Thanks for the suggestion of taking a thread dump... I think I have some instructions on how to do this on a windows server.
The apache httpd server is on a different machine to Tomcat, thats how they can both listen on port 8443. ----- Original Message ---- From: Christopher Schultz <ch...@christopherschultz.net> To: Tomcat Users List <users@tomcat.apache.org> Cc: p...@pidster.com Sent: Friday, 1 May, 2009 18:07:42 Subject: Re: Tomcat 5.5.23 stops listening to requests on SSL port -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rahman, On 5/1/2009 9:24 AM, Rahman Akhlaqur wrote: > The SSL is terminated at the load balancers, so the request is then a > http request on port 8443 to our apache webserver (we use this to > resolve multiple hostnames to just a few virtual hosts) which then > just proxys the http request to Tomcat. At which point we want the > request to be passed on to the content server as a secure request on > port 443 - to match content hosts set up on port 443. It seems to > work okay as the reverse path is fine, from the content server back > to the end user. This sounds fishy. You terminate SSL at your lb, so there's no SSL anymore, right? Tomcat is listening on 8443 (as per your <Connector> configuration) so how can your lb send the request to Apache httpd on port 8443? Maybe you just reversed the ports in your post. It sounds like you are doing this: client [HTTPS] -> lb:443 [HTTP] -> httpd (port?) -> Tomcat:8443 (If you are expecting a previously-encrypted connection coming to Tomcat, why not set secure="true" in your <Connector>?) > There is nothing in the Tomcat logs, the request is not even logged > in the localhost access log - this points to Tomcat not even > listening properly on port 8443. The other port (8080) is working > okay though. Have you taken a thread dump to see what is happening? Since you are running 3 connectors, you might want to use a shared "executor" to manage threads, though the result with no further changes will be that /all/ threads will likely be tied-up, rather than only those servicing port 8443. I highly recommend a thread dump to see what all your threads are doing. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkn7LF4ACgkQ9CaO5/Lv0PCG5ACfcuG/xvslTxhXzvfp25inr/at InMAoKOvUg5QSxowVKUhwBxk8kSft96z =VMmX -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
