-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We are still deploying and moving towards launch. At the moment we do *not* have a cluster running. That is slated for phase 2 of the process, and is the first feature to be added once the single node install is working correctly.
I have redeployed, and modified the servers.xml file for tomcat to no longer listen on 8080, 8443, or 443, and to no longer list 443 as the secure port for 80. This was actually something I had done a while back that had not been applied to this environment yet. So far, so good -- no crashes yet. *knocks on wood* Jeff Corey Scholefield wrote: > As far as having the F5 front the CAS servers (assuming a CAS cluster of > 2 in your stack?) and perform the SSL termination, I gather that this is > a common way to offer the CAS service. > > As CAS newbies, we are just building out our CAS deployment here, with > an SSL-offload configuration with our F5 much like you describe. I'd be > interested in hearing that this is indeed a common approach.... > > thanks! > > Corey S. > > Corey Scholefield > Identity & Access Mgmt. Team Lead > UVic Online | University Systems > University of Victoria | Victoria, BC, Canada > cor...@uvic.ca | +1.250.472.4549 > > Jeff Chapin wrote: > Offloading. We have a BigIP F5 that is accepting the SSL connections, > stripping off the SSL portion, and forwarding to port 80 on the CAS box. > > I will double check the config on the test box to make sure that all > SSL ports are closed on that machine. > > Thanks! > > Patrick Berry wrote: >>>> A first glance, it looks like something to do with SSL perhaps. Are you >>>> using Tomcat? Are you offloading SSL or is you container handling it? >>>> >>>> On Thu, Apr 1, 2010 at 7:57 AM, Jeff Chapin <jeff.cha...@uni.edu >>>> <mailto:jeff.cha...@uni.edu>> wrote: >>>> >>>> I have rolled an instance of CAS 3.3.5 into a test instance. We have >>>> started to tie a few apps to this instance, and CAS has begun randomly >>>> crashing, sometimes as often as several times a day, and not always when >>>> under load much load. As little as one user logging in can kill it, or >>>> it can wait for as many as several hundred login attempts. When I check >>>> catalina.out, I see the following error. It is the same error each time >>>> -- with pkcs11_softtoken. >>>> >>>> This is running on Sparc hardware, running Solaris 10 in a zone. >>>> >>>> Any suggestions? >>>> >>>> # >>>> # A fatal error has been detected by the Java Runtime Environment: >>>> # >>>> # SIGSEGV (0xb) at pc=0xfbc58404, pid=13993, tid=405 >>>> # >>>> # JRE version: 6.0_16-b01 >>>> # Java VM: Java HotSpot(TM) Server VM (14.2-b01 mixed mode >>>> solaris-sparc ) >>>> # Problematic frame: >>>> # C [pkcs11_softtoken.so.1+0x38404] >>>> # >>>> # An error report file with more information is saved as: >>>> # /home/ascass/hs_err_pid13993.log >>>> # >>>> # If you would like to submit a bug report, please visit: >>>> # http://java.sun.com/webapps/bugreport/crash.jsp >>>> # The crash happened outside the Java Virtual Machine in native code. >>>> # See problematic frame for where to report the bug. >>>> # >>>> >>>> Thanks, >>>> >>>> Jeff >>>> > >> - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku05lQACgkQQiaEUfQoY7SeRwCgkom/gjNnsOoLQA1WWdy3nXmq IEQAoKJM4BlgpTVkNd2eqJC3vCxH0S0D =rLan -----END PGP SIGNATURE----- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
