[GitHub] [tomcat] minfrin opened a new pull request #382: Add support for unix domain sockets.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
92 messages Options
12345
Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

GitBox

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r533488953



##########
File path: java/org/apache/tomcat/util/net/LocalStrings.properties
##########
@@ -88,6 +88,7 @@ endpoint.init.bind=Socket bind failed: [{0}] [{1}]
 endpoint.init.bind.inherited=No inherited channel while the connector was configured to use one
 endpoint.init.listen=Socket listen failed: [{0}] [{1}]
 endpoint.init.notavail=APR not available
+endpoint.init.unixnotavail=Unix domain socket support not available

Review comment:
       Same here

##########
File path: webapps/docs/config/http.xml
##########
@@ -208,6 +208,24 @@
       The default is <code>POST</code></p>
     </attribute>
 
+    <attribute name="path" required="false">
+      <p>Where supported, the path to a unix domain socket that this

Review comment:
       Here

##########
File path: java/org/apache/catalina/core/LocalStrings.properties
##########
@@ -74,7 +74,7 @@ aprListener.aprInitDebug=The Apache Tomcat Native library could not be found usi
 aprListener.aprInitError=The Apache Tomcat Native library failed to load. The error reported was [{0}]
 aprListener.currentFIPSMode=Current FIPS mode: [{0}]
 aprListener.enterAlreadyInFIPSMode=AprLifecycleListener is configured to force entering FIPS mode, but library is already in FIPS mode [{0}]
-aprListener.flags=APR capabilities: IPv6 [{0}], sendfile [{1}], accept filters [{2}], random [{3}].
+aprListener.flags=APR capabilities: IPv6 [{0}], sendfile [{1}], accept filters [{2}], random [{3}], uds [{4}].

Review comment:
       Please uppercase uds in all properties files

##########
File path: webapps/docs/config/http.xml
##########
@@ -208,6 +208,24 @@
       The default is <code>POST</code></p>
     </attribute>
 
+    <attribute name="path" required="false">
+      <p>Where supported, the path to a unix domain socket that this
+      <strong>Connector</strong> will create and await incoming connections.
+      Tomcat will automatically remove the socket on server shutdown. If the
+      socket already exists, care must be taken by the administrator to remove
+      the socket after verifying that the socket isn't already being used by an
+      existing Tomcat process.</p>
+    </attribute>
+
+    <attribute name="pathPermissions" required="false">
+      <p>Where supported, the posix permissions that will be applied to the
+      to the unix domain socket specified with <code>path</code> above. The

Review comment:
       Here

##########
File path: webapps/docs/config/http.xml
##########
@@ -208,6 +208,24 @@
       The default is <code>POST</code></p>
     </attribute>
 
+    <attribute name="path" required="false">
+      <p>Where supported, the path to a unix domain socket that this
+      <strong>Connector</strong> will create and await incoming connections.
+      Tomcat will automatically remove the socket on server shutdown. If the
+      socket already exists, care must be taken by the administrator to remove
+      the socket after verifying that the socket isn't already being used by an
+      existing Tomcat process.</p>
+    </attribute>
+
+    <attribute name="pathPermissions" required="false">
+      <p>Where supported, the posix permissions that will be applied to the
+      to the unix domain socket specified with <code>path</code> above. The
+      permissions are specified as a string of nine characters, in three sets
+      of three: (r)ead, (w)rite and e(x)ecute for owner, group and everyone
+      else respectively. If a permission is not granted, a dash is used. If

Review comment:
       dash => hyphen

##########
File path: webapps/docs/changelog.xml
##########
@@ -124,6 +124,11 @@
         uses the correct setting for the secure attribute for any session
         cookies it creates. Based on a pull request by Andreas Kurth. (markt)
       </fix>
+      <add>
+        <bug>64943</bug>: Add support for unix domain sockets to

Review comment:
       And here

##########
File path: webapps/docs/config/http.xml
##########
@@ -1130,6 +1148,38 @@
   </subsection>
 
 
+  <subsection name="Unix Domain Socket Support">
+
+  <p>When the <code>path</code> attribute is used, connectors that support
+  unix domain sockets will bind to the socket at the given path. The first

Review comment:
       Upper

##########
File path: webapps/docs/config/http.xml
##########
@@ -208,6 +208,24 @@
       The default is <code>POST</code></p>
     </attribute>
 
+    <attribute name="path" required="false">
+      <p>Where supported, the path to a unix domain socket that this
+      <strong>Connector</strong> will create and await incoming connections.
+      Tomcat will automatically remove the socket on server shutdown. If the
+      socket already exists, care must be taken by the administrator to remove
+      the socket after verifying that the socket isn't already being used by an
+      existing Tomcat process.</p>
+    </attribute>
+
+    <attribute name="pathPermissions" required="false">
+      <p>Where supported, the posix permissions that will be applied to the
+      to the unix domain socket specified with <code>path</code> above. The
+      permissions are specified as a string of nine characters, in three sets
+      of three: (r)ead, (w)rite and e(x)ecute for owner, group and everyone

Review comment:
       everyone is Windows, Unix is others.

