| 1 |
> can you post your server.xml ? |
| 2 |
|
| 3 |
Basically it's the default one that comes with the tomcat5 ~x86 ebuild: |
| 4 |
|
| 5 |
<!-- Example Server Configuration File --> |
| 6 |
<!-- Note that component elements are nested corresponding to their |
| 7 |
parent-child relationships with each other --> |
| 8 |
|
| 9 |
<!-- A "Server" is a singleton element that represents the entire JVM, |
| 10 |
which may contain one or more "Service" instances. The Server |
| 11 |
listens for a shutdown command on the indicated port. |
| 12 |
|
| 13 |
Note: A "Server" is not itself a "Container", so you may not |
| 14 |
define subcomponents such as "Valves" or "Loggers" at this level. |
| 15 |
--> |
| 16 |
|
| 17 |
<Server port="8005" shutdown="ceaaec5a39646db" debug="0"> |
| 18 |
|
| 19 |
|
| 20 |
<!-- Comment these entries out to disable JMX MBeans support --> |
| 21 |
<!-- You may also configure custom components (e.g. Valves/Realms) by |
| 22 |
including your own mbean-descriptor file(s), and setting the |
| 23 |
"descriptors" attribute to point to a ';' seperated list of paths |
| 24 |
(in the ClassLoader sense) of files to add to the default list. |
| 25 |
e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml" |
| 26 |
--> |
| 27 |
<Listener |
| 28 |
className="org.apache.catalina.mbeans.ServerLifecycleListener" |
| 29 |
debug="0"/> |
| 30 |
<Listener |
| 31 |
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" |
| 32 |
debug="0"/> |
| 33 |
|
| 34 |
<!-- Global JNDI resources --> |
| 35 |
<GlobalNamingResources> |
| 36 |
|
| 37 |
<!-- Test entry for demonstration purposes --> |
| 38 |
<Environment name="simpleValue" type="java.lang.Integer" |
| 39 |
value="30"/> |
| 40 |
|
| 41 |
<!-- Editable user database that can also be used by |
| 42 |
UserDatabaseRealm to authenticate users --> |
| 43 |
<Resource name="UserDatabase" auth="Container" |
| 44 |
type="org.apache.catalina.UserDatabase" |
| 45 |
description="User database that can be updated and saved"> |
| 46 |
</Resource> |
| 47 |
<ResourceParams name="UserDatabase"> |
| 48 |
<parameter> |
| 49 |
<name>factory</name> |
| 50 |
|
| 51 |
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value> |
| 52 |
</parameter> |
| 53 |
<parameter> |
| 54 |
<name>pathname</name> |
| 55 |
<value>conf/tomcat-users.xml</value> |
| 56 |
</parameter> |
| 57 |
</ResourceParams> |
| 58 |
|
| 59 |
</GlobalNamingResources> |
| 60 |
|
| 61 |
<!-- A "Service" is a collection of one or more "Connectors" that |
| 62 |
share |
| 63 |
a single "Container" (and therefore the web applications visible |
| 64 |
within that Container). Normally, that Container is an "Engine", |
| 65 |
but this is not required. |
| 66 |
|
| 67 |
Note: A "Service" is not itself a "Container", so you may not |
| 68 |
define subcomponents such as "Valves" or "Loggers" at this level. |
| 69 |
--> |
| 70 |
|
| 71 |
<!-- Define the Tomcat Stand-Alone Service --> |
| 72 |
<Service name="Catalina"> |
| 73 |
|
| 74 |
<!-- A "Connector" represents an endpoint by which requests are |
| 75 |
received |
| 76 |
and responses are returned. Each Connector passes requests on |
| 77 |
to the |
| 78 |
associated "Container" (normally an Engine) for processing. |
| 79 |
|
| 80 |
By default, a non-SSL HTTP/1.1 Connector is established on port |
| 81 |
8080. |
| 82 |
You can also enable an SSL HTTP/1.1 Connector on port 8443 by |
| 83 |
