new tomcat

Hi for those who did not know, Tomcat 7 is out which promises better performance and protection against memory leaks. We have been running it for a week in kenya without any problems and upgrading can be recommended:

http://tomcat.apache.org/download-70.cgi

Tomcat 7 also implements the servlet spec version 3 which offers interesting things such as “asynchronous support” which means queuing of http requests to improve thread management and techniques for “server pushing”, config with annotations and pluggable web.xml fragments. This might be promising for our more-and-more ajaxified app. Good article here:

http://www.javaworld.com/javaworld/jw-02-2009/jw-02-servlet3.html

Lars

Speaking of Tomcat, Jason reminded me in a separate mail today that it is good to install the native APR (apache portable runtime) library to allegedly improve performance and scalability. It is intended to make Tomcat a full fledget webserver and might reduce need for using Apache (also given our limited static resources):

http://tomcat.apache.org/tomcat-7.0-doc/apr.html

Detailed instructions for installation on Ubuntu (get required libs, unzip src, configure, make and install):

sudo apt-get install libapr1-dev libssl-dev gcc make

tar -xvf /bin/tomcat-native.tar.gz

cd /jni/native

./configure --with-apr=/usr/bin/apr-1-config --with-java-home=/usr/lib/jvm/java-6-sun

make

sudo make install

  • In /bin/startup.sh add below the initial comments: -

export CATALINA_OPTS=‘-Djava.library.path=/usr/local/apr/lib’

Speaking of Tomcat, Jason reminded me in a separate mail today that it is
good to install the native APR (apache portable runtime) library to
allegedly improve performance and scalability.

Reminds me of another discussion back in March/April when we were
working on getting DHIS through all the hoops for Indian gov security
assessment and certification. You need APR in order to use openssl
libraries. And you need openssl libraries if you want to configure
tomcat not to accept connections using known weak ciphers. The
builtin java cryprto stuff doesn't hack it. So for the paranoid
(there you go Jason!) or even those just trying to conform to national
security policies you have yet another good reason for installing APR.
Need to document this stuff ...

Cheers
Bob

···

2011/2/4 Lars Helge Øverland <larshelge@gmail.com>:

It is intended to make Tomcat
a full fledget webserver and might reduce need for using Apache (also given
our limited static resources):
Apache Tomcat 7 (7.0.109) - Apache Portable Runtime (APR) based Native library for Tomcat
Detailed instructions for installation on Ubuntu (get required libs, unzip
src, configure, make and install):

sudo apt-get install libapr1-dev libssl-dev gcc make
tar -xvf <tomcat-dir>/bin/tomcat-native.tar.gz

cd <tomcat-native-dir>/jni/native
./configure --with-apr=/usr/bin/apr-1-config
--with-java-home=/usr/lib/jvm/java-6-sun
make
sudo make install
- In <tomcat-dir>/bin/startup.sh add below the initial comments: -

export CATALINA_OPTS='-Djava.library.path=/usr/local/apr/lib'

_______________________________________________
Mailing list: DHIS 2 developers in Launchpad
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : DHIS 2 developers in Launchpad
More help : ListHelp - Launchpad Help

I do not have any evidence for APR actually doing anything to increase
performance, but in the spirit of being paranoid and not liking Tomcat
telling me in cannot find APR, I usually install it anyway. It is a
bit painful, but you can normally coerce it to work. I might add that
on Ubuntu, I had to install APR from source. I guess it is possible to
get it to work with apt-get, but could not really figure this part
out.

Lars referred to a separate mail, and it was in reference to a reverse
proxy setup I have recently implemented here in Nigeria. Generic notes
are at the end of this mail. It would be good to hear what you did in
India in this regard, as well on dhis2.org to get things running on
port 80. These are my own generic notes, but if a real sysadmin has
other recommendations, it would be good to hear them. Hopefully, this
can go into the implementation guide, in some sort of form.

