My Application is having apache-jboss connection using AJP connector.
This is code snippets of JBoss standalone-full.xml
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
But I am facing one issue with it. I can see there are many AJP threads are in RUNNABLE state in thread dumps which is consuming memory and it is increasing in number.
"ajp-0.0.0.0-0.0.0.0-38000-179" daemon prio=3 tid=0x02a6ac00 nid=0x44e runnable [0x903ff000]
java.lang.Thread.State: RUNNABLE
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:152)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at org.apache.coyote.ajp.AjpProcessor.read(AjpProcessor.java:1131)
at org.apache.coyote.ajp.AjpProcessor.readMessage(AjpProcessor.java:1213)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:451)
at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
at java.lang.Thread.run(Thread.java:744)
Can you please suggest what is the reason behind it?
Additional information
Apache - apache-2.2.29
Jboss - jboss-as-7.1.1.Final
If I will look for other connector then what are other protocol that I can use?
Related
I am diagnosing an unresponsive tomcat 8.0_29 instance (jdk1.8_93). Some threads are blocked but there are a lot of RUNNABLE threads (hundreds) with empty stacktrace.
Tomcat is running behind Apache http on different virtual machine.
Cennector config is as follows:
`
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true" secure="true" enableLookups="false"
disableUploadTimeout="true"
keystoreFile="${catalina.home}/conf/server.jks"
keystorePass="xxxxxx"
acceptCount="100" maxThreads="25" scheme="https"
clientAuth="false" sslProtocol="TLSv1.2"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
acceptorThreadCount="2" maxThreads="300" acceptCount="200" minSpareThreads="20"
connectionTimeout="180000" keepAliveTimeout="180000" URIEncoding="ISO-8859-1" /> `
SSL termination is made by Apache son only calls through AJP reach Tomcat
Thread-41827 - priority:5 - threadId:0x00007f44e932f800 - nativeId:0xd7d - state:RUNNABLE
stackTrace:
java.lang.Thread.State: RUNNABLE
Many of them are named 'thread-$id', the rest are 'HandshakeCompletedNotify-Thread'
HandshakeCompletedNotify-Thread - priority:5 - threadId:0x00007f44fc841000 - nativeId:0x7565 - state:RUNNABLE
stackTrace:
java.lang.Thread.State: RUNNABLE
What are those threads?
Thanks a lot
I have a JBoss application with multiple endpoints. All these endpoints should be available to any user over one way SSL (HTTPS), except for a specific endpoint (let's call it /app/sensitive) which should only be accessed by a specific machine (ie. 2-way SSL).
Is there a way to configure JBoss for 1/2-way SSL at the same time, differentiated by what endpoint has been requested?
I'm not sure, because did not test it, but it seems like you can have
one-way SSL on one port and two-way SSL on another port.
from standalone.xml (or domain.xml):
<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
...
<connector name="one-way-https" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" socket-binding="one-way-https" enable-lookups="false" secure="true">
</connector>
<connector name="two-way-https" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" socket-binding="two-way-https" enable-lookups="false" secure="true">
<ssl name="two-way-ssl" key-alias="my-identity" password="${VAULT::Jboss_config::store_password::1}" certificate-key-file="../standalone/configuration/cert/JBoss_Identity.jks"/>
</connector>
...
</subsystem>
<socket-binding-group name="standard-sockets" ...>
...
<socket-binding name="one-way-https" port="8443"/>
<socket-binding name="two-way-https" port="8453"/>
...
</socket-binding-group>
If you will test it, please let me know is it solution or not, because in near future I have to do the same, just do not have a time right now to check it... Thanks.
BTW in <ssl> element you can define other than default Trust store and Key Store to use on that port.
I hope it will work.
For http this config in standalone.xml
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
Its the default config.
I would like to know how many connections this server can handle both incoming and out going.
Like 3000 users(clients) and this server is communicating with other web services, so overall how many http/https connections can this handle at a time, also is there a way to find out the current number of connections
I have a web application in deployed on jboss as 7.1.1 and its working fine. Now i want to enable ssl to my jboss server. i want to access my portal using this
https://myapplication.com
For this i went through https://docs.jboss.org/jbossweb/7.0.x/config/ssl.html documentation.
I did some modification in standalone.xml file also.
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<configuration>
<static-resources listings="true"/>
</configuration>
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="443"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https">
<ssl name="https" password="pro#123" certificate-key-file="${jboss.server.config.dir}/pro.com.jks"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="false">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
I can access http://myapplication.com but cant access https://myapplication.com
I bought certificate also but dont know where to configure now to access my portal in http secure mode.
when i see console this comes
08:10:46,202 INFO [org.jboss.as.controller] (Controller Boot Thread) JBAS014774: Service status report
JBAS014775: New missing/unsatisfied dependencies:
service jboss.binding.connect (missing) dependents: [service jboss.web.connector.https]
Can anyone help me?
I am trying to add SSL support for my JBoss 7 installation. I followed the directions for the pure java solution on: JBoss AS 7.1 SSL Setup Guide
Here is my standalone.xml subsystem configuration
<subsystem xmlns="urn:jboss:domain:web:1.1" native="false" default-virtual-server="default-host">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="443" />
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
<connector name="https" scheme="https" protocol="HTTP/1.1" socket-binding="https" enable-lookups="false" secure="true">
<ssl name="ps-ssl" password="mypw" protocol="TLSv1" key-alias="ps" certificate-key-file="../standalone/configuration/ps.keystore" />
</connector>
</subsystem>
When I start up the application, I get the firefox problem loading page message. I have configured web.xml to require https for the entire app. The application works fine when I remove the constraint, so I guess I missed something in setting up ssl. Does anybody see anything that I missed?