Professional Documents
Culture Documents
Tomcat Admin Electronic Handouts
Tomcat Admin Electronic Handouts
Pure Java HTTP web server environment for Java code to run
"m#edded in many $ava "" application servers
Including mirrors
--
!pache Soft%are &oundation
-on.profit corporation
Based in t!e .S
rovides a #asis for open* colla#orative soft%are development
/any famous pro0ects
version 2"&
!ttp122www"apac!e"org
33
History
Started out as a reference implementation #y Sun /icrosystems
1no% 2racle3
Donated to !S& 4 Tomcat 5 1rou'hly (6663
Tomcat 7
4arm deplo7ment
Tomcat ;9+ 1:+(+3
4eatures
9 Simplified :mbedding
9 )emor7 #ea; Prevention and <etection
9 Improved securit7 for web applications
JS+ Specifications
9 Servlet
9 JSP
9 :=pression #anguage
6ompetitor features
6ommitter ideas
.ser ideas
%& %&
Development Life Cycle
/ost committers are sponsored #y their employer to %or= on
Tomcat
Some committers are independent* %or=in' on Tomcat in their o%n
time
Committers are e>pected to put the interests of the pro0ect #efore
the interests of their employers and)or clients
<evelopment branc!es
+elease branc!es
6ommitter proposes patc! and t!e ot!er committers vote to approve or re$ect it
+eFuire at least t!ree DA%Es and no D>%Es to appl7 t!e patc! to t!e repositor7
%2 %2
Development Life Cycle
Rarely are time lines for features discussed
Lar'er chan'es are discussed on mailin' list until consensus has
#een reached
Very fe% commits directly on a release #ranch
=ot customi>able
33
Topics in this Session
Downloading Tomcat
Distribution Types
!hich Download"
inimum !e"uirements
#D$%#!& Installation
#A'A()*& +s #!&()*&?
Tomcat Installation
Starting up Tomcat
Tomcat as a Ser+ice
--
!hich Download"
Tomcat # has reduced the downloads
?ontains A=T scripts and libraries to script remote application deployment and
remote start%stop
$revious versions
=ow uses the &clipse compiler which wor9s with a #D$ or a #!&
&ecommendation/ 0se the (D)
!ecommended to use
While installers and pac9ages are nice@ they create in+isible problems :registry
entries etc;
Installation is simple99
Download apache2tomcat23./.0.>ip
6n>ip it
DoneE
1A 1A
Tomcat Installation
8ased on .tar.gz or .zip distributions
While installers and pac9ages are nice@ they create in+isible problems :registry
entries etc;
Installation is simple99
Download apache2tomcat23./.0.>ip
6n>ip it
DoneE
Is it really that simple"
1B 1B
apache:tomcat:#.;.*
: bin
: conf
: lib
: logs
: temp
: webapps
: work
Tomcat Installation
<es
$ost:installation directory structure
2/ 2/
Tomcat Installation
$ortable"
Gi9ewise@ the #D$ distribution can be >ipped and used as a portable copy
H This portable copy would wor9 only on the Isame platformI
8ase directory
?ATAGI=A(*CTS
H Appended to #' arguments
H When start and run are in+o9ed
#A'A(*CTS
H Appended to #' arguments
H When start@ run and stop are in+o9ed
seten+.:shLbat; is not part of Tomcat distribution
bin%s+cnameW.e0e
,1 ,1
!indows/ Tomcat as a Service
&ecommended to run as a service in production
(ava Service !rapper
http1%%people.apache.org%Tfhani9%wrapper.html
$ortable"
Fes@ all that is re"uired is the installation of the Ser+ice@ once copied to another
machine
Any scripts you create can be copied as well@ they are Dust scripts
Debuggable"
Supplied linu02etc2initd2tomcat.sh
Supplied apache2tomcat.sh
http1%%wi9i.debian.org%GS7InitScripts
http1%%refspecs.freestandards.org%GS7(,.1./%GS72?ore2generic%GS72?ore2
generic%iniscrptact.html
55 55
0ni/ Tomcat as a Daemon Advanced scripts
T1%@AT30S+&Itomcat
eport @ATALIBA341%+IJ*usr*local*tomcatJ
eport @ATALIBA38AS+IJ*usr*local*tomcatJ
eport (A2A341%+IJ*usr*local*6avaJ
eport S0IJ*bin*suJ
C D1 B1T +DIT 8+<1BD T4IS LIB+
T1%@AT30S+&Itomcat
eport @ATALIBA341%+IJ*usr*local*tomcatJ
eport @ATALIBA38AS+IJ*usr*local*tomcatJ
eport (A2A341%+IJ*usr*local*6avaJ
eport S0IJ*bin*suJ
C D1 B1T +DIT 8+<1BD T4IS LIB+
This section is where all the
en+ironment +ariables are set up.
54 54
0ni/ Tomcat as a Daemon Advanced scripts
eport @ATALIBA3$IDIA@ATALIBA38AS+*logs*tomcat.pid
start57 K
echo :n JStarting AS@&I$T3BA%+ ...JL
AS0 AT1%@AT30S+& A@ATALIBA341%+*bin*startup.sh
C %ake lock for &ed4at * SuS+
if test :w *var*lock*subsys
then
touch *var*lock*subsys*AS@&I$T3BA%+
fi
M
eport @ATALIBA3$IDIA@ATALIBA38AS+*logs*tomcat.pid
start57 K
echo :n JStarting AS@&I$T3BA%+ ...JL
AS0 AT1%@AT30S+& A@ATALIBA341%+*bin*startup.sh
C %ake lock for &ed4at * SuS+
if test :w *var*lock*subsys
then
touch *var*lock*subsys*AS@&I$T3BA%+
fi
M
start57 is invoked during the boot process
startup/shutdown scripts
bootstrap libraries
catalina,sh5bat
. *nvo"es setclasspath,bat5sh does ver+ little
. *nvo"es setenv,bat5sh put +our custom settings in here for a clean configuration
service.bat
tomcat-native,tar,g-
server,#ml
catalina,properties
logging,properties
conte#t,#ml
web,#ml
tomcat-users,#ml
catalina,polic+
,/apache-tomcat-2,3,#/conf
13 13
Tomcat Folder Structure ! lib
lib director#
The folder can contain 9'( files< and ,class files in their pac"age structure
Jas+ wa+ to put in patched ,class files is to put the ,class file in lib< it will be
loaded before the same file in the 9'(
MHost app8aseKNwebappsO PQ
,/apache-tomcat-2,3,#/webapps
14 14
Tomcat Folder Structure ! wor
wor director#
wor"/Catalina/localhost/
,/apache-tomcat-2,3,#/wor"
14 14
Topics in this Session
Tomcat folder structure
%igh level overview of configuration files
12 12
Configuration Files ! server.xml
server.xml
9avadoc of !ava,util,logging/
http///download,oracle,com/!avase/2/docs/technotes/guides/logging/overview,html
conf/logging,properties conf/logging,properties
22 22
Configuration Files ! Change the name of a log file
%andlers for root logger are defined using .handlers propert#.
7# default8 the root logger is defined to go to*
1) The console
2) ' file named catalina,++++-mm-dd,log in the logs director+,
conf/logging,properties conf/logging,properties
,handlers K 1catalina,org,apache,!uli,@ileHandler< !ava,util,logging,ConsoleHandler
1catalina,org,apache,!uli,@ileHandler,level K @*HJ
1catalina,org,apache,!uli,@ileHandler,director+ K GScatalina,baseT/logs
1catalina,org,apache,!uli,@ileHandler,prefi# K catalina,
23 23
Configuration Files ! Change the name of a log file
To change the name of this file to tomcat.####-mm-dd.log find*
conf/logging,properties conf/logging,properties
and change it to*
1catalina,org,apache,!uli,@ileHandler,prefi# K catalina,
1catalina,org,apache,!uli,@ileHandler,prefi# K tomcat,
catalina,2313-12-11,log catalina,2313-12-11,log
catalina,2313-12-11,log tomcat,2313-12-11,log
24 24
Configuration Files ! Changing the log level
9ogging levels can be configured per class or per pacage
bin
conf
lib
logs
temp
webapps
wor
%igh level overview of configuration files
server,#ml
web,#ml
tomcat-users,#ml
32 32
=uestions>
11
Configuring Tomcat Lab
Part 1
22
Windows Instructions
Shutting Apache Tomcat with the shutdown port
Verify visually
Using catalina.properties
Changing Apache Tomcat's logging configuration
Proposed specifications
1ike Tomcat
%% main method or a Servlet
public void service #Servlet!e"uest re"uest, Servlet!esponse
response$ thro.s / 0
1
::
Topics in this Session
What is the J&P?
Tomcat and Java specifications
What is a Servlet?
!e"uest%!esponse 2P+s
What is a JSP
Packa#in# $ormats
Web application folder la%o!t
&onfi#!ration $iles
web'(ml overview
;;
!e"uest%!esponse 2P+
*TTP is a client%server protocol
'class files
'properties files
3efined b% specification
httpJ//Cava's!n'com/(ml/ns/Cavaee/web+appX2X,'(sd
Tomcat specific
Schema defined at
httpJ//Cava's!n'com/(ml/ns/Cavaee/web+appX2X,'(sd
22 22
W5=>+?F%.eb93ml
@.eb>appA
Root element of the web'(ml' All other YE1 elements reside inside it
@iconA
1ocation of the ima#e files that ma% be !sed b% a tool to vis!all% represent the
web app
>iconF
>small+iconF/ima#es/icons/m%app+small'#if>/small+iconF
>lar#e+iconF/ima#es/icons'm%app+lar#e'#if>/lar#e+iconF
>/iconF
2: 2:
W5=>+?F%.eb93ml #continued$
@display>nameA
3escribes a web app that is desi#ned to be distrib!table for load balancin# and
failover'
3efa!lt is false7 as web apps re!ire additional s!pport for s!ch architect!re
2; 2;
W5=>+?F%.eb93ml #continued$
@conte3t>paramA
Re!sable components that intercept the re!est and response and appl% some
t%pe of processin# to them
0(amplesJ
Z compress the content of the response
Z Transform YE1 to =TE1
Z 1o##in# of reso!rce !sa#e
0(ampleJ
>listenerF
>listener+classF
com'm%compan%'listeners'0mail1istener
>/listener+classF
>/listenerF
)/ )/
W5=>+?F%.eb93ml #continued$
@servletA
Servlet+specific declarations
>servletF
>iconF/ima#es/icons/servlet1'Cp#>/iconF
>servlet+nameF3ownloadServlet>/servlet+nameF
>servlet+classF
com'm%compan%'servlets'3ownloadServlet
>/servlet+classF
>init+paramF
>param+nameFre!ireXtc>/param+nameF
>param+val!eFtr!e>/param+nameF
>/init+paramF
>load+on+start!pF,>/load+on+start!pF
>r!n+asF
>role+nameFadmin>/role+nameF
>/r!n+asF
>/servletF
1oad+on+start!p means servlet m!st be loaded when Tomcat starts 8rather than
wait till it is re!ested9
Eakes it convenient to declare the e(ternal reso!rce once7 and reference it from
different confi#!ration conte(ts
/1 /1
W5=>+?F%.eb93ml #continued$
@security>constraintA
0nv entr% m!st be t%ped to a Java data t%pe7 so it can be !sed within the
application
>env+entr%F
>descriptionFEinim!m allowable val!e>/descriptionF
>env+entr%+nameFEinim!mUal!e>/env+entr%+nameF
>env+entr%+val!eF,>/env+entr%+val!eF
>env+entr%+t%peFCava'lan#'"nte#er>/env+entr%+t%peF
>/env+entr%F
&f a t#read is initiated and destro!ed for eac# re%uest/ t#is "uts needless burden
on t#e o"erating s!stem and J01
A Thread pool alleviates this issue by allowing eisting threads to
be reused
fter being used/ eac# t#read is "ut bac3 into t#e "ool
T#e abo+e describes t#e wa! T#read "ooling generall! wor3s wit#
tomcat. ,e"ending on t#e connector !ou4re using/ t#reads can be
managed in a slig#tl! different wa!
55
Thread Pools
)e%uest
)e%uest
)e%uest
Tomcat
Ser+let
T#read Pool
66
Thread Pool! "asic Configuration
#aThreads
,efault is 277
#inSpareThreads
,efault is 25
$Service %%%&
$Eecutor name'(tomcatThreadPool( namePrefi'(catalina)eec)(
maThreads'(*+,( minSpareThreads'(-(.&
/
$.Service&
$Service %%%&
$Eecutor name'(tomcatThreadPool( namePrefi'(catalina)eec)(
maThreads'(*+,( minSpareThreads'(-(.&
/
$.Service&
conf8ser+er.xml conf8ser+er.xml
99
Thread Pool! Advanced Configuration
#a0dleTime! number of milliseconds before an idle thread is
shutdown
!ou can assume t#at t#e data reall! came from t#at entit!
0f the user makes a decision to trust an entity
-seful in re+erse "rox! situations w#en SSL is terminated at t#e "rox!/ but t#e
a""lication re%uires SSL
Pro+ides default +alues for all t#e a""lications inside t#e current tomcat instance
;efault mappings can be updated by modifying conf.web%ml
"ehavior can be added at the application level
&n most cases it won4t o+erride w#at #as been declared inside
CTL&;F=S$8conf8web.xml
,efaultSer+let
Js"Ser+let
2: 2:
web%ml defaults! ;efault Servlet
$web)app %%%&
/
$servlet&
$servlet)name&default$.servlet)name&
$servlet)class&org%apache%catalina%servlets%;efaultServlet$.servlet)class&
$init)param&
$param)name&debug$.param)name&
$param)value&,$.param)value&
$.init)param&
%%%
$.servlet&
/
$.web)app&
$web)app %%%&
/
$servlet&
$servlet)name&default$.servlet)name&
$servlet)class&org%apache%catalina%servlets%;efaultServlet$.servlet)class&
$init)param&
$param)name&debug$.param)name&
$param)value&,$.param)value&
$.init)param&
%%%
$.servlet&
/
$.web)app&
;efaultServlet O handles static content delivery
Eamples of static content would be html files7 style sheets and
images
conf8web.xml conf8web.xml conf8web.xml conf8web.xml
,ebugging
detail le+el for
messages
logged b! t#is
ser+let
,ebugging
detail le+el for
messages
logged b! t#is
ser+let
2> 2>
web%ml defaults! :spServlet
$web)app %%%&
/
$servlet&
$servlet)name&Psp$.servlet)name&
$servlet)class&org%apache%Pasper%servlet%:spServlet$.servlet)class&
%%%
$init)param&
$param)name&development$.param)name&
$param)value&true$.param)value&
$.init)param&
$init)param&
$param)name&modificationTest0nval$.param)name&
$param)value&-$.param)value&
$.init)param&
$.servlet&
%%%
$.web)app&Q
$web)app %%%&
/
$servlet&
$servlet)name&Psp$.servlet)name&
$servlet)class&org%apache%Pasper%servlet%:spServlet$.servlet)class&
%%%
$init)param&
$param)name&development$.param)name&
$param)value&true$.param)value&
$.init)param&
$init)param&
$param)name&modificationTest0nval$.param)name&
$param)value&-$.param)value&
$.init)param&
$.servlet&
%%%
$.web)app&Q
:spServlet O manages :SP compilation
conf8web.xml conf8web.xml
&f Jas"er used in
de+elo"ment mode/
fre%uenc! at w#ic# JSPs
are c#ec3ed for
modification ma! be
s"ecified +ia t#e
modificationTest&nter+al
"arameter
&f Jas"er used in
de+elo"ment mode/
fre%uenc! at w#ic# JSPs
are c#ec3ed for
modification ma! be
s"ecified +ia t#e
modificationTest&nter+al
"arameter
37 37
web%ml defaults! Session timeout
Session timeout defaults to 2, minutes
$web)app %%%&
/
$1)) '''''''''''''''''''' ;efault Session Configuration ''''''''''''''''' ))&
$1)) Rou can set the default session timeout Cin minutesD for all newly ))&
$1)) created sessions by modifying the value below% ))&
$session)config&
$session)timeout&2,$.session)timeout&
$.session)config&
/
$.web)app&
$web)app %%%&
/
$1)) '''''''''''''''''''' ;efault Session Configuration ''''''''''''''''' ))&
$1)) Rou can set the default session timeout Cin minutesD for all newly ))&
$1)) created sessions by modifying the value below% ))&
$session)config&
$session)timeout&2,$.session)timeout&
$.session)config&
/
$.web)app&
conf8web.xml conf8web.xml
in minutes
31 31
web%ml defaults! #ime mappings
When serving static resources like stylesheets or html
&f no welcome file is "resent/ default ser+let eit#er ser+es a director! listing or
returns a .7. status/ de"ending on #ow it is configured.