Would also be interested to hear what peoples thoughts are on running
multiple concurrent threads of the same DHIS2 instance/database
through a reverse proxy with Apache acting as a load balancer. It
seems many operations of DHIS2 are CPU limited, so it sort of seems to
make sense to have multiple threads on a machine with multiple CPUs,
but this may be just my (possibly incorrect) intuition. I do not have
any evidence to back it up.

Regards,
Jason

In this particular setup, we had two completely separate instance of
DHIS2 running on the same server, along side Apache for the reverse
proxy.

<BEGIN REVERSE PROXY CONFIG>

Two separate installations of Tomcat 7 were created in

/var/lib/tomcat7/foo
/var/lib/tomcat7/bar

Create two directories.
/var/lib/tomcat7/foo/webapps/foo
/var/lib/tomcat7/bar/webapps/bar

Unzip dhis.war in both of these directories.

Tomcat native extension was installed to increase performance.

/var/lib/tomcat7/foo/bin/tomcat-native-1.1.20-src/jni/native
sudo ./configure --with-apr=/usr/local/apr/bin/apr-1-config
--with-java-home=/usr/lib/jvm/java-6-openjdk/ --prefix=/usr && sudo
make install && libtool --finish /usr/apr/lib

FOO instance was left on default ports
BAR instance was changes in server in /var/lib/tomcat7bar/conf/server.xml

+<Server port="8005" shutdown="SHUTDOWN">
+<Server port="8006" shutdown="SHUTDOWN">

+<Connector port="8081" protocol="HTTP/1.1"
              connectionTimeout="20000"
              redirectPort="8443" />

+<Connector port="8010" protocol="AJP/1.3" redirectPort="8444" />

Startup scripts placed in /etc/init.d/

tomcat7-foo and tomcat7-bar

#!/bin/bash

···

#
# tomcat
#
# chkconfig:
# description: Start up the Tomcat servlet engine.

# Source function library.

RETVAL=$?
CATALINA_HOME="/var/lib/tomcat7/foo"

case "$1" in
start)
       if [ -f $CATALINA_HOME/bin/startup.sh ];
         then
           echo $"Starting Tomcat FOO"
           /bin/su tomcat6 $CATALINA_HOME/bin/startup.sh
       fi
       ;;
stop)
       if [ -f $CATALINA_HOME/bin/shutdown.sh ];
         then
           echo $"Stopping Tomcat FOO"
           /bin/su tomcat6 $CATALINA_HOME/bin/shutdown.sh
       fi
       ;;
*)
       echo $"Usage: $0 {start|stop}"
       exit 1
       ;;
esac

exit $RETVAL

Environment variables were added

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"
DHIS2_HOME="/etc/dhis2/conf/dhis2_conf"
DHIS2_HOME_BAR="/etc/dhis2/conf/dhis2_conf_bar"
JAVA_OPTS="-server -Xms512m -Xmx512m"

Hibernate properties files in each of these directories were modified
to point to the appropriate database.

You may need to modify the JAVA_OPTS to optimize server performance
for your particular server setup.

Apache 2 Reverse proxy configuration

Apache 2 was installed with mod_proxy:

sudo apt-get install apache2
sudo apt-get install mod_proxy
sudo apt-get install libapache2-mod-proxy-html
sudo apt-get install libxml2-dev

Reverse proxy module setup

/etc/apache2/mods-enabled$ more proxy.conf
<IfModule mod_proxy.c>
       #turning ProxyRequests on and allowing proxying from all may allow
       #spammers to use your proxy to send email.

      ProxyRequests Off

<Location "/foo">
# Configurations specific to this location. Add what you need.
# For instance, you can add mod_proxy_html directives to fix
# links in the HTML code. See link at end of this page about using
# mod_proxy_html.

