JVM Configuration

As of Liferay DXP 2024.Q3+/Portal 7.4 GA125+, Liferay DXP/Portal requires a Java JDK 17 or 21 (prior versions support JDKs 8 and 11) with specific JVM option settings. There are also recommended settings specific to JDK 11, 17, and 21, and recommended baseline memory settings. These settings are describe here and demonstrated in an example Tomcat script.

Note
TypeSetting/DefaultRequiredDescription
File Encoding-Dfile.encoding=UTF8YesDXP requires UTF-8 file encoding to support internationalization.
Timezone-Duser.timezone=GMTYesDXP uses the GMT timezone for all dates.
Heap Size-Xms2560m -Xmx2560mNoThe default minimum and maximum size can be adjusted to suit your needs, but you should set the same minimum (-Xms) and maximum (-Xmx) size to prevent the JVM from making dynamic adjustments.
Log4j-Dlog4j2.formatMsgNoLookups=trueYes*Log4j versions before 2.15.0 are subject to a remote code execution (RCE) vulnerability via the LDAP JNDI parser. See LPS-143663 for details. *Liferay DXP 7.4 GA1 and Liferay PORTAL 7.4 GA1 - GA3 require this setting to resolve the security vulnerability.

The Liferay installation articles for supported application servers explain where to apply these settings. Here are the article links:

Known Issue: Illegal Access Warnings

On JDK 11, 17, or 21, Illegal Access warnings like these may print to your logs if you’re installing Liferay manually on your application server:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.liferay.petra.reflect.ReflectionUtil (file:/Users/malei/dev/project/bundles/master-bundles/tomcat-9.0.10/lib/ext/com.liferay.petra.reflect.jar) to field java.lang.reflect.Field.modifiers
WARNING: Please consider reporting this to the maintainers of com.liferay.petra.reflect.ReflectionUtil
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

These warnings are caused by a known issue (LPS-87421) and can be resolved by adding these JVM options:

--add-opens=java.base/java.lang=ALL-UNNAMED
--add-opens=java.base/java.lang.invoke=ALL-UNNAMED
--add-opens=java.base/java.lang.reflect=ALL-UNNAMED
--add-opens=java.base/java.net=ALL-UNNAMED
--add-opens=java.base/sun.net.www.protocol.http=ALL-UNNAMED
--add-opens=java.base/sun.util.calendar=ALL-UNNAMED
--add-opens=jdk.zipfs/jdk.nio.zipfs=ALL-UNNAMED

Example Tomcat Script

Here is a Tomcat setenv.sh script that demonstrates some of the JVM options mentioned above:

CATALINA_OPTS="$CATALINA_OPTS -Dfile.encoding=UTF-8 -Djava.net.preferIPv4Stack=true -Duser.timezone=GMT -Xms2560m -Xmx2560m -XX:MaxNewSize=1536m -XX:MaxMetaspaceSize=768m -XX:MetaspaceSize=768m -XX:NewSize=1536m -XX:SurvivorRatio=7"
CATALINA_OPTS="$CATALINA_OPTS --add-opens=java.base/java.io=ALL-UNNAMED"
CATALINA_OPTS="$CATALINA_OPTS --add-opens=java.base/java.lang.reflect=ALL-UNNAMED"

Note that Liferay supports many application servers, and all of them can be configured with the JVM options of your choosing.

Capabilities

Product

Contact Us

Connect

Powered by Liferay
© 2024 Liferay Inc. All Rights Reserved • Privacy Policy