i have a quick jk trace question
Hi, I am looking at a trace a friend made which raised my curiosity: [Mon Jul 12 17:49:13.534 2010] [3370:4160136960] [trace] ajp_read_into_msg_buff::jk_ajp_common.c (1188): enter [Mon Jul 12 17:49:13.534 2010] [3370:4160136960] [trace] ajp_read_fully_from_server::jk_ajp_common.c (1140): enter - this is a 5 min gap (i think KeepAliveTimeout is set to 5 min for this test) - is this waiting for data from Apache? why would it be hanging in this routine? [Mon Jul 12 17:54:13.539 2010] [3370:4160136960] [trace] ajp_read_fully_from_server::jk_ajp_common.c (1172): exit [Mon Jul 12 17:54:13.539 2010] [3370:4160136960] [trace] ajp_read_into_msg_buff::jk_ajp_common.c (1226): exit [Mon Jul 12 17:54:13.539 2010] [3370:4160136960] [trace] ajp_connection_tcp_send_message::jk_ajp_common.c (928): enter The source code for this jk version is: http://svn.apache.org/viewvc/tomcat/jk/tags/JK_1_2_26/jk/native/common/jk_ajp_common.c?view=markup any hint is appreciated Many Thanks - Fred -- View this message in context: http://old.nabble.com/i-have-a-quick-jk-trace-question-tp29162905p29162905.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat response chunk size
Hi, I have an old client that does not understand the Transfer-Encoding: chunked. My tomcat response is chunked with hex 2000 (8K and a little bit less via AJP: 1FF8). Is there a way to configure Tomcat's chunk size to e.g 100K or another question where or why is it set to 8K? Interestingly, in Tomcat4 there was an attribute allowChunking=false. Many thanks, Fred -- View this message in context: http://old.nabble.com/tomcat-response-chunk-size-tp27568493p27568493.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat response chunk size
thanks for the reply. I just remembered after i did my post that I can set in apache a BrowserMatch downgrade-1.0 for this client - works like a charm. out of curiosityany reason with 8K being a good number and where that would be set? Thanks again - Fred Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fred, On 2/12/2010 2:48 PM, fredk2 wrote: I have an old client that does not understand the Transfer-Encoding: chunked. My tomcat response is chunked with hex 2000 (8K and a little bit less via AJP: 1FF8). Do you mean that it's returned in chunks of 0x1FF8 bytes? Is there a way to configure Tomcat's chunk size to e.g 100K or another question where or why is it set to 8K? 100k? That sounds like a lot. Interestingly, in Tomcat4 there was an attribute allowChunking=false. The client can indicate that it doesn't support chunking by specifying HTTP/1.0 in the request line, and Tomcat shouldn't do chunking. If you are forcing chunking in some way in your code, though, you'll need to change that, too. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkt1tTsACgkQ9CaO5/Lv0PAKrwCeMM/iox+jViCNB4hQG4phrkP2 dqoAn0UjGb7u/QxRTIvwDrPwHefRY7GM =7ERk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/tomcat-response-chunk-size-tp27568493p27568938.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
When do you think mod_jk 1.2.29 will be available?
Hi, I am working on a project for a customer and before i put the final dot i'd like to know if 1.2.29 is a couple weeks off or sometime next year sometime. many thanks - Fred -- View this message in context: http://old.nabble.com/When-do-you-think-mod_jk-1.2.29-will-be-available--tp26481202p26481202.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: When do you think mod_jk 1.2.29 will be available?
good to know the rythm :) thanks - fred Mladen Turk-3 wrote: On 11/23/2009 05:22 PM, fredk2 wrote: Hi, I am working on a project for a customer and before i put the final dot i'd like to know if 1.2.29 is a couple weeks off or sometime next year sometime. Should be by the end of this year so that we keep two releases/year rythm :) There are few bugs to get solved, so it depends on that. Regards -- ^TM - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/When-do-you-think-mod_jk-1.2.29-will-be-available--tp26481202p26481846.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: AJP connections just stop working
I was about to say the same earlier, but when i verified with the version (2.3.2) I have installed last month AJP is not listed anymore... Rgds - Fred Anthony J. Biacco wrote: Fyi, you should be able to use jmeter to test AJP connections -Tony --- Manager, IT Operations Format Dynamics, Inc. 303-573-1800x27 abia...@formatdynamics.com http://www.formatdynamics.com -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Friday, May 22, 2009 6:42 AM To: Tomcat Users List Subject: Re: AJP connections just stop working On 22.05.2009 14:09, kvancamp wrote: One more question: With my HTTP port, I know I can always easily test it, via my browser or scripted using wget. Anybody know of a simple command-line utility like wget, that works with AJP? I think this would be a good tool to have, to help diagnose AJP problems (and would allow me to easily set up some automated stress tests). Coud you please open an enhancement request in Bugzilla for this? There is some code floating around, which we might be able to bundle with the mod_jk source release. Not sure, how soon we would provide a windows binary, but at least we should offer what we already have lying around. It would definitely make sense to have an AJP commandline client to test connectivity. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/AJP-connections-just-stop-working-tp1118618p23674885.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JK 1.2.28 - load balancer worker fails on startup with one worker down ?
Hi, I understand that when it comes to security you do not want to start the service eg. if the certificate is corrupted you do not want the ssl server to start full stop or if Apache cannot bind to the hostname then it cannot start, etc... . However, in this case there can be a few reasons why a tomcat server dns entry is removed or decommissionned or dropped. Imagine one apache whith many non-related workers (not just one lb)*. So I understand that one does not want the service to fail during a restart (nitely,automated or by an operator) while you investigate the problem ... It seems to me more acceptable to have a potential performance degradation vs a loss of the whole service. so +1 on changing the fatal to non-fatal assuming the code change is one line. I take scalability/stability over feature :-) Rgds - Fred awarnier wrote: Rainer Jung wrote: [...] What remains for me is your suggestion, that the error is not a fatal one, since there are other balanced workers left. We could include such a check in the startup code, although I'm not really convinced, that your problem is a good reason for this. I'm open to more argumntation and suggestions :) Argumentation #1 against a change in logic: The OP argues that one single unresolvable balanced worker should not stop the other 4 from working, hence that the balancer should start anyway, since 80% of the capacity is still available. It sounds reasonable in principle. But what if there are only 2 balanced workers in total, of which one is unresolvable at start ? would it be normal to start with only one balanced worker available anyway ? If not, then where's the limit of acceptable ? Argumentation #2 against a change in logic: Suppose the balancer would start, with the resolved workers only. Suppose the resolving problem comes from a typo, not the fact that the given host is temporarily out of the DNS system, but a definite non-existing host. It will not be retried, so there will never be another error/warning message. The host itself may be ok and respond to pings etc.., it will just never be hit by Apache's mod_jk, so this would be a very quiet error. How is the sysadmin going to figure out that there is, basically, a problem ? Argumentation for a change in logging: It would be clearer if the error message stated explicitly that the balancer worker was not started due to a /configuration/ error, see above message(s). But then, if even I could figure it out from the existing error message, then just about everyone should be able to. And what would be the use of the likes of me, if everything was clear ? ;-) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/JK-1.2.28---load-balancer-worker-fails-on-startup-with-one-worker--down---tp23065939p23099365.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: redirection
I would be better...The apache httpd web server is more versatile and its vulnerabilities are better researched. You can also add mod_security and other modules to further protect the Tomcat against common attacks (assuming you do not use a WAF firewall). Furthermore you can add more Tomcats and balance when needed... also on unix if you do not use jsvc or iptable you need to run tomcat as root for port 80 which is not a good idea...etc... Rgds - Fred Caldarale, Charles R wrote: From: mateo-jl [mailto:mateo...@orange.fr] Subject: re: redirection i think, the best way is to use the mod_jk module. So, in a firewall environment, you can have your web server (Apache) in the non-protected area and apache will redirect all requests (http:// :80 or nothing) at your Tomcat server (http:// :8080) within the protected one. In what way would that improve security? Since all requests would be forwarded to Tomcat, adding httpd accomplishes nothing except additional overhead and complexity. It's silly to place *anything* in a completely unprotected area; you would still have a firewall in place restricting access to just ports 80 and 443, even if httpd were handling those ports. Might as well have Tomcat handle those ports directly. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -- View this message in context: http://www.nabble.com/redirection-tp22809932p22827189.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Deadlock situation detected/avoided with jk_log_lock
