is so called?): Conf/Catalina/webappA with ROOT.xml Conf/Catalina/webappB with ROOT.xml Conf/Catalina/webappC with ROOT.xml Conf/Catalina/localhost manager.xml and host-manager.xml In server.xml: Host appBase=webappA name=webappA ... /Host Host appBase=webappB name=webappB ... /Host Host appBase=webappC name=webappC ... /Host We want to have the possibility, to reload every VHost seperatly by using the MANAGER App in every vhost. What have we to do? We don´t want to restart the whole windows service. 2nd question: How we can secure the manager app in every context only be accessed by special IP ranges? Greetings Alexander
AW: HowTo restart VHosts on 6.0.20
This seems not to work. I have copied the original manager.xml from /conf/Catalina/localhost to /conf/Catalina/webapp1/manager.xml 404 -Ursprüngliche Nachricht- Von: CBy-2 [mailto:tom...@byrman.demon.nl] Gesendet: Donnerstag, 14. Januar 2010 11:44 An: users@tomcat.apache.org Betreff: Re: HowTo restart VHosts on 6.0.20 Alexander Diedler wrote: We want to have the possibility, to reload every VHost seperatly by using the MANAGER App in every vhost. What have we to do? You can make the manager web app available by placing an XML fragment file with just the Context element in each Conf/Catalina/[virtual host] directory. Alexander Diedler wrote: 2nd question: How we can secure the manager app in every context only be accessed by special IP ranges? See Remote Host Filter in http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html -- View this message in context: http://old.nabble.com/HowTo-restart-VHosts-on-6.0.20-tp27158947p27159305.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: AW: HowTo restart VHosts on 6.0.20
Hmm ok. I copy the complete manager dir from webapps to C:\apps\webapps1 But I seems not to work, 404. Greetings Alexander -Ursprüngliche Nachricht- Von: CBy-2 [mailto:tom...@byrman.demon.nl] Gesendet: Donnerstag, 14. Januar 2010 13:21 An: users@tomcat.apache.org Betreff: Re: AW: HowTo restart VHosts on 6.0.20 markt-2 wrote: That isn't wrong - that is by design. The links on the manager page that lists deployed applications aren't guaranteed to work since there is no guarantee that a webapp will respond to an http GET request of /contextpath. Nearly all do, but the manager is one of the exceptions. True, but it can be a bit confusing and might be the reason why it didn't work for Alexander. -- View this message in context: http://old.nabble.com/HowTo-restart-VHosts-on-6.0.20-tp27158947p27160432.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk on Windows 2008 x64
Hi, I do several installations in the past with success for Windows 2003 and mod_jk with Apache Webserver, but now i am stopping at a Windows 2008 Server. The Apache Webserver don´t start during I add the lines for JkMount, JKLogfile, and worker.properties in the httpd.conf. The worker.properties resists in the same dir as the httpd.conf and has only one worker defiend. Is there are any known issue to use Apache 2.2.11 + Tomcat 6.0.18 + JDK x64 + and mod_jk 1.2.28 on this system? Greetings Alexander Diedler
AW: mod_jk on Windows 2008 x64
Hello, Yes, it is an AMD Opteron CPU with 64-Bit. I install the Apache Webserver in 32-bit Tomcat in 32 Bit, with 64-Bit tomcat6.exe Java JDK from Sun site in 64-bit Version mod_jk Binaries from the 32-bit folder of Tomcat FTP Server because there is no 64-bit mod_jk. Greetings Alexander Diedler Von: Rainer Jung [rainer.j...@kippdata.de] Gesendet: Dienstag, 7. Juli 2009 11:16 An: Tomcat Users List Betreff: Re: mod_jk on Windows 2008 x64 On 07.07.2009 10:07, Alexander Diedler wrote: Hi, I do several installations in the past with success for Windows 2003 and mod_jk with Apache Webserver, but now i am stopping at a Windows 2008 Server. The Apache Webserver don´t start during I add the lines for JkMount, JKLogfile, and worker.properties in the httpd.conf. The worker.properties resists in the same dir as the httpd.conf and has only one worker defiend. Is there are any known issue to use Apache 2.2.11 + Tomcat 6.0.18 + JDK x64 + and mod_jk 1.2.28 on this system? From your subject line I guess we are talking about a usual AMD/Intel 64 Bit system, not IA64 (Itanium)? Where did you get your 64 bit module from? As far as I know, we don't have any 64 bit binaries for mod_jk on the distribution site yet. Only the isapi versions for 64 bits are there yet. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: mod_jk on Windows 2008 x64
Hello, There were no errorlogs because the http Service failed to start without any more information. Alexander Diedler Von: Mark Thomas [ma...@apache.org] Gesendet: Dienstag, 7. Juli 2009 11:20 An: Tomcat Users List Betreff: Re: mod_jk on Windows 2008 x64 Alexander Diedler wrote: Hi, I do several installations in the past with success for Windows 2003 and mod_jk with Apache Webserver, but now i am stopping at a Windows 2008 Server. The Apache Webserver don´t start during I add the lines for JkMount, JKLogfile, and worker.properties in the httpd.conf. The worker.properties resists in the same dir as the httpd.conf and has only one worker defiend. And the error log says? Is there are any known issue to use Apache 2.2.11 + Tomcat 6.0.18 + JDK x64 + and mod_jk 1.2.28 on this system? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: mod_jk on Windows 2008 x64
