RE: The Service Component
> -Original Message- > From: Leo Donahue [mailto:donahu...@gmail.com] > Sent: Monday, March 10, 2014 4:21 PM > To: Tomcat Users List > Subject: Re: The Service Component > > On Mon, Mar 10, 2014 at 7:26 AM, Jeffrey Janner > > wrote: > > > > -Original Message- > > > From: Leo Donahue [mailto:donahu...@gmail.com] > > > Sent: Friday, March 07, 2014 9:44 AM > > > To: users@tomcat.apache.org > > > Subject: The Service Component > > > > > > Who uses more than one Service in their server.xml and why? I get > > > that you can have multiple Connectors if you have multiple Service > > > components but why use multiple connectors? > > > > > > Are there any docs on the use cases for these features? > > > > > > > Hi Leo, > > I may be the only person on this list who does this consistently. > > I use it as an alternative method of virtual hosting, i.e. each host > > gets its own and related sub-structure. > > > > You are lucky you have control over that. I have no luck asking our > data center to add another host entry to our web server. I always ask > them, isn't it easier than asking you for another vm? :) And it wastes a hellofalot fewer resources. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] The Service Component
On 3/10/2014 2:42 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Leo, On 3/10/14, 5:10 PM, Leo Donahue wrote: I have to change the following in server.xml when I add more Tomcat instances or upgrade: server shutdown port connector port for HTTP connector port for AJP realm org.apache.catalina.realm.UserDatabaseRealm if digesting passwords in tomcat-users.xml host appbase (optional depending on config) valve org.apache.catalina.valves.AccessLogValve (optional depending where you like the root log to go) cleaning up all the comments... I script all of this with ant. Since I segment all of my web applications into separate JVM/Tomcat instances, I just need: 1. An appBase 2. A shutdown port 3. A "normal" port (usually AJP) 4. (optional) a loopback-only port for privileged applications that want to access my instance locally without HTTPS, load-balancing, etc. We have multiple devs using the same shared development environment, so everyone has an "app a" and "app b", and so on. We create a parameterized server.xml file that basically says , etc. and then ant takes a user-specific configuration file and builds the configuration on the fly. To deploy a new Tomcat instance, we just clone a started-project, give it a name (in Ant's attribute) and it picks-up the configuration from this user-config file. $ ant install tomcat-start That's all it takes us to build a properly-configured CATALINA_BASE, install the web application under development and launch Tomcat. I've been using this setup for over 10 years at this point, and it's been fantastic. - -chris Yep, I've done something similar with ant and property files. We version control the property files so if values need changing, we have a record. The way we do upgrades is pretty handy. 1. create a new service with a new CATALINA_BASE and CATALINA_HOME 2. shut down the old service 3. move two links (to the new CATALINA_BASE and CATALINA_HOME) 4. start the new service Step 1 has no impact on production, so we can do this well in advance. Rollback is just as easy - repeat steps 2-4. It takes longer to do the bookkeeping than it does to do the actual upgrade (or downgrade). The script also has the capability of adding (or deleting) Host nodes. Each Host node gets its own properties file. This is done on Linux, so links work as expected. In short, there are lots of ways to manage a bunch of Tomcat instances with little effort. . . . . just my two cents. /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] The Service Component
