RE: Problem with clientAuth SSL connection

[Tauzell, Dave]

You can enable jvm level TLS debug:  -Djavax.net.debug=all

See this site for more information:  
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html



Dave Tauzell | Senior Software Engineer | Surescripts
O: 651.855.3042 | www.surescripts.com |   dave.tauz...@surescripts.com
Connect with us: Twitter I LinkedIn I Facebook I YouTube


-Original Message-
From: David Sills [mailto:dsi...@datasourceinc.com]
Sent: Tuesday, January 12, 2016 12:52 PM
To: Tomcat Users List
Subject: RE: Problem with clientAuth SSL connection

One question as I try this - how to get logging at the debug level for the 
handshake process? I have tried setting everything in logging.properties to 
FINEST, but it makes no difference.

-Original Message-
From: David Sills [mailto:dsi...@datasourceinc.com]
Sent: Tuesday, January 12, 2016 1:30 PM
To: Tomcat Users List
Subject: RE: Problem with clientAuth SSL connection

I will try both sides in Java 8. Our client, however, still has to use Java 6 
(government sigh...). But at least if the same problem occurs, I'll know 
what's going on. And I'll check the certificates, though I was exceedingly 
careful during the setup and checked everything once already.

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, January 12, 2016 12:23 PM
To: Tomcat Users List
Subject: Re: Problem with clientAuth SSL connection

Mark,

On 1/12/16 12:01 PM, Mark Thomas wrote:
> On 12/01/2016 16:39, David Sills wrote:
>> Oh, and by the way, it turns out I'm using Java 6, not 8. Not that that 
>> should make a huge difference, but our client is a bit behind the times.
>
> Are you sure the right certs are in the right stores?
>
> If all the certs are self-signed then:
>
> The trust store used by the client must include the server's cert.
> The trust store used by the server must include the client's cert.
>
> In isn't clear (to me anyway) form your original post what certs are
> in what stores.
>
> There should be no limits on using self-signed certs but with old Java
> 6 and Java 8 you might hit an issue with general SSL compatibility. If
> it works without a client cert then you should be OK.

Good thought: Java 6 doesn't speak TLS 1.1/1.2 and (recent) Java 8 will refuse 
to negotiate SSLv3. So there may be a protocol issue going on.

David, is there a reason you can't run your client using Java 8? That might 
remove some of the guesswork.

-chris

>> -Original Message-
>> From: David Sills [mailto:dsi...@datasourceinc.com]
>> Sent: Tuesday, January 12, 2016 11:35 AM
>> To: Tomcat Users List
>> Subject: RE: Problem with clientAuth SSL connection
>>
>> Christopher:
>>
>> Thank you for your prompt reply.
>>
>> The client does seem to need a trust store when dealing with a self-signed 
>> certificate from the server, as otherwise it tries to create a chain back to 
>> an implicitly trusted CA. I agree, with a commercial certificate this would 
>> not be necessary, as such a chain would be available. I prefer to separate 
>> the keystores (the one for the client and the one for the server) on both 
>> sides. I was hoping that the trust store would work the same in Tomcat as it 
>> does in the client (which does work, as I said, perfectly when only 
>> validating one-way) - whatever was in it would be implicitly trusted without 
>> checking for a certificate chain.
>>
>> This message seems to say that the server is shutting down the handshake 
>> connection just when the client is about to send its certificate, but 
>> perhaps I'm misinterpreting it.
>>
>> Another possibility: perhaps self-signed certificates aren't allowed for 
>> client authentication on the server side?
>>
>> David
>>
>>
>>
>> -Original Message-
>> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> Sent: Tuesday, January 12, 2016 11:02 AM
>> To: Tomcat Users List
>> Subject: Re: Problem with clientAuth SSL connection
>>
>> David,
>>
>> On 1/12/16 7:43 AM, David Sills wrote:
>>> All:
>>>
>>> I'm trying to set up clientAuth SSL connection between a batch process and 
>>> Tomcat (7.0.55, Java 8 64-bit server). One-way SSL works wonderfully. I set 
>>> up a server certificate (self-signed) and used this configuration in Tomcat 
>>> (server.xml):
>>>
>>> >> protocol="org.apache.coyote.http11.Http11Protocol"
>>>maxThreads="150" SSLEnabled="true" scheme="https"
>>>secure="true" sslProtocol="TLS"
>>>keystoreFile="conf/dsikeystore.jks"
>>>keystorePass="keystorePassword"
>>>clientAuth="false"
>>> />
>>>
>>> In the client, I used
>>>
>>> java -cp ws-client.jar
>>> -Djavax.net.ssl.trustStore=clientkeystore2.jks
>>> -Djavax.net.ssl.trustStorePassword=changeme
>>> com.datasourceinc.abis.ws.pds.ServiceClient
>>>
>>> It seemed to me pretty straightforward that to set up client
>>> authentication, I would need to
>>>
>>>
>>> 1.   Generate 

