Rahman Akhlaqur wrote:
Hi P
The SSL is terminated at the load balancers, so the request is then a http
request on port 8443 to our apache webserver (we use this to resolve multiple
hostnames to just a few virtual hosts) which then just proxys the http request
to Tomcat. At which point we want the request to be passed on to the content
server as a secure request on port 443 - to match content hosts set up on port
443. It seems to work okay as the reverse path is fine, from the content server
back to the end user.
There is nothing in the Tomcat logs, the request is not even logged in the
localhost access log - this points to Tomcat not even listening properly on
port 8443. The other port (8080) is working okay though.
At the moment when this happens, what does "netstat -pan" show on the
Tomcat host ?
(assuming you are under some kind of Unix/Linux)
(it may be useful to also do a "ps -ef" to see the relationship between
process-id and programs)
----- Original Message ----
From: Pid <p...@pidster.com>
To: Tomcat Users List <users@tomcat.apache.org>
Sent: Thursday, 30 April, 2009 16:59:25
Subject: Re: Tomcat 5.5.23 stops listening to requests on SSL port
Rahman Akhlaqur wrote:
Hi
I am having an issue with my Tomcat server not responding on the SSL port. I reported this as a possible bug but this was rejected as a config issue. More info as below:
The Tomcat connector is configured as below
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector
port="8080" maxHttpHeaderSize="8192" maxThreads="350" minSpareThreads="25"
maxSpareThreads="75" enableLookups="false" redirectPort="8443"
acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <Connector port="8443"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true"
connectionTimeout="20000" acceptCount="100" scheme="https" secure="false"
proxyPort="443"/>
<!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
The issue is that Tomcat stops listening on port 8443 after a while of running.
This means no HTML is returned to end users browsers.
I know this as I am getting a HTTP error code 502 from the apache 2.2.4
webserver that is proxying the request to Tomcat.
The setup I have is that SSL is terminated at a load balancer and forwards the
request to port 8443 to apache, which then proxy passes the request to Tomcat
to port 8443 and then Tomcat passes this request to the content server on port
443 (as this is a secure request).
So you're sending SSL at each stage via 2 proxies?
ssl-> LB:8443 ssl-> HTTPD:8443 ssl-> Tomcat:8443 ssl-> ContentSrv
One theory is that end users are abruptly terminating their session with Tomcat
(by cancelling their secure requests or closing their browsers) and Tomcat is
not closing the thread when this happens. Therefore running out of threads. I
am not sure about this and need some way to prove it.
What do the Tomcat logs say when this occurs?
p
Akik Rahman
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