following the instructions below and uncommenting the second |
| 84 |
Connector |
| 85 |
entry. SSL support requires the following steps (see the SSL |
| 86 |
Config |
| 87 |
HOWTO in the Tomcat 5 documentation bundle for more detailed |
| 88 |
instructions): |
| 89 |
* If your JDK version 1.3 or prior, download and install JSSE |
| 90 |
1.0.2 or |
| 91 |
later, and put the JAR files into "$JAVA_HOME/jre/lib/ext". |
| 92 |
* Execute: |
| 93 |
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA |
| 94 |
(Windows) |
| 95 |
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA |
| 96 |
(Unix) |
| 97 |
with a password value of "changeit" for both the certificate |
| 98 |
and |
| 99 |
the keystore itself. |
| 100 |
|
| 101 |
By default, DNS lookups are enabled when a web application |
| 102 |
calls |
| 103 |
request.getRemoteHost(). This can have an adverse impact on |
| 104 |
performance, so you can disable it by setting the |
| 105 |
"enableLookups" attribute to "false". When DNS lookups are |
| 106 |
disabled, |
| 107 |
request.getRemoteHost() will return the String version of the |
| 108 |
IP address of the remote client. |
| 109 |
--> |
| 110 |
|
| 111 |
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 --> |
| 112 |
<Connector port="8080" |
| 113 |
maxThreads="150" minSpareThreads="25" |
| 114 |
maxSpareThreads="75" |
| 115 |
enableLookups="false" redirectPort="8443" |
| 116 |
acceptCount="100" |
| 117 |
debug="0" connectionTimeout="20000" |
| 118 |
disableUploadTimeout="true" /> |
| 119 |
<!-- Note : To disable connection timeouts, set connectionTimeout |
| 120 |
value |
| 121 |
to 0 --> |
| 122 |
|
| 123 |
<!-- Note : To use gzip compression you could set the following |
| 124 |
properties : |
| 125 |
|
| 126 |
compression="on" |
| 127 |
compressionMinSize="2048" |
| 128 |
noCompressionUserAgents="gozilla, traviata" |
| 129 |
compressableMimeType="text/html,text/xml" |
| 130 |
--> |
| 131 |
|
| 132 |
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> |
| 133 |
<!-- |
| 134 |
<Connector port="8443" |
| 135 |
maxThreads="150" minSpareThreads="25" |
| 136 |
maxSpareThreads="75" |
| 137 |
enableLookups="false" disableUploadTimeout="true" |
| 138 |
acceptCount="100" debug="0" scheme="https" secure="true" |
| 139 |
clientAuth="false" sslProtocol="TLS" /> |
| 140 |
--> |
| 141 |
|
| 142 |
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 --> |
| 143 |
<Connector port="8009" |
| 144 |
enableLookups="false" redirectPort="8443" debug="99" |
| 145 |
protocol="AJP/1.3" /> |
| 146 |
|
| 147 |
<!-- Define a Proxied HTTP/1.1 Connector on port 8082 --> |
| 148 |
<!-- See proxy documentation for more information about using this. |
| 149 |
--> |
| 150 |
<!-- |
| 151 |
<Connector port="8082" |
| 152 |
maxThreads="150" minSpareThreads="25" |
| 153 |
maxSpareThreads="75" |
| 154 |
enableLookups="false" |
| 155 |
acceptCount="100" debug="0" connectionTimeout="20000" |
| 156 |
proxyPort="80" disableUploadTimeout="true" /> |
| 157 |
--> |
| 158 |
|
| 159 |
<!-- An Engine represents the entry point (within Catalina) that |
| 160 |
processes |
| 161 |
every request. The Engine implementation for Tomcat stand |
| 162 |
alone |
| 163 |
analyzes the HTTP headers included with the request, and passes |
| 164 |
them |
| 165 |
on to the appropriate Host (virtual host). --> |
| 166 |
|
| 167 |
<!-- You should set jvmRoute to support load-balancing via JK/JK2 ie |
