logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Other Software View previous topic :: View next topic
Reply to topic   Topic: Tomcat 9 - Fatal error and crash (maybe ssl related)
Author
DavideBocca



Joined: 24 May 2024
Posts: 1

PostPosted: Fri 24 May '24 16:47    Post subject: Tomcat 9 - Fatal error and crash (maybe ssl related) Reply with quote

Hi guys Very Happy,
we have some tomcats 9.0.35 crashing, it seems during login process.

The dump log (https://hastebin.com/share/ucecipukuz.makefile) shows the https-openssl-nio-443-exec-1 as current thread so i guess it should be something on that side, following the connector configuration

Code:
   <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize="8192"
               maxThreads="150" SSLEnabled="true" minSpareThreads="25"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="${container.keystoreFile}" keystorePass="${container.keystorePass}" />


Here (https://hastebin.com/share/pozufegama.yaml) you can see the catalina log (crash occured @08:43).

I'm trying to check on the logs but i'm not the original developer so it's not so easy to find useful info, i just found this one which seems to be interesting

Code:
2024-05-24 08:43:20,765  INFO [https-openssl-nio-443-exec-5] (DetailedDelegatingAuthenticationProvider.java:23) - Authentication attempt with 'authentication-provider-administrator' for user 'DB2ADMIN' successed!


I've also the mdmp file but i don't really know what it could be useful for the investigation, if someone could guide me i can post the data that could help.

Can someone help me trying to understand what's going on?


Thanks!
Davide
Back to top
tangent
Moderator


Joined: 16 Aug 2020
Posts: 346
Location: UK

PostPosted: Mon 27 May '24 20:02    Post subject: Reply with quote

Looking at your Catalina log file, I note the SSL version in your Tomcat is OpenSSL 1.1.1g [21 Apr 2020]. This is somewhat behind the curve, and highlights the problem of having your application server manage secure client connections. So rather than trying to solve the crashing thread problem, I'd suggest going round it.

Far better would be to decouple the client connection front end using a separate instance of Apache Web Server, managing the secure front end, and then proxy the connection requests to Tomcat. If Apache is configured on the same host or a local network, you could use AJP rather than HTTP(S) to connect to Tomcat, which should also improve the performance.

I accept that going down this route does entail installing and setting up Apache, but would suggest there are many benefits to be had in the long term. At the time of writing, the 2.4.59 release of Apache on this site is built with OpenSSL 3.1.5.

A concept Apache configuration (initially on say port 8443) might include:

Code:

<VirtualHost *:8443>
    ServerName example.com

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privatekey.pem

    # Proxy requests for /objfin location to local Tomcat using AJP on port 8009.
    #
    <Location /objfin>
        ProxyPass ajp://localhost:8009/objfin
        ProxyPassReverse ajp://localhost:8009/objfin
        ProxyPassReverseCookiePath / /
    </Location>

</VirtualHost>

Should you choose to go down this route, there are a number of posts on this site relating to proxy connections with Tomcat which should help, as well as other worked examples out there on the net.
Back to top


Reply to topic   Topic: Tomcat 9 - Fatal error and crash (maybe ssl related) View previous topic :: View next topic
Post new topic   Forum Index -> Other Software