Re: SQLNestedException in Connection Pooling With Tomcat 7.0.39
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Saurabh, On 4/8/14, 6:22 AM, Saurabh Saraswat wrote: Thanks for taking time to respond me. My updated Resource Tag is - Resource name=jdbc/MaxDB auth=Container type=javax.sql.DataSource maxActive=100 maxIdle=30 maxWait=1 That's a lot of connections. Are you sure you need to be able to support 100 simultaneous queries? username=usrname password=password driverClassName=com.mysql.jdbc.Driver url=jdbc:MySQL://localhost:3306/MaxDB?zeroDateTimeBehavior=convertToNull validationQuery=Select 1 removeAbandoned=true You should use /* ping */ SELECT 1 as your validation query. The MySQL driver will perform a lightweight connectivity test instead of actually executing that query, which will improve performance. removeAbandonedTimeout=1000 1 second for abandoned timeout? That seems low. logAbandoned=false/ I highly recommend that you set this to true. I have also cross checked my code. I am closing the connection properly in finally block. How about Statements and ResultSets? I think the MySQL driver (and db) is tolerant of sloppy resource management, but Oracle certainly isn't. Also have set the max_connection=250 in etc/my.cnf for MySql. That just seems like a huge number. You really ought to set connection limits based upon user id. You don't want to lock-out root from your database if your web application runs away with the database... Even now i am not getting any Exception but my Application gets Hanged after a certain time (after Certain hits to the database from application). Have tested pooling with different ways like after setting - factory=org.apache.tomcat.jdbc.pool.DataSourceFactory. Conclusion is that i am not able to find satisfactory solution. I agree with Daniel: you need to take some thread dumps when the application hangs. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTR4TZAAoJEBzwKT+lPKRY3WcP/itpZZE7WZqM9B3fSsDNFXmq 7jm6Wpzujj2pLNjUmtzKaSk44e1XgQTQ07LoxS0b3SLPpRi7yz6KbzCeQCOzQ6KE OXVj7d3plRReg5P2HaSL6FYfYDDh2ql/tKaEEnXVXOvCLI83UEnTnN2ENrsbXwEF Lx+t2mEfX00GlENqasheX6/hcDlHDiSJlccRBGbyF9cXHTF1YFLVJl4vT3R35uwm myiPTepohDAMH4zZ1s2hzQynGpUb69/dnaIopM+BE86YavfKhuNntdFhMF9kaTOQ s7A8UpyGgR4qaCH8qeHDC+brIJVtoVPTnBrcVKiU8oLFY2+K0vCN6tutBQrHTcRz HmYN638X3u6OyHY6nS+N2oEDLzZ/CLV2dntAXhEwOojiePq1mVdDDU48VUAT1ghD BS26DPquhSpedq/XgIrxmaNX69qjb5IWWD9b/0LuxoXSTriuK8Gjhyq2xDYxhoFP 5MZLf5ebUofZsw2qYVijYvy1vXLw96HruCNQMQCzis4Zo+pEt1jk+JT4gzZmrq5o fH0bvAvLriPSYR6STeJAs2/eJ8cOCoi8Vq5AF5NAq5XZGhLnQHbF0WYmHk/ZGen3 WSUhlGXYgFIK3Pf2NRGhf0cnu7gWKighhwqsNB135R7HlPeAg/RwrIcxAdckDULz FYXDKJS+U8HZdiCOoiaQ =JYNR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SQLNestedException in Connection Pooling With Tomcat 7.0.39
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 4/8/14, 6:36 AM, Daniel Mikusa wrote: On Apr 8, 2014, at 8:22 AM, Saurabh Saraswat ssaras...@pivotalindia.com wrote: Dear Dan, Thanks for taking time to respond me. My updated Resource Tag is - Resource name=jdbc/MaxDB auth=Container type=javax.sql.DataSource maxActive=100 maxIdle=“30 As Chris mentioned, set maxActive 1 in your dev environment. That will help you find the problem more quickly. maxWait=1 username=usrname password=password driverClassName=com.mysql.jdbc.Driver url=jdbc:MySQL://localhost:3306/MaxDB?zeroDateTimeBehavior=convertToNull validationQuery=Select 1 removeAbandoned=true removeAbandonedTimeout=“1000 This is in seconds, so 1000 is 16.667 minutes, and is probably way to high. Whoops! You're right. I'm used to everything being in ms. I apologize for my post just now: it's seconds and you are correct. 4 days of conference+drinking will do this to you ;) For the purposes of debugging, try something much lower like 10 seconds. That way you’ll get feedback quick feedback. +1 I have also cross checked my code. I am closing the connection properly in finally block. If you have not done so already, run something like FindBugs on your code. Absolutely. FindBugs is a great tool, even though there are sometimes a lot of false-positives. Run it on your code (it's easy!) and start with the highest-priority bugs that it finds. They are pretty much all worth investigating. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTR4WaAAoJEBzwKT+lPKRYNskP/RQJlQONYDDNa3qokJUoicNr 3zqPd9w6SSvEvZnNfwR6G5a8EI/bDr4xQoEqOQfNBv6QSHrWaEBWmSkQwT/qcVh5 QMOCZ+QMtCCQVD9KtYEwwHJH2FSpv9jEiBVyiPV8Ik4hMOYhIMgcJd+C1qh4Hj7s fAfUsJ0aSZxQqexwHADhtn5UZP6/y+2DZGRZ1YVcCXmV7aPV4ghB1Nj7rY0EOxXq N6q1dt9SsxNXnzqx3xNyJw20qulTa+//B4DNSjpek87cCf+PGMr/M9qV3pqrDBv6 uBIUDWhZXaVa1ilGvyWilr9HnxTUh6JGGQEEgFNfafjO6DDJLteLFsp334QKDX+K QBp03mU7gOO7QwcEtQ49XBmzEgy1//f44m4q9uU3LyZYleT8YRs479us2gHXUbYB iVFOz1kqdFZOL4234zTE7MHkDTSd1o5lwfrzjghT+2On3/nEDYlrsmmcPkBSaVw9 XFYucvC8gXx0CLFlyaPoobwUbVF0qmjEH1Np31tiLCjXDdfsI/2Im1TZDPNCfFnv mj7+FA/h6PXV/kSrSdICjW2H38YeWI7CovUwNm3KnfTiLPC9clpJUUxXCrQWqo/+ z6gv7V0dMRso9lXBFKKh6tGosGC3Q4NPJeqyfDbLUd4lS4HvrwFn9GvJF7Y1xD/+ cKIkLEYn3Njl7Xz9I4Cj =W5a2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SQLNestedException in Connection Pooling With Tomcat 7.0.39
Chris, Thanks for your regular guidance and valuable suggestions! On Fri, Apr 11, 2014 at 11:33 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 4/8/14, 6:36 AM, Daniel Mikusa wrote: On Apr 8, 2014, at 8:22 AM, Saurabh Saraswat ssaras...@pivotalindia.com wrote: Dear Dan, Thanks for taking time to respond me. My updated Resource Tag is - Resource name=jdbc/MaxDB auth=Container type=javax.sql.DataSource maxActive=100 maxIdle=30 As Chris mentioned, set maxActive 1 in your dev environment. That will help you find the problem more quickly. maxWait=1 username=usrname password=password driverClassName=com.mysql.jdbc.Driver url=jdbc:MySQL://localhost:3306/MaxDB?zeroDateTimeBehavior=convertToNull validationQuery=Select 1 removeAbandoned=true removeAbandonedTimeout=1000 This is in seconds, so 1000 is 16.667 minutes, and is probably way to high. Whoops! You're right. I'm used to everything being in ms. I apologize for my post just now: it's seconds and you are correct. 4 days of conference+drinking will do this to you ;) I can understand :) I have done all changes suggested by you guys and the good news is that the problem has been solved. Now my application is running fine. For the purposes of debugging, try something much lower like 10 seconds. That way you'll get feedback quick feedback. +1 I have also cross checked my code. I am closing the connection properly in finally block. If you have not done so already, run something like FindBugs on your code. Absolutely. FindBugs is a great tool, even though there are sometimes a lot of false-positives. Run it on your code (it's easy!) and start with the highest-priority bugs that it finds. They are pretty much all worth investigating. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTR4WaAAoJEBzwKT+lPKRYNskP/RQJlQONYDDNa3qokJUoicNr 3zqPd9w6SSvEvZnNfwR6G5a8EI/bDr4xQoEqOQfNBv6QSHrWaEBWmSkQwT/qcVh5 QMOCZ+QMtCCQVD9KtYEwwHJH2FSpv9jEiBVyiPV8Ik4hMOYhIMgcJd+C1qh4Hj7s fAfUsJ0aSZxQqexwHADhtn5UZP6/y+2DZGRZ1YVcCXmV7aPV4ghB1Nj7rY0EOxXq N6q1dt9SsxNXnzqx3xNyJw20qulTa+//B4DNSjpek87cCf+PGMr/M9qV3pqrDBv6 uBIUDWhZXaVa1ilGvyWilr9HnxTUh6JGGQEEgFNfafjO6DDJLteLFsp334QKDX+K QBp03mU7gOO7QwcEtQ49XBmzEgy1//f44m4q9uU3LyZYleT8YRs479us2gHXUbYB iVFOz1kqdFZOL4234zTE7MHkDTSd1o5lwfrzjghT+2On3/nEDYlrsmmcPkBSaVw9 XFYucvC8gXx0CLFlyaPoobwUbVF0qmjEH1Np31tiLCjXDdfsI/2Im1TZDPNCfFnv mj7+FA/h6PXV/kSrSdICjW2H38YeWI7CovUwNm3KnfTiLPC9clpJUUxXCrQWqo/+ z6gv7V0dMRso9lXBFKKh6tGosGC3Q4NPJeqyfDbLUd4lS4HvrwFn9GvJF7Y1xD/+ cKIkLEYn3Njl7Xz9I4Cj =W5a2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org regards, Saurabh
Re: ColdFusion10 custom mod_jk difference
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Doug, On 4/8/14, 3:44 PM, Doug Strick wrote: We're moving from ColdFusion8 to CF10 where I work and ran into a strange issue. We tried using mod_jk-1.2.39 and it compiled fine. We were able to get the communication working, but ran into strange errors like below. Adobe provides their own customized version of mod_jk which appears to be built from 1.2.32. When I compiled their version from the source they provide our errors went away. I downloaded the source from here if anyone's interested: http://helpx.adobe.com/coldfusion/kb/rhel-connector-configuration.html. Do you know what the difference is between the ASF version and theirs? IMHO it should work if you use the ASF version directly. I can't see a reason for them to have their own (separate) source. I'd like to avoid using their custom version as I don't know how it will play if other non-ColdFusion based apps want to use AJP in the future. The tech you use for your web application is not relevant: AJP is just a binary HTTP-forwarding protocol. Theoretically, there should be nothing about the web application that would require something specific (and extra) to be supported by CF or anything else. Does anyone have any recommendations on how I might be able to figure out what was changed? I'm not a developer so I don't know much at the code level. You could use diff -r against the Adobe code in one directory and the ASF code in another. I'm not going to download it all and pour through it, but you can easily do so. Make sure to use a diff argument that ignores whitespace. [Fri Apr 04 15:22:49 2014] [9753:139964571830064] [debug] ajp_send_request::jk_ajp_common.c (1713): (cfusion) request body to send 0 - request body to resend 0 [Fri Apr 04 15:22:49 2014] [9753:139964571830064] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): received from ajp13 pos=0 len=14 max=65536 [Fri Apr 04 15:22:49 2014] [9753:139964571830064] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0F 00 0A 2F 69 6E 64 65 78 2E 68 74 6D 00 00 00 - .../index.htm ... This does not look like a problem with CF, since you are serving a .html file (right?). This looks like some corrupted messages. It could be a bug introduced by Adobe, some network problem, etc. I did a Google search on Unknown AJP protocol code: 0F and there's some concern that you might have mismatched max_packet_size. Can you check these between httpd and Tomcat? It looks like some folsk are grasping at straws... - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTR4eXAAoJEBzwKT+lPKRY/ekP+wW1Po57MDsHqzc473AjXcNF qqry4V0r57HfcmaerO0z6kudJ5tfUTqJb9Pz/faiVZwofBRmH8yvM4/X8zbFvlbE gHXdMOsSa3w0yJ2zXKC9bdoE4bs/TTn3chCCXjLKRqGcgyzzk70+5iqA0r19jDiF N0xcKKz3KeJBZlwELCxsRjfWf5EtpyvJvjp7SvLHo0SQYAc6gYLCPMe6Sxs0RSVF ZrNLnqiVkNAez9rqPIsXvfq1DP7qQtjDkzLuKbDvOksbb6INUWpTznbiL6fRPWdl OwC/1cQZGRhz9GXMrmINRzjKBjbdsr1rmT5CR8ydQzMgFUzEdHTSNeYOVvdorjU8 PJZbzbYWMCXyP46q6aL+KBXcJDQrbmJlXtGbNhpsa14W+kE50TtDnAFgsWlkzMg4 DTSSscWZKIWNw0WysrPAKwqy/A3nMgLrKaz+xqdwyVHiNf7BMhPOPJokWDqJZV7t 0guQlY3F9BJk2oUirBuXrgM3hyu6vrSwCciDQ6iBHR9d4YluXzOLV4IFNrLHs55u yVWz+tdipX9DNueQJVZzbZ+8+f5pbv+0TRc9ltbomK66uh6rtQE5ubi3GumHJtHr srKc4Te4mOGScGoqqEnsX0/qgcU6GmQPMRXgABHVm4H5hd+F9CJ9WRMLaiYEMuib zcejLSi07ZsRDFSuc+3w =FwOd -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x
