Re: Tomcat Connection Pool Problems with XtraBackup

2014-10-13 Thread John Smith
On Sun, Oct 12, 2014 at 5:56 AM, Stefan Mayr ste...@mayr-stefan.de wrote: Hi John, Am 11.10.2014 23:30, schrieb John Smith: I'm trying to workout a managed backup scheme on a MySQL production database with XtraBackup. According to our DBA, XtraBackup doesn't lock the database, but issues

Re: Windows Tomcat install folder

2014-10-13 Thread John Smith
I don't know about the recommended way, but personally I hate the SPACE in Program Files, so I definitely prefer the 2nd option. Same, I don't even bother with the second level directory. I just install to c:\apache-tomcat...

Tomcat Connection Pool Problems with XtraBackup

2014-10-11 Thread John Smith
I'm trying to workout a managed backup scheme on a MySQL production database with XtraBackup. According to our DBA, XtraBackup doesn't lock the database, but issues a series of SHOW TABLE STATUS commands and then works on the file system level. Still, just as XtraBackup runs my logs start to blow

Re: Daily catalina.out has thousands of NPEs

2014-08-27 Thread John Smith
You haven't really provided any information, here. Please post full stack traces. You might want to do something like catch NPE around the area(s) where they are being thrown, and log information about the requests that are causing them. It may be something like a web search crawler

Daily catalina.out has thousands of NPEs

2014-08-22 Thread John Smith
TC 7.0.54, RHEL 6, JDK 1.7.0_60. I have two RH servers with one instance of TC on each, set up for clustering. There's a HWLB routing 80 to 8080 with 5 min sticky sessions. My daily catalina logs are set up to just show SEVERE errors, every day they average about *30mb* per server with the same

Re: java.lang.IllegalArgumentException at java.nio.Buffer.limit

2014-08-22 Thread John Smith
Smith tomcat.ran...@gmail.com wrote: On Fri, Aug 8, 2014 at 9:10 AM, John Smith tomcat.ran...@gmail.com javascript:; wrote: On Thu, Aug 7, 2014 at 5:28 PM, Filip Hanik fi...@hanik.com javascript:; wrote: if you could capture the XML that you are trying to write, we can put

Re: java.lang.IllegalArgumentException at java.nio.Buffer.limit

2014-08-18 Thread John Smith
On Fri, Aug 8, 2014 at 9:10 AM, John Smith tomcat.ran...@gmail.com wrote: On Thu, Aug 7, 2014 at 5:28 PM, Filip Hanik fi...@hanik.com wrote: if you could capture the XML that you are trying to write, we can put it into a test case and reproduce. Filip I'll try that -- I should be able

Re: java.lang.IllegalArgumentException at java.nio.Buffer.limit

2014-08-08 Thread John Smith
What's on line 182 of AbstractServlet.java? -Terence Bandoian It's the out.write(xml); line.

java.lang.IllegalArgumentException at java.nio.Buffer.limit

2014-08-07 Thread John Smith
TC 7.0.54 / RHEL 6 / JDK 1.7.0_60 I'm getting a pretty consistent error in my logs that started showing up recently. I use logback and have a servlet catch all 500 errors and log them. The error seems to be associated with one servlet that writes XML output. Two changes I made recently were

Re: Restricting SSL access within webapp

2014-08-05 Thread John Smith
All, Thanks for the thoughtful advice and replies. To answer a few questions, belatedly, yes it would be an option to move the admin tools to another instance of TC, as Leo suggested -- in a way a better one, since it wouldn't need session replication, could exist on a single server since the

Re: JKS keystore password Encryption

2014-08-05 Thread John Smith
You may find Wiki also useful: http://wiki.apache.org/tomcat/FAQ/Password -Ognjen Write your own datasource implementation which wraps your datasource and obscure your brains out (XOR http://en.wikipedia.org/wiki/XOR_cipher and ROT13 http://en.wikipedia.org/wiki/ROT13 are great

SSL redirect problems

2014-08-01 Thread John Smith
TC 7.0.54 / RHEL 6 I have two physical servers, each running an instance of TC. The servers are behind a hardware loadbalancer. IPTables is routing request on 80 to 8080. Tomcat runs under a non-root user. All good. I needed to protect an area of our webapp under SSL. Went ahead and installed

Re: SSL redirect problems

2014-08-01 Thread John Smith
TC 7.0.54 / RHEL 6 I have two physical servers, each running an instance of TC. The servers are behind a hardware loadbalancer. IPTables is routing request on 80 to 8080. This seems unnecessary. If you have a hardware load balancer in front of Tomcat, it is the only thing that