Correct me if neccessary, but Tomcat is still available in 32bit, but to start with a 64-bit JRE the exe has to replace with a 64-Bit version. In some forums I found entries, that I have to copy from SVN repository the current tomcat5.exe, renamed it to Tomcat6.exe and everything works. But there is no problem with the tomcat server, the server is still running and available through Port 8080. But the mod_jk will not work. Greetings Alexander Diedler Von: Serge Fonville [serge.fonvi...@gmail.com] Gesendet: Dienstag, 7. Juli 2009 12:50 An: Tomcat Users List Betreff: Re: mod_jk on Windows 2008 x64 I install the Apache Webserver in 32-bit Tomcat in 32 Bit, with 64-Bit tomcat6.exe Java JDK from Sun site in 64-bit Version mod_jk Binaries from the 32-bit folder of Tomcat FTP Server because there is no 64-bit mod_jk. How do you install Tomcat in 32bit with an x64 exe and jdk? Also, have you tried compiling the software? HTH Regards, Serge Fonville - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Best-Choice HowTo Webhosing Apache + Tomcat
Hello, Can somebody provide me a good HowTo to install a commercial hosting server with Apache Webserver and Tomcat App Server and many Applications? Best Choise means the flexibility to add and remove and restart isolated webapps in the Tomcat without interferences the other webapps. Greetings Alexander Diedler smime.p7s Description: S/MIME cryptographic signature
AW: URL Auth Apache 2.2.11 + Tomcat 6.0.16
Hi, This task has been fixed. The Java class was very static and we re-design the auth method. Thanks for your help. -Ursprüngliche Nachricht- Von: Rainer Jung [mailto:rainer.j...@kippdata.de] Gesendet: Dienstag, 9. Juni 2009 11:05 An: Tomcat Users List Betreff: Re: URL Auth Apache 2.2.11 + Tomcat 6.0.16 On 08.06.2009 21:49, Alexander Diedler wrote: Hi, Since we modify our server to use mod_jk to serve sites there is an error with a Tomcat Action, that requires a HTML Auth. If we open the URL http://www.bla.de/?action=Import in a Browser, there is a Auth-Dialog to fill in Username and Passwort. This Username and Password seems to be hard coded in the action. If a scheduled Task try to excecute the Task there is a 401 Error java -cp D:\wwwroot\Java_shop\WEB-INF\classes com.j2dot.app.fv.ImportStandalone It is possible to add parameters in the cmd function? You need to find out, what kind of http client your cmd function uses. Many http clients support Basci authentication with username and password, but you would need to either configure your http client or somehow present the credentials to it. How this is done depends on the client you or your developers have chosen. Ask the question to the people who wrote com.j2dot.app.fv.ImportStandalone. Alternatively you could allow access to the URL from e.g. special client IPs without adding the need for username and password. This would help, in case you import client runs on few systems, which are assumed to be secure. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
Tomcat 6.0.18 access files case-insensitive
Hello, We have an Application based on IIS 6.0 and Tomcat 6.0.18. In this Application will be opened a PDF (href=start.PDF). In this PDF are many links to other documents, that will be opened in the browser. (KapA.PDF, KapB.PDF). Now the distributor deliver updatefiles with changing extensions or names. The link is KapA.PDF in the overview, but the file is called KapA.pdf on filesystem and Tomcat said 404 because PDF not equal pdf. Also it can be kapb.pdf in Overview and filesystem KAPB.PDF Is there are any option to disable case-sensitive on Tomcat or it is a base-feature of Java architecture? Greetings Alexander smime.p7s Description: S/MIME cryptographic signature
URL Auth Apache 2.2.11 + Tomcat 6.0.16
Hi, Since we modify our server to use mod_jk to serve sites there is an error with a Tomcat Action, that requires a HTML Auth. If we open the URL http://www.bla.de/?action=Import in a Browser, there is a Auth-Dialog to fill in Username and Passwort. This Username and Password seems to be hard coded in the action. If a scheduled Task try to excecute the Task there is a 401 Error java -cp D:\wwwroot\Java_shop\WEB-INF\classes com.j2dot.app.fv.ImportStandalone It is possible to add parameters in the cmd function? Greetings Alexander smime.p7s Description: S/MIME cryptographic signature
Renew SSL with Keytool for Tomcat 6.0.16
