Hi P The SSL is terminated at the load balancers, so the request is then a http request on port 8443 to our apache webserver (we use this to resolve multiple hostnames to just a few virtual hosts) which then just proxys the http request to Tomcat. At which point we want the request to be passed on to the content server as a secure request on port 443 - to match content hosts set up on port 443. It seems to work okay as the reverse path is fine, from the content server back to the end user.
There is nothing in the Tomcat logs, the request is not even logged in the localhost access log - this points to Tomcat not even listening properly on port 8443. The other port (8080) is working okay though. ----- Original Message ---- From: Pid <p...@pidster.com> To: Tomcat Users List <users@tomcat.apache.org> Sent: Thursday, 30 April, 2009 16:59:25 Subject: Re: Tomcat 5.5.23 stops listening to requests on SSL port Rahman Akhlaqur wrote: > Hi > > I am having an issue with my Tomcat server not responding on the SSL port. I > reported this as a possible bug but this was rejected as a config issue. More > info as below: > > The Tomcat connector is configured as below > > <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector > port="8080" maxHttpHeaderSize="8192" maxThreads="350" minSpareThreads="25" > maxSpareThreads="75" enableLookups="false" redirectPort="8443" > acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" /> > > <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <Connector port="8443" > maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" > maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" > connectionTimeout="20000" acceptCount="100" scheme="https" secure="false" > proxyPort="443"/> > > <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" > enableLookups="false" redirectPort="8443" protocol="AJP/1.3" /> > > The issue is that Tomcat stops listening on port 8443 after a while of > running. > This means no HTML is returned to end users browsers. > > I know this as I am getting a HTTP error code 502 from the apache 2.2.4 > webserver that is proxying the request to Tomcat. > > The setup I have is that SSL is terminated at a load balancer and forwards the > request to port 8443 to apache, which then proxy passes the request to Tomcat > to port 8443 and then Tomcat passes this request to the content server on port > 443 (as this is a secure request). So you're sending SSL at each stage via 2 proxies? ssl-> LB:8443 ssl-> HTTPD:8443 ssl-> Tomcat:8443 ssl-> ContentSrv > One theory is that end users are abruptly terminating their session with > Tomcat > (by cancelling their secure requests or closing their browsers) and Tomcat is > not closing the thread when this happens. Therefore running out of threads. I > am not sure about this and need some way to prove it. What do the Tomcat logs say when this occurs? p > Akik Rahman > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org