On 16 April 2018 at 22:04, Mark Thomas <ma...@apache.org> wrote:
> On 11/04/18 09:22, Richard Tearle wrote:
>
> <snip/>
>
>> I've built tomcat from source using the link you provided, and rebuilt the
>> containers with this tomcat, and can still reproduce the issue. I've uploaded
>> the logs (30s before the connection closed error), to dropbox:
>>
>> https://www.dropbox.com/s/qe50jbd196krtyo/logs-10-04-17.zip?dl=0
>
> Thanks for these.
>
> I've started to look at them. I don't have any firm conclusions yet. I
> have noticed that the problem occurs after a connection is made to the
> service from localhost rather than the remote IP that is making the
> other requests. The localhost client does not present a certificate.
>
> My working theory (so chances are it is completely wrong) is that the
> missing certificate in the request from localhost puts the OpenSSL
> engine into an error state that is not correctly handled by Tomcat
> causing the subsequent request to fail.
>
> I've also noticed that the debug level log message consistently report 0
> bytes being read which looks wrong but is probably a separate (minor) issue.
>
> Investigations continue.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
Ah that rings a bell.
Our containers have a simple health check, simply does
curl --connect-timeout 5 --max-time 20 -k -s -S --stderr -\
https://localhost:${TOMCATS_PORT}/ |\
grep -q "NSS: client certificate not found" || exit 1
just to make sure the ESB is responding, with something we expect.
These are set to run at an interval of every 2m30s. The full parameters
in the docker-compose[1] file are:
healthcheck:
test: ["CMD", "/usr/local/bin/healthcheck.sh"]
interval: 2m30s
timeout: 10s
retries: 3
start_period: 20s
I've also disabled the health check on ESB container, and my tests
ran through for an hour, without a connection closed error.
[1] https://docs.docker.com/compose/compose-file/#healthcheck
--
Richard
--
This email is sent on behalf of Northgate Public Services (UK) Limited and
its associated companies including Rave Technologies (India) Pvt Limited
(together "Northgate Public Services") and is strictly confidential and
intended solely for the addressee(s).
If you are not the intended
recipient of this email you must: (i) not disclose, copy or distribute its
contents to any other person nor use its contents in any way or you may be
acting unlawfully; (ii) contact Northgate Public Services immediately on
+44(0)1442 768445 quoting the name of the sender and the addressee then
delete it from your system.
Northgate Public Services has taken reasonable
precautions to ensure that no viruses are contained in this email, but does
not accept any responsibility once this email has been transmitted. You
should scan attachments (if any) for viruses.
Northgate Public Services
(UK) Limited, registered in England and Wales under number 00968498 with a
registered address of Peoplebuilding 2, Peoplebuilding Estate, Maylands
Avenue, Hemel Hempstead, Hertfordshire, HP2 4NW. Rave Technologies (India)
Pvt Limited, registered in India under number 117068 with a registered
address of 2nd Floor, Ballard House, Adi Marzban Marg, Ballard Estate,
Mumbai, Maharashtra, India, 400001.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