$web)app %%%&
/
$welcome)file)list&
$welcome)file&inde%html$.welcome)file&
$welcome)file&inde%htm$.welcome)file&
$welcome)file&inde%Psp$.welcome)file&
$.welcome)file)list&
$.web)app&
$web)app %%%&
/
$welcome)file)list&
$welcome)file&inde%html$.welcome)file&
$welcome)file&inde%htm$.welcome)file&
$welcome)file&inde%Psp$.welcome)file&
$.welcome)file)list&
$.web)app&
conf8web.xml conf8web.xml
33 33
Topics in this Session
2or3ing wit# T#reads
Connectors
SSL
Hosts
web.xml defaults
:SP defaults
d+anced
;&</ =&< and P) connectors
3. 3.
:SP defaults
A :SP is compiled to a servlet when accessed for the first time
Eirst invocation is slower due to compilation
All the :SP files related to web applications will be compiled in the
work.Catalina.localhost directory
35 35
:SP defaults! Compilation settings
Compilation settings are specified in the conf.web%ml file
<"eration ma! transfer fewer b!tes t#an were re%uested ("artial read or write*
Context switc#ing ma3es more t#reads a+ailable/ w#ic# ma3es it ideal for a #ig#
concurrenc! en+ironment
$Server %%%&
$Service %%%&
/
$Connector port'(4,4,(
protocol'(org%apache%coyote%http**%5ttp**AioProtocol(
ConnectionTimeout'(3,,,,( redirectPort'(4--2( .&
/
$.Service&
$.Server&
$Server %%%&
$Service %%%&
/
$Connector port'(4,4,(
protocol'(org%apache%coyote%http**%5ttp**AioProtocol(
ConnectionTimeout'(3,,,,( redirectPort'(4--2( .&
/
$.Service&
$.Server&
conf8ser+er.xml conf8ser+er.xml
.2 .2
Connectors! "0H vs A0H
?se "0H if!
-sing SSL
!app1!index"#sp
!o"e#er$ context paths can be m%lti&le#el
!m$lti!level!context!index"#sp
%%
Using a WAR 'ile
Copy the archi#e file into app(ase
(t0s easy
1hen yo$ do not wish to redeploy the whole application2 files can be $pdated
inside the directory itself
3 The application still needs to be reloaded tho$gh
3 Us$ally not a best practice b$t it can be relevant for some applications
Directory deployment commonly %sed for de#elopment
en#ironments
http+!!localhost+,-,-!manager!html
conf!'atalina!localhost!myApplication"xml
context*xml inside the application
M4TA8()B!context"xml
Directory
!app1
!app2
Context paths can o#erlap
!app1
!app1!images
Re-%ests are mapped %sing longest matching context path
13 13
context*xml
0+ file "ith a single Context element
conf!9engine<!9host<!
app)*xml becomes
!app1!index"#sp
conf/catalina/localhost/app1.xml
4Context reloadable5.false/ 16
***
41Context6
4Context reloadable5.false/ 16
***
41Context6
1% 1%
context*xml
0+ file "ith a single Context element
e"g" conf!'atalina!www"foo"com!app1"xml
47ngine name5.catalina/6
4!ost name5."""*foo*com/16
47ngine name5.catalina/6
4!ost name5."""*foo*com/16
conf/catalina/www.foo.com/app1.xml
4Context reloadable5.false/ 16
***
41Context6
4Context reloadable5.false/ 16
***
41Context6
conf/server.xml
1/ 1/
Web ARchi#e 8WAR9 deployment
Application deployed as a WAR located in host:s app(ase directory
4xample+ !webapps!app1"war
Inside the WAR file$ context file located in +7TA&I3'1context*xml
4xample+ !webapps!app1
Config%re %sing +7TA&I3'1context*xml
Tomcat ;*<*)= and earlier
'opied to conf!9engine<!9host<
Renamed to 9application8name<"xml
webapps/app1/META-!"/context.xml
4Context reloadable5.false/ 16
***
41Context6
4Context reloadable5.false/ 16
***
41Context6
Brom tomcat /"-"1A2 copied to
conf!catalina!localhost!app1"xml
at deployment time
1, 1,
Declaring a context inside ser#er*xml
Changes re-%ire Tomcat restart
a%toDeploy #s deployOnStartUp
A3T scripting
Frecompiling ESFs
C%eate $uil!&'ml
C%eate $uil!&'ml
$elies on C!T!L%&!'()M"
C!T!L%&!'()M" 4 C!T!L%&!'!S"
%nside /bin/seten629sh=bat:
$eminder> seten629sh=bat: is not shipped with tomcat2 %t should be
created manually2
CATALINA_HOME+,!sr,local,tomcat-,apache.tomcat./"0"12
CATALINA_BASE+,!sr,local,tomcat-,instance_3
'A(A_HOME+,!sr,local,tomcat-,4d53"/"0_32
instance_1/bin/setenv.(sh|bat)
77
E-tended conig!ration
The ollo6ing 7aria%les can %e speciied8
J!8!'()M"
J!8!')5TS
C!T!L%&!')5TS
C!T!L%&!'()M"
C!T!L%&!'!S"
C!T!L%&!'TM5D%$
C!T!L%&!'5%D
They can also %e deined as en7ironment 7aria%les
All these are read %y catalina"#sh$%at&
@iles such as ser6er20ml and logging2properties ha6e to be edited +or each instance
Tomcat migrations can %e a656ard
(ttp port
Shutdown port
catalina"properties can %e !sed or c!stomi<ing properties at the
instance le7el
A shared ser7er"-ml ile is commonly !sed 6hen the same
application is r!nning on m!ltiple instances
17 17
Setting !p a shared ser7er"-ml ile #1&
ASer7er port+B;Csh!tdo6n"portDB sh!tdo6n+BSHETDO>NBF
AConnector port+B;Chttp"portDB protocol+BHTT:,3"3B
ConnectionTimeo!t+B10000B ,F
A,ConnectorF
A,Ser7erF
shared/conf/server.xml
sh!tdo6n"port+200G
http"port+2020
instance_1/conf/catalina.properties
18 18
Conig!ration8 logging"properties
3catalina"org"apache"4!li"=ileHandler"le7el+=INE
3catalina"org"apache"4!li"=ileHandler"directory +
;Ccatalina"%aseD,"",shared,logs
3catalina"org"apache"4!li"=ileHandler"prei- +
;Ccatalina"instanceD"catalina"
By dea!lt@ sho!ld %e conig!red at the shared le7el
%nside seten62sh
instance_1/bin/setenv.sh
20 20
Topics in this Session
C!T!L%&!'()M" and C!T!L%&!'!S"
Working with a Shared Layout
'DK Migration
Tomcat Migration
21 21
'DK Migration8 Dea!lt Layo!t
Hecall the older layo!t mentioned in )dea!lt layo!t* section
Let9s e-amine it again
,!sr,local,tomcat-,e-ample,
. 4d53"/"0_32
. apache.tomcat./"0"12,
. instance_3
. %in
. con
. logs
. temp
. 6e%apps
. 6or5
'A(A_HOME+,!sr,local,tomcat-,4d53"/"0_32
instance_1/bin/setenv.(sh|bat)
22 22
'DK Migration8 Dea!lt Layo!t
No6 let9s migrate to 4d53"/"0_13
Here is the layo!t again
,!sr,local,tomcat-,e-ample,
. 4d53"/"0_32
. 4d53"/"0_13
. apache.tomcat./"0"12,
. instance_3
. %in
. con
. logs
. temp
. 6e%apps
. 6or5
'A(A_HOME+,!sr,local,tomcat-,4d53"/"0_13
instance_1/bin/setenv.(sh|bat)
4ne15 .67 +or 'igration
23 23
'DK Migration
Only change re?!ired is in instance_3,%in,seten7"sh
:oint 'A(A_HOME to the ne6 'DK and 6e9re done
=ollo6 same process or do6ngrading in case something goes 6rong
24 24
Topics in this Session
C!T!L%&!'()M" and C!T!L%&!'!S"
Working with a Shared Layout
JDK Migration
Tomcat Migration
25 25
Tomcat Migration
Most important thing d!ring a prod!ction !pgrade8
Con+iguration +iles
!pplication +iles
It9s hard to 5eep trac5
,!sr,local,tomcat-,
. 4d53"/"0_13
. tomcat./"0"12.instance_3
. tomcat./"0"12.instance_1
,!sr,local,tomcat-,
. 4d53"/"0_13
. (tomcat-6.0.28-instance_1)
- (tomcat-6.0.28-instance_2)
. tomcat.L"0"G.instance_3
. tomcat.L"0"G.instance_1
Before
After
27 27
Tomcat Migration8 Shared Layo!t
>ith a shared layo!t@ the migration path is m!ch easier
Eou should still test your application properly to make sure there is no regression
r!n"#sh$%at& is !sed to start,stop all instances
Fpgrade/downgrade as necessary
29 29
M!estionsN
11
Large Scale Deployments Lab
2 CONFIDENTIAL 2 CONFIDENTIAL
Lab Instructions
Installing Apache Tomcat
Setting up the default layout
Setting up a shared layout
11
Advanced Tomcat Configurations
22
Topics in this Session
Valve Configurations
Database Connection Pools
Security Realms
Building Tomcat from source distribution
Creating and applying a patch
Class loaders in Tomcat 6
Adanced Topics
!!
