Tomcat配置、管理和问题解决 | Tomcat Configuration, Manangement and Trouble Shooting
Tomcat配置、管理和调优
Tomcat知识
关于tomcat AJP
由于tomcat的html和图片解析功能相对其他服务器如apche等较弱,所以,一般都是集成起来使用,只有jsp和servlet服务交由 tomcat处理,而tomcat和其他服务器的集成,就是通过ajp协议来完成的。AJP协议AJP13是定向包协议。因为性能原因,使用二进制格式来 传输可读性文本。
Tomcat开发模式
Web应用启动时需要加载很多东东,特别是项目使用了Hibernate,耗时比较长,在开发 环境中调 试程序,每次修改class都要重新加载Web应用,很占用时间,要是能只替换修改的类就好了。于是搜索相关资料,Tomcat文档说设置 reloadable=true可以动态加载,但是我试验几次不成功。还有高手说需要研究Tomcat的文件监听机制,重新实现webapp 类加载器,偶 水平有限,看的一头雾水。后来试出一个奇怪的办法,将reloadable设为false,可以使修改后的class生效又不用重启Web应 用。我的环 境:JDK6、Tomcat6、Eclipse3.2、MyEclipse5.1,具体设置:修改server.xml,
<Context path="/cyxt"
docBase="D:\ccProject\dz0224_jn_gxx\mshs_cybs\cy_src\WebRoot"
debug="5"
privileged="true" reloadable="false"
workDir="D:\tomcat\work\Catalina\localhost\hccy">
</Context>
虽然Tomcat6推荐使用TCD部署,但是server.xml还是起作用的。这样就OK了,无论修改类或jsp都不需重启,可以显著提高 工作效率。
Tomcat启动时候如何加载webapps下的xx.war和web app目录
如果部署的xx.war有同名的web app目录,就不会自动解压war了,也不会更新war到app目录,war里的内容跟app目录不通。
SSL TLS版本,TOMCAT中server.xml sslProtocol配置
SSL:(Secure Socket Layer,安全套接字层),位于可靠的面向连接的网络层协议和应用层协议之间的一种协议层。SSL通过互相认证、使用数字签名确保完整性、使用加密确保 私密性,以实现客户端和服务器之间的安全通讯。该协议由两层组成:SSL记录协议和SSL握手协议。
TLS:(Transport Layer Security,传输层安全协议),用于两个应用程序之间提供保密性和数据完整性。该协议由两层组成:TLS记录协议和TLS握手协议。
SSL是Netscape开发的专门用户保护Web通讯的,目前版本为3.0。最新版本的TLS 1.0是IETF(工程任务组)制定的一种新的协议,它建立在SSL 3.0协议规范之上,是SSL 3.0的后续版本。两者差别极小,可以理解为SSL 3.1,它是写入了RFC的。
TLS记录格式与SSL记录格式相同,但版本号的值不同,TLS的版本1.0使用的版本号为SSLv3.1。?
1) sslProtocol="TLS" will enable SSLv3 and TLSv1
2) sslProtocol="TLSv1.2" will enable SSLv3, TLSv1, TLSv1.1 and TLS v1.2
3) sslProtocol="TLSv1.1" will enable SSLv3, TLSv1, and TLSv1.1
4) sslProtocol="TLSv1" will enable SSLv3 and TLSv1
5) sslProtocol="SSL" will enable SSLv3 and TLSv1
6) sslProtocol="SSLv3" will enable SSLv3 and TLSv1
7) sslProtocol="SSLv2" won\'t work
Tomcat SSL protocol设置和Java Client:
<Connector executor="tomcatThreadPool" port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/opt/....keystore" keystorePass="soudang123"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("TLS");
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLContext.html#getInstance%28java.lang.String%29
http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext
Tomcat 安装
CentOS7 Tomcat安装成系统服务,以非root用户启动
centos7 使用 systemctl 替换了 service命令
# systemctl list-unit-files --type service #查看全部服务命令
# systemctl status name.service #查看服务命令
# systemctl start name.service #启动服务
# systemctl stop name.service #停止服务
# systemctl restart name.service #重启服务
# systemctl enable name.service #增加开机启动
# systemctl disable name.service #删除开机启动
.service 可以省略
tomcat增加启动参数:tomcat 需要增加一个pid文件
# vi tomcat/bin/setenv.sh
#add tomcat pid
CATALINA_PID="$CATALINA_BASE/tomcat.pid"
#add java opts
JAVA_OPTS="-server -XX:MetaspaceSize=256M -XX:MaxMetaspaceSize=1024m -Xms1024M -Xmx2048M -XX:MaxNewSize=256m"
增加tomcat.service
vim /usr/lib/systemd/system/tomcat.service
Unit]
Description=Tomcat
After=syslog.target network.target
[Service]
Type=forking
PIDFile=/opt/tomcat8/tomcat.pid
ExecStart=/opt/tomcat8/bin/startup.sh
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
User=user
Group=user
[Install]
WantedBy=multi-user.target
Tomcat Service控制
# systemctl enable tomcat
# systemctl start tomcat
tomcat在启动时候,执行start不会启动两个tomcat,保证始终只有一个tomcat服务在运行。