# Allow access to this proxied URL location for everyone.
      ProxyPass http://localhost:8080/foo
      ProxyPassReverse http://localhost:8080/foo

Order allow,deny
Allow from all
</Location>

<Location "/bar">
# Configurations specific to this location. Add what you need.
# For instance, you can add mod_proxy_html directives to fix
# links in the HTML code. See link at end of this page about using
# mod_proxy_html.

      ProxyPass http://localhost:8081/bar
      ProxyPassReverse http://localhost:8081/bar

# Allow access to this proxied URL location for everyone.
Order allow,deny
Allow from all
</Location>

</IfModule>

Proxy module load

/etc/apache2/mods-enabled/proxy.load

LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so

In order to get the master instance to run, we must change a beans.xml file in
/var/lib/tomcat7/bar/webapps/bar/WEB-INF/lib/dhis-support-external-2.1-SNAPSHOT.jar
Open up "mc" and navigate within the JAR file to META-INF/dhis/beans.xml
and modify DHIS2_HOME to DHIS2_HOME_BAR
and then save and exit mc.

Start up both Tomcat instance, bump Apache and you should now be able
to logon to the server with

http://myserver/foo
and
http://myserver/bar

<END REVERSE PROXY CONFIG>

On 2/4/11, Lars Helge Øverland <larshelge@gmail.com> wrote:

Speaking of Tomcat, Jason reminded me in a separate mail today that it is
good to install the native APR (apache portable runtime) library to
allegedly improve performance and scalability. It is intended to make Tomcat
a full fledget webserver and might reduce need for using Apache (also given
our limited static resources):

Apache Tomcat 7 (7.0.109) - Apache Portable Runtime (APR) based Native library for Tomcat

Detailed instructions for installation on Ubuntu (get required libs, unzip
src, configure, make and install):

sudo apt-get install libapr1-dev libssl-dev gcc make

tar -xvf <tomcat-dir>/bin/tomcat-native.tar.gz

cd <tomcat-native-dir>/jni/native

./configure --with-apr=/usr/bin/apr-1-config
--with-java-home=/usr/lib/jvm/java-6-sun

make

sudo make install

- In <tomcat-dir>/bin/startup.sh add below the initial comments: -

export CATALINA_OPTS='-Djava.library.path=/usr/local/apr/lib'

--
Jason P. Pickering
email: jason.p.pickering@gmail.com
tel:+260974901293

Jason, did you try libtcnative?

http://blog.janjonas.net/2010-07-29/ubuntu-10_04-tomcat_6-improve-preformance-apache-tomcat-native-library

Maybe this does not work (yet) for Tomcat 7?

Knut

···

2011/2/5 Jason Pickering <jason.p.pickering@gmail.com>:

I do not have any evidence for APR actually doing anything to increase
performance, but in the spirit of being paranoid and not liking Tomcat
telling me in cannot find APR, I usually install it anyway. It is a
bit painful, but you can normally coerce it to work. I might add that
on Ubuntu, I had to install APR from source. I guess it is possible to
get it to work with apt-get, but could not really figure this part
out.

Thanks Knut. This was considerably easier.

RTFM.

Regards,
Jason

···

On Sun, Feb 6, 2011 at 6:35 PM, Knut Staring <knutst@gmail.com> wrote:

2011/2/5 Jason Pickering <jason.p.pickering@gmail.com>:

I do not have any evidence for APR actually doing anything to increase
performance, but in the spirit of being paranoid and not liking Tomcat
telling me in cannot find APR, I usually install it anyway. It is a
bit painful, but you can normally coerce it to work. I might add that
on Ubuntu, I had to install APR from source. I guess it is possible to
get it to work with apt-get, but could not really figure this part
out.

Jason, did you try libtcnative?

Ubuntu 10.04 & Tomcat 6: Improve performance with Apache Tomcat Native library – Jan Jonas' blog

Maybe this does not work (yet) for Tomcat 7?

Knut

--
Jason P. Pickering
email: jason.p.pickering@gmail.com
tel:+260974901293