Re: tomcat7-maven-plugin redeploy
Hello, Did you try update parameter to true [1] ? Thanks -- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy [1] http://tomcat.apache.org/maven-plugin-2.0-SNAPSHOT/tomcat7-maven-plugin/deploy-mojo.html#update 2011/11/16 Hodchenkov, Paul paul.hodchen...@oxagile.com: Hi, It's seems that new tomcat7 plugin does not have undeploy/redeploy goals. So deployment fails with: -- [ERROR] BUILD ERROR [INFO] -- -- [INFO] Cannot invoke Tomcat manager: FAIL - Application already exists at path / Is it possible to undeploy/redeploy app using apache tomcat7 plugin? Should I revert back to codehaus plugin? -Original Message- From: Jesse Farinacci [mailto:jie...@gmail.com] Sent: Wednesday, November 16, 2011 4:21 AM To: Tomcat Users List Subject: Re: tomcat7-maven-plugin redeploy Greetings, On Tue, Nov 15, 2011 at 6:13 PM, David Yu d...@collab.net wrote: Is there a redeploy goal for the tomcat7 plugin? I'm trying to re-deploy a war file that has already been deployed and built to my remote tomcat server. Thanks. New development is at: http://tomcat.apache.org/maven-plugin-2.0-SNAPSHOT/tomcat7-maven-plugin/plugin-info.html Old deprecated plugin is at: http://mojo.codehaus.org/tomcat-maven-plugin/plugin-info.html http://mojo.codehaus.org/tomcat-maven-plugin/redeploy-mojo.html -Jesse -- There are 10 types of people in this world, those that can read binary and those that can not. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat 6.0.34
2011/11/16 Konstantin Kolinko knst.koli...@gmail.com: 2011/11/16 Angus Yiu a...@datapipe.com: Hello, We hit Authentication bypass and information disclosure CVE-2011-3190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190 in tomcat 6.0.32 May i know when Tomcat 6.0.34 will be release? Tag and release candidates are already done and vote is currently in progress. Once voting ends (usually 3 days) and there are no blocking issues (no negative votes) and at least 3 +1 votes, the same binaries are published as a release. If you want to help testing, you may download the release candidate. See [VOTE] thread on dev@. Unfortunately 6.0.34 is broken. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Trying to get Tomcat 6 running as a Windows service
Hello I'm trying to get Tomcat 6.0.26 running as a service on a Windows 7 64 bit PC but everytime I try I get message: Failed installing 'Tomcat6' service. As far as I'm aware, all relevant system settings are good and the installation displays settings for CATALINA_HOME, CATALINA_BASE, JAVA_HOME and JVM. I'm running the batch file with adminstrator authorities. Has anyone any idea? I should also add, that this version of Tomcat runs perfectly if called from NetBeans 7.0.1 which is deployed on the same PC. Martin O'Shea. -- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Trying to get Tomcat 6 running as a Windows service
Which file do you run? service.bat ? What do you have in your event logs? Which account do you use for service? Does it have requried rights? Ilya Kazakevich, Developer JetBrains Inc http://www.jetbrains.com Develop with pleasure! -Original Message- From: app...@dsl.pipex.com [mailto:app...@dsl.pipex.com] Sent: Wednesday, November 16, 2011 3:36 PM To: users@tomcat.apache.org Subject: Trying to get Tomcat 6 running as a Windows service Hello I'm trying to get Tomcat 6.0.26 running as a service on a Windows 7 64 bit PC but everytime I try I get message: Failed installing 'Tomcat6' service. As far as I'm aware, all relevant system settings are good and the installation displays settings for CATALINA_HOME, CATALINA_BASE, JAVA_HOME and JVM. I'm running the batch file with adminstrator authorities. Has anyone any idea? I should also add, that this version of Tomcat runs perfectly if called from NetBeans 7.0.1 which is deployed on the same PC. Martin O'Shea. -- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Errors with NIO processor
On 15/11/2011 17:00, Matthew Tyson wrote: Hey Guys, We are seeing the following errors (in production of course, testing didn't reveal this) after switching to NIO protocol. This is Tomcat 7.0.22 on CentOS 6. There is a load balancer sending only comet traffic to port 8080, where the NIO protocol is used. Nov 15, 2011 8:39:29 AM org.apache.tomcat.util.net.NioEndpoint processSocket SEVERE: Error allocating socket processor java.lang.NullPointerException Nov 15, 2011 8:39:51 AM org.apache.tomcat.util.net.NioEndpoint processSocket SEVERE: Error allocating socket processor java.lang.NullPointerException at org.apache.tomcat.util.net.NioEndpoint.processSocket(NioEndpoint.java:712) at org.apache.tomcat.util.net.NioEndpoint$Poller.processKey(NioEndpoint.java:1200) at org.apache.tomcat.util.net.NioEndpoint$Poller.run(NioEndpoint.java:1136) at java.lang.Thread.run(Thread.java:662) Nov 15, 2011 8:39:52 AM org.apache.coyote.AbstractProtocol$AbstractConnectionHandler process SEVERE: null java.lang.IllegalStateException: Calling [asyncPostProcess()] is not valid for a request with Async state [STARTED] at org.apache.coyote.AsyncStateMachine.asyncPostProcess(AsyncStateMachine.java:202) at org.apache.coyote.AbstractProcessor.asyncPostProcess(AbstractProcessor.java:104) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:519) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1550) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Exception in declaration() I see more of the Calling [asyncPostProcess()] is not valid for a request with Async state [STARTED] error by itself also. Here is the connector setup: Connector port=8080 protocol=org.apache.coyote.http11.Http11NioProtocol connectionTimeout=2 redirectPort=8443 / Any direction on where to look for the cause? It could be a bug somewhere in the NIO connector. There has been a lot of refactoring to reduce duplication between the connectors. In the long term that should reduce the bugs and makes those that remain easier to fix. In the short term, there have been a couple of regressions. What we really need is a reproducible test case. The simpler, the better. It could also be an application bug. A test case would help identify that too. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Trying to get Tomcat 6 running as a Windows service
I've been trying to get the service running as per the attachment. The account I am using does have admin rights. The Jakarta Service log file reports: [2011-11-16 11:54:30] [info] Commons Daemon procrun (1.0.2.0) started [2011-11-16 11:54:30] [80 service.c] [error] Access is denied. [2011-11-16 11:54:30] [524 prunsrv.c] [error] Unable to open the Service Manager [2011-11-16 11:54:30] [info] Commons Daemon procrun finished. When I try to set the service up as displayed in the attachment. -Original Message- From: Ilya Kazakevich [mailto:ilya.kazakev...@jetbrains.com] Sent: 16 Nov 2011 11 40 To: 'Tomcat Users List' Subject: RE: Trying to get Tomcat 6 running as a Windows service Which file do you run? service.bat ? What do you have in your event logs? Which account do you use for service? Does it have requried rights? Ilya Kazakevich, Developer JetBrains Inc http://www.jetbrains.com Develop with pleasure! -Original Message- From: app...@dsl.pipex.com [mailto:app...@dsl.pipex.com] Sent: Wednesday, November 16, 2011 3:36 PM To: users@tomcat.apache.org Subject: Trying to get Tomcat 6 running as a Windows service Hello I'm trying to get Tomcat 6.0.26 running as a service on a Windows 7 64 bit PC but everytime I try I get message: Failed installing 'Tomcat6' service. As far as I'm aware, all relevant system settings are good and the installation displays settings for CATALINA_HOME, CATALINA_BASE, JAVA_HOME and JVM. I'm running the batch file with adminstrator authorities. Has anyone any idea? I should also add, that this version of Tomcat runs perfectly if called from NetBeans 7.0.1 which is deployed on the same PC. Martin O'Shea. -- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Trying to get Tomcat 6 running as a Windows service