Many thanks for your detailed reply. I looked further at the bug numbers you posted... a couple seem significant and happen to be patched on my test server (137111-07). In a couple of my test runs with AcceptMutex pthread trailed the tests with sysvsem, but not conclusively. However, contrary to my earlier report, I still get sporadic errors: [Wed Feb 11 14:40:32 2009] [error] (45)Deadlock situation detected/avoided: apr_global_mutex_lock(jk_log_lock) failed I also re-ran separate tests with mod_ssl + a plain index.html and observed consistently that the apache set with mutex to sysvsem is a fraction faster than posixsem which is a fraction faster than pthread. No Deadlocks, but with fcntl. Thanks again - Fred Rainer Jung-3 wrote: On 06.02.2009 20:40, fredk2 wrote: Do I understand you correctly that when Mr. Orton said to never use pthread nor posixsem mutex (http://marc.info/?l=apr-devm=108720968023158w=2) that is now obsolete news and that Solaris perfected pthread mutex support since. Joe Orton is always very careful with his statements, precise and correct. My personal experience with pthread mutexes on Solaris was fine, but I must confess, that I didn't do specialized tests to determine behaviour in crash situations. I now did some searching and it turns out that the implementation of pthread mutexes for Solaris 10 has very recently changed quite a bit. So all speculations about improved pthread mutex behaviour (especially for robust mutexes) in the last years might have become obsolete. The new implementation is contained in Solaris kernel patch 137137-09 and most likely also in Solaris 10 Update 6 (10/08). I didn't check, whether that update simply contains the kernel patch or the fix is included independently. Some detail is logged in Sunsolve under the bug IDs 6296770 2160259 6664275 6697344 6729759 6564706 You mention that mod_jk uses pthread is that the same as the httpd itself? mod_jk uses a global mutex provided by the apr libraries for access to the log file. It gets a default mutex, i.e. it lets APR decide, which type of mutex to use (APR_LOCK_DEFAULT, for Solaris it should be fcntl). You can't configure like for httpd's accept or ssl mutex. mod_jk uses a couple of more locks, which are all not APR provided, but instead directly coded to use pthreads. All of those mutexes are only thread mutexes, so used locally in each process and not shared between processes. They won't have a problem with crashing processes. They are: - one mutex for each AJP worker, synchronizing access to the connection pool, which exists per process - one mutex for each lb worker - a mutex for access to the shared memory when changing or reading configuration parameters. That might be a little unsafe, because it actually should be a global mutex, not a process local, but those config changes are only done due to interaction with the status worker, so there's very little chance for unwanted concurrency here. All dynamic runtime data are already marked as being volatile. - a mutex used during dynamic update of uriworkermap.properties to prevent concurrent updates. Updates are done per process. - a mutex to prevent concurrent execution of the process local internal maintenance task Some fellow at Covalent back in the early Apache 2.0 days, posted a white paper about his various mutex testing, but it does not appear to be available anymore. Would be interesting to know how it was tested and how it would playout today. Lots of the Covalent people are still around in various projects, like William (Bill) A. Rowe and Jim Jagielski. You could post at apr-dev, because Apache httpd uses the mutex implementations coming from the APR libraries. Rainer Jung-3 wrote: On 06.02.2009 18:13, fredk2 wrote: I was doing some stress test (with apache ab, 100 users, 100K requests) to compare an Apache prefork and worker mpm. The test url is a simple hello servlet on Tomcat 6.0.x via mod_jk. On my Sparc Solaris 10 server with only the Apache set to worker mpm I see following error messages in my jk log: Apache/2.2.11 (Unix) with mod_jk/1.2.26 on Solaris 10. . . . [Thu Jan 08 11:42:28 2009] [error] (45)Deadlock situation detected/avoided: apr_global_mutex_lock(jk_log_lock) failed . . . [Thu Jan 08 11:42:29 2009] [emerg] (45)Deadlock situation detected/avoided: apr_proc_mutex_lock failed. Attempting to shutdown process gracefully. [Thu Jan 08 11:42:29 2009] [error] (45)Deadlock situation detected/avoided: apr_global_mutex_lock(jk_log_lock) failed . . . these errors do not appear to impact the test results and the jk log file seems complete. I can suppress the errors by choosing another Mutex in the Apache directive AcceptMutex, such as sysvsem or pthread. For Solaris 10 the default mutex for worker MPM is fcntl. Setting the Mutex sysvsem (also the default on Linux) marginally
Deadlock situation detected/avoided with jk_log_lock
Hi, I was doing some stress test (with apache ab, 100 users, 100K requests) to compare an Apache prefork and worker mpm. The test url is a simple hello servlet on Tomcat 6.0.x via mod_jk. On my Sparc Solaris 10 server with only the Apache set to worker mpm I see following error messages in my jk log: Apache/2.2.11 (Unix) with mod_jk/1.2.26 on Solaris 10. . . . [Thu Jan 08 11:42:28 2009] [error] (45)Deadlock situation detected/avoided: apr_global_mutex_lock(jk_log_lock) failed . . . [Thu Jan 08 11:42:29 2009] [emerg] (45)Deadlock situation detected/avoided: apr_proc_mutex_lock failed. Attempting to shutdown process gracefully. [Thu Jan 08 11:42:29 2009] [error] (45)Deadlock situation detected/avoided: apr_global_mutex_lock(jk_log_lock) failed . . . these errors do not appear to impact the test results and the jk log file seems complete. I can suppress the errors by choosing another Mutex in the Apache directive AcceptMutex, such as sysvsem or pthread. For Solaris 10 the default mutex for worker MPM is fcntl. Setting the Mutex sysvsem (also the default on Linux) marginally improves the request time. Can someone explain what exactly these errors means? when does it occur? I would have almost expect a detected/avoided to be a [warn] instead of an [error]. I have seen the trail http://markmail.org/message/dedqpmrrkpa224ns but I'd like to hear updated experiences that people have with sysvsem mutexes on Solaris 10 - what is the better mutex? sysvsme, posixsem, pthread **? any comment will be appreciated. Many thanks, Fredk -- View this message in context: http://www.nabble.com/Deadlock-situation-detected-avoided-with-jk_log_lock-tp21876381p21876381.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk
Hi Rainer, your comment about the watchdog sounds interesting. When you load balance it would seem useful to get feedback from Tomcat itself about its load so that the module can adjust dynamically its load (lbfactor) based on the Tomcat's performance rather than a session/socket count. One can wonder if such added complexity would be detrimental to the mod_jk stability. Rgds - Fred Rainer Jung-3 wrote: On 06.02.2009 18:23, André Warnier wrote: gerhardus.geldenh...@gta-travel.com wrote: 1) As far as I know, no, mod_jk does not read workers.properties dynamically. 2) Yes and no, it will not send a request unless communication has been established with the worker, it may happen that the worker fails, or someone shut it down. Depending on how you configure the workers and the number of workers, it can retry the request and/or try a different worker. Mod_jk will mark the worker on error when it does not respond, and it will try again after a configurable time -but it tries again with an actual request-. It would be really nice if you could test availability of a node with a configurable request instead of a live production request... (hint, hint) Isn't that what ping is about ? Ping tests, whether there is something able to still process AJP on the other side of the connection. A configurable request would be able to talk to the application, so one could detect, whether it is still deployed, and if the request would be handled by an intelligent servlet it could respond with some sort of application layer health status. Worth filing an enhancement request, since Mladen put the Watchdog thread into 1.2.27, we can easily add more logic of that type. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/mod_jk-tp21856049p21878692.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Deadlock situation detected/avoided with jk_log_lock
