[ANN] ApacheCon NA 2020 is virtual/online, completely free to attend, and call-for-presentations is OPEN!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, [Cross-posting to dev@, please reply to users@] ApacheCon NA 2020 is now "ApacheCon @Home" due to the COVID-19 pandemic, and will be held online 29 September - 1 October 2020. This is a great opportunity for anyone who has never attended an ApacheCon event to make this year their first ApacheCon. Registration is FREE (zero-cost). For those who have never given a presentation at ApacheCon, this is also an opportunity for you to submit a presentation for our consideration: the call-for-papers is open and the Tomcat track is hoping to fill something like 12 - 36 hours worth of presentations, panels, and meet-ups at this conference. To register to attend or respond to the call-for-presentations, please visit https://www.apachecon.com/acna2020/ Because the conference is being held online, obviously things will be a little different than previous events. First, all presentations will be streamed live and recorded for later replay if you can't make a live-streaming event. "Attendance" for a live presentation would mean streaming audio/video and at least a text channel by which questions can be asked. I don't believe video is supported for attendees (to see e.g. attendees faces) but it may be possible to ask questions via audio instead text. I will follow-up with the organizers regarding audience participation. To accommodate attendees (and presenters!) in various time-zones around the world, we will be attempting to schedule live presentations in 4-hour blocks at 3 different daily intervals throughout the 72-hour event. My goal is to encourage each speaker to present their material live /twice/ during the event, once in each of two separate timezone-centric blocks (e.g. North/South America, Europe/Africa, Asia/Oceana) if at all possible, and for several committers to be available to "staff" each presentation to introduce speakers, provide moderation of questions from the live-audience for the speakers, etc. Schedules will be announced after the presentations have been selected and everything is negotiated with the speakers about when they are available. If you are already considering submitting a presentation for including in ApacheCon 2020, please head-over to the CFP at https://www.apachecon.com/acna2020/ If you aren't sure if you are interested in presenting, or aren't sure if you have the experience, knowledge, etc. to warrant a position as a speaker, please consider the following: 1. This is a welcoming community 2. This community exists to serve YOU 3. You are a part of this community 4. Helping others within the community encourages others to do the same 5. If you'd prefer to pre-record your presentation, we can handle that 6. Topics can be very wide-ranging. Here are some examples of presentations from previous ApacheCon events: [From Committers / directly about Tomcat] - Running Apache Tomcat on GraalVM - Tomcat in clusters and clouds - Using Let's Encrypt with Tomcat - Securing Tomcat - Reverse-proxying Tomcat - Load balancing with Tomcat - Clustering with Tomcat [From Non-Committers or not directly about Tomcat] - Packaging Tomcat for Linux Distributions - I Love Lucee -- a Java implementation of Cold Fusion - Routing CDN traffic at scale using Tomcat - Secure Web Applications using Apache Fortress - Monitoring Tomcat; various tools - Building Reactive Applications on Tomcat - Troubleshooting performance using thread dumps - High Throughput Production Systems on Tomcat - Why I Love Open Source - Introduction to Spring Boot - Tomcat, TomEE, and Meecrowave If you are using Tomcat at $work and doing something interesting, we'd love to hear about it. 7. You don't need to be the foremost expert in $feature to talk about it 8. We are actively looking for speakers to talk about these and other topics: - How to get started hacking on Tomcat ("How can I help?") - Running a "split" Tomcat installation (BASE vs HOME) for easy upgrades - Deploying Tomcat in an auto-scaling environment (e.g. AWS EBS) - Tomcat should really have [Feature X] - Whatever you think might be interesting! Please consider speaking if you haven't done so before. If you are worried about whether your idea is good enough: don't. Just submit your idea to the CFP -- you don't have to write-up the presentation in order to submit an idea, just write a paragraph or two about what you want to do -- and the track chairpersons (chairpeople?[1]) will decide whether or not to include your presentation in the event. (And chances are good that if you submit an idea it will be accepted.) Please reply to the users list with any questions you may have about ApacheCon, the Tomcat track, or submitting a talk proposal. Thanks, - -chris On behalf of all ApacheCon 2020 Tomcat Track chairpersons [1] https://vignette.wikia.nocookie.net/rickandmorty/images/c/cd/Furniture.p ng/revision/latest/scale-to-width-down/1000?cb=20160910223642 -
Looking for mod_proxy_ajp or mod_proxy_http users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm (likely) giving a presentation at this year's ApacheCon North America (which is *virtual* this year, so the "North America" just means "it was supposed to be in New Orleans in September" but anyone can attend ... FOR FREE!) about migrating from mod_jk -> mod_proxy_http and I'd like some feedback on my draft slides. Is anyone using mod_proxy_ajp or mod_proxy_http in a production setting and has a lot of experience with getting it all to work well? My 20 years or so of experience with proxying to Tomcat has always used mod_jk so I'm sure there are some obvious things I'm not thinking about because mod_jk was designed to pretty much work right out of the box. Feel free to contact me off-list so I can share what I've got and get your feedback. Thanks! - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8GQAIACgkQHPApP6U8 pFhtHRAApSS+mS16lyv/GDn1bXKyGq0QwZBCykTc2OhdO3LKrWtbih94oypTT8vb Kb0/OHZDPD0t4oiuVodv3/ahCC+6Pg4/SYi+ExIeqln/4JSqk2l7CYBOslxB5Ine iJcTuyCfTSbyoLwHMkJ19bG9qhVjRusBjON7oVU58JnmZ92W3VctL+8QlS6On58D PX7oL+RnFSQ7Vplrf7fVSrvEjI/BSSJuMGCyuMf+WR7AvKnLlnu8TppngORPkAad iOYGU/1vmIc/8A7pZCjKi+MEUPUzVI277G6Sd9fpQOG4NrDxQ/DV3k0x145lLPzZ F72iio5XbWMZdVGiicd2BOzg6Vqi+ld/DYkjs308X8ubQrBRXFvAfeX+GJ5pSCbP PiJMMtng9Jgjxctn6hxoTUKyAwznc/6GNCDBRMUO9IUtJq1Lc2xN0HfOMHX69jDt DcouQGNUDDuF5UkWsbzwDrTi1oozxg8Qm8vhMRNTsyca8JG6o4Em2oDRtnljYXsp Ogiw1SXTSMVMaxZHcSwhK9hI/LShxkRIrNzLqW469hefmHlk8x88FsaJibdzp6ie h4cYiEcNfPnKNUQwNuhxfgU+TNRnoSkKR3cp7egUpF3B0LguxrD0c/Cs76fNo9LW tt0epVklgTIj6zBEsWK/aAZju+wLeG2+0z7Tx/IwIPQTjfif1ek= =xbMA -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