Hello, I have done everything as a do for the initial creating of certificate but it doesn´t works. First If i try to import the new X.509 cert into the Keystore (with the existing SSL cert for tomcat) there is an error like the public key doesn´t match the keystore. If i remove all certs from the keystore and import the trustedCA and the new SSL cert the file is to small (all other working .kdb files habe 4 KB, but the new has only 2KB) and if I try to open a SSL site with the new cert, nothing happens (no error, the loading was indicated bottom left in the status bar but no progress for 10 minutes). Here the new and old Keystore. There is a difference between the type of the first certificate. The original old expired cert is type PivateKeyEntry the current re-new and re-import SSL is type trustedCertEntry Why? It that the problem? What we are doing wrong? We use the same CSR for the re-new as for the initial import and buying. Keystore-Typ: JKS Keystore-Provider: SUN Ihr Keystore enthõlt 2 Eintrõge. tomcat, 25.05.2009, trustedCertEntry, Zertifikatsfingerabdruck (MD5): 41:B4:AC:B3:4F:F2:B2:67:EB:2F:8F:B3:D2:74:A8:F0 geotrustca, 25.05.2009, trustedCertEntry, Zertifikatsfingerabdruck (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4 D:\Keystorec:\Programme\Java\jre1.6.0_06\bin\keytool -list -storepass XX -keystore D:\Keystore\www__de.kdb Keystore-Typ: JKS Keystore-Provider: SUN Ihr Keystore enthõlt 2 Eintrõge. tomcat, 11.06.2008, PrivateKeyEntry, Zertifikatsfingerabdruck (MD5): 52:6E:74:EB:18:FE:13:61:8C:7C:F5:DA:A3:3D:08:DF geotrustca, 11.06.2008, trustedCertEntry, Zertifikatsfingerabdruck (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
Renew SSL Certificate
Hello all, We use a Tomcat 6.0.16 and the build-in Keystore technology for the SSL functionality. Now it is time to re-new the Certificate. We get an error by importing the certificate. Jara JRE 1.6.0_06 We use the Same SSL-Provider and bought the same SSL type and generate the SSL cert with the same CSR as 1 year ago. We copy ths certificate hash code in to a .pem file, and then transform it with C:\openssl\openssl x509 -in d:/Keystore/www_ site_de.pem -inform PEM -outform DER -out D:/Keystore/www_ site_de.crt And then try to import with keytool -import -alias tomcat -keystore your_keystore_filename \ -file your_certificate_filename But it not work. The error message is in german: Keytool-Fehler: java.lang.Exception: Íffentliche Schlüssel in Antwort und Keystore stimmen nicht überein. In english like Public key in answear and keystore doesn´t match. Greetings Alexander smime.p7s Description: S/MIME cryptographic signature
AW: Tomcat Cluster Deployment without WAR
Hello, No info about Deployment of Apps without war-Files? Greetings Alexander Von: Alexander Diedler [mailto:adied...@tecracer.de] Gesendet: Mittwoch, 13. Mai 2009 15:52 An: Tomcat Users List Betreff: Tomcat Cluster Deployment without WAR Hello, It is possible to make a Cluster Deployment without WAR Files? WatchDir is F:\inetpub\wwwroot if there is something changed, it should be deployed to all other cluster nodes. Mit freundlichen Grüßen tecRacer GmbH Co. KG Alexander Diedler Softwareentwicklung und Netzwerksicherheit Vahrenwalder Str. 156 30165 Hannover Telefon: 0511 59095-950 Durchwahl: 0511 59095-919 Fax: 0511 59095-590 Mobil: 0172 5134664 E-Mail: adied...@tecracer.de Internet: http://www.tecracer.de http://www.tecracer.de/ Registergericht Hannover HRA 200331 Geschäftsführer: Markus P. Herrlich, Sven Ramuschkat, Torsten Höpfner Kompl: tecRacer Verwaltungs GmbH, Hannover HRB 200935 * E-Mails sparen Zeit; sie nicht auszudrucken, spart Bäume. smime.p7s Description: S/MIME cryptographic signature
Tomcat Cluster Deployment without WAR
Hello, It is possible to make a Cluster Deployment without WAR Files? WatchDir is F:\inetpub\wwwroot if there is something changed, it should be deployed to all other cluster nodes. Mit freundlichen Grüßen tecRacer GmbH Co. KG Alexander Diedler Softwareentwicklung und Netzwerksicherheit Vahrenwalder Str. 156 30165 Hannover Telefon: 0511 59095-950 Durchwahl: 0511 59095-919 Fax: 0511 59095-590 Mobil: 0172 5134664 E-Mail: adied...@tecracer.de Internet: http://www.tecracer.de http://www.tecracer.de/ Registergericht Hannover HRA 200331 Geschäftsführer: Markus P. Herrlich, Sven Ramuschkat, Torsten Höpfner Kompl: tecRacer Verwaltungs GmbH, Hannover HRB 200935 * E-Mails sparen Zeit; sie nicht auszudrucken, spart Bäume. smime.p7s Description: S/MIME cryptographic signature
Apache 2.2 Tomcat 6.0 on Debian
Hello, I got the SSL configuration not to work: In my 000-default in /apache2/sites-enabled/: NameVirtualHost *:80 Virtual Host *:80 ServerName www.test2.de . /VirtualHost Virtual Host *:80 ServerName www.test3.de . /VirtualHost NameVirtualHost *:443 VirtualHost *:443 ServerName www.test2.de [Certfile test2.de] /VirtualHost VirtualHost *:443 ServerName www.test3.de [Certfile test3.de] /VirtualHost Every Domain has it own IP address.If I use https://www.test2.de everything ok but if I use https://www.test3.de id said that the certificate is invalid, is only valid for test2.de and www.test2.de smime.p7s Description: S/MIME cryptographic signature
AW: AW: Permanent Redirect?