Thanks Rainer, Do I understand you correctly that when Mr. Orton said to never use pthread nor posixsem mutex (http://marc.info/?l=apr-devm=108720968023158w=2) that is now obsolete news and that Solaris perfected pthread mutex support since. You mention that mod_jk uses pthread is that the same as the httpd itself? Some fellow at Covalent back in the early Apache 2.0 days, posted a white paper about his various mutex testing, but it does not appear to be available anymore. Would be interesting to know how it was tested and how it would playout today. Rgds - Fred Rainer Jung-3 wrote: On 06.02.2009 18:13, fredk2 wrote: I was doing some stress test (with apache ab, 100 users, 100K requests) to compare an Apache prefork and worker mpm. The test url is a simple hello servlet on Tomcat 6.0.x via mod_jk. On my Sparc Solaris 10 server with only the Apache set to worker mpm I see following error messages in my jk log: Apache/2.2.11 (Unix) with mod_jk/1.2.26 on Solaris 10. . . . [Thu Jan 08 11:42:28 2009] [error] (45)Deadlock situation detected/avoided: apr_global_mutex_lock(jk_log_lock) failed . . . [Thu Jan 08 11:42:29 2009] [emerg] (45)Deadlock situation detected/avoided: apr_proc_mutex_lock failed. Attempting to shutdown process gracefully. [Thu Jan 08 11:42:29 2009] [error] (45)Deadlock situation detected/avoided: apr_global_mutex_lock(jk_log_lock) failed . . . these errors do not appear to impact the test results and the jk log file seems complete. I can suppress the errors by choosing another Mutex in the Apache directive AcceptMutex, such as sysvsem or pthread. For Solaris 10 the default mutex for worker MPM is fcntl. Setting the Mutex sysvsem (also the default on Linux) marginally improves the request time. Can someone explain what exactly these errors means? when does it occur? I would have almost expect a detected/avoided to be a [warn] instead of an [error]. I have seen the trail http://markmail.org/message/dedqpmrrkpa224ns but I'd like to hear updated experiences that people have with sysvsem mutexes on Solaris 10 - what is the better mutex? sysvsme, posixsem, pthread **? any comment will be appreciated. I experienced this too a couple of times and once wrote a small C program to reproduce the problem. On Solaris the algorithm to detect a possible deadlock is very careful and returns EDEADLOCK even in situations were you can mathematically prove, that a deadlock is not possible. This happens in a multi-threaded environment when more than one mutex is used. Apache httpd and mod_jk use such a mutex and SSL also (so you can observe the same warnings without mod_jk only using SSL with httpd and doing stress tests). In older JK versions this could lead to a hang, but we worked around that a couple of versions ago. I generally recommend the pthread mutex for Solaris which doesn't have the problem and seems to be robust despite warnings about pthread mutexes in very old versions of Solaris. We even once had a discussion about changing the default httpd mutex on Solaris once, but I think that discussion didn't come to an end. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Deadlock-situation-detected-avoided-with-jk_log_lock-tp21876381p21879345.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Forward request from apache to specific web application
hi, in your tomcat server's webapp directory create a directory ./ROOT (in caps) and copy your application in there. Then restart tomcat. In the workers.properties set the JkMount /* see: http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html Alternatively you can set the context xml file mapping to / or add a ROOT.xml, see http://tomcat.apache.org/tomcat-6.0-doc/config/context.html Btw,with mod_jk 1.2.26 you can use replace: JkMount /mywebapp ajp13 JkMount /mywebapp/* ajp13 with on line: JkMount /mywebapp|/* ajp13 If you need to keep the tomcat uri /mywebapp, then you need to set a ProxyPass directive in apache (see the mod_proxy doc). Rgrds, Fred Salalam wrote: I think my problem is very common, but I didn't find a solution. I have Tomcat 5.5 with a web application. Let's say this application is deployed in the context 'mywebapp'. I can call the application with the url http://mydomain.com:8080/mywebapp. But now i want to call the application via apache directly, e.g. with port 80 so that the url is just http://mydomain.com I already configured mod_jk a little bit but my problem is: How do I forward the requests from apache to a specific webapplication in tomcat? My workers.properties has the following content: ps=/ worker.list=ajp13 worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 worker.ajp13.lbfactor=1 In httpd.conf I have the following entries: JkMount /mywebapp ajp13 JkMount /mywebapp/* ajp13 This works fine with the url http://mydomain.com/mywebapp; but I want to use the url http://mydomain.com; and every request to this url should be forwarded to the mywebapp-application in tomcat. What is missing? Thanks! -- View this message in context: http://www.nabble.com/Forward-request-from-apache-to-specific-web-application-tp21641751p21644174.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: jsvc creates pid file owned by root
Hi, can you set the umask before you run jsvc ? Rgds Fred Gunnar Boström wrote: Hi, I can start and stop Tomcat 5.5 with the jsvc program but the problem is that the pid file is created with permissions 600 and owned by root. I want to be able to read the pid file to check if the Tomcat process is up and running and also for other purposes. Is it possible to make the pid file be owned by the user that runs Tomcat or have the permissions to be set to 666? Regards Gunnar -- View this message in context: http://www.nabble.com/jsvc-creates-pid-file-owned-by-root-tp16606528p16608805.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Can Tomcat set its pid in a file?
Hi, Currently the pid file is set when you run catalina.sh (unix/linux) if [ ! -z $CATALINA_PID ]; then echo $! $CATALINA_PID fi In some situation (when using sudo, su, catalina.out piped to a log rotation program) it is harder and possibly prone to error to get the right pid - $! might not be the pid of the JVM. Apache httpd sets the pid file and cleans it up Is there a simple way/sample to have Tomcat set the pid file during its bootstrap and not the startup shell script ? Rgds Fred -- View this message in context: http://www.nabble.com/Can-Tomcat-set-its-pid-in-a-file--tp16610493p16610493.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can Tomcat set its pid in a file?
Interestingly I cannot use jsvc. We are using a Java 5 jvm option -javaagent which is not supported by jsvc. I was looking at jws which does a little bit more (although missing the cool -user option), but that seems to have become a commercial venture. Fred David Smith-2 wrote: You could use jsvc instead of the shell scripts. --David fredk2 wrote: Hi, Currently the pid file is set when you run catalina.sh (unix/linux) if [ ! -z $CATALINA_PID ]; then echo $! $CATALINA_PID fi In some situation (when using sudo, su, catalina.out piped to a log rotation program) it is harder and possibly prone to error to get the right pid - $! might not be the pid of the JVM. Apache httpd sets the pid file and cleans it up Is there a simple way/sample to have Tomcat set the pid file during its bootstrap and not the startup shell script ? Rgds Fred - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Can-Tomcat-set-its-pid-in-a-file--tp16610493p16616237.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.x or 6.x: ROOT limitation removed?
Hi,
i do not think so, but what I did is to set an contex ROOT.xml (not sure
the upper case is needed - i would think it is) and then set the docBase
(relative to webapps or fully qualified) to your app eg.
./conf/Catalina/localhost/ROOT.xml
Context docBase=${catalina.base}/mydir/myapp
privileged=true antiResourceLocking=false
antiJARLocking=false
/Context
Rgds
Fred
Francis Galiegue wrote:
Hello list,
I use Tomcat 5.0.30 as a bare bones, no fuss webapp container, with a
very, very simple server.xml:
Server port=8005 shutdown=SHUTDOWN
Service name=Catalina
Connector port=8009 protocol=AJP/1.3 enableLookups=false
URIEncoding=UTF-8 maxProcessors=0/
Engine name=Catalina defaultHost=localhost
Host name=localhost appBase=external-webapps autoDeploy=false
deployXML=false unpackWARs=false
Context docBase=/var/lib/tomcat5/webapps/one2team path=
!-- plus two loggers --
/Context
/Host
/Engine
/Service
/Server
We use mod_jk at the Apache level to communicate with the webapp.
Unfortunately, this configuration is a hack:
* the appBase in Host points to a non existing directory within
$CATALINA_HOME;
* the docBase of the only Context is an absolute path to the webapp
root.
The problem is, we do _NOT_ want the webapp directory to be named
ROOT, we want it to remain one2team. And this is the only solution
I've found...
Ideally, I'd have liked to not lie to Host and have a ROOT.xml in
Catalina/localhost saying that no, my webapp root directory is not
named ROOT, it's one2team, thank you very much. But no, this doesn't
work.
As you can see, I also had to set autoDeploy to false, otherwise the
webapp was deployed twice: once under /, which is what we want, and
another time under /one2team, which we don't want either...
Does tomcat5.5 remove this limitation? Or even tomcat 6.x?
Thanks in advance,
--
Francis Galiegue, [EMAIL PROTECTED], [EMAIL PROTECTED]
One2team - 42 Av. Raymond Poincaré - 75116 PARIS
When it comes to performance, weight is everything - Tiff Needell
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/Tomcat-5.5.x-or-6.x%3A-ROOT-limitation-removed--tp16572902p16573847.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache fails to start when .host does not resolve.