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Leo, On 3/10/14, 5:10 PM, Leo Donahue wrote: > I have to change the following in server.xml when I add more > Tomcat instances or upgrade: > > server shutdown port connector port for HTTP connector port for > AJP realm org.apache.catalina.realm.UserDatabaseRealm if digesting > passwords in tomcat-users.xml host appbase (optional depending on > config) valve org.apache.catalina.valves.AccessLogValve (optional > depending where you like the root log to go) cleaning up all the > comments... I script all of this with ant. Since I segment all of my web applications into separate JVM/Tomcat instances, I just need: 1. An appBase 2. A shutdown port 3. A "normal" port (usually AJP) 4. (optional) a loopback-only port for privileged applications that want to access my instance locally without HTTPS, load-balancing, etc. We have multiple devs using the same shared development environment, so everyone has an "app a" and "app b", and so on. We create a parameterized server.xml file that basically says , etc. and then ant takes a user-specific configuration file and builds the configuration on the fly. To deploy a new Tomcat instance, we just clone a started-project, give it a name (in Ant's attribute) and it picks-up the configuration from this user-config file. $ ant install tomcat-start That's all it takes us to build a properly-configured CATALINA_BASE, install the web application under development and launch Tomcat. I've been using this setup for over 10 years at this point, and it's been fantastic. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTHjHGAAoJEBzwKT+lPKRYOqYQAI1kFtw2lR0IaqqCGnNwv3Mx tO5gW2A0qpfsZozFx9he/e6wcJ7TWulFq4QIDhfY7lS2jluMln3txIw/kKE+ipfq lS7+wecTjZ7tqcUzDtrIdKBiSigxhms3m4O9dgQ7HymYbLTG9nsCrS71tk96Rkhs zLBUz/p8zyFtOvhqkbJfV0BwFmxnF8tFXGUJnV2fP642Ckp+7COdjzoNEISV9frD nNl8upDpOKzg6m+Ap817fTzA2vPIpYmOpK7UbGLpInHO9fn91rSdhUQpKRweszFa te6d6d5imD+S1GxdByt+PNaQkdAAdPcBUs8GtUA/dhvmVVRwEolHFG3p16CETX78 6PKC7fHAV+Ogu99MIAbg1Ny9faZ6/KHaUbb3pABceAuxbyP+CrE+Q5r5FijDUFBH L3lDI4pjBqXxX+MZ1BsncVUiPyPxFeZJKx+e5EEWzX6j82cnplZ3VyUdaaocmXyE h7Lg1s9nX+TztkriMHW+ysii3TLBESv68oND8dEoWwnJWtMC/R6mc8+IPTvydS4t nbz/tWN+SW7jUt/gDh+HGgd67TfQ/PfkDGUyqLgJVMRhEt3vsjCXk18LnRfO6JzV hsKRaAyLOoD163Vm8s0uyYzUyoNUCWm1OpH560cI5dAeGd0FFVzE9nBBhcIuyJcr 71pJ5GKKbZjBeE3QN37x =XrG2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
On Mon, Mar 10, 2014 at 7:26 AM, Jeffrey Janner wrote: > > -Original Message- > > From: Leo Donahue [mailto:donahu...@gmail.com] > > Sent: Friday, March 07, 2014 9:44 AM > > To: users@tomcat.apache.org > > Subject: The Service Component > > > > Who uses more than one Service in their server.xml and why? I get that > > you can have multiple Connectors if you have multiple Service > > components but why use multiple connectors? > > > > Are there any docs on the use cases for these features? > > > > Hi Leo, > I may be the only person on this list who does this consistently. > I use it as an alternative method of virtual hosting, i.e. each host gets > its own and related sub-structure. > You are lucky you have control over that. I have no luck asking our data center to add another host entry to our web server. I always ask them, isn't it easier than asking you for another vm? :)
Re: The Service Component
On Mon, Mar 10, 2014 at 10:15 AM, André Warnier wrote: > > It is particularly nice to know that it works, and that the > element really (apparently) corresponds to "something real" at the Tomcat > level. So it is apparently not just an "element of order" allowing to > group Connectors with Engine. > Which is contrary to what I imagined, and which I believe definitely > answers the original OP's question (at least the first part). > > Yes, question answered. So some use the multiple in server.xml for app isolation or in place of virtual hosting. Mr. Janner indicates he has to modify 7 values in his server.xml I guess I have that many as well. I also find this is needed if running multiple instances of Tomcat but I don't want to change the subject of this thread. I have to change the following in server.xml when I add more Tomcat instances or upgrade: server shutdown port connector port for HTTP connector port for AJP realm org.apache.catalina.realm.UserDatabaseRealm if digesting passwords in tomcat-users.xml host appbase (optional depending on config) valve org.apache.catalina.valves.AccessLogValve (optional depending where you like the root log to go) cleaning up all the comments... My down time is minimal, but I find I do "some" prep work before I remove the old windows service and install the new. My down time consists of the time it takes to take one instance down and start the new one, and maybe 20 min of prep work glarring at the server.xml to make sure I didn't miss some configuration.