| 168 |
: |
| 169 |
<Engine name="Standalone" defaultHost="localhost" debug="0" |
| 170 |
jvmRoute="jvm1"> |
| 171 |
--> |
| 172 |
|
| 173 |
<!-- Define the top level container in our container hierarchy --> |
| 174 |
<Engine name="Catalina" defaultHost="localhost" debug="0"> |
| 175 |
|
| 176 |
<!-- The request dumper valve dumps useful debugging information |
| 177 |
about |
| 178 |
the request headers and cookies that were received, and the |
| 179 |
response |
| 180 |
headers and cookies that were sent, for all requests received |
| 181 |
by |
| 182 |
this instance of Tomcat. If you care only about requests to |
| 183 |
a |
| 184 |
particular virtual host, or a particular application, nest |
| 185 |
this |
| 186 |
element inside the corresponding <Host> or <Context> entry |
| 187 |
instead. |
| 188 |
|
| 189 |
For a similar mechanism that is portable to all Servlet 2.4 |
| 190 |
containers, check out the "RequestDumperFilter" Filter in the |
| 191 |
example application (the source for this filter may be found |
| 192 |
in |
| 193 |
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters"). |
| 194 |
|
| 195 |
Request dumping is disabled by default. Uncomment the |
| 196 |
following |
| 197 |
element to enable it. --> |
| 198 |
<!-- |
| 199 |
<Valve className="org.apache.catalina.valves.RequestDumperValve"/> |
| 200 |
--> |
| 201 |
|
| 202 |
<!-- Global logger unless overridden at lower levels --> |
| 203 |
<Logger className="org.apache.catalina.logger.FileLogger" |
| 204 |
prefix="catalina_log." suffix=".txt" |
| 205 |
timestamp="true"/> |
| 206 |
|
| 207 |
<!-- Because this Realm is here, an instance will be shared |
| 208 |
globally --> |
| 209 |
|
| 210 |
<!-- This Realm uses the UserDatabase configured in the global |
| 211 |
JNDI |
| 212 |
resources under the key "UserDatabase". Any edits |
| 213 |
that are performed against this UserDatabase are immediately |
| 214 |
available for use by the Realm. --> |
| 215 |
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" |
| 216 |
debug="0" resourceName="UserDatabase"/> |
| 217 |
|
| 218 |
<!-- Comment out the old realm but leave here for now in case we |
| 219 |
need to go back quickly --> |
| 220 |
<!-- |
| 221 |
<Realm className="org.apache.catalina.realm.MemoryRealm" /> |
| 222 |
--> |
| 223 |
|
| 224 |
<!-- Replace the above Realm with one of the following to get a |
| 225 |
Realm |
| 226 |
stored in a database and accessed via JDBC --> |
| 227 |
|
| 228 |
<!-- |
| 229 |
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" |
| 230 |
driverName="org.gjt.mm.mysql.Driver" |
| 231 |
connectionURL="jdbc:mysql://localhost/authority" |
| 232 |
connectionName="test" connectionPassword="test" |
| 233 |
userTable="users" userNameCol="user_name" |
| 234 |
userCredCol="user_pass" |
| 235 |
userRoleTable="user_roles" roleNameCol="role_name" /> |
| 236 |
--> |
| 237 |
|
| 238 |
<!-- |
| 239 |
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" |
| 240 |
driverName="oracle.jdbc.driver.OracleDriver" |
| 241 |
connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL" |
| 242 |
connectionName="scott" connectionPassword="tiger" |
| 243 |
userTable="users" userNameCol="user_name" |
| 244 |
userCredCol="user_pass" |
| 245 |
userRoleTable="user_roles" roleNameCol="role_name" /> |
| 246 |
--> |
| 247 |
|
| 248 |
<!-- |
| 249 |
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" |
| 250 |
driverName="sun.jdbc.odbc.JdbcOdbcDriver" |
| 251 |
connectionURL="jdbc:odbc:CATALINA" |
| 252 |
userTable="users" userNameCol="user_name" |
| 253 |
userCredCol="user_pass" |
| 254 |
userRoleTable="user_roles" roleNameCol="role_name" /> |
| 255 |
--> |
| 256 |
|
| 257 |
<!-- Define the default virtual host |
| 258 |
Note: XML Schema validation will not work with Xerces 2.2. |
| 259 |
--> |
| 260 |
<Host name="localhost" debug="0" appBase="webapps" |
| 261 |
unpackWARs="true" autoDeploy="true" |
| 262 |
xmlValidation="false" xmlNamespaceAware="false"> |
| 263 |
|
| 264 |
<!-- Defines a cluster for this node, |
| 265 |
By defining this element, means that every manager will be |
| 266 |
changed. |
| 267 |
So when running a cluster, only make sure that you have |
| 268 |
webapps in there |
| 269 |
that need to be clustered and remove the other ones. |
| 270 |
A cluster has the following parameters: |
| 271 |
|
| 272 |
className = the fully qualified name of the cluster class |
| 273 |
|
| 274 |
name = a descriptive name for your cluster, can be anything |
| 275 |
|
| 276 |
debug = the debug level, higher means more output |
| 277 |
|
| 278 |
mcastAddr = the multicast address, has to be the same for |
| 279 |
all the nodes |
| 280 |
|
| 281 |
mcastPort = the multicast port, has to be the same for all |
| 282 |
the nodes |
| 283 |
|
| 284 |
mcastBindAddr = bind the multicast socket to a specific |
| 285 |
address |
| 286 |
|
| 287 |
mcastTTL = the multicast TTL if you want to limit your |
| 288 |
broadcast |
| 289 |
|
| 290 |
mcastSoTimeout = the multicast readtimeout |
| 291 |
|
| 292 |
mcastFrequency = the number of milliseconds in between |
| 293 |
sending a "I'm alive" heartbeat |
| 294 |
|
| 295 |
mcastDropTime = the number a milliseconds before a node is |
| 296 |
considered "dead" if no heartbeat is received |
| 297 |
|
| 298 |
tcpThreadCount = the number of threads to handle incoming |
| 299 |
replication requests, optimal would be the same amount of threads as |
| 300 |
nodes |
| 301 |
|
| 302 |
tcpListenAddress = the listen address (bind address) for |
| 303 |
TCP cluster request on this host, |
| 304 |
in case of multiple ethernet cards. |
| 305 |
auto means that address becomes |
| 306 |
|
| 307 |
InetAddress.getLocalHost().getHostAddress() |
| 308 |
|
| 309 |
tcpListenPort = the tcp listen port |
| 310 |
|
| 311 |
tcpSelectorTimeout = the timeout (ms) for the |
| 312 |
Selector.select() method in case the OS |
| 313 |
has a wakup bug in java.nio. Set to 0 |
| 314 |
for no timeout |
| 315 |
|
| 316 |
printToScreen = true means that managers will also print to |
| 317 |
std.out |
| 318 |
|
| 319 |
expireSessionsOnShutdown = true means that |
| 320 |
|
| 321 |
useDirtyFlag = true means that we only replicate a session |
| 322 |
after setAttribute,removeAttribute has been called. |
| 323 |
false means to replicate the session after |
| 324 |
each request. |
| 325 |
false means that replication would work for |
| 326 |
the following piece of code: |
| 327 |
<% |
| 328 |
HashMap map = |
| 329 |
(HashMap)session.getAttribute("map"); |
| 330 |
map.put("key","value"); |
| 331 |
%> |
| 332 |
replicationMode = can be either 'pooled', 'synchronous' or |
| 333 |
'asynchronous'. |
| 334 |
* Pooled means that the replication |
| 335 |
happens using several sockets in a synchronous way. Ie, the data gets |
