tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid...@pidster.com>
Subject Re: Tomcat 5.5.23 stops listening to requests on SSL port
Date Fri, 01 May 2009 14:13:17 GMT
Also, can you upgrade to the latest version of Tomcat (5.5.27) and
Apache HTTPD?

p



Pid wrote:
> Do not reply to all. Just to the list please.
> 
> OK. So you're doing the following:
> 
>  ssl-> LB:8443 http-> HTTPD:8443 http-> Tomcat:8443 https?-> ContentSrv
> 
> What are the content servers, virtual hosts in Tomcat?
> Or do you have some kind of proxy application running inside Tomcat?
> 
> If you are *not* using the http connector on 8080, comment it and the
> AJP one out of your config please.
> 
> 
> Rahman Akhlaqur wrote:
>> Hi P
>>
>> The SSL is terminated at the load balancers, so the request is then a http request
on port 8443 to our apache webserver (we use this to resolve multiple hostnames to just a
few virtual hosts) which then just proxys the http request to Tomcat. At which point we want
the request to be passed on to the content server as a secure request on port 443 - to match
content hosts set up on port 443. It seems to work okay as the reverse path is fine, from
the content server back to the end user.
>>
>> There is nothing in the Tomcat logs, the request is not even logged in the localhost
access log - this points to Tomcat not even listening properly on port 8443. The other port
(8080) is working okay though.
> 
> If there's nothing in the Tomcat logs, how do you know that the request
> is being sent at all?
> 
> What method are you using to connect HTTPD to Tomcat? mod_jk or
> mod_proxy (or something else)?
> 
> Can you enable logs and a status worker to check on what happens when
> the connection dies?
> 
> 
> p
> 
> 
> 
> 
> 
>> ----- Original Message ----
>> From: Pid <p@pidster.com>
>> To: Tomcat Users List <users@tomcat.apache.org>
>> Sent: Thursday, 30 April, 2009 16:59:25
>> Subject: Re: Tomcat 5.5.23 stops listening to requests on SSL port
>>
>> Rahman Akhlaqur wrote:
>>> Hi 
>>>   
>>> I am having an issue with my Tomcat server not responding on the SSL port. I
reported this as a possible bug but this was rejected as a config issue. More info as below:
>>>   
>>> The Tomcat connector is configured as below
>>>
>>> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector
>>> port="8080" maxHttpHeaderSize="8192" maxThreads="350" minSpareThreads="25"
>>> maxSpareThreads="75" enableLookups="false" redirectPort="8443"
>>> acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />
>>>
>>> <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <Connector port="8443"
>>> maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
>>> maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true"
>>> connectionTimeout="20000" acceptCount="100" scheme="https" secure="false"
>>> proxyPort="443"/>
>>>
>>> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009"
>>> enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
>>>
>>> The issue is that Tomcat stops listening on port 8443 after a while of running.
>>> This means no HTML is returned to end users browsers.
>>>
>>> I know this as I am getting a HTTP error code 502 from the apache 2.2.4
>>> webserver that is proxying the request to Tomcat.
>>>
>>> The setup I have is that SSL is terminated at a load balancer and forwards the
>>> request to port 8443 to apache, which then proxy passes the request to Tomcat
>>> to port 8443 and then Tomcat passes this request to the content server on port
>>> 443 (as this is a secure request).
>> So you're sending SSL at each stage via 2 proxies?
>>
>> ssl-> LB:8443 ssl-> HTTPD:8443 ssl-> Tomcat:8443 ssl-> ContentSrv
>>
>>
>>> One theory is that end users are abruptly terminating their session with Tomcat
>>> (by cancelling their secure requests or closing their browsers) and Tomcat is
>>> not closing the thread when this happens. Therefore running out of threads. I
>>> am not sure about this and need some way to prove it.
>> What do the Tomcat logs say when this occurs?
>>
>> p
>>
>>> Akik Rahman
>>>
>>>
>>>       
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>       
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message