Re: load server configuration file error

[Konstantin Kolinko]

2016-08-08 17:36 GMT+03:00 leonidprokopets :
> It looks like a minor problem, but I'm unable to solve it. :(
>
> Eclipse Neon 4.6 returns this warning when I try to compile a web project
>
> org.apache.catalina.startup.Catalina load
> WARNING: Unable to load server configuration from [C:\Program Files 
> (x86)\Hewlett-Packard\HP Quick Start\conf\server.xml]
>
> Obviously this path is wrong. I'm having problem finding where it is stored. 
> How can I edit the path?
>
> Thanks in advance.

1. A link to Eclipse FAQ is on this page:
http://wiki.apache.org/tomcat/FAQ/Developing#Q6

2. I would say: open "Servers" view (e.g. Window > Show View [>
Other...] > Servers),

double-click on a server and check the settings there.

You can also create a new fresh server configuration there and
configure it from scratch.

Path to server.xml in Tomcat can be configured with a system property,
but it is rarely used feature (if anybody is using it at all) and it
is unlikely that you did that.  (Documented on the System Properties
page in Configuration reference. You haven't mentioned the version of
Tomcat that you are using.)


> when I try to compile a web project

Why and how are you trying to "compile" it?  Usual configuration for
Eclipse is to build it automatically (Project > Build Automatically in
menu). What did you mean, step by step?

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: load server configuration file error

[侯树成]

Hi Leonid,
 When Tomcat run in Eclipse,  It work because the Eclipse server
configuration was treated for the CATALINA_BASE, Just like another
*standalone* Tomcat.
You can reconfig your server. If Error occured,  try Embeded Tomcat. Or use
Remote Debug.

Hope helpful.


2016-08-08 23:56 GMT+08:00 Mark Eggers :

> Leonid,
>
> On 8/8/2016 7:36 AM, leonidprokopets wrote:
> > It looks like a minor problem, but I'm unable to solve it. :(
> >
> > Eclipse Neon 4.6 returns this warning when I try to compile a web
> > project
> >
> > org.apache.catalina.startup.Catalina load WARNING: Unable to load
> > server configuration from [C:\Program Files (x86)\Hewlett-Packard\HP
> > Quick Start\conf\server.xml]
> >
> > Obviously this path is wrong. I'm having problem finding where it is
> > stored. How can I edit the path?
> >
> > Thanks in advance.
> >
> > Leonid.
> >
>
> This is an Eclipse configuration issue. Have you asked on the Eclipse
> mailing list?
>
> I have two Tomcat servers running from within Eclipse Neon on Windows.
> Both run as expected (once I remember to open the Servers project).
>
> How did you add the Tomcat server to Eclipse Neon?
>
> . . . just my two cents
> /mde/
>
>

Re: Connectivity Issue with Tomcat7 and WebServer (AJP Connector)

[tomcat]

On 08.08.2016 11:18, Jayaram Ponnusamy wrote:

Thanks André,

1. ANS-Question 1 = Both Tomcat & WebServer installed on different
Machines, Attached Architecture diagram of our environment. Our Tomcat are
configured as Application Clustering, and WebServer1 is pointing to Tomcat1
and WebServer2 is pointing to Tomcat2
Tomcat's IP (Node1): 10.100.0.31
WebServer's IP (Node1): 10.100.15.21

Tomcat's IP (Node2): 10.100.0.32
WebServer's IP (Node2): 10.100.15.22

2. ANS-Question 2 = Thanks, Thats fine :)

3. ANS-Question 3 = Attached Architecture diagram for your reference.



There are a lot of separate pieces in your configuration, and the problem could be at any 
level. So we must do this step-by-step, systematically, and try to find out exactly where 
things are not working properly. The keywords here are "step-by-step" and "sytematically", 
because with so many pieces, if we start making changes left and right without first 
understanding what the problem is, we will never find out.


First, I'll make some comments based on the configuration schema that you provided, and 
you will tell me if this is right or wrong, ok ? And I have some questions in between..

Please answer the questions below directly under each question, to make it 
easier to follow.


1) Note : I do not know what you mean exactly by "Application Clustering", and I don't 
know exactly how an F5 load-balancer works.  But I will assume that in this case, we can 
consider only the chain from the user workstation to Tomcat #1, and that any results can 
be extrapolated to other cases.
I also assume that Tomcat #1 and Tomcat #2 run the same applications, but that they are 
totally independent from eachother, and that Tomcat #1 and Tomcat #2 never talk to one 
another directly (true/false ?)


2) I assume that the problems that you are mentioning are happening when a user 
workstation client accesses the Tomcat application as follows :

(You may need to reformat this as 2 text lines, to see it correctly)

user wks <-- HTTP(S) --> F5 <-- HTTP --> Apache #1 + mod_jk <-- AJP --> Tomcat 
<-- webapp
  (1)(2) (3)
where :
- HTTP(S) is the protocol used on the connection (1) between the client workstation and 
the F5 load-balancer
- HTTP(S) is the protocol used on the connection (2) between the F5 load-balancer and 
Apache webserver #1 (IP 10.100.15.21)
- AJP is the protocol used on the connection (3) between Apache webserver #1 ((IP 
10.100.15.21) and Tomcat #1 (IP 10.100.0.31)  (*)

- "Tomcat" actually means "Tomcat and its AJP , listening on port 
9009

All correct ?

2) To access the application, the user enters a URL in his browser.
Can you give us an example of such a URL ? You can change the real name of the server for 
privacy, but then be consistent about this in the future, because it is important to 
follow what is going on.
So let's say for example that the F5 is known to the outside world as 
"myF5.mycompany.com", and let's always keep using that same hostname for it in the future.

So the client enters the URL : http://myF5.mycompany.com.. ?
(Add the port if any, and a sample URL)

3) the F5 decides, on the base of some criteria, to forward this HTTP request to Apache 
webserver #1 or Apache webserver #2.

But for the sake of this example, let's assume that it chooses Apache #1 this 
time.

Question 3.1 : how does the F5 forward this request to Apache webserver #1 ? does it just 
copy the original request transparently, and send it to the IP address 10.100.15.21 ?

Or does it change the hostname to which the request is addressed ?
(Originally, the client addressed the request to hostname "myF5.mycompany.com" (which 
resolves to the IP address of the F5); so normally, if the F5 does not modify the hostname 
and sends it "as is" to Apache #1, then the Apache #1 configuration should have a 
 with a ServerName matching "myF5.mycompany.com" also. And if it does not, 
then Apache #1 can only have 1 VirtualHost, the "default VirtualHost", otherwise this 
would not work at all.)


If the F5 changes the hostname of the request, then to what does it change it ?

Question 3.2 : does Apache #1 have only 1  ?
If yes, what are the ServerName and ServerAlias lines in the configuration of that 
 ?