Hi Thank you for your reply - as alway I appreciate. I can understand your point very well and I did dismiss the original complaint as such - a one-off, a minor issue. There is one silly anecdote: assume that you have a heavily shared Apache with a bunch of workers... one day one of the friendly *sharee* decides that he does not need one of his hosts anymore and forgets to tell the server admin. A later restart affects all the services hosted because of this ...how to say it... oversight:-). To get apache up again you probably need to logging physically to the server and vi the config file (some pain). Rgds Fred Rainer Jung-3 wrote: fredk2 schrieb: Hi, when you set a load balancer (mod_jk v1.2.26) with 2 workers: worker.myWorker.type=lb worker.myWorker.balance_workers=tc1Worker, tc2Worker and one of the worker's host cannot be resolved: worker.tc2Worker.host=mytest.mydom.com Then Apache will not start. - since the other worker is 'good', should'nt we let apache start with a nice error message informing you that one worker could not resolved (done today) and jk will disable the worker and let apache start anyway? - Adding a disable does not fix the issue it seems. Only removing the worker from the list does. worker.tc2Worker.activation=d Yes that's the way it was implemented intentionally. The idea is that if DNS fails to resolve a host (some admin mistake) and Apache was restarted automatically for unrelated reasons, it would fail to come back online without a manual intervention - editing a configuration file (which might be a challenge). In general I think it's better to not start, if a worker is completely broken. Yes, in your case it would provide a problem with regular restarts, but we could argue, that if your DNS is not rock solid, but your production systems depend on IP address resolution, then you should either use the IPs in the workers host attribute, or add the few systems you need to contact from your httpd to your hosts file. Of course that contradicts the major goals of DNS, but if you want to stick to those you really need a rock solid DNS (which is not that hard). Admin failures when managing critical DNS data are really major incidents. If we allow unresolvable host names, it's very likely that users will not notice the resulting error messages during startup. And I think it's much more likely that people simply put typos into the host names than the occurence of local DNS failures. This seems to be grey area, where there's no obviously best solution. Rgds - Fred Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Apache-fails-to-start-when-.host-does-not-resolve.-tp16422828p16574355.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem in running Tomcat
Hi, Delete WEB-INF/lib/servlet.jar. I always wonder: why do some applications have the servlet.jar in WEB-INF/lib when the 'curent' one is already in the ./common/lib ? INFO: validateJarFile(/root/apache-tomcat-5.5.26/webapps/ROOT/WEB-INF/lib/servlet.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class Rgds - Fred -- View this message in context: http://www.nabble.com/Problem-in-running-Tomcat-tp16383891p16421744.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache fails to start when .host does not resolve.
Hi, when you set a load balancer (mod_jk v1.2.26) with 2 workers: worker.myWorker.type=lb worker.myWorker.balance_workers=tc1Worker, tc2Worker and one of the worker's host cannot be resolved: worker.tc2Worker.host=mytest.mydom.com Then Apache will not start. - since the other worker is 'good', should'nt we let apache start with a nice error message informing you that one worker could not resolved (done today) and jk will disable the worker and let apache start anyway? - Adding a disable does not fix the issue it seems. Only removing the worker from the list does. worker.tc2Worker.activation=d The idea is that if DNS fails to resolve a host (some admin mistake) and Apache was restarted automatically for unrelated reasons, it would fail to come back online without a manual intervention - editing a configuration file (which might be a challenge). Rgds - Fred -- View this message in context: http://www.nabble.com/Apache-fails-to-start-when-.host-does-not-resolve.-tp16422828p16422828.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: When is mod_jk 1.2.27 expected to be stable?
Many thanks - so far it does not break anything (Linux/Solaris), but I do not have a good (application/)test to confirm the reply_timout feature. Rgds - Fred Rainer Jung-3 wrote: Hi Fred, fredk2 schrieb: Hi, When is mod_jk 1.2.27 expected to be stable? I just stumbled accross the change log for the jk connector which shows an interesting feature: the ability to configure a reply_timeout not only per worker, but instead per mapping. http://tomcat.apache.org/tomcat-4.1-doc/jk/miscellaneous/changelog.html Ouups, didn't realize that we bundle a dev snapshot of JK documentation with TC 4.1. It would be better to link to the offically released docs. Yes, I hope that will be a very useful feature, because often long running requests are expected for very few known URLs (reporting etc). If I go to the main connector site (or via Tomcat 6) I do not see 1.2.27 Kind Rgds - Fred 1.2.27 is not released yet. There is a very interesting feature for the IIS plugin pending (supporting chunked encoding). I expect, that we'll cut a release candidate around ApacheCon (second week of april) either with or without the IIS feature and that the official release should be available about 2 weeks later. I use a current dev snapshot in some customer installations and it seems to run fine, no problems there. So if you really have a good use case, you could consider using a dev snapshot of 1.2.27, at least on pre production systems. You can find a dev snapshot under http://people.apache.org/~rjung/mod_jk-dev/ Let us know your findings. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/When-is-mod_jk-1.2.27-expected-to-be-stable--tp16288110p16398501.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
When is mod_jk 1.2.27 expected to be stable?
Hi, When is mod_jk 1.2.27 expected to be stable? I just stumbled accross the change log for the jk connector which shows an interesting feature: the ability to configure a reply_timeout not only per worker, but instead per mapping. http://tomcat.apache.org/tomcat-4.1-doc/jk/miscellaneous/changelog.html If I go to the main connector site (or via Tomcat 6) I do not see 1.2.27 Kind Rgds - Fred -- View this message in context: http://www.nabble.com/When-is-mod_jk-1.2.27-expected-to-be-stable--tp16288110p16288110.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JkRequestLogFormat Options
Hi,
btw, in your log format line you have %{JK_REQUEST_DURATON}n instead of
%{JK_REQUEST_DURATION}n see the missing I.
I am using 1.2.25 and i get times alike 0.0275 when using Apache 2.2
Rgds, Fred
Ahmed Musa wrote:
Hallo,
I am logging the mod_jk Output through the Apache access_log - as written
in the reference found under
http://tomcat.apache.org/connectors-doc/reference/apache.html
Because i want to get clearness about what exactly is going on in our
system i use the following LogFormat:
LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\
\%{Cookie}i\ \%{Set-Cookie}o\ %{pid}P %{tid}P%T
%{JK_WORKER_NAME}n %{JK_REQUEST_DURATON}n %{JK_WORKER_ROUTE}n
%{JK_LB_FIRST_NAME}n %{JK_LB_FIRST_BUSY}n %{JK_LB_FIRST_VALUE}n
%{JK_LB_FIRST_ACCESSED}n %{JK_LB_FIRST_READ}n %{JK_LB_FIRST_TRANSFERRED}n
%{JK_LB_FIRST_ERRORS}n %{JK_LB_FIRST_ACTIVATION}n
%{JK_LB_FIRST_STATE}n %{JK_LB_LAST_NAME}n mod_jk_log
...everthing works fine except the Options responsible for the Request
Duration.
Mostly neither %T nor %{JK_REQUEST_DURATON}n have a Value (%T mostly is 0
an the other Parameter is -).
At some Requests i found the %T has a value like for example 2 or 3.. -
and JK_REQUEST DURATION has -
or %T is 0 and JK_REQUEST_DURATION has an value like 2 or 3 ...
First - why are there not values at each request ?
Second -i think both Options are measuring the same Value - why they are
not the same ?
Third - why they are not showing seconds.microseconds as written in the
reference but only (I think so) rounded seconds.
We use mod_jk 1.2.26
Thanks for help
Best
ahmed
--
Psst! Geheimtipp: Online Games kostenlos spielen bei den GMX Free Games!
http://games.entertainment.web.de/de/entertainment/games/free
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/JkRequestLogFormat-Options-tp15736214p15745192.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Does logging with swallowOutput=true buffer the output ?
Hi,
I have a servlet that loops and writes normally to catalina.out with
System.out.println(iteration);
I can tail -f catalina.out and see the iterations as they happen.
The problem is that after configuring the applications logging.properties as
shown below and set the application context xml with the attribute
swallowOutput=true, I do not see the iterations until the very last one.
I am a bit puzzled as to what is happening and where that behavior should be
corrected. Any ideas ?
Tx - Fred
$ cat logging.properties
handlers = org.apache.juli.FileHandler
org.apache.juli.FileHandler.level = FINEST
org.apache.juli.FileHandler.directory = ${catalina.base}/logs
org.apache.juli.FileHandler.prefix = myapp.
--
View this message in context:
http://www.nabble.com/Does-logging-with-swallowOutput%3D%22true%22-buffer-the-output---tp15747629p15747629.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and Apache Deny rules
Hi, Any reasons as to why not set the directives in the httpd.conf instead of .htaccess ? .htaccess only matters to requests for the directory it is in. Fred Aaron Brown-5 wrote: I've been trying to block the litefinder malicious bot which scours our site every day and tries to access pages with the incorrect case, thus causing crazy amounts of errors to get thrown. We have an Apache 2.2.4 front end using mod_jk to load balance against 9 Tomcat instances on 6 separate machines. I have an .htaccess file that blocks based on user agent along with some known ip addresses for the bot. This works correctly for all static content. That is, when I change my browser's user agent to litefinder, and access the site, I am denied all gif, jpg, css, js, etc files. However, all the dynamic content is passed on to Tomcat without honoring the rules in .htaccess, thus not solving my problem. My question is basically, how do I/can I make Apache enforce my deny rules even for JkMount'ed data? If you need more info, I'm happy to provide. Thanks! Aaron == Here is the .htaccess file in my webroot: #block litefinder malicious crawler SetEnvIfNoCase User-Agent LiteFinder stayout=1 Order Allow,deny Allow from all Deny from env=stayout Deny from 208.101.44.3 Deny from 209.160.65.42 Deny from 209.62.109.178 Deny from 216.40.220.34 Deny from 216.40.222.50 Deny from 216.40.222.66 Deny from 216.40.222.82 Deny from 216.40.222.98 Deny from 67.19.114.226 Deny from 67.19.250.26 Deny from 70.85.113.242 Deny from 74.53.243.226 Deny from 74.53.243.242 Deny from 74.53.244.18 Deny from 74.53.249.34 Deny from 74.86.209.74 Deny from 74.86.249.98 Deny from 75.125.18.178 Deny from 75.125.47.162 Deny from 75.125.52.146 Deny from 84.19.176.208 Deny from 87.118.118.111 Deny from 87.118.98.57 Deny from 87.118.98.62 Here is the relevant section from my httpd.conf VirtualHost :80 DocumentRoot ServerName * JkMount /jkstatus/* status JkMount /* v3lb JkMount /captcha/Captcha.jpg v3lb JkUnMount /member/bzzmap/*.xml v3lb JkUnMount /member/bzzmap/*.swf v3lb JkUnMount /manager/* v3lb JkUnMount /images/* v3lb JkUnMount /awstats/* v3lb JkUnMount /img/* v3lb JkUnMount /js/* v3lb JkUnMount /*.gif v3lb JkUnMount /*.png v3lb JkUnMount /*.pdf v3lb JkMount /captcha/* v3lb JkUnMount /member/campaigns/*.jpg v3lb JkUnMount /*.css v3lb JkUnMount /*.html v3lb JkUnMount /*.mov v3lb JkUnMount /*.wmv v3lb JkUnMount /*.rm v3lb JkUnMount /*.ram v3lb #JkUnMount /*.swf v3lb JkUnMount /*.mpeg v3lb JkUnMount /*.mpg v3lb JkUnMount /*.mp3 v3lb JkUnMount /*.xml v3lb JkMount /dwr v3lb ErrorLog logs/www.error_log CustomLog logs/www.access_log combined /VirtualHost - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Tomcat-and-Apache-Deny-rules-tf4956657.html#a14196976 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: when does use mod_jk and jni?
thank you very much - that explains the scant references I found out there :-) Rainer Jung-3 wrote: Adding to Bill: it was used to embed the backend process into the Apache httpd process space. It's not maintained any longer and we should add appropriate wording to the docs: Don't use it.. Regards, Rainer fredk2 wrote: Hi, Reading the documentation for mod_jk (1.2.25 --enable-jni), I am curious about something. In what case do you use mod_jk jni ? Thank you - Fred - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/when-does-use-mod_jk-and-jni--tf4417743.html#a12613799 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logformat for mod_jk logs
hi I have not used it in long while but i think it required: JkRequestLogFormat %w %V %U %s %T %B %H %m Rgds - Fred Gerhardus.Geldenhuis wrote: Hi Does anyone know if the script tomcat_trend.pl requires a specific JkRequestLogFormat string. Doing a search through the list archives on my local machine I found the following two settings being used: JkRequestLogFormat %b %w %V %T %r JkRequestLogFormat %w %V %T But I am not sure what this script that comes with mod_jk actually requires. Regards __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- View this message in context: http://www.nabble.com/Logformat-for-mod_jk-logs-tf4423183.html#a12616710 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk --enable-prefork
Thanks, So in this case reading some of your past responses (and your source knowledge), we do not have to worry about threaded mod_jk misbehaving in a prefork apache - on linux and solaris that is :-) Rgds - Fred Rainer Jung-3 wrote: Hi Fred, mostly yes, but you could write modules, that break this assumption. An indication is mod_cgi, which exists as mod_cgi and mod_cgid. Another hint into this direction is, that httpd doesn't provide a clean way of exchanging MPMs after compilation. In general it is better to compile the module against the MPM you want to use unless you know the code of the module good enough to judge about its MPM independancy. Regards, Rainer fredk2 wrote: Many thanks for your reply. Is it always implied that if an apache module is deemed 'thread safe' it also implies that it will work in prefork environment maybe at the cost of raw performance ? Thanks again - Fred Rainer Jung-3 wrote: fredk2 wrote: Hi, The documentation for mod_jk (eg. version 1.2.25) about --enable-prefork says: In case you build mod_jk for a multi-threaded Apache httpd 2.0/2.2 MPM (Multi-Processing Module), some areas of mod_jk code need to be synchronized to make it thread-safe. Because configure can not easily detect, whether your are using a multi-threaded MPM, mod_jk by default is always build thread-safe for Apache httpd 2.0/2.2. If you are sure, that your MPM is not multi-threaded, you can use --enable-prefork to force the removal of the synchronization code (thus increasing performance a bit). For instance, the prefork MPM is not multi-threaded. For Apache httpd 1.3 this flag will be set automatically. If you specify apxs, doesn't it require a config_vars.mk which has a value pair MPM_NAME = prefork and thus configure could know that prefork was used? Alternatively assuming that apxs is in the same directory then 'httpd -V' could tell that Server MPM: Prefork You are right: apxs -q MPM_NAME would do the trick. I didn't find that one, thanks. On the other hand, we would still need to manage a list of MPMs (which MPM on which platform is single-threaded) and there is some danger, that people have more than one mpm installed (like on many linux distros) and compile against prefork, later use against worker. All in all I'm still in favor of building thread safe by default and only when explicitely requested removing the thread synchronization. The question I have: if the Apache httpd v2.2 is prefork and the mod_jk is compiled default threaded, are there any potential instabilities? (on Solaris and Linux) No, not that we aware of any. On both platforms, the default was building thread safe for a long time. We use pthread mutexes and no problems have been reported with those. Many thanks - Fred Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/mod_jk---enable-prefork-tf4417291.html#a12628071 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mod_jk --enable-flock documentation question
Hi, Reading the mod_jk (1.2.25) compilation documentation for --enable-flock it says: In case the operating system supports flock system call use this flag to enable this faster locks that are implemented as system call instead emulated by GNU C library. However those locks does not work on NFS mounted volumes, so you can use --enable-flock during compile time to force the flocks() calls. + this text seems to say to use --enable-flock to tell mod_jk to use the flock system call - if supported. Then it says that NFS does not support the flock system call. Thus it seems to me that correct sentence whould be: However those locks do not work on NFS mounted volumes, hence do not set --enable-flock during compile time. ./configure says: Linux - checking for flock... yes Solaris - checking for flock... no So i guess this is a non-issue for Solaris. + Is it correct that --enable-flock only affects the handling of JkShmFile? thus you would mitigate the potential issue(s) if you move this file to a local disk /tmp while the apache and logfiles can remain on the NFS mount. Many thanks - Fred -- View this message in context: http://www.nabble.com/mod_jk---enable-flock-documentation-question-tf4426869.html#a12628444 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mod_jk --enable-prefork
Hi, The documentation for mod_jk (eg. version 1.2.25) about --enable-prefork says: In case you build mod_jk for a multi-threaded Apache httpd 2.0/2.2 MPM (Multi-Processing Module), some areas of mod_jk code need to be synchronized to make it thread-safe. Because configure can not easily detect, whether your are using a multi-threaded MPM, mod_jk by default is always build thread-safe for Apache httpd 2.0/2.2. If you are sure, that your MPM is not multi-threaded, you can use --enable-prefork to force the removal of the synchronization code (thus increasing performance a bit). For instance, the prefork MPM is not multi-threaded. For Apache httpd 1.3 this flag will be set automatically. If you specify apxs, doesn't it require a config_vars.mk which has a value pair MPM_NAME = prefork and thus configure could know that prefork was used? Alternatively assuming that apxs is in the same directory then 'httpd -V' could tell that Server MPM: Prefork The question I have: if the Apache httpd v2.2 is prefork and the mod_jk is compiled default threaded, are there any potential instabilities? (on Solaris and Linux) Many thanks - Fred -- View this message in context: http://www.nabble.com/mod_jk---enable-prefork-tf4417291.html#a12599440 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
when does use mod_jk and jni?