| 336 |
replicated, then the request return. This is the same as the |
| 337 |
'synchronous' setting except it uses a pool of sockets, hence it is |
| 338 |
multithreaded. This is the fastest and safest configuration. To use |
| 339 |
this, also increase the nr of tcp threads that you have dealing with |
| 340 |
replication. |
| 341 |
* Synchronous means that the thread that |
| 342 |
executes the request, is also the |
| 343 |
thread the replicates the data to the |
| 344 |
other nodes, and will not return until all |
| 345 |
nodes have received the information. |
| 346 |
* Asynchronous means that there is a |
| 347 |
specific 'sender' thread for each cluster node, |
| 348 |
so the request thread will queue the |
| 349 |
replication request into a "smart" queue, |
| 350 |
and then return to the client. |
| 351 |
The "smart" queue is a queue where when a |
| 352 |
session is added to the queue, and the same session |
| 353 |
already exists in the queue from a |
| 354 |
previous request, that session will be replaced |
| 355 |
in the queue instead of replicating two |
| 356 |
requests. This almost never happens, unless there is a |
| 357 |
large network delay. |
| 358 |
--> |
| 359 |
<!-- |
| 360 |
When configuring for clustering, you also add in a valve to |
| 361 |
catch all the requests |
| 362 |
coming in, at the end of the request, the session may or may |
| 363 |
not be replicated. |
| 364 |
A session is replicated if and only if all the conditions |
| 365 |
are met: |
| 366 |
1. useDirtyFlag is true or setAttribute or removeAttribute |
| 367 |
has been called AND |
| 368 |
2. a session exists (has been created) |
| 369 |
3. the request is not trapped by the "filter" attribute |
| 370 |
|
| 371 |
The filter attribute is to filter out requests that could |
| 372 |
not modify the session, |
| 373 |
hence we don't replicate the session after the end of this |
| 374 |
request. |
| 375 |
The filter is negative, ie, anything you put in the filter, |
| 376 |
you mean to filter out, |
| 377 |
ie, no replication will be done on requests that match one |
| 378 |
of the filters. |
| 379 |
The filter attribute is delimited by ;, so you can't escape |
| 380 |
out ; even if you wanted to. |
| 381 |
|
| 382 |
filter=".*\.gif;.*\.js;" means that we will not replicate |
| 383 |
the session after requests with the URI |
| 384 |
ending with .gif and .js are intercepted. |
| 385 |
|
| 386 |
The deployer element can be used to deploy apps cluster |
| 387 |
wide. |
| 388 |
Currently the deployment only deploys/undeploys to working |
| 389 |
members in the cluster |
| 390 |
so no WARs are copied upons startup of a broken node. |
| 391 |
The deployer watches a directory (watchDir) for WAR files |
| 392 |
when watchEnabled="true" |
| 393 |
When a new war file is added the war gets deployed to the |
| 394 |
local instance, |
| 395 |
and then deployed to the other instances in the cluster. |
| 396 |
When a war file is deleted from the watchDir the war is |
| 397 |
undeployed locally |
| 398 |
and cluster wide |
| 399 |
--> |
| 400 |
|
| 401 |
<!-- |
| 402 |
<Cluster |
| 403 |
className="org.apache.catalina.cluster.tcp.SimpleTcpCluster" |
| 404 |
|
| 405 |
managerClassName="org.apache.catalina.cluster.session.DeltaManager" |
| 406 |
expireSessionsOnShutdown="false" |
| 407 |
useDirtyFlag="true"> |
| 408 |
|
| 409 |
<Membership |
| 410 |
|