If there are more than one , can you provide their ServerName/ServerAlias, in 
the same order in which the multiple  are listed in the Apache #1 configuration ?


4)
Question 4.1 : is there anything (other than a network cable or other passive equipment) 
between Apache #1 and Tomcat #1 ? (firewall for example)


5) Tomcat #1 configuration :

Question 5.1 : The server.xml of Tomcat #1 has only 1  tag. True/false ?

Question 5.2 : the server.xml of Tomcat #1 contains a tag similar to this one :
  
What is the value of the "defaultHost" attribute in your server.xml ?

Question 5.3 : the server.xml of Tomcat #1 has only one  tag. True/false ?
Please paste the content of that  tag here :

6) Apache httpd :
Apac

Re: More, Re: Question about vulnerability report

[Coty Sutherland]

Vulnerability scanners are always iffy when it comes to finding actual
issues IMO. They're good for running a quick scan to get an overall
feel for weaknesses, but the effectiveness varies from tool to tool
(some only check versions, etc). I think that the best way to test if
you're vulnerable to POODLE is to try and connect via SSLv3, as you've
already done, or with s_client (openssl s_client -ssl3 -connect
$HOST:$PORT). If that fails to connect, then you're good. As far as
the TLS issues, TLSv1.0 is vulnerable to BEAST
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3389) so you
may want to consider disabling CBC ciphers, or even upgrading to java7
if that's causing your audit to fail.

On Mon, Aug 8, 2016 at 2:31 PM, James H. H. Lampert
 wrote:
> Hmm. This is interesting.
>
> pentest-tools.com says that neither our server nor the customer server is
> vulnerable to POODLE.
>
> But Site24x7.com says ours IS vulnerable to POODLE. Then (when I click "View
> Result") it says it isn't. Then (when I actually run the test again) it once
> again says it is. (I haven't tested the customer site because results are
> posted on the test home page, which would compromise the customer's
> privacy.)
>
> Some other POODLE test sites don't appear to work at all. Others say we're
> not vulerable.
>
> Manually testing both servers with
>>
>> curl -v3 -X HEAD https://www.example.com
>
> from a BASH session on my Mac, as per
> 
>
> comes back with the desired "failed handshake" message on both servers.
>
>
> --
> JHHL
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: More, Re: Question about vulnerability report

[James H. H. Lampert]

Hmm. This is interesting.

pentest-tools.com says that neither our server nor the customer server 
is vulnerable to POODLE.


But Site24x7.com says ours IS vulnerable to POODLE. Then (when I click 
"View Result") it says it isn't. Then (when I actually run the test 
again) it once again says it is. (I haven't tested the customer site 
because results are posted on the test home page, which would compromise 
the customer's privacy.)


Some other POODLE test sites don't appear to work at all. Others say 
we're not vulerable.


Manually testing both servers with

curl -v3 -X HEAD https://www.example.com

from a BASH session on my Mac, as per


comes back with the desired "failed handshake" message on both servers.

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: More, Re: Question about vulnerability report

[James H. H. Lampert]

On 8/8/16, 10:32 AM, Coty Sutherland wrote:

So you've already mitigated POODLE and the scanner is just
complaining about your TLS version.


Or SSLLabs isn't actually checking to see if it can connect via SSLv3:

At present, SSL Labs has the following limitations:

In general, cipher suite support is done using only the
best-supported server protocol. This means that SSL Labs might not
show all supported suites when used against servers that enable
different cipher suites depending on the best protocol version
offered by the client. In practice, SSL Labs has additional tests for
BEAST (done with SSL 3 and TLS 1) and obsolete suites (done with the
oldest supported protocol except SSL 2); this means that it will
catch all suites in the majority of cases. A future SSL Labs version
will test cipher suites separately for each supported protocol.


Is there another test service I could try?

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: More, Re: Question about vulnerability report

[Coty Sutherland]

So you've already mitigated POODLE and the scanner is just complaining
about your TLS version. Unfortunately, TLSv1.0 is the only TLS
protocol version available on java6, unless your on u111 (from
https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https).
If you need TLSv1.2, then you'll have to update to java7+.

On Mon, Aug 8, 2016 at 1:13 PM, James H. H. Lampert
 wrote:
> On 8/8/16, 9:59 AM, Coty Sutherland wrote:
>>
>> To mitigate POODLE you must disable SSLv3 and only use TLS. Please
>> visit the wiki page for more info:
>> https://wiki.apache.org/tomcat/Security/POODLE
>
>
> Actually, I found that on my own, only a few minutes after I posted my
> question.
>
> So would the existing
> . . .
>>
>>  clientAuth="false" sslProtocol="TLS" />
>
>
> become this?
> . . .
>>
>>  clientAuth="false" sslProtocol="TLS"
>> sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"  />
>
>
> But what I currently get in an SSLLabs scan is
>>
>> The server supports only older protocols, but not the current best TLS
>> 1.2. Grade capped to C.
>
> . . .
>>
>> Protocols
>> TLS 1.2 No
>> TLS 1.1 No
>> TLS 1.0 Yes
>> SSL 3   No
>> SSL 2   No
>
>
> from which I gather that (1) SSLLabs seems to think SSLv3 is already
> disabled, and (2) TLSv1.1 and TLSv1.2 are unavailable.
>
> Something doesn't make sense here.
>
>
> --
> JHHL
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: More, Re: Question about vulnerability report

[James H. H. Lampert]

On 8/8/16, 9:59 AM, Coty Sutherland wrote:

To mitigate POODLE you must disable SSLv3 and only use TLS. Please
visit the wiki page for more info:
https://wiki.apache.org/tomcat/Security/POODLE


Actually, I found that on my own, only a few minutes after I posted my 
question.


So would the existing
. . .

 clientAuth="false" sslProtocol="TLS" />


become this?
. . .

 clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"  
/>


But what I currently get in an SSLLabs scan is

The server supports only older protocols, but not the current best TLS 1.2. 
Grade capped to C.

. . .

Protocols
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3   No
SSL 2   No


from which I gather that (1) SSLLabs seems to think SSLv3 is already 
disabled, and (2) TLSv1.1 and TLSv1.2 are unavailable.


Something doesn't make sense here.

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: More, Re: Question about vulnerability report

[Coty Sutherland]

> Except for one. It seems that whoever is doing the customer's security audit 
> is concerned with POODLE vulnerability.