RE: The Service Component
> -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Monday, March 10, 2014 12:15 PM > To: Tomcat Users List > Subject: Re: The Service Component > > Christopher Schultz wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > Jeffrey, > > > > On 3/10/14, 10:26 AM, Jeffrey Janner wrote: > >>> -Original Message- From: Leo Donahue > >>> [mailto:donahu...@gmail.com] Sent: Friday, March 07, 2014 9:44 AM > >>> To: users@tomcat.apache.org Subject: The Service Component > >>> > >>> Who uses more than one Service in their server.xml and why? I get > >>> that you can have multiple Connectors if you have multiple Service > >>> components but why use multiple connectors? > >>> > >>> Are there any docs on the use cases for these features? > >>> > >> Hi Leo, I may be the only person on this list who does this > >> consistently. I use it as an alternative method of virtual hosting, > >> i.e. each host gets its own and related sub-structure. > >> The real reason? The default host has to be set to something, and I > >> don't want to maintain some generic host to catch those that come > in. > >> Since I'm running an SaaS environment, really more ASP, a business > >> requirement is that each host appear to the outside world as a > unique > >> physical host, so two customers don't get the same IP address. I > >> could add tags for the IP address and all know variations of > >> the hostname, but there's nothing to keep some yahoo admin at a > >> customer site from configuring a DNS entry on an internal DNS server > >> with some name I'm not expecting. Therefore, each in each > >> gets a defaultHost entry pointing to its one and only > >> entry. > > > > I'm interested in this use case. > > > > Since you have to maintain a for every IP address > already, > > how is that different from having a single with a bunch > of > > elements? How are those different? Or is it that you need > > application isolation in the first place, so this is the best way to > > do it in a single JVM? > > > >> As an added benefit, if I find I need to move a customer from a > >> shared Tomcat setup to a unique Tomcat, all I need to do is set up a > >> new blank Tomcat and move the structure from one Tomcat to > >> another. Naturally, there's more work needed if I find I need to > give > >> them their own physical server, but that's to be expected. In > >> general, not counting any hardware setup, I can move a host to > >> another tomcat instance with < 2 minutes downtime. > > > > Nice. > > > > It is particularly nice to know that it works, and that the > element really > (apparently) corresponds to "something real" at the Tomcat level. So > it is apparently not just an "element of order" allowing to group > Connectors with Engine. > Which is contrary to what I imagined, and which I believe definitely > answers the original OP's question (at least the first part). > > And I believe it is worth repeating what was already mentioned earlier > regarding the Service/Connector relationship : > Even if you have only one , you can have multiple > 's inside it, and there are plenty of use cases for that. > And if you have multiple 's, you can also have more than 1 > per , but each (even across > 's) will still need its own unique listening IP address:Port > combination. > > As to running multiple 's within the same Tomcat instance, as > opposed to running multiple single- Tomcat instances : in the > multiple- scenario, they all share the same JVM, the same > Heap, the same Stack etc. So if you bring one "Service" > down, they all go down. > Which is not the case for multiple Tomcat instances. True, if you crash the JVM, everything goes away, but that's true for any virtual hosting setup with multiple hosts/Tomcat. However, I have had an app hang and which caused its connector's queue to fill and thus "appearing" to crash, yet the other services were happily chugging away in the JVM. (Yep, they got moved to their own Tomcat instance until the problem was corrected.)
Re: The Service Component
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 3/10/14, 10:26 AM, Jeffrey Janner wrote: -Original Message- From: Leo Donahue [mailto:donahu...@gmail.com] Sent: Friday, March 07, 2014 9:44 AM To: users@tomcat.apache.org Subject: The Service Component Who uses more than one Service in their server.xml and why? I get that you can have multiple Connectors if you have multiple Service components but why use multiple connectors? Are there any docs on the use cases for these features? Hi Leo, I may be the only person on this list who does this consistently. I use it as an alternative method of virtual hosting, i.e. each host gets its own and related sub-structure. The real reason? The default host has to be set to something, and I don't want to maintain some generic host to catch those that come in. Since I'm running an SaaS environment, really more ASP, a business requirement is that each host appear to the outside world as a unique physical host, so two customers don't get the same IP address. I could add tags for the IP address and all know variations of the hostname, but there's nothing to keep some yahoo admin at a customer site from configuring a DNS entry on