For more, refer to: http://www.jianshu.com/p/29ecd624046f
Tomcat配置管和理
Docs and References
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
Tomcat Max threads & Thread Pool
Tomcat 7 default Max threads
- http-bio-8080 Max threads: 200
- http-bio-8443 Max threads: 200
- ajp-bio-8009 Max threads: 200
Set up maxThreads
<Connector executor="tomcatThreadPool" port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/opt/tomcat-ddtservice/ddtservice.192.168.1.90.keystore" keystorePass="***" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>
Thread Pool
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="500" minSpareThreads="20" maxIdleTime="60000" />
<Connector executor="tomcatThreadPool" port="8090" protocol="HTTP/1.1" connectionTimeout="45000" redirectPort="8443" URIEncoding="UTF-8"/>
<Connector port="8443" executor="tomcatThreadPool" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/opt/tomcat-ddtservice/***.keystore" keystorePass="***"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>
maxThreads vs maxConnections
Tomcat can work in 2 modes:
- BIO (one thread per connection), or
- NIO (many more connections than threads).
Tomcat7 is BIO by default, although consensus seems to be "don\'t use Bio because Nio is better in every way". You set this using the "protocol" parameter in the server.xml file - BIO will be "HTTP1.1" or "org.apache.coyote.http11.Http11Protocol" and NIO will be "org.apache.coyote.http11.Http11NioProtocol"
If you\'re using BIO then I believe they should be more or less the same. If you\'re using NIO then actually "maxConnections=1000" and "maxThreads=10" might even be reasonable. The defaults are maxConnections=10,000 and maxThreads=200. With NIO, each thread can server any number of connections, switching back and forth but retaining the connection so you don\'t need to do all the usual handshaking which is especially time-consuming with HTTPS but even an issue with HTTP. You can adjust the "keepAlive" parameter to keep connections around for longer and this should speed everything up.
关于Keep-alive设置
maxKeepAliveRequests If not specified, this attribute is set to 100. 一般设置100~200.
keepAliveTimeout The default value is to use the value that has been set for the connectionTimeout attribute.
<Connector executor="tomcatThreadPool" port="8090" protocol="HTTP/1.1" connectionTimeout="45000" redirectPort="8443" URIEncoding="UTF-8"/>
Tomcat Manager配置
http://www.365mini.com/page/tomcat-manager-user-configuration.htm
conf/tomcat-users.xml
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<user username="tomcat" password="tomcat" roles="manager-gui"/>
<user username="admin" password="123456" roles="manager-script"/>
</tomcat-users>
Tomcat Manager 4种角色的大致介绍(下面URL中的*为通配符):
manager-gui
允许访问html接口(即URL路径为/manager/html/*)
manager-script
允许访问纯文本接口(即URL路径为/manager/text/*)
manager-jmx
允许访问JMX代理接口(即URL路径为/manager/jmxproxy/*)
manager-status
允许访问Tomcat只读状态页面(即URL路径为/manager/status/*)
- manager-gui - allows access to the HTML GUI and the status pages
- manager-script - allows access to the text interface and the status pages
- manager-jmx - allows access to the JMX proxy and the status pages
- manager-status - allows access to the status pages only
The HTML interface is protected against CSRF but the text and JMX interfaces are not.