I've been trying to run: service.bat install From the Windows command line in folder: C:\Program Files\Apache Software Foundation\Apache Tomcat 6.0.26\bin -Original Message- From: Ilya Kazakevich [mailto:ilya.kazakev...@jetbrains.com] Sent: 16 Nov 2011 11 40 To: 'Tomcat Users List' Subject: RE: Trying to get Tomcat 6 running as a Windows service Which file do you run? service.bat ? What do you have in your event logs? Which account do you use for service? Does it have requried rights? Ilya Kazakevich, Developer JetBrains Inc http://www.jetbrains.com Develop with pleasure! -Original Message- From: app...@dsl.pipex.com [mailto:app...@dsl.pipex.com] Sent: Wednesday, November 16, 2011 3:36 PM To: users@tomcat.apache.org Subject: Trying to get Tomcat 6 running as a Windows service Hello I'm trying to get Tomcat 6.0.26 running as a service on a Windows 7 64 bit PC but everytime I try I get message: Failed installing 'Tomcat6' service. As far as I'm aware, all relevant system settings are good and the installation displays settings for CATALINA_HOME, CATALINA_BASE, JAVA_HOME and JVM. I'm running the batch file with adminstrator authorities. Has anyone any idea? I should also add, that this version of Tomcat runs perfectly if called from NetBeans 7.0.1 which is deployed on the same PC. Martin O'Shea. -- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Trying to get Tomcat 6 running as a Windows service
http://www.coderanch.com/t/450781/Tomcat/Tomcat-Windows-Server-Permissions Ilya Kazakevich, Developer JetBrains Inc http://www.jetbrains.com Develop with pleasure! -Original Message- From: Martin O'Shea [mailto:app...@dsl.pipex.com] Sent: Wednesday, November 16, 2011 3:59 PM To: 'Tomcat Users List' Subject: RE: Trying to get Tomcat 6 running as a Windows service I've been trying to get the service running as per the attachment. The account I am using does have admin rights. The Jakarta Service log file reports: [2011-11-16 11:54:30] [info] Commons Daemon procrun (1.0.2.0) started [2011-11-16 11:54:30] [80 service.c] [error] Access is denied. [2011-11-16 11:54:30] [524 prunsrv.c] [error] Unable to open the Service Manager [2011-11-16 11:54:30] [info] Commons Daemon procrun finished. When I try to set the service up as displayed in the attachment. -Original Message- From: Ilya Kazakevich [mailto:ilya.kazakev...@jetbrains.com] Sent: 16 Nov 2011 11 40 To: 'Tomcat Users List' Subject: RE: Trying to get Tomcat 6 running as a Windows service Which file do you run? service.bat ? What do you have in your event logs? Which account do you use for service? Does it have requried rights? Ilya Kazakevich, Developer JetBrains Inc http://www.jetbrains.com Develop with pleasure! -Original Message- From: app...@dsl.pipex.com [mailto:app...@dsl.pipex.com] Sent: Wednesday, November 16, 2011 3:36 PM To: users@tomcat.apache.org Subject: Trying to get Tomcat 6 running as a Windows service Hello I'm trying to get Tomcat 6.0.26 running as a service on a Windows 7 64 bit PC but everytime I try I get message: Failed installing 'Tomcat6' service. As far as I'm aware, all relevant system settings are good and the installation displays settings for CATALINA_HOME, CATALINA_BASE, JAVA_HOME and JVM. I'm running the batch file with adminstrator authorities. Has anyone any idea? I should also add, that this version of Tomcat runs perfectly if called from NetBeans 7.0.1 which is deployed on the same PC. Martin O'Shea. -- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Trying to get Tomcat 6 running as a Windows service
Thanks. Will try this later. -Original Message- From: Ilya Kazakevich [mailto:ilya.kazakev...@jetbrains.com] Sent: 16 Nov 2011 12 15 To: 'Tomcat Users List' Subject: RE: Trying to get Tomcat 6 running as a Windows service http://www.coderanch.com/t/450781/Tomcat/Tomcat-Windows-Server-Permissions Ilya Kazakevich, Developer JetBrains Inc http://www.jetbrains.com Develop with pleasure! -Original Message- From: Martin O'Shea [mailto:app...@dsl.pipex.com] Sent: Wednesday, November 16, 2011 3:59 PM To: 'Tomcat Users List' Subject: RE: Trying to get Tomcat 6 running as a Windows service I've been trying to get the service running as per the attachment. The account I am using does have admin rights. The Jakarta Service log file reports: [2011-11-16 11:54:30] [info] Commons Daemon procrun (1.0.2.0) started [2011-11-16 11:54:30] [80 service.c] [error] Access is denied. [2011-11-16 11:54:30] [524 prunsrv.c] [error] Unable to open the Service Manager [2011-11-16 11:54:30] [info] Commons Daemon procrun finished. When I try to set the service up as displayed in the attachment. -Original Message- From: Ilya Kazakevich [mailto:ilya.kazakev...@jetbrains.com] Sent: 16 Nov 2011 11 40 To: 'Tomcat Users List' Subject: RE: Trying to get Tomcat 6 running as a Windows service Which file do you run? service.bat ? What do you have in your event logs? Which account do you use for service? Does it have requried rights? Ilya Kazakevich, Developer JetBrains Inc http://www.jetbrains.com Develop with pleasure! -Original Message- From: app...@dsl.pipex.com [mailto:app...@dsl.pipex.com] Sent: Wednesday, November 16, 2011 3:36 PM To: users@tomcat.apache.org Subject: Trying to get Tomcat 6 running as a Windows service Hello I'm trying to get Tomcat 6.0.26 running as a service on a Windows 7 64 bit PC but everytime I try I get message: Failed installing 'Tomcat6' service. As far as I'm aware, all relevant system settings are good and the installation displays settings for CATALINA_HOME, CATALINA_BASE, JAVA_HOME and JVM. I'm running the batch file with adminstrator authorities. Has anyone any idea? I should also add, that this version of Tomcat runs perfectly if called from NetBeans 7.0.1 which is deployed on the same PC. Martin O'Shea. -- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat7-maven-plugin redeploy
Thanks, it works. -Original Message- From: Olivier Lamy [mailto:ol...@apache.org] Sent: Wednesday, November 16, 2011 11:35 AM To: Tomcat Users List Subject: Re: tomcat7-maven-plugin redeploy Hello, Did you try update parameter to true [1] ? Thanks -- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy [1] http://tomcat.apache.org/maven-plugin-2.0-SNAPSHOT/tomcat7-maven-plugin/deploy-mojo.html#update 2011/11/16 Hodchenkov, Paul paul.hodchen...@oxagile.com: Hi, It's seems that new tomcat7 plugin does not have undeploy/redeploy goals. So deployment fails with: -- [ERROR] BUILD ERROR [INFO] -- -- [INFO] Cannot invoke Tomcat manager: FAIL - Application already exists at path / Is it possible to undeploy/redeploy app using apache tomcat7 plugin? Should I revert back to codehaus plugin? -Original Message- From: Jesse Farinacci [mailto:jie...@gmail.com] Sent: Wednesday, November 16, 2011 4:21 AM To: Tomcat Users List Subject: Re: tomcat7-maven-plugin redeploy Greetings, On Tue, Nov 15, 2011 at 6:13 PM, David Yu d...@collab.net wrote: Is there a redeploy goal for the tomcat7 plugin? I'm trying to re-deploy a war file that has already been deployed and built to my remote tomcat server. Thanks. New development is at: http://tomcat.apache.org/maven-plugin-2.0-SNAPSHOT/tomcat7-maven-plugin/plugin-info.html Old deprecated plugin is at: http://mojo.codehaus.org/tomcat-maven-plugin/plugin-info.html http://mojo.codehaus.org/tomcat-maven-plugin/redeploy-mojo.html -Jesse -- There are 10 types of people in this world, those that can read binary and those that can not. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk connection pool configuration
Hi, Tomcat 6.0.32, HTTPD (worker mpm) 2.2.19, mod_jk 1.2.31. If ThreadsPerChild is 60 and ServerLimit is 10, MaxClients is 600, how many connections, at peak, will be made to 20 Tomcat instances? Will this change If Tomcat instances start failing? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Certificate issued by GeoTrust Global CA is not appearing at client browser's side
Hello everyone, We would like to setup a secured web service on Axis 1.4, Tomcat 6.0.24, JDK 1.6 and CentOS Linux, because our partner requires HTTPS access to our web service and accepts only publicly trusted certificates (not self-signed ones). So we are setting up SSL on Tomcat 6.0.24, applying the chapter Installing a Certificate from a Certificate Authority of ssl-howto. At last we can access to our Tomcat welcome page through HTTPS, but the certificate we acquired from GeoTrust Global CA does not appear in my web browser. For example if we display the welcome page in Internet Explorer 8, the address bar will turn red and a message certificat error will appear, showing a certificate delivered by ourselves. These are the steps we have taken: Create a new keystore containing a private key: keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore $myKeyStoreFileName -dname $myDistinguishedName Create a CSR based on our keystore: keytool -certreq -keyalg RSA -alias tomcat -file $myCSRFileName -keystore $myKeyStoreFileName Once having received our certificates we imported the root certificate, the chain certificate and our server's certificate: keytool -import -trustcacerts -alias ROOT -file $myRootCert -keystore $myKeyStoreFileName keytool -import -trustcacerts -alias INTER -file $myIntermediateCert -keystore $myKeyStoreFileName keytool -import -trustcacerts -alias $myAlias -file $myServerCert -keystore $myKeyStoreFileName Could anyone tell me what I missed in my operations? I would also like to translate them into French in order to share it with other developers in my country. With my best wishes, Hélène Chèze
