tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francois JEANMOUGIN" <Francois.JEANMOU...@123multimedia.com>
Subject RE: Opinions
Date Fri, 31 Oct 2003 07:53:21 GMT


> -----Message d'origine-----
> De : Robert Charbonneau [mailto:tomcat-user@kdesktop.org]
> Envoyé : vendredi 31 octobre 2003 06:17
> À : Tomcat Users Mailing List
> Objet : Opinions
> 
> Does anyone have an opinion of Tomcat running in a very high traffic
> environment, let's say, 100K - 500K unique visits/day?
> 
> I'm also wondering about the possibility of running a Tomcat server
> standalone
> as opposed to using mod_jk.so with Apache to mount webapps with.
> Would this
> be more stable, and is there any loss to me if I *don't* use Apache?

I have several tomcat standalone applications with more than one connection per second. It
works well. I had to be carefull with:

o JITC bug in IBM 1.4.1 Jvm on hyperthreaded machines (SIG11)
o Silly name lookup at IBM Jvm startup (it needs to know the name for all the interfaces up
on the machine or it SIG11. Even if your tomcat has nothing to do with the interfaces, event
if you need administrative unnamed (DNS, Hosts) interfaces). This does not happen with Sun
Jvm.
o Memory leaks (in java servlets or Jvm or both)
o Tomcat 4.1.27 bug when running at the MaxConnector limit (workaroundable)

Those applications are wap and web applications, mainly. Total traffic is about 30Mb/s (up
to 40) all day. I am in the process of migrating to a LinuxVirtualServer architecture for
load balancing and failover. It works well.

I have to say that tomcat is not so easy to share between nodes. I had to do at least one
modification to catalina.sh (introducing a CATALINA_LOGS). The CATALINA_BASE is shared netween
nodes (via NFS) and I need one catalina.out for each node. So...

Oh, and last but not least, I didn't find a privilege separation method in tomcat (like in
apache or ssh or postfix, or...). Perhaps am I wrong, but, if you want tomcat to run in unpriviledge
environment, you have to make it bind to a public port (say 8080). I use iptables to redirect
connections from 80 to 8080:

If you have only one tomcat running on the server, you can use:
/sbin/iptables -t nat -A PREROUTING -i lo -p tcp --dport 80 -j REDIRECT --to-ports 8080
For more than one (one IP for one tomcat is required), you have to deal with DNAT:
/sbin/iptables -t nat -A PREROUTING -d 1.2.3.4 -p tcp -m tcp --dport 80 -j DNAT --to-destination
1.2.3.4:8080

This way, you don't have to put any port number in URLs.

Ho. I just see that it is all linux related... I don't have any experience in Windows. Sorry.

In fact, with a minimal of Unix/Linux sysadmin knowledge, tomcat become spretty scalable.

François.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message