tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rahman Akhlaqur <>
Subject Re: Tomcat 5.5.23 stops listening to requests on SSL port
Date Sat, 02 May 2009 10:18:22 GMT

Thanks for the suggestion of taking a thread dump... I think I have some instructions on how
to do this on a windows server.

The apache httpd server is on a different machine to Tomcat, thats how they can both listen
on port 8443.

----- Original Message ----
From: Christopher Schultz <>
To: Tomcat Users List <>
Sent: Friday, 1 May, 2009 18:07:42
Subject: Re: Tomcat 5.5.23 stops listening to requests on SSL port

Hash: SHA1


On 5/1/2009 9:24 AM, Rahman Akhlaqur wrote:
> The SSL is terminated at the load balancers, so the request is then a
> http request on port 8443 to our apache webserver (we use this to
> resolve multiple hostnames to just a few virtual hosts) which then
> just proxys the http request to Tomcat. At which point we want the
> request to be passed on to the content server as a secure request on
> port 443 - to match content hosts set up on port 443. It seems to
> work okay as the reverse path is fine, from the content server back
> to the end user.

This sounds fishy. You terminate SSL at your lb, so there's no SSL
anymore, right? Tomcat is listening on 8443 (as per your <Connector>
configuration) so how can your lb send the request to Apache httpd on
port 8443? Maybe you just reversed the ports in your post. It sounds
like you are doing this:

client [HTTPS] -> lb:443 [HTTP] -> httpd (port?) -> Tomcat:8443

(If you are expecting a previously-encrypted connection coming to
Tomcat, why not set secure="true" in your <Connector>?)

> There is nothing in the Tomcat logs, the request is not even logged
> in the localhost access log - this points to Tomcat not even
> listening properly on port 8443. The other port (8080) is working
> okay though.

Have you taken a thread dump to see what is happening?

Since you are running 3 connectors, you might want to use a shared
"executor" to manage threads, though the result with no further changes
will be that /all/ threads will likely be tied-up, rather than only
those servicing port 8443.

I highly recommend a thread dump to see what all your threads are doing.

- -chris
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message