an internal DNS server with some name I'm not expecting. Therefore, each in each gets a defaultHost entry pointing to its one and only entry. I'm interested in this use case. Since you have to maintain a for every IP address already, how is that different from having a single with a bunch of elements? How are those different? Or is it that you need application isolation in the first place, so this is the best way to do it in a single JVM? As an added benefit, if I find I need to move a customer from a shared Tomcat setup to a unique Tomcat, all I need to do is set up a new blank Tomcat and move the structure from one Tomcat to another. Naturally, there's more work needed if I find I need to give them their own physical server, but that's to be expected. In general, not counting any hardware setup, I can move a host to another tomcat instance with < 2 minutes downtime. Nice. It is particularly nice to know that it works, and that the element really (apparently) corresponds to "something real" at the Tomcat level. So it is apparently not just an "element of order" allowing to group Connectors with Engine. Which is contrary to what I imagined, and which I believe definitely answers the original OP's question (at least the first part). And I believe it is worth repeating what was already mentioned earlier regarding the Service/Connector relationship : Even if you have only one , you can have multiple 's inside it, and there are plenty of use cases for that. And if you have multiple 's, you can also have more than 1 per , but each (even across 's) will still need its own unique listening IP address:Port combination. As to running multiple 's within the same Tomcat instance, as opposed to running multiple single- Tomcat instances : in the multiple- scenario, they all share the same JVM, the same Heap, the same Stack etc. So if you bring one "Service" down, they all go down. Which is not the case for multiple Tomcat instances. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: The Service Component
> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Monday, March 10, 2014 10:15 AM > To: Tomcat Users List > Subject: Re: The Service Component > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Jeffrey, > > On 3/10/14, 10:26 AM, Jeffrey Janner wrote: > >> -Original Message- From: Leo Donahue > >> [mailto:donahu...@gmail.com] Sent: Friday, March 07, 2014 9:44 AM > To: > >> users@tomcat.apache.org Subject: The Service Component > >> > >> Who uses more than one Service in their server.xml and why? I get > >> that you can have multiple Connectors if you have multiple Service > >> components but why use multiple connectors? > >> > >> Are there any docs on the use cases for these features? > >> > > > > Hi Leo, I may be the only person on this list who does this > > consistently. I use it as an alternative method of virtual hosting, > > i.e. each host gets its own and related sub-structure. > > The real reason? The default host has to be set to something, and I > > don't want to maintain some generic host to catch those that come in. > > Since I'm running an SaaS environment, really more ASP, a business > > requirement is that each host appear to the outside world as a unique > > physical host, so two customers don't get the same IP address. I > could > > add tags for the IP address and all know variations of the > > hostname, but there's nothing to keep some yahoo admin at a customer > > site from configuring a DNS entry on an internal DNS server with some > > name I'm not expecting. Therefore, each in each > > gets a defaultHost entry pointing to its one and only entry. > > I'm interested in this use case. > > Since you have to maintain a for every IP address already, > how is that different from having a single with a bunch of > elements? How are those different? Or is it that you need > application isolation in the first place, so this is the best way to do > it in a single JVM? > It's primarily for App Isolation. The other is that I'm trying to keep the modifiable elements to a minimum, so that someone not completely versed in Tomcat can do a setup if I'm not available. Essentially, I have a predefined with tree that can be copied to a server.xml and only need to modify 7 values, 2 IP address fields, and 2 hostname fields, and engine name, a service name, and an appbase. The way I have it setup right now, you enter the same value for the last 3 entries in that list to make it easy to manage at the file system level. And by keeping it compact, it makes that move I mentioned easy, since all the elements are together in the server.xml (as opposed to being in one location and in another. Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 3/10/14, 10:26 AM, Jeffrey Janner wrote: >> -Original Message- From: Leo Donahue >> [mailto:donahu...