Hello, Yes it works with Tuckey.org but, what about http and https? In my urlrewrite.xml only this entry: urlrewrite rule from/(.*)$/from to type=redirecthttp://www.thenewserver.de/$1/to /rule /urlrewrite But if the user came from https he should also redirected to https://thenewserver.de/?someparameters Greetings Alexander -Ursprüngliche Nachricht- Von: Pid [mailto:p...@pidster.com] Gesendet: Donnerstag, 30. April 2009 11:51 An: Tomcat Users List Betreff: Re: AW: Permanent Redirect? Alexander Diedler wrote: Hmm.. Seems not to be work for me The target is a http://www.siteA.de/index.jsp?WERWERWERWERWER redirect to http://www.siteB.de/index.jsp?WERWERWERWERWER I download the package, unzip and put the new content to a new, empty docBase folder. I edit my ROOT.xml in SiteA point to this new folder and create an empty web.xml that contains only filter filter-nameUrlRewriteFilter/filter-name filter-classorg.tuckey.web.filters.urlrewrite.UrlRewriteFilter/filter-cla ss /filter filter-mapping filter-nameUrlRewriteFilter/filter-name url-pattern/*/url-pattern /filter-mapping But where I have to define, what is the target of the redirect? Have you read: http://tuckey.org/urlrewrite/manual/3.0/ p My Tomcat: [tomcat-base]/conf/Catalina/www.siteA.de/ROOT.xml (Context docBase point to D:\Inetpub\SiteA) [tomcat-base]/conf/Catalina/www.siteB.de/ROOT.xml (Context docBase point to D:\Inetpub\SiteA) [tomcat-base]/conf/Catalina/www.siteC.de/ROOT.xml (Context docBase point to D:\Inetpub\SiteA) Same DocBase because it is a CMS with the functionality to show different content for different domains. Server.xml: Connector protocol=org.apache.coyote.http11.Http11Protocol port=443 address=xxx.xxx.xxx.209 addressminSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=D:/Keystore/siteA.kdb keystorePass=changeit clientAuth=false sslProtocol=TLS/ Connector protocol=org.apache.coyote.http11.Http11Protocol port=443 address=xxx.xxx.xxx.210 addressminSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=D:/Keystore/siteB.kdb keystorePass=changeit clientAuth=false sslProtocol=TLS/ Connector protocol=org.apache.coyote.http11.Http11Protocol port=443 address=xxx.xxx.xxx.211 addressminSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=D:/Keystore/www_siteC.kdb keystorePass=changeit clientAuth=false sslProtocol=TLS/ If this is a very bad configuration, I am open for any better suggestions of you... Greetings Alexander Diedler -Ursprüngliche Nachricht- Von: Pid [mailto:p...@pidster.com] Gesendet: Montag, 27. April 2009 11:11 An: Tomcat Users List Betreff: Re: Permanent Redirect? Alexander Diedler wrote: Hello everybody, I have a question to implement a permanent redirect for an old domain to a new domain on the Tomcat 6.0.16 Server. It is definied in the server.xml as it own connector (for SSL) and now we want, that if we fill-in www.websiteA.de http://www.websiteA.de we will be redirected to www.websiteB.de http://www.websiteB.de automatically. A small webapp deployed in websiteA.de/ROOT that contains a servlet Filter which is coded to issue an appropriate redirect to the new URL. You could avoid rolling your own and try: tuckey.org/urlrewrite/ p Greetings Alexander - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: Multiple Context and Websites
-Ursprüngliche Nachricht- Von: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Gesendet: Donnerstag, 7. Mai 2009 15:54 An: Tomcat Users List Betreff: RE: Multiple Context and Websites From: Alexander Diedler [mailto:adied...@tecracer.de] Subject: AW: Multiple Context and Websites AD : But we want to use different Hostnames, it cannot be placed in the localhost? Just using different host names is a DNS issue; it does not require multiple Host elements in Tomcat. You only need multiple Hosts if you want separate sets of webapps for each domain. AD: Some Websites (Applications) should be hosted on this Tomcat e.g. applicationA.domain.de, applicationB.domain.de and every Website has it own directory on HDD. But it is not inside the Tomcat Folders. You still seem to be confusing webapps with domains. You can have multiple webapps for one domain, a single default webapp for each domain, or multiple webapps for each domain; all combinations are possible. What do you want? Can you provide a set of example URLs and the webapps you expect those URLs to reference? If you want a single default webapp for each domain, you'll need one Host element for each, with a separate appBase setting for each. Inside each appBase directory should be a ROOT subdirectory (or ROOT.war file) containing the webapp for that domain. The Context element for each should be in ROOT/META-INF/context.xml. You will also need to deploy a separate copy of the manager app for each Host. Yes, that it is what we want, to have one domain for one webapps. But also we want to have the possibility to start every webapp himself with the Tomcat Manager without to restart the other contexts (webapps). It is now more clearly? You definitely should read the link Hassan provided. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
Multiple Context and Websites