Re: mod_jk connection pool configuration
On 16 Nov 2011, at 13:47, Pid * p...@pidster.com wrote: Hi, Tomcat 6.0.32, HTTPD (worker mpm) 2.2.19, mod_jk 1.2.31. If ThreadsPerChild is 60 and ServerLimit is 10, MaxClients is 600, how many connections, at peak, will be made to 20 Tomcat instances? I should add that 'connection_pool_size' is not set in workers.properties. Will this change If Tomcat instances start failing? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Certificate issued by GeoTrust Global CA is not appearing at client browser's side
On Wed, 2011-11-16 at 06:23 -0800, Yi SHU wrote: At last we can access to our Tomcat welcome page through HTTPS, but the certificate we acquired from GeoTrust Global CA does not appear in my web browser. For example if we display the welcome page in Internet Explorer 8, the address bar will turn red and a message certificat error will appear, showing a certificate delivered by ourselves. If I understand this correctly, you are still seeing the self signed certificate being used by Tomcat. 1.) Have you restarted Tomcat since importing the certificate? 2.) Please include your server.xml so that we can see your configuration. Dan
Re: Certificate issued by GeoTrust Global CA is not appearing at client browser's side
Hi, Taking a quick look at this, i believe this is the part that goes wrong keytool -import -trustcacerts -alias $myAlias -file $myServerCert -keystore $myKeyStoreFileName It looks to me that you are importing a certificate that is supposed to be your server certificate as if it were a certificate authority certificate. Plus perhaps using a wrong alias, as the alias used needs to be the same which was used for generating the key and csr. What in your case would most propably work, is keytool -import -alias tomcat -keystore $myKeyStoreFileName -file $myServerCert Feel free to translate this to any language of your choosing :) Cheers, -Tapio - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk connection timeouts
Hello all, We have a new cluster with 2 servers. Every server contains 2 instances of Tomcat 6.0.32. Every node has an Aapche 2.2.21 installed an mod_jk is configured. In front of the these cluster there is a hardware loadbalancer cluster for HA. Several times we get in the status manager of the mod_jk, that one or more worker get the state ERR, and then they get back. In the mod_jk log there are entries like (worker2) Tomcat is down. or (worker1) connection to Tomcat failed. But these worker are locally on the same server as the mod_jk! More stupid is, that the mod_jk of the other node don´t recordnized, that the node on the other physical server is down. Is there a big bug in my config? In server.xml of Node 1 / TC1 Membership Address:228.0.0.4 Bind:172.30.5.78 (local IP of the server) Port: 45564 Frequency:500 dropTime:3000 Receiver Address:172.30.5.78 Port:4000 autoBind=100 selectorTimeout:5000 maxThreads:6 In server.xml Node 1 / TC2 Membership Address:228.0.0.4 Bind:172.30.5.78 (local IP of the server) Port: 45574 Frequency:500 dropTime:3000 Receiver Address:172.30.5.78 Port:4000 autoBind=100 selectorTimeout:5000 maxThreads:6 In server.xml Node 2 / TC 1 Membership Address:228.0.0.4 Bind:172.30.5.77 (local IP of the server) Port: 45564 Frequency:500 dropTime:3000 Receiver Address:172.30.5.77 Port:4000 autoBind=100 selectorTimeout:5000 maxThreads:6 In server.xml / Node 2 / TC 2 Membership Address:228.0.0.4 Bind:172.30.5.77 (local IP of the server) Port: 45574 Frequency:500 dropTime:3000 Receiver Address:172.30.5.77 Port:4000 autoBind=100 selectorTimeout:5000 maxThreads:6 worker.properties: # List the workers name worker.list= loadbalancer,loadbalancertc,jkstatus,worker3,worker4,worker11,worker12 worker.maintain= 60 # # First worker - LB # worker.worker1.port=8010 worker.worker1.host=172.30.5.78 worker.worker1.type=ajp13 worker.worker1.lbfactor=100 worker.worker1.route=worker1 worker.worker1.connection_pool_timeout=600 worker.worker1.activation=active # # Second worker - LB # worker.worker2.port=8010 worker.worker2.host=172.30.5.77 worker.worker2.type=ajp13 worker.worker2.lbfactor=100 worker.worker2.route=worker2 worker.worker2.connection_pool_timeout=600 worker.worker2.activation=active # # Third worker - Standalone # worker.worker3.port=8010 worker.worker3.host=172.30.5.77 worker.worker3.type=ajp13 worker.worker3.lbfactor=100 worker.worker3.activation=active # # fourth worker - Standalone # worker.worker4.port=8010 worker.worker4.host=172.30.5.78 worker.worker4.type=ajp13 worker.worker4.lbfactor=100 worker.worker4.activation=active # # sixth worker TC2010 - LB # worker.worker6.port=8012 worker.worker6.host=172.30.5.78 worker.worker6.type=ajp13 worker.worker6.lbfactor=100 worker.worker6.activation=active worker.worker6.route=worker6 worker.worker6.connection_pool_timeout=600 # # seventh worker TC3110 - LB # worker.worker7.port=8012 worker.worker7.host=172.30.5.77 worker.worker7.type=ajp13 worker.worker7.lbfactor=100 worker.worker7.activation=active worker.worker7.route=worker7 worker.worker7.connection_pool_timeout=600 ##BBMAGK0 # # eleventh worker TC2010 - Standalone # worker.worker11.port=8012 worker.worker11.host=172.30.5.78 worker.worker11.type=ajp13 worker.worker11.lbfactor=100 worker.worker11.activation=active ##BBMAGK1 # # twelfth worker TC2010 - Standalone # worker.worker12.port=8012 worker.worker12.host=172.30.5.77 worker.worker12.type=ajp13 worker.worker12.lbfactor=100 worker.worker12.activation=active # -- # Load Balancer worker # -- worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=worker1,worker2 worker.loadbalancer.sticky_session=true worker.loadbalancer.sticky_session_force=false worker.loadbalancer.method=Request worker.loadbalancer.retries=5 worker.loadbalancer.secret=t # -- # Load Balancer worker tc # --
Re: Grabbing the user's info
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh, On 11/14/11 1:18 PM, Josh Gooding wrote: Question. I'm developing an application that resides on a network. I wondered if (and how) there was a way to use the users network authentication as a valid authentication into this application? As Ilya hints, you'll have to use NTLM to get this to work. IIRC, this requires that you use IIS with mod_jk to capture the authentication information and forward it over to Tomcat. If you want to be able to use NTLM for authentication into your webapp, you'll need to use a specific type of realm to do that. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7D48wACgkQ9CaO5/Lv0PCJ6ACfUVovBy3G9ToGOOGPfUyB16Dj Jb8AoJw919KLrFZeLR/mE08VHi8/cB5E =U1z3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Grabbing the user's info
