subject:"Please help..."

Hi ,

I am using tomcat version 8.5.32

I made the below entry  in Server.xml

'
When I tried to login, https://webapxt03.rta:8443, the log file 
catalina.2018-08-02.log recorded as below 

CATALINA.OUT has got entries as below

02-Aug-2018 14:04:24.926 SEVERE [main] 
org.apache.catalina.core.StandardService.initInternal Failed to initialize 
connector [Connector[HTTP/1.1-8443]]
 org.apache.catalina.LifecycleException: Failed to initialize component 
[Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
Caused by: org.apache.catalina.LifecycleException: Protocol handler 
initialization failed
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
... 12 more
Caused by: java.net.BindException: Address already in use
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Net.java:444)
at sun.nio.ch.Net.bind(Net.java:436)
at 
sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:210)
at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086)
at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
at 
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
... 13 more

I used SSL/TLS Configuration HOW-TO of Apache Tomcat 7 document

>>> Christopher Schultz  8/2/2018 12:44 PM >>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Venkataraman,

On 8/2/18 12:14 PM, Venkataraman Srinivasan wrote:
> Chris,
> 
> Thanks for your reply.  I will implement your recommendations in my
> next iterations.
> 
> Currently I did as below.
> 
> I copied the keystore file as /home/apexadmin/.keystore
> 
> and made below entry in server.xml

What version of Tomcat are you using? Which part of the user guide are
you reading? I just want to make sure you are following the right
guide for the right version.

>  protocol="org.apache.coyote.http11.Http11NioProtocol" 
> maxThreads="200" redirectPort="8443" scheme="https" >  certificateFile="/home/apexadmin/.keystore" keystorePass="x"
> type="RSA" clientAuth="false" SSLEnabled="true" sslProtocol="TLS"
>> 
>  

You will need to set a few more attributes on the :

   SSLEnabled="true"
   secure="true"

The next part depends upon your Tomcat version.

> Opened the port 8443 and recycled tomcat.

The  defined above is listening on port 8080. That is
unusual; most people would expect port 8080 to be a plaintext HTTP
port, while port 8443 would be the non-privileged HTTPS port.

Especially for testing, consider leaving the  for port 8080
as it was originally defined (without HTTPS) and configure a second
 for HTTPS on port 8443.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org 
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ 

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltjNNYACgkQHPApP6U8
pFi2UQ//SPU5itX1zh/lV/ICZYTOwiSSeF8EQfxWK1bZ9jCx3Pk44AMBRMRQqjl2
HMKRH/LsSMQp5iwtVBFKbjZyjG8btNMnmREUjFkMJHoFUh1IK0WVqybpeUSnl2BH
+TdS6Z9twZd5q9/UybsJZScdgfV9IFECAM9xmG21ty92+xBqkbeSPUc62gf/A783
4P6yAYLIM3ctMHIzjwTJQ78vxTxLjsfrXvQaIC/dGefrKM6dcpxklQ/me4JNp6Lu
GajNkuEhm20u8P172rVFdqr4NgdGlLd6UP3XXeRl1BNnCvvAI9B/HsYQ1ZOZ1pDe
Zh3Jjamdx8neCBoZBCB7Pg/BmyuJ3RQRkA2w4APIMxoY7Bw0aYT2JpZdQqUaLFN+
Omzqf4pjpyFfRYlyhsTmbFviqbaIT4+XJ+SZPt4TYUuqawGp7vRJOTaQwfyJfJq+
he0XNEJWNGOzPjcdyuoJevjLONM0h7fenTAfZUUTkzmLxkMoRMSO9sIkQy46f4Z7
vG7x3MdSvrJKgWEbUSKjsCvtuYfCATf7bPk+1KJQUTMiSmk/E8OVq6q9BrcOVl1Z

Re: Please help me in enabling SSL certificate

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

James,

On 8/2/18 12:17 PM, James H. H. Lampert wrote:
> On 8/2/18, 9:05 AM, Venkataraman Srinivasan wrote:
>> I used below command to create certificate locally.
>> 
>> $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
>> -keystore /opt/tomcat/apache-tomcat-8.5.32/keystore
> 
> Ok. Probably the first thing you need to do is set up your
> connector to use that keystore.

Thanks for your reply, James. I'm going to make a few adjustments to
help newcomers as well as you use the correct terminology in a few place
s.

> If it's a Java Keystore, then presumably you will be using the 
> native/JSSE connector; the other one is for OpenSSL.
Java actually supports a handful of keystore types. Common ones are
JKS (the default up until Java 9, which is Java-specific), JCEKS
(which is still Java-specific and somehow "more secure" but I don't
understand how) and PKCS12, which is an industry-standard. OpenSSL can
use PKCS12 keystores, but usually people use PEM-encoded DER files
(the things that are a bunch of letters and numbers beginning with
either "BEGIN PRIVATE KEY" or "BEGIN CERTIFICATE".

> And there are plenty of web resources explaining that process in 
> detail. This is the one I keep bookmarked for reference:> 
> http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

This is a good one, but things have changed a bit for configuration
for later versions of Tomcat. Tomcat 8.5 and later specifically have
to have a different kind of configuration for SSL/TLS certificates,
because of the use of Server Name Indication (SNI) to determine which
certificate to show to the client when making a connection.

Remember that the TLS handshake happens before the HTTP headers
(including the "Host" header) can be delivered, and the server can
host certificates for multiple domain names. SNI allows the TLS
handshake to tell the server which hostname it intends to reach once
the TLS handshake has completed and the HTTP conversation begins.

> Once you have the connector working, if you want your server to be 
> trusted by strangers, then you need to get that keystore signed.

Technically, it's the certificate that gets signed, not the keystore.

> Using Keytool (or some other utility, like KeyStore Explorer on a 
> Macintosh), you need to generate a Certificate Signing Request for
> your keystore.
> 
> You would then choose a Certificate Authority, and buy a
> certificate. At some point in the process, you will be asked to
> upload the CSR. You might also be asked to provide some sort of
> proof that you have control over the domain.
> 
> Once the certificate is issued, you would then import the reply

Which is a certificate itself. It's actually YOUR certificate, plus a
signature that proves the CA signed it.

> along with one or more supporting certificates (collectively, a 
> "certificate chain") into your keystore, again using either
> Keytool or some more user-friendly utility, and then plug the
> signed keystore into your server. The Certificate Authority, if
> it's a major one, will probably have detailed instructions specific
> to Tomcat.

They might. But there are a lot of options, so not every guide will be
straightforward to use.

If the Tomcat documentation can't help get things going, it needs to
be updated.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltjN1UACgkQHPApP6U8
pFg/XBAAhZQVTigfwjAxoEVEl+gj8Y1vUYY6qb9YwZVogovWWeBw1udV+iN0LhBx
bY+uol18XWzYKQ62OUn0nqOfYGrjcOJTCVWqz7HFNWTtOczmFUmFXsQZN76mOUx1
ynF97carzh74N6kQwP81JYVxZcqMtTwMln+hhSqJ2QtBJ1I8TmXn222QLGA3rT61
U4t1xjbkD+YU4+W4zhA5Z/gfMEBby5zi6YJOq5NHUnPsypypxIUSdIJ0l9T/qWu8
xcCCLtxtg3rqVjn4vi4Lo8/+YIm6IVohU39aOMNnVSjW19FGIKL5zFgWsFV2xy6w
r856GV0+WRDZDikwJegxUaKwt5gwBo5+sop75HMebRx67xazEFsXH3rlmCwloATK
ajv+GUIgWhUcHdhrMbr0DhKynaBSCkM7RUgeWl9CnjZ9L8Ejs2iO7dKu8qzT5/9C
FtFZcoesnST/atEGcZWE5CP9w10HkBactxsg/9juLBHdmGBnOKL547bAdv2xi1XN
3d4OVAj/pfW6GH0gJUrz0Eou7LIQE50niPQszxyqGixK3e7h7fDrKlpRNAQ6cpre
C0jNDYgWsKG7i7XNpuxxdnwpYSm18y3uMQ+BYRW4pNXUqRGWGmjFYponSAtuP9hI
hrHDvAsYdVR7fs+f7Nwn+cjSYxQ7hq0bNAwFrgVc5aLxdpewu/k=
=YXie
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help me in enabling SSL certificate

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Venkataraman,

On 8/2/18 12:14 PM, Venkataraman Srinivasan wrote:
> Chris,
> 
> Thanks for your reply.  I will implement your recommendations in my
> next iterations.
> 
> Currently I did as below.
> 
> I copied the keystore file as /home/apexadmin/.keystore
> 
> and made below entry in server.xml

What version of Tomcat are you using? Which part of the user guide are
you reading? I just want to make sure you are following the right
guide for the right version.

>  protocol="org.apache.coyote.http11.Http11NioProtocol" 
> maxThreads="200" redirectPort="8443" scheme="https" >  certificateFile="/home/apexadmin/.keystore" keystorePass="changeit"
> type="RSA" clientAuth="false" SSLEnabled="true" sslProtocol="TLS"
>> 
>  

You will need to set a few more attributes on the :

   SSLEnabled="true"
   secure="true"

The next part depends upon your Tomcat version.

> Opened the port 8443 and recycled tomcat.

The  defined above is listening on port 8080. That is
unusual; most people would expect port 8080 to be a plaintext HTTP
port, while port 8443 would be the non-privileged HTTPS port.

Especially for testing, consider leaving the  for port 8080
as it was originally defined (without HTTPS) and configure a second
 for HTTPS on port 8443.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltjNNYACgkQHPApP6U8
pFi2UQ//SPU5itX1zh/lV/ICZYTOwiSSeF8EQfxWK1bZ9jCx3Pk44AMBRMRQqjl2
HMKRH/LsSMQp5iwtVBFKbjZyjG8btNMnmREUjFkMJHoFUh1IK0WVqybpeUSnl2BH
+TdS6Z9twZd5q9/UybsJZScdgfV9IFECAM9xmG21ty92+xBqkbeSPUc62gf/A783
4P6yAYLIM3ctMHIzjwTJQ78vxTxLjsfrXvQaIC/dGefrKM6dcpxklQ/me4JNp6Lu
GajNkuEhm20u8P172rVFdqr4NgdGlLd6UP3XXeRl1BNnCvvAI9B/HsYQ1ZOZ1pDe
Zh3Jjamdx8neCBoZBCB7Pg/BmyuJ3RQRkA2w4APIMxoY7Bw0aYT2JpZdQqUaLFN+
Omzqf4pjpyFfRYlyhsTmbFviqbaIT4+XJ+SZPt4TYUuqawGp7vRJOTaQwfyJfJq+
he0XNEJWNGOzPjcdyuoJevjLONM0h7fenTAfZUUTkzmLxkMoRMSO9sIkQy46f4Z7
vG7x3MdSvrJKgWEbUSKjsCvtuYfCATf7bPk+1KJQUTMiSmk/E8OVq6q9BrcOVl1Z
NXWPHOT3rN0JBtBbZNzmBPz3yYywy5zKD6FTeBwbQDn2Z+KInfMOT7+40954PUXI
j4b4vEL1H0hunoV9hRKUHpeQbLOumITocQ6Wzd9vmo6qA1tys2U=
=lTPy
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help me in enabling SSL certificate

2018-08-02 Thread James H. H. Lampert


On 8/2/18, 9:05 AM, Venkataraman Srinivasan wrote:

I used below command to create certificate locally.

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore 
/opt/tomcat/apache-tomcat-8.5.32/keystore


Ok. Probably the first thing you need to do is set up your connector to 
use that keystore. If it's a Java Keystore, then presumably you will be 
using the native/JSSE connector; the other one is for OpenSSL. And there 
are plenty of web resources explaining that process in detail. This is 
the one I keep bookmarked for reference:


http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

Once you have the connector working, if you want your server to be 
trusted by strangers, then you need to get that keystore signed.


Using Keytool (or some other utility, like KeyStore Explorer on a 
Macintosh), you need to generate a Certificate Signing Request for your 
keystore.


You would then choose a Certificate Authority, and buy a certificate. At 
some point in the process, you will be asked to upload the CSR. You 
might also be asked to provide some sort of proof that you have control 
over the domain.


Once the certificate is issued, you would then import the reply, along 
with one or more supporting certificates (collectively, a "certificate 
chain") into your keystore, again using either Keytool or some more 
user-friendly utility, and then plug the signed keystore into your 
server. The Certificate Authority, if it's a major one, will probably 
have detailed instructions specific to Tomcat.


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help me in enabling SSL certificate

Chris,

Thanks for your reply.  I will implement your recommendations in my next 
iterations.

Currently I did as below.

I copied the keystore file as /home/apexadmin/.keystore

and made below entry in server.xml

Opened the port 8443 and recycled tomcat.

But no use

Thanks
Venkat

>>> Christopher Schultz  8/2/2018 12:09 PM >>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Venkataraman,

On 8/2/18 12:05 PM, Venkataraman Srinivasan wrote:
> I used below command to create certificate locally.
> 
> $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore 
> /opt/tomcat/apache-tomcat-8.5.32/keystore
Okay, so you have a self-signed certificate.

Have you tried anything to configure Tomcat for TLS/SSL? If so, what?

If you haven't tried anything, yet, have you read any documentation on
the Tomcat site for how to configure TLS?

(BTW, you probably have a certificate that doesn't last as long as you
might think, and the key might not have as many bits as you might
like. Consider inspecting the certificate and key to see the details
and decide if it meets your needs. Personally, I always use RSA keys
of at least 4096-bits and use SHA256 signatures on the certificates.
The validity period is up to you. You might also consider using an EC
key+certificate, since the same "strength" key+cert can be processed
with less CPU time than an equivalent RSA key.)

- -chris

>>>> Christopher Schultz  8/2/2018
>>>> 12:03 PM >>>
> Venkataraman,
> 
> On 8/2/18 12:00 PM, Venkataraman Srinivasan wrote:
>> Please help me in enabling SSL certificate in Tomcat Apache 
>> servers.
> 
> Do you already have a certificate signed by a CA?
> 
> What have you already tried?
> 
> -chris
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 
> For additional commands, e-mail: users-h...@tomcat.apache.org 
> 
> 
> --
> 
> This email has been scanned for spam and viruses. Visit the
> following link to report this email as spam: 
> https://attseg.cloud-protect.net/index01.php?mod_id=11_option=logi 
tem_id=1533225806-BgkdviBw265M_address=venkataraman.srinivasan%40
gcrta.org=1
>
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 
> For additional commands, e-mail: users-h...@tomcat.apache.org 
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org 
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ 

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltjLMIACgkQHPApP6U8
pFhsww/+OYuxpSdXU+twUKitl7UP6njGDFZdB3y6r0MEmv8Y5lzKeZRXr+VAru3r
RDv1kBg6v2ohaAR2+kjZ7xxueIDauaHcvnOCgnrFYq84ZI4vQgWKosaCc78OTv9e
H9jSE6wA29jwvgijSIDn5X3aAHugXVbBD6gKkZcFCOsi7MLmiZGljTie6qe1r+s7
mSF2lRy09TsiQX3c86wEV+Lp0280eRufDvphuu6Kto+AzNy8f4AHSXZ0smHQ8QB4
QM8vm23YXAOwnnbeljWsSdvN0KpjjzedHGzgZqhTKnu+vBiYxBp7+bJ5x9Lld8iS
YaYTFQtOFvG3jcQwptGN2X1e0fPdALOxWblRaIFZNq4U1WwIiOEcrgCTQNnsTOxM
IfEfMYugik7o7l2SwZZV5tqT+H++GehzBvHdXk0r40q+EBaioyws58DvB1/7FSb7
Vk4oKNjfDT5Hq04KMRtXlX7TB940OQuy7ckRF4bB8yUKQai0xqXANIfEQLpCHU6q
xuBM/5UOXjC7/KsEKgwFaLh7LeCLvl/6GLXpf9P3Wtg4Ahb57k61BhU2YsEZVop5
oX+Uf233f2IdUrEOq5/Kj302LP9DGcPZzjX2rWI7CpPEgOahTFpKxvJc4EoqZYah
WpWWL/m9yv57emaBeoxZtZJEfoHz/P8d/kd+x0e6jGq9Tl6yOKg=
=tj+4
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 
For additional commands, e-mail: users-h...@tomcat.apache.org 

--

This email has been scanned for spam and viruses. Visit the following link to 
report this email as spam:
https://attseg.cloud-protect.net/index01.php?mod_id=11_option=logitem_id=1533226184-8zaWI97tys-m_address=venkataraman.srinivasan%40gcrta.org=1

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help me in enabling SSL certificate

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Venkataraman,

On 8/2/18 12:05 PM, Venkataraman Srinivasan wrote:
> I used below command to create certificate locally.
> 
> $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore 
> /opt/tomcat/apache-tomcat-8.5.32/keystore
Okay, so you have a self-signed certificate.

Have you tried anything to configure Tomcat for TLS/SSL? If so, what?

If you haven't tried anything, yet, have you read any documentation on
the Tomcat site for how to configure TLS?

(BTW, you probably have a certificate that doesn't last as long as you
might think, and the key might not have as many bits as you might
like. Consider inspecting the certificate and key to see the details
and decide if it meets your needs. Personally, I always use RSA keys
of at least 4096-bits and use SHA256 signatures on the certificates.
The validity period is up to you. You might also consider using an EC
key+certificate, since the same "strength" key+cert can be processed
with less CPU time than an equivalent RSA key.)

- -chris

>>>> Christopher Schultz  8/2/2018
>>>> 12:03 PM >>>
> Venkataraman,
> 
> On 8/2/18 12:00 PM, Venkataraman Srinivasan wrote:
>> Please help me in enabling SSL certificate in Tomcat Apache 
>> servers.
> 
> Do you already have a certificate signed by a CA?
> 
> What have you already tried?
> 
> -chris
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> --
> 
> This email has been scanned for spam and viruses. Visit the
> following link to report this email as spam: 
> https://attseg.cloud-protect.net/index01.php?mod_id=11_option=logi
tem_id=1533225806-BgkdviBw265M_address=venkataraman.srinivasan%40
gcrta.org=1
>
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltjLMIACgkQHPApP6U8
pFhsww/+OYuxpSdXU+twUKitl7UP6njGDFZdB3y6r0MEmv8Y5lzKeZRXr+VAru3r
RDv1kBg6v2ohaAR2+kjZ7xxueIDauaHcvnOCgnrFYq84ZI4vQgWKosaCc78OTv9e
H9jSE6wA29jwvgijSIDn5X3aAHugXVbBD6gKkZcFCOsi7MLmiZGljTie6qe1r+s7
mSF2lRy09TsiQX3c86wEV+Lp0280eRufDvphuu6Kto+AzNy8f4AHSXZ0smHQ8QB4
QM8vm23YXAOwnnbeljWsSdvN0KpjjzedHGzgZqhTKnu+vBiYxBp7+bJ5x9Lld8iS
YaYTFQtOFvG3jcQwptGN2X1e0fPdALOxWblRaIFZNq4U1WwIiOEcrgCTQNnsTOxM
IfEfMYugik7o7l2SwZZV5tqT+H++GehzBvHdXk0r40q+EBaioyws58DvB1/7FSb7
Vk4oKNjfDT5Hq04KMRtXlX7TB940OQuy7ckRF4bB8yUKQai0xqXANIfEQLpCHU6q
xuBM/5UOXjC7/KsEKgwFaLh7LeCLvl/6GLXpf9P3Wtg4Ahb57k61BhU2YsEZVop5
oX+Uf233f2IdUrEOq5/Kj302LP9DGcPZzjX2rWI7CpPEgOahTFpKxvJc4EoqZYah
WpWWL/m9yv57emaBeoxZtZJEfoHz/P8d/kd+x0e6jGq9Tl6yOKg=
=tj+4
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help me in enabling SSL certificate

I used below command to create certificate locally.

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore 
/opt/tomcat/apache-tomcat-8.5.32/keystore


Thanks
Venkat



>>> Christopher Schultz  8/2/2018 12:03 PM >>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Venkataraman,

On 8/2/18 12:00 PM, Venkataraman Srinivasan wrote:
> Please help me in enabling SSL certificate in Tomcat Apache
> servers.