Tomcat8 manager 默认本机访问,外部访问403未授权
新建conf/Catalina/localhost/manager.xml 内容如下:无须重启tomcat即可生效
<Context privileged="true" antiResourceLocking="false"
docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" />
</Context>
Doc: Each deployed webapp has a context.xml file that lives in $CATALINA_BASE/conf/[enginename]/[hostname] (conf/Catalina/localhost by default) and has the same name as the webapp (manager.xml in this case). If no file is present, default values are used.
So, you need to create a file conf/Catalina/localhost/manager.xml and specify the rule you want to allow remote access.
Host Manager application
- admin-gui - allows access to the HTML GUI and the status pages
- admin-script - allows access to the text interface and the status pages
Tomcat class不用重启更新的办法
1. tomcat server.xml: 设置reloadable="false"
<Context docBase="DDTService" path="/ddt"
reloadable="false"
source="org.eclipse.jst.jee.server:DDTService"/>
2. 在eclipse中以debug模式启动Tomcat。
Tomcat控制台中文乱码解决办法
- 打开文件/tomcat/bin/catalina.bat
- set JAVA_OPTS= 的内容中添加选项-Dfile.encoding=GBK
- 重启tomcat即可
(Jenkins console中文乱码也随即解决了)
Tomcat环境下解决http 的get方式提交的中文乱码问题
Tomcat在处理get和post请求的时候处理方式不同。
POST请求是将参数存放在请求数据包的消息体中
所以使用request.setCharacterEncoding("utf-8");可以处理
但是GET请求是将参数存放在url中,此时setCharacterEncoding就不起作用了,此时我们需要采用手写代码进行转码。
当然我们也可以修改tomcat配置文件来处理get请求的转码
方法一:改代码
String name = new String(request.getParameter("name").getBytes("ISO-8859-1"),"UTF-8");
方法二:改Tomcat下的server.xml配置文件下的Connector元素
添加:URIEncoding="UTF-8" 注1:是URIEncoding而不是URLEncoding
或者添加:useBodyEncodingForURI="true"
设置Java参数
bin\setenv.bat
set JAVA_OPTS=-Dfile.encoding=UTF-8 -Xms256m -Xmx1024m -XX:PermSize=128m
-XX:MaxPermSize=512m
or bin/setenv.sh
export JAVA_OPTS="-Dfile.encoding=UTF-8 -Xms512m -Xmx2048m
-XX:PermSize=128m -XX:MaxPermSize=768m"
中文设置bin\setenv.bat
set JAVA_OPTS=%JAVA_OPTS% -Dfile.encoding=GBK
JDK8中用metaspace代替permsize,因此在许多我们设置permsize大小的地方同样需要修改配置为metaspace
将-XX:PermSize=200m;-XX:MaxPermSize=256m;
修改为:-XX:MetaspaceSize=200m;-XX:MaxMetaspaceSize=256m;
Tomcat java.lang.OutOfMemoryError: PermGen space
对tomcat,可以在catalina.bat中添加:
"set CATALINA_OPTS=-Xms128M -Xmx256M
set JAVA_OPTS=-Xms128M -Xmx256M",或者把%CATALINA_OPTS%和%JAVA_OPTS%代替为-Xms128M
-Xmx256M
Tomcat java opts
setenv.bat
set "JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx1024m -XX:MaxPermSize=256m -server"
Tomcat in Eclipse out of memory: PermGen Size
解决方案为通过添加下面的参数增加分配给JVM的内存空间
-Xms256m -Xmx1024m -XX:PermSize=128m -XX:MaxNewSize=256m -XX:MaxPermSize=512m
网上的解决方案多半是针对纯Tomcat的情况,并非通过Eclipse启动的Tomcat。
或者修改eclipse.ini配置文件,不过这些方法都不适合Eclipse运行Tomcat抛出该异常的情况。
修改eclipse.ini配置文件增大的是Ecipse开发平台本身运行的JVM的空间,并非Eclipse启动Tomcat的内存空间。
正确的方法是,点击“Run” – “Run
Configurations…”,选中Tomcat Server,进入Arguments分页,在VM arguments中加入提升初始分配空间的参数
解决Tomcat无法shutdown进程
确定是web应用的问题,忽略日志中的严重警告,因为这是关闭tomcat时候引起的,正常情况下不会发生这种内存泄露情况,而且Tomcat6.18以上版本的Tomcat已经 做了内存泄露保护,交给Tomcat完成吧,我们只需要在shutdown.sh之后,补上一个kill -9 pid即可。要是嫌这样太麻烦了,可以如下这样改:
==============================bin/shutdown.sh
exec "$PRGDIR"/"$EXECUTABLE" stop -force "$@" #加上 -force
==============================bin/catalina.sh
在PRGDIR=`dirname "$PRG"`后面加上
if [ -z "$CATALINA_PID" ]; then
CATALINA_PID=$PRGDIR/CATALINA_PID
cat $CATALINA_PID
fi
Tomcat解压版注册Windows服务
ependecy:bin\目录下需要service.bat and Tomcat7.exe
set
"USER_INSTALL_DIR=C:\sd\install\DDT3forProduction"
set
"JAVA_HOME=%USER_INSTALL_DIR%\jdk1.6.0_45"
set
"CATALINA_HOME=%USER_INSTALL_DIR%\apache-tomcat-7.0.52"
service.bat install DDT3Tomcat
net start DDT3Tomcat
net stop DDT3Tomcat
service.bat uninstall DDT3Tomcat
C:\sd\install\DDT3forProduction\apache-tomcat-7.0.52\bin>service.bat install
Installing the service \'Tomcat7\' ...
