tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Question on workers.properties file
Date Mon, 24 May 2010 14:38:43 GMT
Hi.

Your general settings look ok to me.
See in text.

Savoy, Melinda wrote:
> Ranier,
> 
> Again, thanks for the reply below.  Apparently I do not have something setup correctly
because I cannot get a LOG file created when I execute a single request that is a valid login
ID. 

What is the exact URL you are trying ?
(just to check if it is supposed to go through the re-director)

  I'm sure I've setup something incorrectly and any help/direction would 
be greatly appreciated.
> 
> Here are my settings in the following files (server.xml, isapi_redirect.properties file,
uriworkermap.properties file and workers.properties file):
> 
> Server.xml:
> 
> <Service name="Catalina">
>   
>     <!--The connectors can use a shared executor, you can define one or more named
thread pools-->
>     <!--
>     <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" 
>         maxThreads="150" minSpareThreads="4"/>
>     -->
>     
>     
>     <!-- A "Connector" represents an endpoint by which requests are received
>          and responses are returned. Documentation at :
>          Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
>          Java AJP  Connector: /docs/config/ajp.html
>          APR (HTTP/AJP) Connector: /docs/apr.html
>          Define a non-SSL HTTP/1.1 Connector on port 8080
>     -->
>     <Connector port="9080" protocol="HTTP/1.1" 
>                connectionTimeout="20000" 
>                redirectPort="8443" />
>     <!-- A "Connector" using the shared thread pool-->
>     <!--
>     <Connector executor="tomcatThreadPool"
>                port="8080" protocol="HTTP/1.1" 
>                connectionTimeout="20000" 
>                redirectPort="8443" />
>     -->           
>     <!-- Define a SSL HTTP/1.1 Connector on port 8443
>          This connector uses the JSSE configuration, when using APR, the 
>          connector should be using the OpenSSL style configuration
>          described in the APR documentation -->
>     <!--
>     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>                maxThreads="150" scheme="https" secure="true"
>                clientAuth="false" sslProtocol="TLS" />
>     -->
> 
>     <!-- Define an AJP 1.3 Connector on port 8009 -->
>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false"
/>
> 
>     <!-- An Engine represents the entry point (within Catalina) that processes
>          every request.  The Engine implementation for Tomcat stand alone
>          analyzes the HTTP headers included with the request, and passes them
>          on to the appropriate Host (virtual host).
>          Documentation at /docs/config/engine.html -->
> 
>     <!-- You should set jvmRoute to support load-balancing via AJP ie :
>     <Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">        

>     --> 
>     <Engine name="Catalina" defaultHost="localhost">
> 
>       <!--For clustering, please take a look at documentation at:
>           /docs/cluster-howto.html  (simple how to)
>           /docs/config/cluster.html (reference documentation) -->
>       <!--
>       <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
>       -->        
> 
>       <!-- The request dumper valve dumps useful debugging information about
>            the request and response data received and sent by Tomcat.
>            Documentation at: /docs/config/valve.html -->
>       <!--
>       <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
>       -->
> 
>       <!-- This Realm uses the UserDatabase configured in the global JNDI
>            resources under the key "UserDatabase".  Any edits
>            that are performed against this UserDatabase are immediately
>            available for use by the Realm.  -->
>       <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>              resourceName="UserDatabase"/>
> 
>       <!-- Define the default virtual host
>            Note: XML Schema validation will not work with Xerces 2.2.
>        -->
>       <Host name="localhost"  appBase="webapps"
>             unpackWARs="true" autoDeploy="true"
>             xmlValidation="false" xmlNamespaceAware="false">
> 
>         <!-- SingleSignOn valve, share authentication between web applications
>              Documentation at: /docs/config/valve.html -->
>         <!--
>         <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
>         -->
> 
>         <!-- Access log processes all example.
>              Documentation at: /docs/config/valve.html -->
>         <!--
>         <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
 
>                prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
>         -->
> 
>       </Host>
>     </Engine>
>   </Service>
> 
> In my isapi_redirect.properties file:
> 
> # Configuration file for the Jakarta ISAPI Redirector
> 
> # The path to the ISAPI Redirector Extension, relative to the website
> # This must be in a virtual directory with executive privileges
> extension_uri=/jakarta/isapi_redirect.dll
> 
> # Full path to the log file for the ISAPI Redirector
> log_file=c:\server\Tomcat 6.0\logs\iisapi.log

This probably works, but I personally dislike paths with spaces in them, 
because they always bite you in the end.
Maybe you need to provide quotes around it here ?