##########
File path: webapps/docs/config/http.xml
##########
@@ -1130,6 +1148,38 @@
   </subsection>
 
 
+  <subsection name="Unix Domain Socket Support">
+
+  <p>When the <code>path</code> attribute is used, connectors that support
+  unix domain sockets will bind to the socket at the given path. The first
+  connector to support this is the
+  <code>org.apache.coyote.http11.Http11AprProtocol</code> connector when
+  used with the Apache Tomcat Native library v1.2.26 and up, along with
+  Apache Portable Runtime v1.6 and higher.
+  </p>
+
+  <p>The socket path is created with read and write permissions for all
+  users. To protect this socket, place it in a directory with suitable
+  permissions appropriately configured to restrict access as required.
+  Alternatively, on platforms that support posix permissions, the
+  permissions on the socket can be set directly with the
+  <code>pathPermissions</code> option.
+  </p>
+
+  <p>Tomcat will automatically remove the socket on server shutdown. If the
+  socket already exists startup will fail. Care must be taken by the
+  administrator to remove the socket after verifying that the socket isn't
+  already being used by an existing Tomcat process.</p>
+
+  <p>The unix domain socket can be accessed using the

Review comment:
       Here




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-736674567


   > * A few nits in docs.
   > * I wonder whether we should set default permissions at all and rely on the umask.
   > * Tomcat has a umask check (startup listener) which these default permissions we basically break that promise...
   
   Relying on the umask makes no practical sense, unfortunately.
   
   The typical umask is 0027, meaning full access for tomcat itself, read access for members of the tomcat group (so that logfiles can be read but not changed), and no access for anyone else.
   
   The unix domain socket is useless if you can't write to it. What that means is that only the tomcat user can send requests to tomcat, and members of the tomcat group can't send requests at all, which is completely pointless.
   
   To be in any way useful the socket must be writable, and to do that it either needs to default to being writable, or needs to explicitly set as writable with at least `pathPermissions="rw-rw----"`.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r533567922



##########
File path: java/org/apache/catalina/core/LocalStrings.properties
##########
@@ -74,7 +74,7 @@ aprListener.aprInitDebug=The Apache Tomcat Native library could not be found usi
 aprListener.aprInitError=The Apache Tomcat Native library failed to load. The error reported was [{0}]
 aprListener.currentFIPSMode=Current FIPS mode: [{0}]
 aprListener.enterAlreadyInFIPSMode=AprLifecycleListener is configured to force entering FIPS mode, but library is already in FIPS mode [{0}]
-aprListener.flags=APR capabilities: IPv6 [{0}], sendfile [{1}], accept filters [{2}], random [{3}].
+aprListener.flags=APR capabilities: IPv6 [{0}], sendfile [{1}], accept filters [{2}], random [{3}], uds [{4}].

Review comment:
       Done.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r533571858



##########
File path: webapps/docs/config/http.xml
##########
@@ -208,6 +208,24 @@
       The default is <code>POST</code></p>
     </attribute>
 
+    <attribute name="path" required="false">
+      <p>Where supported, the path to a unix domain socket that this
+      <strong>Connector</strong> will create and await incoming connections.
+      Tomcat will automatically remove the socket on server shutdown. If the
+      socket already exists, care must be taken by the administrator to remove
+      the socket after verifying that the socket isn't already being used by an
+      existing Tomcat process.</p>
+    </attribute>
+
+    <attribute name="pathPermissions" required="false">
+      <p>Where supported, the posix permissions that will be applied to the
+      to the unix domain socket specified with <code>path</code> above. The
+      permissions are specified as a string of nine characters, in three sets
+      of three: (r)ead, (w)rite and e(x)ecute for owner, group and everyone
+      else respectively. If a permission is not granted, a dash is used. If

Review comment:
       Done.

##########
File path: webapps/docs/config/http.xml
##########
@@ -1130,6 +1148,38 @@
   </subsection>
 
 
+  <subsection name="Unix Domain Socket Support">
+
+  <p>When the <code>path</code> attribute is used, connectors that support
+  unix domain sockets will bind to the socket at the given path. The first
+  connector to support this is the
+  <code>org.apache.coyote.http11.Http11AprProtocol</code> connector when
+  used with the Apache Tomcat Native library v1.2.26 and up, along with
+  Apache Portable Runtime v1.6 and higher.
+  </p>
+
+  <p>The socket path is created with read and write permissions for all
+  users. To protect this socket, place it in a directory with suitable
+  permissions appropriately configured to restrict access as required.
+  Alternatively, on platforms that support posix permissions, the
+  permissions on the socket can be set directly with the
+  <code>pathPermissions</code> option.
+  </p>
+
+  <p>Tomcat will automatically remove the socket on server shutdown. If the
+  socket already exists startup will fail. Care must be taken by the
+  administrator to remove the socket after verifying that the socket isn't
+  already being used by an existing Tomcat process.</p>
+
+  <p>The unix domain socket can be accessed using the

Review comment:
       Done.

##########
File path: webapps/docs/config/http.xml
##########
@@ -1130,6 +1148,38 @@
   </subsection>
 
 
+  <subsection name="Unix Domain Socket Support">
+
+  <p>When the <code>path</code> attribute is used, connectors that support
+  unix domain sockets will bind to the socket at the given path. The first

Review comment:
       Done.