Do you already have a certificate signed by a CA?

What have you already tried?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org 
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ 

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltjK0kACgkQHPApP6U8
pFgipg//f2c+/duHWneEVxOwKDXJqCVT4pAIZLyAeLuqvG6nY1rYDoyhRaSftAIZ
FTe3WAa8UZRWr2Ky6s234P1EpPJPWtMia7/++/n8/pranCIb6YVlbGm3SuPfncO/
VXtC0CEF0o3yTrnYLS4YTvMQUwlr0C3iqhtW2zDg/fgGdumC6PlYaw7+Qj6Jsc9k
N6Tir53YMyy1hVZu8wQxQ2c+HibQLWwY6YkgdloBqS3CLqBB4WS1NYXSVqqTH8cE
5KgHtDN8kja3T5OzcKCm/59wK/o03g7cLkit7S3mHn5pTkJ1p90HP0I2QzyEPUuN
yCw4liMOX/x2F3XBgfDangH4qABkWwpT5wsAPeJqu9drsE5CLd0ZEs2wz3BHyOzn
XlHKny6R5VBroriaTNmvXav0aY9f+QXOuhWWzDF5UTWPyqcNO/nzDwAdxy4jlykk
u4Yw07y3Yx/lUr6wuGi7gGEM8MdgQlOSfzv/rI2glL5n3hEr9WMr7yuTkM4wvyfp
feARNzAvBTInu++Bb8kB4r/KxJbx/4doCXlOxfR78PxuIP43nklMcwYxBt+suAEP
YU7fqPCVKmY1Urta1z/sBC5HwIFxfA8qa7LyZoOXi42kaULeBR2dydQM8cKoDlh8
BpXPbEbnEUyBMMuSNJtu1c1va7GdbZRJhz6S4LtxcDSYNEYWjJo=
=SLOV
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 
For additional commands, e-mail: users-h...@tomcat.apache.org 


--

This email has been scanned for spam and viruses. Visit the following link to 
report this email as spam:
https://attseg.cloud-protect.net/index01.php?mod_id=11_option=logitem_id=1533225806-BgkdviBw265M_address=venkataraman.srinivasan%40gcrta.org=1


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help me in enabling SSL certificate

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Andrea,

On 8/2/18 12:03 PM, Andrea Freire wrote:
> You hace to install the native conector

Your statement is false: the native connector is NOT required to
install a TLS certificate in Tomcat.

- -chris

>  From: Venkataraman Srinivasan
>  Sent: Thursday, August 2, 2018
> 11:00:11 AM To: users@tomcat.apache.org Subject: Please help me in
> enabling SSL certificate
> 
> Hi,
> 
> Please help me in enabling SSL certificate in Tomcat Apache
> servers.
> 
> Thanks
> 
> 
> 
> 
> 
> Venkataraman Srinivasan Database Administrator Greater Cleveland
> RTA Desk phone 1-216-356-3028 
> venkataraman.sriniva...@grcta.org<mailto:venkataraman.srinivasan@grcta
.org>
>
> 
[X]
> 
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltjK38ACgkQHPApP6U8
pFj/IhAAnHQHp2wghMHDVLkr3MjZDcmmo6tSWTbNs1DR1Qa6VmvIR27Zbr8c5oQ8
fBJ5MMVzuH62t6kjXjnD+9oJo+fHLCDnDnyeIK2B8Q46kULEiJUIFiU+Ck1L8zsh
eLFWPca2h97QfBkTMC7zgrB+S4Sc76dxC9IQ0w8z5ERT2Gg9+d7uQRyfB4liA6rN
SEU42PKCdf9tCb9xCVXx8el0ykr3LD+LIXVCdbhNNrRVIZcPuN5W4y89apQds5UC
5iW83yNvLrUkCbWyiJ47/ZV4r74CJrQUBOX1BTujaaSE08J+gTkfwfW57a6Bf1cC
iRjZRm1jYPrZD9G2kocfWKl6PWQwgNv/hG3CczApcs4DioCwH4Cmq3k1tS2/n3aq
advQ3PN0jIV8MS3T5i4eZWnTzA52qBp1lxblFFmWfL6D2sE/a3i+/ckjhkrheSmR
3YF/Rk3NULN3OXEUGbqxD926O+r6sUDg28LDU8PstRB4Sz9l71jNtcushJlZuHkT
B80ovEihiEn/e64iG16s7DGIq/D5UULymwZaL1BjSOCjIfi2dSndfulpYbI9fwe4
cF9tQiZ2Nvh9LnibpudhYFPw/hkSUpaMjf9TjGDrvydnNDNqHwyd9ZBrYxZ4YzbN
BWrJhufcqx5mmIE/Q6vHFzrL7fggt6CTKLJyx0Re3u5xgDPd9uc=
=tZos
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help me in enabling SSL certificate

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Venkataraman,

On 8/2/18 12:00 PM, Venkataraman Srinivasan wrote:
> Please help me in enabling SSL certificate in Tomcat Apache
> servers.

Do you already have a certificate signed by a CA?

What have you already tried?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltjK0kACgkQHPApP6U8
pFgipg//f2c+/duHWneEVxOwKDXJqCVT4pAIZLyAeLuqvG6nY1rYDoyhRaSftAIZ
FTe3WAa8UZRWr2Ky6s234P1EpPJPWtMia7/++/n8/pranCIb6YVlbGm3SuPfncO/
VXtC0CEF0o3yTrnYLS4YTvMQUwlr0C3iqhtW2zDg/fgGdumC6PlYaw7+Qj6Jsc9k
N6Tir53YMyy1hVZu8wQxQ2c+HibQLWwY6YkgdloBqS3CLqBB4WS1NYXSVqqTH8cE
5KgHtDN8kja3T5OzcKCm/59wK/o03g7cLkit7S3mHn5pTkJ1p90HP0I2QzyEPUuN
yCw4liMOX/x2F3XBgfDangH4qABkWwpT5wsAPeJqu9drsE5CLd0ZEs2wz3BHyOzn
XlHKny6R5VBroriaTNmvXav0aY9f+QXOuhWWzDF5UTWPyqcNO/nzDwAdxy4jlykk
u4Yw07y3Yx/lUr6wuGi7gGEM8MdgQlOSfzv/rI2glL5n3hEr9WMr7yuTkM4wvyfp
feARNzAvBTInu++Bb8kB4r/KxJbx/4doCXlOxfR78PxuIP43nklMcwYxBt+suAEP
YU7fqPCVKmY1Urta1z/sBC5HwIFxfA8qa7LyZoOXi42kaULeBR2dydQM8cKoDlh8
BpXPbEbnEUyBMMuSNJtu1c1va7GdbZRJhz6S4LtxcDSYNEYWjJo=
=SLOV
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help me in enabling SSL certificate

2018-08-02 Thread Andrea Freire

You hace to install the native conector

Obtener Outlook para Android<https://aka.ms/ghei36>


From: Venkataraman Srinivasan 
Sent: Thursday, August 2, 2018 11:00:11 AM
To: users@tomcat.apache.org
Subject: Please help me in enabling SSL certificate

Hi,

Please help me in enabling SSL certificate in Tomcat Apache servers.

Thanks





Venkataraman Srinivasan
Database Administrator
Greater Cleveland RTA
Desk phone 1-216-356-3028
venkataraman.sriniva...@grcta.org<mailto:venkataraman.sriniva...@grcta.org>
[X]

Please help me in enabling SSL certificate

Hi,
 
Please help me in enabling SSL certificate in Tomcat Apache servers.
 
Thanks
 

 


Venkataraman Srinivasan
Database Administrator
Greater Cleveland RTA
Desk phone 1-216-356-3028
venkataraman.sriniva...@grcta.org 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting the Manager app running on localhost.. Please help

2018-07-13 Thread Désilets , Alain

Thx everyone for the great replies.

I decided to take Konstantin Kolinko's advice and start a new installation from 
scratch using tomcat-8.5.32.

I have had some success, but still can't deploy WARS.

Here is what I did:

== Step 1: Installing Tomcat per se ==
I used the instructions on this page:

https://wolfpaulus.com/mac/tomcat/

* Download the zip file and unzip it on your HD under 
/usr/local/apache-tomcat-N.N.N (where N.N.N is the version number).
** Note: In the rest of this document, that directory will be referred to 
[CATALINA_HOME].
* Create a symlink /Library/Tomcat to make managing future versions easier:
sudo rm -f /Library/Tomcat
sudo ln -s [CATALINA_HOME] /Library/Tomcat
* Change ownership of /Library/Tomcat
sudo chown -R  /Library/Tomcat
* Make all scripts executable
sudo chmod +x /Library/Tomcat/bin/*.sh
* Now, I can start/stop tomcat as follows:
/Library/Tomcat/bin/startup.sh
/Library/Tomcat/bin/shutdown.sh
** IMPORTANT: DON’T RUN THOSE SCRIPTS WITH SUDO!!! 
 Especially ‘startup.sh’, as this will end up creating a bunch of temporay 
dirs and files that will be owned by ROOT, and cannot be written unless you 
start Tomcat as ROOT.
* Test the installation by:
** Starting Tomcat with startup.sh
** Pointing my browser at http://localhost:8080/.
** I see the Tomcat home page no problem

== Step 2: Configuring the Tomcat Manager Apps ==

* Edit the file /Library/Tomcat/conf/tomcat-users.xml, and add the following 
lines inside the  tag pair:





* Shutdown and re-start Tomcat
* At this point, I can click on any of the following buttons: 'Server Status', 
'Manager' App, 'Host Manager' and once I enter the user and passwords I 
specified in , I get to see the corresponding page.
** On 'Manager App', I was able to start, stop, re-deploy EXISTING apps.
** BUT
*** When I tried to deploy a new WAR file, I got:

This site can’t be reached
The connection was reset.
Try:

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_RESET

After a bit of reading, it seems that this is because the WAR file I was 
deploying was larger than the maximum size allowed. I fixed that by editing 
/Library/Tomcat/webapps/manager/WEB-INF/web.xml, and changing the size in the 
following tags:


5000 
5000 
0


And now, all seem to work fine.

Again, thanks to everyone who pitched in with some advice. It was really 
helpful.

Alain

RE: Getting the Manager app running on localhost.. Please help

2018-07-12 Thread Caldarale, Charles R

> From: Hassan Schroeder [mailto:hassan.schroe...@gmail.com] 
> Subject: Re: Getting the Manager app running on localhost.. Please help

> FYI, I'm on MacOS (Sierra 10.12.6). I just now

> 1) installed apache-tomcat-8.5.32
> 2) added these two lines to tomcat-users.xml
>
>   
>   

Note that such an addition must be done outside of the sample role/user
elements, since they are commented out.  A common error is failing to remove
or otherwise avoid the comment markers.

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

Re: Getting the Manager app running on localhost.. Please help

2018-07-12 Thread Hassan Schroeder

On Thu, Jul 12, 2018 at 7:58 AM, Désilets, Alain
 wrote:
> I have been trying to get my local Tomcat installation to allow me to deploy 
> apps from the local machine and nothing I do seems to help.

FYI, I'm on MacOS (Sierra 10.12.6). I just now

1) installed apache-tomcat-8.5.32
2) added these two lines to tomcat-users.xml

  
  

3) started tomcat (`bin/catalina.sh run`)
4) open browser to http://localhost:8080/manager/html
5) supplied above credentials
6) uploaded a war file which deployed correctly

I'm not sure why you created a context file, but it seems extraneous...

FWIW,
-- 
Hassan Schroeder  hassan.schroe...@gmail.com
twitter: @hassan
Consulting Availability : Silicon Valley or remote

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting the Manager app running on localhost.. Please help

2018-07-12 Thread Chuan Ong



To use host-manager you need admin-gui as the role.

> On Jul 12, 2018, at 11:08 AM, Désilets, Alain  
> wrote:
> 
> Thx for the reply.
> 
>> have you enabled all user roles with passwords? in 
>> CATALINA_HOME/conf/tomcat-users.xml file? 
>> Also, don't forget to change
>> the passwords noted as "" with something "interesting".
> 
> Yes. As I mentioned in the first email of this thread, I have a file 
> [CATALINA_HOME]/conf/tomcat-users.xml with the following content:
> 
>   
>   
>   
>roles="manager,manager-script,manager-gui"/>
> 
>>   By default, it can only run on localhost, and it's configured to listen to
>>   127.0.0.1 via the valve. If you uncomment the user role part and change the
>>   password, you should be able to log in. i was able to start it by doing
>>   above.
> 
> As I mentioned in the first email, when I tried it first with the above 
> tomcat-users.xml file and no manager.xml file, it didn't work. Server Status 
> worked, Manager opened the page but couldn't deploy a war file, and Host 
> Manager gave me 403. This happened whether I accessed the site as 
> http://localhost:8080 or http://127.0.0.1:8080. 
> 
> So for some reason or other, the default behaviour doesn't seem to work for 
> me.
> 
> Note that I am using OSX. 
> 
> Could this be due to some sort of proxy issue?
> 
> Thx again.
> 
> Alain
> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting the Manager app running on localhost.. Please help

2018-07-12 Thread Konstantin Kolinko

2018-07-12 18:24 GMT+03:00 Désilets, Alain :
>> Where 132.246.129.58 is my IP address. Note that I tried also with 
>> “132.0.0.0” and with “^.*$” to no avail.
>
> I should be more precise…
>
> When I try with “^.*$”, I get same behavior as when I didn’t have a 
> manager.xml file, ie:
>
>   *   Server Status: works
>   *   Manager: opens page but deploying war causes ‘This site can’t be 
> reached’
>   *   Host Manager: ‘403 Access Denied’
>
> And by “132.0.0.0.”, I actually meant “127.0.0.1”. When I try that from 
> ‘localhost:8080’, all buttons result in ‘403 Access Denied’. But when I 
> access the buttons from “127.0.0.1:8080”, I get the same behavior as above

See
https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics#Common_Troubleshooting_Scenario

"localhost" name never resolves to "132."something.


> /usr/local/apache-tomcat-8.5.4/bin

Why 8.5.4??? Why not the current release (8.5.32)?

See
http://tomcat.apache.org/security-8.html


> sudo sh startup.sh;

Do not run Tomcat as root!

See
http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html

Delete all temporary files (in the logs, temp and work directories of
Tomcat) that might now be owned by root and not writable by a regular
user and start over. Note that deploying / undeploying a web
application via Manager requires write access to the webapps, work and
maybe conf directories for the user running Tomcat java process.

>   
>   
 >  
 >  

The Manager app in Tomcat 8.5 does not use the "manager" role.  The
last time it was used was Tomcat 6. Are you sure that you are
following a correct manual?

The "manager-script" role should be used by automated scripts only.
Granting "manager-script" and "manager-gui" to the same user means
that CSRF protection (in the Manager web application) for that user
will be ineffective.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting the Manager app running on localhost.. Please help

2018-07-12 Thread Désilets , Alain

Thx for the reply.

> have you enabled all user roles with passwords? in 
> CATALINA_HOME/conf/tomcat-users.xml file? 
> Also, don't forget to change
>  the passwords noted as "" with something "interesting".

Yes. As I mentioned in the first email of this thread, I have a file 
[CATALINA_HOME]/conf/tomcat-users.xml with the following content:

   
   
   
   

>By default, it can only run on localhost, and it's configured to listen to
>127.0.0.1 via the valve. If you uncomment the user role part and change the
>password, you should be able to log in. i was able to start it by doing
>above.

As I mentioned in the first email, when I tried it first with the above 
tomcat-users.xml file and no manager.xml file, it didn't work. Server Status 
worked, Manager opened the page but couldn't deploy a war file, and Host 
Manager gave me 403. This happened whether I accessed the site as 
http://localhost:8080 or http://127.0.0.1:8080. 

So for some reason or other, the default behaviour doesn't seem to work for me.

Note that I am using OSX. 

Could this be due to some sort of proxy issue?

Thx again.

Alain



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting the Manager app running on localhost.. Please help

2018-07-12 Thread M. Manna

have you enabled all user roles with passwords?

in CATALINA_HOME/conf/tomcat-users.xml file? Also, don't forget to change
the passwords noted as "" with something "interesting".

By default, it can only run on localhost, and it's configured to listen to
127.0.0.1 via the valve. If you uncomment the user role part and change the
password, you should be able to log in. i was able to start it by doing
above.

Also, when you get 403, pay attention to what user roles you need to have
for certain pages to be visible on localhost.

Regards,

On 12 July 2018 at 16:24, Désilets, Alain 
wrote:

> > Where 132.246.129.58 is my IP address. Note that I tried also with
> “132.0.0.0” and with “^.*$” to no avail.
>
> I should be more precise…
>
> When I try with “^.*$”, I get same behavior as when I didn’t have a
> manager.xml file, ie:
>
>   *   Server Status: works
>   *   Manager: opens page but deploying war causes ‘This site can’t be
> reached’
>   *   Host Manager: ‘403 Access Denied’
>
> And by “132.0.0.0.”, I actually meant “127.0.0.1”. When I try that from
> ‘localhost:8080’, all buttons result in ‘403 Access Denied’. But when I
> access the buttons from “127.0.0.1:8080”, I get the same behavior as above
>
>
> Alain Désilets
> National Research Council of Canada
>

Re: Getting the Manager app running on localhost.. Please help

2018-07-12 Thread Désilets , Alain

> Where 132.246.129.58 is my IP address. Note that I tried also with 
> “132.0.0.0” and with “^.*$” to no avail.

I should be more precise…

When I try with “^.*$”, I get same behavior as when I didn’t have a manager.xml 
file, ie:

  *   Server Status: works
  *   Manager: opens page but deploying war causes ‘This site can’t be reached’
  *   Host Manager: ‘403 Access Denied’

And by “132.0.0.0.”, I actually meant “127.0.0.1”. When I try that from 
‘localhost:8080’, all buttons result in ‘403 Access Denied’. But when I access 
the buttons from “127.0.0.1:8080”, I get the same behavior as above


Alain Désilets
National Research Council of Canada

Getting the Manager app running on localhost.. Please help

2018-07-12 Thread Désilets , Alain

I have been trying to get my local Tomcat installation to allow me to deploy 
apps from the local machine and nothing I do seems to help.

At the moment, I have a file [CATALINA_HOME]/conf/tomcat-users.xml with the 
following content:

   
   
   
   

When I go to http://localhost:8080/ and click on the various apps buttons I get 
the following outcomes:


  *   Server Status: Opens the ‘Server Status’ page
  *   Manager App: Opens the ‘Tomcat Web Application Manager’ page. But if I 
try to deploy a war file, I get “This site can’t be reached”.
  *   Host Manager: I get ‘403 Access Denied’ with a long series of 
explanations about roles, context.xml and tomcat-users.xml.

Reading the instructions, it sounds like I got the tomcat-users.xml part right 
(see the content above). Correct?

So now I go about creating the context file for the Manager app. I create a 
file:

   [CATALINA_HOME]/ conf/Catalina/localhost/manager.xml

With the following content:

Re: Please help : EOL TOMCAT 7 and 8.5

2018-04-12 Thread Christopher Schultz

Dan,

On 4/12/18 8:15 AM, BENGUIRA, Dan (Allianz en France) wrote:
> I’m sorry to bother you for a question as trivial as that, and I really
> checked carefully all the documentation available…
> 
> Do you please have the date of the end of life of Tomcat 7, and of
> TOMCAT 8.5 ?

If you search the Tomcat home page for "end of", you'll find only one
announcement: EOL for Tomcat 8.0.

Neither Tomcat 7.0 nor Tomcat 8.5 have announced EOL dates.

> I have access to the end of life of TOMCAT 6 via this link:
> https://tomcat.apache.org/tomcat-60-eol.html
> 
> TOMCAT 8 via this link : https://tomcat.apache.org/tomcat-80-eol.html
> 
> So I naturally tried https://tomcat.apache.org/tomcat-70-eol.html for
> TOMCAT 7, and https://tomcat.apache.org/tomcat-85-eol.html for tomcat
> 8.5, but it didn’t work
> 
> Do you know a way of knowing those informations?
> 
> Thanks to the generous soul that would help me, I would be very grateful !