Re: SSL redirect problems

2014-08-01 Thread John Smith
Not contradicting anything Daniel is saying, but maybe something to add, and maybe that's the missing part of the original puzzle : If Tomcat is expecting HTTPS requests on port 8443, then any re-direct or response that it is sending back is going to include that port number after the

Re: SSL redirect problems

2014-08-01 Thread John Smith
On Fri, Aug 1, 2014 at 11:54 AM, Mark Thomas ma...@apache.org wrote: On 01/08/2014 16:30, Daniel Mikusa wrote: You probably want the SSL certificate installed on your hardware load balancer. End client's browsers are going to connect to the hardware load balancer, not Tomcat. Thus you'd

Re: SSL redirect problems

2014-08-01 Thread John Smith
No, I am not really going that far. I am suggesting that that may be the kind of thing that is happening, and that you may want to investigate with a browser plugin, that the requests/responses are really what you are expecting. Your initial explanation was a bit confusing and lacking in

Re: SSL redirect problems

2014-08-01 Thread John Smith
As your testing keep this process in mind. If you encounter a problem just try to break down the flow from your browser to the server and back. If you look at the request at each hop through this process, you can often find where things went wrong. For example, did the request hit the LB?

Re: SSL redirect problems

2014-08-01 Thread John Smith
Is your LB configured to listen on 8443, or on 443? It won't pick up the port it's supposed to listen on from the TC instances; you have to specify it. Nailed it. Simplest solution, I didn't even consider it. Thanks, John

Re: SSL redirect problems

2014-08-01 Thread John Smith
There is no response, since you are not even able to connect to that IP:port. If you are using the IP of the LB, then the LB is not accepting connections on port 8443. You won't get much further, unless you solve that first. But I thought that you wanted your users to access via port 443

Restricting SSL access within webapp

2014-08-01 Thread John Smith
In my webapp there's a directory '/admin' that's protected under SSL. Users are forced to use SSL via a security constraint in web.xml. It works great. As mentioned in the docs and other places, it would be good to prevent SSL everywhere else on the site, but I searched around and couldn't find

Re: SSL redirect problems

2014-08-01 Thread John Smith
Thanks for letting us know what the issue was; many people never come back and tell us what fixed it. My pleasure. This list is awesome.

Re: SSL redirect problems

2014-08-01 Thread John Smith
TLS is layer 5 so if the LB is operating at layer 4 it can't host the cert. Some LBs can operate at layer 5 so it will depend on your LB and/or its configuration. Mark I see. That's good to know. The LB is at 7.

Re: Restricting SSL access within webapp

2014-08-01 Thread John Smith
On Fri, Aug 1, 2014 at 4:34 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: John Smith [mailto:tomcat.ran...@gmail.com] Subject: Restricting SSL access within webapp What's the correct way to selectively restrict https to only one area of a webapp? Why would you want

Re: TC7 and SSL Questions

2014-07-28 Thread John Smith
On Thu, Jul 24, 2014 at 6:24 PM, Ognjen Blagojevic ognjen.d.blagoje...@gmail.com wrote: John, On 24.7.2014 21:11, John Smith wrote: 1. Can I specify /admin/* as a security constraint url pattern so that only that directory runs under SSL? Yes, you can. 2. The NIO connector

TC7 and SSL Questions

2014-07-24 Thread John Smith
TC 7.0.54 / JDK 1.7.0_60 / RHEL 6 My webapp is the only one on my TC install. It's in webapps/ROOT. Iptables routes 80 to 8080 and I'm using the NIO connector. There are two physical servers with that same webapp, using session replication. Everything works great. There's a subdirectory /admin

Re: SSL on one subdirectory only.

2014-05-29 Thread John Smith
On Tue, May 27, 2014 at 2:21 PM, Mark Thomas ma...@apache.org wrote: On 27/05/2014 17:31, John Smith wrote: Tomcat 7.0.42, RHEL6, JDK1.7.0_25, Standalone TC configuration. IPTABLES route port 80 to 8080 I've got a subdirectory like 'www.mysite.com/admin' that I want to put under FORM

Re: SSL on one subdirectory only.

2014-05-29 Thread John Smith
2. With the SSL connector enabled, https://* is globally respected on the entire webapp. Do I need to manually check the URL/protocol to deny or redirect https to http outside of '/admin'? Is there any built in TC mechanism or suggested best practice to handle this? or should I not care?

SSL on one subdirectory only.

