Re: [PROPOSAL] Tomcat Webinar series
Hi, Very nice idea. one more suggestion for session: Hardening Tomcat to make it more secure. Regards SJ On Sat, Nov 14, 2015 at 3:57 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > Prashant, > > On 11/13/15 12:00 PM, prashant sharma wrote: > > You mentioned about Apachecon. > > Does it get recorded as well. > > It depends upon whether recordings are made (which usually requires a > sponsor beforehand to pay for it) and then are prepared for online > distribution. > > > If yes can you pls provide the link. > > Feathercast posted many recordings from ApacheCon NA 2015 and prior > years. Have a look at feathercast.apache.org. > > Here are the recordings for the Tomcat track for ApacheCon NA 2015: > http://feathercast.apache.org/?p=227 > > The feathercast site is a bit tough to navigate. I searched for "Tomcat" > and found the above, but wasn't able to find it otherwise. > > Hope that helps, > -chris > > > On 13 Nov 2015 16:47, "Johan Compagner" wrote: > > > >> On 12 November 2015 at 23:29, Mark Thomas wrote: > >> > >>> - HTTP/2 and Tomcat 9 > >> > >> > >> i am also interested in something for this, especially how we can > configure > >> it server side so that 1 request can send over a whole bunch of files at > >> onces (server pusht) > >> > >> > >> -- > >> Johan Compagner > >> Servoy > >> > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
java deserialization vulnerability for Tomcat 7/8
Hi, Would like to get your opinion on the java deserialization vulnerability issue for Tomcat. As Jboss seems to have been impacted with, is there a way to verify wether this vulnerability affects Tomcat as well? Regards SJ
Re: Tomcat threads dependency on net.core.somaxconn value on Linux
Thanks Christopher, it makes more sense now. On Fri, Apr 17, 2015 at 8:51 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Satish, > > On 4/17/15 7:20 AM, satish jupalli wrote: > > I would like to support a bust in traffic we are planning to > > increase the umber of threads by adding executor pool with > > misSpareThread to 100 and accept count to 5. However, I'm > > trying to understand the correlation between the tomcat connector > > acceptCount and ThreadCount to the Linux config > > net.core.somaxconn(number of incoming connections) which defaults > > to 128. > > The thread count isn't really a part of this discussion: only the > accept count and /proc/sys/net/core/somaxx > > > Does it makes sense to increase the thread count alone with out > > increasing net.core.somaxconn value? > > Probably not; Linux limits the accept queue using that value and will > not allow client code to exceed that limit. > > https://computing.llnl.gov/linux/slurm/high_throughput.html > > > Below is the config that we are planning to use on Tomcat 7.0.42 on > > Linux 5.x. > > (You should upgrade to 7.0.62 as soon as it feasible for you.) > > > > minSpareThreads="100" maxThreads="300"/> > > > > > connectionTimeout="2" redirectPort="8443" > > enableLookups="false" keepAliveTimeout="30" > > maxKeepAliveRequests="1" acceptCount="5" socketBuffer="10240" > > executor="tomcatThreadPool" compression="on" > > compressableMimeType="text/html, text/xml" xpoweredBy="false" > > server="false" /> > > > > Any inputs regarding the Tomcat threads and Linux > > net.core.somaxconn will be greatly appreciated to support many > > concurrent connections. > > If you use acceptCount="5", Tomcat will ask for that socket queue > size and simply won't get it. You should definitely raise the value of > somaxx on Linux. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJVMQG4AAoJEBzwKT+lPKRYFuMQAMMbBv7v5jOTHz302TMYNbMB > sc1qH9IuV7Z1DrqAOE+yN19xdzt+7cakNl5YWomHr/U3ePNianLeqY+27WYYUm9V > gTw/kHqBOUYfWttnlFzDCBidUDPw6m3TnhFq8Oia5UBdfPh4IQDR+zxF9FCkncUi > 51evAzsp4gzAOMjDUmxMQMCfYQML1l+VX56Za4RT4S6z2L6HCxyjeVYQSc2nsLnU > Y6G3X0ccomxszHhb5GuU82lldgKjw5BDubkp57/fxBajZ6QcWSU7sr+HlaoAUfLz > +p/PSJhyXDMxlKqGmGsBK8BMMsK5H26yup5LtpKkLDEJuUYSv5N1rsklmQCbUuXk > 0pBzFmVKQG2CRh2miutBC7Vr5l3AOP5ghV2uOOvuCBg+Sg8pzImase2m9Nw9Z1sh > XnLrrJq7a/nvd4C2jRT/y01AJNfv0qJG95RjBxoVdoQ629fjK05Z2MB7avL2Qzwq > 8JpcwhkfhVAWW87JVAIMPluILNuhCCg/LDQSVj4twdtGBy181E29yNSfmIRkq33j > 2Jc83/gLgNU+maM4RzXKWzFYpk8ccLMhHsbh8txqswK+rV8XDfQTLZzxy43IawCK > Nc1rBnWCVQOPMxjumfZWuZtdAy/HlSpw1otRVkXNVONOCLwMcAggLbjeO1TFJiJj > MArVB8ONarkbkDts2quG > =vSf+ > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Tomcat threads dependency on net.core.somaxconn value on Linux
Hi, I would like to support a bust in traffic we are planning to increase the umber of threads by adding executor pool with misSpareThread to 100 and accept count to 5. However, I'm trying to understand the correlation between the tomcat connector acceptCount and ThreadCount to the Linux config net.core.somaxconn(number of incoming connections) which defaults to 128. Does it makes sense to increase the thread count alone with out increasing net.core.somaxconn value? Below is the config that we are planning to use on Tomcat 7.0.42 on Linux 5.x. Any inputs regarding the Tomcat threads and Linux net.core.somaxconn will be greatly appreciated to support many concurrent connections. Regards Satish Jupalli
Re: Tomcat upgrades/security patching best practises
Thanks Mark. That helped a lot. On Mon, Feb 24, 2014 at 5:50 PM, Mark Thomas wrote: > On 24/02/2014 09:20, satish jupalli wrote: > > Hi, > > > > What are the best practices for upgrading the tomcat given the fact that > > they are no direct security patches available. > > > > Specially with the environments where there are large instances of Tomcat > > servers running it is challenging to upgrade these servers manually in > all > > the systems. > > > > Are there any best practices defined for doing this given the frequency > of > > security patches being applied on Tomcat (Leave alone JDK patches) > > Use a separate $CATALINA_HOME and $CATALINA_BASE. > > Upgrading should then be as simple as: > - modify the init.d script to point to the new $CATALINA_HOME (you can > safely use the new Tomcat version to stop the old one). > - stop the instance > - start the instance > > You can use rsync to have multiple servers all pick up the new > CATALINA_HOME (note you don't want to replace the old one with the new > one, you need to have multiple CATALINA_HOMEs alongside each another). > > You could even use rsync to update the init.d script. > > You could probably go further still with the automation and have it > handle the restart too but how best to do that for your environment (if > indeed it even makes sense to go further) is going to vary from > installation to installation. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Tomcat upgrades/security patching best practises
Hi, What are the best practices for upgrading the tomcat given the fact that they are no direct security patches available. Specially with the environments where there are large instances of Tomcat servers running it is challenging to upgrade these servers manually in all the systems. Are there any best practices defined for doing this given the frequency of security patches being applied on Tomcat (Leave alone JDK patches) Regards Satish J