7.0 is basically in "maintenance mode" and will probably only receive
security patches or really really great improvements that are easy to
back-port. I would consider 8.5 to be the best stable production version
of Tomcat to use right now, as 9.0 doesn't have enough mileage under its
tires, yet.

Traditionally, the Tomcat has supported 3 versions simultaneously, so
Tomcat 7.0 will not reach EOL until we all start talking about Tomcat 10.

Tomcat 8.0 is receiving a bit of an "out of band" EOL because 8.5 is
superseding it. But tomcat 7.0 is safe for the foreseeable future.

Hope that helps,
-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Please help : EOL TOMCAT 7 and 8.5

2018-04-12 Thread BENGUIRA, Dan (Allianz en France)

Hello,

I'm sorry to bother you for a question as trivial as that, and I really checked 
carefully all the documentation available...

Do you please have the date of the end of life of Tomcat 7, and of TOMCAT 8.5 ?
I have access to the end of life of TOMCAT 6 via this link: 
https://tomcat.apache.org/tomcat-60-eol.html
TOMCAT 8 via this link : https://tomcat.apache.org/tomcat-80-eol.html
So I naturally tried https://tomcat.apache.org/tomcat-70-eol.html for TOMCAT 7, 
and https://tomcat.apache.org/tomcat-85-eol.html for tomcat 8.5, but it didn't 
work

Do you know a way of knowing those informations?

Thanks to the generous soul that would help me, I would be very grateful !

Kind regards,
[cid:image001.gif@01D3D268.02C716B0]
Dan BENGUIRA (IBM)
Green Recovery
Adress : Tour Franklin - La Défense
E-mail : externe.dan.bengu...@allianz.fr
Tél. : +33 1 58 85 38 30

--
Ce message est protege par les regles relatives au secret des correspondances; 
il peut en outre contenir des informations a caractere confidentiel ou 
protegees par differentes regles et notamment le secret des affaires; il est 
etabli a destination exclusive de son destinataire. Toute divulgation, 
utilisation, diffusion ou reproduction (totale ou partielle) de ce message, ou 
des informations qu'il contient, doit etre prealablement autorisee. 
Tout message electronique est susceptible d'alteration et son integrite ne peut 
etre assuree. Le Groupe Allianz decline toute responsabilite au titre de ce 
message s'il a ete modifie ou falsifie. 
Si vous n'etes pas destinataire de ce message, merci de le detruire 
immediatement et d'avertir l'expediteur de l'erreur de distribution et de la 
destruction du message.
This message is protected by the secrecy of correspondence rules; furthermore 
it may contain privileged or confidential information that is protected by law, 
notably by the secrecy of business relations rule; it is intended solely for 
the attention of the addressee. Any disclosure, use, dissemination or 
reproduction (either whole or partial) of this message or the information 
contained herein is strictly prohibited without prior consent.
Any electronic message is susceptible to alteration and its integrity can not 
be assured. Allianz Group decline any responsibility for this message in the 
event of alteration or falsification.
If you are not the intended recipient, please destroy it immediately and notify 
the sender of the wrong delivery and the mail deletion. 
--

Re: Please help with Tomcat Garbage Collection

2016-11-16 Thread George I. Develekos

The data I posted was collected as Tomcat was restarted and for the next 
19 hours.


You see too much GC thrashing, are you saying the GC process finds too 
much G to clean up? Should I urge the developers to do some GC of their own?


I give 2G to start with because it may not actually /need /5g, and 
experience has shown that it doesn't. I know giving it all at the start 
is better but I don't have memory to spare. I'll probably up from 2/5 yo 
3/5.


To boost YoungGen, should I do it with an explicit setting or with the 
radio thingy? Set it to 3, perhaps?


On 16-Nov-16 6:59 PM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

George,

On 11/16/16 11:18 AM, George I. Develekos wrote:

On another installation with higher  load, the JVM has "selected"
to give  YoungGen 250MB or so (as opposed to 150M here), and I
have confirmed that Full-GC is much less frequent so I'll go with
that next time I have downtime.

+1

- From the screenshots you posted, it looks like everything is healthy
EXCEPT that your young generation said 100% used *and* the "average
freed full GC" says nearly 700M per collection.

I've never used GCViewer, but if I'm reading that correctly, it's
saying that you are averaging more than 50% turnover in your tenured
generation during each full gc. (You have ~1300M in your tenured
generation and 700M is being collected each time.) That's a HUGE
amount of GC thrashing.

Were these samples taken of a stably-running production system, or was
this immediately after a restart, or in a lab or something?


When exactly can I expect to see my app freeze? Isn't it during
Full-GC?

John has already answered this. Feel free to ask follow-up questions.


Does the increase in CPU during those Full-GC times make sense?

Absolutely. Most of the time, applications are waiting for other
things to happen: read/write from the network, disk, whatever. GC is
100% CPU-bound activity, so you'll see a spike in the CPU usage
whenever the GC is running. Since some of the phases of CMS are
concurrent (that's what the "C" stands for), they won't pause your
application. Unfortunately, some phases are NOT concurrent, and the
application needs to be paused (this is appropriately called
"stop-the-world" because that's exactly what happens). Fortunately,
those phases are designed to be very short in time.

I have two recommendations for you, which really boils down to a
single one:

1. Set Xms and Xmx to be the same value

If you want to give 5G to your application, then give it all 5G. Don't
wait for the application to lazily grow to fill the space. It just
slows everything down. If you want a 2G heap, then use a 2G heap.
Splitting the heap into initial and max sizes is silly for a server
process.

2. Increase the young generation size by *at least* a factor of 2,
possibly 4. If you do #1 above, the JVM will likely re-size the young
generation for you anyway, since it will be starting with a bigger
heap. So you might not have to do this one at all.

Finally, the best course of action would be to upgrade to a more
recent JVM. You said initially that you were stuck, but you might not
be. You can use Oracle's JVM or OpenJVM running fairly easily, though
you might have to maintain and/or update it manually if there is no
package from RedHat for it.

I've never used package-managed JVMs because they tend to require
dozens or hundreds of other packages to be installed. Installation is
typically untarring a tarball, upgrading is just as easy, and
downgrading is a snap (just don't delete the old directory when
upgrading). The only downside is that the package manager won't go
fetch the archive and run the installer for you.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYLJCEAAoJEBzwKT+lPKRYyrkP/RuvH0SKRcEGfDGWybq8LQl1
MXy6fPk1HtHrkRAgEtQhxmEh/Za64E993R7hXnKNiGjwz2FVp2Fz4rq81Y/cxuSw
PEO01mfwY7y+j97zO2PQvYubnEhHIiPZZ5IYnjVMqZtmdX6hETCiWAx6vFYcCnL/
9ZGmHXDuCcI1uxDNJ4rq/mJcFyMjRLMR1uufrGwv37nbwXAKCQPIiYb6lALyof2X
7HwZUNAYi+MAJnQJSub4/QM/Bm4IUJn4h47RKia2ar2PaEIOSZihqLP7JRjTlTA7
U6KvDUfiBKNh7ECOvAXxFhZxjK3NEpjBU3/6beRIVcL5K5klOGfXTofDACEACH47
5bfmLrQChR0jPbsBlQcLwRQQxVdsj6RJi0u96Anyn5ElLfZiKUexQDx6X0oXeV6i
n5o4En0Rme7GzVtcEh3FmY2y4vFqCAGgwZ3lK2caXH6AqpR0WsyRuLISK4UtjcxP
NJIXpURtsfNMNqHTH/US6VftfC2lIQNJB0mRzMdnl7KrA6U6mXmn21ZAiPT64lkw
O8JQ49fF3giszo+x37EVkaA+YFn86ap4UzxwH+Tz86xd8qckihFTvGLr48cCjlJn
zhyR8x5ir+Q1CW9Q3GhSZJTtC5j2LY94vF7I5pZdln34aM/37u/iXlesBaEzwqGW
Sx00lN+4sNzr9jPZez5C
=Q0qd
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Re: Please help with Tomcat Garbage Collection

2016-11-16 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

George,

On 11/16/16 11:18 AM, George I. Develekos wrote:
> On another installation with higher  load, the JVM has "selected"
> to give  YoungGen 250MB or so (as opposed to 150M here), and I
> have confirmed that Full-GC is much less frequent so I'll go with
> that next time I have downtime.

+1

- From the screenshots you posted, it looks like everything is healthy
EXCEPT that your young generation said 100% used *and* the "average
freed full GC" says nearly 700M per collection.

I've never used GCViewer, but if I'm reading that correctly, it's
saying that you are averaging more than 50% turnover in your tenured
generation during each full gc. (You have ~1300M in your tenured
generation and 700M is being collected each time.) That's a HUGE
amount of GC thrashing.

Were these samples taken of a stably-running production system, or was
this immediately after a restart, or in a lab or something?

> When exactly can I expect to see my app freeze? Isn't it during
> Full-GC?

John has already answered this. Feel free to ask follow-up questions.

> Does the increase in CPU during those Full-GC times make sense?

Absolutely. Most of the time, applications are waiting for other
things to happen: read/write from the network, disk, whatever. GC is
100% CPU-bound activity, so you'll see a spike in the CPU usage
whenever the GC is running. Since some of the phases of CMS are
concurrent (that's what the "C" stands for), they won't pause your
application. Unfortunately, some phases are NOT concurrent, and the
application needs to be paused (this is appropriately called
"stop-the-world" because that's exactly what happens). Fortunately,
those phases are designed to be very short in time.

I have two recommendations for you, which really boils down to a
single one:

1. Set Xms and Xmx to be the same value

If you want to give 5G to your application, then give it all 5G. Don't
wait for the application to lazily grow to fill the space. It just
slows everything down. If you want a 2G heap, then use a 2G heap.
Splitting the heap into initial and max sizes is silly for a server
process.

2. Increase the young generation size by *at least* a factor of 2,
possibly 4. If you do #1 above, the JVM will likely re-size the young
generation for you anyway, since it will be starting with a bigger
heap. So you might not have to do this one at all.

Finally, the best course of action would be to upgrade to a more
recent JVM. You said initially that you were stuck, but you might not
be. You can use Oracle's JVM or OpenJVM running fairly easily, though
you might have to maintain and/or update it manually if there is no
package from RedHat for it.

I've never used package-managed JVMs because they tend to require
dozens or hundreds of other packages to be installed. Installation is
typically untarring a tarball, upgrading is just as easy, and
downgrading is a snap (just don't delete the old directory when
upgrading). The only downside is that the package manager won't go
fetch the archive and run the installer for you.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYLJCEAAoJEBzwKT+lPKRYyrkP/RuvH0SKRcEGfDGWybq8LQl1
MXy6fPk1HtHrkRAgEtQhxmEh/Za64E993R7hXnKNiGjwz2FVp2Fz4rq81Y/cxuSw
PEO01mfwY7y+j97zO2PQvYubnEhHIiPZZ5IYnjVMqZtmdX6hETCiWAx6vFYcCnL/
9ZGmHXDuCcI1uxDNJ4rq/mJcFyMjRLMR1uufrGwv37nbwXAKCQPIiYb6lALyof2X
7HwZUNAYi+MAJnQJSub4/QM/Bm4IUJn4h47RKia2ar2PaEIOSZihqLP7JRjTlTA7
U6KvDUfiBKNh7ECOvAXxFhZxjK3NEpjBU3/6beRIVcL5K5klOGfXTofDACEACH47
5bfmLrQChR0jPbsBlQcLwRQQxVdsj6RJi0u96Anyn5ElLfZiKUexQDx6X0oXeV6i
n5o4En0Rme7GzVtcEh3FmY2y4vFqCAGgwZ3lK2caXH6AqpR0WsyRuLISK4UtjcxP
NJIXpURtsfNMNqHTH/US6VftfC2lIQNJB0mRzMdnl7KrA6U6mXmn21ZAiPT64lkw
O8JQ49fF3giszo+x37EVkaA+YFn86ap4UzxwH+Tz86xd8qckihFTvGLr48cCjlJn
zhyR8x5ir+Q1CW9Q3GhSZJTtC5j2LY94vF7I5pZdln34aM/37u/iXlesBaEzwqGW
Sx00lN+4sNzr9jPZez5C
=Q0qd
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Please help with Tomcat Garbage Collection

2016-11-16 Thread John.E.Gregg




> -Original Message-
> From: George I. Develekos [mailto:gdevele...@omilia.com]
> Sent: Wednesday, November 16, 2016 10:18 AM
> To: users@tomcat.apache.org
> Subject: Re: Please help with Tomcat Garbage Collection
> 
> I appreciate the detailed response.
> 
> On another installation with higher  load, the JVM has "selected" to give
> YoungGen 250MB or so (as opposed to 150M here), and I have confirmed that
> Full-GC is much less frequent so I'll go with that next time I have downtime.
> 
> When exactly can I expect to see my app freeze? Isn't it during Full-GC?
> 
> Does the increase in CPU during those Full-GC times make sense?
> 
> 
> 
> Regards,
> 
> George I. Develekos | SeniorSW Engineer |t: _+30.210.6930664_| e:
> gdevele...@omilia.com <mailto:gdevele...@omilia.com>
> 
> 
> 
> Technology that Listens, Understands and Cares   - www.omilia.com
> <http://www.omilia.com/>
> 
> On 11/16/2016 6:11 PM, john.e.gr...@wellsfargo.com wrote:
> >
> > Sorry for top posting.  The format got weird.
> >
> > Those numbers aren’t bad.  The most important number for me is the
> > throughput on the summary tab.  Yours is 99.38%.  That means the JVM
> > was doing real work 99.38% of the time and garbage collecting the
> > other .62%.  You could improve that if you worked hard enough, but
> > going from 99.4 to 99.5 or 99.6 probably isn’t worth the effort.  If
> > the number was 90% or something, then you’d have more room for
> > improvement.
> >
> > Look at the GC performance numbers on the summary tab.  Obviously
> > minor GCs are much faster in this regard than major GCs. You can
> > reduce your total GC time by increasing the size of your young
> > generation.  You will get more or slower young collections but fewer
> > and faster old collections.  Overall the total time will be less than
> > it is now and the longest pauses will be shorter.
> >
> > As others have said, though, something doesn’t add up.  CMS is only
> > stop-the-world during certain phases.  (Not the ones with “concurrent”
> > in the name.)  If you feel these GC events coincide with pauses in
> > your app, you can try a thread dump or three (kill -3 ) during
> > the pause.  Use a tool like Samurai to parse the output.  This might
> > only be practical for longer pauses, though.
> >
> > Also, is it possible the VM itself is having a problem?  Maybe you
> > should talk to your virtualization team to see how stressed the
> > hardware is.  VMWare has an informative java best practices doc:
> >
> http://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techp
> > aper/enterprise-java-applications-on-vmware-best-practices-guide.pdf
> >
> > John
> >
> > *From:*George I. Develekos [mailto:gdevele...@omilia.com]
> > *Sent:* Wednesday, November 16, 2016 5:21 AM
> > *To:* users@tomcat.apache.org
> > *Subject:* Re: Please help with Tomcat Garbage Collection
> >
> > I'm attaching three screenshots of the GCViewer app as it processed
> > the complete *gc.log* file (about 19 hours).
> >
> > Please have a look and advise on what I can do to limit Full-GC times.
> > As of now I have a recommendation to increase the Young Gen..
> >
> > The setup in summary:
> >
> > We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat
> > 7.0.64.
> >
> > Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC
> > -XX:+CMSIncrementalMode
> >
> >
> >
> >
> >
> >
> > On 11/15/2016 11:45 PM, john.e.gr...@wellsfargo.com
> > <mailto:john.e.gr...@wellsfargo.com> wrote:
> >
> > -Original Message-
> >
> > From: George I. Develekos [mailto:gdevele...@omilia.com]
> >
> > Sent: Tuesday, November 15, 2016 3:00 PM
> >
> > To:users@tomcat.apache.org <mailto:users@tomcat.apache.org>
> >
> > Subject: Re: Please help with Tomcat Garbage Collection
> >
> > The system does very little swapping, both when it's GC'ing and 
> > when it's
> not.
> >
> > Less than 100MB worth of swap is taken.
> >
> > Giving Tomcat its own HW is not an option at this time,
> > especially as there's no
> >
> > guarantee it'll solve the problem. Besides it would be a VM
> > anyway, not physical
> >
> > dedicated HW.  The current server is also a VM.
> >
> > On 15-Nov-16 10:55 PM, Zdeněk Henek

Re: Please help with Tomcat Garbage Collection

2016-11-16 Thread George I. Develekos


One thing I didn't respond to:

The VM host is unlikely to have something to do here. We have a 
coincidence (in time) of three events, consistently.


1. Full GC
2. High CPU
3. App freezes

So it seems really unlikely the host is responsible.

The odd thing is that, the same app, on the same OS, in other 
installations, where of course we also have Full-GC periodically, never 
shows any freeze.


Regards,

George I. Develekos | SeniorSW Engineer |t: _+30.210.6930664_| e: 
gdevele...@omilia.com <mailto:gdevele...@omilia.com>




Technology that Listens, Understands and Cares   - www.omilia.com 
<http://www.omilia.com/>


On 11/16/2016 6:11 PM, john.e.gr...@wellsfargo.com wrote:


Sorry for top posting.  The format got weird.

Those numbers aren’t bad.  The most important number for me is the 
throughput on the summary tab.  Yours is 99.38%.  That means the JVM 
was doing real work 99.38% of the time and garbage collecting the 
other .62%.  You could improve that if you worked hard enough, but 
going from 99.4 to 99.5 or 99.6 probably isn’t worth the effort.  If 
the number was 90% or something, then you’d have more room for 
improvement.


Look at the GC performance numbers on the summary tab.  Obviously 
minor GCs are much faster in this regard than major GCs. You can 
reduce your total GC time by increasing the size of your young 
generation.  You will get more or slower young collections but fewer 
and faster old collections.  Overall the total time will be less than 
it is now and the longest pauses will be shorter.


As others have said, though, something doesn’t add up.  CMS is only 
stop-the-world during certain phases.  (Not the ones with “concurrent” 
in the name.)  If you feel these GC events coincide with pauses in 
your app, you can try a thread dump or three (kill -3 ) during 
the pause.  Use a tool like Samurai to parse the output.  This might 
only be practical for longer pauses, though.


Also, is it possible the VM itself is having a problem?  Maybe you 
should talk to your virtualization team to see how stressed the 
hardware is.  VMWare has an informative java best practices doc: 
http://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/enterprise-java-applications-on-vmware-best-practices-guide.pdf


John

*From:*George I. Develekos [mailto:gdevele...@omilia.com]
*Sent:* Wednesday, November 16, 2016 5:21 AM
*To:* users@tomcat.apache.org
*Subject:* Re: Please help with Tomcat Garbage Collection

I'm attaching three screenshots of the GCViewer app as it processed 
the complete *gc.log* file (about 19 hours).


Please have a look and advise on what I can do to limit Full-GC times. 
As of now I have a recommendation to increase the Young Gen..


The setup in summary:

We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat 
7.0.64.


Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC   
-XX:+CMSIncrementalMode







On 11/15/2016 11:45 PM, john.e.gr...@wellsfargo.com 
<mailto:john.e.gr...@wellsfargo.com> wrote:


-Original Message-

From: George I. Develekos [mailto:gdevele...@omilia.com]

Sent: Tuesday, November 15, 2016 3:00 PM

To:users@tomcat.apache.org <mailto:users@tomcat.apache.org>

    Subject: Re: Please help with Tomcat Garbage Collection

The system does very little swapping, both when it's GC'ing and when 
it's not.

Less than 100MB worth of swap is taken.

Giving Tomcat its own HW is not an option at this time, especially as 
there's no

guarantee it'll solve the problem. Besides it would be a VM anyway, not 
physical

dedicated HW.  The current server is also a VM.

On 15-Nov-16 10:55 PM, Zdeněk Henek wrote:

I would start with moving this tomcat to its own hw.