Just for the sake of clarity, I will redundantly highlight some parts of Christopher's recent message : Christopher Schultz wrote: ... * If you are on 1.1.24-1.1.29, then you have been vulnerable. * ... I can't stress enough that once you update to a fixed version, *you must re-key your server* and obtain a replacement certificate from your CA. You must also consider any communication that traversed your system while vulnerable to be compromised. That means that every password that went through your system during the period of vulnerability ought to be changed. As I understand it, the real bitch about this bug, is that *during the whole period in which your server was vulnerable* , a knowledgeable attacker would have been able to connect to your server and grab the contents of arbitrary 64 K chunks of memory. This could have contained *anything*, including SSL keys, certificates, decrypted passwords, user-id's, whatever was in such a 64K chunk at that time. And he could do that as often as he wanted, without ever being detected or leaving any trace to allow an analysis later. And he could record this information, for leasurely inspection and analysis at any later time. There are at least 3 consequences : 1) if you do not change your keys and/or passwords now, then in the future that attacker (and whoever he gives or sells the information to) will be able to access your server with the stolen credentials, and do whatever these credentials allow him to do. 2) if these stolen credentials apply to other systems too, even ones that are not vulnerable and have never been, he can use them there too. (people use the same keys and passwords for multiple services, that's just a fact of life) 3) if he has recorded past encrypted traffic to/from your server, and saved this recording, then he can at any time go back and decrypt this past traffic, and pick up anything interesting from there, even without having the new keys. Such a recording could contain, for example, any number of submits from HTML login pages, which were theoretically protected by being made on an encrypted channel. That could probably also contain any communications which your server did with other servers over encrypted channels. This is all fairly complex, and would require a knowledgeable attacker, one that knew about this bug before the good guys, one who had the technical means to do this kind of thing, and some serious dedication and planning on top. That would not be your everyday script-kiddie. But there are people like that out there, and it may explain a-posteriori a number of high-profile data theft incidents that happened over the last 2 years, and any number of low-profile ones that you never heard about. The point is, nobody knows really. So I guess that the amount of damage that this can cause is very much dependent on what you have been running on your server, and for whom, and how attractive your site may have been for such a would-be serious attacker. I would definitely not like to be in the position of having run a HTTPS-based electronic-payment system over the last 2 years. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
HTTP requests held up during Tomcat shutdown
Hello, I am having an issue with Tomcat shutdown. Requests arriving while the servlet container is shutting down seem to be held up by the connector until container shutdown finishes. The shutdown sequence appears to be: (1) pause connectors, (2) stop containers, (3) stop connectors. I have noticed via JMX that Connector.pause() accepts connections and holds them indefinitely - which I think is the case here. The problem is, our servlet can take up to a minute to shut down, meaning connections arriving during this period are held for up to a minute. Is this behavior correct/expected? We have an nginx load balancer in front of our Tomcat servers that re-routes connections upon error (refused, reset, etc.). But this doesn't work well during server restarts since requests are held for many seconds before being re-routed. The result is a flood of slow responses when a server shuts down. Wouldn't ideal Tomcat shutdown behavior be to (1) let existing requests finish (as it already does), but (2) reject new connections (instead of accepting and holding them)? Tested with: Tomcat 7.0.23 and 7.0.53 NIO connector JDK 1.7.0_07 (Windows) and 1.7.0_17 (Linux) Thanks in advance.
Maximum number of JSP ?
Hi, I'm facing performance issue with my application which loads a very large number of different JSPs (ie 16 000). As the application loads the different JSP, the response time becomes longer and the CPU increases. I have tried many configurations by modifying the maxLoadedJsp, PermgenSize, jspIdleTimeout parameters, but without having positive results. I'd like to know if there are known limitations regarding the max number of JSP loaded in an application that could be used without facing performance issue ? Configuration : Tomcat 7.0.52 with Oracle Java 1.6.0.45 on Linux RHEL
Re: Maximum number of JSP ?
Sylvain Goulmy wrote: Hi, I'm facing performance issue with my application which loads a very large number of different JSPs (ie 16 000). As the application loads the different JSP, the response time becomes longer and the CPU increases. I have tried many configurations by modifying the maxLoadedJsp, PermgenSize, jspIdleTimeout parameters, but without having positive results. I'd like to know if there are known limitations regarding the max number of JSP loaded in an application that could be used without facing performance issue ? Configuration : Tomcat 7.0.52 with Oracle Java 1.6.0.45 on Linux RHEL Hi. As a perpetual Java beginner, my first reaction upon reading that number of JPS's above would be : let's enable Garbage Collector logging, and look at what it says. Maybe also, just to give us an idea, you could tell us how much memory that system has, and how much is given to use by Tomcat ? As far as I first understand such things, each of these JSP's gets compiled into a servlet, and the code of that servlet is held in memory for an extended period of time, even if unused at any particular moment. So this is 16000 servlets probably coexisting (un-)happily inside that JVM. No wonder.. Or am I totally off the mark here, Tomcat/Java experts ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Maximum number of JSP ?
Hi, I am not very sure . But I guess If we consider the servlet lifecycle the servlet is not supposed to get instantiated until requested for . So even if the transformation and compilation is done actual existence of unsed objects may not be the reason . So I am little bit skeptical about 16000 objects co-existing at the same time unused which is overloading the server. Any suggestions/remarks ? -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Friday, April 11, 2014 7:01 PM To: Tomcat Users List Subject: Re: Maximum number of JSP ? Sylvain Goulmy wrote: Hi, I'm facing performance issue with my application which loads a very large number of different JSPs (ie 16 000). As the application loads the different JSP, the response time becomes longer and the CPU increases. I have tried many configurations by modifying the maxLoadedJsp, PermgenSize, jspIdleTimeout parameters, but without having positive results. I'd like to know if there are known limitations regarding the max number of JSP loaded in an application that could be used without facing performance issue ? Configuration : Tomcat 7.0.52 with Oracle Java 1.6.0.45 on Linux RHEL Hi. As a perpetual Java beginner, my first reaction upon reading that number of JPS's above would be : let's enable Garbage Collector logging, and look at what it says. Maybe also, just to give us an idea, you could tell us how much memory that system has, and how much is given to use by Tomcat ? As far as I first understand such things, each of these JSP's gets compiled into a servlet, and the code of that servlet is held in memory for an extended period of time, even if unused at any particular moment. So this is 16000 servlets probably coexisting (un-)happily inside that JVM. No wonder.. Or am I totally off the mark here, Tomcat/Java experts ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Maximum number of JSP ?
