docker+tomcat Reasons for very slow startup JRE /dev/random block
docker+tomcat Very slow to start , It normally starts for tens of seconds , find docker+tomcat How many minutes does it take to start , it is beyond logic and above reason
The root cause is SecureRandom this jre The problem of tool class of . Then why SecureRandom generateSeed So slow , Even hanging on
Linux The operating system ?
Tomcat 7/8 All use
org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Class generates safe random class
SecureRandom As session ID.
SecureRandom generateSeed use /dev/random Seed generation . however /dev/random
It's a blocking digital generator , If it doesn't have enough random data to provide , It's waiting , This forces JVM
wait for . Keyboard and mouse input and disk activity can produce the required randomness or entropy . But there is a lack of such activity on one server , There may be problems .
Yes 2 Solutions ：
1. stay Tomcat Solution in environment ：
Can be configured by JRE Use non blocking Entropy Source：
stay catalina.sh Add such a line to it ：-Djava.security.egd=file:/dev/./urandom that will do .
2. stay JVM Solution in environment （ I use this method ）：
open jdk Installation path $JAVA_PATH/jre/lib/security/java.security This document , Find the following ：
replace with ：
Perfect solution to the problem
Why is it worth here dev and random Add a point between them ? Because of one JDK Of bug, Some people say that even if securerandom.source Set to
/dev/urandom It's still in use /dev/random, Someone has provided an alternative solution , One of the alternatives is to securerandom.source
Set to /dev/./urandom Only then . There are also comments that this is not bug, It's intentional .