Did you check swap? This long pauses could be because part of your

heap is swapped to hdd

Regards,

Zdenek Henek

On Tue, Nov 15, 2016, 21:37 George I. Develekos

<gdevele...@omilia.com> <mailto:gdevele...@omilia.com>

wrote:

On 15-Nov-16 10:22 PM, Christopher Schultz wrote:

George,

On 11/15/16 10:46 AM, George I. Develekos wrote:

Hello guys,

We are having problems on a production system with very long 
"full

GC" times, as long as1200sec real time (!!!).

We are using Java 6 (stuck with CentOS 5.8 at this 
time) and Tomcat

7.0.64.

Xmx is 5G, Xms is 2G, and GC options are 
-XX:+UseConcMarkSweepGC

-XX:+CMSIncrementalMode

No other custom memory-related settings are in place.

Looki

Re: Please help with Tomcat Garbage Collection

2016-11-16 Thread George I. Develekos


I appreciate the detailed response.

On another installation with higher  load, the JVM has "selected" to 
give  YoungGen 250MB or so (as opposed to 150M here), and I have 
confirmed that Full-GC is much less frequent so I'll go with that next 
time I have downtime.


When exactly can I expect to see my app freeze? Isn't it during Full-GC?

Does the increase in CPU during those Full-GC times make sense?



Regards,

George I. Develekos | SeniorSW Engineer |t: _+30.210.6930664_| e: 
gdevele...@omilia.com <mailto:gdevele...@omilia.com>




Technology that Listens, Understands and Cares   - www.omilia.com 
<http://www.omilia.com/>


On 11/16/2016 6:11 PM, john.e.gr...@wellsfargo.com wrote:


Sorry for top posting.  The format got weird.

Those numbers aren’t bad.  The most important number for me is the 
throughput on the summary tab.  Yours is 99.38%.  That means the JVM 
was doing real work 99.38% of the time and garbage collecting the 
other .62%.  You could improve that if you worked hard enough, but 
going from 99.4 to 99.5 or 99.6 probably isn’t worth the effort.  If 
the number was 90% or something, then you’d have more room for 
improvement.


Look at the GC performance numbers on the summary tab.  Obviously 
minor GCs are much faster in this regard than major GCs. You can 
reduce your total GC time by increasing the size of your young 
generation.  You will get more or slower young collections but fewer 
and faster old collections.  Overall the total time will be less than 
it is now and the longest pauses will be shorter.


As others have said, though, something doesn’t add up.  CMS is only 
stop-the-world during certain phases.  (Not the ones with “concurrent” 
in the name.)  If you feel these GC events coincide with pauses in 
your app, you can try a thread dump or three (kill -3 ) during 
the pause.  Use a tool like Samurai to parse the output.  This might 
only be practical for longer pauses, though.


Also, is it possible the VM itself is having a problem?  Maybe you 
should talk to your virtualization team to see how stressed the 
hardware is.  VMWare has an informative java best practices doc: 
http://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/enterprise-java-applications-on-vmware-best-practices-guide.pdf


John

*From:*George I. Develekos [mailto:gdevele...@omilia.com]
*Sent:* Wednesday, November 16, 2016 5:21 AM
*To:* users@tomcat.apache.org
*Subject:* Re: Please help with Tomcat Garbage Collection

I'm attaching three screenshots of the GCViewer app as it processed 
the complete *gc.log* file (about 19 hours).


Please have a look and advise on what I can do to limit Full-GC times. 
As of now I have a recommendation to increase the Young Gen..


The setup in summary:

We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat 
7.0.64.


Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC   
-XX:+CMSIncrementalMode







On 11/15/2016 11:45 PM, john.e.gr...@wellsfargo.com 
<mailto:john.e.gr...@wellsfargo.com> wrote:


-Original Message-

From: George I. Develekos [mailto:gdevele...@omilia.com]

Sent: Tuesday, November 15, 2016 3:00 PM

To:users@tomcat.apache.org <mailto:users@tomcat.apache.org>

Subject: Re: Please help with Tomcat Garbage Collection

The system does very little swapping, both when it's GC'ing and when 
it's not.

Less than 100MB worth of swap is taken.

Giving Tomcat its own HW is not an option at this time, especially as 
there's no

guarantee it'll solve the problem. Besides it would be a VM anyway, not 
physical

dedicated HW.  The current server is also a VM.

On 15-Nov-16 10:55 PM, Zdeněk Henek wrote:

I would start with moving this tomcat to its own hw.

Did you check swap? This long pauses could be because part of your

heap is swapped to hdd

Regards,

Zdenek Henek

On Tue, Nov 15, 2016, 21:37 George I. Develekos

<gdevele...@omilia.com> <mailto:gdevele...@omilia.com>

wrote:

On 15-Nov-16 10:22 PM, Christopher Schultz wrote:

George,

On 11/15/16 10:46 AM, George I. Develekos wrote:

Hello guys,

We are having problems on a production system with very long 
"full

GC" times, as long as1200sec real time (!!!).

We are using Java 6 (stuck with CentOS 5.8 at this 
time) and Tomcat

7.0.64.

Xmx is 5G, Xms is 2G, and GC options are 
-XX:+UseConcMarkSweepGC

-XX:+CMSIncrementalMode

No other custom memory-related settings are in place.

RE: Please help with Tomcat Garbage Collection

2016-11-16 Thread John.E.Gregg

Sorry for top posting.  The format got weird.

Those numbers aren’t bad.  The most important number for me is the throughput 
on the summary tab.  Yours is 99.38%.  That means the JVM was doing real work 
99.38% of the time and garbage collecting the other .62%.  You could improve 
that if you worked hard enough, but going from 99.4 to 99.5 or 99.6 probably 
isn’t worth the effort.  If the number was 90% or something, then you’d have 
more room for improvement.

Look at the GC performance numbers on the summary tab.  Obviously minor GCs are 
much faster in this regard than major GCs.  You can reduce your total GC time 
by increasing the size of your young generation.  You will get more or slower 
young collections but fewer and faster old collections.  Overall the total time 
will be less than it is now and the longest pauses will be shorter.

As others have said, though, something doesn’t add up.  CMS is only 
stop-the-world during certain phases.  (Not the ones with “concurrent” in the 
name.)  If you feel these GC events coincide with pauses in your app, you can 
try a thread dump or three (kill -3 ) during the pause.  Use a tool like 
Samurai to parse the output.  This might only be practical for longer pauses, 
though.

Also, is it possible the VM itself is having a problem?  Maybe you should talk 
to your virtualization team to see how stressed the hardware is.  VMWare has an 
informative java best practices doc: 
http://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/enterprise-java-applications-on-vmware-best-practices-guide.pdf

John




From: George I. Develekos [mailto:gdevele...@omilia.com]
Sent: Wednesday, November 16, 2016 5:21 AM
To: users@tomcat.apache.org
Subject: Re: Please help with Tomcat Garbage Collection

I'm attaching three screenshots of the GCViewer app as it processed the 
complete gc.log file (about 19 hours).

Please have a look and advise on what I can do to limit Full-GC times. As of 
now I have a recommendation to increase the Young Gen..

The setup in summary:

We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat 7.0.64.

Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC   
-XX:+CMSIncrementalMode


[cid:image001.png@01D23FEE.84B81AB0]

[cid:image002.png@01D23FEE.84B81AB0]


[cid:image003.png@01D23FEE.84B81AB0]
On 11/15/2016 11:45 PM, 
john.e.gr...@wellsfargo.com<mailto:john.e.gr...@wellsfargo.com> wrote:







-Original Message-

From: George I. Develekos [mailto:gdevele...@omilia.com]

Sent: Tuesday, November 15, 2016 3:00 PM

To: users@tomcat.apache.org<mailto:users@tomcat.apache.org>

Subject: Re: Please help with Tomcat Garbage Collection



The system does very little swapping, both when it's GC'ing and when it's not.

Less than 100MB worth of swap is taken.



Giving Tomcat its own HW is not an option at this time, especially as there's no

guarantee it'll solve the problem. Besides it would be a VM anyway, not physical

dedicated HW.  The current server is also a VM.





On 15-Nov-16 10:55 PM, Zdeněk Henek wrote:

I would start with moving this tomcat to its own hw.



Did you check swap? This long pauses could be because part of your

heap is swapped to hdd



Regards,

Zdenek Henek



On Tue, Nov 15, 2016, 21:37 George I. Develekos

<gdevele...@omilia.com><mailto:gdevele...@omilia.com>

wrote:



On 15-Nov-16 10:22 PM, Christopher Schultz wrote:

George,



On 11/15/16 10:46 AM, George I. Develekos wrote:

Hello guys,



We are having problems on a production system with very long "full

GC" times, as long as1200sec real time (!!!).



We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat

7.0.64.



Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC

-XX:+CMSIncrementalMode



No other custom memory-related settings are in place.



Looking at the GC log, the last few Full-GC entries are:



1367.020: [Full GC 1367.020: [CMS: 1178831K->527456K(1926784K),

2.1117220 secs] 1250378K->527456K(2080128K), [CMS Perm :

169762K->56187K(169984K)] icms_dc=0 , 2.1118160 secs] [Times:

user=1.96 sys=0.13, real=2.11 secs]



2579.317: [Full GC 2579.317: [CMS2581.876: [CMS-concurrent-mark:

2.558/1212.733 secs] [*Times: user=113.05 sys=28.01,

real=**1212.49 **secs] ** * 3539.969: [Full GC 3539.969:

[CMS3540.056: [CMS-concurrent-sweep: 1.571/23.223 secs] [Times:

user=6.12 sys=1.36, real=*23.21 secs*]



4070.456: [Full GC 4070.457: [CMS: 1252569K->591200K(1926784K),

2.3447040 secs] 1270617K->591200K(2080128K), [CMS Perm :

169983K->56598K(169984K)] icms_dc=0 , 2.3448140 secs] [Times:

user=2.18 sys=0.14, real=2.34 secs]





What can we do?

1367.020 Full GC duration=2.11s

2579.317 Full GC duration=1212.49s



So your full GC immediately started another full GC that took 20

minutes ?



Are you only showing certain FULL GC activity from your log, or is

that everything?



CMS should have a mark and then a sweep each time

Re: Please help with Tomcat Garbage Collection




On 15-Nov-16 11:45 PM, john.e.gr...@wellsfargo.com wrote:




-Original Message-
From: George I. Develekos [mailto:gdevele...@omilia.com]
Sent: Tuesday, November 15, 2016 3:00 PM
To: users@tomcat.apache.org
Subject: Re: Please help with Tomcat Garbage Collection

The system does very little swapping, both when it's GC'ing and when it's not.
Less than 100MB worth of swap is taken.

Giving Tomcat its own HW is not an option at this time, especially as there's no
guarantee it'll solve the problem. Besides it would be a VM anyway, not physical
dedicated HW.  The current server is also a VM.


On 15-Nov-16 10:55 PM, Zdeněk Henek wrote:

I would start with moving this tomcat to its own hw.

Did you check swap? This long pauses could be because part of your
heap is swapped to hdd

Regards,
Zdenek Henek

On Tue, Nov 15, 2016, 21:37 George I. Develekos
<gdevele...@omilia.com>
wrote:


On 15-Nov-16 10:22 PM, Christopher Schultz wrote:

George,

On 11/15/16 10:46 AM, George I. Develekos wrote:

Hello guys,

We are having problems on a production system with very long "full
GC" times, as long as1200sec real time (!!!).

We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat
7.0.64.

Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC
-XX:+CMSIncrementalMode

No other custom memory-related settings are in place.

Looking at the GC log, the last few Full-GC entries are:

1367.020: [Full GC 1367.020: [CMS: 1178831K->527456K(1926784K),
2.1117220 secs] 1250378K->527456K(2080128K), [CMS Perm :
169762K->56187K(169984K)] icms_dc=0 , 2.1118160 secs] [Times:
user=1.96 sys=0.13, real=2.11 secs]

2579.317: [Full GC 2579.317: [CMS2581.876: [CMS-concurrent-mark:
2.558/1212.733 secs] [*Times: user=113.05 sys=28.01,
real=**1212.49 **secs] ** * 3539.969: [Full GC 3539.969:
[CMS3540.056: [CMS-concurrent-sweep: 1.571/23.223 secs] [Times:
user=6.12 sys=1.36, real=*23.21 secs*]

4070.456: [Full GC 4070.457: [CMS: 1252569K->591200K(1926784K),
2.3447040 secs] 1270617K->591200K(2080128K), [CMS Perm :
169983K->56598K(169984K)] icms_dc=0 , 2.3448140 secs] [Times:
user=2.18 sys=0.14, real=2.34 secs]


What can we do?

1367.020 Full GC duration=2.11s
2579.317 Full GC duration=1212.49s

So your full GC immediately started another full GC that took 20
minutes ?

Are you only showing certain FULL GC activity from your log, or is
that everything?

CMS should have a mark and then a sweep each time, but your times
don't seem to add up.

also note that the whole point of CMS is that there isn't any
stop-the-world during the mark portion of the process.

Are you actually experiencing a problem, or are you just suffering
from instrumentor's remorse?

- -chris


Chris,

What I listed is the result of the command:

grep "Full GC" gc.log

So (obviously) I have skipped other GC activity, i.e. whatever GC
activity didn't include the "Full GC" string.

Yes we are having app trouble due to the GC delays so this is a real
problem. Our application has real-time constraints so the GC delays
cannot be tolerated. I selected those GC options _in order to avoid
_long GC times.

Additionally, these periods coincide with high CPU for that JVM
process.  From 5-20% CPU where it is normally, it jumps to 60% ore more.
Once GC is done, our app rushes to catch up with tasks that had to
wait for GC to finish.

Answering another question from a member who has kindly responded,
yes the server is running other stuff. Basically it runs three
tomcats, the main one being this one. It also runs a DB2 database
that has close-to-zero activity.

George



It might be helpful if you could post a larger chunk of your GC log, at least 
long enough to cover the start and end of the CMS phases and maybe even more.  
Additionally, try using a tool like GCViewer to analyze the log.

How many CPUs do you have?  60% CPU usage isn't usually a big deal.

Like Chris already said, this is not a stop-the-world phase, so your 
application should continue working in parallel with the garbage collector.

Looks like your young generation is only 150MB (2080128k - 1926784k.)  That's 
very small for a 2-5GB heap.  Are you explicitly setting it somewhere or is the 
JVM choosing that for you?  It's so small that your old generation might be 
filling up faster that it should, leading to more frequent full collections.  
You could try setting the young generation to something like 25-50% of the 
total heap.  You'd get a lot of small pauses as the young gen is collected but 
fewer long ones.

John


John,

I have a couple of cores. One would be enough for what the server does.

I'll post a larger log chunk tomorrow.  I'll look into GCViewer, thanks.

I don't set the young gen, It's selected by the JVM. I don't even know 
what that is, to be honest. I do too many things for my company to know 
such esoteric things about each one of them. Server admin, network 
admin, DB admin, all admin


Nevertheless, if setting the

RE: Please help with Tomcat Garbage Collection

2016-11-15 Thread John.E.Gregg




> -Original Message-
> From: George I. Develekos [mailto:gdevele...@omilia.com]
> Sent: Tuesday, November 15, 2016 3:00 PM
> To: users@tomcat.apache.org
> Subject: Re: Please help with Tomcat Garbage Collection
> 
> The system does very little swapping, both when it's GC'ing and when it's not.
> Less than 100MB worth of swap is taken.
> 
> Giving Tomcat its own HW is not an option at this time, especially as there's 
> no
> guarantee it'll solve the problem. Besides it would be a VM anyway, not 
> physical
> dedicated HW.  The current server is also a VM.
> 
> 
> On 15-Nov-16 10:55 PM, Zdeněk Henek wrote:
> > I would start with moving this tomcat to its own hw.
> >
> > Did you check swap? This long pauses could be because part of your
> > heap is swapped to hdd
> >
> > Regards,
> > Zdenek Henek
> >
> > On Tue, Nov 15, 2016, 21:37 George I. Develekos
> > <gdevele...@omilia.com>
> > wrote:
> >
> >> On 15-Nov-16 10:22 PM, Christopher Schultz wrote:
> >>> George,
> >>>
> >>> On 11/15/16 10:46 AM, George I. Develekos wrote:
> >>>> Hello guys,
> >>>>
> >>>> We are having problems on a production system with very long "full
> >>>> GC" times, as long as1200sec real time (!!!).
> >>>>
> >>>> We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat
> >>>> 7.0.64.
> >>>>
> >>>> Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC
> >>>> -XX:+CMSIncrementalMode
> >>>>
> >>>> No other custom memory-related settings are in place.
> >>>>
> >>>> Looking at the GC log, the last few Full-GC entries are:
> >>>>
> >>>> 1367.020: [Full GC 1367.020: [CMS: 1178831K->527456K(1926784K),
> >>>> 2.1117220 secs] 1250378K->527456K(2080128K), [CMS Perm :
> >>>> 169762K->56187K(169984K)] icms_dc=0 , 2.1118160 secs] [Times:
> >>>> user=1.96 sys=0.13, real=2.11 secs]
> >>>>
> >>>> 2579.317: [Full GC 2579.317: [CMS2581.876: [CMS-concurrent-mark:
> >>>> 2.558/1212.733 secs] [*Times: user=113.05 sys=28.01,
> >>>> real=**1212.49 **secs] ** * 3539.969: [Full GC 3539.969:
> >>>> [CMS3540.056: [CMS-concurrent-sweep: 1.571/23.223 secs] [Times:
> >>>> user=6.12 sys=1.36, real=*23.21 secs*]
> >>>>
> >>>> 4070.456: [Full GC 4070.457: [CMS: 1252569K->591200K(1926784K),
> >>>> 2.3447040 secs] 1270617K->591200K(2080128K), [CMS Perm :
> >>>> 169983K->56598K(169984K)] icms_dc=0 , 2.3448140 secs] [Times:
> >>>> user=2.18 sys=0.14, real=2.34 secs]
> >>>>
> >>>>
> >>>> What can we do?
> >>> 1367.020 Full GC duration=2.11s
> >>> 2579.317 Full GC duration=1212.49s
> >>>
> >>> So your full GC immediately started another full GC that took 20
> >>> minutes ?
> >>>
> >>> Are you only showing certain FULL GC activity from your log, or is
> >>> that everything?
> >>>
> >>> CMS should have a mark and then a sweep each time, but your times
> >>> don't seem to add up.
> >>>
> >>> also note that the whole point of CMS is that there isn't any
> >>> stop-the-world during the mark portion of the process.
> >>>
> >>> Are you actually experiencing a problem, or are you just suffering
> >>> from instrumentor's remorse?
> >>>
> >>> - -chris
> >>>
> >> Chris,
> >>
> >> What I listed is the result of the command:
> >>
> >> grep "Full GC" gc.log
> >>
> >> So (obviously) I have skipped other GC activity, i.e. whatever GC
> >> activity didn't include the "Full GC" string.
> >>
> >> Yes we are having app trouble due to the GC delays so this is a real
> >> problem. Our application has real-time constraints so the GC delays
> >> cannot be tolerated. I selected those GC options _in order to avoid
> >> _long GC times.
> >>
> >> Additionally, these periods coincide with high CPU for that JVM
> >> process.  From 5-20% CPU where it is normally, it jumps to 60% ore more.
> >> Once GC is done, our app rushes to catch up with tasks that had to
> >> wait for GC to finish.
> >>
> >> Answering another question from a member who has kindly re

Re: Please help with Tomcat Garbage Collection

The system does very little swapping, both when it's GC'ing and when 
it's not. Less than 100MB worth of swap is taken.


Giving Tomcat its own HW is not an option at this time, especially as 
there's no guarantee it'll solve the problem. Besides it would be a VM 
anyway, not physical dedicated HW.  The current server is also a VM.



On 15-Nov-16 10:55 PM, Zdeněk Henek wrote:

I would start with moving this tomcat to its own hw.

Did you check swap? This long pauses could be because part of your heap is
swapped to hdd

Regards,
Zdenek Henek

On Tue, Nov 15, 2016, 21:37 George I. Develekos 
wrote:


On 15-Nov-16 10:22 PM, Christopher Schultz wrote:

George,

On 11/15/16 10:46 AM, George I. Develekos wrote:

Hello guys,

We are having problems on a production system with very long "full
GC" times, as long as1200sec real time (!!!).