On 11.04.2014 15:31, André Warnier wrote: As far as I first understand such things, each of these JSP's gets compiled into a servlet, and the code of that servlet is held in memory for an extended period of time, even if unused at any particular moment. So this is 16000 servlets probably coexisting (un-)happily inside that JVM. No wonder.. I'm pretty sure that's the problem. Servlets generated from JSPs contain a bunch of println statements and logic dependant on any tag libraries beign used. They all will reside in memory for the lifetime of application. For that huge number of pages I strongly recommend using a templating engine (there are plenty of them). -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Maximum number of JSP ?
Any suggestions/remarks ? Yes, don't top-post. So I'll move you, to show you how it's done here. -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Friday, April 11, 2014 7:01 PM To: Tomcat Users List Subject: Re: Maximum number of JSP ? Sylvain Goulmy wrote: Hi, I'm facing performance issue with my application which loads a very large number of different JSPs (ie 16 000). As the application loads the different JSP, the response time becomes longer and the CPU increases. I have tried many configurations by modifying the maxLoadedJsp, PermgenSize, jspIdleTimeout parameters, but without having positive results. I'd like to know if there are known limitations regarding the max number of JSP loaded in an application that could be used without facing performance issue ? Configuration : Tomcat 7.0.52 with Oracle Java 1.6.0.45 on Linux RHEL Hi. As a perpetual Java beginner, my first reaction upon reading that number of JPS's above would be : let's enable Garbage Collector logging, and look at what it says. Maybe also, just to give us an idea, you could tell us how much memory that system has, and how much is given to use by Tomcat ? As far as I first understand such things, each of these JSP's gets compiled into a servlet, and the code of that servlet is held in memory for an extended period of time, even if unused at any particular moment. So this is 16000 servlets probably coexisting (un-)happily inside that JVM. No wonder.. Or am I totally off the mark here, Tomcat/Java experts ? Dutta, Abhishek wrote: Hi, I am not very sure . But I guess If we consider the servlet lifecycle the servlet is not supposed to get instantiated until requested for . So even if the transformation and compilation is done actual existence of unsed objects may not be the reason . So I am little bit skeptical about 16000 objects co-existing at the same time unused which is overloading the server. ... Apart from that, note that I did not write objects, you did. And I would not have talked about servlets being instantiated either. With the slew of Java experts lurking on this list, this kind of loose language could easily get you slapped. But, notwithstanding the fact that I am not a Java expert, I would imagine that as more and more of these 16000 JSP's get activated through client requests, they get compiled, thus generating executable (or let's say interpretable) code, which has to be stored somewhere, right ? and if you only have a limited amount of memory to play with (unless you work for the NSA or such), there may come a time where this may become a bottleneck, right ? And then you've got (or rather the JVM has got) to start cleaning up, swapping things out and in, that kind of thing. And that's usually not a very good thing for performance, however that is defined. From there my wondering about Garbage Collection and available memory. To kind of set a base for the undoubtedly fruitful discussion that will certainly follow, if I know this list at all. Even on a Friday. We have not even started talking about the instances of objects that these compiled JSP's will be calling into existence when they are being invoked. One thing at a time. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How to monitor performance of tomcat
-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, April 11, 2014 12:54 AM To: Tomcat Users List Subject: Re: How to monitor performance of tomcat All, On 4/8/14, 5:24 PM, Christopher Schultz wrote: Randir, On 4/8/14, 5:05 AM, Randhir Singh wrote: We have an application which has JBoss as the application server with Tomcat as the web server, our application has Oracle 11g as the database. I would give some further background to the issue we are facing, since the last 1 1/2 months, the application slows down. Sometimes it comes back to normal, specially on week-ends. But other times we restart JBoss Tomcat to bring back the application to normal. We have been using jconsole to monitor tomcat like jconsole 10.101.17.79:8891 which monitors our tomcat for a work order system. If the memory usage does not show spike and shows constant reading, the GC button is clicked to invoke the garbage collector. You should really never have to invoke the gc yourself. It gc isn't working properly by itself, you have a big problem. I checked out on the net and got some clue as below: 1) Javamelody - It seems to be a 3rd party tool which is not recommended. Javamelody is just fine. What makes you think it's not recommended? 2) There is a command mentioned to see the admin console, http://IP:port/ but it is not displaying the required page. Please give your inputs whether jconsole should be a help in the right direction or some other way to monitor the performance of Tomcat. I suspect there's no chance you are in Denver for ApacheCon right now, are you? I'm giving a presentation on it tomorrow. I'll post the slides later in the afternoon MDT. http://people.apache.org/~schultz/ApacheCon%20NA%202014/Monitoring%20Ap ache%20Tomcat%20with%20JMX.odp There's a PDF version with borked slide-notes in that directory if you can't read ODP. Chris - The PDF file is not world readable. Jeff
Re: How to monitor performance of tomcat
Jeffrey Janner wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, April 11, 2014 12:54 AM To: Tomcat Users List Subject: Re: How to monitor performance of tomcat All, On 4/8/14, 5:24 PM, Christopher Schultz wrote: Randir, On 4/8/14, 5:05 AM, Randhir Singh wrote: We have an application which has JBoss as the application server with Tomcat as the web server, our application has Oracle 11g as the database. I would give some further background to the issue we are facing, since the last 1 1/2 months, the application slows down. Sometimes it comes back to normal, specially on week-ends. But other times we restart JBoss Tomcat to bring back the application to normal. We have been using jconsole to monitor tomcat like jconsole 10.101.17.79:8891 which monitors our tomcat for a work order system. If the memory usage does not show spike and shows constant reading, the GC button is clicked to invoke the garbage collector. You should really never have to invoke the gc yourself. It gc isn't working properly by itself, you have a big problem. I checked out on the net and got some clue as below: 1) Javamelody - It seems to be a 3rd party tool which is not recommended. Javamelody is just fine. What makes you think it's not recommended? 2) There is a command mentioned to see the admin console, http://IP:port/ but it is not displaying the required page. Please give your inputs whether jconsole should be a help in the right direction or some other way to monitor the performance of Tomcat. I suspect there's no chance you are in Denver for ApacheCon right now, are you? I'm giving a presentation on it tomorrow. I'll post the slides later in the afternoon MDT. http://people.apache.org/~schultz/ApacheCon%20NA%202014/Monitoring%20Ap ache%20Tomcat%20with%20JMX.odp There's a PDF version with borked slide-notes in that directory if you can't read ODP. Chris - The PDF file is not world readable. It gets worse : it's not even a PDF. ;-) Coffee, Jeffrey. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How to monitor performance of tomcat
-Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Friday, April 11, 2014 9:27 AM To: Tomcat Users List Subject: Re: How to monitor performance of tomcat Jeffrey Janner wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, April 11, 2014 12:54 AM To: Tomcat Users List Subject: Re: How to monitor performance of tomcat All, On 4/8/14, 5:24 PM, Christopher Schultz wrote: Randir, On 4/8/14, 5:05 AM, Randhir Singh wrote: We have an application which has JBoss as the application server with Tomcat as the web server, our application has Oracle 11g as the database. I would give some further background to the issue we are facing, since the last 1 1/2 months, the application slows down. Sometimes it comes back to normal, specially on week-ends. But other times we restart JBoss Tomcat to bring back the application to normal. We have been using jconsole to monitor tomcat like jconsole 10.101.17.79:8891 which monitors our tomcat for a work order system. If the memory usage does not show spike and shows constant reading, the GC button is clicked to invoke the garbage collector. You should really never have to invoke the gc yourself. It gc isn't working properly by itself, you have a big problem. I checked out on the net and got some clue as below: 1) Javamelody - It seems to be a 3rd party tool which is not recommended. Javamelody is just fine. What makes you think it's not recommended? 2) There is a command mentioned to see the admin console, http://IP:port/ but it is not displaying the required page. Please give your inputs whether jconsole should be a help in the right direction or some other way to monitor the performance of Tomcat. I suspect there's no chance you are in Denver for ApacheCon right now, are you? I'm giving a presentation on it tomorrow. I'll post the slides later in the afternoon MDT. http://people.apache.org/~schultz/ApacheCon%20NA%202014/Monitoring%20 Ap ache%20Tomcat%20with%20JMX.odp There's a PDF version with borked slide-notes in that directory if you can't read ODP. Chris - The PDF file is not world readable. It gets worse : it's not even a PDF. ;-) Coffee, Jeffrey. André - Perhaps you should get another cup. Make it expresso. Chris clearly states that there is *additionally* a PDF version, and that is the one that generates a permissions error. The ODP version downloads just fine, though PowerPoint complains about errors, it seems OK (I still perusing). I was trying to download the PDF version to use as a reference source for some of my less-technical staff. Jeff
mod_jk and ~userdir issue
Greetings! I'm hopeful someone can help me here. I used to have this running under tomcat 5.5/apache2.2 but have installed a centos6 with the packaged tomcat6/apache2.2. I installed the latest mod_jk connector. All is working great except the whole reason I set it up in the first place. I want users to be able to place .jsp's and servlets in their public_html directory and have it serve their pages. As I mentioned I had this working previously under a different version and kept a backup of all those files for reference but I can't get it working on this new instance to save my life. I added this into my Host directive in the servers.xml file per the tomcat6 docs Host name=localhost ... ... Listener className=org.apache.catalina.startup.UserConfig directoryName=public_html userClass=org.apache.catalina.startup.PasswdUserDatabase/ ... /Host https://tomcat.apache.org/tomcat-6.0-doc/config/host.html This made it work under my old setup but not anymore. My workers.properties looks like: worker.list=worker1 worker.node1.type=ajp13 worker.node1.port=8009 worker.node1.host=localhost worker.node1.lbfactor=1 My uriworkermap.properties looks like: /admin/*=worker1 /manager/*=worker1 /jsp-examples/*=worker1 /servlets-examples/*=worker1 /examples/*=worker1 /*=worker1 !/servlets-examples/*.jpeg=lb /jk-manager=jk-status My httpd-jk.conf: LoadModule jk_module modules/mod_jk.so JkWorkersFile conf/workers.properties JkLogFile logs/mod_jk.log JkLogLevel info JkShmFile logs/mod_jk.shm JkWatchdogInterval 60 JkMountFile conf/uriworkermap.properties Thanks in advance to the group! -- Sincerely, Doug Tucker - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Maximum number of JSP ?