Valves
Valves are request/response interceptors
http*++tomcat,apache,org+tomcat-6,.-doc+config+ale,html
<Server ...
<Service name!"Catalina" #
<$ngine name!%Catalina% ...
<Valve class&ame!'org.apache.catalina.valves.AccessLogValve%
pattern!'(h (l (u (t (r (s (b%
director)!'logs% prefi*!'tomcat+access+% suffi*!'.log%/
...
</$ngine
</Service
</Server
conf/server.xml
Can also be configured
at the /&ost0 or
/Conte't0 leel
11
Access Logging
Sample output
,-,-,-,-,-,-,-. / / 0.1/2ec/3,.,-.4-.5-.6 /,5,,7 "8$T / 9TT:/..." 1,4 /
,-,-,-,-,-,-,-. / / 0.1/2ec/3,.,-.4-.5-.6 /,5,,7 "8$T /tomcat.gif 9TT:/..." 1,4 /
,-,-,-,-,-,-,-. / / 0.1/2ec/3,.,-.4-.5-.6 /,5,,7 "8$T /asf/logo/;ide.gif 9TT:/..." 1,4 /
,-,-,-,-,-,-,-. / / 0.1/2ec/3,.,-.4-.5-.6 /,5,,7 "8$T /tomcat/po;er.gif 9TT:/..." 1,4 /
,-,-,-,-,-,-,-. / / 0.1/2ec/3,.,-.4-.5-3< /,5,,7 "8$T /=$L$AS$/&>T$S.t*t 9TT:/..."
3,, ?@@<
logs/localhost_access_log
66
Access Control
2isallo; access to a ;eb application based on the incoming
connection
http*++commons,apache,org+dbcp+configuration,html
1< 1<
Topics in this Session
#ale Configurations
Database Connection Pools
Securit) =ealms
Building Tomcat from source distribution
Creating and applying a patch
Class loaders in Tomcat 6
Adanced Topics
2. 2.
Securit) =ealms
A realm is
Supports multithreading
26 26
2atabase =ealms
Can ;orK ;ith customiGed tables/columns
Sample user table
Sample user+roles table
userGname userGpass
;ohn secret<<
bill secret(!
userGname roleGname
;ohn manager
bill manager
bill admin
27 27
R2EC =ealm Configuration
R2EC =ealm using e*ample tables
<=ealm
class&ame!'org.apache.catalina.realm.R2EC=ealm%
driver&ame!'org.gDt.mm.m)sql.2river%
connectionU=L!'Ddbc-m)sql-//localhost/authorit)%
connection&ame!'test%
connection:ass;ord!'test%
userTables!'users%
user&ameCol!'user+name%
userCredCol!'user+pass%
user=oleTable!'user+roles%
role&ameCol!'role+name%
digest!'S9A%
/
28 28
2ataSource =ealm Configuration
2ataSource =ealm using e*ample tables
Global DataSource
<=ealm
class&ame!'org.apache.catalina.realm.2ataSource=ealm%
dataSource&ame!'m)conpool%
local2ataSource!'false%
userTables!'users%
user&ameCol!'user+name%
userCredCol!'user+pass%
user=oleTable!'user+roles%
role&ameCol!'role+name%
digest!'S9A%
/
2< 2<
R&2L =ealms
Rava &aming T 2irector) Lnterface
Used to interface ;ith L2A: servers
T;o ;a)s to authenticate
security constraint
login configuration
=DH 1,1
Ant 1,7
apache-tomcat-6,.,'-src,Aip
apache-tomcat-6,.,'-src,tar,gA
UnpacK it
Create build.properties
Euild tomcat on the command line
W base.path is used to do;nload dependencies
base.path!/m)tc@/libs
W 2o;nload dependencies and build 2EC:
ant do;nload
W Euild Tomcat
ant
W output found in ./output/build
(( ((
Topics in this Session
#ale Configurations
Database Connection Pools
Security Realms
Building Tomcat from source distribution
Creating and appl)ing a patch
Class loaders in Tomcat 6
Adanced Topics
(1 (1
:atching Tomcat
Sometimes itQs necessar) to patch )ou server
The namespace
org,apache,tomcat,util,http,SererCooFie
org,apache,catalina,loader,StandardClassCoaderL18.2.cc
Coaded class
Class loader
1. 1.
Class loaders
Eenefits
The class loader that ?locates@ the class% is the responsible class loader
Access Cogging
Re"uest debug
Access Control
2atabase Connection :ools
6actories
Configuration
Securit) =ealms
Single Sign 2n
16 16
Summar)
Euilding Tomcat from source distribution
Qou need to Fno3 3hat the code does in order to grant the right permissions
71 71
Securit) Oanager
Tomcat has a predefined polic) file
conf+catalina,policy
This one ;orKs for Tomcat
startup,batPsh 5security
-D;aa,security,manager
-D;aa,security,policy>>,,RconfRcatalina,policy
7! 7!
Topics in this Session
Building Tomcat from S#B
$nable log(;
Running 3ith a security manager
ROS EroKers
7( 7(
ROS EroKers
ROS N Rava Oessage Service
Oan) usages
Apache" Tomcat" D0
http;22mycomp)com2images2foo)pg
< Apache HTTPD
http;22mycomp)com2sps2foo)sp
< Tomcat
)htaccess files
mod_auth?_E
mod_pro#y
6 Uses the HTTP protocol
6 Can use the A'P protocol
mod_!
6 Uses a %inary A'P protocol
!ow to use them?
!ow to choose between the two?