To mitigate POODLE you must disable SSLv3 and only use TLS. Please
visit the wiki page for more info:
https://wiki.apache.org/tomcat/Security/POODLE

On Mon, Aug 8, 2016 at 12:35 PM, James H. H. Lampert
 wrote:
> On 7/27/16, 11:59 AM, Mark Thomas wrote:
>
>> ciphers="SSL_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA"
>
>
> Ladies and Gentlemen:
>
> Thanks, Mark; that raises the SSLLabs rating from "F" to "C," and seems to
> have dealt with most of the concerns raised by the customer.
>
> Except for one. It seems that whoever is doing the customer's security audit
> is concerned with POODLE vulnerability.
>
> Can this be dealt with in Tomcat 7 under Java 6? If so, how?
>
> --
> JHHL
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Connectivity Issue with Tomcat7 and WebServer (AJP Connector)

[Mark Eggers]

André,

On 8/8/2016 9:18 AM, André Warnier (tomcat) wrote:
> On 08.08.2016 17:48, Mark Eggers wrote:
>> Jayaram,
>> 
>> Please don't top post
>> (http://tomcat.apache.org/lists.html#tomcat-users item 6).
>> 
>> On 8/8/2016 2:18 AM, Jayaram Ponnusamy wrote:
>>> Thanks André,
>>> 
>>> 1. ANS-Question 1 = Both Tomcat & WebServer installed on
>>> different Machines, Attached Architecture diagram of our
>>> environment. Our Tomcat are configured as Application Clustering,
>>> and WebServer1 is pointing to Tomcat1 and WebServer2 is pointing
>>> to Tomcat2 Tomcat's IP (Node1): 10.100.0.31 WebServer's IP
>>> (Node1): 10.100.15.21
>>> 
>>> Tomcat's IP (Node2): 10.100.0.32 WebServer's IP (Node2): 
>>> 10.100.15.22
>>> 
>>> 2. ANS-Question 2 = Thanks, Thats fine :)
>>> 
>>> 3. ANS-Question 3 = Attached Architecture diagram for your 
>>> reference.
>> 
>> Attachments are stripped by the list software. Please do an inline
>> ASCII diagram.
> 
> This time though, the diagram made it through, at least for me. It
> clears things up a bit, but not completely.

Odd, once I actually saved the attachment I could read it. Normally
thunderbird allows me to open an attachment with the appropriate program
directly from the mail message.

My bad . . .

I too have some puzzlement concerning the architecture and its performance.

. . . just my two cents
/mde/

> 
> It is for example unclear to me, why the front-end Apache server 
> (Virtual Host) would have a ServerName matching the IP address of
> the back-end Tomcat server.
> 
> ServerName 10.100.0.31
> 
> In an Apache httpd configuration, the above seemingly IP-address is
> not interpreted as an IP address, but as a literal hostname
> "10.100.0.31".
> 
> But maybe this has to do with something in the way the top front-end
> F5 load-balancer works. (?)
> 
> Also, I can easily see some potential problems due to pages coming
> back from Tomcat, containing links to the wrong hostname, so that
> user clicks never make it back to the same front-end F5 and/or
> Apache.
> 
> But this is taking us a bit away from the main purpose of this user's
> list. The OP stated that when they "access Tomcat directly", things
> are normal. But when they access it "through Apache", then things are
> slow or not happening. The question is still, what does "accessing
> through Apache" really mean in this case. The problem could be at
> various levels, and we don't have access to them all.
> 
> I'll try to figure out some step-by-step procedure and questions, to 
> guide the OP in finding out where things block.
> 
> 
>> 
>> Also, in your diagram, please show the location of all involved 
>> firewalls.
>> 
>> . . . just my two cents /mde/
>> 
>>> Thanks Jayaram
>>> 
>>> On Mon, Aug 8, 2016 at 11:20 AM, André Warnier (tomcat) 
>>>  wrote:
>>> 
 On 08.08.2016 09:14, Jayaram Ponnusamy wrote:
 
> Thanks for your Quick & Valuable Response,
> 
> 1. ANS-Question 1: No Both Are different Machine, We are
> using VirtualHost configuration
> 
 
 That is not consistent with the configuration that you sent.
 You have a ServerName (in Apache) named as "ServerName
 10.100.0.31" (which is not a proof, but a suggestion that the
 IP of this machine is 10.100.0.31). And you have this line in
 workers.properties : worker.prod_live_svr.host=10.100.0.31
 which suggest that Tomcat answers to the same address. So why
 are you saying "different machine" ?
 
 2. ANS-Question 2: Kindly please share Optimal Value to Set
 for
> ConnectionTimeout & KeepAliveTimeout if required
> 
 
 One again, there is no "optimal" value for all cases. But the 
 default values should cover most of the usual cases. The
 default values are the ones that are active if you do not
 specify the parameter at all.  So just remove these parameters,
 and you should be ok. If there is a problem such as you mention
 below, it is NOT because of the default value of these
 parameters.
 
 3. ANS-Question 3: Yes We have Firewall, but there is no rules.
 I just
> googled and updated this value to tuning server. Now I
> removed
> 
 
 Can you draw a simple schema of your configuration ?
 (ASCII-art) Showing clearly : - where is the workstation -
 where is Apache httpd - where is the firewall - where is
 Tomcat
 
 We do not have access to your server, so it is more
 complicated for helping you, unless you provide us with precise
 information.
 
 
 4. ANS-Question 4: I am new to Apache, While searching in
 Google, Based on
> some recommandationI tried. I removed all these items.
> 
> 
 Good.
 
 Now I am monitoring systems, whether still its closing
 connections or not.
> 
> sir, While directly using Tomcat URL, pages are loading 1-2 
> Seconds, but the same page taking 6-7 Seconds in WebServer
> URL. Also, If I didn't use WebServer URL for 30mi

More, Re: Question about vulnerability report

[James H. H. Lampert]

On 7/27/16, 11:59 AM, Mark Thomas wrote:


ciphers="SSL_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA"


Ladies and Gentlemen:

Thanks, Mark; that raises the SSLLabs rating from "F" to "C," and seems 
to have dealt with most of the concerns raised by the customer.


Except for one. It seems that whoever is doing the customer's security 
audit is concerned with POODLE vulnerability.


Can this be dealt with in Tomcat 7 under Java 6? If so, how?

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Connectivity Issue with Tomcat7 and WebServer (AJP Connector)

[tomcat]

On 08.08.2016 17:48, Mark Eggers wrote:

Jayaram,

Please don't top post (http://tomcat.apache.org/lists.html#tomcat-users
item 6).

On 8/8/2016 2:18 AM, Jayaram Ponnusamy wrote:

Thanks André,

1. ANS-Question 1 = Both Tomcat & WebServer installed on different
Machines, Attached Architecture diagram of our environment. Our
Tomcat are configured as Application Clustering, and WebServer1 is
pointing to Tomcat1 and WebServer2 is pointing to Tomcat2 Tomcat's IP
(Node1): 10.100.0.31 WebServer's IP (Node1): 10.100.15.21

Tomcat's IP (Node2): 10.100.0.32 WebServer's IP (Node2):
10.100.15.22

2. ANS-Question 2 = Thanks, Thats fine :)

3. ANS-Question 3 = Attached Architecture diagram for your
reference.


Attachments are stripped by the list software. Please do an inline ASCII
diagram.