Using CATALINA_HOME: "C:\sd\install\DDT3forProduction\apache-tomcat-7.0.52"
Using CATALINA_BASE:
"C:\sd\install\DDT3forProduction\apache-tomcat-7.0.52"
Using JAVA_HOME:
"C:\sd\install\DDT3forProduction\jdk1.6.0_45"
Using JRE_HOME:
"C:\sd\install\DDT3forProduction\jdk1.6.0_45\jre"
Using
JVM:
"C:\sd\install\DDT3forProduction\jdk1.6.0_45\jre\bin\server\jvm.dll"
拒绝访问。
Failed to install serviceFailed installing \'Tomcat7\' service
A: cmd.exe以管理员身份运行
net stop tertonDXTomcat
Tomcat undeploy and deploy war
#undeploy
wget --http-user=admin --http-password=admin "http://server206:8080/manager/text/undeploy?path=/ddt"
-O -
#deploy
wget --http-user=admin --http-password=admin "http://server206:8080/manager/text/deploy?war=file:C:/Documents
and Settings/Administrator/.jenkins/workspace/DDT3/DDTService/ddt.war&path=/ddt"
-O -
Wget for Windows:
Source: http://www.gnu.org/software/wget/
Source: http://mirror.hust.edu.cn/gnu/wget/
Binary: http://www.onlinedown.net/softdown/80943_2.htm
Add wget home to system env path, restart tomcat to let Jenkins know the path.
Tomcat修改上传war大小限制
http://server206:8080/manager admin:admin deploy war failure:
the request was rejected because its size (120592431) exceeds the configured
maximum (52428800)
tomcat/webapps/manager/WEB-INF/web.xml
找到
<multipart-config>
<!-- 50MB max -->
<max-file-size>52428800</max-file-size>
<max-request-size>52428800</max-request-size>
<file-size-threshold>0</file-size-threshold>
</multipart-config>
</servlet>
<servlet>
修改为
<!-- 100MB max -->
<max-file-size>104758600</max-file-size>
<max-request-size>104758600</max-request-size>
<file-size-threshold>0</file-size-threshold>
</multipart-config>
http://blog.csdn.net/b1412/article/details/7056250
Tomcat设置提交参数的最大值
关于maxPostSize,tomcat默认是2M,单位为字节。maxPostSize=”0”则表示不限制大小。
https://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
maxPostSize
The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing. The limit can be disabled by setting this attribute to a value less than zero. If not specified, this attribute is set to 2097152 (2 megabytes). Note that the FailedRequestFilter can be used to reject requests that exceed this limit.