2014-04-11 16:58 GMT+04:00 Sylvain Goulmy sygou...@gmail.com: Hi, I'm facing performance issue with my application which loads a very large number of different JSPs (ie 16 000). As the application loads the different JSP, the response time becomes longer and the CPU increases. I have tried many configurations by modifying the maxLoadedJsp, PermgenSize, jspIdleTimeout parameters, but without having positive results. 1. Personally I am pessimistic about 'maxLoadedJsps' option, because even if you unload a JSP, the strings used in its code will still remain in JVM constant strings pool. Anyway, I expect the best performance would be if you do not try unloading the JSPs. 2. Did you set development=false on JspServlet? http://tomcat.apache.org/tomcat-7.0-doc/jasper-howto.html#Production_Configuration Note: I would not recommend using 'genStringAsCharArray', 3. There are a number of ways to monitor your memory usage. 4. Does the number of requests remain the same and only the number of JSPs increases? How much is longer in the response time becomes longer ? I'd like to know if there are known limitations regarding the max number of JSP loaded in an application that could be used without facing performance issue ? Configuration : Tomcat 7.0.52 with Oracle Java 1.6.0.45 on Linux RHEL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to monitor performance of tomcat
Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Friday, April 11, 2014 9:27 AM To: Tomcat Users List Subject: Re: How to monitor performance of tomcat Jeffrey Janner wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, April 11, 2014 12:54 AM To: Tomcat Users List Subject: Re: How to monitor performance of tomcat All, On 4/8/14, 5:24 PM, Christopher Schultz wrote: Randir, On 4/8/14, 5:05 AM, Randhir Singh wrote: We have an application which has JBoss as the application server with Tomcat as the web server, our application has Oracle 11g as the database. I would give some further background to the issue we are facing, since the last 1 1/2 months, the application slows down. Sometimes it comes back to normal, specially on week-ends. But other times we restart JBoss Tomcat to bring back the application to normal. We have been using jconsole to monitor tomcat like jconsole 10.101.17.79:8891 which monitors our tomcat for a work order system. If the memory usage does not show spike and shows constant reading, the GC button is clicked to invoke the garbage collector. You should really never have to invoke the gc yourself. It gc isn't working properly by itself, you have a big problem. I checked out on the net and got some clue as below: 1) Javamelody - It seems to be a 3rd party tool which is not recommended. Javamelody is just fine. What makes you think it's not recommended? 2) There is a command mentioned to see the admin console, http://IP:port/ but it is not displaying the required page. Please give your inputs whether jconsole should be a help in the right direction or some other way to monitor the performance of Tomcat. I suspect there's no chance you are in Denver for ApacheCon right now, are you? I'm giving a presentation on it tomorrow. I'll post the slides later in the afternoon MDT. http://people.apache.org/~schultz/ApacheCon%20NA%202014/Monitoring%20 Ap ache%20Tomcat%20with%20JMX.odp There's a PDF version with borked slide-notes in that directory if you can't read ODP. Chris - The PDF file is not world readable. It gets worse : it's not even a PDF. ;-) Coffee, Jeffrey. André - Perhaps you should get another cup. Make it expresso. Chris clearly states that there is *additionally* a PDF version, and that is the one that generates a permissions error. The ODP version downloads just fine, though PowerPoint complains about errors, it seems OK (I still perusing). I was trying to download the PDF version to use as a reference source for some of my less-technical staff. Jeff Jeff. I apologise. I got a cup of (strong) coffee, and a Twix to go with it. I have an excuse though : for me, it is Friday afternoon, just 15 minutes before 5 PM, at the end of a long week. My attention was divided, between the Tomcat list and the clock on the wall. As an amend : Q: why do clocks never get stolen from government offices ? A: because there is always someone watching them - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and ~userdir issue
Ooops, I copied the wrong workers.properties file. Here is the correct one worker.list=worker1 worker.worker1.type=ajp13 worker.worker1.port=8009 worker.worker1.host=localhost worker.worker1.lbfactor=1 Sincerely, Doug Tucker On 04/11/2014 09:33 AM, Doug Tucker wrote: Greetings! I'm hopeful someone can help me here. I used to have this running under tomcat 5.5/apache2.2 but have installed a centos6 with the packaged tomcat6/apache2.2. I installed the latest mod_jk connector. All is working great except the whole reason I set it up in the first place. I want users to be able to place .jsp's and servlets in their public_html directory and have it serve their pages. As I mentioned I had this working previously under a different version and kept a backup of all those files for reference but I can't get it working on this new instance to save my life. I added this into my Host directive in the servers.xml file per the tomcat6 docs Host name=localhost ... ... Listener className=org.apache.catalina.startup.UserConfig directoryName=public_html userClass=org.apache.catalina.startup.PasswdUserDatabase/ ... /Host https://tomcat.apache.org/tomcat-6.0-doc/config/host.html This made it work under my old setup but not anymore. My workers.properties looks like: worker.list=worker1 worker.node1.type=ajp13 worker.node1.port=8009 worker.node1.host=localhost worker.node1.lbfactor=1 My uriworkermap.properties looks like: /admin/*=worker1 /manager/*=worker1 /jsp-examples/*=worker1 /servlets-examples/*=worker1 /examples/*=worker1 /*=worker1 !/servlets-examples/*.jpeg=lb /jk-manager=jk-status My httpd-jk.conf: LoadModule jk_module modules/mod_jk.so JkWorkersFile conf/workers.properties JkLogFile logs/mod_jk.log JkLogLevel info JkShmFile logs/mod_jk.shm JkWatchdogInterval 60 JkMountFile conf/uriworkermap.properties Thanks in advance to the group! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and ~userdir issue
2014-04-11 18:33 GMT+04:00 Doug Tucker tuck...@lyle.smu.edu: Greetings! I'm hopeful someone can help me here. I used to have this running under tomcat 5.5/apache2.2 but have installed a centos6 with the packaged tomcat6/apache2.2. I installed the latest mod_jk connector. All is working great except the whole reason I set it up in the first place. I want users to be able to place .jsp's and servlets in their public_html directory and have it serve their pages. As I mentioned I had this working previously under a different version and kept a backup of all those files for reference but I can't get it working on this new instance to save my life. I added this into my Host directive in the servers.xml file per the tomcat6 docs Host name=localhost ... ... Listener className=org.apache.catalina.startup.UserConfig directoryName=public_html userClass=org.apache.catalina.startup.PasswdUserDatabase/ ... /Host https://tomcat.apache.org/tomcat-6.0-doc/config/host.html This made it work under my old setup but not anymore. My workers.properties looks like: worker.list=worker1 worker.node1.type=ajp13 worker.node1.port=8009 worker.node1.host=localhost worker.node1.lbfactor=1 My uriworkermap.properties looks like: /admin/*=worker1 /manager/*=worker1 /jsp-examples/*=worker1 /servlets-examples/*=worker1 /examples/*=worker1 /*=worker1 !/servlets-examples/*.jpeg=lb /jk-manager=jk-status My httpd-jk.conf: LoadModule jk_module modules/mod_jk.so JkWorkersFile conf/workers.properties JkLogFile logs/mod_jk.log JkLogLevel info JkShmFile logs/mod_jk.shm JkWatchdogInterval 60 JkMountFile conf/uriworkermap.properties 1. Check whether their pages are accessible when you connect to Tomcat directly without HTTPD. The server.xml looks OK. I am not sure that your mod_jk configuration is OK. 2. There are no jsp-examples and servlet-examples in Tomcat 6. 3. Beware that in current mod_jk versions the mappings are local to a HTTPD VirtualHost. 4. If you want Tomcat to be secure (and you do not trust your students), you have to 1) run it with Java SecurityManager being enabled 2) use latest patched JVM (with no known issues about bypassing a SecurityManager) 3) use an up-to-date Tomcat http://wiki.apache.org/tomcat/FAQ/Linux_Unix#Q5 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to monitor performance of tomcat
Hi Chris, On Fri, Apr 11, 2014 at 10:48 AM, André Warnier a...@ice-sa.com wrote: On 4/8/14, 5:24 PM, Christopher Schultz wrote: http://people.apache.org/~schultz/ApacheCon%20NA%202014/Monitoringhttp://people.apache.org/~schultz/ApacheCon%20NA%202014/Monitoring%20 %20Apache%20Tomcat%20with%20JMX.odphttp://people.apache.org/%7Eschultz/ApacheCon%20NA%202014/Monitoring%20Apache%20Tomcat%20with%20JMX.odp There's a PDF version with borked slide-notes in that directory if you can't read ODP. Q: why do clocks never get stolen from government offices ? A: because there is always someone watching them Thank you! Great presentation and most wonderful notes! One question - on slide #48, where the notes say, You can see here that the current usage is about 100MiB, less than the 115MiB threshold we set, where is the 100MB or thereabouts shown? Is it the committed value? I don't follow that statement. Thanks again, -Shanti
Re: mod_jk and ~userdir issue
1. Check whether their pages are accessible when you connect to Tomcat directly without HTTPD. Negative. Either way I get the tomcat container is not available. You can see the error by going to: http://webdev2.seas.smu.edu/~tuckerd/ The server.xml looks OK. I am not sure that your mod_jk configuration is OK. 2. There are no jsp-examples and servlet-examples in Tomcat 6. Hmm..I installed yum install tomcat* and it installed some packages that have them: http://webdev2.seas.smu.edu/examples/servlets/ but no biggie, the fact that those work just lets me know tomcat is working and I don't have a complete failure. 3. Beware that in current mod_jk versions the mappings are local to a HTTPD VirtualHost. Can you elaborate or point me to the doc? I've read top to bottom the last 2 days of the 6 docs and must have missed this. Are you suggesting if I create a virtual host in apache to the doc root the default is currently pointing to (which is outside the userdir) it will help? I have a feeling I'm misunderstanding what you are saying. My apologies. 4. If you want Tomcat to be secure (and you do not trust your students), you have to This is just for a classroom assignment and will go away as soon as complete. Thanks so much for that info though. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Maximum number of JSP ?
On Fri, Apr 11, 2014 at 6:46 AM, Dutta, Abhishek abhishek.du...@capgemini.com wrote: Hi, I am not very sure . But I guess If we consider the servlet lifecycle the servlet is not supposed to get instantiated until requested for . The question is, do the JSP pages contain static text or JSP elements? Either way, a JSP will be converted to a servlet in the container. When a request for the JSP is made, the container will check to see if the JSP page's servlet is older than the JSP page, and if it is, then the JSP page gets re-compiled. http://docs.oracle.com/javaee/5/tutorial/doc/bnahe.html Now you are going through the servlet life cycle for each JSP page that is newer than it's servlet. And you also have spawned 16,000 threads in this application. One for each init() method of those servlets. Is this performance problem something you didn't have before today?
