Return-Path: 
 <users-return-195507-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 58321 invoked from network); 1 May 2009 17:08:20 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 1 May 2009 17:08:20 -0000
Received: (qmail 9282 invoked by uid 500); 1 May 2009 17:08:15 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 9242 invoked by uid 500); 1 May 2009 17:08:15 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 9231 invoked by uid 99); 1 May 2009 17:08:15 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 May 2009 17:08:15 +0000
X-ASF-Spam-Status: No, hits=1.2 required=10.0
	tests=SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [76.96.27.243] (HELO QMTA13.emeryville.ca.mail.comcast.net)
 (76.96.27.243)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 May 2009 17:08:06 +0000
Received: from OMTA11.emeryville.ca.mail.comcast.net ([76.96.30.36])
	by QMTA13.emeryville.ca.mail.comcast.net with comcast
	id mCN61b00A0mlR8UADH7mTL; Fri, 01 May 2009 17:07:47 +0000
Received: from [192.168.1.101] ([69.143.128.194])
	by OMTA11.emeryville.ca.mail.comcast.net with comcast
	id mH7k1b00M4BnRt98XH7liy; Fri, 01 May 2009 17:07:46 +0000
Message-ID: <49FB2C5E.7070901@christopherschultz.net>
Date: Fri, 01 May 2009 13:07:42 -0400
From: Christopher Schultz <chris@christopherschultz.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US;
 rv:1.9.1b3pre) Gecko/20090223 Thunderbird/3.0b2
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
CC: p@pidster.com
Subject: Re: Tomcat 5.5.23 stops listening to requests on SSL port
References: <112272.27834.qm@web27202.mail.ukl.yahoo.com>
 <49F9CADD.1070900@pidster.com> <777046.31917.qm@web27203.mail.ukl.yahoo.com>
In-Reply-To: <777046.31917.qm@web27203.mail.ukl.yahoo.com>
X-Enigmail-Version: 0.96a
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rahman,

On 5/1/2009 9:24 AM, Rahman Akhlaqur wrote:
> The SSL is terminated at the load balancers, so the request is then a
> http request on port 8443 to our apache webserver (we use this to
> resolve multiple hostnames to just a few virtual hosts) which then
> just proxys the http request to Tomcat. At which point we want the
> request to be passed on to the content server as a secure request on
> port 443 - to match content hosts set up on port 443. It seems to
> work okay as the reverse path is fine, from the content server back
> to the end user.

This sounds fishy. You terminate SSL at your lb, so there's no SSL
anymore, right? Tomcat is listening on 8443 (as per your <Connector>
configuration) so how can your lb send the request to Apache httpd on
port 8443? Maybe you just reversed the ports in your post. It sounds
like you are doing this:

client [HTTPS] -> lb:443 [HTTP] -> httpd (port?) -> Tomcat:8443

(If you are expecting a previously-encrypted connection coming to
Tomcat, why not set secure="true" in your <Connector>?)

> There is nothing in the Tomcat logs, the request is not even logged
> in the localhost access log - this points to Tomcat not even
> listening properly on port 8443. The other port (8080) is working
> okay though.

Have you taken a thread dump to see what is happening?

Since you are running 3 connectors, you might want to use a shared
"executor" to manage threads, though the result with no further changes
will be that /all/ threads will likely be tied-up, rather than only
those servicing port 8443.

I highly recommend a thread dump to see what all your threads are doing.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkn7LF4ACgkQ9CaO5/Lv0PCG5ACfcuG/xvslTxhXzvfp25inr/at
InMAoKOvUg5QSxowVKUhwBxk8kSft96z
=VMmX
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org