====== Tomcat ======
* [[java:tomcat:log|Tomcat Log]]
* [[http://java-monitor.com/forum/showthread.php?t=1288|Zero-downtime Deployment (and Rollback) in Tomcat; a walkthrough and a checklist]]
* [[http://whiteship.me/?p=13548|Tomcat SSL 인증서 설치]]
* Tomcat Session Clustering 후 Listener Event 전파 : [[http://tomcat.apache.org/tomcat-6.0-doc/config/cluster-manager.html|The ClusterManager object]] 에서 **notifyListenersOnReplication** 참조
* [[http://code.google.com/p/memcached-session-manager/|memcached-session-manager - Tomcat high-availability clusters with memcached]]
* [[http://java.dzone.com/articles/forcing-tomcat-log-through|Forcing Tomcat to log through SLF4J/Logback]]
* [[http://bcho.tistory.com/720|Apache Tomcat Tuning]]
* [[http://code.google.com/p/psi-probe/|PSI-Probe]] Tomcat manager를 대체할 수 있는 툴.
* [[http://www.javacodegeeks.com/2012/11/standalone-web-application-with-executable-tomcat.html|Standalone web application with executable Tomcat]]
* [[http://examples.javacodegeeks.com/enterprise-java/tomcat/tomcat-server-xml-configuration-example/|Tomcat server.xml Configuration Example]]
* [[http://javarevisited.blogspot.kr/2013/07/how-to-configure-https-ssl-in-tomcat-6-7-web-server-java.html|How to Configure HTTPS (SSL) in Tomcat 6 and 7 Java Web Server]]
* [[https://examples.javacodegeeks.com/enterprise-java/tomcat/apache-tomcat-connector-example/|Apache Tomcat Connector Example - mod_jk]]
* [[https://examples.javacodegeeks.com/enterprise-java/tomcat/apache-tomcat-hardening-tutorial/|Apache Tomcat Hardening Tutorial | Examples Java Code Geeks - 2016]]
* [[http://tomcat.apache.org/presentations.html|Apache Tomcat® - Presentations]]
===== 다중 도메인 Session =====
* 다중 서브 도메인에 대해서 Session 쿠키를 설정해야할 필요가 있을 때가 있다. (a.example.com, b.example.com, ...)
* 6.0.xx 최신에서는 server.xml 혹은 context.xml 등의 Context 설정을 변경한다. [[http://tomcat.apache.org/tomcat-6.0-doc/config/context.html|Tomcat Config Context]] 참조.
...
* 구버전에서는 Valve를 사용한다. [[http://tomcat.10.n6.nabble.com/Share-session-cookie-across-subdomains-td2095108.html|참조]]
* **sessionCookieDomain**, **sessionCookiePath**, **sessionCookieName** 등을 지정하여 쿠키의 경로, 이름등을 변경할 수 있다.
===== catalina.sh =====
* 주요 환경변수
* ''CATALINA_HOME''
* ''CATALINA_BASE''
* ''CATALINA_OUT'' : 기본 ''$CATALINA_BASE/logs/catalina.out''
* ''CATALINA_OPTS'' : 톰캣 실행시 JVM 옵션
* ''CATALINA_TMPDIR'' : ''java.io.tmpdir''값 변경. 기본 ''$CATALINA_BASE/temp''
* ''JAVA_OPTS''
* ''CATALINA_PID'' : *nix에서 프로세스 강제 종료시 사용할 PID 값을 저장하는 파일 지정 ''-force'' 옵션 사용시 필수
* 명령행 인자
* ''run'' : 현재 창에서 톰캣 실행
* ''start'' : 새 창(혹은 백그라운드)에서 톰캣 실행
* ''stop n -force'' : 톰캣을 종료하고 n초 기다렸다가 프로세스가 살아있으면 ''$CATALINA_PID'' 정보 기준으로 프로세스 KILL
===== Session Clustering =====
* [[http://www.ramkitech.com/search/label/tomcat%20clustering|Tomcat Clustering Series]]
===== Tomcat 6.0.10 이상부터 / \ 이상 동작 =====
* http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10
Important: Directory traversal CVE-2007-0450
Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is used behind a proxy (including, but not limited to, Apache HTTP server with mod_proxy and mod_jk)
configured to only proxy some contexts, a HTTP request containing strings like "/\../" may allow attackers to work around the context restriction of the proxy,
and access the non-proxied contexts.
The following Java system properties have been added to Tomcat to provide additional control of the handling of path delimiters in URLs (both options default to false):
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH: true|false
org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH: true|false
Due to the impossibility to guarantee that all URLs are handled by Tomcat as they are in proxy servers,
Tomcat should always be secured as if no proxy restricting context access was used.
===== UTF-8 Charset/Encoding =====
* [[http://www.baeldung.com/tomcat-utf-8|Making Tomcat UTF-8-Ready]]
* ''server.xml'' Connector에 ''URIEncodign="UTF-8"'' 지정
* Spring 사용시 ''org.springframework.web.filter.CharacterEncodingFilter''로 필터 적용
===== Tomcat 7.0.54 ClassLoader memory leak =====
* [[https://bz.apache.org/bugzilla/show_bug.cgi?id=57173|Bug 57173 – EOFException during annotation scanning]]
* Tomcat 7.0.54 버전의 클래스로더가 일부 jar 를 로딩하는동안 Annotation 분석하다가 ''EOFException''과 Memory Leak 일 발생한다.
SEVERE: Unable to process Jar entry [com/ctc/wstx/api/ReaderConfig.class] from Jar [jar:jndi:/localhost/ssms-gui/WEB-INF/lib/woodstox-core-asl-4.1.2.jar!/] for annotations
java.io.EOFException
* 특히 MyBatis 3.4.0 버전에서 발생하였으며, Tomcat을 버전업하면 해결된다.
===== RemoteIPValve =====
* [[https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html|RemoteIpValve]] 프록시를 제거한 원본 요청 Remote IP 를 ''HttpServletRequest.remoteAddr''로 남겨주는 value
* ''server.xml''
* nginx
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
* [[springframework:springboot|SpringBoot]] 사용시에는 다음 프라퍼티 설정이 있으면 ''RemoteIpValue''가 자동 활성화된다.
server.tomcat.remote_ip_header=x-forwarded-for
* [[springframework:springboot|SpringBoot]] 사용시에는 다음 프라퍼티 설정이 있어야 redirect 시에 protocol을 올바로 판단할 수 있다.
server.tomcat.protocol_header=x-forwarded-proto
===== Realm =====
* [[https://dzone.com/articles/how-to-implement-a-new-realm-in-tomcat|How to Implement a New Realm in Tomcat ]]
===== Slf4j & Logback =====
* [[https://github.com/tomcat-slf4j-logback/tomcat-slf4j-logback|Tomcat Slf4j Logback]]