@gmail.com] Sent: Friday, March 07, 2014 9:44 >> AM To: users@tomcat.apache.org Subject: The Service Component >> >> Who uses more than one Service in their server.xml and why? I >> get that you can have multiple Connectors if you have multiple >> Service components but why use multiple connectors? >> >> Are there any docs on the use cases for these features? >> > > Hi Leo, I may be the only person on this list who does this > consistently. I use it as an alternative method of virtual hosting, > i.e. each host gets its own and related sub-structure. > The real reason? The default host has to be set to something, and > I don't want to maintain some generic host to catch those that come > in. Since I'm running an SaaS environment, really more ASP, a > business requirement is that each host appear to the outside world > as a unique physical host, so two customers don't get the same IP > address. I could add tags for the IP address and all know > variations of the hostname, but there's nothing to keep some yahoo > admin at a customer site from configuring a DNS entry on an > internal DNS server with some name I'm not expecting. Therefore, > each in each gets a defaultHost entry pointing > to its one and only entry. I'm interested in this use case. Since you have to maintain a for every IP address already, how is that different from having a single with a bunch of elements? How are those different? Or is it that you need application isolation in the first place, so this is the best way to do it in a single JVM? > As an added benefit, if I find I need to move a customer from a > shared Tomcat setup to a unique Tomcat, all I need to do is set up > a new blank Tomcat and move the structure from one Tomcat > to another. Naturally, there's more work needed if I find I need to > give them their own physical server, but that's to be expected. In > general, not counting any hardware setup, I can move a host to > another tomcat instance with < 2 minutes downtime. Nice. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTHdcFAAoJEBzwKT+lPKRYL54P/RG5CJv+t89SlOxy2fb63djx h68V38Lv8PWBdj4TX9CQ05NlQOQvblqOuy+W7q9wmh+oCf3Fb6fWQaq1nZIc0+aG 5N8gCEQydIrd21XxvBF4FhXv60ZZiyhkAJRx3fXp0Mmf3BUTb0cR658DRhOEzytf 0zzoELsAdgikgwybCR30u0vuy4OfcjqwZ/aqtIdvTY1/Jx/kw8ztAk+iuY9n9QOU Iq/PPm5eZR46p9+4yxpyBUMZaDXFm012ItGGJKWIx/Xj2iERzNXDWYwF7JdNwXim GH8NWG7cLZNFixCmMiF9jMKalm7/3Ox8L7YufOeAZzIvTL13kVpK8A2ajnESmDrn r23igjGx4XRFgkBSDQCRDmStISKUjNiDHTbUQcOGi/ZyxSOvfLZRe2V6RNsMpsMT IxzhZE2YETZ4t+Eadywp+1BAj50o8oWJP3gAvwWFODe8n79MgpT++jkh+IFFO33U tNwcuhDuzh6LIyuNNrrD1PBvuOIAs350NKDdX4VaCys1fA4Kez7zup1uVgfIzprp mNjuUWlG3OWFojqb3ph450L8CFvnYYIah6yQcwvOG1vTq1jA72Kg9QG41pQax4nd ttHX67gL4kCY0VyIpgNS7LPxE90d3quJNdpE1c/5Iqsw3Wvj3LL2I6jz55kLt8Uu dCYEBEeo2GWmcP7AXxko =Inu5 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: The Service Component
> -Original Message- > From: Leo Donahue [mailto:donahu...@gmail.com] > Sent: Friday, March 07, 2014 9:44 AM > To: users@tomcat.apache.org > Subject: The Service Component > > Who uses more than one Service in their server.xml and why? I get that > you can have multiple Connectors if you have multiple Service > components but why use multiple connectors? > > Are there any docs on the use cases for these features? > Hi Leo, I may be the only person on this list who does this consistently. I use it as an alternative method of virtual hosting, i.e. each host gets its own and related sub-structure. The real reason? The default host has to be set to something, and I don't want to maintain some generic host to catch those that come in. Since I'm running an SaaS environment, really more ASP, a business requirement is that each host appear to the outside world as a unique physical host, so two customers don't get the same IP address. I could add tags for the IP address and all know variations of the hostname, but there's nothing to keep some yahoo admin at a customer site from configuring a DNS entry on an internal DNS server with some name I'm not expecting. Therefore, each in each gets a defaultHost entry pointing to its one and only entry. As an added benefit, if I find I need to move a customer from a shared Tomcat setup to a unique Tomcat, all I need to do is set up a new blank Tomcat and move the structure from one Tomcat to another. Naturally, there's more work needed if I find I need to give them their own physical server, but that's to be expected. In general, not counting any hardware setup, I can move a host to another tomcat instance with < 2 minutes downtime. Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 3/8/14, 6:30 AM, André Warnier wrote: > Leon Rosenberg wrote: >> Hello Leo, >> >> >> On Fri, Mar 7, 2014 at 6:49 PM, Leo Donahue >> wrote: >> >>> On Fri, Mar 7, 2014 at 9:01 AM, Leon Rosenberg >>> wrote: Hello, I do use multiple connectors but one service. Multiple connectors to separate user traffic from admin/management >>> traffic. For example if due to overload no threads are available to server http request on the 'main' connector, I still can look into the app, to see >>> what is going on, over my "administrative" connector. Leon >>> You are just changing the port number then in your >>> "administrative" connector, in the same Service element? >>> >> yes: >> >> for example >> >> > protocol="HTTP/1.1" connectionTimeout="2" /> >> >> > protocol="HTTP/1.1" connectionTimeout="2" /> >> >> I would then point the front loadbalancer to 8080 and keep 8180 >> accessible from the administration network only. >> > > With the above configuration, both these Connectors share the same > pool of threads. If the Connector on port 8080 exhausts the > available threads, you will not be able to connect using the > Connector on port 8180 (ok, you will be able to connect, but not to > do anything). For even more resilience, I would give that port 8180 > Connector its own pool of (e.g.) 3 threads, not shared with the > Executor. +1 Also, there's only one Service, which was the original subject. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTHQ3pAAoJEBzwKT+lPKRYhT4QALLwYJv/xcBnWrDHfaeIg/M6 q4LhS5PgMGwTYW/nuq8hCOnnjFYIyTlmQMbAPiC8F4CbLAn6VeGWAG/blHsrfA1l B1iml8qEgZ8cHVlTHKa/GFci2oMpNomv1yNcc0jSYQDvOfXLeUoz5QAZWy7mGAXu Q77CEJshxwR9Ixpvhu8lV6yUs2MRBZTU4QgDV10ZSMWLy9NyLWk4DBg4aRqvl5wg 7Z9WLZiHWWA8kpIugHspmNScWHS+jcol/lOQlrwdiipm3JLUlLywpSxEJ4lM1LYz ypwiQCmHPVFuBXtowGbKLdAet4Hx/uPXsO1Z7579d0gsl5ZYnmGO/ZwqkH7Tyhu6 gsFwM00FjgVKAodcY179ivJ8VETGMkvhgJB4YcRSzX+AeZG5JXaFca9SjpnKTn/5 WdSZKGzsyEYIgNOXlvbeDMRTLrJcsIMwXFcGlHVZTWJs4u1rSt4R3r06lqxwJ/1R TT3PzEaPP7G/oK0nCfoT2sDUdAUB379zZSW9PqCK0DNxr9TQd8ZpNcZ1E32R/MoF vAVno8c6jzKJNK3Auc1ZdypeDdRDjsUS/viBG2AKKlrnJZhZXGvW3qwBMLEXQD8J WZI0NDL32SPs035VRt4XNeCN89qk3mHfTDgysxEbBazAacffSFu5MvZfVjcIaN3p pg7Eip/bLjYnbNza5LbF =Fq0A -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
2014-03-07 21:21 GMT+04:00 André Warnier : > Christopher Schultz wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Leo, >> >> On 3/7/14, 10:44 AM, Leo Donahue wrote: >>> >>> Who uses more than one Service in their server.xml and why? I get that >>> you can have multiple Connectors if you have multiple Service components but >>> why use multiple connectors? >> >> >> You can already have multiple s per but the >> difference is that all Connectors in Service can access all web >> applications in that Service. >> >>> Are there any docs on the use cases for these features? >> >> >> Let's say that you wanted to deploy a non-secure webapp (/open) and a >> secure webapp (/secure). And let's say that you were terribly paranoid >> about proper setup: you want to make sure that nobody can access your >> /secure webapp without going through HTTPS. >> >> If you were to simply do this: >> >> >> >> >> >> >> >> ... then anyone could access either web application via http:// and >> https://. (Of course, you'd set "CONFIDENTIAL" in your web.xml, but >> remember, we're being paranoid, here). >> >> Instead, you can do this: >> >> >> >> >> >> >> >> >> >> >> This way, anyone requesting http:///secure would get a 404. >> >> I'm sure you could come up with a real-world use-case for the above, >> because it's obviously not a very good example I've laid out there. >> >> Perhaps a better use-case might be something like a server connected >> to several VPNs where services need to be separated by port number for >> isolation. (I'm not sure why you'd isolate the port numbers in that >> case and not also isolate the JVMs, but it's just a thought). >> > > I would be almost ready to bet that nobody has ever tried 2 's. > It almost sounds like 2 separate Tomcat instances, except that they share > the same JVM and the same TOMCAT_BASE, hence the same configuration files > (of course), which makes it difficult to think of a real use case, as > compared to 2 separate (JVM + Tomcat) instances running off the same > codebase. For example, the Manager web application is implemented so that it manages the current "Host" only, but that is only an implementer's decision. With JMX access you can manage the whole Tomcat. There might be alternative management applications out there that allow to manage the whole Tomcat, while being run in a different Service / Host. > My guess would be : when designing Tomcat, it came to pass that somewhere in > the logic, Connector's and Engine were related things, but that there was no > clear way to design it so that one would be a child of the other or > vice-versa. So they just created a Service on top of both, and made them > siblings. > It may just be so as to make it easier to start the Engine, before starting > the corresponding Connector's. Or to run them separately and asynchronously. > > It is a good question though. I wonder why nobody ever asked on this list > before (in my memory). > > Also, (and also in my memory) I could swear that at some point, there was a > document available on the Tomcat website, which gave some overview of the > overall Tomcat design. But I can't seem to find that anymore. > Docs -> Architecture ? http://tomcat.apache.org/tomcat-7.0-doc/architecture/index.html Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
Leon Rosenberg wrote: Hello Leo, On Fri, Mar 7, 2014 at 6:49 PM, Leo Donahue wrote: On Fri, Mar 7, 2014 at 9:01 AM, Leon Rosenberg wrote: Hello, I do use multiple connectors but one service. Multiple connectors to separate user traffic from admin/management traffic. For example if due to overload no threads are available to server http request on the 'main' connector, I still can look into the app, to see what is going on, over my "administrative" connector. Leon You are just changing the port number then in your "administrative" connector, in the same Service element? yes: for example I would then point the front loadbalancer to 8080 and keep 8180 accessible from the administration network only. With the above configuration, both these Connectors share the same pool of threads. If the Connector on port 8080 exhausts the available threads, you will not be able to connect using the Connector on port 8180 (ok, you will be able to connect, but not to do anything). For even more resilience, I would give that port 8180 Connector its own pool of (e.g.) 3 threads, not shared with the Executor. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
