Java Mailing List Archive

http://www.junlu.com/

Home » users-digest.tomcat »

users Digest 20 Mar 2013 18:47:42 -0000 Issue 11305

users-digest-help

2013-03-20


Author LoginPost Reply

users Digest 20 Mar 2013 18:47:42 -0000 Issue 11305

Topics (messages 240573 through 240592)

Re: Tomcat Behavior on Multiple HTTP requests from same browser
 240573 by: Christopher Schultz
 240574 by: Christopher Schultz
 240575 by: Caldarale, Charles R
 240576 by: André Warnier
 240582 by: Saurabh Agrawal
 240588 by: André Warnier

Re: Tomcat jdbc-pool not closing statements
 240577 by: Bertrand Guay-Paquet
 240578 by: Bertrand Guay-Paquet

Re: [tomcat] preventing to use it at startup
 240579 by: Stadelmann Josef
 240580 by: Harris, Jeffrey E.
 240581 by: Mark Thomas

Tomcat 6.0.20/Windows 2008 R2/SSL Configuration
 240583 by: my business mail
 240584 by: David kerber
 240585 by: my business mail
 240586 by: David kerber
 240587 by: my business mail
 240589 by: Harris, Jeffrey E.
 240590 by: André Warnier
 240591 by: my business mail
 240592 by: Harris, Jeffrey E.

Administrivia:

---------------------------------------------------------------------
To post to the list, e-mail: users@(protected)
To unsubscribe, e-mail: users-digest-unsubscribe@(protected)
For additional commands, e-mail: users-digest-help@(protected)

----------------------------------------------------------------------


Attachment: users_240573.eml (zipped)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

André,

On 3/20/13 6:52 AM, André Warnier wrote:
> If I may add something : at some point, on each Tomcat server,
> there is only 1 "listening socket" for one port (the point being :
> you could have several, but you won't have 8000). So even if your
> clients really send 8000 TCP requests to the server at the same
> moment, they will be serialized at some point, and from the
> server's point of view, they come in one by one.

While that is true, the threaded-dispatch of those requests does mean
that many requests can be processed simultaneously. Yes, they are
de-queued serially, but that happens very quickly compared to the
duration of the actual requests.

So, you can have 200 simultaneous requests /in-process/... not that
they all arrive at the exact same instant in time, but that they are
all being served (i.e. have threads assigned and are actually doing
work) simultaneously.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlFJwWYACgkQ9CaO5/Lv0PAtSQCaA1QrSvIOd4GPEKsA2+RezsxQ
RW4AnRBtpcy4LBypi9ShRmproEcerrjd
=inUq
-----END PGP SIGNATURE-----


Attachment: users_240574.eml (zipped)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Saurabh,

On 3/19/13 9:46 PM, Saurabh Agrawal wrote:
> <Executor   name="hybrisExecutor" namePrefix="hybrisHTTP"
> maxThreads="${tomcat.maxthreads}"
> minSpareThreads="${tomcat.minsparethreads}"
> maxIdleTime="${tomcat.maxidletime}"/> <Connector
> port="${tomcat.ajp.port}" maxHttpHeaderSize="8192" maxThreads="200"
> protocol="org.apache.coyote.ajp.AjpProtocol"
> executor="hybrisExecutor" enableLookups="false" acceptCount="100"
> connectionTimeout="20000" URIEncoding="UTF-8"
> disableUploadTimeout="true" />
>
> <Connector port="${tomcat.http.port}" maxHttpHeaderSize="8192"
> maxThreads="${tomcat.maxthreads}"
> protocol="org.apache.coyote.http11.Http11Protocol"
> executor="hybrisExecutor" enableLookups="false" acceptCount="100"
> connectionTimeout="20000" URIEncoding="UTF-8"
> disableUploadTimeout="true" />

Note that your <Executor> has maxThreads="200" and your <Connector>
uses that <Executor>: your ${tomcat.maxthreads} is being ignored.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlFJwdIACgkQ9CaO5/Lv0PDOMwCfUxQ+hIaIIWlVfOok6b2+tawK
eSoAn2Ivy26EMiLbhnaPs6VH35ZECbgB
=6T32
-----END PGP SIGNATURE-----


Attachment: users_240575.eml (zipped)
> From: Saurabh Agrawal [mailto:sagrawal@(protected)]
> Subject: RE: Tomcat Behavior on Multiple HTTP requests from same browser

> We have not set the "keep alive" explicitly in tomcat's server.xml.

It's on by default.

> <Connector port="${tomcat.ajp.port}"
> <Connector port="${tomcat.http.port}"

You have both HTTP and AJP <Connector>s defined; are the requests coming in over both or just one of them? The discussion so far has been primarily related to HTTP, not AJP.

- Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.



Attachment: users_240576.eml (zipped)
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Saurabh,
>
> On 3/19/13 9:46 PM, Saurabh Agrawal wrote:
>> <Executor   name="hybrisExecutor" namePrefix="hybrisHTTP"
>> maxThreads="${tomcat.maxthreads}"
>> minSpareThreads="${tomcat.minsparethreads}"
>> maxIdleTime="${tomcat.maxidletime}"/> <Connector
>> port="${tomcat.ajp.port}" maxHttpHeaderSize="8192" maxThreads="200"
>> protocol="org.apache.coyote.ajp.AjpProtocol"
>> executor="hybrisExecutor" enableLookups="false" acceptCount="100"
>> connectionTimeout="20000" URIEncoding="UTF-8"
>> disableUploadTimeout="true" />
>>
>> <Connector port="${tomcat.http.port}" maxHttpHeaderSize="8192"
>> maxThreads="${tomcat.maxthreads}"
>> protocol="org.apache.coyote.http11.Http11Protocol"
>> executor="hybrisExecutor" enableLookups="false" acceptCount="100"
>> connectionTimeout="20000" URIEncoding="UTF-8"
>> disableUploadTimeout="true" />
>
> Note that your <Executor> has maxThreads="200" and your <Connector>
> uses that <Executor>: your ${tomcat.maxthreads} is being ignored.
>
That, and the default keepalive setting, are probably the keys here.
And the observation of Chuck about the HTTP and AJP connectors. Over which Connector do
the test requests actually come in ?