13 13
mod6pro$y ,ros
'ein !TT, it can benefit from hardware acceleration7
All !TT, compatible 8rd party products are applicable7
3o translation needed7
3o need for a separate module compilation and maintenance7
9odule comes as part of standard Apache 575: distribution7
Ability to use http or https% even within the same balancer7
17 17
mod6pro$y Cons
3o connection chec)in protocol7
Ao encryption a(aila%le
;78 * 57< * 575
0ul!ier configuration
.mplemented A'P21)2 and A'P1)$) Code %ase &as %uggy and unsta%le
mod6webapp
0rand ne& protocol" code %ase &as a%andoned and ne(er completed
mod6j)5
Am%itious feature list" proect &as a%andoned and ne(er reached maturity
'ac) to mod6j)
Cannot detect the difference %et&een a slo& '8P and slo& Tomcat
6 Therefore failo(er may%e slo&
6 ,itigated in the yet@to@%e@released Apache 2)- &ith HTTP >#pect@Continue
support
Apache ;78 * 57<
1oad %alancing
Blder (ersions ha(e a %ug" &here mod_pro#y uses the glo%al timeout (alue
#don't wait for a response for more than 5min
ProxyTimeout 300
#older version of apache, ProxyTimeout is not used
Timeout 300
conf/httpd.conf
A(aila%le in apache 2)=)$1 and later
$2 $2
-eular 1$pression 9atchin
575 reular e$pression matchin
,a!e sure you at least ha(e a 2 that is not part of the e#pression
Pro#yPass,atch" doesnJt !eep stic!y sessions unless you specify the first path
conf/httpd.conf
Jforward all re(uests that end with 7jsp with load balancin C one line below
,ro$y,ass9atch S*.7TU7jsp/V balancer+**barcluster*V;
stic)ysessionD0S1SSI43I&Wjsessionid nofailoverD4n
$: $:
"oad 'alancer 4ptions
"oad 'alancin 4ptions
-= -=
Stic)y Sessions
route is a value appended with a 7routevalue to the session id
Tomcat sets this usin the jvm-oute value
Jforward re(uests that o to *bar with load balancin
@,ro$y balancer+**barclusterA
'alancer9ember http+**tomcat;7domain7com+H<H< routeDtomcat;
'alancer9ember http+**tomcat57domain7com+H<H< routeDtomcat5
@*,ro$yA
conf/httpd.conf
3ow forward re(uests to the load balancer module
#forward all requests that end with .jsp with load balancing one line below
ProxyPassMatch ^(/.*\.jsp)$ balancer://barcluster$1 stickysession=JSESSIONID|
jsessionid nofailover=On
conf/httpd.conf
-1 -1
Connection ,oolin
Apache 575 has connection poolin as well
http;22httpd)apache)org2docs22)22mod2&or!er)html
http;22httpd)apache)org2docs22)22mod2prefor!)html
-2 -2
Connection ,oolin
With a lot of re(uest oin bac) to Tomcat
Default (alue
-7 -7
4ptimi>ed -outin
4ptimi>ed routin for www5
Tomcat 5 and 8 are hot standby instances
A'P connector
This is default to infinite" could cause a httpd thread to ne(er release" in case
your 'N, has an BB,
'est practices when reusin connections
8end P.AF2PBAF
Jwe should et at least some data in Ymin
wor)er7tomcat;7reply6timeoutD8<<<<<
conf/workers.properties
32 32
-eusin Connections
When reusin connections
Nirtual &or!er
,ethod 4 is %yre5uests
Jsimplest wor)er confi
wor)er7listDlbwor)er
wor)er7lbwor)er7typeDlb
wor)er7lbwor)er7balance6wor)ersDtomcat;% tomcat5
wor)er7lbwor)er7methodD-
conf/workers.properties
3/ 3/
mod6j) 'alanced Wor)er
&efine the two wor)ers
Jsimplest wor)er confi
wor)er7tomcat;7typeDajp;8
wor)er7tomcat;7hostDtomcat;7domain7com
wor)er7tomcat;7portDH<<[
wor)er7tomcat;7lbfactorDR
wor)er7tomcat57typeDajp;8
wor)er7tomcat57hostDtomcat57domain7com
wor)er7tomcat57portDH<<[
wor)er7tomcat57lbfactorD;
conf/workers.properties
33 33
mod6j) "' wor)er
Then just mount to the "' wor)er instead
Jload balanced confi
wor)er7listDlbwor)er
Jsame e$ample as ,ro$y,ass *bar *http+**tomcat;+H<H<*bar
0)9ount *bar lbwor)er
0)9ount *bar*T lbwor)er
J Alternatively
0)9ount *barB*T lbwor)er
conf/workers.properties
conf/httpd.conf
37 37
mod6j) status wor)er
The status wor)er does not communicate with Tomcat
It is responsible for the load balancer manaement
J Add the status wor)er to the wor)er list
wor)er7listDlbwor)er% j)status
J &efine a #j)status# wor)er usin status
wor)er7j)status7typeDstatus
conf/workers.properties
39 39
mod6j) status wor)er
Sample output from status wor)er
http;22tomcat)apache)org2connectors@doc2reference2status)html
3: 3:
mod6j) status e$plained
Aame of &or!er in
&or!er)properties
1oad%alance algorithm
re5uest" traffic" %usiness or random
8pecified (ia (m4oute
in ser(er)#ml
,apping specified in uri&or!ermap)properties
7= 7=
mod6j) status wor)er
Turn on the status module
conf/httpd.conf
J Add the j)status mount point
0)9ount *j)manaer*T j)status
J 1nable the 0O manaer access only from localhost
@"ocation *j)manaerA
0)9ount j)status
4rder deny%allow
&eny from all
Allow from ;5Z7<7<7;
@*"ocationA
71 71
mod6j) Stic)y Sessions
2se the jvm-oute from Tomcat
.f you use Apache 2)2Q and %asic load %alancing &ill suffice)
mod_! < older" more mature" more full@featured" %ut &ith a limited future and no
881 support)
mod_pro#y
6 Ap < for the same failo(er features as mod_! %ut missing large pac!ets and some
%alancing options)
6 Http2%alancer < for http including https
.f you are on one and you ha(e no pro%lem" stic! &ith it)
+o need to re(authenticate
3omogeneous nodes
Tomcat provides high availability& but does not provide the fail over mechanism
All classes put into the session should implement the Serializable interface
Slower perforance, ore to do
+ncreased cople)ity
Harder to troubleshoot
$e%uires ore resources and s0ills
11 11
Side /ffects of Clustering
Side effects of clustering and replication
.erformance considerations
,ou can also use <"1+ and <avascript variables to maintain state =A<A>?
Has a strong ipact on the application code itself
$sing default port4address values %ill cause a clash %ith an eAisting cluster
conf/server.xml
1# 1#
Topics in this Session
@rief overvie% of clustering
Enabling Tomcats clustering mechanism
Configuration options
Advanced Topics
1) 1)
Configuration #al0 Through
Settings behind default configuration are too large to paste into a
slide
Let2s wal0 through the ain eleents in the default configuration as
we learn about it
http*>>tocat(apache(org>tocat9@(A9doc>cluster9howto(htl
1* 1*
Channel Send Options
6eterines how essages are sent to the other nodes
6ifferent options define different delivery guarantees
Used during session replication to deterine response tie
6n synchronous mode the re;uest doesnBt return until session is replicated in all
cluster nodes
4(! nodes
more mature
23 23
#hy Bac0up 5anager&
Supports uch larger clusters
8embership is non(coordinated
2- 2-
5ebership /leent <default=
748 6ynaic ebership configuration 99:
75ebership
class3ae;<org(apache(catalina(tribes(ebership(5castService=
address;<""B(A(A(C=
port;<CDD@C=
fre%uency;<DAA=
dropTie;<!AAA=
>:
5ebership eleent
Default settings
conf/server.xml
35 35
5ebership /leent <ulticasting=
Bind ulticasting to an interface
Useful on ulti9hoed hosts
748 6ynaic ebership configuration 99:
75ebership
class3ae;<org(apache(catalina(tribes(ebership(5castService=
address;<""B(A(A(C=
port;<CDD@C=
fre%uency;<DAA=
dropTie;<!AAA=
bind;<1A(1(!(1"B=
>:
conf/server.xml
31 31
Static 5ebership
Useful on networ0s where ulti9casting is disallowed
To achieve this
Add
' org9apache9catalina9tribes9group9interceptors9"tatic8embership6nterceptor
$nderneath
' org9apache9catalina9tribes9group9interceptors9Tcp0ailureDetector 6nterceptor
+nside the Static5ebership+nterceptor you can add the static
ebers
http*>>tocat(apache(org>tocat9@(A9doc>config>cluster9interceptor(htl
32 32
Static 5ebership
Tcp'ailure6etector will do a health chec0 on the static ebers
+t onitors the for crashes
F7eepAliveCountG
F7eepAliveTimeG
conf/server.xml
3! 3!
$eceiver
a)Threads 8 thread pool to handle incoing essages
?ood value is n91 or -n91.>", where n are the nuber of nodes
748 essage receiver configuration 99:
7$eceiver
class3ae;<org(apache(catalina(tribes(transport(nio(3io$eceiver=
address;<auto=
port;<CAAA=
autoBind;<1AA=
a)Threads;<C=
>:
conf/server.xml
3# 3#
$eceiver <address=
748 essage receiver configuration 99:
7$eceiver
class3ae;<org(apache(catalina(tribes(transport(nio(3io$eceiver=
address;<auto=
port;<CAAA=
autoBind;<1AA=
a)Threads;<CAAA=
>:
address 8 auto, it auto resolves the +G address of the achine
Can also specify an +G address to bind to, li0e 1A(1(!(1"B
conf/server.xml
3) 3)
$eceiver <port=
$eceiver
auto@ind H 5 means that %e %ill pic7 the first available port bet%een port and
=portIauto@ind?