Hello, As Ilya hints, you'll have to use NTLM to get this to work. IIRC, this requires that you use IIS with mod_jk to capture the authentication information and forward it over to Tomcat. If you want to be able to use NTLM for authentication into your webapp, you'll need to use a specific type of realm to do that. IE and almost all modern browsers on windows may sent authentication info transparently. Old, non-ie browsers can't and you need user needs to use HTTP plain auth (401 Unauthorized) or form authentication. Only IIS is able to accept it transparently AFAIK, tomcat natevly accepts only form and HTTP-based auth. So: If you want your user not to enter log and pass (you just log into windows and go to web site) -- you need IIS and IE (or modern version of another browser). In all other cases user would need to enter her login and password in browser window (for http auth) or special page (form auth). You may use LDAP AD interface to check this info. That could be done with out of IIS. But for _transparent_ authentication IIS is required as Christopher mentioned. Ilya. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk connection pool configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 11/16/11 8:47 AM, Pid * wrote: Tomcat 6.0.32, HTTPD (worker mpm) 2.2.19, mod_jk 1.2.31. If ThreadsPerChild is 60 and ServerLimit is 10, MaxClients is 600, how many connections, at peak, will be made to 20 Tomcat instances? - From httpd docs: MaxClients: For threaded and hybrid servers (e.g. beos or worker) MaxClients restricts the total number of threads that will be available to serve clients. The default value for beos is 50. For hybrid MPMs the default value is 16 (ServerLimit) multiplied by the value of 25 (ThreadsPerChild). Therefore, to increase MaxClients to a value that requires more than 16 processes, you must also raise ServerLimit. ServerLimit: With worker use this directive only if your MaxClients and ThreadsPerChild settings require more than 16 server processes (default). Do not set the value of this directive any higher than the number of server processes required by what you may want for MaxClients and ThreadsPerChild. So if MaxClients is 600 and ThreadsPerChild is 60 then you can't have more than 10 processes each with 60 threads. If you want more than 16 server processes (which it looks like you don't need), then you'll need to set ServerLimit to something higher than it's default for worker which appears to be 16. I'm not sure you need ServerLimit at all. If you have 20 TCs on the back end, then mod_jk will have to open 20 * 600 = 12000 connections at peak, if my math is correct. That's only 600 connections per TC, or course, but you may have trouble with creating that many connections from the proxy. If you have more than one worker, then the number of Tomcat instances is essentially multiplied. So, if you have 20 TC backends each with 2 workers assigned to them, then you'll 24000 connections instead. Will this change If Tomcat instances start failing? Probably not -- mod_jk will just retire the connection and create a new one. If you are having load problems, you might make things worse with all this connection churn. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7D6mAACgkQ9CaO5/Lv0PCwSACfaDMyMVnj5GhMEhRgnH07R2Hh /EEAnAyqpjnZSDmbnZrHxwC5BMSC1tJ5 =vpRW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: mod_jk Avoid loadbalancing
-Original Message- From: Pid [mailto:p...@pidster.com] Sent: Tuesday, November 15, 2011 9:09 AM To: Tomcat Users List Subject: Re: mod_jk Avoid loadbalancing On 15/11/2011 15:00, Jeffrey Janner wrote: Alexander - From reading your emails, it sounds like you have the following setup F5 HW-balancer | / \ / \ Level 1 balancing / \ HTTPD1 HTTPD2 | | Level 2 balancing | | | TC1 TC2TC3 Is that correct? You state that you want to eliminate Level 2. However, from a performance standpoint, why would you? Without the Level 2 balancing, it is conceivable that one of the 3 Tomcats could end up processing the bulk the JSP requests. Why? p To be honest, I don't think you can set up the Level 2 without some form of load-balancing, even if it is just round-robin. But perhaps I'm not processing the full impact of how the whole structure will work, considering the OP wanted to eliminate the Level 2 LB. I would think one would want the F5 to balance the loads on the HTTPD servers for that traffic, and let the HTTPD servers decide best use of the Tomcats to avoid overloading one (reason for LB). Since the OP hasn't bothered to provide his physical or logical layout and his exact goals, I was postulating on theory alone. However, his subsequent response makes it sound like he has 3 systems with HTTPD Tomcat on each system. It sounds like what he really wants is for HTTPD to forward only to Tomcat on the same server and let the F5 load balance and failover that setup. Sounds reasonable, and fairly easy to set up. However, if he wants the above LOGICAL setup, then he needs to rethink his architecture. For example, my suggestion at the beginning of this paragraph won't handle failover where only the Tomcat on server1 goes down, but the HTTPD is active. Configuring for that eventuality takes a little more thought. I've not done enough playing with the mod_jk config to be sure that is possible, but no one who is has weighed in on the specifics of his problem, probably because he hasn't fully explained the scenario he is trying to implement. Jeff __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat manager/status question
I have copied my server.xml file below. __ Server port=8405 shutdown=Shutdown.SerenaCommonTomcat !-- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / -- Listener className=org.apache.catalina.core.JasperListener/ Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ Service name=Catalina Connector connectionTimeout=2 port=18080 protocol=HTTP/1.1 redirectPort=8443 server=Unknown Web Server/1.0/ !-- Define a SSL HTTP/1.1 Connector on port 8443, using only 128-bit+ encryption (remove ciphers attribute if not needed). -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA server=Unknown Web Server/1.0/ -- Connector SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreFile=conf/sample-ssl.jks truststorePass=*/ Connector SSLEnabled=true acceptCount=100 clientAuth=true disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8543 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreAlgorithm=AnyCert truststoreFile=conf/sample-ssl.jks truststorePass=*/ !-- Define an AJP 1.3 Connector on port 8409. -- Connector port=8409 protocol=AJP/1.3 redirectPort=8443 server=Unknown Web Server/1.0/ Engine defaultHost=localhost name=Catalina Host appBase=webapps autoDeploy=true name=localhost unpackWARs=true xmlNamespaceAware=false xmlValidation=false/ /Engine /Service /Server ___ Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 04:26 PM Subject:Re: tomcat manager/status question Justin, Your conf/tomcat-users.xml looks fine to me. I copied and pasted it into a stock Tocmat 6.0.33 server on my machine and it worked fine. At this point, you might want to also post your conf/server.xml file. Dan On Mon, 2011-11-14 at 13:00 -0800, Justin Larose wrote: Yes I have restarted tomcat after editing this file: ?xml version='1.0' encoding='cp1252'? tomcat-users role rolename=manager-gui/ user username=admin password= roles=manager-gui / /tomcat-users Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 02:32 PM Subject:Re: tomcat manager/status question Justin, What exactly do you have in your conf/tomcat-users.xml file? If you could include the contents of the file inline here, that would be helpful. Don't forget to redact passwords and other sensitive info. Dan On Mon, 2011-11-14 at 11:18 -0800, Justin Larose wrote: Question: I upgraded my Tomcat version to 6.0 using the apache-tomcat-6.0.33.exe file and I am trying to access the manager and the status pages here: localhost:port\index.jsp I get to the default Tomcat page and select status and I get a login prompt. After entering the username and password that I have configured in the \conf\tomcat-users.xml file it just asks for the password again and again. After the 3rd attempt it will default to the 401 page that talks about configuring the tomcat-users.xml file. I also get the same error after selecting the manager link as well. Do I need to install another portion of Tomcat to get this feature to work? Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Database connection causes slow startup
Hey all, I'm running Tomcat 6.0.33, Java 1.6.0_29, and Ubuntu 11.10 64-bit (kernel 3.0.0-12). I'm using Tomcat to connect to 2 databases, defined in my conf/server.xml file. Before I added these data sources, Tomcat started up quickly. Now, it takes around 7 minutes to start. It still connects to the databases, and once it's connected it runs quickly, but it takes quite a while to connect. Am I doing something wrong? I've attached my server.xml, context.xml, and catalina.out. Thanks for your help! Ben - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Grabbing the user's info
But for _transparent_ authentication IIS is required as Christopher mentioned. That is not true. You can use SPNEGO to setup transparent authentication directly to tomcat. You do not need IIS. This means that a browser accesses a protected url on the server, and the server and browser discuss who the user is, and then the application is presented with that information. This discussion is transparent and involves no user interaction. This can be done by default in IE and I believe chrome, but firefox is more secure so needs to have explicitly have this authentication security enabled - by default it is turned off to stop hackers falsely requesting the details from a malicious server HTH Chris