Hello, Something stupid to me, but it will not works. I want to have several webapps managed by Manager. Tomcat1.de and tomcat2.de point to the same Tomcat 6.0.18 server (edit Windows hosts-File). In the /conf/Catalina/localhost/ there are tomcat1.xml with this code: ?xml version='1.0' encoding='utf-8'? Context path=/tomcat1 reloadable=true docBase=C:\Inetpub\tomcat\Webseite1 distributable=true/Context and tomcat2.xml : ?xml version='1.0' encoding='utf-8'? Context path=/tomcat2 reloadable=true docBase=C:\Inetpub\tomcat\Webseite2 distributable=true/Context In the server.xml I add this lines: Host name=tomcat1.de appBase=/tomcat1 unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.FastCommonAccessLogValve directory=logs prefix=tomcat1_access_log. suffix=.txt pattern=combined resolveHosts=false/ /Host But a http://tomcat1.de:8080/ results a 400 Error but a http://localhost:8080/tomcat1/ show me the content of the Application. What´s wrong? I target is to have multiple Applications, that can be restarted with Tomcat Manager and will be opened by the URL http://tomcat1.de/ (without the /tomcat1 Prefix) Greetings Alexander smime.p7s Description: S/MIME cryptographic signature
AW: Multiple Context and Websites
-Ursprüngliche Nachricht- Von: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Gesendet: Donnerstag, 7. Mai 2009 15:20 An: Tomcat Users List Betreff: RE: Multiple Context and Websites From: Alexander Diedler [mailto:adied...@tecracer.de] Subject: Multiple Context and Websites In the /conf/Catalina/localhost/ there are tomcat1.xml with this code: ?xml version='1.0' encoding='utf-8'? Context path=/tomcat1 reloadable=true docBase=C:\Inetpub\tomcat\Webseite1 distributable=true/Context Take out the path attribute; it's not allowed. AD : Done and tomcat2.xml : ?xml version='1.0' encoding='utf-8'? Context path=/tomcat2 reloadable=true docBase=C:\Inetpub\tomcat\Webseite2 distributable=true/Context Take out the path attribute, it's not allowed. AD : Done In the server.xml I add this lines: Host name=tomcat1.de You may not need a second Host, depending on what you're really trying to achieve (which is not at all clear). AD : But we want to use different Hostnames, it cannot be placed in the localhost? But a http://tomcat1.de:8080/ results a 400 Error Which it should - you have no default application for that Host. http://localhost:8080/tomcat1/ show me the content of the Application. As it should, given your configuration. What´s wrong? Nothing so far. I target is to have multiple Applications, that can be restarted with Tomcat Manager and will be opened by the URL http://tomcat1.de/ (without the /tomcat1 Prefix) How do you expect to have multiple webapps opened by a single URL (that's what the above statement says)? What are you really trying to achieve? Do you want multiple hosts, each with a default webapp, or do you want multiple webapps for a single host? AD: Some Websites (Applications) should be hosted on this Tomcat e.g. applicationA.domain.de, applicationB.domain.de and every Website has it own directory on HDD. But it is not inside the Tomcat Folders. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: Permanent Redirect?
Hmm.. Seems not to be work for me The target is a http://www.siteA.de/index.jsp?WERWERWERWERWER redirect to http://www.siteB.de/index.jsp?WERWERWERWERWER I download the package, unzip and put the new content to a new, empty docBase folder. I edit my ROOT.xml in SiteA point to this new folder and create an empty web.xml that contains only filter filter-nameUrlRewriteFilter/filter-name filter-classorg.tuckey.web.filters.urlrewrite.UrlRewriteFilter/filter-class /filter filter-mapping filter-nameUrlRewriteFilter/filter-name url-pattern/*/url-pattern /filter-mapping But where I have to define, what is the target of the redirect? My Tomcat: [tomcat-base]/conf/Catalina/www.siteA.de/ROOT.xml (Context docBase point to D:\Inetpub\SiteA) [tomcat-base]/conf/Catalina/www.siteB.de/ROOT.xml (Context docBase point to D:\Inetpub\SiteA) [tomcat-base]/conf/Catalina/www.siteC.de/ROOT.xml (Context docBase point to D:\Inetpub\SiteA) Same DocBase because it is a CMS with the functionality to show different content for different domains. Server.xml: Connector protocol=org.apache.coyote.http11.Http11Protocol port=443 address=xxx.xxx.xxx.209 addressminSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=D:/Keystore/siteA.kdb keystorePass=changeit clientAuth=false sslProtocol=TLS/ Connector protocol=org.apache.coyote.http11.Http11Protocol port=443 address=xxx.xxx.xxx.210 addressminSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=D:/Keystore/siteB.kdb keystorePass=changeit clientAuth=false sslProtocol=TLS/ Connector protocol=org.apache.coyote.http11.Http11Protocol port=443 address=xxx.xxx.xxx.211 addressminSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=D:/Keystore/www_siteC.kdb keystorePass=changeit clientAuth=false sslProtocol=TLS/ If this is a very bad configuration, I am open for any better suggestions of you... Greetings Alexander Diedler -Ursprüngliche Nachricht- Von: Pid [mailto:p...@pidster.com] Gesendet: Montag, 27. April 2009 11:11 An: Tomcat Users List Betreff: Re: Permanent Redirect? Alexander Diedler wrote: Hello everybody, I have a question to implement a permanent redirect for an old domain to a new domain on the Tomcat 6.0.16 Server. It is definied in the server.xml as it own connector (for SSL) and now we want, that if we fill-in www.websiteA.de http://www.websiteA.de we will be redirected to www.websiteB.de http://www.websiteB.de automatically. A small webapp deployed in websiteA.de/ROOT that contains a servlet Filter which is coded to issue an appropriate redirect to the new URL. You could avoid rolling your own and try: tuckey.org/urlrewrite/ p Greetings Alexander - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: AW: Permanent Redirect?