##########
File path: webapps/docs/config/http.xml
##########
@@ -208,6 +208,24 @@
       The default is <code>POST</code></p>
     </attribute>
 
+    <attribute name="path" required="false">
+      <p>Where supported, the path to a unix domain socket that this
+      <strong>Connector</strong> will create and await incoming connections.
+      Tomcat will automatically remove the socket on server shutdown. If the
+      socket already exists, care must be taken by the administrator to remove
+      the socket after verifying that the socket isn't already being used by an
+      existing Tomcat process.</p>
+    </attribute>
+
+    <attribute name="pathPermissions" required="false">
+      <p>Where supported, the posix permissions that will be applied to the
+      to the unix domain socket specified with <code>path</code> above. The
+      permissions are specified as a string of nine characters, in three sets
+      of three: (r)ead, (w)rite and e(x)ecute for owner, group and everyone

Review comment:
       Done.

##########
File path: webapps/docs/config/http.xml
##########
@@ -208,6 +208,24 @@
       The default is <code>POST</code></p>
     </attribute>
 
+    <attribute name="path" required="false">
+      <p>Where supported, the path to a unix domain socket that this
+      <strong>Connector</strong> will create and await incoming connections.
+      Tomcat will automatically remove the socket on server shutdown. If the
+      socket already exists, care must be taken by the administrator to remove
+      the socket after verifying that the socket isn't already being used by an
+      existing Tomcat process.</p>
+    </attribute>
+
+    <attribute name="pathPermissions" required="false">
+      <p>Where supported, the posix permissions that will be applied to the
+      to the unix domain socket specified with <code>path</code> above. The

Review comment:
       Done.

##########
File path: webapps/docs/config/http.xml
##########
@@ -208,6 +208,24 @@
       The default is <code>POST</code></p>
     </attribute>
 
+    <attribute name="path" required="false">
+      <p>Where supported, the path to a unix domain socket that this

Review comment:
       Done.

##########
File path: webapps/docs/changelog.xml
##########
@@ -124,6 +124,11 @@
         uses the correct setting for the secure attribute for any session
         cookies it creates. Based on a pull request by Andreas Kurth. (markt)
       </fix>
+      <add>
+        <bug>64943</bug>: Add support for unix domain sockets to

Review comment:
       Done.

##########
File path: java/org/apache/tomcat/util/net/LocalStrings.properties
##########
@@ -88,6 +88,7 @@ endpoint.init.bind=Socket bind failed: [{0}] [{1}]
 endpoint.init.bind.inherited=No inherited channel while the connector was configured to use one
 endpoint.init.listen=Socket listen failed: [{0}] [{1}]
 endpoint.init.notavail=APR not available
+endpoint.init.unixnotavail=Unix domain socket support not available

Review comment:
       Done.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-736684033


   > The typical umask is 0027, meaning full access for tomcat itself, read access for members of the tomcat group (so that logfiles can be read but not changed), and no access for anyone else.
   >
   > The unix domain socket is useless if you can't write to it. What that means is that only the tomcat user can send requests to tomcat, and members of the tomcat group can't send requests at all, which is completely pointless.
   
   Exactly, that's the whole problem.
   
   > To be in any way useful the socket must be writable, and to do that it either needs to default to being writable, or needs to explicitly set as writable with at least `pathPermissions="rw-rw----"`.
   
   So not to undermine the default umask, are we good to take your `pathPermissions="rw-rw----"` proposal?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-736746529


   > > To be in any way useful the socket must be writable, and to do that it either needs to default to being writable, or needs to explicitly set as writable with at least `pathPermissions="rw-rw----"`.
   >
   > So not to undermine the default umask, are we good to take your `pathPermissions="rw-rw----"` proposal?
   
   I'm not following - the umask makes no sense, not even as a default, so we have to override the umask to make it work at all.
   
   I think a sensible approach is "defaults to the same behaviour as localhost, visible to all on the box, while offering posixPermissions to the unix people, and a protected parent directory for the windows people."
   
   That's where we stand now.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-736761640


   >
   >
   > > > To be in any way useful the socket must be writable, and to do that it either needs to default to being writable, or needs to explicitly set as writable with at least `pathPermissions="rw-rw----"`.
   > >
   > >
   > > So not to undermine the default umask, are we good to take your `pathPermissions="rw-rw----"` proposal?
   >
   > I'm not following - the umask makes no sense, not even as a default, so we have to override the umask to make it work at all.
   >
   > I think a sensible approach is "defaults to the same behaviour as localhost, visible to all on the box, while offering posixPermissions to the unix people, and a protected parent directory for the windows people."
   >
   > That's where we stand now.
   
   OK, my slight counter proposal is not use `rw-rw-rw-` as default, but `rw-rw----` because this would reflect the default umask of 027, i.e, not to create anything world readable. For those who need more permissions, they can supply a custom string.
   
   I also do understand that localhost is open for everyone on that box, but isn't that the whole point of UDS to have more control of the socket?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o edited a comment on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o edited a comment on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-736761640


   >
   >
   > > > To be in any way useful the socket must be writable, and to do that it either needs to default to being writable, or needs to explicitly set as writable with at least `pathPermissions="rw-rw----"`.
   > >
   > >
   > > So not to undermine the default umask, are we good to take your `pathPermissions="rw-rw----"` proposal?
   >
   > I'm not following - the umask makes no sense, not even as a default, so we have to override the umask to make it work at all.
   >
   > I think a sensible approach is "defaults to the same behaviour as localhost, visible to all on the box, while offering posixPermissions to the unix people, and a protected parent directory for the windows people."
   >
   > That's where we stand now.
   