And a question : is the "simulation" with the 10000 clients really comparable to what you
expect in the reality ? For example, if the simulation requests one page per client, and
then does nothing else with that page; but the real clients would get a page, and then
immediately request the 50 thumbnail images referenced by that page, conditions would be
really different, and keepalive would have a very different effect.


Attachment: users_240582.eml (zipped)

-----Original Message-----
From: André Warnier [mailto:aw@(protected)]
Sent: Wednesday, March 20, 2013 3:27 PM
To: Tomcat Users List
Subject: Re: Tomcat Behavior on Multiple HTTP requests from same browser

Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Saurabh,
>
> On 3/19/13 9:46 PM, Saurabh Agrawal wrote:
>> <Executor   name="hybrisExecutor" namePrefix="hybrisHTTP"
>> maxThreads="${tomcat.maxthreads}"
>> minSpareThreads="${tomcat.minsparethreads}"
>> maxIdleTime="${tomcat.maxidletime}"/> <Connector
>> port="${tomcat.ajp.port}" maxHttpHeaderSize="8192" maxThreads="200"
>> protocol="org.apache.coyote.ajp.AjpProtocol"
>> executor="hybrisExecutor" enableLookups="false" acceptCount="100"
>> connectionTimeout="20000" URIEncoding="UTF-8"
>> disableUploadTimeout="true" />
>>
>> <Connector port="${tomcat.http.port}" maxHttpHeaderSize="8192"
>> maxThreads="${tomcat.maxthreads}"
>> protocol="org.apache.coyote.http11.Http11Protocol"
>> executor="hybrisExecutor" enableLookups="false" acceptCount="100"
>> connectionTimeout="20000" URIEncoding="UTF-8"
>> disableUploadTimeout="true" />
>
> Note that your <Executor> has maxThreads="200" and your <Connector>
> uses that <Executor>: your ${tomcat.maxthreads} is being ignored.
>
That, and the default keepalive setting, are probably the keys here.
And the observation of Chuck about the HTTP and AJP connectors. Over which Connector do
the test requests actually come in ?

Saurabh - The actual front end requests come on AJP port. We are using AJP protocol for communication between Apache and Tomcat. It helps in load balancing across the application servers in cluster. There is a separate internal application (not exposed on internet) used by CMS team which is using HTTP connector. I hope that clarifies.

And a question : is the "simulation" with the 10000 clients really comparable to what you
expect in the reality ? For example, if the simulation requests one page per client, and
then does nothing else with that page; but the real clients would get a page, and then
immediately request the 50 thumbnail images referenced by that page, conditions would be
really different, and keepalive would have a very different effect.

Saurabh - The way we have configured our user journeys are as follows:

User 1: Hits homepage, clicks football link on home page, makes a selection, adds to cart and checkout. So this is one user journey which triggers multiple requests. All our assets are served from L3 CDN. So the asset requests never come to the application server. We have not set keep alive explicitly anywhere in tomcat.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)


Attachment: users_240588.eml (zipped)
Saurabh Agrawal wrote:
> -----Original Message-----
> From: André Warnier [mailto:aw@(protected)]
> Sent: Wednesday, March 20, 2013 3:27 PM
> To: Tomcat Users List
> Subject: Re: Tomcat Behavior on Multiple HTTP requests from same browser
>
> Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Saurabh,
>>
>> On 3/19/13 9:46 PM, Saurabh Agrawal wrote:
>>> <Executor   name="hybrisExecutor" namePrefix="hybrisHTTP"
>>> maxThreads="${tomcat.maxthreads}"
>>> minSpareThreads="${tomcat.minsparethreads}"
>>> maxIdleTime="${tomcat.maxidletime}"/>

<Connector
>>> port="${tomcat.ajp.port}" maxHttpHeaderSize="8192" maxThreads="200"
>>> protocol="org.apache.coyote.ajp.AjpProtocol"
>>> executor="hybrisExecutor" enableLookups="false" acceptCount="100"
>>> connectionTimeout="20000" URIEncoding="UTF-8"
>>> disableUploadTimeout="true" />
>>>
>>> <Connector port="${tomcat.http.port}" maxHttpHeaderSize="8192"
>>> maxThreads="${tomcat.maxthreads}"
>>> protocol="org.apache.coyote.http11.Http11Protocol"
>>> executor="hybrisExecutor" enableLookups="false" acceptCount="100"
>>> connectionTimeout="20000" URIEncoding="UTF-8"
>>> disableUploadTimeout="true" />

>> Note that your <Executor> has maxThreads="200" and your <Connector>
>> uses that <Executor>: your ${tomcat.maxthreads} is being ignored.
>>
> That, and the default keepalive setting, are probably the keys here.
> And the observation of Chuck about the HTTP and AJP connectors. Over which Connector do
> the test requests actually come in ?
>
> Saurabh - The actual front end requests come on AJP port. We are using AJP protocol for communication between Apache and Tomcat.

Right. So then I suppose that Christopher's note is not applicable. Probablya he misread,
because the way in which you pasted the configuration in the email makes it difficult to
read, after a couple of cut-and-paste.
As far as I can tell, the AJP connector refers to the Executor, and the Executor specifies
maxThreads="${tomcat.maxthreads}".

The main point of Christopher was that you specify a "maxThreads" parameter in both of
your Connectors, but because they both use the Executor, this parameter is being ignored
in the <Connector>, and it is only the maxThreads in the Executor that counts.

It helps in load balancing across the application servers in cluster. There is a
separate internal application (not exposed on internet) used by CMS team which is using
HTTP connector. I hope that clarifies.
>
Yes.

> And a question : is the "simulation" with the 10000 clients really comparable to what you
> expect in the reality ? For example, if the simulation requests one page per client, and
> then does nothing else with that page; but the real clients would get a page, and then
> immediately request the 50 thumbnail images referenced by that page, conditions would be
> really different, and keepalive would have a very different effect.
>
> Saurabh - The way we have configured our user journeys are as follows:
>
> User 1: Hits homepage, clicks football link on home page, makes a selection, adds to cart and checkout. So this is one user journey which triggers multiple requests.