748 essage receiver configuration 99:
7$eceiver
class3ae;<org(apache(catalina(tribes(transport(nio(3io$eceiver=
address;<auto=
port;<CAAA=
autoBind;<1AA=
a)Threads;<CAAA=
>:
conf/server.xml
3* 3*
Advanced Topics
3- 3-
+nterceptors
Siilar to valves in ters of functionality
+nterceptor design pattern
Used to affect the behavior of essages sent and received
45 45
6ispatch +nterceptor
JKC async send support ((H
J6nterceptor
class+ameLorg9apache9catalina9tribes9group9intereceptors98essageDispatch1!6nterceptor 4H
Use to dispatch essage to support send option B
conf/server.xml
41 41
6ispatch +nterceptor
JKC async send support ((H
J6nterceptor
class+ameLorg9apache9catalina9tribes9group9intereceptors98essageDispatch1!6nterceptor
8aAMueue"iNeL#)15**#4 O #48@
4H
OO5 protection 8 %ueue will not grow past
conf/server.xml
42 42
'ailure 6etection
Soeties ulticast pac0ets don2t a0e it
This interceptor avoids false negatives
JKC tcp failure detection ((H
J6nterceptor
class+ameLorg9apache9catalina9tribes9group9intereceptors9Tcp0ailureDetector
4H
conf/server.xml
43 43
Throughput +nterceptor
$eport throughput
Grint stats every 1A0 essages
JKC message stat reports ((H
J6nterceptor
class+ameLorg9apache9catalina9tribes9group9intereceptors9Throughput6nterceptor
intervalL15555
4H
conf/server.xml
44 44
Kalves
7Cluster class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster= (((:
748 6elta5anager configuration 99:
75anager class3ae;<org(apache(catalina(ha(session(6elta5anager= ((>:
<! Channel configuration -->
7Channel class3ae;<org(apache(catalina(tribes(group(?roupChannel=:
(((
748 replication valve99:
7Kalve class3ae;<org(apache(catalina(ha(tcp($eplicationKalve=
'ilter;<=>:
(((
7>Channel:
7>Cluster:
+nitiate session replication at the end of each re%uest
'ilter can be used to not react to certain U$Ls
conf/server.xml
4! 4!
Kalves
+f using odLM0 and Mv$oute
#hen failing over, we need to change the session id
7Cluster class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster= (((:
748 6elta5anager configuration 99:
75anager class3ae;<org(apache(catalina(ha(session(6elta5anager= ((>:
<! Channel configuration -->
7Channel class3ae;<org(apache(catalina(tribes(group(?roupChannel=:
(((
748 replication valve99:
7Kalve class3ae;<org(apache(catalina(ha(tcp($eplicationKalve= 'ilter;<=>:
748 Mv route adMust valve99:
7Kalve class3ae;<org(apache(catalina(ha(session(Nv$outeBinderKalve=>:
(((
7>Channel:
7>Cluster:
conf/server.xml
4# 4#
Cluster Listener
Custo essaging listeners for certain types of essages
#or0s with the Nv$outeBinderKalve
JKC Pvm route adPust listener((H
JCluster:istener
class+ameLorg9apache9catalina9ha9session9<vm2oute"ession6D@inder:istener
4H
conf/server.xml
4) 4)
Cluster Listener
Listen for session change re%uest
#hen using the 6elta5anager
JKC delta manager session replication messages ((H
JCluster:istener
class+ameLorg9apache9catalina9ha9session9Cluster"ession:istener
4H
conf/server.xml
4* 4*
Channel Send Options <A=
A 8 fastest way to send
$elies on the TCG stac0 for guarantee
+f it reached the TCG send buffer, it2s considered successful
748 The default configuration is very siple 99:
7Cluster
class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster=
channelSendOptions;<A= >:
conf/server.xml
4- 4-
Channel Send Options <"=
" 8 receives an ACO fro the destination
As soon as the essage has been assebled destination sends an
ACO to the sender
?uarantees that the essage was received, but not processed
748 The default configuration is very siple 99:
7Cluster
class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster=
channelSendOptions;<"= >:
conf/server.xml
!5 !5
Channel Send Options <@=
@ 8 receives an ACO fro the destination
#hen the essage has been processed destination sends an ACO
to the sender
?uarantees that the essage was received and processed by the
reote node
748 The default configuration is very siple 99:
7Cluster
class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster=
channelSendOptions;<@= >:
conf/server.xml
!1 !1
Channel Send Options <1A=
1A -BP". 8 sends essages asynchronously
?uarantee level is ACO
Still favours response tie, but higher guarantee level
748 The default configuration is very siple 99:
7Cluster
class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster=
channelSendOptions;<1A= >:
conf/server.xml
!2 !2
Channel Send Options <1C=
1C -BP"PC. 8 sends essages asynchronously
?uarantee level is ACO, after essage processed
Still favours response tie, but highest guarantee level
748 The default configuration is very siple 99:
7Cluster
class3ae;<org(apache(catalina(ha(tcp(SipleTcpCluster=
channelSendOptions;<1C= >:
conf/server.xml
!3 !3
Suary
Brief overview of clustering
8angers
$t usuall% d"es n"t trace in&" %"u d" n"t need kn"w
'hen an err"r happens it can( h"wever( generate t"ns "& l"g entries
))
Tomcat Log Levels
What do I need to examine?
Log entries are categorized
D*+U,($-.O('/R-$-,(S*V*R*(./T/0
INFO no error! "ust in#ormation given to you
W$%NIN& you might care a little bit
S'('%' yes! no) you got an error
F$T$L )hatever this is! it can*t be good+
11
Inspecting Tomcat Logs
So )hat do I need to loo, at?
It-s easy to .grep- logs #or these entries
S'('%'/ Servlet0service12 #or servlet "sp thre) exception000
"ava0lang0Null3ointer'xception at
org0apache0"sp0npe4"sp04"spService1npe4"sp0"ava/552
22
Web $pplication Logging
6o) does this relate to )eb applications?
Web applications are autonomous
Onl% i& the applicati"n d"esn3t 4trap3 the err"r( t"mcat will catch it and l"g s"me
in&"
."und in catalina5266786#8275l"g
77 $n uncaught application error could loo, li,e this
S'('%'/ Servlet0service12 #or servlet "sp thre) exception
"ava0lang0Null3ointer'xception at
org0apache0"sp0npe4"sp04"spService1npe4"sp0"ava/552
99
Web $pplication Logging
Still )eb applications need to provide their o)n logs
/nd T"mcat d"esn3t reall% kn"w what3s g"ing "n inside applicati"n c"de :ase
77
Topics in this Session
T"mcat l"gging
8ava Stac, Traces
Viewing Requests
Thread Dumps
Using OS Utilities as an aid
JM and J!"ns"le
Other M"nit"ring T""ls
;;
8ava Stac, Traces
Sho)s the code execution path up until the error happened
77 $n uncaught application error could loo, li,e this
S'('%'/ Servlet0service12 #or servlet "sp thre) exception
"ava0lang0Null3ointer'xception
at org0apache0"sp0npe4"sp04"spService1npe4"sp0"ava/552
at org0apache0"asper0runtime06ttp8sp9ase0service16ttp8sp9ase0"ava/:;2
at "avax0servlet0http06ttpServlet0service16ttpServlet0"ava/<;=2
/
/
at
org0apache0coyote0http>>06ttp>>3rotocol?6ttp>>@onnection6andler0process1
6ttp>>3rotocol0"ava/5<=2
at org0apache0tomcat0util0net08Io'ndpoint?Wor,er0run18Io'ndpoint0"ava/AA:2
at "ava0lang0Thread0run1Thread0"ava/5B52
16 16
8ava Stac, Traces
Traces can be chained! only the root cause is the real error
7< /n uncaught applicati"n err"r c"uld l""k like this
S*V*R*= Servlet5service>? &"r servlet @sp threw eAcepti"n
@ava5lang5Runtime*Acepti"n= @ava5lang5-ullB"inter*Acepti"n
at "rg5apache5@sp5npeC@sp5C@spService>npeC@sp5@ava=1;?
at "rg5apache5@asper5runtime5DttpJsp+ase5service>DttpJsp+ase5@ava=96?
