tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Browsers suddenly start timing out when accessing port 80 of secure site
Date Tue, 24 Jun 2014 12:42:24 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Bruce,

On 6/23/14, 2:30 PM, Bruce Lombardi wrote:
> Moving the SSL port from 8443 to 443 has solved the problem. It 
> appears that when the url www.something.net is entered, Firefox 
> remembers that this is an SSL site and automatically add the "s"
> to get https. In fact after the timeout the url line in the
> browser shows https:www.something.net. Obviously, this is
> defaulting to the standard SSL port (443), which does not work if
> 8443 is used. Moving the port to 443 solved the problem.
> 
> If you read about setting up Tomcat, the default SSL port is 8443. 
> Maybe this is done for testing, but it never seems to be explained 
> that there might be problems with 8443.

I have never experienced the behavior you describe. Certain clients do
cache responses from servers, so it's possible that you had a bad setup
at some point that redirected :80 -> :443 and then Firefox wouldn't
forget that response and change to :8443.

The :8443 default configuration makes sense because :443 is often used
by web servers like Apache httpd, MS IIS, etc. and we don't want to a)
interfere with them or b) cause Tomcat to fail to start.

I don't believe there are any problems with using port 8443 for SSL.

- -chris

> -----Original Message----- From: Christopher Schultz 
> [mailto:chris@christopherschultz.net] Sent: Friday, June 20, 2014 
> 10:51 AM To: Tomcat Users List Subject: Re: Browsers suddenly
> start timing out when accessing port 80 of secure site
> 
> Jeffrey,
> 
> On 6/20/14, 10:24 AM, Jeffrey Janner wrote:
>>> -----Original Message----- From: Bruce Lombardi 
>>> [mailto:brlombar@gmail.com] Sent: Thursday, June 19, 2014
>>> 11:33 AM To: users@tomcat.apache.org Subject: Browsers suddenly
>>> start timing out when accessing port 80 of secure site
>>> 
>>> We have a Java application running on Tomcat 7.0.52 on an
>>> Amazon Web Services EC2 Windows 2008 R2 server. Tomcat is setup
>>> so that our application is the root application and is
>>> accessible from port 80. The application and Tomcat are
>>> configured with SSL so that whenever anyone types in the url
>>> for the site (e.g. www.something.net) Tomcat will switch into
>>> HTTPS and use port 8443.
>>> 
>>> This all works fine, but it seems that if for some reason a 
>>> browser times out when accessing the site, it will never
>>> connect to the site again, and any attempt to connect using 
>>> www.something.net will show that the connection has timed out.
>>>  Yet if you put in the port number (e.g.,
>>> www.something.net:8443) it comes up right away. We have seen
>>> this happen on both Chrome (Version 35.0.1916.153 m) and
>>> Firefox (Version 30.0).
>>> 
>>> On Chrome I was able to get the browser to connect to the site
>>> by going to Settings > Advanced > Clear Browser Data and
>>> clearing browser history, download history, cookies, and cached
>>> images and files. Once I did that the site came up immediately
>>> with www.something.net and switch to HTTPS as it is supposed to
>>> do.
>>> 
>>> On Firefox, I get the same thing. It will not connect unless I 
>>> add the port. I tried clearing cached web content, setting the 
>>> cache limit to zero, and clearing offline web content. None of 
>>> this worked. Re-installing Firefox did work.
>>> 
>>> It took me several months to encounter this problem. But other 
>>> users have encountered it right away (e.g., when setting up a
>>> new machine).
>>> 
>>> Using browser development tools and Tomcat logs, I was able to 
>>> see the following:
>>> 
>>> .         When working chrome send get to url. Tomcat responds
>>>  with HTTP 302 and redirects to the secure port. The Tomcat 
>>> localhost_access_log reflects these transmissions.
>>> 
>>> .         When not working, Firefox sends get to url, but no 
>>> response is returned. The Tomcat localhost_access_log is
>>> blank.
>>> 
>>> Can anyone shed any light on this? Is this a Tomcat issue or 
>>> something to do with the browsers? Is there anything I can
>>> look for in the logs that may help?
>>> 
>>> Bruce
> 
>> Sounds like a browser issue to me
> 
> +1
> 
> I've found that many browsers cache responses - including error 
> responses -- longer than one might expect. Try a complete 
> page-refresh using SHIFT-CTRL-R (or SHIFT-CMD-R), and if that
> doesn't work, clear all cache and possibly restart the browser if
> that doesn't work.
> 
>> , Bruce, unless you've got something else in your topology that 
>> could be causing the issue. Say a proxy, for instance? Also, are 
>> you sure on the subsequent attempts that your URL starts off
>> with http:// and not https://.  It's a pretty easy detail to
>> overlook.
> 
>> And on a just curious basis:  Why redirect to 8443 instead of the
>>  standard HTTPS port of 443? Then you wouldn't need the port
>> number in the URL.
> 
> +1
> 
> (And if you can't because you already have a web server running,
> try routing the Tomcat traffic through the web server.)
> 
> -chris
> 
> ---------------------------------------------------------------------
>
>
> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
>
>
> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTqXItAAoJEBzwKT+lPKRYQRcQAJYezlrd2gWD/00OVCGmUbUT
pxOHVwWJtIu7UhF9tuqDs3fsWzIXZRNMmwiislp59MAZmlgg2SgRh89SfZqRJQpm
xrO5gglvNWJgpl3IjwEd1wBFwJvJXY9BuPfKaBPx03pqICHtR7pNGvF+l0PtUVYB
pDvgbqqjsL6+3i0W0ah6lwgyFNeOwKX+Vy3nfvnlZaMqyySS550ZhLmJRfDp/vXo
MqPOmIyaiwOLEfoqNDRoNdUuHh9T8Gp+PHQJjQuCOZASHasEM0bg5g0u19sNl5uv
woTJShw4YzRvojGWl2ogP4j69AuP9tLY/05gOPz7nzAztVht1/zrZjYTFIDETb9M
WvE9Ywl+R4C/OFO+quTuLBPcJrHKP/gjEikYMGI5W8osWqu7BgGGNZLyE2XzGoZp
tNdQ+++Ef+TaNfG9WB22jdb4XKlPHLRb4mGOqKe+Evr5OM+Mi9YjTMTfDAF+94JV
nxci+4KBRJ2p2rkhGfUAd1wIy234TwlSTpDvbC5QsSpTWYUos03MVGVVidRer8lz
A9AiVGN/fcLWqUXAtb4J9s0Pa9I5Re5asg9bZbYhBoDQluqKlWf9EX5bLHUBT25v
y/zr4Qa6DQL3gBFV7cEX+S9nq0WKUwydEoPhODxTNaERb9Ds09HoupwFx+pu/iGH
gEOeBMI74346PebDl8HF
=3kvJ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message