mod_jk logging issue

2023-12-19 Thread EML 
Hi - I'm running mod_jk with an Apache front-end, and I'm having an 
issue with the JkShmFile files.


Every time Apache restarts mod_jk creates two new files 
(jk-runtime-status.PID and jk-runtime-status.PID.lock). These are never 
cleaned up; the log directory simply fills up with these files. This 
happens whether or not I explicitly set JkShmFile in the Apache conf.


Is there some way I can persuade mod_jk to use a single file pair, 
without the PID suffix, or to delete the previous file pair on a 
restart? I'm not doing any load sharing.


I'm on Ubuntu 22.04, Apache 2.4.52. The mod_jk version is possibly 1.2.48-1.

Thanks.

Re: mod_jk logging issue

2023-12-20 Thread EML 
Hi Rainer/Simon - I've just had another look at this. With no 
application running (IOW, all Java processes killed), I see this behaviour:


 # systemctl start apache2

This create a number of apache2 processes (generally 7). 2 new mod_jk 
files are created, corresponding to the apache2 process with the lowest PID


 # systemctl stop apache2

This does not remove any files (but see below)

 # systemctl restart apache2

This has the same effect as a 'start' followed by a 'stop'. A 'reload', 
as expected, doesn't change the PIDs and has no effect on file creation 
or deletion.


During testing, I did see one occasion on which the current mod_jk files 
were deleted. I though this might be a timeout issue, since the restart 
was carried out after 7 minutes, which was longer  that normal. So, I 
carried out 5 more tests, with the restart after 1, 2, 4, 8, and 11 
minutes, and in all these cases the old files were retained and not deleted.


Maybe there's a race condition, or something distribution-specific, in 
the code which registers the cleanup?  I can't do much for a couple of 
days, at least, but I'll have a look when I get a minute.



On 19/12/2023 19:03, Rainer Jung wrote:

Hi there,

Am 19.12.23 um 18:05 schrieb EML:
Hi - I'm running mod_jk with an Apache front-end, and I'm having an 
issue with the JkShmFile files.


Every time Apache restarts mod_jk creates two new files 
(jk-runtime-status.PID and jk-runtime-status.PID.lock). These are 
never cleaned up; the log directory simply fills up with these files. 
This happens whether or not I explicitly set JkShmFile in the Apache 
conf.


That should no happen. There is a cleanup routine registered, which 
should delete the files during shutdown. And that's the behavior that 
I normally observe.


Is there some way I can persuade mod_jk to use a single file pair, 
without the PID suffix, or to delete the previous file pair on a 
restart? I'm not doing any load sharing.


If you must remove the PID, you can patch the code and build it 
yourself. The ID is added in file common/jk_shm.c in the following line:


    sprintf(jk_shmem.filename, "%s.%" JK_PID_T_FMT, fname, getpid());

You could replace it by:

    sprintf(jk_shmem.filename, "%s", fname);

If you compile the code yourself, please us the latest version 1.2.49.

As I mentioned, a normal shutdown should already remove the files. A 
reload should not change the pid and thereby the files. A restart in 
the sense of stop-then-start should also remove the old files.


I'm on Ubuntu 22.04, Apache 2.4.52. The mod_jk version is possibly 
1.2.48-1.


Thanks.


Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Secure connection - only ipv6 listener at port 8443

2024-01-08 Thread EML 

Run this command (I'm assuming you're on Linux):

 $ cat /proc/sys/net/ipv6/bindv6only

The default output is 0 on Linux (the Windows equivalent is apparently 
1). 0 means that an IPv6 socket will connect to *both* IPv6 and IPv4  
(look up IPV6_V6ONLY).


You can force Java to listen to IPv4 only, with something like 
'Environment="JAVA_OPTS_APPEND=-Djava.net.preferIPv4Stack=true', but you 
probably don't want to do this.