We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat
7.0.64.

Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC
-XX:+CMSIncrementalMode

No other custom memory-related settings are in place.

Looking at the GC log, the last few Full-GC entries are:

1367.020: [Full GC 1367.020: [CMS: 1178831K->527456K(1926784K),
2.1117220 secs] 1250378K->527456K(2080128K), [CMS Perm :
169762K->56187K(169984K)] icms_dc=0 , 2.1118160 secs] [Times:
user=1.96 sys=0.13, real=2.11 secs]

2579.317: [Full GC 2579.317: [CMS2581.876: [CMS-concurrent-mark:
2.558/1212.733 secs] [*Times: user=113.05 sys=28.01,
real=**1212.49 **secs] ** * 3539.969: [Full GC 3539.969:
[CMS3540.056: [CMS-concurrent-sweep: 1.571/23.223 secs] [Times:
user=6.12 sys=1.36, real=*23.21 secs*]

4070.456: [Full GC 4070.457: [CMS: 1252569K->591200K(1926784K),
2.3447040 secs] 1270617K->591200K(2080128K), [CMS Perm :
169983K->56598K(169984K)] icms_dc=0 , 2.3448140 secs] [Times:
user=2.18 sys=0.14, real=2.34 secs]


What can we do?

1367.020 Full GC duration=2.11s
2579.317 Full GC duration=1212.49s

So your full GC immediately started another full GC that took 20 minutes
?

Are you only showing certain FULL GC activity from your log, or is
that everything?

CMS should have a mark and then a sweep each time, but your times
don't seem to add up.

also note that the whole point of CMS is that there isn't any
stop-the-world during the mark portion of the process.

Are you actually experiencing a problem, or are you just suffering
from instrumentor's remorse?

- -chris


Chris,

What I listed is the result of the command:

grep "Full GC" gc.log

So (obviously) I have skipped other GC activity, i.e. whatever GC
activity didn't include the "Full GC" string.

Yes we are having app trouble due to the GC delays so this is a real
problem. Our application has real-time constraints so the GC delays
cannot be tolerated. I selected those GC options _in order to avoid
_long GC times.

Additionally, these periods coincide with high CPU for that JVM
process.  From 5-20% CPU where it is normally, it jumps to 60% ore more.
Once GC is done, our app rushes to catch up with tasks that had to wait
for GC to finish.

Answering another question from a member who has kindly responded, yes
the server is running other stuff. Basically it runs three tomcats, the
main one being this one. It also runs a DB2 database that has
close-to-zero activity.

George


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus




---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help with Tomcat Garbage Collection

2016-11-15 Thread Zdeněk Henek

I would start with moving this tomcat to its own hw.

Did you check swap? This long pauses could be because part of your heap is
swapped to hdd

Regards,
Zdenek Henek

On Tue, Nov 15, 2016, 21:37 George I. Develekos 
wrote:

>
> On 15-Nov-16 10:22 PM, Christopher Schultz wrote:
> >
> > George,
> >
> > On 11/15/16 10:46 AM, George I. Develekos wrote:
> >> Hello guys,
> >>
> >> We are having problems on a production system with very long "full
> >> GC" times, as long as1200sec real time (!!!).
> >>
> >> We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat
> >> 7.0.64.
> >>
> >> Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC
> >> -XX:+CMSIncrementalMode
> >>
> >> No other custom memory-related settings are in place.
> >>
> >> Looking at the GC log, the last few Full-GC entries are:
> >>
> >> 1367.020: [Full GC 1367.020: [CMS: 1178831K->527456K(1926784K),
> >> 2.1117220 secs] 1250378K->527456K(2080128K), [CMS Perm :
> >> 169762K->56187K(169984K)] icms_dc=0 , 2.1118160 secs] [Times:
> >> user=1.96 sys=0.13, real=2.11 secs]
> >>
> >> 2579.317: [Full GC 2579.317: [CMS2581.876: [CMS-concurrent-mark:
> >> 2.558/1212.733 secs] [*Times: user=113.05 sys=28.01,
> >> real=**1212.49 **secs] ** * 3539.969: [Full GC 3539.969:
> >> [CMS3540.056: [CMS-concurrent-sweep: 1.571/23.223 secs] [Times:
> >> user=6.12 sys=1.36, real=*23.21 secs*]
> >>
> >> 4070.456: [Full GC 4070.457: [CMS: 1252569K->591200K(1926784K),
> >> 2.3447040 secs] 1270617K->591200K(2080128K), [CMS Perm :
> >> 169983K->56598K(169984K)] icms_dc=0 , 2.3448140 secs] [Times:
> >> user=2.18 sys=0.14, real=2.34 secs]
> >>
> >>
> >> What can we do?
> > 1367.020 Full GC duration=2.11s
> > 2579.317 Full GC duration=1212.49s
> >
> > So your full GC immediately started another full GC that took 20 minutes
> > ?
> >
> > Are you only showing certain FULL GC activity from your log, or is
> > that everything?
> >
> > CMS should have a mark and then a sweep each time, but your times
> > don't seem to add up.
> >
> > also note that the whole point of CMS is that there isn't any
> > stop-the-world during the mark portion of the process.
> >
> > Are you actually experiencing a problem, or are you just suffering
> > from instrumentor's remorse?
> >
> > - -chris
> >
>
> Chris,
>
> What I listed is the result of the command:
>
> grep "Full GC" gc.log
>
> So (obviously) I have skipped other GC activity, i.e. whatever GC
> activity didn't include the "Full GC" string.
>
> Yes we are having app trouble due to the GC delays so this is a real
> problem. Our application has real-time constraints so the GC delays
> cannot be tolerated. I selected those GC options _in order to avoid
> _long GC times.
>
> Additionally, these periods coincide with high CPU for that JVM
> process.  From 5-20% CPU where it is normally, it jumps to 60% ore more.
> Once GC is done, our app rushes to catch up with tasks that had to wait
> for GC to finish.
>
> Answering another question from a member who has kindly responded, yes
> the server is running other stuff. Basically it runs three tomcats, the
> main one being this one. It also runs a DB2 database that has
> close-to-zero activity.
>
> George
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>

Re: Please help with Tomcat Garbage Collection



On 15-Nov-16 10:22 PM, Christopher Schultz wrote:


George,

On 11/15/16 10:46 AM, George I. Develekos wrote:

Hello guys,

We are having problems on a production system with very long "full
GC" times, as long as1200sec real time (!!!).

We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat
7.0.64.

Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC
-XX:+CMSIncrementalMode

No other custom memory-related settings are in place.

Looking at the GC log, the last few Full-GC entries are:

1367.020: [Full GC 1367.020: [CMS: 1178831K->527456K(1926784K),
2.1117220 secs] 1250378K->527456K(2080128K), [CMS Perm :
169762K->56187K(169984K)] icms_dc=0 , 2.1118160 secs] [Times:
user=1.96 sys=0.13, real=2.11 secs]

2579.317: [Full GC 2579.317: [CMS2581.876: [CMS-concurrent-mark:
2.558/1212.733 secs] [*Times: user=113.05 sys=28.01,
real=**1212.49 **secs] ** * 3539.969: [Full GC 3539.969:
[CMS3540.056: [CMS-concurrent-sweep: 1.571/23.223 secs] [Times:
user=6.12 sys=1.36, real=*23.21 secs*]

4070.456: [Full GC 4070.457: [CMS: 1252569K->591200K(1926784K),
2.3447040 secs] 1270617K->591200K(2080128K), [CMS Perm :
169983K->56598K(169984K)] icms_dc=0 , 2.3448140 secs] [Times:
user=2.18 sys=0.14, real=2.34 secs]


What can we do?

1367.020 Full GC duration=2.11s
2579.317 Full GC duration=1212.49s

So your full GC immediately started another full GC that took 20 minutes
?

Are you only showing certain FULL GC activity from your log, or is
that everything?

CMS should have a mark and then a sweep each time, but your times
don't seem to add up.

also note that the whole point of CMS is that there isn't any
stop-the-world during the mark portion of the process.

Are you actually experiencing a problem, or are you just suffering
from instrumentor's remorse?

- -chris



Chris,

What I listed is the result of the command:

grep "Full GC" gc.log

So (obviously) I have skipped other GC activity, i.e. whatever GC 
activity didn't include the "Full GC" string.


Yes we are having app trouble due to the GC delays so this is a real 
problem. Our application has real-time constraints so the GC delays 
cannot be tolerated. I selected those GC options _in order to avoid 
_long GC times.


Additionally, these periods coincide with high CPU for that JVM 
process.  From 5-20% CPU where it is normally, it jumps to 60% ore more. 
Once GC is done, our app rushes to catch up with tasks that had to wait 
for GC to finish.


Answering another question from a member who has kindly responded, yes 
the server is running other stuff. Basically it runs three tomcats, the 
main one being this one. It also runs a DB2 database that has 
close-to-zero activity.


George


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Re: Please help with Tomcat Garbage Collection

2016-11-15 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

George,

On 11/15/16 10:46 AM, George I. Develekos wrote:
> Hello guys,
> 
> We are having problems on a production system with very long "full
> GC" times, as long as1200sec real time (!!!).
> 
> We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat
> 7.0.64.
> 
> Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC 
> -XX:+CMSIncrementalMode
> 
> No other custom memory-related settings are in place.
> 
> Looking at the GC log, the last few Full-GC entries are:
> 
> 1367.020: [Full GC 1367.020: [CMS: 1178831K->527456K(1926784K), 
> 2.1117220 secs] 1250378K->527456K(2080128K), [CMS Perm : 
> 169762K->56187K(169984K)] icms_dc=0 , 2.1118160 secs] [Times:
> user=1.96 sys=0.13, real=2.11 secs]
> 
> 2579.317: [Full GC 2579.317: [CMS2581.876: [CMS-concurrent-mark: 
> 2.558/1212.733 secs] [*Times: user=113.05 sys=28.01,
> real=**1212.49 **secs] ** * 3539.969: [Full GC 3539.969:
> [CMS3540.056: [CMS-concurrent-sweep: 1.571/23.223 secs] [Times:
> user=6.12 sys=1.36, real=*23.21 secs*]
> 
> 4070.456: [Full GC 4070.457: [CMS: 1252569K->591200K(1926784K), 
> 2.3447040 secs] 1270617K->591200K(2080128K), [CMS Perm : 
> 169983K->56598K(169984K)] icms_dc=0 , 2.3448140 secs] [Times:
> user=2.18 sys=0.14, real=2.34 secs]
> 
> 
> What can we do?

1367.020 Full GC duration=2.11s
2579.317 Full GC duration=1212.49s

So your full GC immediately started another full GC that took 20 minutes
?

Are you only showing certain FULL GC activity from your log, or is
that everything?

CMS should have a mark and then a sweep each time, but your times
don't seem to add up.

also note that the whole point of CMS is that there isn't any
stop-the-world during the mark portion of the process.

Are you actually experiencing a problem, or are you just suffering
from instrumentor's remorse?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYK25oAAoJEBzwKT+lPKRYQNEQAJ8xASbPXtJUHy7xzhdYpwnr
M6wpCnYcls/cihN1p5OgJaV5G4EyNDGzoDky/ijW6o6ywlAkwAw0TOZKiUD6KN3q
LPq/3nHCvUr0769TuzkLpCe+VjYKmD4k4JGq9qqBLrKeMhfEprKnod+BR2ZKVK03
WmI6mqYKfkdPi3iR5GBv95Wo4SXAONGSnG06ISo+mPPOrLqH8QSrGocFH63/+nU8
Vx3yESyWL4FiQxFe+BowEnhu26p5IgA76DtgXs8XV+ojKnuM1liZPd6GXTjT6lE/
HkVg7P30sMzVf9P+0naDzHzZw1Pg19c3L5CymF1+WQPUF7Bk7iaOJNX9ZvVvhtpP
aMmyNVp2GUWVXby2rHIS2cA1h0Nq9ZtUZECx5k8dLCYlMgmRlFdgM5W+Un2nP2qf
WrVh0YdsMc9PrP5JSt8MdgxRhRk/WAADC4gTi78hqS6Fuz6I8R5tkXu2xsQA5ALZ
Cd/dvX2hRY4yJ00A3ooYE9sRciQXoSrQ6VvfWfU1k4kI2ZC4C5mDXASQTOdyCKHx
KtGs9hK56hitZSCBhCrDD8OhzmnIJF1E+FmtKwuTEmkc7cGiCXiTJI+coO+sWzzV
AljVYpG8YIDSD+gHrWJbf4Bs9EzfjI7EwvAtszWBC1SM8pAHBbyguCDhFOAbLlp0
gHTCnOGA7/Qvgd+nLLxC
=UeZj
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help with Tomcat Garbage Collection

2016-11-15 Thread Zdeněk Henek

Is there running something else in that server? Real time should be never
bigger than user+sys

Z

On Tue, Nov 15, 2016, 16:46 George I. Develekos 
wrote:

> Hello guys,
>
> We are having problems on a production system with very long "full GC"
> times, as long as1200sec real time (!!!).
>
> We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat 7.0.64.
>
> Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC
> -XX:+CMSIncrementalMode
>
> No other custom memory-related settings are in place.
>
> Looking at the GC log, the last few Full-GC entries are:
>
> 1367.020: [Full GC 1367.020: [CMS: 1178831K->527456K(1926784K),
> 2.1117220 secs] 1250378K->527456K(2080128K), [CMS Perm :
> 169762K->56187K(169984K)] icms_dc=0 , 2.1118160 secs] [Times: user=1.96
> sys=0.13, real=2.11 secs]
>
> 2579.317: [Full GC 2579.317: [CMS2581.876: [CMS-concurrent-mark:
> 2.558/1212.733 secs] [*Times: user=113.05 sys=28.01, real=**1212.49
> **secs] **
> *
> 3539.969: [Full GC 3539.969: [CMS3540.056: [CMS-concurrent-sweep:
> 1.571/23.223 secs] [Times: user=6.12 sys=1.36, real=*23.21 secs*]
>
> 4070.456: [Full GC 4070.457: [CMS: 1252569K->591200K(1926784K),
> 2.3447040 secs] 1270617K->591200K(2080128K), [CMS Perm :
> 169983K->56598K(169984K)] icms_dc=0 , 2.3448140 secs] [Times: user=2.18
> sys=0.14, real=2.34 secs]
>
>
> What can we do?
>
> Thanks,
>
> George
>
>
>
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>

Re: Please help with Tomcat Garbage Collection


Thanks, but, all I got was this "y"...


On 15-Nov-16 9:48 PM, pina.freder...@gmail.com wrote:

y

Sent from my HTC on T-  .  4G LTE

- Reply message -
From: "George I. Develekos" <gdevele...@omilia.com>
To: <users@tomcat.apache.org>
Subject: Please help with Tomcat Garbage Collection
Date: Tue, Nov 15, 2016 10:46 AM

Hello guys,

We are having problems on a production system with very long "full GC"
times, as long as1200sec real time (!!!).

We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat 7.0.64.

Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC
-XX:+CMSIncrementalMode

No other custom memory-related settings are in place.

Looking at the GC log, the last few Full-GC entries are:

1367.020: [Full GC 1367.020: [CMS: 1178831K->527456K(1926784K),
2.1117220 secs] 1250378K->527456K(2080128K), [CMS Perm :
169762K->56187K(169984K)] icms_dc=0 , 2.1118160 secs] [Times: user=1.96
sys=0.13, real=2.11 secs]

2579.317: [Full GC 2579.317: [CMS2581.876: [CMS-concurrent-mark:
2.558/1212.733 secs] [*Times: user=113.05 sys=28.01, real=**1212.49
**secs] **
*
3539.969: [Full GC 3539.969: [CMS3540.056: [CMS-concurrent-sweep:
1.571/23.223 secs] [Times: user=6.12 sys=1.36, real=*23.21 secs*]

4070.456: [Full GC 4070.457: [CMS: 1252569K->591200K(1926784K),
2.3447040 secs] 1270617K->591200K(2080128K), [CMS Perm :
169983K->56598K(169984K)] icms_dc=0 , 2.3448140 secs] [Times: user=2.18
sys=0.14, real=2.34 secs]


What can we do?

Thanks,

George





---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help with Tomcat Garbage Collection

2016-11-15 Thread pina.freder...@gmail.com

y

Sent from my HTC on T-  .  4G LTE

- Reply message -
From: "George I. Develekos" <gdevele...@omilia.com>
To: <users@tomcat.apache.org>
Subject: Please help with Tomcat Garbage Collection
Date: Tue, Nov 15, 2016 10:46 AM

Hello guys,

We are having problems on a production system with very long "full GC" 
times, as long as1200sec real time (!!!).

We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat 7.0.64.

Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC   
-XX:+CMSIncrementalMode

No other custom memory-related settings are in place.

Looking at the GC log, the last few Full-GC entries are:

1367.020: [Full GC 1367.020: [CMS: 1178831K->527456K(1926784K), 
2.1117220 secs] 1250378K->527456K(2080128K), [CMS Perm : 
169762K->56187K(169984K)] icms_dc=0 , 2.1118160 secs] [Times: user=1.96 
sys=0.13, real=2.11 secs]

2579.317: [Full GC 2579.317: [CMS2581.876: [CMS-concurrent-mark: 
2.558/1212.733 secs] [*Times: user=113.05 sys=28.01, real=**1212.49 
**secs] **
*
3539.969: [Full GC 3539.969: [CMS3540.056: [CMS-concurrent-sweep: 
1.571/23.223 secs] [Times: user=6.12 sys=1.36, real=*23.21 secs*]

4070.456: [Full GC 4070.457: [CMS: 1252569K->591200K(1926784K), 
2.3447040 secs] 1270617K->591200K(2080128K), [CMS Perm : 
169983K->56598K(169984K)] icms_dc=0 , 2.3448140 secs] [Times: user=2.18 
sys=0.14, real=2.34 secs]


What can we do?

Thanks,

George





---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Please help with Tomcat Garbage Collection


Hello guys,

We are having problems on a production system with very long "full GC" 
times, as long as1200sec real time (!!!).


We are using Java 6 (stuck with CentOS 5.8 at this time) and Tomcat 7.0.64.

Xmx is 5G, Xms is 2G, and GC options are -XX:+UseConcMarkSweepGC   
-XX:+CMSIncrementalMode


No other custom memory-related settings are in place.

Looking at the GC log, the last few Full-GC entries are:

1367.020: [Full GC 1367.020: [CMS: 1178831K->527456K(1926784K), 
2.1117220 secs] 1250378K->527456K(2080128K), [CMS Perm : 
169762K->56187K(169984K)] icms_dc=0 , 2.1118160 secs] [Times: user=1.96 
sys=0.13, real=2.11 secs]


2579.317: [Full GC 2579.317: [CMS2581.876: [CMS-concurrent-mark: 
2.558/1212.733 secs] [*Times: user=113.05 sys=28.01, real=**1212.49 
**secs] **

*
3539.969: [Full GC 3539.969: [CMS3540.056: [CMS-concurrent-sweep: 
1.571/23.223 secs] [Times: user=6.12 sys=1.36, real=*23.21 secs*]


4070.456: [Full GC 4070.457: [CMS: 1252569K->591200K(1926784K), 
2.3447040 secs] 1270617K->591200K(2080128K), [CMS Perm : 
169983K->56598K(169984K)] icms_dc=0 , 2.3448140 secs] [Times: user=2.18 
sys=0.14, real=2.34 secs]



What can we do?

Thanks,

George





---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

TCP connection vs Tomcat threads vs File Descriptors - please help

2015-10-17 Thread vicky

Hi All,
can someone please help in understand  that how TCP connections are interlinked 
with the no. ofFile Descriptors & no of threads configured over a machine .
Setup details :OD - Centos 6Tomcat7Java 7
Recently i have faced an problem in while my application was having +20k TCP 
connections in TIME-WAIT state resulting in choking my application though no 
consumed threads & Files descriptors are pretty less than threshold.
1) I would like to understand that is there any limit that how many TCP 
connections a machine can open , IF YES then how to tune it . 
2) Second query   , my understanding was every TCP connection will open one 
file  descriptor but in my currentsituation only 900 FD were used whereas the 
TCP_WAIT connections where +20K .Kindly suggest how do i comprehend this . How 
these are interlinked
3) If i configure 600 threads in server.xml for my HTTP connector & if i'm 
running that machine over 8 core cpu does that mean simultaneously 600 X 8 (cpu 
core) =4800 threads will be served by my tomcat ?