Hi, Reading the documentation for mod_jk (1.2.25 --enable-jni), I am curious about something. In what case do you use mod_jk jni ? Thank you - Fred -- View this message in context: http://www.nabble.com/when-does-use-mod_jk-and-jni--tf4417743.html#a12600560 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk --enable-prefork
Many thanks for your reply. Is it always implied that if an apache module is deemed 'thread safe' it also implies that it will work in prefork environment maybe at the cost of raw performance ? Thanks again - Fred Rainer Jung-3 wrote: fredk2 wrote: Hi, The documentation for mod_jk (eg. version 1.2.25) about --enable-prefork says: In case you build mod_jk for a multi-threaded Apache httpd 2.0/2.2 MPM (Multi-Processing Module), some areas of mod_jk code need to be synchronized to make it thread-safe. Because configure can not easily detect, whether your are using a multi-threaded MPM, mod_jk by default is always build thread-safe for Apache httpd 2.0/2.2. If you are sure, that your MPM is not multi-threaded, you can use --enable-prefork to force the removal of the synchronization code (thus increasing performance a bit). For instance, the prefork MPM is not multi-threaded. For Apache httpd 1.3 this flag will be set automatically. If you specify apxs, doesn't it require a config_vars.mk which has a value pair MPM_NAME = prefork and thus configure could know that prefork was used? Alternatively assuming that apxs is in the same directory then 'httpd -V' could tell that Server MPM: Prefork You are right: apxs -q MPM_NAME would do the trick. I didn't find that one, thanks. On the other hand, we would still need to manage a list of MPMs (which MPM on which platform is single-threaded) and there is some danger, that people have more than one mpm installed (like on many linux distros) and compile against prefork, later use against worker. All in all I'm still in favor of building thread safe by default and only when explicitely requested removing the thread synchronization. The question I have: if the Apache httpd v2.2 is prefork and the mod_jk is compiled default threaded, are there any potential instabilities? (on Solaris and Linux) No, not that we aware of any. On both platforms, the default was building thread safe for a long time. We use pthread mutexes and no problems have been reported with those. Many thanks - Fred Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/mod_jk---enable-prefork-tf4417291.html#a12600955 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: POST data lost when switching URL using mod_rewrite and mod_jk
The mod_rewrites encoding can be changed with option
'noescape|NE' (no URI escaping of output)
This flag keeps mod_rewrite from applying the usual URI escaping rules to
the result of a rewrite. Ordinarily, special characters (such as '%', '$',
';', and so on) will be escaped into their hexcode equivalents ('%25',
'%24', and '%3B', respectively); this flag prevents this from being done.
This allows percent symbols to appear in the output, as in
RewriteRule /foo/(.*) /bar?arg=P1\%3d$1 [R,NE]
Rgds, Fred
Michael Böckling wrote:
why aren't you
switching to https before it gets complicated, i.e. when a simple request
is coming in, like for the form page itself?
Unfortunately, that is not an option.
- is the Location header apache httpd sends back for the
redirect still
OK? You can check with a commandline client like e.g. curl.
No, here's where the trouble starts. It seems like mod_rewrite can't
handle UTF-8 URLs. I used the LiveHTTPHeaders plugin for Firefox, and
here's the output:
Original (correct request):
GET /lucene/target.jsp?test=%C3%BCberraschung HTTP/1.1
Flawed redirect:
Location:
http://localhost:778/lucene/target.jsp?test=%25C3%25BCberraschung
As you can see, the % have been encoded again.
What can I do about it?
Regards,
Michael
- if so, is the second request as decoded by apache OK? The
access log
might give an idea about that
- if so, is the forwarded request from mod_jk to Tomcat OK
(JkLogLevel
debug shows a line ...service... which containes the forwarded URL at
the end)
Regards,
Rainer
Michael Böckling wrote:
Ok, that makes it clear to me.
Thanks for the exhaustive reply!
Btw., I didn't configure the servers, I'm just trying to
get my forms data through and understand as much as possible. :-)
So I switched to GET, but again, I ran into issues, this
time it is character-encoding related.
The Tomcats all have URIEncoding=UTF-8 set, and it works
whithout the rewrite-induced redirect.
But when redirect is used, the following happens:
The parameter führung becomes f%C3%BChrung in my JSPs.
I did AddDefaultEncoding UTF-8 in my Apache config, that
doesn't help. Is there a configuration option for mod_rewrite
or mod_jk that I have to set to make it work? I tried the
ForwardURIxxx options on my mod_jk, but they didn't help. Any Ideas?
Thanks a lot for the help so far!
Regards,
Michael
-Original Message-
From: Rainer Jung [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 06, 2007 4:35 PM
To: Tomcat Users List
Subject: Re: POST data lost when switching URL using
mod_rewrite and
mod_jk
Example from
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
10.3.2 301 Moved Permanently
The requested resource has been assigned a new permanent
URI and any
future references to this resource SHOULD use one of the
returned URIs.
Clients with link editing capabilities ought to
automatically re-link
references to the Request-URI to one or more of the new references
returned by the server, where possible. This response is cacheable
unless indicated otherwise.
The new permanent URI SHOULD be given by the Location field in the
response. Unless the request method was HEAD, the entity of
the response
SHOULD contain a short hypertext note with a hyperlink to the
new URI(s).
If the 301 status code is received in response to a request
other than
GET or HEAD, the user agent MUST NOT automatically redirect
the request
unless it can be confirmed by the user, since this might
change the
conditions under which the request was issued.
Note: When automatically redirecting a POST request after
receiving a 301 status code, some existing HTTP/1.0
user agents
will erroneously change it into a GET request.
So if you are using HTTp Redirect, check your Apache
access log. It's
likely you will notice, that the browser switched from a POST
to a GET
during the redirect and the POST Body isn't send by the
Browser. Nothing
we could do in this case on the server side.
You should try to identify a GET which sits before the
POST in your
clickstream and do the redirect already there (like e.g. when the
browser tries to retrieve the empty form before it tries
to send the
contents).
Regards,
Rainer
Michael Böckling wrote:
Hi folks!
I Have the following setup:
Apache/2.2.4
mod_ssl/2.2.4
mod_jk/1.2.25
mod_rewrite (?)
Apache Tomcat 5.5.23
Browser == Apache + mod_rewrite == mod_jk == Tomcat
This is a Linux machine, and mod_rewrite is used to switch
to SSL on certain URLs.
Problem: the POST data is lost whenever a form on a http
page sends data to a page that gets its URL rewritten to https.
This goes as folllows:
http page = form post to http url = rewrite url to https,
Tomcat 6 and log4j for a web application
Hi,
still reading :-) http://tomcat.apache.org/tomcat-6.0-doc/logging.html
I have setup log4j as above, but with a little twist.
If you permission $CATALINA_HOME as read only and you want to customize the
log4j.properties then you need to install the log4j1.2.14.jar and
log4j.properties in $CATALINA_BASE/lib.
You also need to adjust the catalina.properties common.loader
common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
The tomcat logging works well. However, I have 2 questions related to
installing log4j for a web application:
1. why does the documentation say to add log4j1.2.x.jar to the WEB-INF/lib,
isn't it already loaded by the common.loader at this point?
2. is there a way to add a WEB-INF/classes/log4j.properties to log to
myapp1.log and capture all the logs related to the web application ? Why
would'nt the following create a myapp1.log?
myapp1/WEB-INF/classes/log4j.properties -
log4j.debug=TRUE
log4j.rootLogger=DEBUG,myapp1
# test logger
log4j.logger.org.apache=DEBUG,myapp1
# Log rotation
log4j.appender.myapp1=org.apache.log4j.DailyRollingFileAppender
log4j.appender.myapp1.File=${catalina.base}/logs/myapp1.log
log4j.appender.myapp1.DatePattern='.'-MM-dd
# Print the date in ISO 8601 format
log4j.appender.myapp1.layout=org.apache.log4j.PatternLayout
log4j.appender.myapp1.layout.ConversionPattern=%d [%t] %-5p %c - %m%n
Any hints - suggestions are appreciated,
Many Thanks - Fred
--
View this message in context:
http://www.nabble.com/Tomcat-6-and-log4j-for-a-web-application-tf4325752.html#a12319790
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6 and log4j for a web application
I would like both one common/lib/log4j.properties for the main Tomcat
container logging and another log4j for each web apps - where you set its
log filename and rotation etc...