   OK, my slight counter proposal is not use `rw-rw-rw-` as default, but `rw-rw----` because this would reflect the default umask of 027, i.e, not to create anything world readable. For those who need more permissions, they can supply a custom string.
   
   I also do understand that localhost is open for everyone on that box, but isn't that the whole point of UDS to have more control over the socket?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] minfrin commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

minfrin commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-737203904


   > OK, my slight counter proposal is not use rw-rw-rw- as default, but rw-rw---- because this would reflect the default umask of 027, i.e, not to create anything world readable. For those who need more permissions, they can supply a custom string.
   
   The problem with this is that it makes the default behaviour between windows and unix inconsistent, and this is likely to cause headaches for people who either don't read the docs properly, or read a response on stack overflow aimed at unix people and use it thinking it also applies to windows.
   
   Setting a default on windows is itself hard - windows doesn't have a concept of a "primary group" like posix, but the possibility of zero or more users and/or groups that have access to a file or directory. There is no practical default behaviour for any of that, which is why java itself doesn't try. Java gives you "access to owner" and "access to everyone", and that's it. "Access to owner" is the same as "no uds support", that leaves just "access to everyone, protect me by protecting my parent directory".
   
   > I also do understand that localhost is open for everyone on that box, but isn't that the whole point of UDS to have more control over the socket?
   
   Yes - and the most simplest way to protect a socket is to put it in a suitably protected directory. You don't have to protect the socket file itself, just make it impossible for the file to be seen by making its parent directory inaccessible.
   
   I am very mindful of decisions made now being difficult to change down the line. Adding new behaviour in future is easy, but changing existing behaviour (like a default) is a headache for all concerned.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-737353972


   >
   >
   > > OK, my slight counter proposal is not use rw-rw-rw- as default, but rw-rw---- because this would reflect the default umask of 027, i.e, not to create anything world readable. For those who need more permissions, they can supply a custom string.
   >
   > The problem with this is that it makes the default behaviour between windows and unix inconsistent, and this is likely to cause headaches for people who either don't read the docs properly, or read a response on stack overflow aimed at unix people and use it thinking it also applies to windows.
   
   While I agree here, you cannot really achieve consistency due to two completely diametral approach in both OS types. I wouldn't try to achive, as sad as it sounds.
   
   > Setting a default on windows is itself hard - windows doesn't have a concept of a "primary group" like posix, but the possibility of zero or more users and/or groups that have access to a file or directory. There is no practical default behaviour for any of that, which is why java itself doesn't try. Java gives you "access to owner" and "access to everyone", and that's it. "Access to owner" is the same as "no uds support", that leaves just "access to everyone, protect me by protecting my parent directory".
   
   I know it is hard, maybe we should not try at all? I believe that it will quite some time to be picked up by Windows users at all.
   
   > > I also do understand that localhost is open for everyone on that box, but isn't that the whole point of UDS to have more control over the socket?
   >
   > Yes - and the most simplest way to protect a socket is to put it in a suitably protected directory. You don't have to protect the socket file itself, just make it impossible for the file to be seen by making its parent directory inaccessible.
   >
   > I am very mindful of decisions made now being difficult to change down the line. Adding new behaviour in future is easy, but changing existing behaviour (like a default) is a headache for all concerned.
   
   Agree!


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-738291588


   @minfrin Do you want to peform anymore changes or do want to me run verifcation on it? Do you think a test would be possible to start up and shut down a UDS?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] martin-g commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

martin-g commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r540754092



##########
File path: webapps/docs/config/http.xml
##########
@@ -208,6 +208,24 @@
       The default is <code>POST</code></p>
     </attribute>
 
+    <attribute name="path" required="false">

Review comment:
       At the moment the `port` parameter is mandatory, i.e. if `path` is specified then both TCP and UDS will be exposed.
   I guess there will be users which will want to enable **only** UDS.
   Do you think this is reasonable and we should make it possible to disable TCP in case UDS is enabled ?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r540877133



##########
File path: webapps/docs/config/http.xml
##########
@@ -208,6 +208,24 @@
       The default is <code>POST</code></p>
     </attribute>
 
+    <attribute name="path" required="false">

Review comment:
       Having both enabled might lead to confusion as it does now with dual-stack socket. Most don't even know that one can pass sockopt IPV6_ONLY. I would avoid such situation unless the admin does exactly know what is happening here. Now the misfortune here is that we don't have an address field, but rather a host/port which is tied to TCP sockets. Maybe it is worth a discussion on the dev ML to move to `address` instead of `host`/`port` combination. So do all decent socket-based services like sshd, httpd, etc. WDYT?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r540877133



##########
File path: webapps/docs/config/http.xml
##########
@@ -208,6 +208,24 @@
       The default is <code>POST</code></p>
     </attribute>
 