> 
> # Log level (debug, info, warn, error or trace)
> log_level=trace

Should that not be "debug" ?
I know Rainer said trace, but hey, even the gurus might slip up from 
time to time.
(try debug anyway, just for security).

> 
> # Full path to the workers.properties file
> worker_file=c:\server\Tomcat 6.0\conf\workers.properties
> 
> # Full path to the uriworkermap.properties file
> worker_mount_file=c:\server\Tomcat 6.0\conf\uriworkermap.properties
> 
Same note for the paths, although I suppose they work here, otherwise 
you'd get plenty of other errors.

> In my uriworkermap.properties file:
> 
> # uriworkermap.properties - IIS settings from http://onjava.com/pub/a/onjava/2002/12/18/tomcat.html?page=2

> #
> # This file provides sample mappings for example wlb
> # worker definted in workermap.properties.minimal
> # The general syntax for this file is:
> # [URL]=[Worker name]
> 
> /examples/*=scmisWorker
> /examples/*.jsp=scmisWorker
> /examples/servlet/*=scmisWorker

These are kind of redundant.
"/examples/*" should cover all the others.
They will not cause an error, but maybe a lot of unnecessary comparisons.

> 
> #/admin/*=wlb
> #/manager/*=wlb
> #/examples/*=wlb
> #/servlets-examples/*=wlb
> # Optionally filter out all .jpeg files inside that context
> # For no mapping the url has to start with exclamation(!)
> 
> #!/servlets-examples/*.jpeg=wlb
> 
> #
> # Mount jkstatus to /jkmanager
> # For production servers you will need to 
> # secure the access to the /jkmanager url
> #
> #/jkmanager=jkstatus
> 
> In my workers.properties file:
> 
> # workers.properties from = http://onjava.com/pub/a/onjava/2002/12/18/tomcat.html
> #
> # This file provides minimal jk configuration properties needed to
> # connect to Tomcat.
> #
> # The workers that jk should create and work with
> 
> #worker.list=wlb,jkstatus
> worker.list=scmisWorker
> 
> #
> # Defining a worker named ajp13w and of type ajp13
> # Note that the name and the type do not have to match.
> #
> #worker.ajp13w.type=ajp13
> #worker.ajp13w.host=localhost
> #worker.ajp13w.port=8009
> worker.scmisWorker.port=8009
> worker.scmisWorker.host=localhost
> worker.scmisWorker.type=ajp13
> 
> #
> # Defining a load balancer
> #
> 
> #worker.wlb.type=lb
> #worker.wlb.balance_workers=ajp13w
> 
> 
> #
> # Define status worker
> #
> #worker.jkstatus.type=status
> 
> 
> 
> -----Original Message-----
> From: Rainer Jung [mailto:rainer.jung@kippdata.de] 
> Sent: Thursday, May 20, 2010 3:55 PM
> To: Tomcat Users List
> Subject: Re: Question on workers.properties file
> 
> Hi André, Melinda and everyone else,
> 
> On 20.05.2010 14:31, André Warnier wrote:
>> savoym wrote:
>> I Rainer Jung is around, he may tell us if my assumptions are correct,
>> that IIS+redirector also sends the IIS user-id to Tomcat, if there is any.
>>
>> If not, then tonight I might be able to send you a servlet filter to
>> dump the HTTP headers of the requests sent by IIS to Tomcat, to see if
>> there is a user-id in there somewhere. Unless you have already checked
>> that ?
> 
> I checked before my original reply and it seems the IIS variable 
> "AUTH_USER" is automatically forwarded by the isapi plugin. When setting 
> tomcatAuthentication="false" on the AJP connector (!), the value can be 
> retrieved by the getRemoteUser() method.
> 
> I would set the log level of the redirector to "trace" on an idle test 
> environment and then do a single request there that is expected to be 
> authenticated. The log lines in the redirector log should tell us, what 
> is actually being forwarded (lots of log lines, but lots of info too).
> 
> Regards,
> 
> Rainer
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 
> The information contained in this message and any attachments is intended only for the
use of the individual or entity to which it is addressed, and may contain information that
is PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law.  If you are
not the intended recipient, you are prohibited from copying, distributing, or using the information.
 Please contact the sender immediately by return e-mail and delete the original message from
your system.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message