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" maxPostSize="5120000"/>
Tomcat运行状态war增加jar
http://linuxproblems.org/wiki/Add_or_update_files_in_a_war_file
http://blog.omnidarren.com/2013/07/install-jar-command-on-centos-6/
http://www.coderanch.com/t/619252/Tomcat/Tomcat-find-classes-WEB-INF
http://tomcat.apache.org/tomcat-7.0-doc/class-loader-howto.html
javax.servlet.ServletException: Error instantiating servlet class com.cci.framework.core.servlet.BarCodeServlet
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:744)
root cause
java.lang.Error: Unresolved compilation problems:
The import org.jbarcode cannot be resolved
The import org.jbarcode cannot be resolved
The import org.jbarcode cannot be resolved
The import org.jbarcode cannot be resolved
JBarcode cannot be resolved to a type
JBarcode cannot be resolved to a type
Code128Encoder cannot be resolved
。。。
C:\Users\Mark>jar -uf C:\sd\releases\Production20151015\20151015_190545\ddt.war C:\sd\eclipse-jee-luna-SR1-win32\eclipse\workspace\DDTService\web\WEB-INF\lib\jbarcode-0.2.8.jar
Tomcat 修改默认ROOT路径
在<host></host>标签之间添加上:
<Context path="" docBase="myjsp" debug="0" reloadable="true" />
path是说明虚拟目录的名字,如果你要只输入ip地址就显示主页,则该键值留为空;
docBase是虚拟目录的路径,它默认的是$tomcat/webapps/ROOT目录,现在我在webapps目录下建了一个myjsp目录,让该目录作为我的默认目录。
debug和reloadable一般都分别设置成0和true。
Tomcat HTPPS设置
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
Introduction to SSL/TLS
the data being sent is encrypted by one side
two-way process
Tips
- asked if he or she wishes to accept the Certificate at first time visit
- encryption/decryption is a computationally expensive process from a performance standpoint, It is not strictly necessary to run an entire web application over SSL, and indeed a developer can pick and choose which pages require a secure connection and which do not.
sensitive information:
- i. login pages
- ii. personal information pages
- iii. shopping cart checkouts: credit card information
- using name-based virtual hosts on a secured connection can be problematic. If the domain names do not match, these browsers will display a warning to the client user.
JMX监控Tomcat
set JAVA_OPTS=-Dfile.encoding=GBK -Xms256m -Xmx1024m -XX:PermSize=128m -XX:MaxPermSize=512m -Dcom.sun.management.jmxremote.port=10090 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file="%CATALINA_BASE%\conf\logging.properties"
Linux必须指定erver,否则连不上:
export JAVA_OPTS="-Dfile.encoding=UFT-8 -Xms256m -Xmx1024m
-XX:PermSize=128m -XX:MaxPermSize=512m -Dcom.sun.management.jmxremote
-Djava.rmi.server.hostname=120.24.88.139
-Dcom.sun.management.jmxremote.port=10090
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false"
Tomcat session设置
三种方式优先级:1 < 2 <3
1. [tomcat home]\conf\web.xml:Tomcat默认session超时时间为30分钟,可以根据需要修改,负数或0为不限制session失效时 间。
<session-config>
<session-timeout>30</session-timeout>
</session-config>
2. 在工程的web.xml中设置
<session-config>
<session-timeout>20</session-timeout>
</session-config>
3. 通过java代码设置
session.setMaxInactiveInterval(30*60);//以秒为单位,即 在没有30分钟活动后,session将失效。
防止session超时的编程方法
http://zhumeng8337797.blog.163.com/blog/static/100768914201361622331186/
Jenkins in Tomcat
http://server206:8080/jenkins/job/DDT3
http://server206:8080/ddt
Email-ext:
https://wiki.jenkins-ci.org/display/JENKINS/Email-ext+plugin
email-templates should be put in Jenkins home instead of
jenkins directory in tomcat home (Jenkins>Configurations:Home directory)
Home Directory:
C:\Documents and Settings\Administrator\.jenkins
/home/httpd/jenkins
Workspace Root Directory:
${JENKINS_HOME}/workspace/${ITEM_FULLNAME}
${ITEM_ROOTDIR}/workspace
Build Record Root Directory:
${ITEM_ROOTDIR}/builds
${ITEM_ROOTDIR}/builds
Global properties
Environment variables
rooturl=http://server206:8080/jenkins/
lang=zh_CN.GBK
Tool Locations
Ant home
::undeploy
wget --http-user=admin --http-password=admin "http://192.168.1.155:8080/manager/text/undeploy?path=/ddt" -O -
::deploy
wget --http-user=admin --http-password=admin "http://192.168.1.155:8080/manager/text/deploy?war=file:\\server206\Jenkins_workspace\DDT3Service\DDTService\ddt.war&path=/ddt" -O -