E
@aused by/ "ava0lang0Null3ointer'xception
at org0apache0"sp0npe4"sp04"spService1npe4"sp0"ava/5:2
555 1; m"re
11 11
Topics in this Session
T"mcat l"gging
Java Stack Traces
(ie)ing %eCuests
Thread Dumps
Using OS Utilities as an aid
JM and J!"ns"le
Other M"nit"ring T""ls
12 12
(ie)ing %eCuests
$ccess logs can help
F"u can print "ut headers( c""kies( request and sessi"n attri:utes
$n multithreaded c"nteAt "ne can l"se track "& what :el"ngs where
G unless %"u print "ut the thread name( and even then it3s t"ugh
/ll"ws l"gging "& all input and "utput generated :% /pache httpd
http=<<httpd5apache5"rg<d"cs<252<m"d<m"dCdumpi"5html
1) 1)
Seeing tra##ic
Net)or, sni##ers 1client7server2
T" list all threads that run inside a @ava pr"cess with a !BU usage higher than
656L=
22 22
Why Ese Thread Dumps?
Threads dumps can help you identi#y
Dead l"cks
Mem"r% usage
This will help %"u see i& threads are changing eAecuti"n path
Single thread dump can cause a l"t "& M&alse p"sitivesN( where %"u think a thread
is stuck :ut it3s n"t
This will "&ten put %"u "n the right path "n what is g"ing wr"ng
Sample output #or lso#
$ctive @onnections
netstat is an eAcellent t""l t" view s"ckets and their current state
@OKK$ND 3ID ES'% FD TX3' D'(I@' SIY'7OFF NOD' N$K'
bash O==N tomcat c)d DI% <!> A;BN <N5;:5B 7usr7local
"ava ONANA tomcat c)d DI% <!> A;BN <N5;:5B 7usr7local
more ONNO5 tomcat c)d DI% <!> A;BN <N5;:5B 7usr7local
27 27
OS Etilities Linux
Linux
nm"n
Ver% c"mprehensive
www5h%peric5c"m
#9 #9
3si3robe
3si3robe 1#ormerly Lambda 3robe2
'e: applicati"n
http=<<c"de5g""gle5c"m<p<psi8pr":e<
#7 #7
Summary
Tomcat logging
8ava Stac, Traces
(ie)ing %eCuests
Thread Dumps
D%peric
BsiBr":e
#; #;
\uestions?
11
Tomcat Troubleshooting Lab
22
Topics in this Session
Generating thread dumps
finding dead locks
OOME experiments
generating heap summaries
GC logs
netstat -na
11
Tomcat Java Virtual Machine
Internals
Understanding the JVM memory architecture
22
Topics in this Session
Internals of Java Memory
Understanding the Java Memory Layout
Out Of Memory Errors
Monitoring Agents
33
Storing data in memory
Java runs as a single process
In most cases
J(I managed memory would 'e an e)ception* and there are others
No shared memory between processes
+ermanent .pace
ode &eneration
.oc:et 3uffers
;hread stac:s
J(I ode
&ar'age ollection
+ermanent .pace
&ar'age ollection
%e$e$(er 3e re4erre*
to 5everything else67
18 18
JVM #rocess eap+ Java -b.ect eap
Java Object Heap
Permanent Space
Garbage Collection
11 11
Java -b.ect eap
/lso referred to as Java eap
instances of classes
Only moved to Old &eneration if they survive one or more minor &
Si'ed using
$--C#Use;LA3
$--C;LA3.i/eDEsi/e in F3%
$--C#>esi/e;LA3
$--C#+rint;LA3
J%; <3= and higher 6)5 ergonomics7
$--C+erm.i/eDEvalue% !initial"
$--CMa)+erm.i/eDEvalue% !ma)"
5ommon -ut -f Memory for webapp reloads
Separate space for pre0historic reasons
Early days of Java* class & was not common* reduces si/e of the Java 0eap
12 12
#ermanent Space Notes
#ermanent Space Memory Errors
9avaGlangGOutOfMemoryErrorC
+erm&en space
In many situations9 increasing ma& perm si'e will help
;hreads
JVM throws this Error* so that you have a chance of diagnosing the issue
To disable
088+0!se)5-verhead"imit
23 23
)arbage 5ollector istory
The idea
Easier to de'ug
24 24
#hases of )arbage 5ollection
"oc1 it down
All o'9ects that are to ta:e part in the & must 'e loc:ed
= so that they donIt mutate or change during gar'age collection
Mar1
>eclaim memory
25 25
Early version of Java
)arbage 5ollector wasn>t well tuned
-nly one algorithm was available
Mar1 and Sweep entire heap
oncurrent
Mar:
.weep
2) 2)
ow It Wor1s
"+rvivor "pace
E*en "pace
9en+re* "pace
:ro$ 9o
6G (ew o'9ect is created in Eden
2G When E<E( is full , minor collection
1G opy surviving o'9ects into 6
st
survivor space
5G (e)t time Eden is full $ opy from Eden to 2
nd
* opy from 6
st
to 2
nd
NG If 2
nd
fills and o'9ects remain in Eden or 6
st
* these get copied to tenured
1
3 4
11
4
4
5
1
5
21 21
%efinitions
Eden Space
+ool containing o'9ects that have e)isted for some time in the survivor space
22 22
ow It Wor1s
-ne survivor space is always empty
$--C#UseoncMar:.weep&
$--C#M.IncrementalMode
$--C#M.Incremental+acing
$--CM.Incremental<utyycleMinD8
$--C#M.Incremental<utyycleD68
$--C#Use+ar(ew&
$--C#M.+erm&en.weepingEna'led
To analy'e what is going on
$--C#+rint&<etails
$--C#+rint&;ime.tamps
$--C$;racelassUnloading
31 31
2ecommendations
088+E!se#arallel)5 FG 088+E!se#arNew)5
088+#arallel)5ThreadsHFnumber of cpusG
.et value to 5
If you have I cpus and ( JVM
.et value to 2
If you have I cpus and J JVM
.et value to 2
32 32
Topics in this Session
Internals of Java Memory
Understanding the Java Memory Layout
-ut -f Memory Errors
Monitoring Agents
33 33
-ut -f Memory Errors
If JVM is started using
$--C#0eap<umpOnOutOfMemoryError
>estarting JVM during this dump will cause unusa'le Ghprof file
$-m)6825m
+ermanent .pace
&ar'age ollection
-ut -f Memory Errors
Monitoring /gents
31 31
LuestionsK
11
Tomcat Performance Tuning
22
Topics in this Session
Performance Tuning Process
Tuning your connectors
Socket Buffers
MTU
Content delivery and caching
33
Measure current performance
Identify the current bottleneck
server67ml
8Connector9
To properly tune one must
Connection limits
1eusing connections
Traffic sha!ing
&oad balancing algorithm dri(es Tomcat configuration choices
::
!pache Tomcat' )TTP*S
"ur tuning options
Threads
connectionTimeout
Socket uffers
+ifferent connectors
Using SSC
Set to 1 if
B 0ery high concurrency
B Aot using SSC in Tomcat
B Using layer ' load alancer
B Using B?" connector
Set to 91 if
B Using SSC or lo. concurrency
B Cayer 5 load alancer .ith advanced features
B Using )31 or A?" connector
B?" connector automatically disales kee! alive for high connection counts
2+ 2+
Tuning T5P backlog
accept5ount
?ncrease if
B 0ery high concurrency <numer of connections=>
B Connections getting reIected during !eak traffic
B ;ee! alive should e off
-ecrease if
B ;ee! alive is on
B Connections getting acce!ted ut never serviced
22 22
Tuning timeouts
connectionTimeout
&ssentially@ ma7 time et.een TC3 !ackets during a locking read or .rite
?ncrease if
B Working .ith slo. clients <dial u!=>
B Using a layer 5 load alancer .ith connection limit%!ool and kee! alive on
-ecrease if
B Aeed faster timeouts
Used to dis!lay current state of the read and .rite socket uffers
5onsistent (alues in the .SendE1 or .Rec(E1 indicate that buffers
are not being emptied
due to defective s!ecs for discovery and fire.all rules to aout 12++
Sim!ly .rite to file@ set re$uest attriute and hand off to TomcatOs !oller threads
32 32
Static 5ontent +eli(ery
Si>e based cache for static content, default 07mb
#I" Tomcat has to deli(er it blocking mode
4I"*!PR
1elease .orker thread@ deliver the content using a ackground thread .hen the
client is ready to receive
33 33
G5ontext cacheMaxSi>e-167FH71
cacheTT&-1H77771
caching!llo,ed-1true1I
G*5ontextI
5ontent +eli(ery
5onfigured in G5ontextI element
67M# cache @default 07M#AJ
cache re(alidation e(ery H7 seconds @default K secondsAJ
caching enabled @default trueA
3' 3'
Summary
Performance Tuning Process
Tuning your connectors
Socket #uffers
MT3
5ontent deli(ery and caching
32 32
Euestions2
11
HTTP Protocol
22
Topics in this Session
HTTP : Basics
Concepts
Structure of a HTTP sequence
More HTTP Methods
Differences between HTTP 1.0 and 1.1
HTTP Connections
Authentication mechanisms
HTTP State manaement
Securit! considerations
""
What is HTTP?