Hi. Your usage of "user journey" is a bit obscure (to me at least) in the context of
analysing a matter of tomcat request/response performance.
I kind of understand what you mean, but it does not really provide the answer to the
questions :
- is this what you are using in your tests ?
- are you doing this same series of requests for each of your 10000 "test clients" ?
- does this represent (more or less) what you are expecting later "in production" ?

The point here was to avoid a case where you would be "optimising" the parameters in
function of a benchmark test, and then find out later that your production case is totally
different, and your optimal benchmark settings are totally inappropriate for the
production case.

> All our assets are served from L3 CDN. So the asset requests never come to the
application server.

That, I do not understand. I do not understand what you mean by "assets" here, and I do
not understand "L3 CDN". So I cannot tell of this is relevant or not to the problem.
Have pity for the people trying to help you here, who only know Tomcat and HTTP/AJP.
Try to use vocabulary that we understand, and you may get better help.

> We have not set keep alive explicitly anywhere in tomcat.
>
What Chuck was telling you in an earlier message, is that even if you do not set it
explicitly, it is set to some default non-zero value by Tomcat.
Look at this page in the on-line documentation :
http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html#Standard_Implementations

So, by default (unless you explicitly define it),

keepAliveTimeout :  

The number of milliseconds this Connector will wait for another AJP request before closing
the connection. The default value is to use the value that has been set for the
connectionTimeout attribute.

and

connectionTimeout  

The number of milliseconds this Connector will wait, after accepting a connection, for the
request URI line to be presented. The default value for AJP protocol connectors is -1
(i.e. infinite).

So, by default, the keepAliveTimeout is set to "infinite".

So now, read very carefully, because this describes a very specific set of circumstances,
which are not really applicable to you, but it is just for basic understanding.

/If/ your clients were connecting directly to a Tomcat basic HTTP Connector (named BIO),
and you did not set any explicit keepAliveTimeout or connectionTimeout
and /If/ you were not using an Executor
/Then/ what would happen is this :
1) the client opens a connection to the server's HTTP connector, requesting a "keepalive"
connection (that is what browsers do by default in HTTP 1.1)
2) the server, by default, considers this connection as "persistent"
3) the server (in this case, the Connector) allocates a Thread to this connection, and
this Thread now listens to what the client is going to say
4) the client sends one request on this connection
5) the allocated Thread receives the request, processes the request, and sends the
response. Then it waits, to see if another request comes on the same connection.
And if the client keeps the connection open, but does not send any additional request on
that connection, the Thread will wait theoretically forever (because that is what the
documentation says about the default value of these parameters).
So /in this particular case/, you would have one Tomcat Thread that is now dedicated to
this connection, doing nothing, but being unavailable to process any other request from
any other client.

In other words, /in the particular set of conditions above/, if you wanted to avoid this
situation, then you should set the keepAliveTimeout *explicitly*, to some reasonable value.

What is a reasonable value ?
That depends very much on your application.

Let's imagine a counter-example, and suppose that the connection was not a keepalive
connection.
In that case, for each new request of the client, the client would have to create a *new*
TCP connection to the server, to send one request and receive one response. Then the
server would close the connection, and for the next request the client would again need to
open a new connection.
That would be fine if a client was only sending a single request from time to time,
because then you would not be tying up resources on the server, that can be better used
for something else.
But it would be inefficient if the client always retrieves a first html page, and then in
that page there are 10 embedded images that the client also needs to retrieve. The client
would then have to open and close 10 consecutive times a new connection, each time to
retrieve one single image.
So if you know that your application is so that a client will always need to retrieve
several "objects" one after the other in a short interval, it is better to use one single
connection to do this, and thus to ask for a "persistent" or "keep-alive" connection.

You should set the keepAliveTimeout to a time sufficient so that the client has the time
to request all the additional objects that it wants, before the server closes the connection.
But it should not be too long, because otherwise the Thread is going to wait a long time
after the client has sent his last request, before the Thread decides that it has waited
long enough, closes the connection, and returns to the pool of available Threads, to do
something else.
So in the practice today, with normal Internet connection speeds, and normal clients and
servers, a keepAliveTimeout of maximum 5 seconds is probably more than enough.
And for that, you should set it /explicitly/ to 5000 (milliseconds).

Now your case is a bit different, because
- you are not using the HTTP BIO connector (you use AJP)
- in front of your Tomcat, is an Apache httpd server. This server has its own keep-alive
settings which apply to the connection of the client with Apache httpd. And these
keep-alive settings are a bit different from the Tomcat ones (for example, there is a
keep-alive timeout, but also a MaxKeepAliveRequests)
- between Apache httpd and Tomcat, there is the mod_jk module in Apache, and that module
uses its own timeouts (as set in workers.properties), and in addition it uses itself a
pool of connections to Tomcat, and this pool of connections has its own rules for keeping
alive a connection between Apache and Tomcat.

But the basic principles above apply, and may explain why you are seeing what appears to
be one Thread dedicated to one client, forever.












Attachment: users_240577.eml (zipped)
Bug reported at https://issues.apache.org/bugzilla/show_bug.cgi?id=54732

Due to another bug in TomEE, StatementCache is always enabled. That bug
is reported here: https://issues.apache.org/jira/browse/TOMEE-837

Thanks for your help

On 20/03/2013 7:28 AM, Felix Schumacher wrote:
> Am 19.03.2013 22:20, schrieb Bertrand Guay-Paquet:
>> On 19/03/2013 5:05 PM, Felix Schumacher wrote:
>>> Have you looked at
>>> http://grokbase.com/t/openejb/users/13135d2a0v/jdbc-connection-pool-memory-leak
>>> ? It seems like your problem. Regards Felix
>>
>> Indeed, this is extremely similar to my issue. Thanks for sharing this.
>>
>> It does seem however like the StatementFinalizer Tomcat interceptor
>> should not be necessary if an application closes its connections,
>> statements and result sets properly. From what I could see by stepping
>> in the code, this is the case with MyBatis. The actual source of the
>> problem really seems to be that Tomcat's jdbc pool swallows calls to
>> Statement.close() like I showed in my original message.
> Now that I had time to look more closely, I believe you are right and
> the assignment of 'closed' and 'delegate' before (or even after) the
> call to super.closeInvoked() looks like a bug, too.
>
> So I think you should go ahead and file one in bugzilla. You should
> keep in mind, that afaik the StatementCache is not enabled by default
> in tomcat.
>
> Regards
> Felix
>>
>> Regards,
>> Bertrand
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@(protected)
>> For additional commands, e-mail: users-help@(protected)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>