mount -o username=administrator //192.168.1.206/Jenkins_workspace /mnt
::undeploy
wget --http-user=admin --http-password=admin "http://192.168.1.155:8080/manager/text/undeploy?path=/ddt" -O -
::deploy
wget --http-user=admin --http-password=admin "http://192.168.1.155:8080/manager/text/deploy?war=file:/mnt/DDT3Service/DDTService/ddt.war&path=/ddt" -O –
Tomcat错误解决
java.io.NotSerializableException错误解决方法
十二月 24, 2015 8:03:15 下午 org.apache.catalina.session.StandardManager doLoad
严重: IOException while loading persisted sessions: java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: com.cci.ddt.gov.view.ViewForShareHolder
java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: com.cci.ddt.gov.view.ViewForShareHolder
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1354)
http://blog.csdn.net/forandever/article/details/4553447
原因是:tomcat停止时,保存session资源,然后在重启服务后,会尝试恢复session。
在server.xml中Context下添加如下的内容:
<Manager className="org.apache.catalina.session.PersistentManager" saveOnRestart="false"/>
or
<Manager className="org.apache.catalina.session.PersistentManager" saveOnRestart="false">
<Store className="org.apache.catalina.session.FileStore"/>
</Manager>
Tomcat 8
OpenJDK 64-Bit Server VM warning: ignoring option PermSize=512m; support was removed in 8.0
OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=1024m; support was removed in 8.0
http://www.oracle.com/technetwork/java/javase/8-compatibility-guide-2156366.html
Compatibility Guide for JDK 8 says that in Java 8 the command line flag MaxPermSize has been removed.
The reason is that the permanent generation was removed from the hotspot heap and was moved to native memory.
Error parsing HTTP request header: java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
十月 12, 2017 1:52:25 下午 org.apache.coyote.http11.AbstractHttp11Processor process
信息: Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
at org.apache.coyote.http11.InternalInputBuffer.parseRequestLine(InternalInputBuffer.java:189)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1000)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Tomcat在 7.0.73, 8.0.39, 8.5.7 版本后,添加了对于http头的验证。
RFC3986文档规定,Url中只允许包含英文字母(a-zA-Z)、数字(0-9)、-_.~4个特殊字符以及所有保留字符。
RFC3986中指定了以下字符为保留字符:
!*\'();:@&=+$,/?#[]
解决办法:
配置tomcat的catalina.properties
添加或者修改:
tomcat.util.http.parser.HttpParser.requestTargetAllow=|{}
当然还有另外一种方法,就是将所有的参数都进行编码
Tomcat+java的web程序持续占cpu问题调试解决方法:
1、先用top查看占用cpu的进程id
$ top
top - 12:41:04 up 12 days, 20:46, 3 users, load average: 4.77, 5.01, 4.95
Tasks: 223 total, 2 running, 221 sleeping, 0 stopped, 0 zombie
%Cpu(s): 93.5 us, 0.2 sy, 0.0 ni, 6.3 id, 0.1 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 16301388 total, 7697092 free, 5016448 used, 3587848 buff/cache
KiB Swap: 8191996 total, 8191996 free, 0 used. 10916832 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
27127 user 20 0 7951404 3.337g 14064 S 556.8 21.5 294:12.37 java
32197 user 20 0 5531164 21744 10256 S 3.7 0.1 0:00.11 jstack
1900 mysql 20 0 3580036 499996 8168 S 1.0 3.1 80:09.60 mysqld
32060 user 20 0 146144 2128 1436 R 0.7 0.0 0:00.84 top
2530 user 20 0 470192 5932 3668 S 0.3 0.0 0:07.09 ibus-daemon
22415 root 20 0 0 0 0 S 0.3 0.0 0:04.50 kworker/4:0
1 root 20 0 193092 8444 2612 S 0.0 0.1 1:13.95 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.60 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:04.79 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
7 root rt 0 0 0 0 S 0.0 0.0 0:00.69 migration/0
8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/0
10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/1
11 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/2
12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/3
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/4
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/5
15 root 20 0 0 0 0 S 0.0 0.0 3:05.18 rcu_sched
16 root 20 0 0 0 0 S 0.0 0.0 0:33.15 rcuos/0
2、再用ps -ef | grep PID定位具体的进程主体;如是否是tomcat启动的java程序
3、用ps -mp pid -o THREAD,tid,time打印出该进程下的线程占用cpu情况: ps -mp 27127 -o THREAD,tid,time
找到了耗时最高的线程28802,占用CPU时间快两个小时了!
