Posts tagged tomcat

ubuntu 10.04 change ulimit
posted on 2016-12-27 16:31

When trying to change the ulimit setting for open files this did not work system-wide by changing the /etc/security/limits.conf:

root@server:~# grep -v ^# /etc/security/limits.conf 


* soft nofile 4096
* hard nofile 10240

The only solution was to change the init script of the service needing more open files.

In my case it was a tomcat:

...

case "$1" in
  start)
        ulimit -n 10240

...

That way both the hard and the soft limit gets set to 10240, instead of setting them separately via -Hn and -Sn.

Of course (haha) you need to have enough capability to allow that many files systemwide, either put it into /etc/sysctl.conf and do sysctl -p or just do:

sysctl -w fs.file-max=1000000

Related bug report here.

sudo: Restart tomcat with tomcat user
posted on 2015-12-11 08:14:40

Just put this into /etc/sudoers: (Thou shalt use visudo command!)

tomcat7 ALL=(ALL) NOPASSWD: /usr/bin/service tomcat7 restart

This of course assumes you have a user called tomcat7 which is responsible for running your tomcat installation. :)

Tomcat memory settings on Debian
posted on 2014-08-27 17:57:37

To double all the base tomcat memory limits, use this:

/etc/default/tomcat7:

JAVA_OPTS="-Djava.awt.headless=true -XX:+UseConcMarkSweepGC -Xms512m -Xmx1024m -XX:MaxPermSize=256m"

This edits the startup settings of tomcat. The parts in question are these:

# set the minimum heap size
-Xms512m
# set the maximum heap size
-Xmx1024m
# set the permgen space size
-XX:MaxPermSize=256m

Try these if your tomcat has hickups.

Running tomcat on port 80
posted on 2014-08-13 12:46:39

To run a tomcat on port 80 (which needs system user rights):

vim /etc/default/tomcat7:

AUTHBIND=yes

In case you need tomcat on port 80 and 443, this seems not to work.

My approach was to let it run on the base ports (8080 and 8443) and to redirect these via iptables.

vim /etc/init.d/firewall:

# first open all the ports needed
$bin -A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 80 -j ACCEPT
$bin -A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 443 -j ACCEPT
$bin -A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 8080 -j ACCEPT
$bin -A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW,ESTABLISHED,RELATED --dport 8443 -j ACCEPT
# flush nat table... beware if you already use that chain elsewhere!
$bin -F -t nat
$bin -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
$bin -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443

In case you want to run tomcat and apache in parallel, assign a second IP to your NIC.
Then add the IP of tomcat to the redirect statements above via -d <this.is.the.ip>.

Change tomcat's used java version
posted on 2014-08-12 10:20:19

To change the java version used, on a debian install, which is used by tomcat, change /etc/default/tomcat7.

There you have to change the JAVA_HOME setting accordingly.

Exporting JAVA_HOME by hand is no use, and changing the init script in /etc/init.d/tomcat7 is not just ugly and bad style, but michgt also be overwritten by future updates.

Apache, mod_proxy, tomcat, two ip's on Debian
posted on 2014-07-31 13:45:12

To get an apache running to serve different ip's and sites at once, all on port 80, plus handing requests through to tomcat, this guide tries to explain the neccesary steps.

networking

First, set up a second ip for proper networking:

/etc/network/interfaces:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

#allow-hotplug eth0
auto eth0 
iface eth0 inet static
        address 10.0.0.21
        netmask 255.255.255.0
        network 10.0.0.0
        broadcast 10.0.0.255
        gateway 10.0.0.1

auto eth0:1
iface eth0:1 inet static
        address 10.0.0.22
        netmask 255.255.255.0

For security reasons, the actual subnet used was exchanged to 10.0.0.. Use your own. :)

IP 1 is 10.0.0.21, IP 2 is 10.0.0.22 here.

Do not forget to take the interface up afterwards:

$ ifdown eth0
$ ifup eth0

Also do not use service networking restart, it is a deprecated command.
Do not use ip l set eth0 down and ip l set eth0 up for this. It will bring the link back up, but you won't have ip addresses assigned. For more information, the iproute2 tool suite is really mighty, but you may need some more in-depth-knowledge.

Then

$ ip a

should show you something like this:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:25:90:ea:45:ac brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.21/24 brd 10.0.0.255 scope global eth0
    inet 10.0.0.22/24 brd 10.0.0.255 scope global secondary eth0:1

Then eth0 has state UP (not DOWN) and you see both IP's properly assigned. If you do not use a syntax like eth0:1 for the second ip in /etc/network/interfaces, you will only see one ip shown by the deprecated ifconfig command!

tomcat

Tomcat setting should best be left untouched, so it uses localhost and port 8080 to listen on.

/etc/tomcat7/server.xml:

...

   <Connector port="8080" protocol="HTTP/1.1"
              connectionTimeout="20000"
              URIEncoding="UTF-8"
              redirectPort="8443" 
              address="localhost"/>

...

If apache's mod_proxy was not be used, here for address the second ip could be set (10.0.0.22), and port to 80. However you'd need a linux system account, if you want to use a port below 1024. If you do not want this, you have to use either mod_proxy, mod_proxy_ajp, or mod_jk. The latter is the fastest and has most setting, but sure is more complex, too. mod_proxy_ajp is in between both, speed-wise. mod_proxy however works with any backend, not just tomcat or other servlet containers.

apache

ports.conf

/etc/apache2/ports.conf

Listen 80
Listen 443
NameVirtualHost 10.0.0.21:80
NameVirtualHost 10.0.0.21:443

Note that, you may need to drop the 443 lines, if you do not use https. The NameVirtualHost directive tells apache, to enable name-based virtual host support. This is needed, since our apache serves several domains. If the directive were to be omitted, then apache would only ever serve the first domain it would have in it's loading process. (Can be shown via apache2ctl -S.)

Since Tomcat serves only one site, no name-based virtual hosting is needed for it, thus no entry is needed.

virtualhost configs

Further is assumed, that you already have two existing vhost files, which are properly structured, are enabled and work, for each domain. The sites are named firstsite.de, secondsite.de and tomcatsite.org and already reside in /etc/apache2/sites-available.

First IP: 10.0.0.21

/etc/apache2/sites-available/000-firstsite.de

<VirtualHost 10.0.0.21:80>
    ServerName firstsite.de
    ServerAlias www.firstsite.de
    ...

/etc/apache2/sites-available/001-secondsite.de

<VirtualHost 10.0.0.21:80>
    ServerName secondsite.de
    ServerAlias www.secondsite.de
    ...

Second IP: 10.0.0.22

/etc/apache2/sites-available/002-proxy-for-tomcat

<VirtualHost 10.0.0.22:80>
    ServerName tomcatsite.org
    ServerAlias www.tomcatsite.org
    ...

    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    ...

The 000-, 001- and 002- are just prefixes, to ensure the order of the pages being loaded.

mod_proxy

Enable the apache proxy module.

$ a2enmod proxy
$ a2enmod proxy_http

finish

Enable the vhost configs and restart the web server.

$ a2ensite 000-firstsite.de
$ a2ensite 001-secondsite.de
$ a2ensite 002-proxy-for-tomcat
$ service apache2 restart

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, arcconf, arch, architecture, areca, arping, asa, asdm, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pvecm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

View posts from 2017-02, 2017-01, 2016-12, 2016-11, 2016-10, 2016-09, 2016-08, 2016-07, 2016-06, 2016-05, 2016-04, 2016-03, 2016-02, 2016-01, 2015-12, 2015-11, 2015-10, 2015-09, 2015-08, 2015-07, 2015-06, 2015-05, 2015-04, 2015-03, 2015-02, 2015-01, 2014-12, 2014-11, 2014-10, 2014-09, 2014-08, 2014-07, 2014-06, 2014-05, 2014-04, 2014-03, 2014-01, 2013-12, 2013-11, 2013-10


Unless otherwise credited all material Creative Commons License by sjas