Re: Maximum number of JSP ?
On Fri, Apr 11, 2014 at 3:41 PM, Mikolaj Rydzewski m...@ceti.pl wrote: On 11.04.2014 15:31, André Warnier wrote: As far as I first understand such things, each of these JSP's gets compiled into a servlet, and the code of that servlet is held in memory for an extended period of time, even if unused at any particular moment. So this is 16000 servlets probably coexisting (un-)happily inside that JVM. No wonder.. I'm pretty sure that's the problem. Servlets generated from JSPs contain a bunch of println statements and logic dependant on any tag libraries beign used. They all will reside in memory for the lifetime of application. For that huge number of pages I strongly recommend using a templating engine (there are plenty of them). JSP _is_ a templating mechnism. In what way do you expect another templating mechanism to help here? All the strings (among other stuff) need to be stored somewhere in memory anyway. I think André is on to something when he points to GC. With that large number of classes I would try to increase permanent size with -XX:MaxPermSize. Before that an attempt with -Xnoclassgc might be worthwhile because that will tell you if permanent size runs out of space and an increase is in order. And then of course GC logging or monitoring via jvisualjm and similar tools is also a good idea. Kind regards robert -- [guy, jim].each {|him| remember.him do |as, often| as.you_can - without end} http://blog.rubybestpractices.com/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Maximum number of JSP ?
On 11.04.2014 17:22, Robert Klemme wrote: JSP _is_ a templating mechnism. In what way do you expect another templating mechanism to help here? All the strings (among other stuff) need to be stored somewhere in memory anyway. Well, IMHO JSP is not only a templating mechanism. It's also a compiler and deployer :-( All the strings are already stored on disk, I see no reason to store them in memory as well. Similar case applies to various CMS systems out there - content is stored in database, no reason to keep it permanently in memory. My point was to consider using templating engine like e.g. Velocity. There's one servlet that is capable of serving any page. Compare it to 16000 servlets. I mean: anything is good that will read/process content on the fly and will not keep it forever in memory. -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Maximum number of JSP ?
On Fri, Apr 11, 2014 at 5:35 PM, Mikolaj Rydzewski m...@ceti.pl wrote: On 11.04.2014 17:22, Robert Klemme wrote: JSP _is_ a templating mechnism. In what way do you expect another templating mechanism to help here? All the strings (among other stuff) need to be stored somewhere in memory anyway. Well, IMHO JSP is not only a templating mechanism. It's also a compiler and deployer :-( All the strings are already stored on disk, I see no reason to store them in memory as well. Then you underestimate the cost of IO and parsing. Similar case applies to various CMS systems out there - content is stored in database, no reason to keep it permanently in memory. It makes a whole lot of sense to keep data that is repeatedly needed closer to where the content is created for clients. (Side note: there was even a webserver that kept preformatted TCP packets in memory to be able to serve client requests faster. IIRC this was done by folks at Sun.) My point was to consider using templating engine like e.g. Velocity. There's one servlet that is capable of serving any page. Compare it to 16000 servlets. You still face the same issue: either you load every template every time it is needed, this incurs cost for IO as well as parsing of the template. Or you keep all templates in memory (if most are used anyway it does not really matter if you load them on demand or at start time) where you pay the memory cost. You get a little more control with Velocity because you could devise your own caching scheme. OTOH then you also need to ensure it's fast for concurrent access etc. The JVM does all that already with it's GC. I mean: anything is good that will read/process content on the fly and will not keep it forever in memory. I beg to differ: careful analysis must show where the problem lies. Then one can come up with a proper solution. Generally leaving things out of memory is certainly not a good advice. Kind regards robert -- [guy, jim].each {|him| remember.him do |as, often| as.you_can - without end} http://blog.rubybestpractices.com/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Maximum number of JSP ?
Hi, Thank you all for your returns. Maybe also, just to give us an idea, you could tell us how much memory that system has, and how much is given to use by Tomcat ? Xmx is 1500 Mo. The PermSize is set so that it can easily load the max number of JSP set with the maxLoadedJsp (set to 5000) parameter. 1. Personally I am pessimistic about 'maxLoadedJsps' option, because even if you unload a JSP, the strings used in its code will still remain in JVM constant strings pool. Anyway, I expect the best performance would be if you do not try unloading the JSPs. 2. Did you set development=false on JspServlet? http://tomcat.apache.org/tomcat-7.0-doc/jasper-howto.html#Production_Configuration Note: I would not recommend using 'genStringAsCharArray', 3. There are a number of ways to monitor your memory usage. 4. Does the number of requests remain the same and only the number of JSPs increases? How much is longer in the response time becomes longer ? 1. This is indeed a scenario i want to test, ie to size the PermGen so it can load all the JSP without having to unload them. This could require a huge PermGen size that i have to assess. 2. development=false and i don't use the genStringAsCharArray parameter 3. I'm using many tools which allows me to monitor the GC behaviour 4. Here is the behaviour that i observed : i request the URL of a jsp in a loop. The content of this JSP is always the same but it's name is different in each URL so that it is considered as a new one. This JSP is quite big (100 ko). Here is the evolution of the response time : - First call : 70 ms - 1000th call : 100ms - 2000th call : 140 ms - 3000th call : 200 ms The more the permgen hosts many JSP, the more the response time increases. On this test, the PermGen was big enough to host all the JSP and the maxLoadedJsp parameter is set to 5000. Is this performance problem something you didn't have before today? No indeed, we were on a different technology (Websphere). On Fri, Apr 11, 2014 at 5:11 PM, Leo Donahue donahu...@gmail.com wrote: On Fri, Apr 11, 2014 at 6:46 AM, Dutta, Abhishek abhishek.du...@capgemini.com wrote: Hi, I am not very sure . But I guess If we consider the servlet lifecycle the servlet is not supposed to get instantiated until requested for . The question is, do the JSP pages contain static text or JSP elements? Either way, a JSP will be converted to a servlet in the container. When a request for the JSP is made, the container will check to see if the JSP page's servlet is older than the JSP page, and if it is, then the JSP page gets re-compiled. http://docs.oracle.com/javaee/5/tutorial/doc/bnahe.html Now you are going through the servlet life cycle for each JSP page that is newer than it's servlet. And you also have spawned 16,000 threads in this application. One for each init() method of those servlets. Is this performance problem something you didn't have before today?
Re: mod_jk and ~userdir issue
Doug Tucker wrote: 1. Check whether their pages are accessible when you connect to Tomcat directly without HTTPD. Negative. Either way I get the tomcat container is not available. You can see the error by going to: http://webdev2.seas.smu.edu/~tuckerd/ The server.xml looks OK. I am not sure that your mod_jk configuration is OK. 2. There are no jsp-examples and servlet-examples in Tomcat 6. Hmm..I installed yum install tomcat* and it installed some packages that have them: http://webdev2.seas.smu.edu/examples/servlets/ but no biggie, the fact that those work just lets me know tomcat is working and I don't have a complete failure. 3. Beware that in current mod_jk versions the mappings are local to a HTTPD VirtualHost. Can you elaborate or point me to the doc? I've read top to bottom the last 2 days of the 6 docs and must have missed this. Are you suggesting if I create a virtual host in apache to the doc root the default is currently pointing to (which is outside the userdir) it will help? I have a feeling I'm misunderstanding what you are saying. My apologies. He means : read on about the JkCopy* directives under Apache httpd. 4. If you want Tomcat to be secure (and you do not trust your students), you have to This is just for a classroom assignment and will go away as soon as complete. Thanks so much for that info though. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 4/11/14, 2:52 AM, André Warnier wrote: As I understand it, the real bitch about this bug, is that *during the whole period in which your server was vulnerable* , a knowledgeable attacker would have been able to connect to your server and grab the contents of arbitrary 64 K chunks of memory. Correct. It's ... kind of bad. There are at least 3 consequences : 1) if you do not change your keys and/or passwords now, then in the future that attacker (and whoever he gives or sells the information to) will be able to access your server with the stolen credentials, and do whatever these credentials allow him to do. Correct: if your server keys have been stolen, then even after you patch your server the damage has been done -- an attacker can decrypt any traffic they capture in the future. That's why you must re-key. Remember to patch first, then re-key ;) 2) if these stolen credentials apply to other systems too, even ones that are not vulnerable and have never been, he can use them there too. (people use the same keys and passwords for multiple services, that's just a fact of life) +1 If you re-use the key+cert on other servers, then their traffic can be decrypted as well if your key has been stolen. 