RE: Zero downtime deployments

[Tauzell, Dave]

If you cannot use a tool like flyway you can do it by hand, too.  The key is 
that all database changes need to be backwards compatible.  For example:

So, if you want to drop a column:
1. Deploy new version of app that doesn't require column X
2. Shutdown version which does
3. drop column X

If you want to rename a column:
1. Deploy new version of app that writes data to old column name + new name
2. shutdown old version
3. drop old column

We generally test out our old version of an app running against the new 
database schema to make sure this process will work.

-Dave

-Original Message-
From: jieryn [mailto:jie...@gmail.com]
Sent: Thursday, December 03, 2015 1:32 PM
To: Tomcat Users List
Subject: Re: Zero downtime deployments

Use http://flywaydb.org/ to perform database migrations. You will need at least 
3 versions in order to perform an incompatible database change. v1 is existing 
behavior, v2 is a shim that bridges v1 and v3, and then v3 cleans up the shim 
and removes all the unnecessary hacks.
When you have v1 rolled out against N images, then you can start rolling out 
compat shim v2 which adds some temporary work for the db and coexists, then 
when all instances are at v2 you can move to v3 which uses all the new stuff.

I haven't found anything better or more efficient than the 2-step deployment 
with live code.

On Thu, Dec 3, 2015 at 2:21 PM, Kevin Hale Boyes  wrote:
> Thanks for this link to the presentation.
> How do you all deal with some of the other dependencies that the web
> application has?
>
> For example, if v2 of my application needs new database columns or
> worse, a change to an existing column how can I have v1 and v2 running
> at the same time?  We use Oracle as our database though the problem
> exists for many database servers.
>
> Thanks,
> Kevin.
>
> On 3 December 2015 at 01:31, Neill Lima  wrote:
>
>> Hello Jason,
>>
>> This approach of using httpd in front of 2+ Tomcats via AJP works
>> well in my company. There is a bit of config necessary at httpd level
>> so httpd is aware of all the Tomcats and also Tomcat config needs to
>> be set to listen to AJP port instead of default port but it is not rocket 
>> science.
>>
>> This facilitates the deployment of nodes sequentially with no
>> downtime. Of course, there is a shared session server to take care
>> the sessions are not lost when Tomcats flip up and down.
>>
>> Reply in pvt if you need help setting up this.
>>
>> Thanks,
>>
>> Neill
>>
>> On Thu, Dec 3, 2015 at 12:08 AM, Jason Britton 
>> wrote:
>>
>> > Thank you Christopher, reading now and we'll see if I can swing the
>> > conference :)
>> >
>> > On Wed, Dec 2, 2015 at 4:00 PM, Christopher Schultz <
>> > ch...@christopherschultz.net> wrote:
>> >
>> > > Jason,
>> > >
>> > > On 12/2/15 4:07 PM, Jason Britton wrote:
>> > > > I was looking for information for how those on the list achieve
>> > > > zero downtime deployments of their tomcat hosted web
>> > > > applications.  I
>> > imagine
>> > > > this can be achieved in a variety of ways, but would love to
>> > > > hear
>> what
>> > > > works for you.  In our current environment we front multiple
>> > > > tomcat instances with apache httpd, each tomcat instance
>> > > > hosting one or more unique web apps.  In order to support this
>> > > > effort we do have the
>> > > resources
>> > > > where we could spin up multiple tomcat instances to serve
>> > > > requests
>> for
>> > a
>> > > > single application.  I know there is mod_proxy_balancer
>> > > > available for httpd, and I understand starting with tomcat 7
>> > > > there is support for parallel deployment of versioned wars, and
>> > > > tomcat also supports clustering.  I'm just unsure of what
>> > > > approach I should start digging
>> > into
>> > > > and would very much appreciate any of your experiences.  The
>> > > > servers
>> > > we'll
>> > > > be rolling out will be using the latest versions of tomcat 8
>> > > > and
>> apache
>> > > > httpd 2.4.  Thanks for any insights!
>> > >
>> > > Check this out:
>> > >
>> > >
>> >
>> http://people.apache.org/~schultz/ApacheCon%20NA%202015/Load-balancin
>> g%20Tomcat%20with%20mod_jk.pdf
>> > >
>> > > Start on slide/page 41.
>> > >
>> > > Then come to ApacheCon NA 2016 and discuss it!
>> > >
>> > > -chris
>> > >
>> > > -
>> > >  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> > > For additional commands, e-mail: users-h...@tomcat.apache.org
>> > >
>> > >
>> >
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

