HTTP Proxy with source IP on Tomcat

Run into a situation recently where proxying applications with nginx has masked the source IP - which normally is just annoying, but with Atlassian’s Crowd it’s more of a problem, this can be solved in later versions (Tomcat 6.0.32+) as follows: <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="proxy_IP_address" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" /> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access." suffix=".log" pattern="combined" resolveHosts="false" /> The following should be used within nginx to forward that data into tomcat.

jmx and firewalls

So at least with Java 1.6 the JVM can use SOCKS for proxying RMI requests, so to get the wonderful jvisualvm (think 1.5 visualGC) working use the following incantations. This requires the initial RMI registry port is open to the client. First the initial SSH to server enabling the SOCKS tunnel {% highlight bash %} $ ssh -D localhost:9696 servername {% endhighlight %} And now for jvisualvm: {% highlight bash %} $ jvisualvm -J-Dnetbeans.

searching java log files

So debugging java can be a mighty pain, a little few lines of ways to make it simpler. # grep -m 1 -n '^2010-06-30 14:20:' catalina.out 11746233:2010-06-30 14:20:01,011 DEBUG com.beginning.of.line # grep -m 1 -n '^2010-06-30 14:21:' catalina.out 11747788:2010-06-30 14:21:00,161 WARN org.apache.commons.httpclient.HttpMethodBase - Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended # sed -n '11746233,11747788p' < catalina.out This gives start line and end line between any two greps and then the body of the log file from those two lines.

snow leopard and Java

So in a startling case of “Apple knows best” they have gone and removed the 1.5 JVM - I know it’s pretty old and people were complaining about not having a 1.6 JVM for a long time - but really! So the following post steps you through re-enabling the 1.5 VM and now semi-happy days

NON-FREE APT REPOSITORIES Install openssh package if not already installed # apt-get install openssh-server Add the following to /etc/apt/sources.list: deb unstable main non-free deb etch main contrib non-free # apt-get update Install Async IO library for Oracle # apt-get install libaio Install optional extras for converting the JVM to a .deb # apt-get install build-essential fakeroot java-package # download sun binary JDK Create the ”deb” package: