On 21.02.2017 20:45, Aaron Gray wrote:
I have an application server from a vendor that comes bundled with an
additional Apache Tomcat server.  The webapp SelfService.war is vendor
supplied too.

Here's my problem (IP's replaced to protect the innocent):

networks:
DMZ=172.x.x.x
INTERNAL=10.x.x.x

server1 https listen = 172.1.1.1:23270
server2 https listen = 172.1.1.2:23270
F5 load balancer hostname = loadbalancer.domain.com:443
backend tomcat server = 10.1.1.1:18080

mod_proxy configuration:
ProxyPass /SelfService http://10.1.1.1:18080/SelfService
ProxyPassReverse /SelfService http://10.1.1.1:18080/SelfService

When I access these DMZ webservers which mod_proxy back to Apache Tomcat as:
https://172.1.1.1:23270/SelfService
and
https://172.1.1.2:23270/SelfService <https://172.1.1.1:23270/SelfService>
They load properly. Perfectly, every time!

Ok, so there is no problem in tomcat, nor with the webapp itself.


When I access these DMZ webservers via the F5 load balancer (to which I
dont have access to, but the network folks configure for me), it hangs.

What is the URL you are using, when you do the access via the F5 load balancer ?
(just to make sure)

Eventually returns:
https://loadbalancer.domain.com:23270/SelfService
cant load.


"Eventually" meaning that there is a delay ? how long ?

No idea why the URL is being re-written with the ":23270".
I added static content to the server.xml on 10.1.1.1 (Tomcat) to test:
<Context docBase="/path/to/tomcat/static" path="/static" />
Then put a simple index.html in there.  Accessing via the Apache Web
Servers works fine, but if you hit it with the Load Balancer it once again
adds the https://loadbalancer.domain.com:23270/static

Do you have any thoughts?  Thanks so much, I have been working with this
for weeks now with no success


I don't know the F5 internals, but at first sight, it sounds like 2 problems, of which the first is a misconfiguration of the load-balancer. Internally, it should have a configuration similar to your Apache configurations, with a ProxyPass and a ProxyPassReverse (at least in the principle), and it should never show this ":23270" to the caller. The URL is not really being "rewritten". It looks more like a "leakage" of some information that the F5 should keep to itself. It obviously replace the hostname to which it is supposed to proxy, by his own hostname before returning this error message. But it seems to forget to also replace the port by its own port. The second problem, if it returns this error in the first place, seems to indicate that there is somewhere, in addition, a communications issue between the F5 and the Apache httpds. The F5 is obviously never getting a response from the httpds. What is between the F5 and the httpds ? It looks like whatever it is, allows packets from the F5 *to* a httpd but maybe not return packets *from* the httpd to the F5
(or they get wrongly routed back).
I have seen this kind of issue before, with servers hosted "in the cloud".


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to