The tomcat logging would be of interest to an admin and the web app logs to
the developer.
Do I make sense?
Tx - Fred
Filip Hanik - Dev Lists wrote:
if you want to use log4j in your application only,
then forget everything you read on logging.html
all you need to do is log4j.jar in WEB-INF/lib
log4j.properties in WEB-INF/classes
the steps you are outlining, are converting tomcat from using
java.util.logging to log4j for the container. and you don't need those
steps if all you want is log4j for a webapp
Filip
fredk2 wrote:
Hi,
still reading :-) http://tomcat.apache.org/tomcat-6.0-doc/logging.html
I have setup log4j as above, but with a little twist.
If you permission $CATALINA_HOME as read only and you want to customize
the
log4j.properties then you need to install the log4j1.2.14.jar and
log4j.properties in $CATALINA_BASE/lib.
You also need to adjust the catalina.properties common.loader
common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
The tomcat logging works well. However, I have 2 questions related to
installing log4j for a web application:
1. why does the documentation say to add log4j1.2.x.jar to the
WEB-INF/lib,
isn't it already loaded by the common.loader at this point?
2. is there a way to add a WEB-INF/classes/log4j.properties to log to
myapp1.log and capture all the logs related to the web application ? Why
would'nt the following create a myapp1.log?
myapp1/WEB-INF/classes/log4j.properties -
log4j.debug=TRUE
log4j.rootLogger=DEBUG,myapp1
# test logger
log4j.logger.org.apache=DEBUG,myapp1
# Log rotation
log4j.appender.myapp1=org.apache.log4j.DailyRollingFileAppender
log4j.appender.myapp1.File=${catalina.base}/logs/myapp1.log
log4j.appender.myapp1.DatePattern='.'-MM-dd
# Print the date in ISO 8601 format
log4j.appender.myapp1.layout=org.apache.log4j.PatternLayout
log4j.appender.myapp1.layout.ConversionPattern=%d [%t] %-5p %c - %m%n
Any hints - suggestions are appreciated,
Many Thanks - Fred
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/Tomcat-6-and-log4j-for-a-web-application-tf4325752.html#a12320351
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can we use output/extras/tomcat-juli.jar by default?
Hi,
If I understand Filip's answer correctly... the difference between the
default tomcat-juli.jar and the output/extras/tomcat-juli.jar is that the
first one is some glue code that hardcodes commons-logging to work only
with java.util.logging and the second supports the complete
commons-logging - therefore also log4j.
So am I correct to think that it does not hurt to have the extras
tomcat-juli.jar and tomcat-juli-adapters.jar in the ${catalina.home}/lib,
without log4j.jar, and still successfully log by configuring a j.u.l
${catalina.base}/conf/logging.properties ?
Bill's comment is an interesting one. I remember seeing somewhere (tomcat
docs?) a warning against app reloading; that doing so was a memory leak soon
or later.
Many Thanks - Fred
fredk2 wrote:
Hi,
To use log4j the documentation
http://tomcat.apache.org/tomcat-6.0-doc/logging.html
suggest that we need to:
1. Replace $CATALINA_HOME/bin/tomcat-juli.jar with the
output/extras/tomcat-juli.jar.
2. Place output/extras/tomcat-juli-adapters.jar in $CATALINA_HOME/lib.
What do these file do? why are they extras and why not have them in the
default build?
they enable you to plug in commons-logging if you want to use that
instead of java.util.logging
Filip
In my quick basic tests I did not observe any difference in the logging
behaviors when compared to the original tomcat-juli.jar. Can anyone
explain
how or when this would become a problem?
Many Thanks - Fred
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/Can-we-use-output-extras-tomcat-juli.jar-by-default--tf4288716.html#a12245350
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Can we use output/extras/tomcat-juli.jar by default?
Hi, To use log4j the documentation http://tomcat.apache.org/tomcat-6.0-doc/logging.html suggest that we need to: 1. Replace $CATALINA_HOME/bin/tomcat-juli.jar with the output/extras/tomcat-juli.jar. 2. Place output/extras/tomcat-juli-adapters.jar in $CATALINA_HOME/lib. What do these file do? why are they extras and why not have them in the default build? In my quick basic tests I did not observe any difference in the logging behaviors when compared to the original tomcat-juli.jar. Can anyone explain how or when this would become a problem? Many Thanks - Fred -- View this message in context: http://www.nabble.com/Can-we-use-output-extras-tomcat-juli.jar-by-default--tf4288716.html#a12209126 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] General mappings in Workers2.properties
Hi, Workers2.properties was used for mod_jk2. This product is not maintained anymore. Use mod_jk which is actively maintained by some cool developer(s) :-) It is much better documented and featured. see http://tomcat.apache.org/connectors-doc/ Rgds, FredK -- View this message in context: http://www.nabble.com/General-mappings-in-Workers2.properties-tf3365337.html#a9366291 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
When webapps/ROOT does not exist the status code is 400 instead of 404, why?
Hi, In Tomcat 5.5.16 - I forgot to define a context xml file for my application and got status error code 400 which was puzzling. After I added a ROOT subdirectory to my webapps directory I got the status code 404, which was less confusing. Questions: - I checked the http://tomcat.apache.org site but cannot find documentation for ROOT. Is there any? - why code 400 and not 404 ? Many thanks - Fred Test: Before ROOT was created: --- bash$ telnet localhost 8080 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /test HTTP/1.1 Host: localhost HTTP/1.1 400 No Host matches server name localhost Server: Apache-Coyote/1.1 Transfer-Encoding: chunked Date: Wed, 07 Mar 2007 23:45:04 GMT Connection: close After ROOT was created: --- bash-2.04$ telnet localhost 8080 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /test HTTP/1.1 Host: localhost HTTP/1.1 404 /test Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 986 Date: Thu, 08 Mar 2007 00:48:46 GMT error html from tomcat -- View this message in context: http://www.nabble.com/When-webapps-ROOT-does-not-exist-the-status-code-is-400-instead-of-404%2C-why--tf3366756.html#a9367005 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is this possibe? mod_jk ==SSL== AJP/1.3
Hi, although I have not tested this personally, but I was told that mod_proxy (_ajp) does not have the Auto Flush option that you can set with mod_jk and thus creates problem for streaming applications. I wonder if others came accross this problem ? Rgds - Fred Hassan Schroeder-2 wrote: On 12/7/06, dfelicia [EMAIL PROTECTED] wrote: mod_proxy is ... It also doesn't offer load-balancing, Not true; see http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html I've used this recently (with mod_proxy_ajp) and it worked fine. :-) FWIW, -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Is-this-possibe---mod_jk-%3C%3D%3DSSL%3D%3D%3E-AJP-1.3-tf2776640.html#a7758513 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is this possibe? mod_jk ==SSL== AJP/1.3
ooops - I need to spend more time reading the fine manual :-) tx for the reminder :) Hassan Schroeder-2 wrote: On 12/8/06, fredk2 [EMAIL PROTECTED] wrote: although I have not tested this personally, but I was told that mod_proxy (_ajp) does not have the Auto Flush option that you can set with mod_jk and thus creates problem for streaming applications. You might want to look at the flushpackets parameter to the ProxyPass directive http://httpd.apache.org/docs/2.2/mod/mod_proxy.html :-) FWIW, -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Is-this-possibe---mod_jk-%3C%3D%3DSSL%3D%3D%3E-AJP-1.3-tf2776640.html#a7760968 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is this possibe? mod_jk ==SSL== AJP/1.3
hi: As far as have seen there is no SSL support for AJP/1.3 - the trafic is in clear between the Apache and tomcat using mod_jk. I guess with apache 2 you can use mod_proxy and ssl to a tomcat using the http connector with ssl. If you have apache and tomcat on separate servers you might have to look at stunnel to encrypt the traffic. Fred Martin Gainty wrote: unless of course the Cert is self-signed with keytool I would remove all the certs from classpath and start with a 'True Certificate' signed by Verisign or Thawte M- - Original Message - From: dfelicia [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Thursday, December 07, 2006 2:46 PM Subject: Is this possibe? mod_jk ==SSL== AJP/1.3 Can traffic between mod_jk and Tomcat's AJP connector be encrypted (without using ssh/stunnel)? I see SSL mentioned in the doc for AJP, but it's clear as mud: http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html So, in Apache, I am using SSL and mod_jk. I set these parameters per the mod_jk doc: # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkExtractSSL On # What is the indicator for SSL (default is HTTPS) JkHTTPSIndicator HTTPS # What is the indicator for SSL session (default is SSL_SESSION_ID) JkSESSIONIndicator SSL_SESSION_ID # What is the indicator for client SSL cipher suit (default is SSL_CIPHER) JkCIPHERIndicator SSL_CIPHER # What is the indicator for the client SSL certificated (default is SSL_CLIENT_CERT) JkCERTSIndicator SSL_CLIENT_CERT In Tomcat's server.xml, I have define an AJP/1.3 connector like so: Connector port=8202 protocol=AJP/1.3 URIEncoding=UTF-8 scheme=https secure=true clientAuth=false (mod_jk worker uses this connection) It works whether I set scheme and secure or not. Is the communication encrypted? (If so, I'd wonder how since Tomcat knows nothing of my CA's public key or my keystore.) What am I missing? -- View this message in context: http://www.nabble.com/Is-this-possibe---mod_jk-%3C%3D%3DSSL%3D%3D%3E-AJP-1.3-tf2776640.html#a7746284 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Is-this-possibe---mod_jk-%3C%3D%3DSSL%3D%3D%3E-AJP-1.3-tf2776640.html#a7747753 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with Mod_JK 1.2.15 and 1.2.18
i think you need this in your httpd.conf mod_jk related configuration
section:
JkOptions +FlushPackets
Rgds, Fred
Marcio Camurati wrote:
Hi everyone,
We have a application that run at the Tomcat container. This application
was made at the Tomcat 4.1 using the Mod_jk 1.2.12 with this configuration
the application run perfectly without any problem, at this days we want to
make an upgrade at the servers to use the new Mod_Jk 1.2.15 or 1.2.18, but
when we do this the application broken. The problem is that with this new
Mod_jk the Exceptions was never call for example at this code:
[code]
try
{
while (true)
{
out.println(Nonononononnoonnonono);
try
{
Thread.Sleep(1000);
} catch(Exception ex) {}
}
} catch(Exception ex) {
try {
BufferedWriter writer = new BufferedWriter(new
FileWriter(/srv/www/default/html/log/exception.txt));
writer.write(Eror !);
writer.close();
writer = null;
} catch (IOException ioe) {
ioe.printStackTrace();
}
}
[/code]
When the brownser is closed the server never create the file
(exception.txt) it will only create this file when the Tomcat is shuted
down, with the older version 1.2.12 or oldest the server always call this
exception beforer 1 or 2 seconds and create the file.
