tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid...@pidster.com>
Subject Re: Tomcat 5.5.23 stops listening to requests on SSL port
Date Fri, 01 May 2009 14:07:39 GMT
Do not reply to all. Just to the list please.

OK. So you're doing the following:

 ssl-> LB:8443 http-> HTTPD:8443 http-> Tomcat:8443 https?-> ContentSrv

What are the content servers, virtual hosts in Tomcat?
Or do you have some kind of proxy application running inside Tomcat?

If you are *not* using the http connector on 8080, comment it and the
AJP one out of your config please.


Rahman Akhlaqur wrote:
> Hi P
> 
> The SSL is terminated at the load balancers, so the request is then a http request on
port 8443 to our apache webserver (we use this to resolve multiple hostnames to just a few
virtual hosts) which then just proxys the http request to Tomcat. At which point we want the
request to be passed on to the content server as a secure request on port 443 - to match content
hosts set up on port 443. It seems to work okay as the reverse path is fine, from the content
server back to the end user.
> 
> There is nothing in the Tomcat logs, the request is not even logged in the localhost
access log - this points to Tomcat not even listening properly on port 8443. The other port
(8080) is working okay though.

If there's nothing in the Tomcat logs, how do you know that the request
is being sent at all?

What method are you using to connect HTTPD to Tomcat? mod_jk or
mod_proxy (or something else)?

Can you enable logs and a status worker to check on what happens when
the connection dies?


p





> ----- Original Message ----
> From: Pid <p@pidster.com>
> To: Tomcat Users List <users@tomcat.apache.org>
> Sent: Thursday, 30 April, 2009 16:59:25
> Subject: Re: Tomcat 5.5.23 stops listening to requests on SSL port
> 
> Rahman Akhlaqur wrote:
>> Hi 
>>   
>> I am having an issue with my Tomcat server not responding on the SSL port. I reported
this as a possible bug but this was rejected as a config issue. More info as below:
>>   
>> The Tomcat connector is configured as below
>>
>> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector
>> port="8080" maxHttpHeaderSize="8192" maxThreads="350" minSpareThreads="25"
>> maxSpareThreads="75" enableLookups="false" redirectPort="8443"
>> acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />
>>
>> <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <Connector port="8443"
>> maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
>> maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true"
>> connectionTimeout="20000" acceptCount="100" scheme="https" secure="false"
>> proxyPort="443"/>
>>
>> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009"
>> enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
>>
>> The issue is that Tomcat stops listening on port 8443 after a while of running.
>> This means no HTML is returned to end users browsers.
>>
>> I know this as I am getting a HTTP error code 502 from the apache 2.2.4
>> webserver that is proxying the request to Tomcat.
>>
>> The setup I have is that SSL is terminated at a load balancer and forwards the
>> request to port 8443 to apache, which then proxy passes the request to Tomcat
>> to port 8443 and then Tomcat passes this request to the content server on port
>> 443 (as this is a secure request).
> 
> So you're sending SSL at each stage via 2 proxies?
> 
> ssl-> LB:8443 ssl-> HTTPD:8443 ssl-> Tomcat:8443 ssl-> ContentSrv
> 
> 
>> One theory is that end users are abruptly terminating their session with Tomcat
>> (by cancelling their secure requests or closing their browsers) and Tomcat is
>> not closing the thread when this happens. Therefore running out of threads. I
>> am not sure about this and need some way to prove it.
> 
> What do the Tomcat logs say when this occurs?
> 
> p
> 
>> Akik Rahman
>>
>>
>>       
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
>       
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message