Quickly solve the problem of slow Tomcat startup, super simple

Today I helped a classmate solve a problem - Tomcat started very slowly, about five or six minutes. Once that's resolved, it only takes 3 seconds to boot up.

How to solve the problem?

Find catalina.sh in the bin directory of Tomcat, open it, and add a line of code in the following location:

-Djava.security.egd=file:/dev/urandom

Supplement on February 12, 2019: Many friends want to know the principle, so I will briefly explain it.

Tomcat 7 and Tomcat 8 call org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom to generate a string of secure random numbers when they start.

In the Linux (CentOS) environment, random numbers can be generated from two special files, one is /dev/urandom and the other is /dev/random.

The principle of generating random numbers is to use the entropy pool of the current system to calculate a fixed number of random bits, and then return these bits as a byte stream. The entropy pool is the environmental noise of the current system. Entropy refers to the degree of chaos in a system. System noise can be evaluated by many parameters, such as memory usage, file usage, number of different types of processes, etc.

/dev/random will block the program when it cannot generate new random numbers, and will not return until new random bytes are generated according to the entropy pool; /dev/urandom will not (ublock), and of course, the random numbers it generates are not very good.

So we force Tomcat to use /dev/urandom instead of /dev/random to generate random numbers, and the speed will be greatly improved - from several minutes to only a few seconds.

Additional knowledge: Solution to Tomcat startup is very slow and there are no errors in the log

1. Problem

Once when I deployed the project to Alibaba Cloud, there was no problem with the project. However, when I started Tomcat, it took half a day to respond and complete the Tomcat startup process.

Tomcat starts very slowly and there are no errors in the log. The following information is found in the log:

Log4j:[2015-10-29 15:47:11] INFO ReadProperty:172 - Loading properties file from class path resource [resources/jdbc.properties]

Log4j:[2015-10-29 15:47:11] INFO ReadProperty:172 - Loading properties file from class path resource [resources/common.properties]

29-Oct-2015 15:52:53.587 INFO [localhost-startStop-1] org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of SecureRandom instance for sessionIdGeneratorBase.createSecureRandom

2. Reasons

Tomcat 7/8 both use the org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom class to generate an instance of the secure random class SecureRandom as the session ID, which takes 342 seconds, or nearly 6 minutes. The SHA1PRNG algorithm is a pseudo-random number generator based on the SHA-1 algorithm with strong confidentiality. In SHA1PRNG, there is a seed generator which performs various operations depending on the configuration.

1) If the java.security.egd property or the securerandom.source property specifies "file:/dev/random" or "file:/dev/urandom", the JVM uses the native seed generator NativeSeedGenerator, which calls the super() method, that is, the SeedGenerator.URLSeedGenerator(/dev/random) method for initialization.

2) If the java.security.egd property or the securerandom.source property specifies another existing URL, the SeedGenerator.URLSeedGenerator(url) method will be called for initialization.

This is why setting the value to "file:///dev/urandom" or "file:/./dev/random" will work.

In this implementation, the generator evaluates the amount of noise in the entropy pool. Random numbers are created from an entropy pool. When read, the /dev/random device will simply return random bytes from the noise in the entropy pool. /dev/random is well suited for scenarios that require very high-quality randomness, such as one-time payments or key generation.

When the entropy pool is empty, read operations from /dev/random will be blocked until the entropy pool has collected enough ambient noise data. The purpose of this is to be a cryptographically secure pseudo-random number generator, and the entropy pool should have as large an output as possible. This is important for generating high-quality encryption keys or for scenarios that require long-term protection.

3. Solution

There are two solutions:

1) Solved in TOMCAT environment

You can use a non-blocking Entropy Source by configuring the JRE.

Add this line to catalina.sh:

-Djava.security.egd=file:/dev/./urandom

That's it.

After adding it, when starting Tomcat, the entire startup time dropped to Server startup in 2912 ms.

2) Solve in JVM environment

Open the file $JAVA_PATH/jre/lib/security/java.security.

You can search it in vi command:

?securerandom.source

Find the following content:

securerandom.source=file:/dev/random

Then replace it with:

securerandom.source=file:/dev/./urandom

The above article is about how to quickly solve the problem of slow Tomcat startup. It is super simple and that is all the content that the editor shared with you. I hope it can give you a reference. I also hope that you will support 123WORDPRESS.COM.