DHARMENDRA SETHI wrote: Hi Can anyone help me unsubscribe from this mailing list? I have tried numerous times on the website, please help. Thanks Is the line at the bottom of every list message not explicit enough ? Send a message here : | v - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > Regards, Abhishek Anne Sent from BlackBerry® on Airtel -Original Message- From: DHARMENDRA SETHI Date: Fri, 7 Mar 2014 20:38:18 To: Tomcat Users List Reply-To: "Tomcat Users List" Subject: Re: The Service Component Hi Can anyone help me unsubscribe from this mailing list? I have tried numerous times on the website, please help. Thanks On Mar 7, 2014 10:44 AM, "Leo Donahue" wrote: > Who uses more than one Service in their server.xml and why? I get > that you can have multiple Connectors if you have multiple Service > components but why use multiple connectors? > > Are there any docs on the use cases for these features? > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
Hi Can anyone help me unsubscribe from this mailing list? I have tried numerous times on the website, please help. Thanks On Mar 7, 2014 10:44 AM, "Leo Donahue" wrote: > Who uses more than one Service in their server.xml and why? I get > that you can have multiple Connectors if you have multiple Service > components but why use multiple connectors? > > Are there any docs on the use cases for these features? > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: The Service Component
Hello Leo, On Fri, Mar 7, 2014 at 6:49 PM, Leo Donahue wrote: > On Fri, Mar 7, 2014 at 9:01 AM, Leon Rosenberg > wrote: > > Hello, > > > > I do use multiple connectors but one service. > > Multiple connectors to separate user traffic from admin/management > traffic. > > For example if due to overload no threads are available to server http > > request on the 'main' connector, I still can look into the app, to see > what > > is going on, over my "administrative" connector. > > > > Leon > > You are just changing the port number then in your "administrative" > connector, in the same Service element? > yes: for example I would then point the front loadbalancer to 8080 and keep 8180 accessible from the administration network only. regards Leon > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: The Service Component
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Leo, On 3/7/14, 10:44 AM, Leo Donahue wrote: Who uses more than one Service in their server.xml and why? I get that you can have multiple Connectors if you have multiple Service components but why use multiple connectors? You can already have multiple s per but the difference is that all Connectors in Service can access all web applications in that Service. Are there any docs on the use cases for these features? Let's say that you wanted to deploy a non-secure webapp (/open) and a secure webapp (/secure). And let's say that you were terribly paranoid about proper setup: you want to make sure that nobody can access your /secure webapp without going through HTTPS. If you were to simply do this: ... then anyone could access either web application via http:// and https://. (Of course, you'd set "CONFIDENTIAL" in your web.xml, but remember, we're being paranoid, here). Instead, you can do this: This way, anyone requesting http:///secure would get a 404. I'm sure you could come up with a real-world use-case for the above, because it's obviously not a very good example I've laid out there. Perhaps a better use-case might be something like a server connected to several VPNs where services need to be separated by port number for isolation. (I'm not sure why you'd isolate the port numbers in that case and not also isolate the JVMs, but it's just a thought). I would be almost ready to bet that nobody has ever tried 2 's. It almost sounds like 2 separate Tomcat instances, except that they share the same JVM and the same TOMCAT_BASE, hence the same configuration files (of course), which makes it difficult to think of a real use case, as compared to 2 separate (JVM + Tomcat) instances running off the same codebase. My guess would be : when designing Tomcat, it came to pass that somewhere in the logic, Connector's and Engine were related things, but that there was no clear way to design it so that one would be a child of the other or vice-versa. So they just created a Service on top of both, and made them siblings. It may just be so as to make it easier to start the Engine, before starting the corresponding Connector's. Or to run them separately and asynchronously. It is a good question though. I wonder why nobody ever asked on this list before (in my memory). Also, (and also in my memory) I could swear that at some point, there was a document available on the Tomcat website, which gave some overview of the overall Tomcat design. But I can't seem to find that anymore. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