We open at the Bugzila a report of this problem
(http://issues.apache.org/bugzilla/show_bug.cgi?id=39290) but didn't have
any help to fix it.
Thanx.
Marcio Camurati
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/Problem-with-Mod_JK-1.2.15-and-1.2.18-tf2202971.html#a6103299
Sent from the Tomcat - User forum at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk log level and logging issues
Hi Rainer: Many thanks for your answers (and fast!). Why do you expect a 404 in case Tomcat is down? If the request matches mod_jk JkMount config, it should try to send to tomcat and the result would be some 50X? What I meant to say was that when previously you might have had a missing jsp/html and thus a 404, when tomcat is down it says 200 which means, according to the mod_jk.log, that it is working when in reality it is not :-) . Yes, I would expect 50x. thanks, Fred -- View this message in context: http://www.nabble.com/mod_jk-log-level-and-logging-issues-tf2075041.html#a5730282 Sent from the Tomcat - User forum at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mod_jk log level and logging issues
Hi: These following issues are observed with mod_jk 1.2.18 on Linux and Solaris 8 with apache 1.3.27 and 2.2.2 (4 combinations). issue 1: With mod_jk 1.2.15 i set my jk log level: JkLogFile logs/mod_jk.log #JkLogLevel info JkRequestLogFormat %w %V %U %s %T %B %H %m While switching to 1.2.18 I read in the fine manual that the default log level is info so I removed the directive, and.oh my ! the default is now debug :-) Not a big deal, but I do wonder a little bit if this is a problem in my build only. Does anyone get the same result ? Ref. http://tomcat.apache.org/connectors-doc/config/apache.html issue 2: When Tomcat is down I get the following mod_jk.log error mesg and JkRequestLog entry: . . . [Tue Aug 08 14:34:33 2006] [23653:] [error] ajp_service::jk_ajp_common.c (1794): Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. worker=myWorker failed [Tue Aug 08 14:34:33 2006] myWorker myserver.mydom.com /myapp/jsp/hello 200 0.000378 0 HTTP/1.1 GET . . . The JkRequestLog entry shows a http status 200 whereas the browser (apache httpd) reports properly 503. Also any url that would normally show a status of 404 show 200 when tomcat is down. This is a bit unexpected but it appears that 1.2.15 is doing the same. Hence a broken tomcat can actually make a log stat look very good :) Thanks, Fred -- View this message in context: http://www.nabble.com/mod_jk-log-level-and-logging-issues-tf2075041.html#a5714385 Sent from the Tomcat - User forum at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Connector Problems -
could it be that the loading of the module and the related configuration ?must? be outside of the virtualHost /VirtualHost section ? LoadModule jk_module modules/mod_jk.so kWorkersFile conf/workers.properties JkLogFile logs/mod_jk.log JkLogLevel debug -- View this message in context: http://www.nabble.com/Connector-Problems---tf2074658.html#a5714885 Sent from the Tomcat - User forum at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem compiling mod_jk 1.2.18 with Apache 1.3.27
Hi Rainer, Wonderful, many many thanks - your patch worked beautifully. I have no more errors with 1.3.27 on Solaris 8 nor Linux. (my apologies for the delay - I wasted time experimenting with the patch command on Solaris and Linux :-( I am opening another email thread about some strange behaviors in the logging. thanks again, Fred -- View this message in context: http://www.nabble.com/Problem-compiling-mod_jk-1.2.18-with-Apache-1.3.27-tf2054160.html#a5695848 Sent from the Tomcat - User forum at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: application specific log4j configuration
Hi Jan,
I believe you can put the log4j.properties into the
approot/WEB-INF/classes and the log4j-version.jar and
commons-logging.jar into the related WEB-INF/lib
see http://tomcat.apache.org/tomcat-5.5-doc/logging.html
I tested with the following sample properties for test = DEBUG will generate
lot of log.
log4j.appender.myapp1.File=${catalina.base}/logs/myapp1.log
log4j.appender.myapp1=org.apache.log4j.RollingFileAppender
log4j.appender.myapp1.MaxFileSize=10MB
log4j.appender.myapp1.MaxBackupIndex=10
log4j.appender.myapp1.layout=org.apache.log4j.PatternLayout
# Print the date in ISO 8601 format
log4j.appender.myapp1.layout.ConversionPattern=%d [%t] %-5p %c - %m%n
log4j.logger.org.apache=DEBUG, myapp1
It would be interesting to know if there is a way to get this to work
without copying the jars into the lib dir and also what a typical
log4j.properties should be to be helpful in a production environment.
Regards - Fred
--
View this message in context:
http://www.nabble.com/application-specific-log4j-configuration-tf2053682.html#a5658985
Sent from the Tomcat - User forum at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Problem compiling mod_jk 1.2.18 with Apache 1.3.27
Hi: I can succesfully compile mod_jk 1.2.18 against Apache 2.2.2 (configure --with-apxs and make), but when I compile against 1.3.27 and try to start apache I get the following error: Solaris 8: Syntax error on line 8 of /test/site/conf/apache-tomcat_jk.conf: Cannot load /test/apache_modules/mod_jk.so into server: ld.so.1: /test/apache/bin/httpd: fatal: relocation error: file /test/apache_modules/mod_jk.so: symbol ap_popenf_ex: referenced symbol not found Linux RHEL3: Syntax error on line 12 of /test/site/conf/apache-tomcat_jk.conf: Cannot load /test/apache_modules/mod_jk.so into server: /test/apache_modules/mod_jk.so: undefined symbol: ap_popenf_ex There were no configure/make/compilation errors or failures. As I am fairly novice to compilation, would someone have an idea or a way to get more clues? Is this a configuration/compilation issue - missing some CC or LFLAGS or is there an issue with the older apache 1.3.x and older gcc ? I am using the same gcc version as used for the original apache compilation (hoping to avoid such object linking errors :( All replies will be very much appreciated... Thanks Fred -- View this message in context: http://www.nabble.com/Problem-compiling-mod_jk-1.2.18-with-Apache-1.3.27-tf2054160.html#a5659683 Sent from the Tomcat - User forum at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