HTTP : HyperText Transfer Protocol
Request/response protocol
Pro'ies5 acts both as ser$er and 4A5 can be reu#ar pro'! or re$erse pro'!
22
#ersions
HTTP/$%&
7ach request con$erts to a response5 without the HTTP ser$er rememberin the
request #ater
12 12
Topics in this Session
HTTP ; <asics
Concepts
Structure of a HTTP sequence
More HTTP Methods
Differences between HTTP 1.0 and 1.1
HTTP Connections
Authentication mechanisms
HTTP State manaement
Securit! considerations
1" 1"
Structure of a HTTP sequence , T*P connections
HTTP operates oer T*P connections- usually to port .$
/ne can use the same TCP connection to de#i$er requests for more than one
c#ient or for separate transaction that are not tied to each other
Some #oad ba#ancers do this5 maintain persistent connections to the ser$er5 and
reuse each connection to the ser$er for for mu#tip#e c#ient connections
C#ient
Ser$er
,equest
,esponse
The Request-Response sequence happens over the
same connection
1+ 1+
Structure of a HTTP Sequence , Basic HTTP /ethods
01T
>i$e me a resource
Same as >7T
P4T
D717T7
/PT0/GS
T,AC7
C/GG7CT
20 20
/ore HTTP /ethods
P=T
This a##ows a 4A to see what intermediar! pro'ies are addin to6remo$in from
the oriina# request
22 22
/ore HTTP /ethods
*3!!1*T
Pro'ies
O Ehen sendin a HTTPS request5 a pro'! can not decr!pt the messae5 !et the
messae has to o throuh the pro'!
O C/GG7CT informs the pro'! to open up a connection to a ser$er5 and then simp#!
forward an! data b!te for b!te
2" 2"
Topics in this Session
HTTP ; <asics
Concepts
Structure of a HTTP sequence
More HTTP Methods
2ifferences )et"een HTTP '%$ and '%'
HTTP Connections
Authentication mechanisms
HTTP State manaement
Securit! considerations
2+ 2+
HTTP '%$ s HTTP '%'
'%$ has shortcomin:s "ith respect to
Cachin
<andwidth /ptimiDation
Messae transmission
Performance
A#e'ibi#it!
C#ear#! specifies the $arious requirements for c#ients5 pro'ies and ser$ers.
2- 2-
HTTP '%$ s HTTP '%' , *achin:
*achin:
0ncorrect cachin of some responses that shou#d not ha$e been cached
0f ser$er can=t hand#e #are requests5 it wou#d return error code =after= bandwidth
consumption
Pros in '%'
Gew status codes 100 (continue)5 20. (partia# content) to faci#itate bandwidth
optimiDation
22 22
HTTP '%$ s HTTP '%' , !et"ork *onnection /ana:ement
7aster response time usin: persistent connections
JeepCA#i$e header
Persistent connection C ,euse the same TCP session for mu#tip#e requests
Persistent connections "ere extended "ith the concept of pipelinin:
in HTTP/'%'
Pipe#inin C C#ient can send man! requests o$er a TCP connection before
recei$in an! response
/ost @sin:le user requestsA consist of multiple HTTP requests
A##ows the ser$er to start sendin data before the tota# #enth is %nown
Host header
Aids with s#ow communication #in%s or when the user aent wishes to recei$e an
ac%now#edment for request recei$ed
"1 "1
Topics in this Session
HTTP ; <asics
Concepts
Structure of a HTTP sequence
More HTTP Methods
Differences between HTTP 1.0 and 1.1
HTTP *onnections
Authentication mechanisms
HTTP State manaement
Securit! considerations
"2 "2
Beep+(lie connections
Related headers
A##ows mu#tip#e HTTP transactions to ta%e p#ace o$er the same connection
Sa$es CP4 c!c#es in settin up and tearin down a TCP session for each
request
<asic
Diest
Serer/(pplication Specific
Aorm based
C#ient certificate
"9 "9
Basic (uthentication
Handled )y the )ro"ser
": ":
Basic (uthentication , Step '
HTTP/'%' 9$' (uthori?ation Required 6*R478
Date; Ari5 21 Mar 2009 19;1-;+2 >MT @C,1AB
Ser$er; Apache @C,1AB
EEECAuthenticate; <asic rea#mILfi#eMauthoriDation&
ContentC1enth; 119" @C,1AB
ContentCT!pe; te't6p#ainFcharsetI0S/C99-:C1 @C,1AB
@C,1AB
@htm#B
@headB
@tit#eBGot authoriDed@6tit#eB
@6headB
@bod!B
...
Response 4ine
Headers
Response Body
4en:th / encodin:
determined )y
headers
+0 +0
Basic (uthentication , Step 5
01T /path/to/file/index%html HTTP/'%' 6*R478
Host; www.sprinsource.com @C,1AB
4serCAent; MoDi##a6-.0 (EindowsF 4F Eindows GT -.1F enC4SF r$;1.9.1.12)
>ec%o620090201 Airefo'62.0.0.12 @C,1AB
Accept; imae6pn5H6HFqI0.- @C,1AB
AcceptC1anuae; enCus5enFqI0.- @C,1AB
AcceptC7ncodin; Dip5def#ate @C,1AB
AcceptCCharset; 0S/C99-:C15utfC9FqI0.25HFqI0.2 @C,1AB
JeepCA#i$e; "00 @C,1AB
(uthori?ation: Basic cC#nDE>FDCGt @C,1AB
@C,1AB
01T /path/to/file/index%html HTTP/'%' 6*R478
Host; www.sprinsource.com @C,1AB
4serCAent; MoDi##a6-.0 (EindowsF 4F Eindows GT -.1F enC4SF r$;1.9.1.12)
>ec%o620090201 Airefo'62.0.0.12 @C,1AB
Accept; imae6pn5H6HFqI0.- @C,1AB
AcceptC1anuae; enCus5enFqI0.- @C,1AB
AcceptC7ncodin; Dip5def#ate @C,1AB
AcceptCCharset; 0S/C99-:C15utfC9FqI0.25HFqI0.2 @C,1AB
JeepCA#i$e; "00 @C,1AB
(uthori?ation: Basic cC#nDE>FDCGt @C,1AB
@C,1AB
01T request: So no request )ody
Request 4ine
Headers
+1 +1
Basic (uthentication + Summary
*redentials passed "ith eery sin:le request
Stateless
7or security reasons- only "hen HTTPS
Correct5 the HTTP protoco# doesn8t re#! on the TCP state to maintain state
+: +:
HTTP State /ana:ement
State is mana:ed usin: IcookiesJ
*ookies are set/sent usin: headers
Ma' ae 3 time in seconds the 4A shou#d %eep the coo%ie around 3 sur$i$es 4A
restarts
HTTP is state#ess
0t doesn8tR
3nly "ay to clean up + timeouts
The memor! used on the ser$er to represent the state can on#! be timed out
due to 4A inacti$it!
-+ -+
Security *onsiderations
HTTP is clear text
LiveHTTPHeaders
http://livehttpheaders.mozdev.org/
Modify headers
http://modifyheaders.mozdev.org/
Internet e"plorer
http://###.$l!%&.se/iehttpheaders/do#load.html