Attachment: users_240578.eml (zipped)
Bug reported at https://issues.apache.org/bugzilla/show_bug.cgi?id=54732

Due to another bug in TomEE, StatementCache is always enabled. That bug
is reported here: https://issues.apache.org/jira/browse/TOMEE-837

Thanks for your help

On 20/03/2013 7:28 AM, Felix Schumacher wrote:
> Am 19.03.2013 22:20, schrieb Bertrand Guay-Paquet:
>> On 19/03/2013 5:05 PM, Felix Schumacher wrote:
>>> Have you looked at
>>> http://grokbase.com/t/openejb/users/13135d2a0v/jdbc-connection-pool-memory-leak
>>> ? It seems like your problem. Regards Felix
>>
>> Indeed, this is extremely similar to my issue. Thanks for sharing this.
>>
>> It does seem however like the StatementFinalizer Tomcat interceptor
>> should not be necessary if an application closes its connections,
>> statements and result sets properly. From what I could see by stepping
>> in the code, this is the case with MyBatis. The actual source of the
>> problem really seems to be that Tomcat's jdbc pool swallows calls to
>> Statement.close() like I showed in my original message.
> Now that I had time to look more closely, I believe you are right and
> the assignment of 'closed' and 'delegate' before (or even after) the
> call to super.closeInvoked() looks like a bug, too.
>
> So I think you should go ahead and file one in bugzilla. You should
> keep in mind, that afaik the StatementCache is not enabled by default
> in tomcat.
>
> Regards
> Felix
>>
>> Regards,
>> Bertrand
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@(protected)
>> For additional commands, e-mail: users-help@(protected)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>



Attachment: users_240579.eml (zipped)
Thank you Jeffrey

BUT
we are not FW owner, AND
we are so tiny little smalls in the AXA world AND
our holly FW godfather admin is keeping his fingers on the holly FW.

But why can tomcat not close and open the port 8080 and keep
it in a way inexistent for external access unless the server is really up!
I am not a TCP socket expert, so I do not know what else we can do to prevent
that a request from our users reaching the server too early.

How is that normally I intend to GET a html page and get the return saying
"Sorry but server maintenance work is in progress blab la bla"?


Josef

-----Ursprüngliche Nachricht-----
Von: Harris, Jeffrey E. [mailto:Jeffrey.Harris@(protected)]
Gesendet: Mittwoch, 20. März 2013 13:19
An: Tomcat Users List
Betreff: RE: [tomcat] preventing to use it at startup



> -----Original Message-----
> From: Stadelmann Josef [mailto:josef.stadelmann@(protected)]
> Sent: Wednesday, March 20, 2013 5:06 AM
> To: users@(protected)
> Subject: [tomcat] preventing to use it at startup
>
> Hi
>
> Is there an easy way to manage, to prevent, that my AS Tomcat is
> serving
>
> request before it is fully up and running; while fully up means - it
> has deployed all web apps and web app axis2 (a servlet engine) is up
> and has deployed all its modules *.mar and web service archives *.aar
> before any requests for this web services are accepted.
>
> Josef

Just as a quick thought, presuming you have a way of determining that the server is ready, why not just block the port on the local firewall until the server is ready, and then unblock the port? That means you would have to turn the firewall on if it is not currently running.

You could script this into a startup task on the server.

Jeffrey Harris

This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)



Attachment: users_240580.eml (zipped)


> -----Original Message-----
> From: Stadelmann Josef [mailto:josef.stadelmann@(protected)]
> Sent: Wednesday, March 20, 2013 12:15 PM
> To: Tomcat Users List
> Subject: AW: [tomcat] preventing to use it at startup
>
> Thank you Jeffrey
>
> BUT
> we are not FW owner, AND
> we are so tiny little smalls in the AXA world AND our holly FW
> godfather admin is keeping his fingers on the holly FW.
>
> But why can tomcat not close and open the port 8080 and keep it in a
> way inexistent for external access unless the server is really up!
> I am not a TCP socket expert, so I do not know what else we can do to
> prevent that a request from our users reaching the server too early.
>
> How is that normally I intend to GET a html page and get the return
> saying "Sorry but server maintenance work is in progress blab la bla"?
>
>
> Josef
>

Josef,

I am suggesting that you use the firewall on the local server, not the network ("holly") firewall.
If you have access to the server, you can configure a local firewall. Both Windows and
Linux have built-in firewalls, and generally they are already active, but you may need
to turn them on if they are disabled, and they will need to be configured to open and
close port 8080.

Jeffrey Harris

This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments.


Attachment: users_240581.eml (zipped)
On 20/03/2013 16:14, Stadelmann Josef wrote:
> Thank you Jeffrey
>
> BUT
> we are not FW owner, AND
> we are so tiny little smalls in the AXA world AND
> our holly FW godfather admin is keeping his fingers on the holly FW.
>
> But why can tomcat not close and open the port 8080 and keep
> it in a way inexistent for external access unless the server is really up!
> I am not a TCP socket expert, so I do not know what else we can do to prevent
> that a request from our users reaching the server too early.
>
> How is that normally I intend to GET a html page and get the return saying
> "Sorry but server maintenance work is in progress blab la bla"?

Tomcat provides no such messages by default so something else is
providing that.

For a clean Tomcat install, the setting you want is bindOnInit="false" from:
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html

Mark


Attachment: users_240583.eml (zipped)
HI,
I un-commented the SSL section in the server.xml file and added the path
and password to the keystore. But when accessing the
https://localhost:8443/ URL, it just keeps spinning. no error , it just
doesn't seem to connect. This is my first time configuring in w2k8. Is
there something else I'd have to do for this OS?


