• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Tomcat times out when using APR/native connector, but works fine with JSSE connector?

 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Disclaimer - This server is running Tomcat 5.5 and JRE 5 - I have a test server with version 8 of both, but am not done testing yet.

Problem - I have a Windows 2003 server running Tomcat 5.5 and JRE 5 that works fine when using the "default" JSEE connector for port 443, but when I switch to the APR/native connector, connections to the server time out. I can access the page fine in a browser on the server itself though.

I have no idea how to troubleshoot this further.

Any suggestions?

Maybe some configuration issue in server.xml?
 
Peter Bollwerk
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I ran a compare in Notepad++ and the only differences are:
(this is inside the SSL HTTP connector)

(JSSE with keystore)

keystoreFile="conf/tomcat.keystore"
keystorePass="**********" />

(APR/native)

SSLEngine="on"
SSLEnabled="true"
SSLPassword="**********"
SSLCertificateFile="C:\Tomcat-5.5\conf\newcerts\server.crt"
SSLCertificateKeyFile="C:\Tomcat-5.5\conf\newcerts\serverpriv.key"
SSLCACertificateFile="C:\Tomcat-5.5\conf\newcerts\gdig2.crt"
SSLCertificateChainFile="C:\Tomcat-5.5\conf\newcerts\gd_bundle-g2-g1.crt" />
 
Peter Bollwerk
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is still not resolved.

What is very strange to me is that the Catalina logs are showing (as far as I can tell) that the APR connector is starting up on port 443, but when I do "netstat -ano", there is nothing listening on port 443. However, I can see Tomcat listening on the other ports listed.

Logs from when APR/native is used:
Nov 13, 2014 11:18:51 AM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Nov 13, 2014 11:18:51 AM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-443
Nov 13, 2014 11:18:51 AM org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
Nov 13, 2014 11:18:51 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1482 ms
Nov 13, 2014 11:18:52 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Nov 13, 2014 11:18:52 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.26
Nov 13, 2014 11:18:52 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Nov 13, 2014 11:18:53 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Nov 13, 2014 11:18:53 AM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-443
Nov 13, 2014 11:18:53 AM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
Nov 13, 2014 11:18:53 AM org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
Nov 13, 2014 11:18:53 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1607 ms

Logs from when using the JSSE connector, which works fine:
Nov 13, 2014 11:22:01 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Nov 13, 2014 11:22:02 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-443
Nov 13, 2014 11:22:02 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1700 ms
Nov 13, 2014 11:22:02 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Nov 13, 2014 11:22:02 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.26
Nov 13, 2014 11:22:02 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Nov 13, 2014 11:22:04 AM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Nov 13, 2014 11:22:04 AM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-443
Nov 13, 2014 11:22:04 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Nov 13, 2014 11:22:04 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/31 config=null
Nov 13, 2014 11:22:04 AM org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
Nov 13, 2014 11:22:04 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1623 ms

Any ideas on how to debug this?
I added this line to the Tomcat Java settings, but I don't know where it would write logs:
-Djavax.net.debug=ssl,defaultctx
 
Peter Bollwerk
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A closer look at "netstat -ano" results and I see that when I use the APR/native connector, Tomcat is ONLY listening on IPv6, but not IPv4.
I added these lines to the Tomcat Java options and restarted Tomcat, but that didn't help:
-Djava.net.preferIPv4Stack=true
-Djava.net.preferIPv4Addresses=true

Ideas?
 
Peter Bollwerk
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I appear to have resolved this.
I added the following switch to the connector section:
address="0.0.0.0"

I have no idea why I had to do this for this server and not others.
 
reply
    Bookmark Topic Watch Topic
  • New Topic