RE: Problem with clientAuth SSL connection
You can enable jvm level TLS debug: -Djavax.net.debug=all See this site for more information: http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html Dave Tauzell | Senior Software Engineer | Surescripts O: 651.855.3042 | www.surescripts.com | dave.tauz...@surescripts.com Connect with us: Twitter I LinkedIn I Facebook I YouTube -Original Message- From: David Sills [mailto:dsi...@datasourceinc.com] Sent: Tuesday, January 12, 2016 12:52 PM To: Tomcat Users List Subject: RE: Problem with clientAuth SSL connection One question as I try this - how to get logging at the debug level for the handshake process? I have tried setting everything in logging.properties to FINEST, but it makes no difference. -Original Message- From: David Sills [mailto:dsi...@datasourceinc.com] Sent: Tuesday, January 12, 2016 1:30 PM To: Tomcat Users List Subject: RE: Problem with clientAuth SSL connection I will try both sides in Java 8. Our client, however, still has to use Java 6 (government sigh...). But at least if the same problem occurs, I'll know what's going on. And I'll check the certificates, though I was exceedingly careful during the setup and checked everything once already. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, January 12, 2016 12:23 PM To: Tomcat Users List Subject: Re: Problem with clientAuth SSL connection Mark, On 1/12/16 12:01 PM, Mark Thomas wrote: > On 12/01/2016 16:39, David Sills wrote: >> Oh, and by the way, it turns out I'm using Java 6, not 8. Not that that >> should make a huge difference, but our client is a bit behind the times. > > Are you sure the right certs are in the right stores? > > If all the certs are self-signed then: > > The trust store used by the client must include the server's cert. > The trust store used by the server must include the client's cert. > > In isn't clear (to me anyway) form your original post what certs are > in what stores. > > There should be no limits on using self-signed certs but with old Java > 6 and Java 8 you might hit an issue with general SSL compatibility. If > it works without a client cert then you should be OK. Good thought: Java 6 doesn't speak TLS 1.1/1.2 and (recent) Java 8 will refuse to negotiate SSLv3. So there may be a protocol issue going on. David, is there a reason you can't run your client using Java 8? That might remove some of the guesswork. -chris >> -Original Message- >> From: David Sills [mailto:dsi...@datasourceinc.com] >> Sent: Tuesday, January 12, 2016 11:35 AM >> To: Tomcat Users List >> Subject: RE: Problem with clientAuth SSL connection >> >> Christopher: >> >> Thank you for your prompt reply. >> >> The client does seem to need a trust store when dealing with a self-signed >> certificate from the server, as otherwise it tries to create a chain back to >> an implicitly trusted CA. I agree, with a commercial certificate this would >> not be necessary, as such a chain would be available. I prefer to separate >> the keystores (the one for the client and the one for the server) on both >> sides. I was hoping that the trust store would work the same in Tomcat as it >> does in the client (which does work, as I said, perfectly when only >> validating one-way) - whatever was in it would be implicitly trusted without >> checking for a certificate chain. >> >> This message seems to say that the server is shutting down the handshake >> connection just when the client is about to send its certificate, but >> perhaps I'm misinterpreting it. >> >> Another possibility: perhaps self-signed certificates aren't allowed for >> client authentication on the server side? >> >> David >> >> >> >> -Original Message- >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Sent: Tuesday, January 12, 2016 11:02 AM >> To: Tomcat Users List >> Subject: Re: Problem with clientAuth SSL connection >> >> David, >> >> On 1/12/16 7:43 AM, David Sills wrote: >>> All: >>> >>> I'm trying to set up clientAuth SSL connection between a batch process and >>> Tomcat (7.0.55, Java 8 64-bit server). One-way SSL works wonderfully. I set >>> up a server certificate (self-signed) and used this configuration in Tomcat >>> (server.xml): >>> >>> >> protocol="org.apache.coyote.http11.Http11Protocol" >>>maxThreads="150" SSLEnabled="true" scheme="https" >>>secure="true" sslProtocol="TLS" >>>keystoreFile="conf/dsikeystore.jks" >>>keystorePass="keystorePassword" >>>clientAuth="false" >>> /> >>> >>> In the client, I used >>> >>> java -cp ws-client.jar >>> -Djavax.net.ssl.trustStore=clientkeystore2.jks >>> -Djavax.net.ssl.trustStorePassword=changeme >>> com.datasourceinc.abis.ws.pds.ServiceClient >>> >>> It seemed to me pretty straightforward that to set up client >>> authentication, I would need to >>> >>> >>> 1. Generate