Re: TCP connection vs Tomcat threads vs File Descriptors - please help

2015-10-17 Thread Rainer Jung


Am 17.10.2015 um 08:27 schrieb vicky:

Hi All,
can someone please help in understand  that how TCP connections are interlinked 
with the no. ofFile Descriptors & no of threads configured over a machine .
Setup details :OD - Centos 6Tomcat7Java 7
Recently i have faced an problem in while my application was having +20k TCP 
connections in TIME-WAIT state resulting in choking my application though no 
consumed threads & Files descriptors are pretty less than threshold.
1) I would like to understand that is there any limit that how many TCP 
connections a machine can open , IF YES then how to tune it .
2) Second query   , my understanding was every TCP connection will open one 
file  descriptor but in my currentsituation only 900 FD were used whereas the 
TCP_WAIT connections where +20K .Kindly suggest how do i comprehend this . How 
these are interlinked
3) If i configure 600 threads in server.xml for my HTTP connector & if i'm 
running that machine over 8 core cpu does that mean simultaneously 600 X 8 (cpu 
core) =4800 threads will be served by my tomcat ?


Let me give you an incomplete answer:

A TCP connection in state TIME_WAIT does no longer exist from the point 
of view of the application/Tomcat/Java etc. So it does not need any 
application resources like threads.


To understand TIME_WAIT, you should look for "TCP state diagram" in your 
favorite search engine or grab a copy of Steven's TCP/IP illustrated. 
You will find a picture like this:


http://www.cs.northwestern.edu/~agupta/cs340/project2/TCPIP_State_Transition_Diagram.pdf

(page 2)

There you will see, that an ESTABLISHED connection can only enter 
TIME_WAIT state on the side of the connection, that first started the 
connection shut down by sending a FIN packet. And on that side it will 
always go through TIME_WAIT state.


The default time during which a connection sits in TIME_WAIT on Linux 
seems to be 60, sometimes 120 seconds. So the total number of 
connections in that state is proportional to the number of connections 
per second that the local node starts closing.


Example: Assume you run 100 new connections per second and all of the 
are closed by the local node first. That means in 60 seconds 6000 
connections will pile up in state TIME_WAIT.


In addition, removing TIME_WAIT connections from the OS list is not done 
continuously but in regular intervals, like e.g. every 5 seconds. So the 
real numbers can be slightly higher.


Why are TIME_WAIT states bad? They don't need app resources, so why 
care? Because the increase the list of TCP connection states the OS has 
to manage and a huge number of such TIME_WAIT connections - a few 
10.000s - can make the IP stack slower.


The TIME_WAIT duration is not configurable for Linux only on some other 
Unixes. See the discussion at:


http://comments.gmane.org/gmane.linux.network/244411

For some time you had to live with it and the only things you could do was

- checking whether you could force more connections being closed by the 
remote side first


- reducing the number of connections per second by increasing connection 
reuse, so keeping connections around for a longer time instead of 
constantly creating new ones.


Both options would increase the need for app resources though, because 
the longer lifetime of established connections would often increase the 
number of threads needed.


Now some people recommend using net.ipv4.tcp_tw_reuse, but that tunable 
seems to only apply to outgoing connections. Other suggest using 
net.ipv4.tcp_tw_recycle, but that one seems to make problems if clients 
sit behind a NAT device.


See:

http://vincent.bernat.im/en/blog/2014-tcp-time-wait-state-linux.html

Other people suggest tuning 
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait:


http://www.lognormal.com/blog/2012/09/27/linux-tcpip-tuning/

It could be, that this tunable will be replaced by 
nf_conntrack_tcp_timeout_time_wait in new kernels.


Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TCP connection vs Tomcat threads vs File Descriptors - please help

2015-10-17 Thread vicky

Thank you so much Rainer, for sparing time & answering my query. Vicky 

 On Saturday, 17 October 2015 5:17 PM, Rainer Jung 
<rainer.j...@kippdata.de> wrote:

 Am 17.10.2015 um 08:27 schrieb vicky:
> Hi All,
> can someone please help in understand  that how TCP connections are 
> interlinked with the no. ofFile Descriptors & no of threads configured over a 
> machine .
> Setup details :OD - Centos 6Tomcat7Java 7
> Recently i have faced an problem in while my application was having +20k TCP 
> connections in TIME-WAIT state resulting in choking my application though no 
> consumed threads & Files descriptors are pretty less than threshold.
> 1) I would like to understand that is there any limit that how many TCP 
> connections a machine can open , IF YES then how to tune it .
> 2) Second query  , my understanding was every TCP connection will open one 
> file  descriptor but in my currentsituation only 900 FD were used whereas the 
> TCP_WAIT connections where +20K .Kindly suggest how do i comprehend this . 
> How these are interlinked
> 3) If i configure 600 threads in server.xml for my HTTP connector & if i'm 
> running that machine over 8 core cpu does that mean simultaneously 600 X 8 
> (cpu core) =4800 threads will be served by my tomcat ?

Let me give you an incomplete answer:

A TCP connection in state TIME_WAIT does no longer exist from the point 
of view of the application/Tomcat/Java etc. So it does not need any 
application resources like threads.

To understand TIME_WAIT, you should look for "TCP state diagram" in your 
favorite search engine or grab a copy of Steven's TCP/IP illustrated. 
You will find a picture like this:

http://www.cs.northwestern.edu/~agupta/cs340/project2/TCPIP_State_Transition_Diagram.pdf

(page 2)

There you will see, that an ESTABLISHED connection can only enter 
TIME_WAIT state on the side of the connection, that first started the 
connection shut down by sending a FIN packet. And on that side it will 
always go through TIME_WAIT state.

The default time during which a connection sits in TIME_WAIT on Linux 
seems to be 60, sometimes 120 seconds. So the total number of 
connections in that state is proportional to the number of connections 
per second that the local node starts closing.

Example: Assume you run 100 new connections per second and all of the 
are closed by the local node first. That means in 60 seconds 6000 
connections will pile up in state TIME_WAIT.

In addition, removing TIME_WAIT connections from the OS list is not done 
continuously but in regular intervals, like e.g. every 5 seconds. So the 
real numbers can be slightly higher.

Why are TIME_WAIT states bad? They don't need app resources, so why 
care? Because the increase the list of TCP connection states the OS has 
to manage and a huge number of such TIME_WAIT connections - a few 
10.000s - can make the IP stack slower.

The TIME_WAIT duration is not configurable for Linux only on some other 
Unixes. See the discussion at:

http://comments.gmane.org/gmane.linux.network/244411

For some time you had to live with it and the only things you could do was

- checking whether you could force more connections being closed by the 
remote side first

- reducing the number of connections per second by increasing connection 
reuse, so keeping connections around for a longer time instead of 
constantly creating new ones.

Both options would increase the need for app resources though, because 
the longer lifetime of established connections would often increase the 
number of threads needed.

Now some people recommend using net.ipv4.tcp_tw_reuse, but that tunable 
seems to only apply to outgoing connections. Other suggest using 
net.ipv4.tcp_tw_recycle, but that one seems to make problems if clients 
sit behind a NAT device.

See:

http://vincent.bernat.im/en/blog/2014-tcp-time-wait-state-linux.html

Other people suggest tuning 
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait:

http://www.lognormal.com/blog/2012/09/27/linux-tcpip-tuning/

It could be, that this tunable will be replaced by 
nf_conntrack_tcp_timeout_time_wait in new kernels.

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7, no_cypher_overlap error, no solutions working, please help.

2015-09-30 Thread Mark Thomas

On 30 September 2015 16:13:38 BST, Kernel freak  wrote:
>Hi guys,
>
>I am trying to setup https on tomcat, but not having much luck since 5
>hours. I am always getting no_cypher_overlap errror.
>The certificate is not self-signed, but issued. The crt file I am
>importing
>for both root and tomcat alias.
>
>These are the files I have domainname.ca-bundle, .crt, .csr, .key,
>.p12,
>domainname.jks,
>
>THis is the command I gave :
>
>keytool -import -trustcacerts -alias root -file domainname.crt -keyalg
>RSA
>-keystore domainaname.jks
>
>Connector looks like this :
>
> maxThreads="200" compression="force"
>  compressionMinSize="1024" scheme="https" secure="true"
>clientAuth="false" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
>sslProtocol="TLS" URIEncoding="utf-8"
> compressableMimeType="text/html,text/xml,text/plain,text/css,text/
>javascript,application/x-javascript,application/javascript"
>   keystoreFile="domain.jks" keystorePass="pass" />
>
>Still it is not working, there are so many users out there, who have
>the
>
>same problem, and still there is no good solution for this.
>
>I have also posted it on Stackoverflow(Link below), no help there too.
>If
>
>anyone knows what I can do, kindly let me know. THis is messed up to
>
>configure https for 5 hours with issued certificate. Thanks.
>
>http://stackoverflow.com/questions/32866528/apache-tomcat-importing-already-existing-certificates-into-keystore
>
>Regards,
>Kernel

ssllabs is your friend.

Mark

Tomcat 7, no_cypher_overlap error, no solutions working, please help.

2015-09-30 Thread Kernel freak

Hi guys,

I am trying to setup https on tomcat, but not having much luck since 5
hours. I am always getting no_cypher_overlap errror.
The certificate is not self-signed, but issued. The crt file I am importing
for both root and tomcat alias.

These are the files I have domainname.ca-bundle, .crt, .csr, .key, .p12,
domainname.jks,

THis is the command I gave :

keytool -import -trustcacerts -alias root -file domainname.crt -keyalg RSA
-keystore domainaname.jks

Connector looks like this :

 

Still it is not working, there are so many users out there, who have the

same problem, and still there is no good solution for this.

I have also posted it on Stackoverflow(Link below), no help there too. If

anyone knows what I can do, kindly let me know. THis is messed up to

configure https for 5 hours with issued certificate. Thanks.

http://stackoverflow.com/questions/32866528/apache-tomcat-importing-already-existing-certificates-into-keystore

Regards,
Kernel

Re: Tomcat 7, no_cypher_overlap error, no solutions working, please help.

2015-09-30 Thread David kerber


On 9/30/2015 11:13 AM, Kernel freak wrote:

Hi guys,

I am trying to setup https on tomcat, but not having much luck since 5
hours. I am always getting no_cypher_overlap errror.


This error means that your server and the client browser don't have any 
cypers in common (there are none that they can both work with).




The certificate is not self-signed, but issued. The crt file I am importing
for both root and tomcat alias.

These are the files I have domainname.ca-bundle, .crt, .csr, .key, .p12,
domainname.jks,

THis is the command I gave :

keytool -import -trustcacerts -alias root -file domainname.crt -keyalg RSA
-keystore domainaname.jks

Connector looks like this :

  

Still it is not working, there are so many users out there, who have the

same problem, and still there is no good solution for this.

I have also posted it on Stackoverflow(Link below), no help there too. If

anyone knows what I can do, kindly let me know. THis is messed up to

configure https for 5 hours with issued certificate. Thanks.

http://stackoverflow.com/questions/32866528/apache-tomcat-importing-already-existing-certificates-into-keystore

Regards,
Kernel




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Please help

2015-07-17 Thread Caldarale, Charles R

 From: uzair rashid [mailto:uzairrashi...@gmail.com] 
 Subject: Re: Please help

 Jul 16, 2015 5:09:52 PM org.apache.coyote.AbstractProtocol init
 SEVERE: Failed to initialize end point associated with ProtocolHandler 
 [http-apr-8443]

This is a completely different problem, so you should start a completely new 
thread to discuss it (with an appropriate subject line this time).

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help

2015-07-17 Thread uzair rashid

Hello Chuck:

Thank you!

INFO: Command line argument: -Xss1024k
Jul 16, 2015 5:09:49 PM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: Loaded APR based Apache Tomcat Native library 1.1.32 using APR
version 1.5.1.
Jul 16, 2015 5:09:49 PM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Jul 16, 2015 5:09:51 PM org.apache.catalina.core.AprLifecycleListener
initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1j 15 Oct 2014)
Jul 16, 2015 5:09:51 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [http-apr-8080]
Jul 16, 2015 5:09:52 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [http-apr-8443]
Jul 16, 2015 5:09:52 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler
[http-apr-8443]
java.lang.Exception: Connector attribute SSLCertificateFile must be defined
when using SSL with APR
 at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:490)
 at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646)
 at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
 at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
 at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
 at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
 at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
 at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)

I missed that point of the error as well!

Could you please give your input
On Thu, Jul 16, 2015 at 8:25 PM, Caldarale, Charles R 
chuck.caldar...@unisys.com wrote:

  From: uzair rashid [mailto:uzairrashi...@gmail.com]
  Subject: Please help

 Please help as a subject line is not terribly useful, is it?

  I am using Apache Tomcat 7.0.57..

 Good to know; many people forget to mention the version they're using.

  I have configured my server.xml as follows:

  Realm className=org.apache.catalina.realm.UserDatabaseRealm
  resourceName=UserDatabase/
 
/Realm

  SEVERE: Parse Fatal Error at line 36 column 4: XML document structures
 must
  start and end within the same entity.

 You have both an end tag and an empty element - pick one or the other.
 Any decent XML editor will highlight the syntax error.

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you
 received this in error, please contact the sender and delete the e-mail and
 its attachments from all computers.


 -Original Message-
 From: uzair rashid [mailto:uzairrashi...@gmail.com]
 Sent: 2015 July 16, Thursday 19:33
 To: users@tomcat.apache.org
 Subject: Please help

 Hello:



 I am using Apache Tomcat 7.0.57..



 I have configured my server.xml as follows:

 ?xml version=1.0 encoding=UTF-8?!--

   Licensed to the Apache Software Foundation (ASF) under one or more

   contributor license agreements.  See the NOTICE file distributed with

   this work for additional information regarding copyright ownership.

   The ASF licenses this file to You under the Apache License, Version 2.0

   (the License); you may not use this file except in compliance with

   the License.  You may obtain a copy of the License at



   http://www.apache.org/licenses/LICENSE-2.0



   Unless required by applicable law or agreed to in writing, software

   distributed under the License is distributed on an AS IS BASIS,

   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

   See the License for the specific language governing permissions and

   limitations under the License.

 --!-- Note:  A Server is not itself a Container, so you may not

  define subcomponents such as Valves at this level.

  Documentation at /docs/config/server.html

  --Server port=8005 shutdown=SHUTDOWN

   Listener className=org.apache.catalina.startup.VersionLoggerListener/

   !-- Security listener. Documentation at /docs/config/listeners.html

   Listener className=org.apache.catalina.security.SecurityListener /

   --

   !--APR library loader. Documentation at /docs/apr.html --

   Listener className=org.apache.catalina.core.AprLifecycleListener
 SSLEngine=on/

   !--Initialize Jasper prior to webapps are loaded. Documentation

RE: Please help

2015-07-16 Thread Caldarale, Charles R

 From: uzair rashid [mailto:uzairrashi...@gmail.com] 
 Subject: Please help

Please help as a subject line is not terribly useful, is it?

 I am using Apache Tomcat 7.0.57..

Good to know; many people forget to mention the version they're using.

 I have configured my server.xml as follows:

 Realm className=org.apache.catalina.realm.UserDatabaseRealm
 resourceName=UserDatabase/

   /Realm

 SEVERE: Parse Fatal Error at line 36 column 4: XML document structures must
 start and end within the same entity.

You have both an end tag and an empty element - pick one or the other.  Any 
decent XML editor will highlight the syntax error.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-Original Message-
From: uzair rashid [mailto:uzairrashi...@gmail.com] 
Sent: 2015 July 16, Thursday 19:33
To: users@tomcat.apache.org
Subject: Please help

Hello:



I am using Apache Tomcat 7.0.57..



I have configured my server.xml as follows:

?xml version=1.0 encoding=UTF-8?!--

  Licensed to the Apache Software Foundation (ASF) under one or more

  contributor license agreements.  See the NOTICE file distributed with

  this work for additional information regarding copyright ownership.

  The ASF licenses this file to You under the Apache License, Version 2.0

  (the License); you may not use this file except in compliance with

  the License.  You may obtain a copy of the License at



  http://www.apache.org/licenses/LICENSE-2.0



  Unless required by applicable law or agreed to in writing, software

  distributed under the License is distributed on an AS IS BASIS,

  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  See the License for the specific language governing permissions and

  limitations under the License.

--!-- Note:  A Server is not itself a Container, so you may not

 define subcomponents such as Valves at this level.

 Documentation at /docs/config/server.html

 --Server port=8005 shutdown=SHUTDOWN

  Listener className=org.apache.catalina.startup.VersionLoggerListener/

  !-- Security listener. Documentation at /docs/config/listeners.html

  Listener className=org.apache.catalina.security.SecurityListener /

  --

  !--APR library loader. Documentation at /docs/apr.html --

  Listener className=org.apache.catalina.core.AprLifecycleListener
SSLEngine=on/

  !--Initialize Jasper prior to webapps are loaded. Documentation at
/docs/jasper-howto.html --

  Listener className=org.apache.catalina.core.JasperListener/

  !-- Prevent memory leaks due to use of particular java/javax APIs--

  Listener
className=org.apache.catalina.core.JreMemoryLeakPreventionListener/

  Listener
className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/

  Listener
className=org.apache.catalina.core.ThreadLocalLeakPreventionListener/



  !-- Global JNDI resources

   Documentation at /docs/jndi-resources-howto.html

  --

  GlobalNamingResources

!-- Editable user database that can also be used by

 UserDatabaseRealm to authenticate users

--

Resource name=UserDatabase auth=Container
type=org.apache.catalina.UserDatabase description=User database that can
be updated and saved
factory=org.apache.catalina.users.MemoryUserDatabaseFactory
pathname=conf/tomcat-users.xml/

  /GlobalNamingResources



  !-- A Service is a collection of one or more Connectors that share

   a single Container Note:  A Service is not itself a Container,

   so you may not define subcomponents such as Valves at this level.

   Documentation at /docs/config/service.html

   --

  Service name=Catalina



!--The connectors can use a shared executor, you can define one or
more named thread pools--

!--

Executor name=tomcatThreadPool namePrefix=catalina-exec-

maxThreads=150 minSpareThreads=4/

--





!-- A Connector represents an endpoint by which requests are received

 and responses are returned. Documentation at :

 Java HTTP Connector: /docs/config/http.html (blocking 
non-blocking)

 Java AJP  Connector: /docs/config/ajp.html

 APR (HTTP/AJP) Connector: /docs/apr.html

 Define a non-SSL HTTP/1.1 Connector on port 8080

--

Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2
redirectPort=8443 compression=on URIEncoding=UTF-8
compressionMinSize=2048 noCompressionUserAgents=gozilla, traviata
compressableMimeType=text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/json/

!-- A Connector using the shared thread pool--

!--

Connector executor=tomcatThreadPool

   port=8080 protocol=HTTP/1.1

   connectionTimeout=2

   redirectPort=8443 /

--

!-- Define a SSL Coyote

Please help

2015-07-16 Thread uzair rashid

Hello:



I am using Apache Tomcat 7.0.57..



I have configured my server.xml as follows:

?xml version=1.0 encoding=UTF-8?!--

  Licensed to the Apache Software Foundation (ASF) under one or more

  contributor license agreements.  See the NOTICE file distributed with

  this work for additional information regarding copyright ownership.

  The ASF licenses this file to You under the Apache License, Version 2.0

  (the License); you may not use this file except in compliance with

  the License.  You may obtain a copy of the License at



  http://www.apache.org/licenses/LICENSE-2.0



  Unless required by applicable law or agreed to in writing, software

  distributed under the License is distributed on an AS IS BASIS,

  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  See the License for the specific language governing permissions and

  limitations under the License.