Sure, but I found only a solution to redirect folders on the same domain, but not to rewrite/redirect a complete domain with URL parameters. -Ursprüngliche Nachricht- Von: Pid [mailto:p...@pidster.com] Gesendet: Donnerstag, 30. April 2009 11:51 An: Tomcat Users List Betreff: Re: AW: Permanent Redirect? Alexander Diedler wrote: Hmm.. Seems not to be work for me The target is a http://www.siteA.de/index.jsp?WERWERWERWERWER redirect to http://www.siteB.de/index.jsp?WERWERWERWERWER I download the package, unzip and put the new content to a new, empty docBase folder. I edit my ROOT.xml in SiteA point to this new folder and create an empty web.xml that contains only filter filter-nameUrlRewriteFilter/filter-name filter-classorg.tuckey.web.filters.urlrewrite.UrlRewriteFilter/filter-cla ss /filter filter-mapping filter-nameUrlRewriteFilter/filter-name url-pattern/*/url-pattern /filter-mapping But where I have to define, what is the target of the redirect? Have you read: http://tuckey.org/urlrewrite/manual/3.0/ p My Tomcat: [tomcat-base]/conf/Catalina/www.siteA.de/ROOT.xml (Context docBase point to D:\Inetpub\SiteA) [tomcat-base]/conf/Catalina/www.siteB.de/ROOT.xml (Context docBase point to D:\Inetpub\SiteA) [tomcat-base]/conf/Catalina/www.siteC.de/ROOT.xml (Context docBase point to D:\Inetpub\SiteA) Same DocBase because it is a CMS with the functionality to show different content for different domains. Server.xml: Connector protocol=org.apache.coyote.http11.Http11Protocol port=443 address=xxx.xxx.xxx.209 addressminSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=D:/Keystore/siteA.kdb keystorePass=changeit clientAuth=false sslProtocol=TLS/ Connector protocol=org.apache.coyote.http11.Http11Protocol port=443 address=xxx.xxx.xxx.210 addressminSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=D:/Keystore/siteB.kdb keystorePass=changeit clientAuth=false sslProtocol=TLS/ Connector protocol=org.apache.coyote.http11.Http11Protocol port=443 address=xxx.xxx.xxx.211 addressminSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=D:/Keystore/www_siteC.kdb keystorePass=changeit clientAuth=false sslProtocol=TLS/ If this is a very bad configuration, I am open for any better suggestions of you... Greetings Alexander Diedler -Ursprüngliche Nachricht- Von: Pid [mailto:p...@pidster.com] Gesendet: Montag, 27. April 2009 11:11 An: Tomcat Users List Betreff: Re: Permanent Redirect? Alexander Diedler wrote: Hello everybody, I have a question to implement a permanent redirect for an old domain to a new domain on the Tomcat 6.0.16 Server. It is definied in the server.xml as it own connector (for SSL) and now we want, that if we fill-in www.websiteA.de http://www.websiteA.de we will be redirected to www.websiteB.de http://www.websiteB.de automatically. A small webapp deployed in websiteA.de/ROOT that contains a servlet Filter which is coded to issue an appropriate redirect to the new URL. You could avoid rolling your own and try: tuckey.org/urlrewrite/ p Greetings Alexander - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
Permanent Redirect?
Hello everybody, I have a question to implement a permanent redirect for an old domain to a new domain on the Tomcat 6.0.16 Server. It is definied in the server.xml as it own connector (for SSL) and now we want, that if we fill-in www.websiteA.de we will be redirected to www.websiteB.de automatically. Greetings Alexander smime.p7s Description: S/MIME cryptographic signature
AW: Permanent Redirect?
I think the ways seems to be right. It has to be a safe procedure, that a http://www.websiteA.de/index.cfm?uuid=230942iwpofiswfksdsdf has to be redirected with the same URL Parameters to the http://www.websiteB.de/index.cfm?uuid=230942iwpofiswfksdsdf in Tomcat. We have to implement a new SSL Certificate with the new Domain, that is already known. Greetings Alexander -Ursprüngliche Nachricht- Von: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Gesendet: Montag, 27. April 2009 11:14 An: Tomcat Users List Betreff: RE: Permanent Redirect? From: Pid [mailto:p...@pidster.com] Subject: Re: Permanent Redirect? A small webapp deployed in websiteA.de/ROOT that contains a servlet Filter which is coded to issue an appropriate redirect to the new URL. Since this is over SSL, will there be certificate problems in trying to do the above? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
Best Practise Apache + Tomcat + Multiple Hosts
Hello, Is there are a small how-to to configure a hosting server with multiple Tomcat Contexts? e.g.: http://www.test1.de - Tomcat Context /test1 http://www.test2.de - Tomcat Context /test2 . Greetings Alexander smime.p7s Description: S/MIME cryptographic signature
Tomcat 6.x Proxy Authentication
Hello, We have a Tomcat Application, which has to communicate through a Proxy Server with authentication. Should be the authentication done in the Java Class or it is possible to configure Tomcat for Proxy Authentication? Alex smime.p7s Description: S/MIME cryptographic signature
Mod_jk and SSL not working together
Hello, I have a Apache 2.0.63 Webserver and Tomcat 6.0 and use mod_jk. The server don´t uses the JKMount if I use https. http://www.mysite.de shows me correctly the mounted Webapps from Tomcat. https://www.mysite.de shows me the Apache Webserver Startpage and every URL command shows me a 404 . Where I have to define something for the SSL and mod_jk? My httpd.conf LoadModule ssl_module modules/mod_ssl.so ### Apache Tomcat Connector ### LoadModule jk_module modules/mod_jk.so JkWorkersFile conf/worker.properties JkLogFile logs/mod_jk.log JkLogLevel warn JkMount /* tomcat-worker1 JkOptions +ForwardURICompatUnparsed # This was unchanged because the Tomcat Webapps is used. DocumentRoot C:/Programme (x86)/Apache Group/Apache2/htdocs # # Bring in additional module-specific configurations # IfModule mod_ssl.c Include conf/ssl.conf /IfModule No Virtual Host has been defined! It is better to use a Virtual Host? Greetings Alexander smime.p7s Description: S/MIME cryptographic signature