This time though, the diagram made it through, at least for me.
It clears things up a bit, but not completely.

It is for example unclear to me, why the front-end Apache server (Virtual Host) would have 
a ServerName matching the IP address of the back-end Tomcat server.


ServerName 10.100.0.31

In an Apache httpd configuration, the above seemingly IP-address is not interpreted as an 
IP address, but as a literal hostname "10.100.0.31".


But maybe this has to do with something in the way the top front-end F5 load-balancer 
works. (?)


Also, I can easily see some potential problems due to pages coming back from Tomcat, 
containing links to the wrong hostname, so that user clicks never make it back to the same 
front-end F5 and/or Apache.


But this is taking us a bit away from the main purpose of this user's list.
The OP stated that when they "access Tomcat directly", things are normal.
But when they access it "through Apache", then things are slow or not happening.
The question is still, what does "accessing through Apache" really mean in this 
case.
The problem could be at various levels, and we don't have access to them all.

I'll try to figure out some step-by-step procedure and questions, to guide the OP in 
finding out where things block.





Also, in your diagram, please show the location of all involved firewalls.

. . . just my two cents
/mde/


Thanks Jayaram

On Mon, Aug 8, 2016 at 11:20 AM, André Warnier (tomcat)
 wrote:


On 08.08.2016 09:14, Jayaram Ponnusamy wrote:


Thanks for your Quick & Valuable Response,

1. ANS-Question 1: No Both Are different Machine, We are using
VirtualHost configuration



That is not consistent with the configuration that you sent. You
have a ServerName (in Apache) named as "ServerName 10.100.0.31"
(which is not a proof, but a suggestion that the IP of this machine
is 10.100.0.31). And you have this line in workers.properties :
worker.prod_live_svr.host=10.100.0.31 which suggest that Tomcat
answers to the same address. So why are you saying "different
machine" ?

2. ANS-Question 2: Kindly please share Optimal Value to Set for

ConnectionTimeout & KeepAliveTimeout if required



One again, there is no "optimal" value for all cases. But the
default values should cover most of the usual cases. The default
values are the ones that are active if you do not specify the
parameter at all.  So just remove these parameters, and you should
be ok. If there is a problem such as you mention below, it is NOT
because of the default value of these parameters.

3. ANS-Question 3: Yes We have Firewall, but there is no rules. I
just

googled and updated this value to tuning server. Now I removed



Can you draw a simple schema of your configuration ? (ASCII-art)
Showing clearly : - where is the workstation - where is Apache
httpd - where is the firewall - where is Tomcat

We do not have access to your server, so it is more complicated
for helping you, unless you provide us with precise information.


4. ANS-Question 4: I am new to Apache, While searching in Google,
Based on

some recommandationI tried. I removed all these items.



Good.

Now I am monitoring systems, whether still its closing connections
or not.


sir, While directly using Tomcat URL, pages are loading 1-2
Seconds, but the same page taking 6-7 Seconds in WebServer URL.
Also, If I didn't use WebServer URL for 30minutes and hit any
URL, first time its taking more than 30 Seconds to load a page.

Is there any option to tuning the system.



See item 3 above. Clearly, you have a problem.  But without knowing
your exact configuration, we can only guess.  Clearly also, it is
not a problem of Tomcat per se. To me, with the little information
available so far, it sounds like it could be a problem with DNS or
routing, but that's just a wild guess so far.





On Mon, Aug 8, 2016 at 12:53 AM, André Warnier (tomcat)
 wrote:

On 07.08.2016 11:08, Jayaram Ponnusamy wrote:


Hi,

We are using Tomcat 7.0.42.0, AJP/1.3 with Apache 2.2.21.
Connecting Apache to Tomcat as VirtualHost, The Problem is
Apache and Tomcat losing its connection every 20-30 Minutes.
Either We have to hit the WebServer URL multiple times or
Reboot Apache & Tomcat to resolve the 

Re: load server configuration file error

[Mark Eggers]

Leonid,

On 8/8/2016 7:36 AM, leonidprokopets wrote:
> It looks like a minor problem, but I'm unable to solve it. :(
> 
> Eclipse Neon 4.6 returns this warning when I try to compile a web
> project
> 
> org.apache.catalina.startup.Catalina load WARNING: Unable to load
> server configuration from [C:\Program Files (x86)\Hewlett-Packard\HP
> Quick Start\conf\server.xml]
> 
> Obviously this path is wrong. I'm having problem finding where it is
> stored. How can I edit the path?
> 
> Thanks in advance.
> 
> Leonid.
> 

This is an Eclipse configuration issue. Have you asked on the Eclipse
mailing list?

I have two Tomcat servers running from within Eclipse Neon on Windows.
Both run as expected (once I remember to open the Servers project).

How did you add the Tomcat server to Eclipse Neon?

. . . just my two cents
/mde/



signature.asc
Description: OpenPGP digital signature

Re: Connectivity Issue with Tomcat7 and WebServer (AJP Connector)

[Mark Eggers]

Jayaram,

Please don't top post (http://tomcat.apache.org/lists.html#tomcat-users
item 6).

On 8/8/2016 2:18 AM, Jayaram Ponnusamy wrote:
> Thanks André,
> 
> 1. ANS-Question 1 = Both Tomcat & WebServer installed on different 
> Machines, Attached Architecture diagram of our environment. Our
> Tomcat are configured as Application Clustering, and WebServer1 is
> pointing to Tomcat1 and WebServer2 is pointing to Tomcat2 Tomcat's IP
> (Node1): 10.100.0.31 WebServer's IP (Node1): 10.100.15.21
> 
> Tomcat's IP (Node2): 10.100.0.32 WebServer's IP (Node2):
> 10.100.15.22
> 
> 2. ANS-Question 2 = Thanks, Thats fine :)
> 
> 3. ANS-Question 3 = Attached Architecture diagram for your
> reference.

Attachments are stripped by the list software. Please do an inline ASCII
diagram.

Also, in your diagram, please show the location of all involved firewalls.