This e-mail and any files transmitted with it are confidential, may contain 
sensitive information, and are intended solely for the use of the individual or 
entity to whom they are addressed. If you have received 

RE: Hash (#) error in Parameters value

[Tauzell, Dave]

The # character is a special character in URLs to signify a "fragment":  
https://en.wikipedia.org/wiki/Fragment_identifier.  If you don't want it 
treated as such then you do need to escape it.

-Dave

Dave Tauzell | Senior Software Engineer | Surescripts
O: 651.855.3042 | www.surescripts.com |   dave.tauz...@surescripts.com
Connect with us: Twitter I LinkedIn I Facebook I YouTube


-Original Message-
From: Ben Mazyopa [mailto:benj...@gmail.com]
Sent: Monday, November 30, 2015 9:15 AM
To: users@tomcat.apache.org
Subject: Re: Hash (#) error in Parameters value

Dear Team,

I am a devote user of tomcat servers, however I have met a bug when using 
Apache Tomcat 7.0.52, on Windows 10 64bit. Whenever I pass a parameter value of 
# or *214#, the parameter value ends up being null.

For example when I navigate to "http://localhost:8080/myapp/demo?param=*214#;
param value will be null if I try to access it in a servlet (for exam 
request.getParameter("param")). However if I pass a different value, the value 
is retreived correctly.

May you kindly fix the bug, rather forcing users and developers to pass unicode 
values for a hash eg. *214%23)

Your response and action will be appreciated

Regards
Ben Mazyopa

On Mon, Nov 30, 2015 at 4:14 PM, Ben Mazyopa  wrote:

> Dear Team,
>
> I am a devote user of tomcat servers, however I have met a bug when
> using Apache Tomcat 7.0.52, on Windows 10 64bit. Whenever I pass a
> parameter value of # or *214#, the parameter value ends up being null.
>
> For example when I navigate to "
> http://localhost:8080/myapp/demo?param=*214#; param value will be null
> if I try to access it in a servlet (for exam request.getParameter("param")).
> However if I pass a different value, the value is retreived correctly.
>
> May you kindly fix the bug, rather forcing users and developers to
> pass unicode values for a hash eg. *214%23)
>
> Your response and action will be appreciated
>
> Regards
> Ben Mazyopa
>
This e-mail and any files transmitted with it are confidential, may contain 
sensitive information, and are intended solely for the use of the individual or 
entity to whom they are addressed. If you have received this e-mail in error, 
please notify the sender by reply e-mail immediately and destroy all copies of 
the e-mail and any attachments.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Access application without giving port number and context root

[Tauzell, Dave]

If you want to have multiple applications running on the same tomcat but each 
has a URL that hides this you need to use a reverse proxy server.



End User   > Reverse Proxy (NGINX for example )   
->   App 1
  http://foo.bar/   
 ->  http://app.server:7832/foo
  http://baz/bar/   
->  http://app.server:7832/bar


This is more complicated to setup but has the benefit of being able to move the 
tomcat instance around (a different port or server, for example) without the 
End User needed to change the URL they use.