AW: mod_jk and Named URLs
Hello, Hmm in Apache 2.0.xx and mod_jk same issue... That’s bad,.. it should be possible to use / in URLS Alex -Ursprüngliche Nachricht- Von: Rainer Jung [mailto:rainer.j...@kippdata.de] Gesendet: Dienstag, 3. März 2009 14:38 An: Tomcat Users List Betreff: Re: mod_jk and Named URLs On 03.03.2009 13:39, Alexander Diedler wrote: Hello, There are a functionalliity, that I don´t understand. We have a Tomcat 6.0.18 installed with mod_jk connected to a IIS 5.0. The CMS uses namedURLs like http://[blabla]/company/menuitem1/ . In the Tomcat everything works fine but the IIS and mod_jk don´t serve the following URLS : The menuitem is called Bugs/Features/ the URL is now http://[blabla]/go/Bugs/Features/;. So the slash between Bugs and Features will be interpreted as a Menuitem separator, but is not correct. In the mod_jk.log we can find: [Tue Mar 03 12:29:55.075 2009] [4148:504] [emerg] HttpFilterProc::jk_isapi_plugin.c (1877): [/go/Bugs/Features/] contains forbidden escape sequences. What we have to do that the IIS seems to look up for the coorect NamedURL? It seems your URLs contained either encoded slashes (%2f) or encoded null bytes (%00). Both are not allowed by the iis isapi redirector because of security reasons. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
Basic IIS Authentication
Hello everybody, I have a webservice created, who has to fill-out a remote form on a website to publish articles remotely. Now the Server has an IIS with Basic Authentication and in my Java File, I get 401 - Access denied. Has somebody a simple example to fill-out a form? Greetings Alexander
IIS 6 + Tomcat 6.0 + ISAPI + SSL
Hello, I have some question, it is possible to make SSL with an Tomcat project, which will be served trough the ISAPI Filter in IIS? Open with http Port 80 is fine, but open with https .. Page cannot be found will be displayed. Greetings Alexander
WG: ISAPI_REDIRECT on AMD Opteron x64
Additional infos: I have set the Switch to true I re-installed Apache Tomcat-6.0.18.exe complete new. I use a JRE 1.6.0 32 Bit in tomcat6w.exe and I use isapi_redirect.1.2.27.dll. After I add the ISAPI Filter tot he Website I found this messages in the Event Viewer: Source : W3SVC-WP Event ID : 2214 The HTTP Filter DLL C:\tomcat_connector\isapi_redirect.dll failed to load. The data is the error. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Source : W3SVC-WP Event ID : 2268 AND Could not load all ISAPI filters for site/service. Therefore startup aborted. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. -Ursprüngliche Nachricht- Von: Alexander Diedler [mailto:adied...@tecracer.de] Gesendet: Dienstag, 16. Dezember 2008 14:21 An: Tomcat Users List Betreff: AW: ISAPI_REDIRECT on AMD Opteron x64 Hello, It seems tob e a problem with the cscript.exe adsutil.vbs set W3SVC/AppPools/Enable32BitAppOnWin64 True Switch. If this is true, it doesn´t work with the x64 and not with the x32 Bit Version. I need this switch because another application Server needs tob e run IIS in this mode. Any suggestions? -Ursprüngliche Nachricht- Von: Rainer Jung [mailto:rainer.j...@kippdata.de] Gesendet: Dienstag, 2. Dezember 2008 11:42 An: Tomcat Users List Betreff: Re: ISAPI_REDIRECT on AMD Opteron x64 Alexander Diedler schrieb: Hello everybody, I have installed many, many servers with Windows 2003 R2 x64 and Intel CPUs and IIS and Tomcat with ISAPI Connector and it works great. But now I have a hosting server with an AMD Opteron Quad Core 1352 2 ,1Ghz CPU and installed Windows 2003 Server R2 Standard. I make the same steps as on all other systems, but the event log said to me if I try to open a page in the IIS: Source: W3SVC-WP Type: error Code : 2274 The ISAPI-Filter C:\tomcat_connector\isapi_redirect.dll doesn´t load through a configuration problem. The current cpu architecture supports only x86-based configuration. The ISAPI Filter in IIS show me the red arrow down =:o( But I have added the Virtual Directory Jakarta to the website and point to the isapi_redirect.dll, add the Website extension to the index files and in the Website-properties I added the DLL to the configuration dialog for Filters. I have loaded the 64Bit ISAPIFilter AMD64 archtecture from the Tomcat Project Page. Has anybody the same problem or any solution for me? Your error message suggests, that http://support.microsoft.com/kb/894435 contains the solution (you are running IIS in 32 Bit mode, so either switch to 64Bit mode or use the 32 Bit ISAPI Redirector). Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: ISAPI_REDIRECT on AMD Opteron x64