. . . just my two cents
/mde/

> Thanks Jayaram
> 
> On Mon, Aug 8, 2016 at 11:20 AM, André Warnier (tomcat)
>  wrote:
> 
>> On 08.08.2016 09:14, Jayaram Ponnusamy wrote:
>> 
>>> Thanks for your Quick & Valuable Response,
>>> 
>>> 1. ANS-Question 1: No Both Are different Machine, We are using
>>> VirtualHost configuration
>>> 
>> 
>> That is not consistent with the configuration that you sent. You
>> have a ServerName (in Apache) named as "ServerName 10.100.0.31"
>> (which is not a proof, but a suggestion that the IP of this machine
>> is 10.100.0.31). And you have this line in workers.properties : 
>> worker.prod_live_svr.host=10.100.0.31 which suggest that Tomcat
>> answers to the same address. So why are you saying "different
>> machine" ?
>> 
>> 2. ANS-Question 2: Kindly please share Optimal Value to Set for
>>> ConnectionTimeout & KeepAliveTimeout if required
>>> 
>> 
>> One again, there is no "optimal" value for all cases. But the
>> default values should cover most of the usual cases. The default
>> values are the ones that are active if you do not specify the 
>> parameter at all.  So just remove these parameters, and you should
>> be ok. If there is a problem such as you mention below, it is NOT
>> because of the default value of these parameters.
>> 
>> 3. ANS-Question 3: Yes We have Firewall, but there is no rules. I
>> just
>>> googled and updated this value to tuning server. Now I removed
>>> 
>> 
>> Can you draw a simple schema of your configuration ? (ASCII-art) 
>> Showing clearly : - where is the workstation - where is Apache
>> httpd - where is the firewall - where is Tomcat
>> 
>> We do not have access to your server, so it is more complicated
>> for helping you, unless you provide us with precise information.
>> 
>> 
>> 4. ANS-Question 4: I am new to Apache, While searching in Google,
>> Based on
>>> some recommandationI tried. I removed all these items.
>>> 
>>> 
>> Good.
>> 
>> Now I am monitoring systems, whether still its closing connections
>> or not.
>>> 
>>> sir, While directly using Tomcat URL, pages are loading 1-2
>>> Seconds, but the same page taking 6-7 Seconds in WebServer URL. 
>>> Also, If I didn't use WebServer URL for 30minutes and hit any
>>> URL, first time its taking more than 30 Seconds to load a page.
>>> 
>>> Is there any option to tuning the system.
>>> 
>>> 
>> See item 3 above. Clearly, you have a problem.  But without knowing
>> your exact configuration, we can only guess.  Clearly also, it is
>> not a problem of Tomcat per se. To me, with the little information
>> available so far, it sounds like it could be a problem with DNS or
>> routing, but that's just a wild guess so far.
>> 
>> 
>> 
>> 
>>> On Mon, Aug 8, 2016 at 12:53 AM, André Warnier (tomcat)
>>>  wrote:
>>> 
>>> On 07.08.2016 11:08, Jayaram Ponnusamy wrote:
 
 Hi,
> We are using Tomcat 7.0.42.0, AJP/1.3 with Apache 2.2.21. 
> Connecting Apache to Tomcat as VirtualHost, The Problem is
> Apache and Tomcat losing its connection every 20-30 Minutes.
> Either We have to hit the WebServer URL multiple times or
> Reboot Apache & Tomcat to resolve the issue for short-time. 
> Also accessing WebServer URL is very very slow than tomcat
> URL (Mostly it takes 30-45seconds to load a Page).
> 
> I have added tomcat/Apache configurations below, Kindly
> please help me to resolve this issue.
> 
> 
> Tomcat (Server.xml):  
> protocol="HTTP/1.1"
 
 connectionTimeout="60"
> redirectPort="8443" URIEncoding="UTF-8"
> emptySessionPath="true"/>
> 
> 
 >>> 
> URIEncoding="UTF-8" connectionTimeout="60"/>  <--
> (*)
> 
> 
> Apache (Workers.properties): worker.list=prod_live_svr 
> worker.prod_live_svr.type=ajp13
> 
> worker.prod_live_svr.host=10.100.0.31 
> worker.prod_live_svr.port=9009 
> worker.prod_live_svr.lbfactor=50 
> worker.prod_live_svr.socket_keepalive=1
> 
> worker.prod_live_svr.connection_pool_size=100 
> worker.prod_live_svr.connection_pool_minsize=50 
> worker.prod_live_svr.connection_pool_timeout=500
>>>

Re: Strange MySQL error when starting tomcat 8 on boot

[Mark Eggers]

Sean,

On 8/8/2016 7:10 AM, Sean Son wrote:
> On Fri, Aug 5, 2016 at 5:34 PM, Mark Eggers 
> wrote:
> 
>> On 8/5/2016 2:19 PM, Sean Son wrote:
>>> Hello!
>>>
>>> I am currently running Tomcat 8 on RHEL 7.2 with one web application
>>> called AppVet (A mobile Application  Vetting program).  The
>>> application works well but when I tried to use a script to allow
>>> tomcat to start up at boot, the webapp gives an authentication error.
>>> I saw the following error in the logs for appvet:
>>>
>>>
>>> [ERROR] Could not connect to database:
>>> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
>>> Communications link failure
>>>
>>> The last packet sent successfully to the server was 0 milliseconds
>>> ago. The driver has not received any packets from the server. Make
>>> sure your MySQL password in your AppVetProperties.xml file is
>>> correct
>>>
>>>
>>> I know for a fact that the MySQL password is correct in that XML
>>> file. I double checked it already.  Any ideas on how I should fix
>>> this error?
>>>
>>> This is the script that I am using for startup/shutdown of Tomcat8 on
>>> boot:
>>>
>>> http://pastebin.com/mrvfDtTD
>>>
>>> Thanks!
>>>
>>> Sean
>>>
>>
>> It appears that your Tomcat process is running as root. Do not do this.
>>
>> Is your MySQL server up and running before Tomcat is started?
>>
>> . . . just my two cents
>> /mde/
>>
>>
> Hello thank you for your response
> 
> I created a user account for Tomcat, I will set the script to use that
> account instead of the root account.   Question though, does this account
> need a password?

Yes, especially since you'll be running a service.

Note that if you're running Tomcat on a privileged port (less than
1024), a non-root account will not be able to bind to this port.

You have three choices.

1. iptables

route port 80 to port 8080 (Tomcat default) internally. Take a look at
the iptables documentation.

2. jsvc

jsvc from the Apache Commons Daemon project allows you to run a service
such as Tomcat more easily. I don't remember if there is an RPM for RHEL
or not (possible in EPEL). It's configuration and startup script are
different, but the documentation is a good start (there are Tomcat
examples).

https://commons.apache.org/proper/commons-daemon/jsvc.html

3. Apache HTTPD front end with mod_proxy_ajp or mod_jk

I'd do this if you need Apache HTTPD for other web applications (a PHP
application, perhaps). There is good documentation available on the
Tomcat web site, as well as a ton of discussion on the mailing list to
get this running.

If you don't feel like building software, I'd recommend mod_proxy_ajp. I
find mod_jk more flexible and a little easier to use (opinions on easy
of use vary), but you'd have to build mod_jk from source. It's easy to
do, but some people find that a little more challenging.