+    <attribute name="path" required="false">

Review comment:
       Having both enabled might lead to confusion as it does now with dual-stack socket. Most don't even know that one can pass sockopt [`IPV6_V6ONLY`](https://www.freebsd.org/cgi/man.cgi?query=ip6&apropos=0&sektion=4&manpath=FreeBSD+12.2-RELEASE+and+Ports&arch=default&format=html). I would avoid such situation unless the admin does exactly know what is happening here. Now the misfortune here is that we don't have an address field, but rather a host/port which is tied to TCP sockets. Maybe it is worth a discussion on the dev ML to move to `address` instead of `host`/`port` combination. So do all decent socket-based services like sshd, httpd, etc. WDYT?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] martin-g commented on a change in pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

martin-g commented on a change in pull request #382:
URL: https://github.com/apache/tomcat/pull/382#discussion_r540897626



##########
File path: webapps/docs/config/http.xml
##########
@@ -208,6 +208,24 @@
       The default is <code>POST</code></p>
     </attribute>
 
+    <attribute name="path" required="false">

Review comment:
       I've just tested it. It seems only UDS is enabled:
   
   ```
   openjdk version "16-ea" 2021-03-16
   OpenJDK Runtime Environment (build 16-ea+26-1764)
   OpenJDK 64-Bit Server VM (build 16-ea+26-1764, mixed mode)
   === Protocol: org.apache.coyote.http11.Http11AprProtocol
   === Starting : Connector[org.apache.coyote.http11.Http11AprProtocol-8080]
   Dec 11, 2020 11:55:52 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
   INFO: Loaded Apache Tomcat Native library [1.2.27] using APR version [1.6.5].
   Dec 11, 2020 11:55:52 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
   INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [true].
   Dec 11, 2020 11:55:52 AM org.apache.catalina.core.AprLifecycleListener initializeSSL
   INFO: OpenSSL successfully initialized [OpenSSL 1.1.1g-dev  xx XXX xxxx]
   Dec 11, 2020 11:55:52 AM org.apache.coyote.http11.AbstractHttp11Protocol configureUpgradeProtocol
   INFO: The ["https-openssl-apr-/tmp/tomcat-uds.sock"] connector has been configured to support negotiation to [h2] via ALPN
   Dec 11, 2020 11:55:52 AM org.apache.coyote.AbstractProtocol init
   INFO: Initializing ProtocolHandler ["https-openssl-apr-/tmp/tomcat-uds.sock"]
   Dec 11, 2020 11:55:52 AM org.apache.catalina.core.StandardService startInternal
   INFO: Starting service [Tomcat]
   Dec 11, 2020 11:55:52 AM org.apache.catalina.core.StandardEngine startInternal
   INFO: Starting Servlet engine: [Apache Tomcat/10.0.0-M11-dev]
   Dec 11, 2020 11:55:53 AM org.apache.coyote.AbstractProtocol start
   INFO: Starting ProtocolHandler ["https-openssl-apr-/tmp/tomcat-uds.sock"]
   === Started
   
   ```
   
   ```
   $  sudo netstat -anp | grep 2887991
   (standard input):35:unix  2      [ ACC ]     STREAM     LISTENING     14491510 2887991/java         /tmp/tomcat-uds.sock
   (standard input):165:unix  2      [ ]         STREAM     CONNECTED     14491508 2887991/java    
   ```
   




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] martin-g commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

martin-g commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-743155616


   There is some issue with stopping an embedded Tomcat:
   
   ```
   === Started
   
   ^CDec 11, 2020 11:59:45 AM org.apache.coyote.AbstractProtocol pause
   INFO: Pausing ProtocolHandler ["https-openssl-apr-/tmp/tomcat-uds.sock"]
   Dec 11, 2020 11:59:45 AM org.apache.catalina.core.StandardService stopInternal
   INFO: Stopping service [Tomcat]
   WARNING: An illegal reflective access operation has occurred
   WARNING: Illegal reflective access by org.apache.catalina.loader.WebappClassLoaderBase (file:/home/ubuntu/git/mg.solutions/http2-server-perf-tests/java/tomcat/target/tomcat-embedded-1.0-SNAPSHOT.jar) to field java.io.ObjectStreamClass$Caches.localDescs
   WARNING: Please consider reporting this to the maintainers of org.apache.catalina.loader.WebappClassLoaderBase
   WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
   WARNING: All illegal access operations will be denied in a future release
   Dec 11, 2020 11:59:45 AM org.apache.coyote.AbstractProtocol stop
   INFO: Stopping ProtocolHandler ["https-openssl-apr-/tmp/tomcat-uds.sock"]
   Dec 11, 2020 11:59:55 AM org.apache.tomcat.util.net.Acceptor stop
   WARNING: The acceptor thread [https-openssl-apr-/tmp/tomcat-uds.sock-Acceptor] did not stop cleanly
   === Stopped
   
   ```
   and the application hangs.
   