Re: tomcat manager/status question
Justin, Assuming that is the entire file, it looks like you do not have a UserDatabase or a Realm defined. You need to define a UserDatabase Resource tag and a Realm for the security configuration. This is required by the manager application perform authentication and authorization. This configuration will look something like the following (non-essential elements removed for brevity)... Server.. GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service... Engine... Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ /Engine /Service /Server For a complete example, grab a fresh copy of Tomcat and take a look at the server.xml file that is packaged with it. It has both of these elements defined and some comments which explain how it works. Dan On Wed, 2011-11-16 at 11:04 -0800, Justin Larose wrote: I have copied my server.xml file below. __ Server port=8405 shutdown=Shutdown.SerenaCommonTomcat !-- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / -- Listener className=org.apache.catalina.core.JasperListener/ Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ Service name=Catalina Connector connectionTimeout=2 port=18080 protocol=HTTP/1.1 redirectPort=8443 server=Unknown Web Server/1.0/ !-- Define a SSL HTTP/1.1 Connector on port 8443, using only 128-bit+ encryption (remove ciphers attribute if not needed). -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA server=Unknown Web Server/1.0/ -- Connector SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreFile=conf/sample-ssl.jks truststorePass=*/ Connector SSLEnabled=true acceptCount=100 clientAuth=true disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8543 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreAlgorithm=AnyCert truststoreFile=conf/sample-ssl.jks truststorePass=*/ !-- Define an AJP 1.3 Connector on port 8409. -- Connector port=8409 protocol=AJP/1.3 redirectPort=8443 server=Unknown Web Server/1.0/ Engine defaultHost=localhost name=Catalina Host appBase=webapps autoDeploy=true name=localhost unpackWARs=true xmlNamespaceAware=false xmlValidation=false/ /Engine /Service /Server ___ Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 04:26 PM Subject:Re: tomcat manager/status question Justin, Your conf/tomcat-users.xml looks fine to me. I copied and pasted it into a stock Tocmat 6.0.33 server on my machine and it worked fine. At this point, you might want to also post your conf/server.xml file. Dan On Mon, 2011-11-14 at 13:00 -0800, Justin Larose wrote: Yes I have restarted tomcat after editing this file: ?xml version='1.0' encoding='cp1252'? tomcat-users role rolename=manager-gui/ user username=admin password= roles=manager-gui / /tomcat-users Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 02:32 PM Subject:Re: tomcat manager/status question Justin, What exactly do you have in your conf/tomcat-users.xml file? If you could include the contents of the file inline here, that would be helpful. Don't forget to redact passwords and other sensitive info. Dan On Mon, 2011-11-14 at 11:18 -0800, Justin Larose wrote: Question: I upgraded my Tomcat version to 6.0 using the apache-tomcat-6.0.33.exe file and I am trying to access
Re: Database connection causes slow startup
On Wed, 2011-11-16 at 11:07 -0800, Ben Gladstone wrote: I've attached my server.xml, context.xml, and catalina.out. I don't believe that you can attach files to the list. You'll need to copy and paste the information in your email. Now, it takes around 7 minutes to start. This seems long, but it really depends on how many connections you've configured the pool to initially make and how long it takes to make each connection. Where are you defining your DataSources and what do the definitions look like? Dan
Re: Database connection causes slow startup
If I'm not mistaken, the data sources are defined in server.xml. Let's try this again. Here's server.xml: ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / !-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -- Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / Resource name=jdbc/PortalDb auth=Container type=oracle.jdbc.pool.OracleDataSource connectionCachingEnabled=true description=FCF Datasource driverClassName=oracle.jdbc.OracleDriver factory=oracle.jdbc.pool.OracleDataSourceFactory fastConnectionFailoverEnabled=true onsConfigStr=nodes=PRIVATE implicitCachingEnabled=true connectionCacheProperties=(InitialLimit=10, MinLimit=10, MaxLimit=150, ConnectionWaitTimeout=40, AbandonedConnectionTimeout=40, TimeToLiveTimeout=90) connectionCacheName=portal_connection_pool user=PRIVATE password=PRIVATE url=jdbc:oracle:thin:@ (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=PRIVATE)(PORT=1521))(LOAD_BALANCE=yes)(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=PRIVATE)) / Resource name=jdbc/WarehouseDB auth=Container type=oracle.jdbc.pool.OracleDataSource driverClassName=oracle.jdbc.OracleDriver factory=oracle.jdbc.pool.OracleDataSourceFactory connectionCachingEnabled=true implicitCachingEnabled=true connectionCacheProperties=(InitialLimit=3, MinLimit=3, MaxLimit=100, ConnectionWaitTimeout=40, AbandonedConnectionTimeout=40, TimeToLiveTimeout=90) connectionCacheName=warehouse_connection_pool user=PRIVATE password=PRIVATE url=jdbc:oracle:thin:@PRIVATE:1521:PRIVATE / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2
Re: Hosts Created in Tomcat 7 Host-Manager Don't Process JSP
Figured this out. For anyone who is curious or who is experiencing the same problem, I was able to get things working with two changes: 1) Make sure Deploy at startup option is checked in when you create the host in the Host Manager. 2) Create the ROOT.xml file for the context in conf/Catalina/host.com/ROOT.xml directory. In my case, I added the following to the xml file: Context docBase=[path] WatchedResourceWEB-INF/web.xml/WatchedResource /Context and everything works nicely now. =) Hope this helps someone. Warm Regards, Jordan Michaels On 11/14/2011 02:50 PM, Jordan Michaels wrote: Running some tests with the Tomcat 7 Host-Manager and it appears as though hosts created via the Host Manager don't process JSP. In my tests, I created a fred.com test site with a root directory of /www/fred.com/, and put a simple hello world index.jsp file in it. I then created the fred.com site in the Tomcat 7 Host Manager (7.0.22 - downloaded just this morning). The host was created without issue. I then checked the host with Telnet: --- jordan@jordan-M61P-S3 /opt/tomcat/conf $ telnet localhost 8080 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /index.jsp HTTP/1.1 HOST: fred.com HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Content-Length: 0 Date: Mon, 14 Nov 2011 21:59:45 GMT Connection closed by foreign host. jordan@jordan-M61P-S3 /opt/tomcat/conf $ --- Looking at the logs, I found this in the catalina.out file: --- INFO: Deploying configuration descriptor manager.xml from /opt/tomcat/conf/Catalina/fred.com --- So, I went and looked at the manager.xml file, and this is what it contained... --- Context docBase=${catalina.home}/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false /Context --- Am I missing something? Is there something I should be doing that I'm not doing? Can anyone confirm they can run JSP on hosts created in the Tomcat 7 Host Manager? Thanks for any help! Warm Regards, Jordan Michaels - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Database connection causes slow startup