On Fri, Mar 7, 2014 at 9:37 AM, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Leo, > > On 3/7/14, 10:44 AM, Leo Donahue wrote: >> Who uses more than one Service in their server.xml and why? I get >> that you can have multiple Connectors if you have multiple Service >> components but why use multiple connectors? > > You can already have multiple s per but the > difference is that all Connectors in Service can access all web > applications in that Service. > >> Are there any docs on the use cases for these features? > > Let's say that you wanted to deploy a non-secure webapp (/open) and a > secure webapp (/secure). And let's say that you were terribly paranoid > about proper setup: you want to make sure that nobody can access your > /secure webapp without going through HTTPS. > > If you were to simply do this: > > > > > > > > ... then anyone could access either web application via http:// and > https://. (Of course, you'd set "CONFIDENTIAL" in your web.xml, but > remember, we're being paranoid, here). > > Instead, you can do this: > > > > > > > > > > > This way, anyone requesting http:///secure would get a 404. > > I'm sure you could come up with a real-world use-case for the above, It's good enough to get the wheels turning... Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
On Fri, Mar 7, 2014 at 9:01 AM, Leon Rosenberg wrote: > Hello, > > I do use multiple connectors but one service. > Multiple connectors to separate user traffic from admin/management traffic. > For example if due to overload no threads are available to server http > request on the 'main' connector, I still can look into the app, to see what > is going on, over my "administrative" connector. > > Leon You are just changing the port number then in your "administrative" connector, in the same Service element? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Leo, On 3/7/14, 10:44 AM, Leo Donahue wrote: > Who uses more than one Service in their server.xml and why? I get > that you can have multiple Connectors if you have multiple Service > components but why use multiple connectors? You can already have multiple s per but the difference is that all Connectors in Service can access all web applications in that Service. > Are there any docs on the use cases for these features? Let's say that you wanted to deploy a non-secure webapp (/open) and a secure webapp (/secure). And let's say that you were terribly paranoid about proper setup: you want to make sure that nobody can access your /secure webapp without going through HTTPS. If you were to simply do this: ... then anyone could access either web application via http:// and https://. (Of course, you'd set "CONFIDENTIAL" in your web.xml, but remember, we're being paranoid, here). Instead, you can do this: This way, anyone requesting http:///secure would get a 404. I'm sure you could come up with a real-world use-case for the above, because it's obviously not a very good example I've laid out there. Perhaps a better use-case might be something like a server connected to several VPNs where services need to be separated by port number for isolation. (I'm not sure why you'd isolate the port numbers in that case and not also isolate the JVMs, but it's just a thought). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTGfXBAAoJEBzwKT+lPKRYCNkP/RQGPUhkgiKzV3iaNPyC1JFL Mo3qSvGu3oAsDeTIeDKNacTZD7xfizdcP8xi3ejL5MlW/QuNhIqxg1G2FURheHMU 7WyNWVlZQOizzbxuhiCQAcJjo09fZO1Mb5EdbXsFEXnSUU87lWjLcL+N/tfb7BKS tV6Xyaal1quiPDkS1tzQ/qwCCfmwY1MjUlMrfswi0tyLhWujT9RCSrIUUXrdTw4D bPZep6Yt3bSP7qRDBBIsK3cJi+9mj4oubqZhoFKfikgPMNZhU/42Yz37iXsPhrKy /2GhanXQGffdsU7+dMppTcHVleD8028mTzR9C3kjvXfsBK48I3WF/GzIVcmfuIVs tPV1ww+1isGT87x5UygFa0PfiwYmVIQf1KlZSaKUIN9TiqaViD3p6gOKxWbRz7G3 wOumLEy2MwjOAKtkQ67wMhj8IDcQ3blcHTP2XPxGffrJGdj8s5bu5Z/XAd3V1faX w5Z6UlYahMlq5wLYFTUtkr/OMCtypDqEEbs+t/MTF8UglKDA9MrGO2qBEP96bi0W mtFyfGmn0iKbQz524+V1TgRxcHc5Yt7Rnm+fyjNtjU+yWpAmJ4btR7BIB0MnnYss T21nZSacou+69SlDteQvPC8uEBi77sIEdSOryYWJT9VlIpSEUgi/fJN4b61GLrvt V7Eik97M/yRtQhufMsIj =61K/ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The Service Component
Hello, I do use multiple connectors but one service. Multiple connectors to separate user traffic from admin/management traffic. For example if due to overload no threads are available to server http request on the 'main' connector, I still can look into the app, to see what is going on, over my "administrative" connector. Leon On Fri, Mar 7, 2014 at 5:44 PM, Leo Donahue wrote: > Who uses more than one Service in their server.xml and why? I get > that you can have multiple Connectors if you have multiple Service > components but why use multiple connectors? > > Are there any docs on the use cases for these features? > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
The Service Component
Who uses more than one Service in their server.xml and why? I get that you can have multiple Connectors if you have multiple Service components but why use multiple connectors? Are there any docs on the use cases for these features? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org