2015-01-30 16:45 GMT+03:00 Luc DALLEMANE <ldallem...@alaloop.com>: > Hi, > > > I'm facing a problem with my web application. > > > I'm using Tomcat 7.0.56, Java 1.8, Postgres 9.4 and Debian 7. > > The application is configured as followed : > > > The web server is located in a DMZ. > > The database server is located in our LAN. > > To communicate with each other, a firewall has been setup (Cisco asa firewall) > > > To authenticate an user to the website, I use the tomcat JDBC Realm.
1. Realm configuration =? Is it JDBCRealm or DataSourceRealm? If it is the former, then your <Resource> is not used at all. 2. Posting the actual password on a public mailing list? Consider it compromised. > At the beginning, everything works fine, but after about an hour of > inactivity, its impossible to authenticate again : > > Tomcat process seems to be running but doesn't log anything and doesn't > answer any other requests. > > > The firewall is rejecting the connection with the following message : Deny > TCP (no connection) from WEB/50790 to DB/5432 FIN ACK on interface DMZ_clients > > > I thought, the problem was after a while, if tomcat connexions were not used, > the firewall would drop them. > > So, I tried to add "keepAlive" time-outs (tomcat site, postgres side, ) but > none of them worked : > > > Here is the tomcat context.xml : > > > <Resource name="jdbc/elkar" auth="Container" > type="javax.sql.DataSource" > driverClassName="org.postgresql.Driver" [...] > /> > > > The postgresql.conf : > > > # - TCP Keepalives - > # see "man 7 tcp" for details > > #tcp_keepalives_idle = 300 # TCP_KEEPIDLE, in seconds; > # 0 selects the system > default > #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; > # 0 selects the system > default > #tcp_keepalives_count = 0 > > > And finally, the Sysctl.conf : > > > net.ipv4.tcp_keepalive_time = 900 > net.ipv4.tcp_keepalive_intvl = 60 > net.ipv4.tcp_keepalive_probes = 9 > > > > Before that, the application was tested without using the firewall and > everything worked fine. > > > If you have any idea of why this is happening, I haven't found a solution yet. > > > Regards, Luc D. > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