If you don't want to run and manage a new process there are some java based 
reverse proxies that I think you could run on the Tomcat server itself:  
http://wiki.apache.org/tomcat/ServletProxy.   You won't be able to hide the 
port with these however.

-Dave


-Original Message-
From: Kikkeri, Amith [mailto:amith.kikk...@aig.com]
Sent: Monday, November 16, 2015 9:11 AM
To: Tomcat Users List
Subject: RE: Access application without giving port number and context root

Hi,
I don’t want to install my application as ROOT.war application. This will make 
it difficult if I want to deploy multiple applications in same tomcat instance.
Please suggest.

Regards,
Amith Kikkeri

-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
Sent: Thursday, November 12, 2015 4:17 PM
To: Tomcat Users List
Subject: Re: Access application without giving port number and context root

2015-11-13 0:04 GMT+03:00 Kikkeri, Amith :
> Hi..
> I am trying to deploy a web application tomcat 7.0.61 . I have a DNS created 
> and I want access the application without using port number and context root. 
> Please suggest the best approach to achieve this.
>
> I can change the Port in server.xml to default port 80, but I would still 
> need to give the context root, else it would be redirected to tomcat home 
> page. In PRODUCTION, I would have a DNS created to access my application and 
> want to avoid port number and context root, hence want to know the steps and 
> best approach to achieve this. If there are some tutorials/Links, please 
> share the same.


Both questions are already answered in the FAQ. See HowTo page there and search 
for "ROOT" (uppercase)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

B�CB��[��X��ܚX�KK[XZ[
�\�\��][��X��ܚX�P�X�]
�\X�K�ܙ�B��܈Y][ۘ[��[X[��K[XZ[
�\�\��Z[�X�]
�\X�K�ܙ�B�
This e-mail and any files transmitted with it are confidential, may contain 
sensitive information, and are intended solely for the use of the individual or 
entity to whom they are addressed. If you have received this e-mail in error, 
please notify the sender by reply e-mail immediately and destroy all copies of 
the e-mail and any attachments.

RE: Tomcat caching

[Tauzell, Dave]

If you can reproduce this problem in your development environment and you 
cannot track down the reason then try out the free version of App Dynamics: 
http://www.appdynamics.com/lite/.

-Dave

-Original Message-
From: David E. Filip [mailto:dfi...@colornet.com]
Sent: Monday, November 16, 2015 9:09 AM
To: Tomcat Users List
Subject: Re: Tomcat caching

None of those numbers alarming, unless you see Eden regularly increase beyond 
90% and stay there, especially when you are seeing slowness, as then you might 
want to consider increasing your heap.  In my view - and others may disagree! - 
understanding tuning JVM heap is more of an art than a science.

>From the 30K foot view, objects get created in Eden (previously called NewGen 
>I believe), then get moved to OldGen by the GC when they are still referenced 
>after a certain period of time, and finally get moved to Survivor when if they 
>are still referenced even later.

However, when you say 'developing', if the problem is only when you are editing 
JSP pages - which Jasper then needs to recompile - or when performing new 
webapp deployments, I would also keep an eye on PermGen, which gets used when 
instantiating new static objects (as I understand it).  I have seen "weird" 
things happen when PermGen fills up, including seeing the server stop 
responding to certain requests, JSP pages not compiling, or "class not found" 
errors on the compiled JSP classes (org.apache.jsp.*).

Of course, when either the heap or PermGen runs out, then you will start seeing 
a stack trace.  However, in my experience, there is this grey area between when 
you are almost out of memory but not quite yet.

The caveat to all of this, however, is that everything gets cleared out when 
you restart the server.  And that is one of the ways to tell if that is indeed 
the problem, is when everything starlings running correctly right after a 
server restart.  However, if you are not seeing everything clear up after a 
clean restart of Tomcat, then I'm afraid this is not your problem.