   Thread dump:
   
   ```
   2020-12-11 12:02:45                                                                                    
   Full thread dump OpenJDK 64-Bit Server VM (16-ea+26-1764 mixed mode):                                  
                                                                                                         
   Threads class SMR info:                                                                                
   _java_thread_list=0x0000ffff806d7a50, length=14, elements={                                      
   0x0000ffff801d1390, 0x0000ffff801d2b30, 0x0000ffff801ffda0, 0x0000ffff802012e0,                        
   0x0000ffff80202810, 0x0000ffff802042e0, 0x0000ffff802058e0, 0x0000ffff80206e70,                  
   0x0000ffff80297670, 0x0000ffff802a23f0, 0x0000ffff80697560, 0x0000fffef8001100,                        
   0x0000ffff806e3050, 0x0000ffff800248b0                                                                
   }                                                                                                                                                                                                              
                                                                                                         
   "Reference Handler" #2 daemon prio=10 os_prio=0 cpu=0.42ms elapsed=413.75s tid=0x0000ffff801d1390 nid=0x2c113f waiting on condition  [0x0000ffff609fc000]                                                      
      java.lang.Thread.State: RUNNABLE                                                                                                                                                                            
           at java.lang.ref.Reference.waitForReferencePendingList(java.base@16-ea/Native Method)          
           at java.lang.ref.Reference.processPendingReferences(java.base@16-ea/Reference.java:243)                                                                                                                
           at java.lang.ref.Reference$ReferenceHandler.run(java.base@16-ea/Reference.java:215)            
                                                                                                                                                                                                                 
   "Finalizer" #3 daemon prio=8 os_prio=0 cpu=0.46ms elapsed=413.75s tid=0x0000ffff801d2b30 nid=0x2c1140 in Object.wait()  [0x0000ffff607fc000]                                                                  
      java.lang.Thread.State: WAITING (on object monitor)                                                                                                                                                        
           at java.lang.Object.wait(java.base@16-ea/Native Method)                                                                                                                                                
           - waiting on <0x00000007148016c8> (a java.lang.ref.ReferenceQueue$Lock)                                                                                                                                
           at java.lang.ref.ReferenceQueue.remove(java.base@16-ea/ReferenceQueue.java:155)                                                                                                                        
           - locked <0x00000007148016c8> (a java.lang.ref.ReferenceQueue$Lock)                      
           at java.lang.ref.ReferenceQueue.remove(java.base@16-ea/ReferenceQueue.java:176)                
           at java.lang.ref.Finalizer$FinalizerThread.run(java.base@16-ea/Finalizer.java:171)                                                                                                                    
                                                                                                                                                                                                                 
   "Signal Dispatcher" #4 daemon prio=9 os_prio=0 cpu=0.53ms elapsed=413.75s tid=0x0000ffff801ffda0 nid=0x2c1141 waiting on condition  [0x0000000000000000]                                                      
      java.lang.Thread.State: RUNNABLE                                                                    
                                                                                                                                                                                                                 
   "Service Thread" #5 daemon prio=9 os_prio=0 cpu=0.38ms elapsed=413.75s tid=0x0000ffff802012e0 nid=0x2c1142 runnable  [0x0000000000000000]                                                                      
      java.lang.Thread.State: RUNNABLE                                                                                                                                                                            
                                                                                                         
   "Monitor Deflation Thread" #6 daemon prio=9 os_prio=0 cpu=2.44ms elapsed=413.75s tid=0x0000ffff80202810 nid=0x2c1143 runnable  [0x0000000000000000]                                                            
      java.lang.Thread.State: RUNNABLE  
   
                                                                                                                                                                                                                 
   "C2 CompilerThread0" #7 daemon prio=9 os_prio=0 cpu=439.33ms elapsed=413.75s tid=0x0000ffff802042e0 nid=0x2c1144 waiting on condition  [0x0000000000000000]
      java.lang.Thread.State: RUNNABLE
      No compile task                                
   
   "C1 CompilerThread0" #10 daemon prio=9 os_prio=0 cpu=605.34ms elapsed=413.75s tid=0x0000ffff802058e0 nid=0x2c1145 waiting on condition  [0x0000000000000000]
      java.lang.Thread.State: RUNNABLE
      No compile task                                
   
   "Sweeper thread" #11 daemon prio=9 os_prio=0 cpu=0.09ms elapsed=413.75s tid=0x0000ffff80206e70 nid=0x2c1146 runnable  [0x0000000000000000]
      java.lang.Thread.State: RUNNABLE
   
   "Notification Thread" #12 daemon prio=9 os_prio=0 cpu=0.10ms elapsed=413.72s tid=0x0000ffff80297670 nid=0x2c1147 runnable  [0x0000000000000000]