On 08/01/2024 09:40, Christoph Kukulies wrote:

Hi,

I'm trying to connect to a tomcat9 server for which I made an entry in 
server.xml:


 
  
        
  
        
            

and the following entries are also present, FWIW:

     proxyName="cms.mysite.de 
" maxThreads="150" enableLookups="false"

 redirectPort="8443" acceptCount="100" connectionTimeout="2"
     disableUploadTimeout="true" />
     proxyName="othername.de 
" maxThreads="150" enableLookups="false"

 redirectPort="8443" acceptCount="100" connectionTimeout="2"
     disableUploadTimeout="true" />
     proxyName="other.de 
" maxThreads="150" enableLookups="false"

 redirectPort="8443" acceptCount="100" connectionTimeout="2"
     disableUploadTimeout="true" />
     proxyName="alternate.de 
" maxThreads="150" enableLookups="false"

 redirectPort="8443" acceptCount="100" connectionTimeout="2"
     disableUploadTimeout="true" />


Connection to the server through port 8443 seems to work (filtered by ufw)
but I'm wondering why I don't see any tcp/v4 connection.

root@mail:/var/lib/tomcat9/logs# ufw status numbered
Status: active

  To                         Action      From
  --                         --      
[ 1] 25                         ALLOW IN    Anywhere
[ 2] 443                        ALLOW IN    Anywhere
[ 3] 993                        ALLOW IN    Anywhere
[ 4] 587                        ALLOW IN    Anywhere
[ 5] 80                         ALLOW IN    Anywhere
[ 6] 22                         ALLOW IN    33.180.24.29
[ 7] 8080/tcp                   ALLOW IN    33.180.24.29
[ 8] 8443/tcp                   ALLOW IN    33.180.24.29
[ 9] 25 (v6)                    ALLOW IN    Anywhere (v6)
[10] 443 (v6)                   ALLOW IN    Anywhere (v6)
[11] 993 (v6)                   ALLOW IN    Anywhere (v6)
[12] 587 (v6)                   ALLOW IN    Anywhere (v6)
[13] 80 (v6)                    ALLOW IN    Anywhere (v6)

root@mail:/var/lib/tomcat9/logs# netstat -an | grep 8443
tcp6       0      0 :::*8443*                :::*                    
LISTEN
08-Jan-2024 10:25:55.513 INFO [main] 
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet 
engine: [Apache Tomcat/9.0.58 (Ubuntu)]
08-Jan-2024 10:25:55.532 INFO [main] 
org.apache.catalina.startup.HostConfig.deployWAR Deploying web 
application archive [/var/lib/tomcat9/webapps/ROOT.war]
08-Jan-2024 10:26:07.487 INFO [main] 
org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was 
scanned for TLDs yet contained no TLDs. Enable debug logging for this 
logger for a complete list of JARs that were scanned but no TLDs were 
found in them. Skipping unneeded JARs during scanning can improve 
startup time and JSP compilation time.
08-Jan-2024 10:26:23.038 INFO [main] 
org.apache.catalina.startup.HostConfig.deployWAR Deployment of web 
application archive [/var/lib/tomcat9/webapps/ROOT.war] has finished 
in [27,506] ms
08-Jan-2024 10:26:23.043 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-nio-8082"]
08-Jan-2024 10:26:23.079 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-nio-8081"]
08-Jan-2024 10:26:23.094 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-nio-8080"]
08-Jan-2024 10:26:23.098 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-nio-8086"]
08-Jan-2024 10:26:23.108 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["https-openssl-apr-8443"]
08-Jan-2024 10:26:23.133 INFO [main] 
org.apache.catalina.startup.Catalina.start Server startup in [27735] 
milliseconds


root@mail:/var/lib/tomcat9/logs# lsof -i :8443
COMMAND   PID   USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
java   177550 tomcat   43u  IPv6 1853946      0t0  TCP *:8443 (LISTEN)
root@mail:/var/lib/tomcat9/logs#

--
Christoph