<Connector port="*8080*" protocol="*HTTP/1.1*"
connectionTimeout="*20000*"redirectPort
="*8443*" disableUploadTimeout="*true*" socketBuffer="*64000*"maxHttpHeaderSize
="*8192*" maxThreads="*150*" enableLookups="*false*" acceptCount="*100*" />

 <Connector port="*8443*" protocol="*HTTP/1.1*" SSLEnabled="*true*"maxThreads
="*150*" scheme="*https*" secure="*true*" clientAuth="*false*" sslProtocol="
*TLS*" keystoreFile="*D:/DevCert/dev.keystore*" keystorePass="*password1***"/>
  <Connector port="*8009*" protocol="*AJP/1.3*" redirectPort="*8443*" />

Attachment: users_240584.eml (zipped)
On 3/20/2013 1:41 PM, my business mail wrote:
> HI,
> I un-commented the SSL section in the server.xml file and added the path
> and password to the keystore. But when accessing the
> https://localhost:8443/ URL, it just keeps spinning. no error , it just
> doesn't seem to connect. This is my first time configuring in w2k8. Is
> there something else I'd have to do for this OS?
>
>
>  <Connector port="*8080*" protocol="*HTTP/1.1*"
> connectionTimeout="*20000*"redirectPort
> ="*8443*" disableUploadTimeout="*true*" socketBuffer="*64000*"maxHttpHeaderSize
> ="*8192*" maxThreads="*150*" enableLookups="*false*" acceptCount="*100*" />
>
>   <Connector port="*8443*" protocol="*HTTP/1.1*" SSLEnabled="*true*"maxThreads
> ="*150*" scheme="*https*" secure="*true*" clientAuth="*false*" sslProtocol="
> *TLS*" keystoreFile="*D:/DevCert/dev.keystore*" keystorePass="*password1***"/>
>    <Connector port="*8009*" protocol="*AJP/1.3*" redirectPort="*8443*" />
>

Why don't you just copy and paste this section without any additional
formatting, bold, stars etc, so we can see if you might have a typo in
it. For one thing, does there need to be a space before "maxThreads"?



Attachment: users_240585.eml (zipped)
OK, here is the text copied from notepad.


  <Connector executor="tomcatThreadPool"
         port="8080" protocol="HTTP/1.1"
         connectionTimeout="20000"
         redirectPort="8443" />


  <Connector port="8442" protocol="HTTP/1.1" SSLEnabled="true"
         maxThreads="150" scheme="https" secure="true"
         clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/DevCert/dev.keystore" keystorePass="password1" />


  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

Attachment: users_240586.eml (zipped)
On 3/20/2013 2:02 PM, my business mail wrote:
> OK, here is the text copied from notepad.
>
>
>    <Connector executor="tomcatThreadPool"
>           port="8080" protocol="HTTP/1.1"
>           connectionTimeout="20000"
>           redirectPort="8443" />
>
>
>    <Connector port="8442" protocol="HTTP/1.1" SSLEnabled="true"

8442? Shouldn't it be 8443?


>           maxThreads="150" scheme="https" secure="true"
>           clientAuth="false" sslProtocol="TLS"
> keystoreFile="D:/DevCert/dev.keystore" keystorePass="password1" />
>
>
>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>



Attachment: users_240587.eml (zipped)
So, I know the port numbers can be set to any unused port. I was toggling
between 8442 and 8443. Neither worked. I just set it back to 8443.
I feel like it's connecting somehow, because if I put in a port number that
isn't configured...I get a connection error message.
Otherwise, the browser icon just keeps spinning...nothing happens.No errors
at all.

On Wed, Mar 20, 2013 at 2:09 PM, David kerber <dckerber@(protected):

> On 3/20/2013 2:02 PM, my business mail wrote:
>
>> OK, here is the text copied from notepad.
>>
>>
>>    <Connector executor="tomcatThreadPool"
>>           port="8080" protocol="HTTP/1.1"
>>           connectionTimeout="20000"
>>           redirectPort="8443" />
>>
>>
>>    <Connector port="8442" protocol="HTTP/1.1" SSLEnabled="true"
>>
>
> 8442? Shouldn't it be 8443?
>
>
>
>            maxThreads="150" scheme="https" secure="true"
>>           clientAuth="false" sslProtocol="TLS"
>> keystoreFile="D:/DevCert/dev.**keystore" keystorePass="password1" />
>>
>>
>>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>>
>>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<users-unsubscribe@(protected)>
> For additional commands, e-mail: users-help@(protected)
>
>

Attachment: users_240589.eml (zipped)


> -----Original Message-----
> From: my business mail [mailto:mv.mail3@(protected)]
> Sent: Wednesday, March 20, 2013 2:18 PM
> To: Tomcat Users List
> Subject: Re: Tomcat 6.0.20/Windows 2008 R2/SSL Configuration
>
> So, I know the port numbers can be set to any unused port. I was
> toggling between 8442 and 8443. Neither worked. I just set it back to
> 8443.
> I feel like it's connecting somehow, because if I put in a port number
> that isn't configured...I get a connection error message.
> Otherwise, the browser icon just keeps spinning...nothing happens.No
> errors at all.
>
> On Wed, Mar 20, 2013 at 2:09 PM, David kerber <dckerber@(protected)>
> wrote:
>
> > On 3/20/2013 2:02 PM, my business mail wrote:
> >
> >> OK, here is the text copied from notepad.
> >>
> >>
> >>    <Connector executor="tomcatThreadPool"
> >>           port="8080" protocol="HTTP/1.1"
> >>           connectionTimeout="20000"
> >>           redirectPort="8443" />
> >>
> >>
> >>    <Connector port="8442" protocol="HTTP/1.1" SSLEnabled="true"
> >>
> >
> > 8442? Shouldn't it be 8443?
> >
> >
> >
> >            maxThreads="150" scheme="https" secure="true"
> >>           clientAuth="false" sslProtocol="TLS"
> >> keystoreFile="D:/DevCert/dev.**keystore" keystorePass="password1" />
> >>
> >>
> >>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
> >> />
> >>
> >>
> >
> > ------------------------------**------------------------------**-----
> -
> > --- To unsubscribe, e-mail:
> > users-unsubscribe@(protected)-
> unsubscribe@(protected).
> > org> For additional commands, e-mail: users-help@(protected)
> >
> >

I do not see a reference to a truststore:

         truststoreFile=".\conf\myts.jks"

The truststore can be the same file as the keystore.