--!-- Note:  A Server is not itself a Container, so you may not

 define subcomponents such as Valves at this level.

 Documentation at /docs/config/server.html

 --Server port=8005 shutdown=SHUTDOWN

  Listener className=org.apache.catalina.startup.VersionLoggerListener/

  !-- Security listener. Documentation at /docs/config/listeners.html

  Listener className=org.apache.catalina.security.SecurityListener /

  --

  !--APR library loader. Documentation at /docs/apr.html --

  Listener className=org.apache.catalina.core.AprLifecycleListener
SSLEngine=on/

  !--Initialize Jasper prior to webapps are loaded. Documentation at
/docs/jasper-howto.html --

  Listener className=org.apache.catalina.core.JasperListener/

  !-- Prevent memory leaks due to use of particular java/javax APIs--

  Listener
className=org.apache.catalina.core.JreMemoryLeakPreventionListener/

  Listener
className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/

  Listener
className=org.apache.catalina.core.ThreadLocalLeakPreventionListener/



  !-- Global JNDI resources

   Documentation at /docs/jndi-resources-howto.html

  --

  GlobalNamingResources

!-- Editable user database that can also be used by

 UserDatabaseRealm to authenticate users

--

Resource name=UserDatabase auth=Container
type=org.apache.catalina.UserDatabase description=User database that can
be updated and saved
factory=org.apache.catalina.users.MemoryUserDatabaseFactory
pathname=conf/tomcat-users.xml/

  /GlobalNamingResources



  !-- A Service is a collection of one or more Connectors that share

   a single Container Note:  A Service is not itself a Container,

   so you may not define subcomponents such as Valves at this level.

   Documentation at /docs/config/service.html

   --

  Service name=Catalina



!--The connectors can use a shared executor, you can define one or
more named thread pools--

!--

Executor name=tomcatThreadPool namePrefix=catalina-exec-

maxThreads=150 minSpareThreads=4/

--





!-- A Connector represents an endpoint by which requests are received

 and responses are returned. Documentation at :

 Java HTTP Connector: /docs/config/http.html (blocking 
non-blocking)

 Java AJP  Connector: /docs/config/ajp.html

 APR (HTTP/AJP) Connector: /docs/apr.html

 Define a non-SSL HTTP/1.1 Connector on port 8080

--

Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2
redirectPort=8443 compression=on URIEncoding=UTF-8
compressionMinSize=2048 noCompressionUserAgents=gozilla, traviata
compressableMimeType=text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/json/

!-- A Connector using the shared thread pool--

!--

Connector executor=tomcatThreadPool

   port=8080 protocol=HTTP/1.1

   connectionTimeout=2

   redirectPort=8443 /

--

!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --

Connector port=8443 protocol=HTTP/1.1

maxThreads=150 SSLEnabled=true minSpareThreads=25
maxSpareThreads=75

enableLookups=false disableUploadTimeout=true

acceptCount=100 debug=0 scheme=https secure=true

clientAuth=false sslProtocol=TLS
SSLCipherSuite=ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW

keystorePass=FILLINHERE keystoreFile=D:\SAP\.keystore/



!-- Define an AJP 1.3 Connector on port 8009 --

Connector port=8009 protocol=AJP/1.3 redirectPort=8443/





!-- An Engine represents the entry point (within Catalina) that
processes

 every request.  The Engine implementation for Tomcat stand alone

 analyzes the HTTP headers included with the request, and passes
them

 on to the appropriate Host (virtual host).

 Documentation at /docs/config/engine.html --



!-- You should set jvmRoute to support load-balancing via AJP ie :

Engine name=Catalina defaultHost=localhost jvmRoute=jvm1

--

Engine name=Catalina defaultHost=localhost



  !--For

Re: How to get rid of that Tomcat page? Please help!

2014-11-24 Thread Neven Cvetkovic

Richard,

On Sun, Nov 23, 2014 at 8:22 PM, Richard Aubry aubry...@gmail.com wrote:

 Neven

 Thank you very much. Your help was invaluable.

 You are welcome :)


 I looked at /etc/hosts and found and entry for the site I was trying to
 reach. I removed that entry and all is fine now. How, when and why that
 line was added to the hosts file is a mystery for me. Thank you again.


It sounds a bit like a foul-play :) I am not sure who changed and added an
entry to your file. If it was a last entry in the file, it is likely done
by some script/application, that just appended to hosts file. If it was
somewhere in the middle of the /etc/hosts file, it sounds a bit more
malicious, and human-intervention-like :)

Where was this entry in /etc/hosts pointing? If it was a localhost
(127.0.0.*) address, you might have Tomcat process running locally.

Also, now is probably too late to check the timestamp of that /etc/hosts
file, since you changed it recently. You could look inside your TimeMachine
for various versions of that file ... see if you can find when was this
file changed. Or just the last TimeMachine update, see the update timestamp
on that file!

Good luck!
Neven

Re: How to get rid of that Tomcat page? Please help!

2014-11-23 Thread Neven Cvetkovic

Richard,

My apologies, I misread your email. You did try your website from different
browsers and different computers, an it works ok. My initial response did
not assume that.

Firstly, Tomcat is a server product that hosts applications. The page you
are seeing is the default Tomcat page.

Here are few questions:
- did you setup any proxy servers?
- did you search your mac for any installed tomcat product (to make sure it
is coming from your local box)?
- did you try different browsers (to make sure it is not a cached page)?
- check your local /etc/hosts file, is your website listed in that file?
- what happens if you try curl from command line, e.g. curl
http://yoursite.com? Do you still see tomcat content?
- if you do nslookup yoursite.com from your computer and other computers,
is it the same ip address? Try same with ping yoursite.com

Hope that gives us some more information!

Thanks
Neven

On Nov 23, 2014 8:51 AM, Neven Cvetkovic neven.cvetko...@gmail.com
wrote:

 Richard,

 On Nov 23, 2014 6:04 AM, Richard Aubry aubry...@gmail.com wrote:
 
  A few days ago, when I tried to access a web site that I frequently
access, I obtained an Apache Tomcat page that said: If you're seeing this
page via a web browser, it means you've set up Tomcat successfully.
Congratulations!
 

 You are seeing a default Tomcat page (i.e. Root application). It seems
that the website you frequent uses Tomcat. They probably upgraded Tomcat
incorrectly and used Tomcat default page.

 There is nothing wrong with your computer. You could probably email
website administrators about the problem. It is also likely the problem is
going to get fixed by the time you see this message :)

 Another thing to try - use a different computer, or your phone to access
this website.

 Good luck!

  But I have never set up Tomcat, I don't know what is Tomcat and I just
want to get rid of that thing and to be able to access that web site again.
I don't know how that thing took control of my Mac. Since that first time,
I have never been able to access my web site. It's only happening on my
Mac; on any other computer I can access the site without problems.
 
  Could someone tell me how to get rid of that?
 
  Richard Aubry
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to get rid of that Tomcat page? Please help!

2014-11-23 Thread Richard Aubry

Neven

Thank you very much. Your help was invaluable.

I looked at /etc/hosts and found and entry for the site I was trying to reach. 
I removed that entry and all is fine now. How, when and why that line was added 
to the hosts file is a mystery for me. Thank you again.

Richard Aubry

 Le 2014-11-23 à 03:07, Neven Cvetkovic neven.cvetko...@gmail.com a écrit :
 
 Richard,
 
 My apologies, I misread your email. You did try your website from different
 browsers and different computers, an it works ok. My initial response did
 not assume that.
 
 Firstly, Tomcat is a server product that hosts applications. The page you
 are seeing is the default Tomcat page.
 
 Here are few questions:
 - did you setup any proxy servers?
 - did you search your mac for any installed tomcat product (to make sure it
 is coming from your local box)?
 - did you try different browsers (to make sure it is not a cached page)?
 - check your local /etc/hosts file, is your website listed in that file?
 - what happens if you try curl from command line, e.g. curl
 http://yoursite.com? Do you still see tomcat content?
 - if you do nslookup yoursite.com from your computer and other computers,
 is it the same ip address? Try same with ping yoursite.com
 
 Hope that gives us some more information!
 
 Thanks
 Neven
 
 On Nov 23, 2014 8:51 AM, Neven Cvetkovic neven.cvetko...@gmail.com
 wrote:
 
 Richard,
 
 On Nov 23, 2014 6:04 AM, Richard Aubry aubry...@gmail.com wrote:
 
 A few days ago, when I tried to access a web site that I frequently
 access, I obtained an Apache Tomcat page that said: If you're seeing this
 page via a web browser, it means you've set up Tomcat successfully.
 Congratulations!
 
 
 You are seeing a default Tomcat page (i.e. Root application). It seems
 that the website you frequent uses Tomcat. They probably upgraded Tomcat
 incorrectly and used Tomcat default page.
 
 There is nothing wrong with your computer. You could probably email
 website administrators about the problem. It is also likely the problem is
 going to get fixed by the time you see this message :)
 
 Another thing to try - use a different computer, or your phone to access
 this website.
 
 Good luck!
 
 But I have never set up Tomcat, I don't know what is Tomcat and I just
 want to get rid of that thing and to be able to access that web site again.
 I don't know how that thing took control of my Mac. Since that first time,
 I have never been able to access my web site. It's only happening on my
 Mac; on any other computer I can access the site without problems.
 
 Could someone tell me how to get rid of that?
 
 Richard Aubry
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

How to get rid of that Tomcat page? Please help!

2014-11-22 Thread Richard Aubry

A few days ago, when I tried to access a web site that I frequently access, I 
obtained an Apache Tomcat page that said: If you're seeing this page via a web 
browser, it means you've set up Tomcat successfully. Congratulations!

But I have never set up Tomcat, I don't know what is Tomcat and I just want to 
get rid of that thing and to be able to access that web site again. I don't 
know how that thing took control of my Mac. Since that first time, I have never 
been able to access my web site. It's only happening on my Mac; on any other 
computer I can access the site without problems.

Could someone tell me how to get rid of that?

Richard Aubry
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to get rid of that Tomcat page? Please help!

2014-11-22 Thread Neven Cvetkovic

Richard,

On Nov 23, 2014 6:04 AM, Richard Aubry aubry...@gmail.com wrote:

 A few days ago, when I tried to access a web site that I frequently
access, I obtained an Apache Tomcat page that said: If you're seeing this
page via a web browser, it means you've set up Tomcat successfully.
Congratulations!


You are seeing a default Tomcat page (i.e. Root application). It seems that
the website you frequent uses Tomcat. They probably upgraded Tomcat
incorrectly and used Tomcat default page.

There is nothing wrong with your computer. You could probably email website
administrators about the problem. It is also likely the problem is going to
get fixed by the time you see this message :)

Another thing to try - use a different computer, or your phone to access
this website.

Good luck!

 But I have never set up Tomcat, I don't know what is Tomcat and I just
want to get rid of that thing and to be able to access that web site again.
I don't know how that thing took control of my Mac. Since that first time,
I have never been able to access my web site. It's only happening on my
Mac; on any other computer I can access the site without problems.

 Could someone tell me how to get rid of that?

 Richard Aubry
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!

2014-04-15 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ian,

On 4/15/14, 2:52 PM, Ian Long wrote:
 I need some help from all the tomcat experts out there! I am using
  tomcat behind apache httpd using mod_jk (1.2.39). About 50-100
 times per day (out of many requests), I’m getting an internal
 server error from Tomcat (error 500), without any exceptions in my
 code, nor in Tomcat logs. I am only seeing the error in my New
 Relic application monitoring tool, and I can see them in the mod_jk
 logs if I turn on debug.

As much fun as reading debug logs is, I wasn't able to find a problem
in what you posted. Can you maybe highlight the section that indicates
a problem?

You also didn't post the exception from the Java side.

 My server is not heavily loaded, with a load average hovering
 around 0.5 on a 4 cpu system.

How many httpd processes are serving this Tomcat? Do you have a
mismatch between the number of connections coming from httpd and the
number of connections available on the Tomcat side (Connector)?

 You can see the internal error below at 13:59:13.790.

Yes, we can see that there was an error, but not what the error was.

 My worker setup is very simple:
 
 worker.list=worker1 worker.worker1.port=8009 
 worker.worker1.host=127.0.0.1 worker.worker1.type=ajp13 
 worker.worker1.connection_pool_timeout=600 
 worker.worker1.connect_timeout=1
 
 My Connector is also straightforward:
 
 Connector port=8009 connectionTimeout=60
 minSpareThreads=5 address=127.0.0.1 URIEncoding=UTF-8
 enableLookups=false disableUploadTimeout=true 
 maxSpareThreads=75 maxThreads=800 protocol=AJP/1.3 /

That all looks okay to me on the face of it. Just a note: you may want
to use an Executor for better control of the thread pool.

What connector are you actually using

Is 800 threads enough to handle whatever might be coming from httpd
(or all of your httpd instances)?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTTYSWAAoJEBzwKT+lPKRYzAkP/1Eeusa0Jh6uFoUFg0+wq/cO
IF8F0DkQXZ5d1WrYtF3nRhcNXclgfl6kYpNyz9dSN55Sk2hrWFZcSGZnMu4ZZvQE
jMg+555tPm36QmmAw3NzUm6wwTpcByjsZuj10fsigiaNW3ucAc2vsQ40ETH5LH+/
E4crD6PFBSfNe5qcF51T6qcPVMMaXxjd5aBWRBfT2sUEogRg3o5Xm6zal+fwQrfR
v4mbvwC4bz7ysCXGZQxSh7qQrorpXePIqCrUekAXxPRGxGXbUvj8+alVjY7p0Him
w5WyyzbEqIymrARoip/+Xd1nRe7bWdt0sUBqBsKn7KKvUVvvIMbKmtAn398zcP9k
l9746MuX0Z9JGuCNDeX/giaUeijckjyY2WjxWY/mU9v75v02jqpPlgzZZhELKv/3
ScE13HgxzPHAiDNXHJuQsJL8HxRbtl29aPV+406kQbolzfMudxXPU2hSIi8MDiYn
hTJSZwp47bQngD9Ym8v+EdeExvRg2xLhlIuJc5j+34E9J5R9p/QC7Ru6YyzpESO5
olTzG/5Dt4V75q7mRkMtNiIWku9Ur5dtD+wjLAcQPmcoUuN0pX+rl2L4a7Wp+mqO
rCuEZK5Y1S6/DBlu7UcBALe/T0OG8nzld4xLKZJR/oluuQSRXlRw6div4DaoqQMf
4PjjoG0+Hj2KS2aQm/JQ
=oqiw
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!

Thanks for the reply.

It looks to me like tomcat just gave up partway through generating the request, 
I’m trying to figure out why.  

There are no exceptions in either my application logs or the tomcat log itself, 
which is frustrating.

Thanks, I’ll look into the executor.

Apache matches what is set in my connector:

IfModule prefork.c
StartServers       8
MinSpareServers    5
MaxSpareServers   20
ServerLimit      800
MaxClients       800
MaxRequestsPerChild  0
/IfModule

Yes, the connector settings should be fine, there are usually less than 20 
httpds.

Cheers,
Ian

On April 15, 2014 at 3:13:08 PM, Christopher Schultz 
(ch...@christopherschultz.net) wrote:

-BEGIN PGP SIGNED MESSAGE-  
Hash: SHA256  

Ian,  

On 4/15/14, 2:52 PM, Ian Long wrote:  
 I need some help from all the tomcat experts out there! I am using  
 tomcat behind apache httpd using mod_jk (1.2.39). About 50-100  
 times per day (out of many requests), I’m getting an internal  
 server error from Tomcat (error 500), without any exceptions in my  
 code, nor in Tomcat logs. I am only seeing the error in my New  
 Relic application monitoring tool, and I can see them in the mod_jk  
 logs if I turn on debug.  

As much fun as reading debug logs is, I wasn't able to find a problem  
in what you posted. Can you maybe highlight the section that indicates  
a problem?  

You also didn't post the exception from the Java side.  

 My server is not heavily loaded, with a load average hovering  
 around 0.5 on a 4 cpu system.  

How many httpd processes are serving this Tomcat? Do you have a  
mismatch between the number of connections coming from httpd and the  
number of connections available on the Tomcat side (Connector)?  

 You can see the internal error below at 13:59:13.790.  

Yes, we can see that there was an error, but not what the error was.  

 My worker setup is very simple:  
  
 worker.list=worker1 worker.worker1.port=8009  
 worker.worker1.host=127.0.0.1 worker.worker1.type=ajp13  
 worker.worker1.connection_pool_timeout=600  
 worker.worker1.connect_timeout=1  
  
 My Connector is also straightforward:  
  
 Connector port=8009 connectionTimeout=60  
 minSpareThreads=5 address=127.0.0.1 URIEncoding=UTF-8  
 enableLookups=false disableUploadTimeout=true  
 maxSpareThreads=75 maxThreads=800 protocol=AJP/1.3 /  

That all looks okay to me on the face of it. Just a note: you may want  
to use an Executor for better control of the thread pool.  

What connector are you actually using  

Is 800 threads enough to handle whatever might be coming from httpd  
(or all of your httpd instances)?  

- -chris  
-BEGIN PGP SIGNATURE-  
Version: GnuPG v1  
Comment: GPGTools - http://gpgtools.org  
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/  

iQIcBAEBCAAGBQJTTYSWAAoJEBzwKT+lPKRYzAkP/1Eeusa0Jh6uFoUFg0+wq/cO  
IF8F0DkQXZ5d1WrYtF3nRhcNXclgfl6kYpNyz9dSN55Sk2hrWFZcSGZnMu4ZZvQE  
jMg+555tPm36QmmAw3NzUm6wwTpcByjsZuj10fsigiaNW3ucAc2vsQ40ETH5LH+/  
E4crD6PFBSfNe5qcF51T6qcPVMMaXxjd5aBWRBfT2sUEogRg3o5Xm6zal+fwQrfR  
v4mbvwC4bz7ysCXGZQxSh7qQrorpXePIqCrUekAXxPRGxGXbUvj8+alVjY7p0Him  
w5WyyzbEqIymrARoip/+Xd1nRe7bWdt0sUBqBsKn7KKvUVvvIMbKmtAn398zcP9k  
l9746MuX0Z9JGuCNDeX/giaUeijckjyY2WjxWY/mU9v75v02jqpPlgzZZhELKv/3  
ScE13HgxzPHAiDNXHJuQsJL8HxRbtl29aPV+406kQbolzfMudxXPU2hSIi8MDiYn  
hTJSZwp47bQngD9Ym8v+EdeExvRg2xLhlIuJc5j+34E9J5R9p/QC7Ru6YyzpESO5  
olTzG/5Dt4V75q7mRkMtNiIWku9Ur5dtD+wjLAcQPmcoUuN0pX+rl2L4a7Wp+mqO  
rCuEZK5Y1S6/DBlu7UcBALe/T0OG8nzld4xLKZJR/oluuQSRXlRw6div4DaoqQMf  
4PjjoG0+Hj2KS2aQm/JQ  
=oqiw  
-END PGP SIGNATURE-  

-  
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org  
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!

Forgot to mention that it looks like tomcat returned around 50% of what the 
page should have been, before it hit the Internal Server Error.

Cheers,
Ian


On April 15, 2014 at 3:13:08 PM, Christopher Schultz 
(ch...@christopherschultz.net) wrote:

-BEGIN PGP SIGNED MESSAGE-  
Hash: SHA256  

Ian,  

On 4/15/14, 2:52 PM, Ian Long wrote:  
 I need some help from all the tomcat experts out there! I am using  
 tomcat behind apache httpd using mod_jk (1.2.39). About 50-100  
 times per day (out of many requests), I’m getting an internal  
 server error from Tomcat (error 500), without any exceptions in my  
 code, nor in Tomcat logs. I am only seeing the error in my New  
 Relic application monitoring tool, and I can see them in the mod_jk  
 logs if I turn on debug.  

As much fun as reading debug logs is, I wasn't able to find a problem  
in what you posted. Can you maybe highlight the section that indicates  
a problem?  

You also didn't post the exception from the Java side.  

 My server is not heavily loaded, with a load average hovering  
 around 0.5 on a 4 cpu system.  

