I am diagnosing an unresponsive tomcat 8.0_29 instance (jdk1.8_93). Some threads are blocked but there are a lot of RUNNABLE threads (hundreds) with empty stacktrace.
Tomcat is running behind Apache http on different virtual machine.
Cennector config is as follows:
`
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true" secure="true" enableLookups="false"
disableUploadTimeout="true"
keystoreFile="${catalina.home}/conf/server.jks"
keystorePass="xxxxxx"
acceptCount="100" maxThreads="25" scheme="https"
clientAuth="false" sslProtocol="TLSv1.2"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
acceptorThreadCount="2" maxThreads="300" acceptCount="200" minSpareThreads="20"
connectionTimeout="180000" keepAliveTimeout="180000" URIEncoding="ISO-8859-1" /> `
SSL termination is made by Apache son only calls through AJP reach Tomcat
Thread-41827 - priority:5 - threadId:0x00007f44e932f800 - nativeId:0xd7d - state:RUNNABLE
stackTrace:
java.lang.Thread.State: RUNNABLE
Many of them are named 'thread-$id', the rest are 'HandshakeCompletedNotify-Thread'
HandshakeCompletedNotify-Thread - priority:5 - threadId:0x00007f44fc841000 - nativeId:0x7565 - state:RUNNABLE
stackTrace:
java.lang.Thread.State: RUNNABLE
What are those threads?
Thanks a lot
Related
We have a hybris server behind an apache web server that are linked with ajp connectors. This is working perfectly however for some reason after updating to hybris 5.3 (and tomcat 7) the secure ajp connector is not rendering.
In the hybris tomcat config folder we have this in the server.xml:
${tomcat.connectors.ajp.plain}
which renders on ant clean all to this in the platform server.xml
<Connector protocol="AJP/1.3" port="8009" proxyPort="80" redirectPort="443" />
this works for non secure connections however we need to also render the secure connector:
<Connector protocol="AJP/1.3" port="8010" proxyPort="443" scheme="https" secure="true" />
I could just hard code this into the server.xml but that doesn't seem like the best way to do it. and I can't find where ${tomcat.connectors.ajp.plain} is actually rendered. Is there a similar property somewhere that will render the secure connector using the ports defined in the local.properties?
I'm afraid you have to declare it manually in your server.xml template in the configuration directory.
In actual fact, I prefer to do this for both AJP connectors as the templated one injected by the variable you mention is not very well configured and I have seen significant performance issues as a result. For example the number of threads is not specified and it is not associated with an executor. This means that when under large load, the number of active threads can grow to a silly number and cause the whole thing to fall over.
In fact, below is a snippet of the config/tomcat/conf/server.xml I use, which I have developed over 7 years of working exclusively on Hybris. Not only does it have sensible configurations, it also uses the more performant non-blocking IO protocols.
Hope this helps.
<Executor name="hybrisExecutor"
namePrefix="hybrisHTTP"
maxThreads="${tomcat.maxthreads}"
minSpareThreads="${tomcat.minsparethreads}"
maxIdleTime="${tomcat.maxidletime}"/>
<Connector port="${tomcat.http.port}"
maxHttpHeaderSize="8192"
maxThreads="${tomcat.maxthreads}"
protocol="org.apache.coyote.http11.Http11NioProtocol"
executor="hybrisExecutor"
enableLookups="false"
acceptCount="${tomcat.acceptcount}"
connectionTimeout="20000"
URIEncoding="UTF-8"
disableUploadTimeout="true" />
<Connector port="${tomcat.ssl.port}"
maxHttpHeaderSize="8192"
maxThreads="${tomcat.maxthreads}"
protocol="org.apache.coyote.http11.Http11NioProtocol"
executor="hybrisExecutor"
enableLookups="false"
acceptCount="${tomcat.acceptcount}"
connectionTimeout="20000"
disableUploadTimeout="true"
URIEncoding="UTF-8"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="${catalina.home}/lib/keystore"
keystorePass="123456" />
<!--
We explicitly declare the AJP connectors as we want to separate HTTP and SSL traffic and the default connector setting Hybris provides is not good enough.