What do the error logs show?

Jeffrey Harris

This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments.


Attachment: users_240590.eml (zipped)
Hi my business mail.
Don't top-post.

my business mail wrote:

> On Wed, Mar 20, 2013 at 2:09 PM, David kerber <dckerber@(protected):
>
>> On 3/20/2013 2:02 PM, my business mail wrote:
>>
>>> OK, here is the text copied from notepad.
>>>
>>>
>>>    <Connector executor="tomcatThreadPool"
>>>           port="8080" protocol="HTTP/1.1"
>>>           connectionTimeout="20000"
>>>           redirectPort="8443" />
>>>
>>>
>>>    <Connector port="8442" protocol="HTTP/1.1" SSLEnabled="true"
>>>
>> 8442? Shouldn't it be 8443?
>>
>>
>>
>>            maxThreads="150" scheme="https" secure="true"
>>>           clientAuth="false" sslProtocol="TLS"
>>> keystoreFile="D:/DevCert/dev.**keystore" keystorePass="password1" />
>>>
>>>
>>>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>>>
>>>

> So, I know the port numbers can be set to any unused port. I was toggling
> between 8442 and 8443. Neither worked. I just set it back to 8443.
> I feel like it's connecting somehow, because if I put in a port number that
> isn't configured...I get a connection error message.
> Otherwise, the browser icon just keeps spinning...nothing happens.No errors
> at all.
>

Maybe you forgot to open the port in the Windows firewall ?


Attachment: users_240591.eml (zipped)
I only added the keystore property not truststore. I was just following
what i'd done for tomcat4.1 on w2k3. Here is the log file. The keystore
file is DEF in the path indicated, but i see the error below in the
catalina file.

Mar 20, 2013 2:35:21 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'clientAuth' to 'false' did not find a matching property.
Mar 20, 2013 2:35:21 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'keystoreFile' to 'D:/DevCert/dev.keystore' did not find a matching
property.
Mar 20, 2013 2:35:21 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'keystorePass' to 'password1' did not find a matching property.
Mar 20, 2013 2:35:21 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
Mar 20, 2013 2:35:21 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Mar 20, 2013 2:35:22 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Mar 20, 2013 2:35:22 PM org.apache.coyote.http11.Http11AprProtocol init
SEVERE: Error initializing endpoint
java.lang.Exception: No Certificate file specified or invalid file format
  at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
  at org.apache.tomcat.util.net.AprEndpoint.init (AprEndpoint.java:697)
  at
org.apache.coyote.http11.Http11AprProtocol.init (Http11AprProtocol.java:107)
  at
org.apache.catalina.connector.Connector.initialize (Connector.java:1058)
  at
org.apache.catalina.core.StandardService.initialize (StandardService.java:677)
  at
org.apache.catalina.core.StandardServer.initialize (StandardServer.java:795)
  at org.apache.catalina.startup.Catalina.load (Catalina.java:535)
  at org.apache.catalina.startup.Catalina.load (Catalina.java:555)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at
sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:39)
  at
sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke (Method.java:597)
  at org.apache.catalina.startup.Bootstrap.load (Bootstrap.java:260)
  at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:412)
Mar 20, 2013 2:35:22 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException: Protocol handler initialization failed:
java.lang.Exception: No Certificate file specified or invalid file format
  at
org.apache.catalina.connector.Connector.initialize (Connector.java:1060)
  at
org.apache.catalina.core.StandardService.initialize (StandardService.java:677)
  at
org.apache.catalina.core.StandardServer.initialize (StandardServer.java:795)
  at org.apache.catalina.startup.Catalina.load (Catalina.java:535)
  at org.apache.catalina.startup.Catalina.load (Catalina.java:555)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at
sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:39)
  at
sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke (Method.java:597)
  at org.apache.catalina.startup.Bootstrap.load (Bootstrap.java:260)
  at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:412)
Mar 20, 2013 2:35:22 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2143 ms
Mar 20, 2013 2:35:22 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Mar 20, 2013 2:35:22 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.20
Mar 20, 2013 2:35:23 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Mar 20, 2013 2:35:24 PM org.apache.coyote.http11.Http11AprProtocol start
SEVERE: Error starting endpoint
java.lang.Exception: Socket bind failed: [730048] Only one usage of each
socket address (protocol/network address/port) is normally permitted.
  at org.apache.tomcat.util.net.AprEndpoint.init (AprEndpoint.java:623)
  at org.apache.tomcat.util.net.AprEndpoint.start (AprEndpoint.java:730)
  at
org.apache.coyote.http11.Http11AprProtocol.start (Http11AprProtocol.java:137)
  at org.apache.catalina.connector.Connector.start (Connector.java:1131)
  at
org.apache.catalina.core.StandardService.start (StandardService.java:531)
  at
org.apache.catalina.core.StandardServer.start (StandardServer.java:710)
  at org.apache.catalina.startup.Catalina.start (Catalina.java:583)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at
sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:39)
  at
sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke (Method.java:597)
  at org.apache.catalina.startup.Bootstrap.start (Bootstrap.java:288)
  at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:413)
Mar 20, 2013 2:35:24 PM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler start
failed: java.lang.Exception: Socket bind failed: [730048] Only one usage of
each socket address (protocol/network address/port) is normally permitted.
  at org.apache.catalina.connector.Connector.start (Connector.java:1138)
  at
org.apache.catalina.core.StandardService.start (StandardService.java:531)
  at
org.apache.catalina.core.StandardServer.start (StandardServer.java:710)
  at org.apache.catalina.startup.Catalina.start (Catalina.java:583)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at
sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:39)
  at
sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke (Method.java:597)
  at org.apache.catalina.startup.Bootstrap.start (Bootstrap.java:288)
  at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:413)
Mar 20, 2013 2:35:24 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2023 ms