3) if he has recorded past encrypted traffic to/from your server, and saved this recording, then he can at any time go back and decrypt this past traffic, and pick up anything interesting from there, even without having the new keys. Well, the new keys are irrelevant for old traffic. Such a recording could contain, for example, any number of submits from HTML login pages, which were theoretically protected by being made on an encrypted channel. That could probably also contain any communications which your server did with other servers over encrypted channels. Correct: you have to assume that basically your traffic has been essentially unencrypted during the period of vulnerability. That's why everyone has to change all their passwords. For everything. Everywhere. Have fun! - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTSBRMAAoJEBzwKT+lPKRYCacP/2B9d5ooilyV3KxY2K1hXw1n ijesdzbV7xWdgFOVLqvS1OLGbFRFzUhJeu30zhX/aw3gVzUnVrmEHLZqaU5nZXrD gfHEO7FkEazuKrwiZ6Y382t0542Gb735piTM6q49aUs51mIRKzwQgPyGAUD2L+wY 4/djZ2rUPWAp3N/qKrCgSqVFAU03gLU6rhRuyPdOUj4GWRBEFCKPyxrIAfz7xU0/ w3sv9VXobLcAMVTFJvn/7D3H7iA0BjRfYZeo613miCfsGO1d6Y5b3R2z6kBJ5R0A iIVJDaA7O8DFwt5nFwYAm1x9VvoxGBY6+UXEZkaYPisQhVJh5/aKlYIN+AObIRKX RcmoLPxCiz/ANoq8YPovtCumrrqqwNdfceMzP5JyAk6p4pS4OlVrxWST7N4q9fkJ /ZnwGanb3WTU4iFuCf4TijzF0QvwS9rmtZuQLYzG2qSgjOF6O2mBWeSnHQ9bA5RZ gpD/NEOlgYXpVlH0VfFNVQOW8ymWEBdO3Mxq/RoCumWh8yRMLRyodEI7QqUXqCb6 I8fA08xwsjKHNgGxNaJmvf3q6xExhfhASauwNBwTWpO9vtKYBvE3jlgbqR/qcqMT egiqIPGWLK3A14G9YzqOpFljBUxzh9tcNrauFCOZ3Qh5EaffvM6hubBL+MyxsDhR 329oLojNhu47UxqzpgwX =GPt2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to monitor performance of tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeff, On 4/11/14, 8:20 AM, Jeffrey Janner wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, April 11, 2014 12:54 AM To: Tomcat Users List Subject: Re: How to monitor performance of tomcat All, On 4/8/14, 5:24 PM, Christopher Schultz wrote: Randir, On 4/8/14, 5:05 AM, Randhir Singh wrote: We have an application which has JBoss as the application server with Tomcat as the web server, our application has Oracle 11g as the database. I would give some further background to the issue we are facing, since the last 1 1/2 months, the application slows down. Sometimes it comes back to normal, specially on week-ends. But other times we restart JBoss Tomcat to bring back the application to normal. We have been using jconsole to monitor tomcat like jconsole 10.101.17.79:8891 which monitors our tomcat for a work order system. If the memory usage does not show spike and shows constant reading, the GC button is clicked to invoke the garbage collector. You should really never have to invoke the gc yourself. It gc isn't working properly by itself, you have a big problem. I checked out on the net and got some clue as below: 1) Javamelody - It seems to be a 3rd party tool which is not recommended. Javamelody is just fine. What makes you think it's not recommended? 2) There is a command mentioned to see the admin console, http://IP:port/ but it is not displaying the required page. Please give your inputs whether jconsole should be a help in the right direction or some other way to monitor the performance of Tomcat. I suspect there's no chance you are in Denver for ApacheCon right now, are you? I'm giving a presentation on it tomorrow. I'll post the slides later in the afternoon MDT. http://people.apache.org/~schultz/ApacheCon%20NA%202014/Monitoring%20Ap ache%20Tomcat%20with%20JMX.odp There's a PDF version with borked slide-notes in that directory if you can't read ODP. Chris - The PDF file is not world readable. D'oh. How did that happen? Fixed. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTSBSmAAoJEBzwKT+lPKRY7P4QAMvuO19O5EhR3P40pZYQvNvr Zhs0EGzH9p71KtC0REQVm2uC4+dD5LWF9fJChmDdRVjMEuzFekj+znIVy7kduTL8 AcIBRkctGIH969f/5GoKL/DzrcdQ6ISexcuwF3iDwY3PV8oSwYJ0ggnvr7/m4wJj 5wQaZaj10jpaokIpiuNaCxJhciJEocSxJWsbRZPxp1KCL6tKbXFrVhtRFL5L8+ts /S97sciEzxvjCBOMU40MNKSe5gWmM7oCmBiUBmuzoyQyLdblS5BVBQ+xuNkHV2gA fYjYUGoCY9aiquK4ofvrtN/R2DL3stpxDwPDp+YktevdAIFrbLB+oNwGsesiyltB rKlQYh5OcVNHwyMMb37qUE4qUVe09IvZqm4rguFi09RCGwsmbiUL+yuf4EEAwsuI gFuUz9Csk7lX4T7K+juQH0SLYRDip7Py0CywXVVhTlQ7P71t6q2pRrchiQFGPYV4 kov2jYvRAMonTZrNUwJZknSqs1SDut6FM3SQcAH+TZAREVB+DGWFE3jtaawsWLmq GDJ/LXCJ8onEiMxs7yD0uGKoWAJzlGJoZ55dLzO76khE1itbhc/KTfvuPGWqEW0I CtlONP2zTg/SYwyu5c8cXYefJ8DKWjU6JfmsDyyfHqO57i2J2yaLJ7DeBhikrWgP 03BMvm+RqhEUCHVMgrxv =5aJB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Maximum number of JSP ?
On Fri, Apr 11, 2014 at 8:52 AM, Sylvain Goulmy sygou...@gmail.com wrote: 4. Here is the behaviour that i observed : i request the URL of a jsp in a loop. The content of this JSP is always the same but it's name is different in each URL so that it is considered as a new one. Can you post the contents of your JSP? Is this performance problem something you didn't have before today? No indeed, we were on a different technology (Websphere). So what is your point? You originally asked this: I'd like to know if there are known limitations regarding the max number of JSP loaded in an application that could be used without facing performance issue ? Why would there be a number? You can have the same and/or worse performance problems with just one JSP.
Re: How to monitor performance of tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Shanti, On 4/11/14, 9:01 AM, Shanti Suresh wrote: Thank you! Great presentation and most wonderful notes! One question - on slide #48, where the notes say, You can see here that the current usage is about 100MiB, less than the 115MiB threshold we set, where is the 100MB or thereabouts shown? Is it the committed value? I don't follow that statement. The statement refers to the used value. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTSBWGAAoJEBzwKT+lPKRYkc0P/15RW2CSFliGv97Jsm0psJLr R/aGqLAOjf6P7dhLp0jNftaMACkk63rfL0jMlxaimiLmoj1amYHkNOeT+Ep4S0OT 0nqcUmqBaQ72qQE5Ow7lCI+U2Hz9klRQpUZXzy377KTQrp6z/P09k1t43qqpryBb fINlK+3bc5ZmKNLic9gNC+QfXvTBELT43a6A0dtW14us9MNbd8LWUXnJ6h3tuYtu llui55xmxt+FRxr60d8I4BeBQs43+AHqUDvRa1GB/MGDjttNJBlSSObFU9DWlwY1 Bpx5Nt0QV/wYn5ppWZOI9iW/7ZVXyDHtZRhZfmCmmiVkHwfHN57NuoQXje7X7/5m rtNZYesi42HLjUnbSbtN0pigzNWPe8dE12+7YMtMiXuagAkAnQlTYPCKTxcxuthh Wsd70UI8boPygz73S66OAXNbjizX5hXRESIh1+BlJ2v+xGan1mV+ubq+4iJAwOPc Z83RLiWhDeQ+2MS1DpJSRQf3xijuGnfji/Re5qpLP4BIp/ibLHmwXgCgeT+j/oBb NTlFsvIMwiNQpqUdIIuYtGxsF8yhvd+Wp8dw87IdMKYS2srb4WaHeBBIlATu3hgI DvccUy0cLB7//5BT5QobM81SLdOcDNE81hNduQlH0HnAukPdN+gEP2ICu5ABrJve 3SsX8fAXASZTweO8rrws =0GPY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and ~userdir issue
He means : read on about the JkCopy* directives under Apache httpd. Thank you. I don't see this directive anywhere, and search google for JkCopy apache or JkCopy tomcat both return zero results? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Random Tomcat 500 errors
Hi, I’m running into a problem with my production tomcats (7.0.52) that I can’t track down. Occasionally (10 times an hour maybe) I’m getting a HttpServerError 500 error that isn’t appearing in tomcat or my application logs. I see it from my NewRelic monitoring agent though, which is how I realized I was getting them. Most of the requests are completing successfully. I am running Tomcat on RHEL 6.5, behind Apache httpd using mod_jk. I’ve attached the relevant (I hope) bits of config below. I am not sure why I’m not seeing anything in the tomcat logs. I am also running it through the Tanuki Java Wrapper . I am using the latest version of mod_jk (1.2.39). Does anyone have any ideas? When I turned on debugging for mod_jk I saw the 500 error, but not really that helpful. log4j.properties (WEB-INF/classes) # Set root logger level to DEBUG and its only appender to CONSOLE. log4j.rootLogger=ERROR, file ### direct log messages to stdout ### log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.Target=System.out log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n log4j.appender.stdout.encoding=UTF-8 log4j.appender.file=org.apache.log4j.DailyRollingFileAppender log4j.appender.file.File=/opt/tomcat-instance/ops-center.opterus.net/logs/ops-center.log log4j.appender.file.DatePattern='.'-MM-dd log4j.appender.file.layout=org.apache.log4j.PatternLayout log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} %5p [%t] %c{1}:%L - %m%n log4j.appender.file.encoding=UTF-8 ### set log levels - for more verbose logging change 'info' to 'debug' ### ###log4j.logger.org.hibernate = debug log4j.logger.com.opterus.opscenter=ERROR log4j.logger.org.springframework.security.saml=ERROR log4j.logger.org.opensaml=ERROR log4j.logger.PROTOCOL_MESSAGE=ERROR mod_jk.conf === LoadModule jk_module modules/mod_jk.so JkLogFile /var/log/httpd/mod_jk.log JkLogLevel error JkWorkersFile /etc/httpd/conf.d/workers.properties JkShmFile /var/log/httpd/jk.shm server.xml Connector port=8009 connectionTimeout=60 minSpareThreads=5 packetSize=“16384 address=127.0.0.1URIEncoding=UTF-8 enableLookups=false disableUploadTimeout=true maxSpareThreads=75 maxThreads=400 protocol=AJP/1.3 / worker.properties = worker.list=worker1 worker.worker1.port=8009 worker.worker1.host=127.0.0.1 worker.worker1.type=ajp13 worker.worker1.connection_pool_timeout=600 worker.worker1.connect_timeout=1 worker.worker1.max_packet_size=16384 Apache Virtual Host === ExpiresActive On ServerName ops-center.opterus.net DocumentRoot /opt/tomcat-instance/ops-center.opterus.net/ops-center/appBase/ROOT ErrorDocument 503 /error/opterus/503.html # Use separate log files for the SSL virtual host; note that LogLevel # is not inherited from httpd.conf. ErrorLog logs/ssl_error_log #TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol -All +TLSv1 +SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH SSLCertificateFile /etc/httpd/conf/ssl.crt/opterus.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/opterus.key SSLCertificateChainFile /etc/httpd/conf/ssl.key/gs_intermediate.pem SSLCACertificateFile /etc/httpd/conf/ssl.key/gs_ev_root.pem SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. # LogFormat %h combined # CustomLog /dev/null combined LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-agent}i\ combined CustomLog logs/ssl_access_log combined JkStripSession On JkMount /* worker1 JkUnMount /server-status worker1 JkUnmount /res/* worker1 JkUnmount /images/* worker1 JkUnmount /error/* worker1 JkUnmount /blank.html worker1 JkUnmount /tiny_mce_*/* worker1 JkUnmount /lbcheck.faces worker1 FilesMatch \.(gif|ico|jpg|jpeg|bmp|png|js|css)$ ExpiresDefault A29030400 Header append Cache-Control public /FilesMatch FilesMatch \.(js|css)$ Header set Vary Accept-Encoding /FilesMatch Files blank.html ExpiresDefault A29030400 Header append Cache-Control public /Files /VirtualHost Thanks for any help! Cheers, Ian
Tomcat 500 internal server error
This is a followup to my previous email, about Tomcat 500 errors. For every error, I see this in the mod_jk (1.2.39) debug logs: [Fri Apr 11 13:06:33.956 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): received from ajp13 pos=0 len=114 max=16384 [Fri Apr 11 13:06:33.956 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 04 01 F4 00 15 49 6E 74 65 72 6E 61 6C 20 53 65 - .Internal.Se [Fri Apr 11 13:06:33.956 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0010 72 76 65 72 20 45 72 72 6F 72 00 00 02 A0 07 00 - rver.Error.. [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0020 34 6F 61 6D 2E 46 6C 61 73 68 2E 52 45 4E 44 45 - 4oam.Flash.RENDE [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0030 52 4D 41 50 2E 54 4F 4B 45 4E 3D 2D 31 79 76 30 - RMAP.TOKEN=-1yv0 [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0040 6F 6D 7A 74 68 3B 20 50 61 74 68 3D 2F 3B 20 53 - omzth;.Path=/;.S [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0050 65 63 75 72 65 00 A0 01 00 17 74 65 78 74 2F 68 - ecure.text/h [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0060 74 6D 6C 3B 63 68 61 72 73 65 74 3D 55 54 46 2D - tml;charset=UTF- [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0070 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - 8.. Has anyone seen this or have a resolution?