RE: Zero downtime deployments
If you cannot use a tool like flyway you can do it by hand, too. The key is that all database changes need to be backwards compatible. For example: So, if you want to drop a column: 1. Deploy new version of app that doesn't require column X 2. Shutdown version which does 3. drop column X If you want to rename a column: 1. Deploy new version of app that writes data to old column name + new name 2. shutdown old version 3. drop old column We generally test out our old version of an app running against the new database schema to make sure this process will work. -Dave -Original Message- From: jieryn [mailto:jie...@gmail.com] Sent: Thursday, December 03, 2015 1:32 PM To: Tomcat Users List Subject: Re: Zero downtime deployments Use http://flywaydb.org/ to perform database migrations. You will need at least 3 versions in order to perform an incompatible database change. v1 is existing behavior, v2 is a shim that bridges v1 and v3, and then v3 cleans up the shim and removes all the unnecessary hacks. When you have v1 rolled out against N images, then you can start rolling out compat shim v2 which adds some temporary work for the db and coexists, then when all instances are at v2 you can move to v3 which uses all the new stuff. I haven't found anything better or more efficient than the 2-step deployment with live code. On Thu, Dec 3, 2015 at 2:21 PM, Kevin Hale Boyeswrote: > Thanks for this link to the presentation. > How do you all deal with some of the other dependencies that the web > application has? > > For example, if v2 of my application needs new database columns or > worse, a change to an existing column how can I have v1 and v2 running > at the same time? We use Oracle as our database though the problem > exists for many database servers. > > Thanks, > Kevin. > > On 3 December 2015 at 01:31, Neill Lima wrote: > >> Hello Jason, >> >> This approach of using httpd in front of 2+ Tomcats via AJP works >> well in my company. There is a bit of config necessary at httpd level >> so httpd is aware of all the Tomcats and also Tomcat config needs to >> be set to listen to AJP port instead of default port but it is not rocket >> science. >> >> This facilitates the deployment of nodes sequentially with no >> downtime. Of course, there is a shared session server to take care >> the sessions are not lost when Tomcats flip up and down. >> >> Reply in pvt if you need help setting up this. >> >> Thanks, >> >> Neill >> >> On Thu, Dec 3, 2015 at 12:08 AM, Jason Britton >> wrote: >> >> > Thank you Christopher, reading now and we'll see if I can swing the >> > conference :) >> > >> > On Wed, Dec 2, 2015 at 4:00 PM, Christopher Schultz < >> > ch...@christopherschultz.net> wrote: >> > >> > > Jason, >> > > >> > > On 12/2/15 4:07 PM, Jason Britton wrote: >> > > > I was looking for information for how those on the list achieve >> > > > zero downtime deployments of their tomcat hosted web >> > > > applications. I >> > imagine >> > > > this can be achieved in a variety of ways, but would love to >> > > > hear >> what >> > > > works for you. In our current environment we front multiple >> > > > tomcat instances with apache httpd, each tomcat instance >> > > > hosting one or more unique web apps. In order to support this >> > > > effort we do have the >> > > resources >> > > > where we could spin up multiple tomcat instances to serve >> > > > requests >> for >> > a >> > > > single application. I know there is mod_proxy_balancer >> > > > available for httpd, and I understand starting with tomcat 7 >> > > > there is support for parallel deployment of versioned wars, and >> > > > tomcat also supports clustering. I'm just unsure of what >> > > > approach I should start digging >> > into >> > > > and would very much appreciate any of your experiences. The >> > > > servers >> > > we'll >> > > > be rolling out will be using the latest versions of tomcat 8 >> > > > and >> apache >> > > > httpd 2.4. Thanks for any insights! >> > > >> > > Check this out: >> > > >> > > >> > >> http://people.apache.org/~schultz/ApacheCon%20NA%202015/Load-balancin >> g%20Tomcat%20with%20mod_jk.pdf >> > > >> > > Start on slide/page 41. >> > > >> > > Then come to ApacheCon NA 2016 and discuss it! >> > > >> > > -chris >> > > >> > > - >> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> > > For additional commands, e-mail: users-h...@tomcat.apache.org >> > > >> > > >> > >> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org This e-mail and any files transmitted with it are confidential, may contain sensitive information, and are intended solely for the use of the individual or entity to whom they are addressed. If you have received
RE: Hash (#) error in Parameters value