      java.lang.Thread.State: RUNNABLE
   
   "Common-Cleaner" #13 daemon prio=8 os_prio=0 cpu=0.69ms elapsed=413.71s tid=0x0000ffff802a23f0 nid=0x2c1149 in Object.wait()  [0x0000ffff50ffc000]
      java.lang.Thread.State: TIMED_WAITING (on object monitor)
           at java.lang.Object.wait(java.base@16-ea/Native Method)
           - waiting on <0x0000000714802c70> (a java.lang.ref.ReferenceQueue$Lock)
           at java.lang.ref.ReferenceQueue.remove(java.base@16-ea/ReferenceQueue.java:155)
           - locked <0x0000000714802c70> (a java.lang.ref.ReferenceQueue$Lock)
           at jdk.internal.ref.CleanerImpl.run(java.base@16-ea/CleanerImpl.java:140)
           at java.lang.Thread.run(java.base@16-ea/Thread.java:831)
           at jdk.internal.misc.InnocuousThread.run(java.base@16-ea/InnocuousThread.java:134)
   
   "Catalina-utility-1" #15 prio=1 os_prio=0 cpu=22.45ms elapsed=412.77s tid=0x0000ffff80697560 nid=0x2c1151 waiting on condition  [0x0000ffff127fd000]
      java.lang.Thread.State: WAITING (parking)
           at jdk.internal.misc.Unsafe.park(java.base@16-ea/Native Method)
           - parking to wait for  <0x00000007149aaa60> (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
           at java.util.concurrent.locks.LockSupport.park(java.base@16-ea/LockSupport.java:341)
           at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionNode.block(java.base@16-ea/AbstractQueuedSynchronizer.java:505)
           at java.util.concurrent.ForkJoinPool.managedBlock(java.base@16-ea/ForkJoinPool.java:3137)
           at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(java.base@16-ea/AbstractQueuedSynchronizer.java:1614)
           at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(java.base@16-ea/ScheduledThreadPoolExecutor.java:1177)
           at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(java.base@16-ea/ScheduledThreadPoolExecutor.java:899)
           at java.util.concurrent.ThreadPoolExecutor.getTask(java.base@16-ea/ThreadPoolExecutor.java:1056)
           at java.util.concurrent.ThreadPoolExecutor.runWorker(java.base@16-ea/ThreadPoolExecutor.java:1116)
           at java.util.concurrent.ThreadPoolExecutor$Worker.run(java.base@16-ea/ThreadPoolExecutor.java:630)
           at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
           at java.lang.Thread.run(java.base@16-ea/Thread.java:831)
   
   
   "Catalina-utility-2" #16 prio=1 os_prio=0 cpu=22.19ms elapsed=412.77s tid=0x0000fffef8001100 nid=0x2c1152 waiting on condition  [0x0000ffff125fd000]
      java.lang.Thread.State: WAITING (parking)
           at jdk.internal.misc.Unsafe.park(java.base@16-ea/Native Method)
           - parking to wait for  <0x00000007149aaa60> (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
           at java.util.concurrent.locks.LockSupport.park(java.base@16-ea/LockSupport.java:341)
           at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionNode.block(java.base@16-ea/AbstractQueuedSynchronizer.java:505)
           at java.util.concurrent.ForkJoinPool.managedBlock(java.base@16-ea/ForkJoinPool.java:3137)
           at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(java.base@16-ea/AbstractQueuedSynchronizer.java:1614)
           at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(java.base@16-ea/ScheduledThreadPoolExecutor.java:1170)
           at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(java.base@16-ea/ScheduledThreadPoolExecutor.java:899)
           at java.util.concurrent.ThreadPoolExecutor.getTask(java.base@16-ea/ThreadPoolExecutor.java:1056)
           at java.util.concurrent.ThreadPoolExecutor.runWorker(java.base@16-ea/ThreadPoolExecutor.java:1116)
           at java.util.concurrent.ThreadPoolExecutor$Worker.run(java.base@16-ea/ThreadPoolExecutor.java:630)
           at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
           at java.lang.Thread.run(java.base@16-ea/Thread.java:831)
   
   "https-openssl-apr-/tmp/tomcat-uds.sock-Acceptor" #28 daemon prio=5 os_prio=0 cpu=0.24ms elapsed=412.76s tid=0x0000ffff806e3050 nid=0x2c115e runnable  [0x0000ffff10dfe000]
      java.lang.Thread.State: RUNNABLE
           at org.apache.tomcat.jni.Socket.accept(Native Method)
           at org.apache.tomcat.util.net.AprEndpoint.serverSocketAccept(AprEndpoint.java:729)
           at org.apache.tomcat.util.net.AprEndpoint.serverSocketAccept(AprEndpoint.java:82)
           at org.apache.tomcat.util.net.Acceptor.run(Acceptor.java:106)
           at java.lang.Thread.run(java.base@16-ea/Thread.java:831)
   
   "DestroyJavaVM" #30 prio=5 os_prio=0 cpu=1003.31ms elapsed=169.91s tid=0x0000ffff800248b0 nid=0x2c1138 waiting on condition  [0x0000000000000000]
      java.lang.Thread.State: RUNNABLE
   
   "VM Thread" os_prio=0 cpu=8.42ms elapsed=413.76s tid=0x0000ffff801c2f70 nid=0x2c113e runnable  
   
   "GC Thread#0" os_prio=0 cpu=5.94ms elapsed=413.78s tid=0x0000ffff80073930 nid=0x2c1139 runnable  
   
   "GC Thread#1" os_prio=0 cpu=4.91ms elapsed=412.94s tid=0x0000ffff48004f60 nid=0x2c114c runnable  
   
   "GC Thread#2" os_prio=0 cpu=4.92ms elapsed=412.94s tid=0x0000ffff48005af0 nid=0x2c114d runnable  
   
   "GC Thread#3" os_prio=0 cpu=4.90ms elapsed=412.94s tid=0x0000ffff48006680 nid=0x2c114e runnable  
   
   "GC Thread#4" os_prio=0 cpu=4.87ms elapsed=412.94s tid=0x0000ffff48007210 nid=0x2c114f runnable  
   
   "GC Thread#5" os_prio=0 cpu=4.88ms elapsed=412.94s tid=0x0000ffff48007da0 nid=0x2c1150 runnable  
   
   "G1 Main Marker" os_prio=0 cpu=0.11ms elapsed=413.78s tid=0x0000ffff800848c0 nid=0x2c113a runnable  
   
   "G1 Conc#0" os_prio=0 cpu=0.06ms elapsed=413.78s tid=0x0000ffff80085950 nid=0x2c113b runnable  
   
   "G1 Refine#0" os_prio=0 cpu=0.08ms elapsed=413.78s tid=0x0000ffff8013ac50 nid=0x2c113c runnable  
   
   "G1 Service" os_prio=0 cpu=15.07ms elapsed=413.78s tid=0x0000ffff8013bc70 nid=0x2c113d runnable  
   
   "VM Periodic Task Thread" os_prio=0 cpu=45.58ms elapsed=413.72s tid=0x0000ffff80299160 nid=0x2c1148 waiting on condition  
   
   JNI global refs: 27, weak refs: 0
   
   Heap                                              
    garbage-first heap   total 256000K, used 17190K [0x0000000706600000, 0x0000000800000000)
     region size 2048K, 9 young (18432K), 2 survivors (4096K)
    Metaspace       used 19940K, committed 20160K, reserved 1073152K
     class space    used 1918K, committed 2048K, reserved 1048576K
   
   
   ```
   