Re: mod_jk and ~userdir issue
Doug Tucker wrote: He means : read on about the JkCopy* directives under Apache httpd. Thank you. I don't see this directive anywhere, and search google for JkCopy apache or JkCopy tomcat both return zero results? Sorry, I wrote that too quickly, just before packing in my laptop. It was JkMountCopy, and you find it here : https://tomcat.apache.org/connectors-doc/reference/apache.html And since I sent you on a wrong track before, here is an explanation as an apology : When your Apache httpd server is configured to handle VirtualHosts, there are 2 parts to the configuration : 1) what is specified outside of the scope of any VirtualHost../VirtualHost section, and which is sometimes referred to as the main configuration. These directives act in fact as defaults for all VirtualHost sections, unless they are overridden within any given VirtualHost section. 2) what is specified inside a VirtualHost section, and affects only this VirtualHost. The point is that the JkMount directives which you would specify in the main configuration part, do not necessarily get carried over to the VirtualHost sections as defaults. If you want this, you must do something special. (JkMountCopy in either the main part, or in the VirtualHost, with a slightly different syntax for each.) Similarly, any JkMount that is within a VirtualHost section, is valid only for this VirtualHost. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to monitor performance of tomcat
Hi Chris, On Fri, Apr 11, 2014 at 12:17 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Shanti, On 4/11/14, 9:01 AM, Shanti Suresh wrote: Thank you! Great presentation and most wonderful notes! One question - on slide #48, where the notes say, You can see here that the current usage is about 100MiB, less than the 115MiB threshold we set, where is the 100MB or thereabouts shown? Is it the committed value? I don't follow that statement. The statement refers to the used value. - -chris Thank you! I got it. The used value says used 114510568. I was looking for a value closer to 100MiB. So in the slide, you were making a point of the current usage being less than the threshold, basically, if I am not mistaken. Thanks, -Shanti
Re: Tomcat 500 internal server error
Ian Long wrote: This is a followup to my previous email, about Tomcat 500 errors. For every error, I see this in the mod_jk (1.2.39) debug logs: [Fri Apr 11 13:06:33.956 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): received from ajp13 pos=0 len=114 max=16384 [Fri Apr 11 13:06:33.956 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 04 01 F4 00 15 49 6E 74 65 72 6E 61 6C 20 53 65 - .Internal.Se [Fri Apr 11 13:06:33.956 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 001072 76 65 72 20 45 72 72 6F 72 00 00 02 A0 07 00 - rver.Error.. [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 002034 6F 61 6D 2E 46 6C 61 73 68 2E 52 45 4E 44 45 - 4oam.Flash.RENDE [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 003052 4D 41 50 2E 54 4F 4B 45 4E 3D 2D 31 79 76 30 - RMAP.TOKEN=-1yv0 [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 00406F 6D 7A 74 68 3B 20 50 61 74 68 3D 2F 3B 20 53 - omzth;.Path=/;.S [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 005065 63 75 72 65 00 A0 01 00 17 74 65 78 74 2F 68 - ecure.text/h [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 006074 6D 6C 3B 63 68 61 72 73 65 74 3D 55 54 46 2D - tml;charset=UTF- [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 007038 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - 8.. Has anyone seen this or have a resolution? ASCII-graphically, your setup is like : Request : Client -- request -- Apache httpd + mod_jk -- request -- Tomcat -- webapp Response : Client -- response -- Apache httpd + mod_jk -- response -- Tomcat -- webapp 500 500 What you are seeing in this log, seems to be a dump, by mod_jk, of a response data packet that it receives from Tomcat. So the error originates in Tomcat, which produces a 500 Server Error response, with a body consisting of a html page giving some details about the error. This error seems to be produced by an application running within Tomcat, which may have something to do with a Flash Renderer..(*) Does that ring a bell ? Now why that 500 error does not appear in your Tomcat logs, may have something to do with the way in which the Tomcat logging is set up (or with you looking in the wrong place). But that is harder to tell from here. But in any case, the 500 error does not originate with mod_jk or Apache httpd. They are just dumping the data that they see go through, coming from Tomcat. (*) Note: that may just be the readable part of a HTTP response header, like a Set-Cookie. It's also hard to tell, not knowing the corresponding request. (The AJP protocol replaces many often-used HTTP header names, by shorter numerical codes). If you look a bit earlier in that log, you should see the request which causes the error. Maybe that will tell you more. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to monitor performance of tomcat
Shanti Suresh wrote: Hi Chris, On Fri, Apr 11, 2014 at 12:17 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Shanti, On 4/11/14, 9:01 AM, Shanti Suresh wrote: Thank you! Great presentation and most wonderful notes! One question - on slide #48, where the notes say, You can see here that the current usage is about 100MiB, less than the 115MiB threshold we set, where is the 100MB or thereabouts shown? Is it the committed value? I don't follow that statement. The statement refers to the used value. - -chris Thank you! I got it. The used value says used 114510568. I was looking for a value closer to 100MiB. 114510568 (~ 109 MB) - 104857600(100 MB) === 9652968 (~ 9 MB) How much closer were you looking for ? So in the slide, you were making a point of the current usage being less than the threshold, basically, if I am not mistaken. Thanks, -Shanti - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 500 internal server error
Yes, the error is coming from tomcat for sure. Tomcat is logging my application errors, but I think the 500 error is in Tomcat code. I am trying to find out why tomcat is not logging this error, it logs exceptions that happen in my code. Cheers, Ian On April 11, 2014 at 2:57:05 PM, André Warnier (a...@ice-sa.com) wrote: Ian Long wrote: This is a followup to my previous email, about Tomcat 500 errors. For every error, I see this in the mod_jk (1.2.39) debug logs: [Fri Apr 11 13:06:33.956 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): received from ajp13 pos=0 len=114 max=16384 [Fri Apr 11 13:06:33.956 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 04 01 F4 00 15 49 6E 74 65 72 6E 61 6C 20 53 65 - .Internal.Se [Fri Apr 11 13:06:33.956 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0010 72 76 65 72 20 45 72 72 6F 72 00 00 02 A0 07 00 - rver.Error.. [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0020 34 6F 61 6D 2E 46 6C 61 73 68 2E 52 45 4E 44 45 - 4oam.Flash.RENDE [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0030 52 4D 41 50 2E 54 4F 4B 45 4E 3D 2D 31 79 76 30 - RMAP.TOKEN=-1yv0 [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0040 6F 6D 7A 74 68 3B 20 50 61 74 68 3D 2F 3B 20 53 - omzth;.Path=/;.S [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0050 65 63 75 72 65 00 A0 01 00 17 74 65 78 74 2F 68 - ecure.text/h [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0060 74 6D 6C 3B 63 68 61 72 73 65 74 3D 55 54 46 2D - tml;charset=UTF- [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0070 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - 8.. Has anyone seen this or have a resolution? ASCII-graphically, your setup is like : Request : Client -- request -- Apache httpd + mod_jk -- request -- Tomcat -- webapp Response : Client -- response -- Apache httpd + mod_jk -- response -- Tomcat -- webapp 500 500 What you are seeing in this log, seems to be a dump, by mod_jk, of a response data packet that it receives from Tomcat. So the error originates in Tomcat, which produces a 500 Server Error response, with a body consisting of a html page giving some details about the error. This error seems to be produced by an application running within Tomcat, which may have something to do with a Flash Renderer..(*) Does that ring a bell ? Now why that 500 error does not appear in your Tomcat logs, may have something to do with the way in which the Tomcat logging is set up (or with you looking in the wrong place). But that is harder to tell from here. But in any case, the 500 error does not originate with mod_jk or Apache httpd. They are just dumping the data that they see go through, coming from Tomcat. (*) Note: that may just be the readable part of a HTTP response header, like a Set-Cookie. It's also hard to tell, not knowing the corresponding request. (The AJP protocol replaces many often-used HTTP header names, by shorter numerical codes). If you look a bit earlier in that log, you should see the request which causes the error. Maybe that will tell you more. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 500 internal server error
2014-04-11 21:47 GMT+04:00 Ian Long ian.l...@opterus.com: This is a followup to my previous email, about Tomcat 500 errors. For every error, I see this in the mod_jk (1.2.39) debug logs: By the way: there is a couple of known errors in 1.2.39 (see changelog). A vote on 1.2.40 release candidate is currently going on on dev mailing list. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and ~userdir issue
Sorry, I wrote that too quickly, just before packing in my laptop. It was JkMountCopy, and you find it here : https://tomcat.apache.org/connectors-doc/reference/apache.html And since I sent you on a wrong track before, here is an explanation as an apology : When your Apache httpd server is configured to handle VirtualHosts, there are 2 parts to the configuration : 1) what is specified outside of the scope of any VirtualHost../VirtualHost section, and which is sometimes referred to as the main configuration. These directives act in fact as defaults for all VirtualHost sections, unless they are overridden within any given VirtualHost section. 2) what is specified inside a VirtualHost section, and affects only this VirtualHost. The point is that the JkMount directives which you would specify in the main configuration part, do not necessarily get carried over to the VirtualHost sections as defaults. If you want this, you must do something special. (JkMountCopy in either the main part, or in the VirtualHost, with a slightly different syntax for each.) Similarly, any JkMount that is within a VirtualHost section, is valid only for this VirtualHost. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Ah, yes, thank you Andre. I do understand this and do not have any virtual hosts set up in apache. This is not a production box, just a dev box for students to practice writing jsp. I wanted it as vanilla as possible, so everything applies only to the main section of the apache config. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 500 internal server error