-->
<Connector protocol="org.apache.coyote.ajp.AjpNioProtocol"
executor="hybrisExecutor"
enableLookups="false"
acceptCount="${tomcat.acceptcount}"
connectionTimeout="120000"
maxThreads="${tomcat.maxthreads}"
port="${tomcat.ajp.port}"
proxyPort="${proxy.http.port}"
redirectPort="${proxy.ssl.port}"
URIEncoding="UTF-8"
useIPVHosts="${tomcat.ajp.useipv}" />
<Connector protocol="org.apache.coyote.ajp.AjpNioProtocol"
executor="hybrisExecutor"
enableLookups="false"
acceptCount="${tomcat.acceptcount}"
connectionTimeout="120000"
maxThreads="${tomcat.maxthreads}"
port="${tomcat.ajp.secureport}"
proxyPort="${proxy.ssl.port}"
redirectPort="${proxy.http.port}"
scheme="https"
secure="true"
URIEncoding="UTF-8"
useIPVHosts="${tomcat.ajp.useipv}" />
The variables are just properties you declare in local.properties. They are substituted at build time by the ant deploy task when it builds the actual server.xml in the platform tomcat directory.
I think you should try with:
<Connector
protocol="AJP/1.3"
port="8010"
connectionTimeout="20000"
scheme="https"
SSLEnabled="true"
secure="true"
maxThreads="200"
proxyPort="443"/>
I've got a problem setting up my tomcat on linux for secure connection. My servlets work fine for normal http requests, but when changing the server.xml file to https configuration, the servlet is only addressable through the intern IP. I created a .keystore file in my home directory. The fact, that the https connection(after accepting the certificate) works within the intern network makes me believe it is a router related problem (I opend and forwarded port 8443 on my router).
Thanks for any help!
Server.xml:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443"/>
...
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/user/.keystore"
keystorePass="password" />
I am using Tomcat 5.5 & JDK 1.5.0_21. Tomcat 5.5 is successful started. I need to access tomcat in secure mode, but not able to access the application using 'https:localhost' but able to access as 'http:localhost:portno.'.
The SSL settings is as below :
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8080" redirectPort="443"/>
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector URIEncoding="UTF-8" acceptCount="100" clientAuth="false" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile=".keystore" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="443" scheme="https" secure="true" sslProtocol="TLS"/>
Would there be any other server setting issue or browser settings i need to check for ? Please suggest
Thanks in Advance
You have a typo in the SSL configuration.
port="443"
Change it to port="8443"
Below is the snippet from server.xml.Connector port for https is 8444 and i have changed the entry in redirect port as well.
<Connector port="8444" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="c:\keystorefile" keystorePass="tom123"
/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009"
enableLookups="false" redirectPort="8444" protocol="AJP/1.3" />
I am trying to access one jsp through http url and i was expecting that it will redirect to https but i got an error in my firefox browser ie
Firefox can't establish a connection to the server at 192.168.9.7:8443.
Why it is looking for 8443 instead for port 8444.
Please help ???
Note : If i try to access the jsp from https url with 8444 port directly then i can access the same.
I am using tomcat 5.5.27
It is requested to throw some light on
Connector port="8009"
this as well.What is the use of this 8009 port.
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8090" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8444" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
Required changes in NON SSL connector.redirectPort="8444"
Now running fine.
I have a Tomcat application, I need two different servlets or the same one to respond in parallel to my requests. The case is I have a first request asking to download medical imaging and I have another AJAX client request fetching images before the first request is completely done. But for some reason, the server does not respond to my second request until the first one is over.
What has to be changed in order to achieve concurrent servlets execution? We have a pretty good server with multiple drives, multiple cores. I'm using Tomcat 6. Any ideas to explore would be great.
If that happens it's not about Tomcat. Probably you're using synchronization (implicitly or explicitly) somewhere.
However you can manage thread-pooling expicitly:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
or
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
I.e. you can either specify the number of max threads or use a thread-pool. More information here http://tomcat.apache.org/tomcat-5.5-doc/config/http.html