On Wed, Mar 20, 2013 at 2:27 PM, Harris, Jeffrey E. <
Jeffrey.Harris@(protected):

>
>
> > -----Original Message-----
> > From: my business mail [mailto:mv.mail3@(protected)]
> > Sent: Wednesday, March 20, 2013 2:18 PM
> > To: Tomcat Users List
> > Subject: Re: Tomcat 6.0.20/Windows 2008 R2/SSL Configuration
> >
> > So, I know the port numbers can be set to any unused port. I was
> > toggling between 8442 and 8443. Neither worked. I just set it back to
> > 8443.
> > I feel like it's connecting somehow, because if I put in a port number
> > that isn't configured...I get a connection error message.
> > Otherwise, the browser icon just keeps spinning...nothing happens.No
> > errors at all.
> >
> > On Wed, Mar 20, 2013 at 2:09 PM, David kerber <dckerber@(protected)>
> > wrote:
> >
> > > On 3/20/2013 2:02 PM, my business mail wrote:
> > >
> > >> OK, here is the text copied from notepad.
> > >>
> > >>
> > >>    <Connector executor="tomcatThreadPool"
> > >>           port="8080" protocol="HTTP/1.1"
> > >>           connectionTimeout="20000"
> > >>           redirectPort="8443" />
> > >>
> > >>
> > >>    <Connector port="8442" protocol="HTTP/1.1" SSLEnabled="true"
> > >>
> > >
> > > 8442? Shouldn't it be 8443?
> > >
> > >
> > >
> > >            maxThreads="150" scheme="https" secure="true"
> > >>           clientAuth="false" sslProtocol="TLS"
> > >> keystoreFile="D:/DevCert/dev.**keystore" keystorePass="password1" />
> > >>
> > >>
> > >>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
> > >> />
> > >>
> > >>
> > >
> > > ------------------------------**------------------------------**-----
> > -
> > > --- To unsubscribe, e-mail:
> > > users-unsubscribe@(protected)-
> > unsubscribe@(protected).
> > > org> For additional commands, e-mail: users-help@(protected)
> > >
> > >
>
> I do not see a reference to a truststore:
>
>           truststoreFile=".\conf\myts.jks"
>
> The truststore can be the same file as the keystore.
>
> What do the error logs show?
>
> Jeffrey Harris
>
> This e-mail and any attachments are intended only for the use of the
> addressee(s) named herein and may contain proprietary information. If you
> are not the intended recipient of this e-mail or believe that you received
> this email in error, please take immediate action to notify the sender of
> the apparent error by reply e-mail; permanently delete the e-mail and any
> attachments from your computer; and do not disseminate, distribute, use, or
> copy this message and any attachments.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
>

Attachment: users_240592.eml (zipped)