Resource name=jdbc/PortalDb auth=Container type=oracle.jdbc.pool.OracleDataSource connectionCachingEnabled=true description=FCF Datasource driverClassName=oracle.jdbc.OracleDriver factory=oracle.jdbc.pool.OracleDataSourceFactory fastConnectionFailoverEnabled=true onsConfigStr=nodes=PRIVATE implicitCachingEnabled=true connectionCacheProperties=(InitialLimit=10, MinLimit=10, MaxLimit=150, ConnectionWaitTimeout=40, AbandonedConnectionTimeout=40, TimeToLiveTimeout=90) connectionCacheName=portal_connection_pool user=PRIVATE password=PRIVATE url=jdbc:oracle:thin:@ (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=PRIVATE)(PORT=1521))(LOAD_BALANCE=yes)(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=PRIVATE)) / Resource name=jdbc/WarehouseDB auth=Container type=oracle.jdbc.pool.OracleDataSource driverClassName=oracle.jdbc.OracleDriver factory=oracle.jdbc.pool.OracleDataSourceFactory connectionCachingEnabled=true implicitCachingEnabled=true connectionCacheProperties=(InitialLimit=3, MinLimit=3, MaxLimit=100, ConnectionWaitTimeout=40, AbandonedConnectionTimeout=40, TimeToLiveTimeout=90) connectionCacheName=warehouse_connection_pool user=PRIVATE password=PRIVATE url=jdbc:oracle:thin:@PRIVATE:1521:PRIVATE / I see an initial limit of 10 for the first DataSource and 3 for the second DataSource. That seems like it should happen pretty quick. A couple thoughts... 1.) Do you have any applications deployed to the server? If so, perhaps it is an application which is causing the startup to take so long. Have you tried starting Tomcat without any applications deployed? If so, how long does it take to startup? 2.) Try making a test connection to your database outside of Tomcat from the same machine. Does the connection take a long time to setup? Dan
How do I build tomcat native for windows x64?
Hello, I would like to build tcnative-1.dll or libtcnative-1.dll for 64-bit windows from source (my goal is twofold: to try a newer APR version, and to debug a crash we are seeing in the native connector with ssl). Either dll will do. I am currently using Visual Studio 2010 on Windows 7 64-bit, Tomcat 6.0.33, Java 6. The builds succeed, but the resulting dll fails in one of two ways when tomcat starts: - the static (tcnative) version crashes during startup on an error on a call to open a file; some debugging shows that the filename starts as but ends up as a null pointer, apparently as it is passed from SSL_add_file_cert_subjects_to_stack() to BIO_ctrl(), which are both in openssl - the dynamic (libtcnative) version (along with libapr-1.dll, libeay32.dll, and ssleay32.dll all in tomcat\bin) shuts down immediately after startup with the error no OPENSSL_Applink; I have tried adding openssl\include\openssl\applink.c to the libtcnative project, to the libapr project, and even adding it as an include in a libtcnative source file, all to no effect At this point, I'm baffled. I have tried to match build types (e.g. /MD with libeay32MD.lib) based on the openssl faq (http://www.openssl.org/support/faq.html [prog]1), and tried various combinations of libraries. How does the tomcat project do this for tcnative releases? Thanks, John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Grabbing the user's info
On 1:59 PM, chris derham wrote: But for _transparent_ authentication IIS is required as Christopher mentioned. That is not true. You can use SPNEGO to setup transparent authentication directly to tomcat. You do not need IIS. This means that a browser accesses a protected url on the server, and the server and browser discuss who the user is, and then the application is presented with that information. This discussion is transparent and involves no user interaction. This can be done by default in IE and I believe chrome, but firefox is more secure so needs to have explicitly have this authentication security enabled - by default it is turned off to stop hackers falsely requesting the details from a malicious server HTH Chris You might also consider using Waffle: http://waffle.codeplex.com/ which does not require IIS and supports NTLM and Kerberos. I've used it as a valve with Tomcat and believe it is also available as a filter. Both Internet Explorer and Firefox have settings to enable or disable automatic login. A brief mention is made in the Tomcat docs: http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat session replication and domain change
Hello, I'm researching possible solutions for a following scenario and am not sure whether tomcat session replication can support it: My site is normally available under www.site.com, www.site.fr, www.site.de etc, for 22 different countries and a total of 500 domains (partners). Usually a user stays on the site he came in to (like www.site.com), except for one important case: all payments are handled by secure.site.com. So my example looks like following: User logins on http://www.site.fr, a new session is created. User uses the site, attributes are written and read... User clicks a special link and is redirected to https://secure.site.com - secure.site.com (same webapp, different servers) loads the session previously initialized on www.site.fr and associates it locally. User uses secure.site.com, modifies attributes etc. After user is finished he jumps (on click or by simply entering the url) back to www.site.fr, the local session contains all the changes from secure.site.com. From the documentation of tomcat 7 I read: Note: Remember that your session state is tracked by a cookie, so your URL must look the same from the out side otherwise, a new session will be created. So I understand that my scenario doesn't work outofthebox, or does it? If not, any other scenarios how to solve this use case? thanx in advance Leon - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat session replication and domain change
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leon, On 11/16/11 5:06 PM, Leon Rosenberg wrote: User logins on http://www.site.fr, a new session is created. User uses the site, attributes are written and read... User clicks a special link and is redirected to https://secure.site.com - secure.site.com (same webapp, different servers) loads the session previously initialized on www.site.fr and associates it locally. How does this work? Or, were you asking if Tomcat can make this work (easily) for you? User uses secure.site.com, modifies attributes etc. After user is finished he jumps (on click or by simply entering the url) back to www.site.fr, the local session contains all the changes from secure.site.com. If you are using cookies to track your session, then this will not work because the browser isn't going to send the session id when the domain changes. If you could always be on *.site.fr (like from www.site.fr to secure.site.fr) then it would work if you set your cookie domain to site.fr. But that is a per-context setting which means you'd need a separate context for each domain you wanted to support. Yuck. If you use URL rewriting for session tracking, then this might work: cluster all the sites together and make sure that the jsessionid parameter is added to any URL you create that crosses the domain border. All copies of the webapp should replicate session info amongst themselves in both directions (www - secure). Unfortunately, you may have a shitstorm of session chatter. Presumably, you'll have a number of domain-specific servers and a single secure one (or clustering all around, which actually makes the chatter problem worse). That means that if you have 100 sessions on each of 10 CCTLD servers then you'll have 1 sessions on the secure server. If that's okay, then go for it. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7ENssACgkQ9CaO5/Lv0PD6NACgsrmhV5v1yn1JKNz3Ap7tfQne 3kYAniU8iETd7qvDEjqdo38/MTEgGna3 =dvKy -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Database connection causes slow startup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben, On 11/16/11 2:44 PM, Ben Gladstone wrote: Resource name=jdbc/PortalDb auth=Container type=oracle.jdbc.pool.OracleDataSource connectionCachingEnabled=true description=FCF Datasource driverClassName=oracle.jdbc.OracleDriver factory=oracle.jdbc.pool.OracleDataSourceFactory fastConnectionFailoverEnabled=true onsConfigStr=nodes=PRIVATE implicitCachingEnabled=true connectionCacheProperties=(InitialLimit=10, MinLimit=10, MaxLimit=150, ConnectionWaitTimeout=40, AbandonedConnectionTimeout=40, TimeToLiveTimeout=90) connectionCacheName=portal_connection_pool user=PRIVATE password=PRIVATE url=jdbc:oracle:thin:@ (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=PRIVATE)(PORT=1521))(LOAD_BALANCE=yes)(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=PRIVATE)) / Note that you are not using Tomcat's connection pooling: you are using Oracle's connection pooling because you specified the factory attribute and told Oracle to create DataSource objects for you. Try setting type=javax.sql.DataSource and removing the factory attribute to use Tomcat's connection pool (which is commons-dbcp). If Tomcat takes 7 minutes to start up, that sounds like plenty of time to take a thread dump to see what's going on. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7EN+sACgkQ9CaO5/Lv0PBIKQCfXNOu9MyIbT4LTkXm2QxE4Vz3 NO8AmwZgLbVKc8vHyKCsqvK1mhIp/GNC =FhEO -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat session replication and domain change