On Nov 16, 2015, at 9:48 AM, Daniel Küppers  wrote:

>
>
> Am 16.11.2015 um 14:56 schrieb David E. Filip:
>> In my experience, the most common explanation (but certainly not the only!) 
>> for an active webapp to be occasionally and sporadically running extremely 
>> slow, but run fine at other times, is running low on heap space.
>>
>> If you have not already, I would suggest checking the Tomcat Server Status 
>> app (http://localhost:8080/manager/status) and determine if any of the heaps 
>> are filling up while you are experiencing this slowness.  If they are, your 
>> app could be spending too much time waiting for the garbage collector, and 
>> you will need to increase the heap size in your startup file.
>>
>> On Nov 16, 2015, at 6:45 AM, Konstantin Kolinko  
>> wrote:
>>
>>> 2015-11-16 12:22 GMT+03:00 Daniel Küppers :
 Hi,
 i have a recurring issue, that tomcat caches my jsf webapp pages in
 a strange manner.
 Sometimes for multiple days/hours, one or two explict pages or the
 whole webapp is loading very slowly.
 My setup is a locally used tomcat 8.0.28 for debugging in Eclipse
 and a local database.
 The behaviour persists also after browser cache clearing and with
 different browsers.
 Does anyone else have seen this behaviour before?
 Do i miss a specific parameter?
>>>
>>> Your problem is "one or two explict pages or the whole webapp is
>>> loading very slowly".  Why are you blaming caching?
>>>
>>> Stack trace when application behaves slowly =? Is it know what it
>>> actually does at that time?
>>>
>>> Is the clock on your server set correctly?
>>> Is autoDeploy tuned off on a Host, or it wastes time checking for
>>> changes of a war file?
>>> Is Jasper (JspServlet) configured with development=false, or it
>>> wastes time checking and recompiling the pages?
>>>
>>> 
>>> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
> Thanks for the replies. I will monitor the free heapspace from now on. If i 
> see something that concludes to this problem, i'll let you know.
> For which exact Memory Pool i should have a watchout? Here are my current 
> used loads:
> - PS Eden Space: 89%
> - PS Old Gen: 4%
> - PS Survivor Space: 33%
> I dont get a stacktrace when the app runs slowly. I also only get this issues 
> when the configuration is in developing mode. It persists even restarts.
> Clock is set correctly, AutoDeploy is On, running in development mode 
> (myFaces). I cant determine how Jasper should be configured.
>
> Daniel
>
> 

RE: Access application without giving port number and context root

[Tauzell, Dave]

Yes, you can use IIS as a reverse proxy.   I haven't done it, but looked into 
this in the past and found a few solutions.  You can google "IIS Reverse 
Proxy".   Some things to consider with a reverse proxy:

1. Your application cannot be sending back links with the hostname/port in it.
2. If your application does HTTP redirects, then you need to setup the reverse 
proxy to re-write those (not an issue, but something you need to configure).

-Dave

-Original Message-
From: Kikkeri, Amith [mailto:amith.kikk...@aig.com] 
Sent: Monday, November 16, 2015 9:22 AM
To: Tomcat Users List
Subject: RE: Access application without giving port number and context root

Thanks. Ngnix is not an approved software in my company. Hence trying to see if 
there is a work around. Can IIS be used as a reverse proxy? I see IIS as an 
approved one.

Regards,
Amith Kikkeri


-Original Message-----
From: Tauzell, Dave [mailto:dave.tauz...@surescripts.com] 
Sent: Monday, November 16, 2015 10:17 AM
To: Tomcat Users List
Subject: RE: Access application without giving port number and context root

If you want to have multiple applications running on the same tomcat but each 
has a URL that hides this you need to use a reverse proxy server.



End User   > Reverse Proxy (NGINX for example )   
->   App 1
  http://foo.bar/   
 ->  http://app.server:7832/foo
  http://baz/bar/   
->  http://app.server:7832/bar


This is more complicated to setup but has the benefit of being able to move the 
tomcat instance around (a different port or server, for example) without the 
End User needed to change the URL they use.

If you don't want to run and manage a new process there are some java based 
reverse proxies that I think you could run on the Tomcat server itself:  
http://wiki.apache.org/tomcat/ServletProxy.   You won't be able to hide the 
port with these however.