> -----Original Message-----
> From: my business mail [mailto:mv.mail3@(protected)]
> Sent: Wednesday, March 20, 2013 2:39 PM
> To: Tomcat Users List
> Subject: Re: Tomcat 6.0.20/Windows 2008 R2/SSL Configuration
>
> I only added the keystore property not truststore. I was just following
> what i'd done for tomcat4.1 on w2k3. Here is the log file. The
> keystore file is DEF in the path indicated, but i see the error below
> in the catalina file.
>
> Mar 20, 2013 2:35:21 PM
> org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
> property 'clientAuth' to 'false' did not find a matching property.
> Mar 20, 2013 2:35:21 PM
> org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
> property 'keystoreFile' to 'D:/DevCert/dev.keystore' did not find a
> matching property.
> Mar 20, 2013 2:35:21 PM
> org.apache.catalina.startup.SetAllPropertiesRule
> begin
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
> property 'keystorePass' to 'password1' did not find a matching
> property.
> Mar 20, 2013 2:35:21 PM org.apache.catalina.core.AprLifecycleListener
> init
> INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
> Mar 20, 2013 2:35:21 PM org.apache.catalina.core.AprLifecycleListener
> init
> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
> [false], random [true].
> Mar 20, 2013 2:35:22 PM org.apache.coyote.http11.Http11AprProtocol init
> INFO: Initializing Coyote HTTP/1.1 on http-8080 Mar 20, 2013 2:35:22 PM
> org.apache.coyote.http11.Http11AprProtocol init
> SEVERE: Error initializing endpoint
> java.lang.Exception: No Certificate file specified or invalid file
> format
>   at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
>   at
> org.apache.tomcat.util.net.AprEndpoint.init (AprEndpoint.java:697)
>   at
> org.apache.coyote.http11.Http11AprProtocol.init (Http11AprProtocol.java:
> 107)
>   at
> org.apache.catalina.connector.Connector.initialize (Connector.java:1058)
>   at
> org.apache.catalina.core.StandardService.initialize(StandardService.jav
> a:677)
>   at
> org.apache.catalina.core.StandardServer.initialize (StandardServer.java:
> 795)
>   at org.apache.catalina.startup.Catalina.load (Catalina.java:535)
>   at org.apache.catalina.startup.Catalina.load (Catalina.java:555)
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
> va:39)
>   at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
> rImpl.java:25)
>   at java.lang.reflect.Method.invoke (Method.java:597)
>   at org.apache.catalina.startup.Bootstrap.load (Bootstrap.java:260)
>   at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:412)
> Mar 20, 2013 2:35:22 PM org.apache.catalina.startup.Catalina load
> SEVERE: Catalina.start
> LifecycleException: Protocol handler initialization failed:
> java.lang.Exception: No Certificate file specified or invalid file
> format
>   at
> org.apache.catalina.connector.Connector.initialize (Connector.java:1060)
>   at
> org.apache.catalina.core.StandardService.initialize(StandardService.jav
> a:677)
>   at
> org.apache.catalina.core.StandardServer.initialize (StandardServer.java:
> 795)
>   at org.apache.catalina.startup.Catalina.load (Catalina.java:535)
>   at org.apache.catalina.startup.Catalina.load (Catalina.java:555)
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
> va:39)
>   at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
> rImpl.java:25)
>   at java.lang.reflect.Method.invoke (Method.java:597)
>   at org.apache.catalina.startup.Bootstrap.load (Bootstrap.java:260)
>   at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:412)
> Mar 20, 2013 2:35:22 PM org.apache.catalina.startup.Catalina load
> INFO: Initialization processed in 2143 ms Mar 20, 2013 2:35:22 PM
> org.apache.catalina.core.StandardService start
> INFO: Starting service Catalina
> Mar 20, 2013 2:35:22 PM org.apache.catalina.core.StandardEngine start
> INFO: Starting Servlet Engine: Apache Tomcat/6.0.20 Mar 20, 2013
> 2:35:23 PM org.apache.coyote.http11.Http11AprProtocol start
> INFO: Starting Coyote HTTP/1.1 on http-8080 Mar 20, 2013 2:35:24 PM
> org.apache.coyote.http11.Http11AprProtocol start
> SEVERE: Error starting endpoint
> java.lang.Exception: Socket bind failed: [730048] Only one usage of
> each socket address (protocol/network address/port) is normally
> permitted.
>   at
> org.apache.tomcat.util.net.AprEndpoint.init (AprEndpoint.java:623)
>   at
> org.apache.tomcat.util.net.AprEndpoint.start (AprEndpoint.java:730)
>   at
> org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java
> :137)
>   at
> org.apache.catalina.connector.Connector.start (Connector.java:1131)
>   at
> org.apache.catalina.core.StandardService.start (StandardService.java:531
> )
>   at
> org.apache.catalina.core.StandardServer.start (StandardServer.java:710)
>   at org.apache.catalina.startup.Catalina.start (Catalina.java:583)
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
> va:39)
>   at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
> rImpl.java:25)
>   at java.lang.reflect.Method.invoke (Method.java:597)
>   at org.apache.catalina.startup.Bootstrap.start (Bootstrap.java:288)
>   at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:413)
> Mar 20, 2013 2:35:24 PM org.apache.catalina.startup.Catalina start
> SEVERE: Catalina.start:
> LifecycleException: service.getName(): "Catalina"; Protocol handler
> start
> failed: java.lang.Exception: Socket bind failed: [730048] Only one
> usage of each socket address (protocol/network address/port) is
> normally permitted.
>   at
> org.apache.catalina.connector.Connector.start (Connector.java:1138)
>   at
> org.apache.catalina.core.StandardService.start (StandardService.java:531
> )
>   at
> org.apache.catalina.core.StandardServer.start (StandardServer.java:710)
>   at org.apache.catalina.startup.Catalina.start (Catalina.java:583)
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
> va:39)
>   at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
> rImpl.java:25)
>   at java.lang.reflect.Method.invoke (Method.java:597)
>   at org.apache.catalina.startup.Bootstrap.start (Bootstrap.java:288)
>   at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:413)
> Mar 20, 2013 2:35:24 PM org.apache.catalina.startup.Catalina start
> INFO: Server startup in 2023 ms
>
>
> On Wed, Mar 20, 2013 at 2:27 PM, Harris, Jeffrey E. <
> Jeffrey.Harris@(protected):
>
> >
> >
> > > -----Original Message-----
> > > From: my business mail [mailto:mv.mail3@(protected)]
> > > Sent: Wednesday, March 20, 2013 2:18 PM
> > > To: Tomcat Users List
> > > Subject: Re: Tomcat 6.0.20/Windows 2008 R2/SSL Configuration
> > >
> > > So, I know the port numbers can be set to any unused port. I was
> > > toggling between 8442 and 8443. Neither worked. I just set it back
> > > to 8443.
> > > I feel like it's connecting somehow, because if I put in a port
> > > number that isn't configured...I get a connection error message.
> > > Otherwise, the browser icon just keeps spinning...nothing
> happens.No
> > > errors at all.
> > >
> > > On Wed, Mar 20, 2013 at 2:09 PM, David kerber
> <dckerber@(protected)>
> > > wrote:
> > >
> > > > On 3/20/2013 2:02 PM, my business mail wrote:
> > > >
> > > >> OK, here is the text copied from notepad.
> > > >>
> > > >>
> > > >>    <Connector executor="tomcatThreadPool"
> > > >>           port="8080" protocol="HTTP/1.1"
> > > >>           connectionTimeout="20000"
> > > >>           redirectPort="8443" />
> > > >>
> > > >>
> > > >>    <Connector port="8442" protocol="HTTP/1.1"
> SSLEnabled="true"
> > > >>
> > > >
> > > > 8442? Shouldn't it be 8443?
> > > >
> > > >
> > > >
> > > >            maxThreads="150" scheme="https" secure="true"
> > > >>           clientAuth="false" sslProtocol="TLS"
> > > >> keystoreFile="D:/DevCert/dev.**keystore"
> keystorePass="password1"
> > > >> />
> > > >>
> > > >>
> > > >>     <Connector port="8009" protocol="AJP/1.3"
> redirectPort="8443"
> > > >> />
> > > >>
> > > >>
> > > >
> > > > ------------------------------**------------------------------**-
> -
> > > > ---
> > > -
> > > > --- To unsubscribe, e-mail:
> > > > users-unsubscribe@(protected)-
> > > unsubscribe@(protected).
> > > > org> For additional commands, e-mail: users-
> help@(protected)
> > > >
> > > >
> >
> > I do not see a reference to a truststore:
> >
> >           truststoreFile=".\conf\myts.jks"
> >
> > The truststore can be the same file as the keystore.
> >
> > What do the error logs show?
> >
> > Jeffrey Harris
> >

One problem is that Tomcat is not finding your keystore file or loading your
certificates. This can be because you entered the wrong path or file name,
specified the wrong password, or there is a problem with the actual content
of your keystore file.

Jeffrey Harris



This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments.

©2008 junlu.com - Jax Systems, LLC, U.S.A.