HTTP2:When does tomcat send continuous RST_STREAM with reason REFUSED _STREAM
Hi, What are the cases when tomcat sends RST_STREAM with reason REFUSED_STREAM continuously for every http2 request from the client ? Also , In this case we did not see the max concurrent streams reaching 100. Embedded Tomcat : 9.0.22 Thanks and Regards Arshiya Shariff
Re: Monitoring Connections and Limits Thru HTTPD/mod_jk/Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jerry, On 7/7/20 18:32, Jerry Malcolm wrote: > I going to assume that the reason I have apache httpd in there is > 'because I always have had it there' is not going to go over well > as a good reason, huh? I mean... if you want to do more work and worry abot more resources, free free to leave it in there. IMO the only reason to use httpd is if you need something more complicated than what e.g. ELB can provide for you. For example, classic ELB can't separate between two (or more) applications running on each node under the same (external) hostname and port. (Maybe Application Load Balancers can, but I haven't used them .) So if you have /foo and /bar applications then you need a reverse proxy in addition to the ELB. Another reason might be some kind of authentication system which is plugged-into httpd but is not possible (or inconvenient) to configure in Tomcat. > I used to use it to serve static files. But that is pretty much > taken over by S3 now. I still use it for the SSL stuff. ELB can handle TLS termination. If you want to use TLS between ELB and your Tomcat instances, there's no particular reason to use httpd for that: just use NIO+OpenSSL and you'll have comparable performance. > But that's primarily because it worked, and I hadn't yet learned > how to set up SSL in TC. It's "easy" in the sense that is't not much more complicated than doing it anywhere else. If you are familiar with all the pieces and parts, you just need to know how to configure them in Tomcat. The complexity of the process is in the whole x509/CA relationship, etc. and not configuring the server itself. > It would definitely simplify things to get httpd out of the picture > and go straight to Tomcat. I'll start looking into trying that in > a sandbox and see if we can't simplify things. I still have to > worry about maxing out connections. > > But an 'only-Tomcat' solution might ease a bit of the worries. If you remove httpd, you should be cutting your connection count in half, which I assume is a win for you. > At least we can focus on one thing only. Thanks for the info and > the link. I'll probably be back with more questions... :-) Maybe start with configuring Tomcat for TLS. Modern Tomcats basically just take this from httpd: SSLProtocol [protocols] SSLCertificateFile /path/to/key/and/cert/chain SSLHonorCipherOrder On SSLCipherSuite [cipher-suite-spec] And turn it into this in Tomcat: ... I'm not sure why both httpd and Tomcat's documentation say that having a single file containing both the server's key and certificate is "(NOT RECOMMENDED)". I see no security issues with that setup. You are free to have separate files if you'd like. You can also use a keystore to store your stuff but I find keystores to be cumbersome and like PEM-encoded DER files better. Leave httpd installed and configured, but just turn off the service and maybe change the port number ELB is using to contact your server (point it at :8080 instead of :80) and get Tomcat working. Once it's working, you can start looking at monitoring. Do you want to know how to monitor the instance so you can tell the ELB when to auto-scale (up or down), or do you just want to "keep an eye" on things so you can check to see if auto-scaling is "doing its job "? Thanks, - -chris > On 7/7/2020 5:23 PM, Christopher Schultz wrote: Jerry, > > On 7/7/20 16:50, Jerry Malcolm wrote: I'm setting up an environment that has the potential for a large number of simultaneous requests coming in. I have a basic Apache HTTPD with mod_jk talking to Tomcat, all on the same Amazon EC2 instance. From my understanding, I have the potential of maxing out connections at httpd, at mod_jk, and also at Tomcat. > Yes, and you'll also need enough file handles and ports available > for all that. If one client-connection requires a connection to the > web server (1 file handle, 1 port) and a connection from > httpd->Tomcat (2 file handles, 2 ports), it may add up quickly. > > Are you sure you need httpd at all? I assume since you are AWS > that you are using a load-balancer. What purpose does httpd serve > in your setup? > We are looking at setting up monitors to track all of this. But I don't want to reinvent the wheel if there are others who have created solutions for this. Is there documentation on guidelines for configuring connections on all three so that they work together smoothly? > The golden rule applies, here, but that mostly affects you when > you have a multi-node cross-linked network like this: > > httpd 1 -\ /- Tomcat 1 httpd 2 -- Tomcat 2 httpd 3 -/ \- > Tomcat 3 > > You have to make sure that if for some reason ALL conecctions from > ALL THREE web servers come-down on a SINGLE Tomcat node that it can > handle that number of connections. Those numbers are sometimes > surprising to people. If you have max-connections on each we