tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Tomcat 5.5.23 stops listening to requests on SSL port
Date Fri, 01 May 2009 14:09:26 GMT
Rahman Akhlaqur wrote:
> Hi P
> 
> The SSL is terminated at the load balancers, so the request is then a http request on
port 8443 to our apache webserver (we use this to resolve multiple hostnames to just a few
virtual hosts) which then just proxys the http request to Tomcat. At which point we want the
request to be passed on to the content server as a secure request on port 443 - to match content
hosts set up on port 443. It seems to work okay as the reverse path is fine, from the content
server back to the end user.
> 
> There is nothing in the Tomcat logs, the request is not even logged in the localhost
access log - this points to Tomcat not even listening properly on port 8443. The other port
(8080) is working okay though.
> 

At the moment when this happens, what does "netstat -pan" show on the 
Tomcat host ?
(assuming you are under some kind of Unix/Linux)
(it may be useful to also do a "ps -ef" to see the relationship between 
process-id and programs)



> ----- Original Message ----
> From: Pid <p@pidster.com>
> To: Tomcat Users List <users@tomcat.apache.org>
> Sent: Thursday, 30 April, 2009 16:59:25
> Subject: Re: Tomcat 5.5.23 stops listening to requests on SSL port
> 
> Rahman Akhlaqur wrote:
>> Hi 
>>   
>> I am having an issue with my Tomcat server not responding on the SSL port. I reported
this as a possible bug but this was rejected as a config issue. More info as below:
>>   
>> The Tomcat connector is configured as below
>>
>> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector
>> port="8080" maxHttpHeaderSize="8192" maxThreads="350" minSpareThreads="25"
>> maxSpareThreads="75" enableLookups="false" redirectPort="8443"
>> acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />
>>
>> <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <Connector port="8443"
>> maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
>> maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true"
>> connectionTimeout="20000" acceptCount="100" scheme="https" secure="false"
>> proxyPort="443"/>
>>
>> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009"
>> enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
>>
>> The issue is that Tomcat stops listening on port 8443 after a while of running.
>> This means no HTML is returned to end users browsers.
>>
>> I know this as I am getting a HTTP error code 502 from the apache 2.2.4
>> webserver that is proxying the request to Tomcat.
>>
>> The setup I have is that SSL is terminated at a load balancer and forwards the
>> request to port 8443 to apache, which then proxy passes the request to Tomcat
>> to port 8443 and then Tomcat passes this request to the content server on port
>> 443 (as this is a secure request).
> 
> So you're sending SSL at each stage via 2 proxies?
> 
> ssl-> LB:8443 ssl-> HTTPD:8443 ssl-> Tomcat:8443 ssl-> ContentSrv
> 
> 
>> One theory is that end users are abruptly terminating their session with Tomcat
>> (by cancelling their secure requests or closing their browsers) and Tomcat is
>> not closing the thread when this happens. Therefore running out of threads. I
>> am not sure about this and need some way to prove it.
> 
> What do the Tomcat logs say when this occurs?
> 
> p
> 
>> Akik Rahman
>>
>>
>>       
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
>       
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message