> 
> Also, I cant tell if the MySQL server is up and running prior to Tomcat
> being started. I know that mysqld is enabled to start at boot, but I dont
> know if Tomcat starts prior to MySQL.  How would I figure that out?
> 

I thought REHL 7 uses systemd and not init scripts?

There have been many discussions on the mailing list concerning systemd
and Tomcat. I think someone has posted appropriate systemd scripts.

If not, then look at /etc/rc3.d. Start and stop scripts are executed in
numerical order. Start scripts start with S, stop scripts start with K.

Adjust the numbers in your Tomcat init script (/etc/initinit.d) so that
the start comes after MySQL (second number in the chkconfig line).

You'll have to chkconfig --del and chkconfig --add to have the new
numbers take effect in /etc/rcx.d.

> 
> Thanks!
> 

. . . just my two cents
/mde/




signature.asc
Description: OpenPGP digital signature

load server configuration file error

[leonidprokopets]

It looks like a minor problem, but I'm unable to solve it. :(

Eclipse Neon 4.6 returns this warning when I try to compile a web project

org.apache.catalina.startup.Catalina load
WARNING: Unable to load server configuration from [C:\Program Files 
(x86)\Hewlett-Packard\HP Quick Start\conf\server.xml]

Obviously this path is wrong. I'm having problem finding where it is stored. 
How can I edit the path?

Thanks in advance.

Leonid.

Re: Strange MySQL error when starting tomcat 8 on boot

[Sean Son]

On Fri, Aug 5, 2016 at 5:34 PM, Mark Eggers 
wrote:

> On 8/5/2016 2:19 PM, Sean Son wrote:
> > Hello!
> >
> > I am currently running Tomcat 8 on RHEL 7.2 with one web application
> > called AppVet (A mobile Application  Vetting program).  The
> > application works well but when I tried to use a script to allow
> > tomcat to start up at boot, the webapp gives an authentication error.
> > I saw the following error in the logs for appvet:
> >
> >
> > [ERROR] Could not connect to database:
> > com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
> > Communications link failure
> >
> > The last packet sent successfully to the server was 0 milliseconds
> > ago. The driver has not received any packets from the server. Make
> > sure your MySQL password in your AppVetProperties.xml file is
> > correct
> >
> >
> > I know for a fact that the MySQL password is correct in that XML
> > file. I double checked it already.  Any ideas on how I should fix
> > this error?
> >
> > This is the script that I am using for startup/shutdown of Tomcat8 on
> > boot:
> >
> > http://pastebin.com/mrvfDtTD
> >
> > Thanks!
> >
> > Sean
> >
>
> It appears that your Tomcat process is running as root. Do not do this.
>
> Is your MySQL server up and running before Tomcat is started?
>
> . . . just my two cents
> /mde/
>
>
Hello thank you for your response

I created a user account for Tomcat, I will set the script to use that
account instead of the root account.   Question though, does this account
need a password?

Also, I cant tell if the MySQL server is up and running prior to Tomcat
being started. I know that mysqld is enabled to start at boot, but I dont
know if Tomcat starts prior to MySQL.  How would I figure that out?


Thanks!

Re: Enabling ${...} Syntax for JSTL in JSPs

[Mark Thomas]

On 06/08/2016 15:48, Jerry Malcolm wrote:
> I have several sites that all run on the same server.  All of them use
> XML extensively for the model data and use JSTL to extract the XML data
> and display the data on the JSP pages.  I had to do some maintenance on
> the JSP code structure for one of the sites, rearranging and changing up
> headers, include files, etc, and I broke something.  All of the pages
> still compile and display fine.  But now, any of the places on the page
> where I use ${} to display an XML data value, the page now just
> shows, for example, the literal "${name}" string instead of the name
> itself. If I use  it works fine.  So it's just
> that the compiler is no longer recognizing ${...} syntax.
> 
> I'm using TC 8.0.24.  But I'm pretty sure this has nothing to do with TC
> since it used to work and everything still works fine on the other sites
> on the same server.  I know I did something stupid and messed something
> up that caused this.  But I'm at a loss for where to start looking. 
> What could I possibly have done to turn off the JSP compiler from
> recognizing and resolving ${...} syntax?

The most likely cause is you added:

<%@ page isELIgnored="true" %>

to some pages as a result of your refactoring.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Connectivity Issue with Tomcat7 and WebServer (AJP Connector)

[Jayaram Ponnusamy]

Thanks André,

1. ANS-Question 1 = Both Tomcat & WebServer installed on different
Machines, Attached Architecture diagram of our environment. Our Tomcat are
configured as Application Clustering, and WebServer1 is pointing to Tomcat1
and WebServer2 is pointing to Tomcat2
Tomcat's IP (Node1): 10.100.0.31
WebServer's IP (Node1): 10.100.15.21

Tomcat's IP (Node2): 10.100.0.32
WebServer's IP (Node2): 10.100.15.22

2. ANS-Question 2 = Thanks, Thats fine :)

3. ANS-Question 3 = Attached Architecture diagram for your reference.




​

Thanks
Jayaram

On Mon, Aug 8, 2016 at 11:20 AM, André Warnier (tomcat) 
wrote:

> On 08.08.2016 09:14, Jayaram Ponnusamy wrote:
>
>> Thanks for your Quick & Valuable Response,
>>
>> 1. ANS-Question 1: No Both Are different Machine, We are using VirtualHost
>> configuration
>>
>
> That is not consistent with the configuration that you sent.
> You have a ServerName (in Apache) named as "ServerName 10.100.0.31" (which
> is not a proof, but a suggestion that the IP of this machine is
> 10.100.0.31).
> And you have this line in workers.properties :
> worker.prod_live_svr.host=10.100.0.31
> which suggest that Tomcat answers to the same address.
> So why are you saying "different machine" ?
>
> 2. ANS-Question 2: Kindly please share Optimal Value to Set for
>> ConnectionTimeout & KeepAliveTimeout if required
>>
>
> One again, there is no "optimal" value for all cases.
> But the default values should cover most of the usual cases.
> The default values are the ones that are active if you do not specify the
> parameter at all.  So just remove these parameters, and you should be ok.
> If there is a problem such as you mention below, it is NOT because of the
> default value of these parameters.
>
> 3. ANS-Question 3: Yes We have Firewall, but there is no rules. I just
>> googled and updated this value to tuning server. Now I removed
>>
>
> Can you draw a simple schema of your configuration ? (ASCII-art)
> Showing clearly :
> - where is the workstation
> - where is Apache httpd
> - where is the firewall
> - where is Tomcat
>
> We do not have access to your server, so it is more complicated for
> helping you, unless you provide us with precise information.
>
>
> 4. ANS-Question 4: I am new to Apache, While searching in Google, Based on
>> some recommandationI tried. I removed all these items.
>>
>>
> Good.
>
> Now I am monitoring systems, whether still its closing connections or not.
>>
>> sir, While directly using Tomcat URL, pages are loading 1-2 Seconds, but
>> the same page taking 6-7 Seconds in WebServer URL.
>> Also, If I didn't use WebServer URL for 30minutes and hit any URL, first
>> time its taking more than 30 Seconds to load a page.
>>
>> Is there any option to tuning the system.
>>
>>
> See item 3 above.
> Clearly, you have a problem.  But without knowing your exact
> configuration, we can only guess.  Clearly also, it is not a problem of
> Tomcat per se.
> To me, with the little information available so far, it sounds like it
> could be a problem with DNS or routing, but that's just a wild guess so far.
>
>
>
>
>> On Mon, Aug 8, 2016 at 12:53 AM, André Warnier (tomcat) 
>> wrote:
>>
>> On 07.08.2016 11:08, Jayaram Ponnusamy wrote:
>>>
>>> Hi,
 We are using Tomcat 7.0.42.0, AJP/1.3 with Apache 2.2.21.
 Connecting Apache to Tomcat as VirtualHost, The Problem is Apache and
 Tomcat losing its connection every 20-30 Minutes. Either We have to hit
 the
 WebServer URL multiple times or Reboot Apache & Tomcat to resolve the
 issue
 for short-time.
 Also accessing WebServer URL is very very slow than tomcat URL (Mostly
 it
 takes 30-45seconds to load a Page).