Hello Chris, thank you for the answer, more inline. User logins on http://www.site.fr, a new session is created. User uses the site, attributes are written and read... User clicks a special link and is redirected to https://secure.site.com - secure.site.com (same webapp, different servers) loads the session previously initialized on www.site.fr and associates it locally. How does this work? Or, were you asking if Tomcat can make this work (easily) for you? Yes. I know/can think about other solutions where the session id of the original session is transmitted via additional parameter and is used for session copy, like: server A issues session AAA. link to server B contains sessionIdParameter=AAA a vavle or something on server B notices that there is no local session for user on server B yet and copies the AAA session. The question was, does tomcat support this already, or would I have to code something myself. URL rewriting is not an option for several reasons. ... Unfortunately, you may have a shitstorm of session chatter. Presumably, you'll have a number of domain-specific servers and a single secure one (or clustering all around, which actually makes the chatter problem worse). That means that if you have 100 sessions on each of 10 CCTLD servers then you'll have 1 sessions on the secure server. If that's okay, then go for it. Either you miscalculated it or I don't get the relation, 10x100 = 1000, not 10.000 ;-) But the point is valid, after the user leaves secure.site.com he will probably never come back and there is no need to keep his session (noone pays twice ;-)). But I assume tomcat session replication support doesn't support session purge, neither session pull instead of permanent synchronization. regards Leon - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk connection pool configuration
On 16/11/2011 16:52, Christopher Schultz wrote: Pid, On 11/16/11 8:47 AM, Pid * wrote: Tomcat 6.0.32, HTTPD (worker mpm) 2.2.19, mod_jk 1.2.31. If ThreadsPerChild is 60 and ServerLimit is 10, MaxClients is 600, how many connections, at peak, will be made to 20 Tomcat instances? - From httpd docs: MaxClients: For threaded and hybrid servers (e.g. beos or worker) MaxClients restricts the total number of threads that will be available to serve clients. The default value for beos is 50. For hybrid MPMs the default value is 16 (ServerLimit) multiplied by the value of 25 (ThreadsPerChild). Therefore, to increase MaxClients to a value that requires more than 16 processes, you must also raise ServerLimit. ServerLimit: With worker use this directive only if your MaxClients and ThreadsPerChild settings require more than 16 server processes (default). Do not set the value of this directive any higher than the number of server processes required by what you may want for MaxClients and ThreadsPerChild. So if MaxClients is 600 and ThreadsPerChild is 60 then you can't have more than 10 processes each with 60 threads. If you want more than 16 server processes (which it looks like you don't need), then you'll need to set ServerLimit to something higher than it's default for worker which appears to be 16. I'm not sure you need ServerLimit at all. If you have 20 TCs on the back end, then mod_jk will have to open 20 * 600 = 12000 connections at peak, if my math is correct. That's only 600 connections per TC, or course, but you may have trouble with creating that many connections from the proxy. What I'm not clear on is whether the mod_jk worker connection_pool_size is 60 per Server child, or 60 * 10 Server children. If MaxClients is still 600 and there is one Tomcat, one might assume that allowing all 600 to go to that Tomcat is sensible - but if there are two Tomcats, what is the behaviour? NB 600 to each Tomcat would be more than MaxClients. If you have more than one worker, then the number of Tomcat instances is essentially multiplied. So, if you have 20 TC backends each with 2 workers assigned to them, then you'll 24000 connections instead. Will this change If Tomcat instances start failing? Probably not -- mod_jk will just retire the connection and create a new one. If you are having load problems, you might make things worse with all this connection churn. Agreed. p -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Single POST request being handled twice
OK, I know this seems crazy, but I've looked long and hard and cannot explain this as other than a Tomcat bug. I'm more than willing to dig up extra information where I can, but this is a very rare problem seen in production and not reproducible at will. Also, because this is in production, there is very little I can change, and even if I did change it, it would take a month or more to verify that it is really a fix. So what I'm really looking for is a detailed understanding of the problem so we can detect it when it happens and clean up the after-effects. What we are seeing is one POST request being handled twice by our web app. It looks as though somehow the request is duplicated by Tomcat. Here's our setup: Apache 2.2.14 using APR 1.3.8 and mod_jk 1.2.28 running on Ubuntu 10.04.3 as front end, load balancing. Tomcat 6.0.29 using built-in AJP/1.3 connector running on Ubuntu 9.04 with 64-bit Sun Java 1.5.0_19. Tomcat is not using APR. Tomcat mod_jk connector has keepAliveTimeout=5000 and connectionTimeout=6 (60 seconds). Here is a simplified timeline of what we see in various logs. I'm going to leave some fields out and change others to protect confidentiality and make it easier to follow, but I'll try to keep from changing anything important. Timestamps are just minutes and seconds. 51:48 POST request received by Apache over SSL. We see the request logged in Apache's access.log with this timestamp, but the log entry is actually written at 52:08 (or seems to be, since that is the time stamp of the next entry in the access.log, though the entries immediately before this one have timestamps of 52:02). 51:48 log4j application logs show processing of the request by the application in thread TP-Processor18. Processing continues with updates to database and external systems until: 51:55 last application log entry from TP-Processor18 shows normal completion of processing, which should then return from handleRequest(). The database and three external systems the app communicates with all show normal processing. 51:55 log4j application log entries from TP-Processor6 show it beginning to handle the request. Processing continues normally, just as it did in TP-Processor18 until: 52:08 last application log entry from TP-Processor6. Again external systems show normal processing. 52:08 Tomcat access log shows entry for post request stating it was handled by TP-Processor6 in 7283ms 52:08 mod_jk.log: loadbalancer www.site.com 19.400742 53:06 Tomcat access log shows entry for post request stating it was handled by TP-Processor18 in 77440ms How is it possible that Tomcat has 2 threads handling the same request? How can we detect this as opposed to the user legitimately sending the same request twice? Thanks for your help! =Jeremy=
Re: Single POST request being handled twice