Hello, It seems tob e a problem with the cscript.exe adsutil.vbs set W3SVC/AppPools/Enable32BitAppOnWin64 True Switch. If this is true, it doesn´t work with the x64 and not with the x32 Bit Version. I need this switch because another application Server needs tob e run IIS in this mode. Any suggestions? -Ursprüngliche Nachricht- Von: Rainer Jung [mailto:rainer.j...@kippdata.de] Gesendet: Dienstag, 2. Dezember 2008 11:42 An: Tomcat Users List Betreff: Re: ISAPI_REDIRECT on AMD Opteron x64 Alexander Diedler schrieb: Hello everybody, I have installed many, many servers with Windows 2003 R2 x64 and Intel CPUs and IIS and Tomcat with ISAPI Connector and it works great. But now I have a hosting server with an AMD Opteron Quad Core 1352 2 ,1Ghz CPU and installed Windows 2003 Server R2 Standard. I make the same steps as on all other systems, but the event log said to me if I try to open a page in the IIS: Source: W3SVC-WP Type: error Code : 2274 The ISAPI-Filter C:\tomcat_connector\isapi_redirect.dll doesn´t load through a configuration problem. The current cpu architecture supports only x86-based configuration. The ISAPI Filter in IIS show me the red arrow down =:o( But I have added the Virtual Directory Jakarta to the website and point to the isapi_redirect.dll, add the Website extension to the index files and in the Website-properties I added the DLL to the configuration dialog for Filters. I have loaded the 64Bit ISAPIFilter AMD64 archtecture from the Tomcat Project Page. Has anybody the same problem or any solution for me? Your error message suggests, that http://support.microsoft.com/kb/894435 contains the solution (you are running IIS in 32 Bit mode, so either switch to 64Bit mode or use the 32 Bit ISAPI Redirector). Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ISAPI_REDIRECT on AMD Opteron x64
Hello everybody, I have installed many, many servers with Windows 2003 R2 x64 and Intel CPUs and IIS and Tomcat with ISAPI Connector and it works great. But now I have a hosting server with an AMD Opteron Quad Core 1352 2 ,1Ghz CPU and installed Windows 2003 Server R2 Standard. I make the same steps as on all other systems, but the event log said to me if I try to open a page in the IIS: Source: W3SVC-WP Type: error Code : 2274 The ISAPI-Filter C:\tomcat_connector\isapi_redirect.dll doesn´t load through a configuration problem. The current cpu architecture supports only x86-based configuration. The ISAPI Filter in IIS show me the red arrow down =:o( But I have added the Virtual Directory Jakarta to the website and point to the isapi_redirect.dll, add the Website extension to the index files and in the Website-properties I added the DLL to the configuration dialog for Filters. I have loaded the 64Bit ISAPIFilter AMD64 archtecture from the Tomcat Project Page. Has anybody the same problem or any solution for me?
Apache HTTP + Tomcat + SSL
Hello, What ist he best-practice to use SSL with a Frontend Apache Webserver and a mod_jk connected Tomcat? Define the SSL in Tomcat or in Apache Frontend? Has the SSL functions to be enabled on Tomcat? Greetings AlexD.
RE: Debian + Apache 2.2 + Tomcat 5.5
Ok, It could be a good advice and a better choice to begin from the beginning *G* -Original Message- From: Kees Jan Koster [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 7:40 PM To: Tomcat Users List Subject: Re: Debian + Apache 2.2 + Tomcat 5.5 Dear Alex, The debian Tomcat package is notoriously hard to use. In your shoes I would switch to a normal Tomcat server from apache.org. In /usr/share/tomcat5.5-webapps/ I move the folder ROOT to ROOT_BACK and move my App folder shop_v1 to ROOT After that and a restart of Tomcat... nothing will be browseable.. not index.jsp nor test.jsp within ROOT with simple hello... The message HTTP 404 The requested resource (/) is not available. Try /index.jsp and see if that works. If it does, check the welcome file list in your web.xml. -- Kees Jan http://java-monitor.com/forum/ [EMAIL PROTECTED] 06-51838192 Human beings make life so interesting. Do you know that in a universe so full of wonders, they have managed to invent boredom. Quite astonishing... -- Terry Partchett - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Debian + Apache 2.2 + Tomcat 5.5
Hello, I have a problem to integrate my own Application into the Tomcat Server. The mod_jk works fine. If I open http://127.0.0.1 I see the Tomcat Start Page. Where I have to place my webapp and where I have to change some files to make my Application available onto the server? I have a Debian 4.05 with Apache 2.2.5 and Tomcat 5.5.20 from Debian .deb packages installed per default. Greetings Alexander Diedler
Debian + Apache 2.2 + Tomcat 5.5
Hello, I have a problem to integrate my own Application into the Tomcat Server. The mod_jk works fine. If I open http://127.0.0.1 I see the Tomcat Start Page. Where I have to place my webapp and where I have to change some files to make my Application available onto the server? I have a Debian 4.05 with Apache 2.2.5 and Tomcat 5.5.20 from Debian .deb packages installed per default. Greetings Alexander Diedler
RE: Debian + Apache 2.2 + Tomcat 5.5
Hello, Hmm.. In /usr/share/tomcat5.5-webapps/ I move the folder ROOT to ROOT_BACK and move my App folder shop_v1 to ROOT After that and a restart of Tomcat... nothing will be browseable.. not index.jsp nor test.jsp within ROOT with simple hello... The message HTTP 404 The requested resource (/) is not available. Alex -Original Message- From: Serge Fonville [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 11:22 AM To: Tomcat Users List Subject: Re: Debian + Apache 2.2 + Tomcat 5.5 When deploying an application you can either place a war in the webapps directory, copy the files to a directory in the webapps directory of if you are hosting a simple website use the ROOT directory in you webapps directory.It is advisable to change the appBase attribute in the host element inside your server.xml Regards, Serge Fonville On Fri, Nov 14, 2008 at 11:14 AM, Alexander Diedler [EMAIL PROTECTED]wrote: Hello, I have a problem to integrate my own Application into the Tomcat Server. The mod_jk works fine. If I open http://127.0.0.1 I see the Tomcat Start Page. Where I have to place my webapp and where I have to change some files to make my Application available onto the server? I have a Debian 4.05 with Apache 2.2.5 and Tomcat 5.5.20 from Debian .deb packages installed per default. Greetings Alexander Diedler - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]