The # character is a special character in URLs to signify a "fragment": https://en.wikipedia.org/wiki/Fragment_identifier. If you don't want it treated as such then you do need to escape it. -Dave Dave Tauzell | Senior Software Engineer | Surescripts O: 651.855.3042 | www.surescripts.com | dave.tauz...@surescripts.com Connect with us: Twitter I LinkedIn I Facebook I YouTube -Original Message- From: Ben Mazyopa [mailto:benj...@gmail.com] Sent: Monday, November 30, 2015 9:15 AM To: users@tomcat.apache.org Subject: Re: Hash (#) error in Parameters value Dear Team, I am a devote user of tomcat servers, however I have met a bug when using Apache Tomcat 7.0.52, on Windows 10 64bit. Whenever I pass a parameter value of # or *214#, the parameter value ends up being null. For example when I navigate to "http://localhost:8080/myapp/demo?param=*214#; param value will be null if I try to access it in a servlet (for exam request.getParameter("param")). However if I pass a different value, the value is retreived correctly. May you kindly fix the bug, rather forcing users and developers to pass unicode values for a hash eg. *214%23) Your response and action will be appreciated Regards Ben Mazyopa On Mon, Nov 30, 2015 at 4:14 PM, Ben Mazyopawrote: > Dear Team, > > I am a devote user of tomcat servers, however I have met a bug when > using Apache Tomcat 7.0.52, on Windows 10 64bit. Whenever I pass a > parameter value of # or *214#, the parameter value ends up being null. > > For example when I navigate to " > http://localhost:8080/myapp/demo?param=*214#; param value will be null > if I try to access it in a servlet (for exam request.getParameter("param")). > However if I pass a different value, the value is retreived correctly. > > May you kindly fix the bug, rather forcing users and developers to > pass unicode values for a hash eg. *214%23) > > Your response and action will be appreciated > > Regards > Ben Mazyopa > This e-mail and any files transmitted with it are confidential, may contain sensitive information, and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please notify the sender by reply e-mail immediately and destroy all copies of the e-mail and any attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Access application without giving port number and context root
If you want to have multiple applications running on the same tomcat but each has a URL that hides this you need to use a reverse proxy server. End User > Reverse Proxy (NGINX for example ) -> App 1 http://foo.bar/ -> http://app.server:7832/foo http://baz/bar/ -> http://app.server:7832/bar This is more complicated to setup but has the benefit of being able to move the tomcat instance around (a different port or server, for example) without the End User needed to change the URL they use. If you don't want to run and manage a new process there are some java based reverse proxies that I think you could run on the Tomcat server itself: http://wiki.apache.org/tomcat/ServletProxy. You won't be able to hide the port with these however. -Dave -Original Message- From: Kikkeri, Amith [mailto:amith.kikk...@aig.com] Sent: Monday, November 16, 2015 9:11 AM To: Tomcat Users List Subject: RE: Access application without giving port number and context root Hi, I don’t want to install my application as ROOT.war application. This will make it difficult if I want to deploy multiple applications in same tomcat instance. Please suggest. Regards, Amith Kikkeri -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Thursday, November 12, 2015 4:17 PM To: Tomcat Users List Subject: Re: Access application without giving port number and context root 2015-11-13 0:04 GMT+03:00 Kikkeri, Amith: > Hi.. > I am trying to deploy a web application tomcat 7.0.61 . I have a DNS created > and I want access the application without using port number and context root. > Please suggest the best approach to achieve this. > > I can change the Port in server.xml to default port 80, but I would still > need to give the context root, else it would be redirected to tomcat home > page. In PRODUCTION, I would have a DNS created to access my application and > want to avoid port number and context root, hence want to know the steps and > best approach to achieve this. If there are some tutorials/Links, please > share the same. Both questions are already answered in the FAQ. See HowTo page there and search for "ROOT" (uppercase) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org B�CB��[��X��ܚX�KK[XZ[ �\�\��][��X��ܚX�P�X�] �\X�K�ܙ�B��܈Y][ۘ[��[X[��K[XZ[ �\�\��Z[�X�] �\X�K�ܙ�B� This e-mail and any files transmitted with it are confidential, may contain sensitive information, and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please notify the sender by reply e-mail immediately and destroy all copies of the e-mail and any attachments.