2014-05-27 Thread John Smith
Tomcat 7.0.42, RHEL6, JDK1.7.0_25, Standalone TC configuration. IPTABLES route port 80 to 8080 I've got a subdirectory like 'www.mysite.com/admin' that I want to put under FORM based authentication. That's clear enough, and I've got the java keytool cert working well enough on my dev box until I

Re: PooledConnection.getConnection - Tomcat JDBC Pool

2014-03-25 Thread John Smith
If that is the case the tomcat jdbc pooling library handling the call incorrectly and its a bug. I'd be suspect of this. Are you actually using *org.apache.tomcat.jdbc.pool*? Since it's a Tomcat module it seems an odd choice to use outside of Tomcat.

Re: Concurrency - Servlet created instances accessing static classes

2014-03-25 Thread John Smith
If the method is thread-safe - no issue. If it isn't thread-safe then you have a problem. Mark Thanks Mark - Clearly and succinctly explained. Best, John

Re: Concurrency - Servlet created instances accessing static classes

2014-03-25 Thread John Smith
First terminology problem: class X isn't instantiated here, an object of type class X is instantiated. As Matisse once said, exactitude is not truth. This sort of hair splitting isn't helpful. Say Class X is instantiated to a thousand programmers and they'll understand that it means an

Re: Concurrency - Servlet created instances accessing static classes

2014-03-25 Thread John Smith
You must have been fun to have as a student. Student is a vague term. Student of which grade, which subject? Student of a trade? Student of life? Unfortunately your lack of exactness means I can't understand your joke :) (I was an even worse employee) - John

Re: PooledConnection.getConnection - Tomcat JDBC Pool

2014-03-25 Thread John Smith
On Tue, Mar 25, 2014 at 9:54 AM, Filip Hanik fi...@hanik.com wrote: Please open a bug, and we will get this taken care of. I do have one question,Aries library, on which call does it expect to return the connection to the pool? XAConnection.close() or XAConnection.getConnection().close(); ?

Re: Can we increase the logging in localhost_access.log

2014-03-25 Thread John Smith
We see 404 error in localhost_access so this the place from where we can dig into. Is there any way we can enhance the logging/information in localhost_access_log. Or then how can debug what happens between user requests and 404 response,? Outside of performance monitoring tools, you might

Concurrency - Servlet created instances accessing static classes

2014-03-24 Thread John Smith
I should know this, but I want to confirm with smarter people on the board. Assume the following: 1. Servlet receives an HTTP POST request. doPost(...) is called. 2. doPost(..) instantiates class X with each request 3. Class X calls a static method of class Y Assuming I have no synchronization

Re: Effects of turning off sendFile in the NIO connector

2014-03-23 Thread John Smith
MGwhen you enable sendfile support with request attr org.apache.tomcat.sendfile.support = true MGYou will need to set these 3 header attributes org.apache.tomcat.sendfile.filename: Canonical filename of the file which will be sent as a String org.apache.tomcat.sendfile.start: Start

Re: Effects of turning off sendFile in the NIO connector

2014-03-23 Thread John Smith
John The consequences for disabling sendFile are extremely hard to quantify as there are so many variables. I would normally expect there to be more CPU load but how much more? No idea. It might be impossible to detect, it might leaver your CPUs pegged at 100%. The only way you will know

Effects of turning off sendFile in the NIO connector

2014-03-22 Thread John Smith
What effect would setting useSendfile=false have on a web application using the NIO connector? I'm asking because I may want to use gzip compression in the connector. The docs state: *There is a tradeoff between using compression (saving your bandwidth) and using the sendfile feature (saving your

Re: Site down for maintenance senario

2014-03-17 Thread John Smith
Deploy a ROOT web application whose 404 page says Down for maintenance. You could even customize this kind of thing to only respond to certain URL-prefixes (like [ROOT]/mywebapp/*). What will you do while Tomcat is restarting, though, if you have to restart? Restarts take about a second or

Hosting recommendations

2014-03-17 Thread John Smith
We're getting killed by our hosting provider (RS) over bandwidth issues. I swear we scoped this out but somehow were over our agreement by an alarming amount. Our daily bandwidth looks like this: http://s17.postimg.org/btl0sj3jz/rs_traffic.png That's ~4T/day in bandwidth. I know it's a little

Re: tomcat-native libraries

2014-03-17 Thread John Smith
Installing the native library will make a difference. Whether the difference is large enough to notice depends very much on your application. If you want to improve your application's performance I suspect your time would be better spent with a profiler to see where the bottlenecks are in