 I have added tomcat/Apache configurations below, Kindly please help me
 to
 resolve this issue.


 Tomcat (Server.xml):
 >>>
 protocol="HTTP/1.1"
>>>
>>>connectionTimeout="60"
redirectPort="8443"
URIEncoding="UTF-8" emptySessionPath="true"/>


>>> >>
 URIEncoding="UTF-8" connectionTimeout="60"/>  <-- (*)


 Apache (Workers.properties):
 worker.list=prod_live_svr
 worker.prod_live_svr.type=ajp13

 worker.prod_live_svr.host=10.100.0.31
 worker.prod_live_svr.port=9009
 worker.prod_live_svr.lbfactor=50
 worker.prod_live_svr.socket_keepalive=1

 worker.prod_live_svr.connection_pool_size=100
 worker.prod_live_svr.connection_pool_minsize=50
 worker.prod_live_svr.connection_pool_timeout=500


 VirtualHost.conf:
 

 ServerName 10.100.0.31


 ErrorLog logs/live/http_error.log
 RewriteLog logs/live/http_rewrite.log

 RewriteEngine on
 RewriteCond %{REMOTE_ADDR} !^10\.100\.0\.31$
 RewriteRule ^/+$ /sites/  [R,L]

 
 Options +FollowSymlinks
 RewriteEngine On

 RewriteOptions Inherit
 RewriteLog logs/rewrite.log

 
 JkMount   /*prod_live_svr

 JkOptions +ForwardURICo

Re: Connectivity Issue with Tomcat7 and WebServer (AJP Connector)

[tomcat]

On 08.08.2016 09:14, Jayaram Ponnusamy wrote:

Thanks for your Quick & Valuable Response,

1. ANS-Question 1: No Both Are different Machine, We are using VirtualHost
configuration


That is not consistent with the configuration that you sent.
You have a ServerName (in Apache) named as "ServerName 10.100.0.31" (which is not a proof, 
but a suggestion that the IP of this machine is 10.100.0.31).

And you have this line in workers.properties :
worker.prod_live_svr.host=10.100.0.31
which suggest that Tomcat answers to the same address.
So why are you saying "different machine" ?


2. ANS-Question 2: Kindly please share Optimal Value to Set for
ConnectionTimeout & KeepAliveTimeout if required


One again, there is no "optimal" value for all cases.
But the default values should cover most of the usual cases.
The default values are the ones that are active if you do not specify the parameter at 
all.  So just remove these parameters, and you should be ok. If there is a problem such as 
you mention below, it is NOT because of the default value of these parameters.



3. ANS-Question 3: Yes We have Firewall, but there is no rules. I just
googled and updated this value to tuning server. Now I removed


Can you draw a simple schema of your configuration ? (ASCII-art)
Showing clearly :
- where is the workstation
- where is Apache httpd
- where is the firewall
- where is Tomcat

We do not have access to your server, so it is more complicated for helping you, unless 
you provide us with precise information.




4. ANS-Question 4: I am new to Apache, While searching in Google, Based on
some recommandationI tried. I removed all these items.



Good.


Now I am monitoring systems, whether still its closing connections or not.

sir, While directly using Tomcat URL, pages are loading 1-2 Seconds, but
the same page taking 6-7 Seconds in WebServer URL.
Also, If I didn't use WebServer URL for 30minutes and hit any URL, first
time its taking more than 30 Seconds to load a page.

Is there any option to tuning the system.



See item 3 above.
Clearly, you have a problem.  But without knowing your exact configuration, we can only 
guess.  Clearly also, it is not a problem of Tomcat per se.
To me, with the little information available so far, it sounds like it could be a problem 
with DNS or routing, but that's just a wild guess so far.





On Mon, Aug 8, 2016 at 12:53 AM, André Warnier (tomcat) 
wrote:


On 07.08.2016 11:08, Jayaram Ponnusamy wrote:


Hi,
We are using Tomcat 7.0.42.0, AJP/1.3 with Apache 2.2.21.
Connecting Apache to Tomcat as VirtualHost, The Problem is Apache and
Tomcat losing its connection every 20-30 Minutes. Either We have to hit
the
WebServer URL multiple times or Reboot Apache & Tomcat to resolve the
issue
for short-time.
Also accessing WebServer URL is very very slow than tomcat URL (Mostly it
takes 30-45seconds to load a Page).

I have added tomcat/Apache configurations below, Kindly please help me to
resolve this issue.


Tomcat (Server.xml):

protocol="HTTP/1.1"


   connectionTimeout="60"
   redirectPort="8443"
   URIEncoding="UTF-8" emptySessionPath="true"/>




URIEncoding="UTF-8" connectionTimeout="60"/>  <-- (*)


Apache (Workers.properties):
worker.list=prod_live_svr
worker.prod_live_svr.type=ajp13

worker.prod_live_svr.host=10.100.0.31
worker.prod_live_svr.port=9009
worker.prod_live_svr.lbfactor=50
worker.prod_live_svr.socket_keepalive=1

worker.prod_live_svr.connection_pool_size=100
worker.prod_live_svr.connection_pool_minsize=50
worker.prod_live_svr.connection_pool_timeout=500


VirtualHost.conf:


ServerName 10.100.0.31


ErrorLog logs/live/http_error.log
RewriteLog logs/live/http_rewrite.log

RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^10\.100\.0\.31$
RewriteRule ^/+$ /sites/  [R,L]


Options +FollowSymlinks
RewriteEngine On

RewriteOptions Inherit
RewriteLog logs/rewrite.log


JkMount   /*prod_live_svr

JkOptions +ForwardURICompatUnparsed






1) Question : are Apache httpd and Tomcat on the same machine ?