RE: Tomcat caching
If you can reproduce this problem in your development environment and you cannot track down the reason then try out the free version of App Dynamics: http://www.appdynamics.com/lite/. -Dave -Original Message- From: David E. Filip [mailto:dfi...@colornet.com] Sent: Monday, November 16, 2015 9:09 AM To: Tomcat Users List Subject: Re: Tomcat caching None of those numbers alarming, unless you see Eden regularly increase beyond 90% and stay there, especially when you are seeing slowness, as then you might want to consider increasing your heap. In my view - and others may disagree! - understanding tuning JVM heap is more of an art than a science. >From the 30K foot view, objects get created in Eden (previously called NewGen >I believe), then get moved to OldGen by the GC when they are still referenced >after a certain period of time, and finally get moved to Survivor when if they >are still referenced even later. However, when you say 'developing', if the problem is only when you are editing JSP pages - which Jasper then needs to recompile - or when performing new webapp deployments, I would also keep an eye on PermGen, which gets used when instantiating new static objects (as I understand it). I have seen "weird" things happen when PermGen fills up, including seeing the server stop responding to certain requests, JSP pages not compiling, or "class not found" errors on the compiled JSP classes (org.apache.jsp.*). Of course, when either the heap or PermGen runs out, then you will start seeing a stack trace. However, in my experience, there is this grey area between when you are almost out of memory but not quite yet. The caveat to all of this, however, is that everything gets cleared out when you restart the server. And that is one of the ways to tell if that is indeed the problem, is when everything starlings running correctly right after a server restart. However, if you are not seeing everything clear up after a clean restart of Tomcat, then I'm afraid this is not your problem. On Nov 16, 2015, at 9:48 AM, Daniel Küpperswrote: > > > Am 16.11.2015 um 14:56 schrieb David E. Filip: >> In my experience, the most common explanation (but certainly not the only!) >> for an active webapp to be occasionally and sporadically running extremely >> slow, but run fine at other times, is running low on heap space. >> >> If you have not already, I would suggest checking the Tomcat Server Status >> app (http://localhost:8080/manager/status) and determine if any of the heaps >> are filling up while you are experiencing this slowness. If they are, your >> app could be spending too much time waiting for the garbage collector, and >> you will need to increase the heap size in your startup file. >> >> On Nov 16, 2015, at 6:45 AM, Konstantin Kolinko >> wrote: >> >>> 2015-11-16 12:22 GMT+03:00 Daniel Küppers : Hi, i have a recurring issue, that tomcat caches my jsf webapp pages in a strange manner. Sometimes for multiple days/hours, one or two explict pages or the whole webapp is loading very slowly. My setup is a locally used tomcat 8.0.28 for debugging in Eclipse and a local database. The behaviour persists also after browser cache clearing and with different browsers. Does anyone else have seen this behaviour before? Do i miss a specific parameter? >>> >>> Your problem is "one or two explict pages or the whole webapp is >>> loading very slowly". Why are you blaming caching? >>> >>> Stack trace when application behaves slowly =? Is it know what it >>> actually does at that time? >>> >>> Is the clock on your server set correctly? >>> Is autoDeploy tuned off on a Host, or it wastes time checking for >>> changes of a war file? >>> Is Jasper (JspServlet) configured with development=false, or it >>> wastes time checking and recompiling the pages? >>> >>> >>> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > Thanks for the replies. I will monitor the free heapspace from now on. If i > see something that concludes to this problem, i'll let you know. > For which exact Memory Pool i should have a watchout? Here are my current > used loads: > - PS Eden Space: 89% > - PS Old Gen: 4% > - PS Survivor Space: 33% > I dont get a stacktrace when the app runs slowly. I also only get this issues > when the configuration is in developing mode. It persists even restarts. > Clock is set correctly, AutoDeploy is On, running in development mode > (myFaces). I cant determine how Jasper should be configured. > > Daniel > >
RE: Access application without giving port number and context root