Bypass the apache and send the POST request to tomcat directly. Thant will tell you where the problem is tomcat or apache. On Thu, Nov 17, 2011 at 12:29 PM, Jeremy asfbugzi...@nuru.net wrote: OK, I know this seems crazy, but I've looked long and hard and cannot explain this as other than a Tomcat bug. I'm more than willing to dig up extra information where I can, but this is a very rare problem seen in production and not reproducible at will. Also, because this is in production, there is very little I can change, and even if I did change it, it would take a month or more to verify that it is really a fix. So what I'm really looking for is a detailed understanding of the problem so we can detect it when it happens and clean up the after-effects. What we are seeing is one POST request being handled twice by our web app. It looks as though somehow the request is duplicated by Tomcat. Here's our setup: Apache 2.2.14 using APR 1.3.8 and mod_jk 1.2.28 running on Ubuntu 10.04.3 as front end, load balancing. Tomcat 6.0.29 using built-in AJP/1.3 connector running on Ubuntu 9.04 with 64-bit Sun Java 1.5.0_19. Tomcat is not using APR. Tomcat mod_jk connector has keepAliveTimeout=5000 and connectionTimeout=6 (60 seconds). Here is a simplified timeline of what we see in various logs. I'm going to leave some fields out and change others to protect confidentiality and make it easier to follow, but I'll try to keep from changing anything important. Timestamps are just minutes and seconds. 51:48 POST request received by Apache over SSL. We see the request logged in Apache's access.log with this timestamp, but the log entry is actually written at 52:08 (or seems to be, since that is the time stamp of the next entry in the access.log, though the entries immediately before this one have timestamps of 52:02). 51:48 log4j application logs show processing of the request by the application in thread TP-Processor18. Processing continues with updates to database and external systems until: 51:55 last application log entry from TP-Processor18 shows normal completion of processing, which should then return from handleRequest(). The database and three external systems the app communicates with all show normal processing. 51:55 log4j application log entries from TP-Processor6 show it beginning to handle the request. Processing continues normally, just as it did in TP-Processor18 until: 52:08 last application log entry from TP-Processor6. Again external systems show normal processing. 52:08 Tomcat access log shows entry for post request stating it was handled by TP-Processor6 in 7283ms 52:08 mod_jk.log: loadbalancer www.site.com 19.400742 53:06 Tomcat access log shows entry for post request stating it was handled by TP-Processor18 in 77440ms How is it possible that Tomcat has 2 threads handling the same request? How can we detect this as opposed to the user legitimately sending the same request twice? Thanks for your help! =Jeremy=
RE: Single POST request being handled twice
From: Jeremy [mailto:asfbugzi...@nuru.net] Subject: Single POST request being handled twice How is it possible that Tomcat has 2 threads handling the same request? This is usually the result of an application coding or design error: storing a reference to a request in an inappropriate scope such as the session or a servlet instance or static field. How can we detect this as opposed to the user legitimately sending the same request twice? A) Fix your webapp. B) Place a hidden token (e.g., a sequence number)on the web page that is transmitted with the request, and updated with a different one on each response. If the same token is seen twice, it's a retransmission. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Single POST request being handled twice
Chuck, Thank you for responding to my query. I'd be more than happy to fix our webapp if I understood what it was doing wrong, but unfortunately I don't understand your answer. Would you please give me an example of how I would purposefully write a webapp to create the behavior I witnessed? I do not know of any way to get Tomcat to generate two separate response log lines from two separate threads while reporting the timestamps and processing time as I described. The closest I can come up with is if I wrote a ServletFilter that saved a request and later hijacked some other request thread, replacing that incoming request with the saved request, but then the response would go to the requester whose thread had been hijacked, which is not what we observe. We observe the user getting the second generated response (the one logged first in the Tomcat log). Also in that case the mod_jk log would show two requests, not one. If you can show me how I can intentionally generate the kind of results we are seeing then I will have a clue as to what to look for to fix in the app. As it is now, my understanding is that it is fundamental to Tomcat's architecture that one request is handled exclusively in one thread and what the logs are showing is a violation of that contract. Which is why I think it is a Tomcat (or Apache or mod_jk or AJP) bug. =Jeremy= On Wed, Nov 16, 2011 at 10:25 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Jeremy [mailto:asfbugzi...@nuru.net] Subject: Single POST request being handled twice How is it possible that Tomcat has 2 threads handling the same request? This is usually the result of an application coding or design error: storing a reference to a request in an inappropriate scope such as the session or a servlet instance or static field. How can we detect this as opposed to the user legitimately sending the same request twice? A) Fix your webapp. [snip]
Re: Single POST request being handled twice
On 17/11/2011 01:29, Jeremy wrote: OK, I know this seems crazy, but I've looked long and hard and cannot explain this as other than a Tomcat bug. I'm more than willing to dig up extra information where I can, but this is a very rare problem seen in production and not reproducible at will. Also, because this is in production, there is very little I can change, and even if I did change it, it would take a month or more to verify that it is really a fix. So what I'm really looking for is a detailed understanding of the problem so we can detect it when it happens and clean up the after-effects. What we are seeing is one POST request being handled twice by our web app. It looks as though somehow the request is duplicated by Tomcat. Here's our setup: Apache 2.2.14 using APR 1.3.8 and mod_jk 1.2.28 running on Ubuntu 10.04.3 as front end, load balancing. Tomcat 6.0.29 using built-in AJP/1.3 connector running on Ubuntu 9.04 with 64-bit Sun Java 1.5.0_19. Tomcat is not using APR. Tomcat mod_jk connector has keepAliveTimeout=5000 and connectionTimeout=6 (60 seconds). Here is a simplified timeline of what we see in various logs. I'm going to leave some fields out and change others to protect confidentiality and make it easier to follow, but I'll try to keep from changing anything important. Timestamps are just minutes and seconds. 51:48 POST request received by Apache over SSL. We see the request logged in Apache's access.log with this timestamp, but the log entry is actually written at 52:08 (or seems to be, since that is the time stamp of the next entry in the access.log, though the entries immediately before this one have timestamps of 52:02). 51:48 log4j application logs show processing of the request by the application in thread TP-Processor18. Processing continues with updates to database and external systems until: 51:55 last application log entry from TP-Processor18 shows normal completion of processing, which should then return from handleRequest(). The database and three external systems the app communicates with all show normal processing. 51:55 log4j application log entries from TP-Processor6 show it beginning to handle the request. Processing continues normally, just as it did in TP-Processor18 until: 52:08 last application log entry from TP-Processor6. Again external systems show normal processing. 52:08 Tomcat access log shows entry for post request stating it was handled by TP-Processor6 in 7283ms 52:08 mod_jk.log: loadbalancer www.site.com 19.400742 53:06 Tomcat access log shows entry for post request stating it was handled by TP-Processor18 in 77440ms How is it possible that Tomcat has 2 threads handling the same request? Because I think there are two requests here, rather than one. My guess as to what is happening is as follows: - httpd sends request to Tomcat - Tomcat processes it - network glitch or similar means httpd never receives the response - httpd resends request to Tomcat - Tomcat processes it - httpd receives the response - httpd sends response to user Examining the mod_jk logs on httpd should show this although I don't know what level of logging you'll need to see it. The only hitch with the above is that I'd expect httpd to take longer to realise that there is a problem before re-trying the request. How can we detect this as opposed to the user legitimately sending the same request twice? Use mod_unique_id with mod_rewrite to add the unique ID as a url parameter and then include this in Tomcat's access log and/or write a filter that checks for duplicates. Thanks for your help! The situation you describe could also be triggered by a Tomcat bug. You might want to try protocol=org.apache.coyote.ajp.AjpProtocol on the connector to switch the the Coyote AJP BIO implementation. Mark =Jeremy= - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org