-Dave


-Original Message-
From: Kikkeri, Amith [mailto:amith.kikk...@aig.com]
Sent: Monday, November 16, 2015 9:11 AM
To: Tomcat Users List
Subject: RE: Access application without giving port number and context root

Hi,
I don’t want to install my application as ROOT.war application. This will make 
it difficult if I want to deploy multiple applications in same tomcat instance.
Please suggest.

Regards,
Amith Kikkeri

-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
Sent: Thursday, November 12, 2015 4:17 PM
To: Tomcat Users List
Subject: Re: Access application without giving port number and context root

2015-11-13 0:04 GMT+03:00 Kikkeri, Amith <amith.kikk...@aig.com>:
> Hi..
> I am trying to deploy a web application tomcat 7.0.61 . I have a DNS created 
> and I want access the application without using port number and context root. 
> Please suggest the best approach to achieve this.
>
> I can change the Port in server.xml to default port 80, but I would still 
> need to give the context root, else it would be redirected to tomcat home 
> page. In PRODUCTION, I would have a DNS created to access my application and 
> want to avoid port number and context root, hence want to know the steps and 
> best approach to achieve this. If there are some tutorials/Links, please 
> share the same.


Both questions are already answered in the FAQ. See HowTo page there and search 
for "ROOT" (uppercase)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

B�CB��[��X��ܚX�KK[XZ[
�\�\��][��X��ܚX�P�X�]
�\X�K�ܙ�B��܈Y][ۘ[��[X[��K[XZ[
�\�\��Z[�X�]
�\X�K�ܙ�B�
This e-mail and any files transmitted with it are confidential, may contain 
sensitive information, and are intended solely for the use of the individual or 
entity to whom they are addressed. If you have received this e-mail in error, 
please notify the sender by reply e-mail immediately and destroy all copies of 
the e-mail and any attachments.
B�CB��[��X��ܚX�KK[XZ[
�\�\��][��X��ܚX�P�X�]
�\X�K�ܙ�B��܈Y][ۘ[��[X[��K[XZ[
�\�\��Z[�X�]
�\X�K�ܙ�B�

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat Application Stops Responding

[Tauzell, Dave]

A monitoring tool like App Dynamics will give you lots of info but some quicker 
tests you can do with built-in tools:

- Check that the CPU on  your server is not at 100%
- Use jstack to get a stack dump:  
http://docs.oracle.com/javase/7/docs/technotes/tools/share/jstack.html .I 
will take a couple stack traces with a few seconds in between each and then see 
if all my threads are stuck somewhere.
- Use jstat (with the gcutil option) to print out Garbage Collection issues:  
https://docs.oracle.com/javase/8/docs/technotes/tools/unix/jstat.html .  
Something to look for is lots of full GCs or really long GC times.

The VisualVM tool can call the above utilities and show GC info in a graphical 
manner.  It might be easy to use depending on the network between your app and 
where you run VisualVM.

-Dave

-Original Message-
From: Cohen, Laurence [mailto:lco...@novetta.com]
Sent: Monday, November 16, 2015 3:43 PM
To: Tomcat Users List
Subject: Tomcat Application Stops Responding

Hi Everyone,

Are there any tools that come with Java that I can use to troubleshoot an 
intermittent problem we are having?  The problem is that several times a day, 
our Tomcat applications will stop responding and I'll have to restart them to 
get them working again.  It's gotten to the point where I have written a script 
which does a wget every 10 minutes against an object in the DB, and if it 
fails, it will restart our apps.  I've also done some statistics gathering and 
imported them into a spreadsheet so I can see what is going on at the time the 
system is crashing.  All I can see is that the Tomcat connections are spiking.

We are running Tomcat 7.0.59 with two apps, Postgres 9.2 on the backend which 
is not administered by us, and httpd on the front end, 2.2.15.  The httpd 
server and app server are RHEL6.

Thanks,

Larry
This e-mail and any files transmitted with it are confidential, may contain 
sensitive information, and are intended solely for the use of the individual or 
entity to whom they are addressed. If you have received this e-mail in error, 
please notify the sender by reply e-mail immediately and destroy all copies of 
the e-mail and any attachments.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Access application without giving port number and context root

[Tauzell, Dave]

That's pretty neat.  Good to know about.