Ian Long wrote: Yes, the error is coming from tomcat for sure. Tomcat is logging my application errors, but I think the 500 error is in Tomcat code. I am trying to find out why tomcat is not logging this error, it logs exceptions that happen in my code. I am no Tomcat logging nor log4j expert myself, so I'm not quite sure wich kind of error would be logged where by the log setup which you posted previously. Maybe some messages bypass your setup and go directly to the jsvc/JVM STDOUT/STDERR. Might it be that the JVM which runs tomcat, is itself running under some wrapper like jsvc, which itself has its STDOUT/STDERR redirected to SYSLOG by the init.d script which starts it ? Have you looked into /var/log/daemon.log or similar ? P.S. don't copy my email address, respond just to the list. I do get the Tomcat list messages, so the copy is a duplicate. Cheers, Ian On April 11, 2014 at 2:57:05 PM, André Warnier (a...@ice-sa.com) wrote: Ian Long wrote: This is a followup to my previous email, about Tomcat 500 errors. For every error, I see this in the mod_jk (1.2.39) debug logs: [Fri Apr 11 13:06:33.956 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): received from ajp13 pos=0 len=114 max=16384 [Fri Apr 11 13:06:33.956 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 04 01 F4 00 15 49 6E 74 65 72 6E 61 6C 20 53 65 - .Internal.Se [Fri Apr 11 13:06:33.956 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0010 72 76 65 72 20 45 72 72 6F 72 00 00 02 A0 07 00 - rver.Error.. [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0020 34 6F 61 6D 2E 46 6C 61 73 68 2E 52 45 4E 44 45 - 4oam.Flash.RENDE [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0030 52 4D 41 50 2E 54 4F 4B 45 4E 3D 2D 31 79 76 30 - RMAP.TOKEN=-1yv0 [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0040 6F 6D 7A 74 68 3B 20 50 61 74 68 3D 2F 3B 20 53 - omzth;.Path=/;.S [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0050 65 63 75 72 65 00 A0 01 00 17 74 65 78 74 2F 68 - ecure.text/h [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0060 74 6D 6C 3B 63 68 61 72 73 65 74 3D 55 54 46 2D - tml;charset=UTF- [Fri Apr 11 13:06:33.957 2014] [25409:140068250126304] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1403): 0070 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - 8.. Has anyone seen this or have a resolution? ASCII-graphically, your setup is like : Request : Client -- request -- Apache httpd + mod_jk -- request -- Tomcat -- webapp Response : Client -- response -- Apache httpd + mod_jk -- response -- Tomcat -- webapp 500 500 What you are seeing in this log, seems to be a dump, by mod_jk, of a response data packet that it receives from Tomcat. So the error originates in Tomcat, which produces a 500 Server Error response, with a body consisting of a html page giving some details about the error. This error seems to be produced by an application running within Tomcat, which may have something to do with a Flash Renderer..(*) Does that ring a bell ? Now why that 500 error does not appear in your Tomcat logs, may have something to do with the way in which the Tomcat logging is set up (or with you looking in the wrong place). But that is harder to tell from here. But in any case, the 500 error does not originate with mod_jk or Apache httpd. They are just dumping the data that they see go through, coming from Tomcat. (*) Note: that may just be the readable part of a HTTP response header, like a Set-Cookie. It's also hard to tell, not knowing the corresponding request. (The AJP protocol replaces many often-used HTTP header names, by shorter numerical codes). If you look a bit earlier in that log, you should see the request which causes the error. Maybe that will tell you more. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to monitor performance of tomcat
On Fri, Apr 11, 2014 at 3:04 PM, André Warnier a...@ice-sa.com wrote: Shanti Suresh wrote: Hi Chris, On Fri, Apr 11, 2014 at 12:17 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Shanti, On 4/11/14, 9:01 AM, Shanti Suresh wrote: Thank you! Great presentation and most wonderful notes! One question - on slide #48, where the notes say, You can see here that the current usage is about 100MiB, less than the 115MiB threshold we set, where is the 100MB or thereabouts shown? Is it the committed value? I don't follow that statement. The statement refers to the used value. - -chris Thank you! I got it. The used value says used 114510568. I was looking for a value closer to 100MiB. 114510568 (~ 109 MB) - 104857600(100 MB) === 9652968 (~ 9 MB) How much closer were you looking for ? Well, I don't know, maybe 1 or 2 MiB over? The threshold is 115 MiB, so if the notes had said the current usage is less than the 115MiB threshold we set, I might not have had any doubt. So in the slide, you were making a point of the current usage being less than the threshold, basically, if I am not mistaken. Thanks, -Shanti Thanks, -Shanti
Re: 7.0.23 vs. 7.0.52 startup times
Hi Konstantin, Thanks, that did it. I know Chris had mentioned that to me before as well. At that time, I did not have DEBUG logging enabled properly for all subsystems. Is there a way I can do these settings as a default in Tomcat rather than specify in each web-application's web.xml file? Thanks, -Shanti On Thu, Apr 10, 2014 at 3:06 PM, Konstantin Kolinko knst.koli...@gmail.comwrote: 2014-04-10 22:28 GMT+04:00 Shanti Suresh sha...@umich.edu: Greetings, There appears to be a hold up in 7.0.52 at startup as compared to 7.0.23 - a matter of several seconds initializing each context. In 7.0.52, the delay appears to happen at findResources when the javax.servlet.ServletContainerInitializer is identified. Such a things does not happen in v7.0.23 . My question is why is this service being looked for when I don't have such a service file in my context's META-INF directory? A run of both in DEBUG mode shows the following, where findResourcses starts at 13:06:48 and goes until 13:06:51 in v7.0.52: (...) FAQ: http://wiki.apache.org/tomcat/HowTo/FasterStartUp - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x
On 11.4.2014 10:52, André Warnier wrote: 3) if he has recorded past encrypted traffic to/from your server, and saved this recording, then he can at any time go back and decrypt this past traffic, and pick up anything interesting from there, even without having the new keys. Such a recording could contain, for example, any number of submits from HTML login pages, which were theoretically protected by being made on an encrypted channel. That could probably also contain any communications which your server did with other servers over encrypted channels. ... unless Forward secrecy was utilized, which is pretty much invented to defeat future decryption of recorded traffic. Forward secrecy was easy to set up on Linux with APR. When tcnative 1.1.30 is released, it will be easy to set up on Windows with APR. If issue 55988 [1] is resolved, it would be also possible to set it up on JSSE connectors with Java 8. -Ognjen [1] https://issues.apache.org/bugzilla/show_bug.cgi?id=55988 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x
Ognjen Blagojevic wrote: On 11.4.2014 10:52, André Warnier wrote: 3) if he has recorded past encrypted traffic to/from your server, and saved this recording, then he can at any time go back and decrypt this past traffic, and pick up anything interesting from there, even without having the new keys. Such a recording could contain, for example, any number of submits from HTML login pages, which were theoretically protected by being made on an encrypted channel. That could probably also contain any communications which your server did with other servers over encrypted channels. ... unless Forward secrecy was utilized, which is pretty much invented to defeat future decryption of recorded traffic. Forward secrecy was easy to set up on Linux with APR. All agreed. But I was talking about existing recordings of past communications. Whatever is done from now on, would not help in that respect, would it ? When tcnative 1.1.30 is released, it will be easy to set up on Windows with APR. If issue 55988 [1] is resolved, it would be also possible to set it up on JSSE connectors with Java 8. -Ognjen [1] https://issues.apache.org/bugzilla/show_bug.cgi?id=55988 Famous last words.. - I don't think this feature justifies a big blob of ugly code, so this should wait for Java 8. I gather that this was written before HeartBleed became public knowledge. ;-) I believe that in the end, it has to be hoped that the bad guys are no better than the good guys, and that they did not spot this any earlier than the good guys. http://www.theregister.co.uk/2014/04/01/nsa_plans_range_of_free_cloud_services_data_analytics/ They must be very pleased. Now that they have the keys also, they can go back and decode all that stuff, and then they they can zip it properly and reclaim a lot of disk space. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Vote for the features you care about
All, The first Apache Tomcat Summit wrapped up a little over an hour ago. I'll be posting some detailed notes to the Wiki shortly but I wanted to get this message out as soon as possible. In order to gather feedback from the user community with respect to future direction, we plan to use Bugzilla's vote system. A number of new issues have been created today to represent new topics discussed at the Summit. Each Bugzilla user has 50 votes per Bugzilla project (Tomcat 6, 7 and 8 are separate projects) and can allocate up to 5 votes to an issue. Please take the time to vote for the issues you want to see implemented. The number of votes an issue has will be a significant factor in determining the order issues get tackled in. Please take the time to create a Bugzilla account [1], review the open Tomcat issues and vote for the ones you would most like to see implemented. Thanks in advance, Mark [1] https://issues.apache.org/bugzilla - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org