Shulou(Shulou.com)06/01 Report--

The purpose of this article is to share with you what to do if Tomcat8 starts slowly on Linux. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Preface

Recently, I encountered a problem in my work. Under Linux, Tomcat 8 starts very slowly and there are no errors in the log. You can see the following information in the log:

Log4j: [2017-08-2715 resources/jdbc.properties 47 resources/jdbc.properties 11] INFO ReadProperty:172-Loading properties file from class path resource [resources/jdbc.properties] Log4j: [2017-08-2715 Loading properties file from class path resource 47 Loading properties file from class path resource 11] INFO ReadProperty:172-Loading properties file from class path resource [resources/common.properties] 27-Aug-2017 15 resources/jdbc.properties 53.587 INFO [localhost-startStop-1] org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [342445] milliseconds.

Reason

Both Tomcat 7 and 8 use the org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom class to generate an instance of the secure random class SecureRandom as the session ID, which takes 342 seconds, or nearly 6 minutes.

SHA1PRNG algorithm is a pseudorandom number generator based on SHA-1 algorithm with strong confidentiality.

In SHA1PRNG, there is a seed generator that performs various operations based on the configuration.

1) if the java.security.egd property or the securerandom.source property specifies "file:/dev/random" or "file:/dev/urandom", then JVM uses the local seed generator NativeSeedGenerator, which calls the super () method, that is, the SeedGenerator.URLSeedGenerator (/ dev/random) method for initialization.

2) if the java.security.egd property or the securerandom.source property specifies another existing URL, the SeedGenerator.URLSeedGenerator (url) method is called for initialization.

This is why we set the value to "file:///dev/urandom"" or the value to "file:/./dev/random" will work.

In this implementation, the generator evaluates the amount of noise in the entropy pool (entropy pool). Random numbers are created from the entropy pool. When reading, the / dev/random device returns only the random bytes of noise in the entropy pool. / dev/random is ideal for scenarios that require very high-quality randomness, such as one-time payments or key generation.

When the entropy pool is empty, read operations from / dev/random will be blocked until the entropy pool collects enough ambient noise data. The purpose of this is to become a password-secure pseudorandom number generator with an entropy pool with as much output as possible. Be sure to do this for scenarios that generate high-quality encryption keys or require long-term protection.

So what is ambient noise?

The random number generator will put the ambient noise data from device drivers and other sources into the entropy pool. The generator evaluates the amount of noise data in the entropy pool. When the entropy pool is empty, the collection of noise data takes time. This means that when Tomcat uses entropy pools in a production environment, it will be blocked for a long time.

Solve

There are two solutions:

1) solve in Tomcat environment

You can use a non-blocking Entropy Source by configuring JRE.

Add this line to the catalina.sh:-Djava.security.egd=file:/dev/./urandom.

After joining, start Tomcat again, and the whole startup time is reduced to Server startup in 2912 ms.

2) solve in JVM environment

Open the file $JAVA_PATH/jre/lib/security/java.security and find the following:

Securerandom.source=file:/dev/urandom

Replace with

Securerandom.source=file:/dev/./urandom

Thank you for reading! This is the end of the article on "how to start Tomcat8 very slowly under the Linux system". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.