Yes, you can use IIS as a reverse proxy. I haven't done it, but looked into this in the past and found a few solutions. You can google "IIS Reverse Proxy". Some things to consider with a reverse proxy: 1. Your application cannot be sending back links with the hostname/port in it. 2. If your application does HTTP redirects, then you need to setup the reverse proxy to re-write those (not an issue, but something you need to configure). -Dave -Original Message- From: Kikkeri, Amith [mailto:amith.kikk...@aig.com] Sent: Monday, November 16, 2015 9:22 AM To: Tomcat Users List Subject: RE: Access application without giving port number and context root Thanks. Ngnix is not an approved software in my company. Hence trying to see if there is a work around. Can IIS be used as a reverse proxy? I see IIS as an approved one. Regards, Amith Kikkeri -Original Message----- From: Tauzell, Dave [mailto:dave.tauz...@surescripts.com] Sent: Monday, November 16, 2015 10:17 AM To: Tomcat Users List Subject: RE: Access application without giving port number and context root If you want to have multiple applications running on the same tomcat but each has a URL that hides this you need to use a reverse proxy server. End User > Reverse Proxy (NGINX for example ) -> App 1 http://foo.bar/ -> http://app.server:7832/foo http://baz/bar/ -> http://app.server:7832/bar This is more complicated to setup but has the benefit of being able to move the tomcat instance around (a different port or server, for example) without the End User needed to change the URL they use. If you don't want to run and manage a new process there are some java based reverse proxies that I think you could run on the Tomcat server itself: http://wiki.apache.org/tomcat/ServletProxy. You won't be able to hide the port with these however. -Dave -Original Message- From: Kikkeri, Amith [mailto:amith.kikk...@aig.com] Sent: Monday, November 16, 2015 9:11 AM To: Tomcat Users List Subject: RE: Access application without giving port number and context root Hi, I don’t want to install my application as ROOT.war application. This will make it difficult if I want to deploy multiple applications in same tomcat instance. Please suggest. Regards, Amith Kikkeri -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Thursday, November 12, 2015 4:17 PM To: Tomcat Users List Subject: Re: Access application without giving port number and context root 2015-11-13 0:04 GMT+03:00 Kikkeri, Amith <amith.kikk...@aig.com>: > Hi.. > I am trying to deploy a web application tomcat 7.0.61 . I have a DNS created > and I want access the application without using port number and context root. > Please suggest the best approach to achieve this. > > I can change the Port in server.xml to default port 80, but I would still > need to give the context root, else it would be redirected to tomcat home > page. In PRODUCTION, I would have a DNS created to access my application and > want to avoid port number and context root, hence want to know the steps and > best approach to achieve this. If there are some tutorials/Links, please > share the same. Both questions are already answered in the FAQ. See HowTo page there and search for "ROOT" (uppercase) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org B�CB��[��X��ܚX�KK[XZ[ �\�\��][��X��ܚX�P�X�] �\X�K�ܙ�B��܈Y][ۘ[��[X[��K[XZ[ �\�\��Z[�X�] �\X�K�ܙ�B� This e-mail and any files transmitted with it are confidential, may contain sensitive information, and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please notify the sender by reply e-mail immediately and destroy all copies of the e-mail and any attachments. B�CB��[��X��ܚX�KK[XZ[ �\�\��][��X��ܚX�P�X�] �\X�K�ܙ�B��܈Y][ۘ[��[X[��K[XZ[ �\�\��Z[�X�] �\X�K�ܙ�B� - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Application Stops Responding
A monitoring tool like App Dynamics will give you lots of info but some quicker tests you can do with built-in tools: - Check that the CPU on your server is not at 100% - Use jstack to get a stack dump: http://docs.oracle.com/javase/7/docs/technotes/tools/share/jstack.html .I will take a couple stack traces with a few seconds in between each and then see if all my threads are stuck somewhere. - Use jstat (with the gcutil option) to print out Garbage Collection issues: https://docs.oracle.com/javase/8/docs/technotes/tools/unix/jstat.html . Something to look for is lots of full GCs or really long GC times. The VisualVM tool can call the above utilities and show GC info in a graphical manner. It might be easy to use depending on the network between your app and where you run VisualVM. -Dave -Original Message- From: Cohen, Laurence [mailto:lco...@novetta.com] Sent: Monday, November 16, 2015 3:43 PM To: Tomcat Users List Subject: Tomcat Application Stops Responding Hi Everyone, Are there any tools that come with Java that I can use to troubleshoot an intermittent problem we are having? The problem is that several times a day, our Tomcat applications will stop responding and I'll have to restart them to get them working again. It's gotten to the point where I have written a script which does a wget every 10 minutes against an object in the DB, and if it fails, it will restart our apps. I've also done some statistics gathering and imported them into a spreadsheet so I can see what is going on at the time the system is crashing. All I can see is that the Tomcat connections are spiking. We are running Tomcat 7.0.59 with two apps, Postgres 9.2 on the backend which is not administered by us, and httpd on the front end, 2.2.15. The httpd server and app server are RHEL6. Thanks, Larry This e-mail and any files transmitted with it are confidential, may contain sensitive information, and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please notify the sender by reply e-mail immediately and destroy all copies of the e-mail and any attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Access application without giving port number and context root
That's pretty neat. Good to know about. -Dave Dave Tauzell | Senior Software Engineer | Surescripts O: 651.855.3042 | www.surescripts.com | dave.tauz...@surescripts.com Connect with us: Twitter I LinkedIn I Facebook I YouTube -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, November 16, 2015 3:15 PM To: Tomcat Users List Subject: Re: Access application without giving port number and context root Dave, On 11/16/15 10:26 AM, Tauzell, Dave wrote: > Yes, you can use IIS as a reverse proxy. I haven't done it, but > looked into this in the past and found a few solutions. You can > google "IIS Reverse Proxy". Some things to consider with a reverse > proxy: > > 1. Your application cannot be sending back links with the > hostname/port in it. > > 2. If your application does HTTP redirects, then you need to setup the > reverse proxy to re-write those (not an issue, but something you need > to configure). You don't have to worry about either of these issues if your application uses the servlet API correctly and Tomcat has been configured with the RemoteIPValve, which understands reverse proxies. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org This e-mail and any files transmitted with it are confidential, may contain sensitive information, and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please notify the sender by reply e-mail immediately and destroy all copies of the e-mail and any attachments.
Tomcat Ports
Hello, I am using Tomcat 8.0.24 as an embedded server. When I run my application I've noticed that in addition to the HTTP port I specified (7001) it is also listening on several other: 1099 - this appears to be for JMX 2000 - 4211 35810 - this changes when I restart the application I started up a pearl script that listened on 1099 200 and 4211 and tomcat was still able to start up. I did see one message logged that tomcat couldn't connect to a JMX port on 1099. I've searched around and cannot find any reference to these ports. Does anybody know why tomcat is listening on these ports and if I can disable them? Thanks, Dave This e-mail and any files transmitted with it are confidential, may contain sensitive information, and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please notify the sender by reply e-mail immediately and destroy all copies of the e-mail and any attachments.
RE: Tomcat Ports
You are right. I removed our webaps and now I don't see those ports in use. I will do more digging, though, because when I run using an embedded Jetty webserver I don't see them. I'll reply back if I have any more questions. Thanks, Dave -Original Message- From: Ben Stringer [mailto:b...@burbong.com] Sent: Tuesday, November 10, 2015 3:58 PM To: Tomcat Users List Subject: Re: Tomcat Ports On Wed, November 11, 2015 8:21 am, Tauzell, Dave wrote: > Hello, > > I am using Tomcat 8.0.24 as an embedded server. When I run my > application I've noticed that in addition to the HTTP port I specified > (7001) it is also listening on several other: > > 1099 - this appears to be for JMX > 2000 - > 4211 > 35810 - this changes when I restart the application Hi Dave, It sounds like your application is listening on those ports, not Tomcat. Run Tomcat without the application deployed to confirm. Cheers, Ben > > I started up a pearl script that listened on 1099 200 and 4211 and > tomcat was still able to start up. I did see one message logged that > tomcat couldn't connect to a JMX port on 1099. > > I've searched around and cannot find any reference to these ports. > Does anybody know why tomcat is listening on these ports and if I can > disable them? > > Thanks, >Dave > > This e-mail and any files transmitted with it are confidential, may > contain sensitive information, and are intended solely for the use of > the individual or entity to whom they are addressed. If you have > received this e-mail in error, please notify the sender by reply > e-mail immediately and destroy all copies of the e-mail and any attachments. > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org This e-mail and any files transmitted with it are confidential, may contain sensitive information, and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please notify the sender by reply e-mail immediately and destroy all copies of the e-mail and any attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org