Re: Hosting recommendations

2014-03-17 Thread John Smith
On Mon, Mar 17, 2014 at 9:55 AM, Mark Thomas ma...@apache.org wrote: On 17/03/2014 13:41, John Smith wrote: We're getting killed by our hosting provider (RS) over bandwidth issues. I swear we scoped this out but somehow were over our agreement by an alarming amount. Our daily

Re: Hosting recommendations

2014-03-17 Thread John Smith
On Mon, Mar 17, 2014 at 10:25 AM, Mikolaj Rydzewski m...@ceti.pl wrote: On 17.03.2014 15:15, John Smith wrote: 1. Yes, we have ~500,000 visitors per day, and the site is based around a very popular game that is very data intensive (users creating, browsing and loading levels and replays

Site down for maintenance senario

2014-03-12 Thread John Smith
Is there a straightforward way to toggle or add something in Tomcat, in the event a webapp is intentionally taken 'offline for maintenance? The user would receive the same single notification page saying as much, for any and all requests. Tomcat 7.0.42

Re: NIO connector - connections and threads

2014-03-10 Thread John Smith
Smith tomcat.ran...@gmail.com: Sorry, forgot: Tomcat 7.0.42 On Fri, Mar 7, 2014 at 3:59 PM, John Smith tomcat.ran...@gmail.com wrote: The NIO connector has two attributes from the standard HTTP Connector implementation, maxConnections and maxThreads with defaults of 1 and 200

Executor thread pool

2014-03-10 Thread John Smith
How dumb am I being by not using an Executor with a named thread pool? Currently I just have a Connector in server.xml: Connector port=8080 protocol=org.apache.coyote.http11.Http11NioProtocol connectionTimeout=2 redirectPort=8443 / Assuming ~2000

Re: NIO connector - connections and threads

2014-03-10 Thread John Smith
On Mon, Mar 10, 2014 at 11:48 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: John Smith [mailto:tomcat.ran...@gmail.com] Subject: Re: NIO connector - connections and threads Don't top post. So are the open HTTP connections that use my web application code waiting

Re: NIO connector - connections and threads

2014-03-10 Thread John Smith
Collecting some peak usage data might be interesting. You definitely want your max thread limit to be a bit above the number of concurrent requests you're handling. Of course, that has to be balanced against limits on other resources, such as memory and data base connections. - Chuck

Re: NIO connector - connections and threads

2014-03-08 Thread John Smith
Sorry, forgot: Tomcat 7.0.42 On Fri, Mar 7, 2014 at 3:59 PM, John Smith tomcat.ran...@gmail.com wrote: The NIO connector has two attributes from the standard HTTP Connector implementation, maxConnections and maxThreads with defaults of 1 and 200, respectively. Can anyone shine some

NIO connector - connections and threads

2014-03-07 Thread John Smith
The NIO connector has two attributes from the standard HTTP Connector implementation, maxConnections and maxThreads with defaults of 1 and 200, respectively. Can anyone shine some light on how these work together? If I'm allowing up to 1 connections, would that mean I only have 200

Re: Optimization on simple requests

2014-03-05 Thread John Smith
Chris, Thanks! Very helpful advice. Best, John On Tue, Mar 4, 2014 at 1:54 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 3/4/14, 1:17 PM, John Smith wrote: Tomcat 7.0.42 on RHEL6. Assume that Tomcat is serving

Optimization on simple requests

2014-03-04 Thread John Smith
Tomcat 7.0.42 on RHEL6. Assume that Tomcat is serving only one jsp page. Say it just rewrites a parameter value from the querystring to the html within the jsp. Also assume that there are ~200,000 users attempting to access that page - say almost simultaneously. What are the most relevant

tomcat log server

2011-07-30 Thread John Smith
Hi Guys, I have tomcat 6.0.29 running different instances on same and different hardware, I want to create log server on one system (nfs mount the file system), so every instance must create log files in that place like SERVER.catalina.2011-07-30.log, SERVER1.catalina.2011-07-30.log,

tomcat clustering

2010-05-30 Thread John Smith
Hi , I am trying to cluster 3 nodes on one machine, follow the instructions http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html At Deployer className, i have changed Deployer className=org.apache.catalina.ha.deploy.FarmWarDeployer

tomcat 6.0.20 different instances with diff ips but same port no 80

2009-09-01 Thread John Smith
Hi Guys, Is it possible by using tomcat 6.0.20 with different instances with diff ips but same port no 80 on one system ??? I have three instances running on one machine named *a,b and c with each has different IPS (192.168.205.10/11/12). * I ran instance a on port 80 (it ran), but when I