-Dave

Dave Tauzell | Senior Software Engineer | Surescripts
O: 651.855.3042 | www.surescripts.com |   dave.tauz...@surescripts.com
Connect with us: Twitter I LinkedIn I Facebook I YouTube


-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Monday, November 16, 2015 3:15 PM
To: Tomcat Users List
Subject: Re: Access application without giving port number and context root

Dave,

On 11/16/15 10:26 AM, Tauzell, Dave wrote:
> Yes, you can use IIS as a reverse proxy.   I haven't done it, but
> looked into this in the past and found a few solutions.  You can
> google "IIS Reverse Proxy".   Some things to consider with a reverse
> proxy:
>
> 1. Your application cannot be sending back links with the
> hostname/port in it.
>
> 2. If your application does HTTP redirects, then you need to setup the
> reverse proxy to re-write those (not an issue, but something you need
> to configure).

You don't have to worry about either of these issues if your application uses 
the servlet API correctly and Tomcat has been configured with the 
RemoteIPValve, which understands reverse proxies.

-chris


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

This e-mail and any files transmitted with it are confidential, may contain 
sensitive information, and are intended solely for the use of the individual or 
entity to whom they are addressed. If you have received this e-mail in error, 
please notify the sender by reply e-mail immediately and destroy all copies of 
the e-mail and any attachments.

Tomcat Ports

[Tauzell, Dave]

Hello,

I am using Tomcat 8.0.24 as an embedded server.  When I run my application I've 
noticed that in addition to the HTTP port I specified (7001) it is also 
listening on several other:

1099 - this appears to be for JMX
2000 -
4211
35810 - this changes when I restart the application

I started up a pearl script that listened on 1099 200 and 4211 and tomcat was 
still able to start up.  I did see one message logged that tomcat couldn't 
connect to a JMX port on 1099.

I've searched around and cannot find any reference to these ports.  Does 
anybody know why tomcat is listening on these ports and if I can disable them?

Thanks,
   Dave

This e-mail and any files transmitted with it are confidential, may contain 
sensitive information, and are intended solely for the use of the individual or 
entity to whom they are addressed. If you have received this e-mail in error, 
please notify the sender by reply e-mail immediately and destroy all copies of 
the e-mail and any attachments.

RE: Tomcat Ports

[Tauzell, Dave]

You are right.  I removed our webaps and now I don't see those ports in use.  I 
will do more digging, though, because when I run using an embedded Jetty 
webserver I don't see them.
I'll reply back if I have any more questions.

Thanks,
   Dave

-Original Message-
From: Ben Stringer [mailto:b...@burbong.com]
Sent: Tuesday, November 10, 2015 3:58 PM
To: Tomcat Users List
Subject: Re: Tomcat Ports

On Wed, November 11, 2015 8:21 am, Tauzell, Dave wrote:
> Hello,
>
> I am using Tomcat 8.0.24 as an embedded server.  When I run my
> application I've noticed that in addition to the HTTP port I specified
> (7001) it is also listening on several other:
>
> 1099 - this appears to be for JMX
> 2000 -
> 4211
> 35810 - this changes when I restart the application

Hi Dave,

It sounds like your application is listening on those ports, not Tomcat.
Run Tomcat without the application deployed to confirm.

Cheers, Ben

>
> I started up a pearl script that listened on 1099 200 and 4211 and
> tomcat was still able to start up.  I did see one message logged that
> tomcat couldn't connect to a JMX port on 1099.
>
> I've searched around and cannot find any reference to these ports.
> Does anybody know why tomcat is listening on these ports and if I can
> disable them?
>
> Thanks,
>Dave
>
> This e-mail and any files transmitted with it are confidential, may
> contain sensitive information, and are intended solely for the use of
> the individual or entity to whom they are addressed. If you have
> received this e-mail in error, please notify the sender by reply
> e-mail immediately and destroy all copies of the e-mail and any attachments.
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

This e-mail and any files transmitted with it are confidential, may contain 
sensitive information, and are intended solely for the use of the individual or 
entity to whom they are addressed. If you have received this e-mail in error, 
please notify the sender by reply e-mail immediately and destroy all copies of 
the e-mail and any attachments.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org