Tuning the JVM settings Tomcat

Naturally, the universal Java Virtual Machine (JVM) fine-tuning principles are applicable to Tomcat too. While the JVM tuning is a whole science of itself, there are some basic, good practices which anyone can easily apply:

  • The maximum heap size,Xmx, is the maximum memory Tomcat can use. It should be set to a value which leaves enough free memory for the Droplet itself to run and any other services you may have on the Droplet. For example, if your Droplet has 2 GB of RAM, then it might be safe to allocate 1GB of RAM to xmx. However, please bear in mind that the actual memory Tomcat uses will be a little bit higher than the size of Xmx.
  • The minimal heap size,Xms, is the amount of memory allocated at startup. It should be equal to the xmx value in most cases. Thus, you will avoid having the costly memory allocation process running because the size of the allocated memory will be constant all the time.
  • The memory where classes are stored permanently, MaxPermSize, should allow Tomcat to load your applications’ classes and leave spare memory from the Xmx value for the instantiation of these classes. If you are not sure how much memory your applications’ classes require, then you could set the MaxPermSize to half the size of Xmx as a start — 512 MB in our example.

On Ubuntu 14.04 you can customize Tomcat’s JVM options by editing the file /etc/default/tomcat7. So, to apply the above tips please open this file with your favorite editor:

  • sudo nano /etc/default/tomcat7

If you have followed Tomcat’s installation instructions from the prerequisites you should find the following line:

JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Xmx512m -XX:MaxPermSize=256m -XX:+UseConcMarkSweepGC"

Provided your Droplet has 2 GB of RAM and you want to allocate around 1 GB to Tomcat, this line should be changed to:

JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Xms1024m -Xmx1024m -XX:MaxPermSize=512m -XX:+UseConcMarkSweepGC"

For this setting to take effect, you have to restart Tomcat:

  • sudo service tomcat7 restart

The above JVM configuration is a good start, but you should monitor Tomcat’s log (/var/log/tomcat7/catalina.out) for problems, especially after restarting Tomcat or doing deployments. To monitor the log use the tail command like this:

  • sudo tail -f /var/log/tomcat7/catalina.out

If you are new to tail, you have to press the key combination Ctrl-C on your keyboard to stop tailing the log.

Search for errors like OutOfMemoryError. Such an error would indicate that you have to adapt the JVM settings and more specifically increase the Xmx size.


That’s it! Now you have secured and optimized Tomcat in just a few easy-to-follow steps. These basic optimizations are recommended, not only for production, but even for test and development environments which are exposed to the Internet.


Dokumentasi Project

Warning: sebagai catatan pribadi, berpedoman dari tulisan Pak Endy Muhardin

1. Fase Planning

  • scope pekerjaan
  • estimasi durasi
  • requirement khusus (misalnya performance requirement, integrasi dengan aplikasi lain, dsb)
  • nilai project
  • termin pembayaran

2. Fase Requirement

  • User Goal : tujuan yang ingin dicapai client dalam menggunakan fitur ini
  • Ijin Akses : security level untuk menjalankan fitur ini
  • Penjelasan : deskripsi naratif tentang fitur ini
  • Flow aplikasi : langkah-langkah untuk menjalankan fitur ini
  • Desain screen : screenshot prototype atau scan paper prototype
  • Rincian field : penjelasan masing-masing komponen dalam desain screen
  • Prasyarat : hal-hal yang harus terjadi/ada sebelum fitur ini bisa dijalankan
  • Kondisi awal : kondisi aplikasi (data, screen, dsb) sebelum fitur dijalankan
  • Kondisi akhir : kondisi aplikasi setelah fitur selesai dijalankan
  • Karakteristik khusus : kebutuhan khusus seperti response time, usability, dsb
  • Flow pengetesan : bagaimana cara mengetes fitur ini
  • Sign Off : persetujuan user bahwa deskripsi dalam fitur ini sudah sesuai keinginan

3. Fase Desain

  • skema database
  • interkoneksi antar modul
  • protokol komunikasi
  • format data

4. Fase Coding

Pada fase ini, kita menghasilkan source code dan user manual.

5. Fase UAT

Pada fase ini, kita membuat dua dokumen, yaitu hasil pengetesan sesuai skenario di User Story dan Berita Acara UAT. Biasanya (tapi tidak selalu), berita acara dan hasil pengetesan digunakan sebagai lampiran penagihan.

6. Fase Implementasi

Resize PDF File Ubuntu via terminal

Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a  PDF file from 6 MB to approximately 1 MB:

gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf

You can also use the following parameters for -dPDFSETTINGS instead of /screen:

  • /screen – Lowest quality, lowest size
  • /ebook – Moderate quality
  • /printer – Good quality
  • /prepress – Best quality, highest size

Access IOS Device with Ubuntu

As a workaround, you can mount your iOS device with ifuse.

sudo apt install ifuse

Now connect your device and make sure it is paired with your computer.

idevicepair validate

If you get a SUCCESS message, you are good, if not run idevicepair pair. Now you can use ifuse to mount your iOS images folder:

mkdir ~/pics && ifuse ~/pics

The images are now available in your $HOME folder under pics. Ready to be synced with Shotwell. To unmount the folder, use fusermount:

fusermount -u ~/pics && rmdir ~/pics

Note: in this example I create a pics folder and remove it afterwards. If you already have a folder named like this, choose a different name.

Using Docker Without Sudo

Create new group if it does not exist. This command will likely fail as group maybe already exist, but let’s run it anyways.

sudo groupadd docker

Next we need to add current user to the group.

sudo gpasswd -a $USER docker

If you don’t want to add currently logged in user, but instead some other, you change $USER for the username of that user. Note that user must be allowed to use sudo.

Lastly we need to reload shell in order to have new group settings applied. For this you can reboot or you can log out and log back in, but both are nuke approaches when you actually want something more subtle so lets instead do this command

newgrp docker

Now we are ready to run docker test program without sudo

docker run hello-world

Remote Connections Mysql Ubuntu

To expose MySQL to anything other than localhost you will have to have the following line

For mysql version 5.6 and below

uncommented in /etc/mysql/my.cnf and assigned to your computers IP address and not loopback

For mysql version 5.7 and above

uncommented in /etc/mysql/mysql.conf.d/mysqld.cnf and assigned to your computers IP address and not loopback

#Replace xxx with your IP Address
bind-address = xxx.xxx.xxx.xxx

Or add a bind-address = if you don’t want to specify the IP

Then stop and restart MySQL with the new my.cnf entry. Once running go to the terminal and enter the following command.

lsof -i -P | grep :3306

That should come back something like this with your actual IP in the xxx’s

mysqld 1046 mysql 10u IPv4 5203 0t0 TCP xxx.xxx.xxx.xxx:3306 (LISTEN)

If the above statement returns correctly you will then be able to accept remote users. However for a remote user to connect with the correct priveleges you need to have that user created in both the localhost and ‘%’ as in.

CREATE USER ‘myuser’@’localhost’ IDENTIFIED BY ‘mypass’;
CREATE USER ‘myuser’@’%’ IDENTIFIED BY ‘mypass’;


GRANT ALL ON *.* TO ‘myuser’@’localhost’;
GRANT ALL ON *.* TO ‘myuser’@’%’;

and finally,