| 411 |
className="org.apache.catalina.cluster.mcast.McastService" |
| 412 |
mcastAddr="228.0.0.4" |
| 413 |
mcastPort="45564" |
| 414 |
mcastFrequency="500" |
| 415 |
mcastDropTime="3000"/> |
| 416 |
|
| 417 |
<Receiver |
| 418 |
|
| 419 |
className="org.apache.catalina.cluster.tcp.ReplicationListener" |
| 420 |
tcpListenAddress="auto" |
| 421 |
tcpListenPort="4001" |
| 422 |
tcpSelectorTimeout="100" |
| 423 |
tcpThreadCount="6"/> |
| 424 |
|
| 425 |
<Sender |
| 426 |
|
| 427 |
className="org.apache.catalina.cluster.tcp.ReplicationTransmitter" |
| 428 |
replicationMode="pooled"/> |
| 429 |
|
| 430 |
<Valve |
| 431 |
className="org.apache.catalina.cluster.tcp.ReplicationValve" |
| 432 |
|
| 433 |
filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/> |
| 434 |
|
| 435 |
<Deployer |
| 436 |
className="org.apache.catalina.cluster.deploy.FarmWarDeployer" |
| 437 |
tempDir="/tmp/war-temp/" |
| 438 |
deployDir="/tmp/war-deploy/" |
| 439 |
watchDir="/tmp/war-listen/" |
| 440 |
watchEnabled="false"/> |
| 441 |
</Cluster> |
| 442 |
--> |
| 443 |
|
| 444 |
|
| 445 |
|
| 446 |
<!-- Normally, users must authenticate themselves to each web |
| 447 |
app |
| 448 |
individually. Uncomment the following entry if you would |
| 449 |
like |
| 450 |
a user to be authenticated the first time they encounter a |
| 451 |
resource protected by a security constraint, and then have |
| 452 |
that |
| 453 |
user identity maintained across *all* web applications |
| 454 |
contained |
| 455 |
in this virtual host. --> |
| 456 |
<!-- |
| 457 |
<Valve |
| 458 |
className="org.apache.catalina.authenticator.SingleSignOn" |
| 459 |
debug="0"/> |
| 460 |
--> |
| 461 |
|
| 462 |
<!-- Access log processes all requests for this virtual host. |
| 463 |
By |
| 464 |
default, log files are created in the "logs" directory |
| 465 |
relative to |
| 466 |
$CATALINA_HOME. If you wish, you can specify a different |
| 467 |
directory with the "directory" attribute. Specify either a |
| 468 |
relative |
| 469 |
(to $CATALINA_HOME) or absolute path to the desired |
| 470 |
directory. |
| 471 |
--> |
| 472 |
<!-- |
| 473 |
<Valve className="org.apache.catalina.valves.AccessLogValve" |
| 474 |
directory="logs" prefix="localhost_access_log." |
| 475 |
suffix=".txt" |
| 476 |
pattern="common" resolveHosts="false"/> |
| 477 |
--> |
| 478 |
|
| 479 |
<!-- Logger shared by all Contexts related to this virtual host. |
| 480 |
By |
| 481 |
default (when using FileLogger), log files are created in |
| 482 |
the "logs" |
| 483 |
directory relative to $CATALINA_HOME. If you wish, you can |
| 484 |
specify |
| 485 |
a different directory with the "directory" attribute. |
| 486 |
Specify either a |
| 487 |
relative (to $CATALINA_HOME) or absolute path to the |
| 488 |
desired |
| 489 |
directory.--> |
| 490 |
<Logger className="org.apache.catalina.logger.FileLogger" |
| 491 |
directory="logs" prefix="localhost_log." suffix=".txt" |
| 492 |
timestamp="true"/> |
| 493 |
|
| 494 |
|
| 495 |
</Host> |
| 496 |
|
| 497 |
</Engine> |
| 498 |
|
| 499 |
</Service> |
| 500 |
|
| 501 |
</Server> |
| 502 |
|
| 503 |
|
| 504 |
--- |
| 505 |
Chris Covington |
| 506 |
IT |
| 507 |
Plus One Health Management |
| 508 |
75 Maiden Lane Suite 801 |
| 509 |
NY, NY 10038 |
| 510 |
646-312-6269 |
| 511 |
http://www.plusoneactive.com |
| 512 |
|
| 513 |
-- |
| 514 |
gentoo-server@g.o mailing list |
Archives