   The application I use to test it could be found at https://github.com/martin-g/http2-server-perf-tests/blob/feature/jakartaee-9/java/tomcat/src/main/java/info/mgsolutions/tomcat/TomcatEmbedded.java


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] martin-g commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

martin-g commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-743160059


   In my test application TLS is configured but it is not used/needed by UDS so HTTP2 does not work:
   
   ```
   $ curl --http2 --unix-socket /tmp/tomcat-uds.sock http://localhost/testbed/plaintext
   curl: (56) Recv failure: Connection reset by peer
   $ ubuntu@martin-arm64 /tmp [56]> curl --unix-socket /tmp/tomcat-uds.sock http://localhost/testbed/plaintext
   curl: (56) Recv failure: Connection reset by peer
   ```
   
   If I use `h2c` then all is fine:
   
   `INFO: The ["http-apr-/tmp/tomcat-uds.sock"] connector has been configured to support HTTP upgrade to [h2c]`
   
   ```
   $ curl --unix-socket /tmp/tomcat-uds.sock http://localhost/testbed/plaintext
   Hello world!⏎    
   ```  
   I think it would be good to document this.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] martin-g commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

martin-g commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-743166815


   Load tested it with Vegeta:
   
   ```
   $ echo "GET http://localhost/testbed/plaintext" | vegeta attack -unix-socket /tmp/tomcat-uds.sock -rate 0 -max-workers 128 -duration 30s | vegeta encode | vegeta report --type json | jq .
   {
     "latencies": {
       "total": 2849931195122,
       "mean": 2189702,
       "50th": 1623066,
       "90th": 4702159,
       "95th": 5418223,
       "99th": 7096980,
       "max": 69859908,
       "min": 56120
     },
     "bytes_in": {
       "total": 15618180,
       "mean": 12
     },
     "bytes_out": {
       "total": 0,
       "mean": 0
     },
     "earliest": "2020-12-11T12:27:16.43339275Z",
     "latest": "2020-12-11T12:27:46.433339493Z",
     "end": "2020-12-11T12:27:46.436590425Z",
     "duration": 29999946743,
     "wait": 3250932,
     "requests": 1301515,
     "rate": 43383.910349897116,
     "throughput": 43379.20957953359,
     "success": 1,
     "status_codes": {
       "200": 1301515
     },
     "errors": []
   }
   ```
   
   Throughput: **43379**. Not bad at all!
   With TCP I was able to get 16654 on the same server, but with Tomcat 9.0.x and vegeta was executed on another machine.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] martin-g commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

martin-g commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-743173688


   Here are the results for load testing APR protocol over TCP, both Tomcat and Vegeta running on the same machine:
   
   ```
   echo "GET http://localhost:8080/testbed/plaintext" | vegeta attack -rate 0 -max-workers 128 -duration 3
   0s | vegeta encode | vegeta report --type json | jq .
   {
     "latencies": {
       "total": 2993301754968,
       "mean": 2558679,
       "50th": 2097687,
       "90th": 5000518,
       "95th": 5898497,
       "99th": 8044202,
       "max": 151339083,
       "min": 71830
     },
     "bytes_in": {
       "total": 14038344,
       "mean": 12
     },
     "bytes_out": {
       "total": 0,
       "mean": 0
     },
     "earliest": "2020-12-11T12:45:29.355079583Z",
     "latest": "2020-12-11T12:45:59.355129897Z",
     "end": "2020-12-11T12:45:59.356131037Z",
     "duration": 30000050314,
     "wait": 1001140,
     "requests": 1169862,
     "rate": 38995.3345996245,
     "throughput": 38994.03331892302,
     "success": 1,
     "status_codes": {
       "200": 1169862
     },
     "errors": []
   }
   ```
   
   TCP: 38994
   UDS: 43379


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[GitHub] [tomcat] michael-o commented on pull request #382: Add support for unix domain sockets.

GitBox
In reply to this post by GitBox

michael-o commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-743337472


   @minfrin Could you kindly add a test case for this? I would like to finalize this and checkout @martin-g's comments.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

12345