How many httpd processes are serving this Tomcat? Do you have a  
mismatch between the number of connections coming from httpd and the  
number of connections available on the Tomcat side (Connector)?  

 You can see the internal error below at 13:59:13.790.  

Yes, we can see that there was an error, but not what the error was.  

 My worker setup is very simple:  
  
 worker.list=worker1 worker.worker1.port=8009  
 worker.worker1.host=127.0.0.1 worker.worker1.type=ajp13  
 worker.worker1.connection_pool_timeout=600  
 worker.worker1.connect_timeout=1  
  
 My Connector is also straightforward:  
  
 Connector port=8009 connectionTimeout=60  
 minSpareThreads=5 address=127.0.0.1 URIEncoding=UTF-8  
 enableLookups=false disableUploadTimeout=true  
 maxSpareThreads=75 maxThreads=800 protocol=AJP/1.3 /  

That all looks okay to me on the face of it. Just a note: you may want  
to use an Executor for better control of the thread pool.  

What connector are you actually using  

Is 800 threads enough to handle whatever might be coming from httpd  
(or all of your httpd instances)?  

- -chris  
-BEGIN PGP SIGNATURE-  
Version: GnuPG v1  
Comment: GPGTools - http://gpgtools.org  
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/  

iQIcBAEBCAAGBQJTTYSWAAoJEBzwKT+lPKRYzAkP/1Eeusa0Jh6uFoUFg0+wq/cO  
IF8F0DkQXZ5d1WrYtF3nRhcNXclgfl6kYpNyz9dSN55Sk2hrWFZcSGZnMu4ZZvQE  
jMg+555tPm36QmmAw3NzUm6wwTpcByjsZuj10fsigiaNW3ucAc2vsQ40ETH5LH+/  
E4crD6PFBSfNe5qcF51T6qcPVMMaXxjd5aBWRBfT2sUEogRg3o5Xm6zal+fwQrfR  
v4mbvwC4bz7ysCXGZQxSh7qQrorpXePIqCrUekAXxPRGxGXbUvj8+alVjY7p0Him  
w5WyyzbEqIymrARoip/+Xd1nRe7bWdt0sUBqBsKn7KKvUVvvIMbKmtAn398zcP9k  
l9746MuX0Z9JGuCNDeX/giaUeijckjyY2WjxWY/mU9v75v02jqpPlgzZZhELKv/3  
ScE13HgxzPHAiDNXHJuQsJL8HxRbtl29aPV+406kQbolzfMudxXPU2hSIi8MDiYn  
hTJSZwp47bQngD9Ym8v+EdeExvRg2xLhlIuJc5j+34E9J5R9p/QC7Ru6YyzpESO5  
olTzG/5Dt4V75q7mRkMtNiIWku9Ur5dtD+wjLAcQPmcoUuN0pX+rl2L4a7Wp+mqO  
rCuEZK5Y1S6/DBlu7UcBALe/T0OG8nzld4xLKZJR/oluuQSRXlRw6div4DaoqQMf  
4PjjoG0+Hj2KS2aQm/JQ  
=oqiw  
-END PGP SIGNATURE-  

-  
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org  
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!

2014-04-15 Thread Konstantin Kolinko

2014-04-15 22:52 GMT+04:00 Ian Long ian.l...@opterus.com:
 Hi All,

 I need some help from all the tomcat experts out there!  I am using tomcat 
 behind apache httpd using mod_jk (1.2.39).  About 50-100 times per day (out 
 of many requests), I’m getting an internal server error from Tomcat (error 
 500), without any exceptions in my code, nor in Tomcat logs.  I am only 
 seeing the error in my New Relic application monitoring tool, and I can see 
 them in the mod_jk logs if I turn on debug.

Can you update to 1.2.40 released today? It fixes several issues.

Is error 500 mentioned in Access log at Tomcat side?

If an error happens at some early state of processing (in Connector,
in CoyoteAdapter), then there may be nothing in the
catalina/localhost/web application logs, unless you turn on debug
logging at Tomcat side.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!

2014-04-15 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ian,

On 4/15/14, 3:33 PM, Ian Long wrote:
 Thanks for the reply.
 
 It looks to me like tomcat just gave up partway through generating
 the request, I’m trying to figure out why.
 
 There are no exceptions in either my application logs or the tomcat
 log itself, which is frustrating.

Definitely. You checked catalina.out (or wherever stdout goes) as well
as your application's logs?

 Thanks, I’ll look into the executor.
 
 Apache matches what is set in my connector:
 
 IfModule prefork.c StartServers   8 MinSpareServers5 
 MaxSpareServers   20 ServerLimit  800 MaxClients   800 
 MaxRequestsPerChild  0 /IfModule
 
 Yes, the connector settings should be fine, there are usually less
 than 20 httpds.

You mean 20 httpd prefork processes, right? That should be fine: it
means you will need 20 connections available in Tomcat.

 Forgot to mention that it looks like tomcat returned around 50% of
 what the page should have been, before it hit the Internal Server
 Error.

Have you run out of memory or anything like that?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTTY7wAAoJEBzwKT+lPKRYj6MQALTNWcCMZ7KI3+9PqBml7cId
isbPrfJuSfVbta6lJXI8yuwjm6V/CvFc1l7WK2/qBosXO0jMopCZvCkJOOwVyAYt
6cozaLsH1YeFFfoOT6t7d/QhAjiWtlT+/sxX80dW/7t8uwbTQ7Bji01I3dtvYQsF
f//HWfwDPSaxWBeXqZZ9bAG2uW7kiEExThlgQYbfcUnMPNB9Rc382GbI2/vIAtaR
9fWARiaLWfv4oaLzv67zAnFO/LV61HtLzA9PSy68do3AzZs0GvzKPPHlMdkobeGi
lBUeSA8t9ZH7qetBaUUEto50cE5KnPtRVQG4bpA+9BrUyKHFxeyrB+rT3s1EhUlZ
dH+QfioMEVQEAX/9tidA8pyWHiSNGYKCc2mAiIO2ahGWnx+IpUXOJz6bi0QnDJhp
KeGrMrrV0R6fcUXoDiQzQGRTtWriJvl8VkP/eow3BpUeLO0ICdfYd9jOn5e0xtMV
kO6X4N8aALyoTXtFm/0xTl01vXa5ZCWDdHRdtifcO9qAzHuGFYEjMaMeyUg08RAc
BeSW3K8B2gAoXcilgOPAxuae9NRRwyius+tC0lLi/LvQRRbpAxBTV9Gv/BT/fbjU
xndD+hVRiGcEoCmydngpmkGwqrroCfDWSyw4kYSxP9sGPRhNi3yPL3VlFBJXGUaC
mfJtAJ7Rp6Ch6KKzY/oS
=ag/e
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!

2014-04-15 Thread André Warnier

Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ian,

On 4/15/14, 3:33 PM, Ian Long wrote:

Thanks for the reply.

It looks to me like tomcat just gave up partway through generating
the request, I’m trying to figure out why.

There are no exceptions in either my application logs or the tomcat
log itself, which is frustrating.

Definitely. You checked catalina.out (or wherever stdout goes) as well
as your application's logs?

Thanks, I’ll look into the executor.

Apache matches what is set in my connector:

IfModule prefork.c StartServers 8 MinSpareServers5
MaxSpareServers 20 ServerLimit 800 MaxClients 800
MaxRequestsPerChild 0 /IfModule

Yes, the connector settings should be fine, there are usually less
than 20 httpds.

You mean 20 httpd prefork processes, right? That should be fine: it
means you will need 20 connections available in Tomcat.

Forgot to mention that it looks like tomcat returned around 50% of
what the page should have been, before it hit the Internal Server
Error.

Have you run out of memory or anything like that?

I was going to ask the same thing, slightly differently.

I can think of a scenario which might result in the same kind of symptoms, only I am not
sure if it makes sense, Java-wise.

A request is recived by httpd, which passes it to Tomcat via mod_jk.
Tomcat allocates a thread to handle the request, and this thread starts running the
corresponding application (webapp). The webapp starts processing the request, produces
some output, and then for some reason to be determined, it suddenly runs out of memory,
and the thread running the application dies.
Because Tomcat has temporarily run out of memory, there is no way for the application to
write anything to the logs, because this would require allocating some additional memory
to do so, and there isn't any available.
So Tomcat just catches (a posteriori) the fact that the thread died, returning an error
500 to mod_jk and httpd.
As soon as the offending thread dies, some memory is freed, and Tomcat appears to work
normally again, including other requests to that same application, because those other
requests do not cause the same spike in memory usage.

Tomcat/Java experts : Could something like this happen, and would it match the symptoms as
described by Ian ?

And Ian, could it be that some requests to that application, because maybe of a parameter
that is different from the other cases, could cause such a spike in memory requirements ?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!

I don’t think it’s memory related - Tomcat is allocated an 8GB heap and 
according to New Relic it has never used more than 6.5G; there is also lots of 
PermGen space available.

Cheers,
Ian


On April 15, 2014 at 4:18:11 PM, André Warnier (a...@ice-sa.com) wrote:

Christopher Schultz wrote:  
 -BEGIN PGP SIGNED MESSAGE-  
 Hash: SHA256  
  
 Ian,  
  
 On 4/15/14, 3:33 PM, Ian Long wrote:  
 Thanks for the reply.  
  
 It looks to me like tomcat just gave up partway through generating  
 the request, I’m trying to figure out why.  
  
 There are no exceptions in either my application logs or the tomcat  
 log itself, which is frustrating.  
  
 Definitely. You checked catalina.out (or wherever stdout goes) as well  
 as your application's logs?  
  
 Thanks, I’ll look into the executor.  
  
 Apache matches what is set in my connector:  
  
 IfModule prefork.c StartServers 8 MinSpareServers 5  
 MaxSpareServers 20 ServerLimit 800 MaxClients 800  
 MaxRequestsPerChild 0 /IfModule  
  
 Yes, the connector settings should be fine, there are usually less  
 than 20 httpds.  
  
 You mean 20 httpd prefork processes, right? That should be fine: it  
 means you will need 20 connections available in Tomcat.  
  
 Forgot to mention that it looks like tomcat returned around 50% of  
 what the page should have been, before it hit the Internal Server  
 Error.  
  
 Have you run out of memory or anything like that?  

I was going to ask the same thing, slightly differently.  

I can think of a scenario which might result in the same kind of symptoms, only 
I am not  
sure if it makes sense, Java-wise.  

A request is recived by httpd, which passes it to Tomcat via mod_jk.  
Tomcat allocates a thread to handle the request, and this thread starts running 
the  
corresponding application (webapp). The webapp starts processing the request, 
produces  
some output, and then for some reason to be determined, it suddenly runs out of 
memory,  
and the thread running the application dies.  
Because Tomcat has temporarily run out of memory, there is no way for the 
application to  
write anything to the logs, because this would require allocating some 
additional memory  
to do so, and there isn't any available.  
So Tomcat just catches (a posteriori) the fact that the thread died, returning 
an error  
500 to mod_jk and httpd.  
As soon as the offending thread dies, some memory is freed, and Tomcat appears 
to work  
normally again, including other requests to that same application, because 
those other  
requests do not cause the same spike in memory usage.  

Tomcat/Java experts : Could something like this happen, and would it match the 
symptoms as  
described by Ian ?  

And Ian, could it be that some requests to that application, because maybe of a 
parameter  
that is different from the other cases, could cause such a spike in memory 
requirements ?  


-  
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org  
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!

Yes, I checked both the tomcat log (I’ve configured tomcat to use log4j) as 
well as my application logs.

Yes, 20 httpd prefork processes.

I don’t think it’s memory related, I have an 8GB heap and tomcat averages 5GB 
usage and peeks around 6.5 before garbage collection kicks in.

Cheers,
Ian


On April 15, 2014 at 3:57:04 PM, Christopher Schultz 
(ch...@christopherschultz.net) wrote:

-BEGIN PGP SIGNED MESSAGE-  
Hash: SHA256  

Ian,  

On 4/15/14, 3:33 PM, Ian Long wrote:  
 Thanks for the reply.  
  
 It looks to me like tomcat just gave up partway through generating  
 the request, I’m trying to figure out why.  
  
 There are no exceptions in either my application logs or the tomcat  
 log itself, which is frustrating.  

Definitely. You checked catalina.out (or wherever stdout goes) as well  
as your application's logs?  

 Thanks, I’ll look into the executor.  
  
 Apache matches what is set in my connector:  
  
 IfModule prefork.c StartServers 8 MinSpareServers 5  
 MaxSpareServers 20 ServerLimit 800 MaxClients 800  
 MaxRequestsPerChild 0 /IfModule  
  
 Yes, the connector settings should be fine, there are usually less  
 than 20 httpds.  

You mean 20 httpd prefork processes, right? That should be fine: it  
means you will need 20 connections available in Tomcat.  

 Forgot to mention that it looks like tomcat returned around 50% of  
 what the page should have been, before it hit the Internal Server  
 Error.  

Have you run out of memory or anything like that?  

- -chris  
-BEGIN PGP SIGNATURE-  
Version: GnuPG v1  
Comment: GPGTools - http://gpgtools.org  
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/  

iQIcBAEBCAAGBQJTTY7wAAoJEBzwKT+lPKRYj6MQALTNWcCMZ7KI3+9PqBml7cId  
isbPrfJuSfVbta6lJXI8yuwjm6V/CvFc1l7WK2/qBosXO0jMopCZvCkJOOwVyAYt  
6cozaLsH1YeFFfoOT6t7d/QhAjiWtlT+/sxX80dW/7t8uwbTQ7Bji01I3dtvYQsF  
f//HWfwDPSaxWBeXqZZ9bAG2uW7kiEExThlgQYbfcUnMPNB9Rc382GbI2/vIAtaR  
9fWARiaLWfv4oaLzv67zAnFO/LV61HtLzA9PSy68do3AzZs0GvzKPPHlMdkobeGi  
lBUeSA8t9ZH7qetBaUUEto50cE5KnPtRVQG4bpA+9BrUyKHFxeyrB+rT3s1EhUlZ  
dH+QfioMEVQEAX/9tidA8pyWHiSNGYKCc2mAiIO2ahGWnx+IpUXOJz6bi0QnDJhp  
KeGrMrrV0R6fcUXoDiQzQGRTtWriJvl8VkP/eow3BpUeLO0ICdfYd9jOn5e0xtMV  
kO6X4N8aALyoTXtFm/0xTl01vXa5ZCWDdHRdtifcO9qAzHuGFYEjMaMeyUg08RAc  
BeSW3K8B2gAoXcilgOPAxuae9NRRwyius+tC0lLi/LvQRRbpAxBTV9Gv/BT/fbjU  
xndD+hVRiGcEoCmydngpmkGwqrroCfDWSyw4kYSxP9sGPRhNi3yPL3VlFBJXGUaC  
mfJtAJ7Rp6Ch6KKzY/oS  
=ag/e  
-END PGP SIGNATURE-  

-  
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org  
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!

2014-04-15 Thread André Warnier


Ian,

On this list, it is kind of frowned-upon to top post. It is preferred when people answer 
a question, below the question.  Keeps things more logical in the reading sequence, and 
avoids having to scroll down to guess what you are responding to.


Ian Long wrote:

Yes, I checked both the tomcat log (I’ve configured tomcat to use log4j) as 
well as my application logs.

Yes, 20 httpd prefork processes.

I don’t think it’s memory related, I have an 8GB heap and tomcat averages 5GB 
usage and peeks around 6.5 before garbage collection kicks in.



Of course we do not know (yet) either what the cause of your problem is.
But we know that Tomcat would normally write something in its logs, when a server error 
500 happens.

So,
- either Tomcat and /or your application wrote something to a logfile, and you have not 
yet found that logfile

- or else Tomcat and/or your application crashed, but did not write anything to 
the logs.
In that last case, one of the most likely causes for such a behaviour is running out of 
memory.

Whether you believe that this is possible or not is your opinion.
But it is of the nature of software bugs, to be unexpected.
If they were expected, they would have been corrected already.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!


On April 15, 2014 at 4:58:28 PM, André Warnier 
(a...@ice-sa.com(mailto:a...@ice-sa.com)) wrote:

 Ian,
  
 On this list, it is kind of frowned-upon to top post. It is preferred when 
 people answer
 a question, below the question. Keeps things more logical in the reading 
 sequence, and
 avoids having to scroll down to guess what you are responding to.
  
 Ian Long wrote:
  Yes, I checked both the tomcat log (I’ve configured tomcat to use log4j) as 
  well as my application logs.
 
  Yes, 20 httpd prefork processes.
 
  I don’t think it’s memory related, I have an 8GB heap and tomcat averages 
  5GB usage and peeks around 6.5 before garbage collection kicks in.
 
  
 Of course we do not know (yet) either what the cause of your problem is.
 But we know that Tomcat would normally write something in its logs, when a 
 server error
 500 happens.
 So,
 - either Tomcat and /or your application wrote something to a logfile, and 
 you have not
 yet found that logfile
 - or else Tomcat and/or your application crashed, but did not write anything 
 to the logs.
 In that last case, one of the most likely causes for such a behaviour is 
 running out of
 memory.
 Whether you believe that this is possible or not is your opinion.
 But it is of the nature of software bugs, to be unexpected.
 If they were expected, they would have been corrected already.
  

Ok, thanks, didn’t know about the top post issue.

I have tomcat configured to log via log4j, and then there is my application 
log, those are the only two logs, and neither contains anything.

It’s not about believing, I have monitoring software that gives me precise 
information about memory use and there is no indication of a problem there.

Thanks,
Ian

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!

2014-04-15 Thread André Warnier


Ian Long wrote:

On April 15, 2014 at 4:58:28 PM, André Warnier 
(a...@ice-sa.com(mailto:a...@ice-sa.com)) wrote:


Ian,
 
On this list, it is kind of frowned-upon to top post. It is preferred when people answer

a question, below the question. Keeps things more logical in the reading 
sequence, and
avoids having to scroll down to guess what you are responding to.
 
Ian Long wrote:

Yes, I checked both the tomcat log (I’ve configured tomcat to use log4j) as 
well as my application logs.

Yes, 20 httpd prefork processes.

I don’t think it’s memory related, I have an 8GB heap and tomcat averages 5GB 
usage and peeks around 6.5 before garbage collection kicks in.

 
Of course we do not know (yet) either what the cause of your problem is.

But we know that Tomcat would normally write something in its logs, when a 
server error
500 happens.
So,
- either Tomcat and /or your application wrote something to a logfile, and you 
have not
yet found that logfile
- or else Tomcat and/or your application crashed, but did not write anything to 
the logs.
In that last case, one of the most likely causes for such a behaviour is 
running out of
memory.
Whether you believe that this is possible or not is your opinion.
But it is of the nature of software bugs, to be unexpected.
If they were expected, they would have been corrected already.
 


Ok, thanks, didn’t know about the top post issue.

I have tomcat configured to log via log4j, and then there is my application 
log, those are the only two logs, and neither contains anything.

It’s not about believing, I have monitoring software that gives me precise 
information about memory use and there is no indication of a problem there.



Would that monitoring software detect a very short occasional spike in the usage of 
memory, just before the thread running that application is blown out of the water and the 
memory usage returns to normal ?
Or is it something that updates its data on a 5-second interval and it just always misses 
the significant event ?


Honestly, I am just fishing and trying to find a clue (or rather, trying to help you find 
a clue). But some problems are just like that. You can only carefully eliminate the 
possible causes one after the other until you're left with one that you cannot eliminate.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!

2014-04-15 Thread Tim Watts

On Tue, 2014-04-15 at 17:12 -0400, Ian Long wrote:
   
  Ian Long wrote:
 I have tomcat configured to log via log4j, and then there is my
 application log, those are the only two logs, and neither contains
 anything.

They're empty?  Are you sure the logs are writable?  How much free space
is available on the file system where the logs reside?


 It’s not about believing, I have monitoring software that gives me
 precise information about memory use and there is no indication of a
 problem there.
 
 Thanks,
 Ian
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Please help diagnosing a random production Tomcat 7.0.53 Internal Server Error!