[user@yfddt6Z ~]$ ps -mp 27127 -o THREAD,tid,time
USER %CPU PRI SCNT WCHAN USER SYSTEM TID TIME
user 4.1 - - - - - - 05:16:47
user 0.0 19 - futex_ - - 27127 00:00:00
user 0.0 19 - poll_s - - 27128 00:00:00
user 0.5 19 - - - - 27130 00:44:40
user 0.5 19 - - - - 27131 00:44:40
user 0.5 19 - - - - 27132 00:44:40
user 0.5 19 - - - - 27133 00:44:40
user 0.5 19 - - - - 27134 00:44:39
user 0.5 19 - - - - 27135 00:44:39
user 0.0 19 - futex_ - - 27136 00:03:20
user 0.0 19 - futex_ - - 27137 00:00:00
user 0.0 19 - futex_ - - 27138 00:00:03
user 0.0 19 - futex_ - - 27139 00:00:00
user 0.0 19 - futex_ - - 27140 00:01:05
user 0.0 19 - futex_ - - 27141 00:00:47
user 0.0 19 - futex_ - - 27142 00:00:00
user 0.0 19 - futex_ - - 27143 00:03:33
user 0.0 19 - futex_ - - 27144 00:00:00
user 0.0 19 - futex_ - - 27147 00:00:07
4、其次将需要的线程ID转换为16进制格式:printf "%x\n" tid
printf "%x\n" 27130
5、最后打印线程的堆栈信息:jstack pid | grep tid -A 30
找到出现问题的代码,并分析具体函数中是否有可能出现死循环的代码段。
通常问题出现在while, for之类的循环代码片段。
[user@yfddt6Z ~]$ /usr/java/jdk1.7.0_79/bin/jstack 27127 | grep 69fa -A 30
27127: Unable to open socket file: target process not responding or HotSpot VM not loaded
The -F option can be used when the target process is not responding
[user@yfddt6Z ~]$ /usr/java/jdk1.7.0_79/bin/jstack -F 27127 | grep 69fa -A 30
Attaching to process ID 27127, please wait...
Debugger attached successfully.
Server compiler detected.
JVM version is 24.79-b02
jstack command not found on centos
[root@yfddt5Z logs]# sudo updatedb
[root@yfddt5Z logs]# locate jstack
/usr/java/jdk1.7.0_79/bin/jstack
/usr/java/jdk1.7.0_79/man/ja_JP.UTF-8/man1/jstack.1
/usr/java/jdk1.7.0_79/man/man1/jstack.1
jstack: Unable to open socket file: target process not responding or HotSpot VM not loaded
设置Tomcat tmp目录到linux系统的tmp目录
[user@yfddt6Z tomcat7]$ top
top - 14:53:40 up 176 days, 2:46, 4 users, load average: 5.28, 4.84, 2.76
Tasks: 230 total, 1 running, 226 sleeping, 2 stopped, 1 zombie
%Cpu(s): 94.0 us, 0.1 sy, 0.0 ni, 5.9 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 16301388 total, 204244 free, 4237368 used, 11859776 buff/cache
KiB Swap: 8191996 total, 8191028 free, 968 used. 11471412 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
32119 user 20 0 6735608 2.340g 16612 S 565.7 15.0 67:57.98 java
1 root 20 0 206972 22312 2620 S 0.0 0.1 10:29.64 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:04.05 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:22.83 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
7 root rt 0 0 0 0 S 0.0 0.0 0:03.51 migration/0
8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/0
10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/1
11 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/2
12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/3
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/4
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/5
15 root 20 0 0 0 0 S 0.0 0.0 32:05.79 rcu_sched
16 root 20 0 0 0 0 S 0.0 0.0 4:52.26 rcuos/0
17 root 20 0 0 0 0 S 0.0 0.0 4:55.87 rcuos/1
18 root 20 0 0 0 0 S 0.0 0.0 4:54.44 rcuos/2
19 root 20 0 0 0 0 S 0.0 0.0 4:57.84 rcuos/3
20 root 20 0 0 0 0 S 0.0 0.0 4:52.57 rcuos/4
21 root 20 0 0 0 0 S 0.0 0.0 5:15.51 rcuos/5