And if yes, why do you not set

worker.prod_live_svr.host=127.0.0.1




2) why : connectionTimeout="60"  (*)
That is 5 minutes.
By default, "keepAliveTimeout" is also that same value.
It means that after a request is processed (and finished) on one instance
of a Connector, this Connector will remain "stuck" on the same connection
for another 5 minutes, before it gives up and closes it.  That is kind of
wasteful.

3) Why this : worker.prod_live_svr.socket_keepalive=1
Do you have a firewall between Apache httpd and Tomcat ?

4) Why these ?


worker.prod_live_svr.connection_pool_size=100
worker.prod_live_svr.connection_pool_minsize=50
worker.prod_live_svr.connection_pool_timeout=500



See : http://tomcat.apache.org/connectors-doc/reference/workers.html
--> connection_pool_size
--> connection_pool_minsize
--> connection_pool_timeout  (see also (*) above)

In general (and particularly since you do not seem to be an expert in this
kind of configuration), you should 

Re: Connectivity Issue with Tomcat7 and WebServer (AJP Connector)

[Jayaram Ponnusamy]

Thanks for your Quick & Valuable Response,

1. ANS-Question 1: No Both Are different Machine, We are using VirtualHost
configuration
2. ANS-Question 2: Kindly please share Optimal Value to Set for
ConnectionTimeout & KeepAliveTimeout if required
3. ANS-Question 3: Yes We have Firewall, but there is no rules. I just
googled and updated this value to tuning server. Now I removed
4. ANS-Question 4: I am new to Apache, While searching in Google, Based on
some recommandationI tried. I removed all these items.

Now I am monitoring systems, whether still its closing connections or not.

sir, While directly using Tomcat URL, pages are loading 1-2 Seconds, but
the same page taking 6-7 Seconds in WebServer URL.
Also, If I didn't use WebServer URL for 30minutes and hit any URL, first
time its taking more than 30 Seconds to load a page.

Is there any option to tuning the system.

Thanks
Jayaram


On Mon, Aug 8, 2016 at 12:53 AM, André Warnier (tomcat) 
wrote:

> On 07.08.2016 11:08, Jayaram Ponnusamy wrote:
>
>> Hi,
>> We are using Tomcat 7.0.42.0, AJP/1.3 with Apache 2.2.21.
>> Connecting Apache to Tomcat as VirtualHost, The Problem is Apache and
>> Tomcat losing its connection every 20-30 Minutes. Either We have to hit
>> the
>> WebServer URL multiple times or Reboot Apache & Tomcat to resolve the
>> issue
>> for short-time.
>> Also accessing WebServer URL is very very slow than tomcat URL (Mostly it
>> takes 30-45seconds to load a Page).
>>
>> I have added tomcat/Apache configurations below, Kindly please help me to
>> resolve this issue.
>>
>>
>> Tomcat (Server.xml):
>> >
> protocol="HTTP/1.1"
>
>>   connectionTimeout="60"
>>   redirectPort="8443"
>>   URIEncoding="UTF-8" emptySessionPath="true"/>
>>
>
> > URIEncoding="UTF-8" connectionTimeout="60"/>  <-- (*)
>>
>>
>> Apache (Workers.properties):
>> worker.list=prod_live_svr
>> worker.prod_live_svr.type=ajp13
>>
>> worker.prod_live_svr.host=10.100.0.31
>> worker.prod_live_svr.port=9009
>> worker.prod_live_svr.lbfactor=50
>> worker.prod_live_svr.socket_keepalive=1
>>
>> worker.prod_live_svr.connection_pool_size=100
>> worker.prod_live_svr.connection_pool_minsize=50
>> worker.prod_live_svr.connection_pool_timeout=500
>>
>>
>> VirtualHost.conf:
>> 
>>
>> ServerName 10.100.0.31
>>
>>
>> ErrorLog logs/live/http_error.log
>> RewriteLog logs/live/http_rewrite.log
>>
>> RewriteEngine on
>> RewriteCond %{REMOTE_ADDR} !^10\.100\.0\.31$
>> RewriteRule ^/+$ /sites/  [R,L]
>>
>> 
>> Options +FollowSymlinks
>> RewriteEngine On
>>
>> RewriteOptions Inherit
>> RewriteLog logs/rewrite.log
>>
>> 
>> JkMount   /*prod_live_svr
>>
>> JkOptions +ForwardURICompatUnparsed
>>
>> 
>>
>>
>>
> 1) Question : are Apache httpd and Tomcat on the same machine ?
>
> And if yes, why do you not set
>
> worker.prod_live_svr.host=127.0.0.1
>>
>
> 2) why : connectionTimeout="60"  (*)
> That is 5 minutes.
> By default, "keepAliveTimeout" is also that same value.
> It means that after a request is processed (and finished) on one instance
> of a Connector, this Connector will remain "stuck" on the same connection
> for another 5 minutes, before it gives up and closes it.  That is kind of
> wasteful.
>
> 3) Why this : worker.prod_live_svr.socket_keepalive=1
> Do you have a firewall between Apache httpd and Tomcat ?
>
> 4) Why these ?
>
>> worker.prod_live_svr.connection_pool_size=100
>> worker.prod_live_svr.connection_pool_minsize=50
>> worker.prod_live_svr.connection_pool_timeout=500
>>
>
> See : http://tomcat.apache.org/connectors-doc/reference/workers.html
> --> connection_pool_size
> --> connection_pool_minsize
> --> connection_pool_timeout  (see also (*) above)
>
> In general (and particularly since you do not seem to be an expert in this
> kind of configuration), you should not set parameters when you do not
> understand exactly what they are doing.
> The default configurations of Apache httpd, Tomcat and AJP are set by
> experts (who know what they are doing), to values which fit a wide range of
> realistic use cases.
>
> I would suggest to rewrite your configuration as follows :
>
> I) Tomcat server.xml :
>
>   URIEncoding="UTF-8">
>
> II) Apache httpd, workers.properties :
>
> worker.list=prod_live_svr
>
> worker.prod_live_svr.type=ajp13
> worker.prod_live_svr.host=127.0.0.1
> worker.prod_live_svr.port=9009
>
> -
>
> That's it, no other parameters.
>
> The Apache-side mod_jk connector module will by default and reasonably set
> the connection pool size, keepalive and timeout values etc.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 

*Thanks & Regards,*
*Jayaram Ponnusamy*
Mobile: +974-5512-3315