We are getting a "Bad Gateway" error when attempting to go to a web app
in our test environment. As far as we know it has never worked in our
test environment, but it is working in our production environment. I
know this appears backwards, but we inherited this system as is. I hope
there is not too much information below, but I wanted to provide as much
as I could think of that might be relevant. If anybody has any ideas on
what to check next, it would be very much appreciated, as we are stuck.
We have compared as many configuration files as we know of between the
two environments, and have found some differences and made changes so
they match, and restarted Apache or Tomcat as appropriate, but we still
get the error. Here is the error, as displayed by Internet Explorer 8:
Bad Gateway
The proxy server received an invalid response from an upstream server.
------------------------------------------------------------------------
--------
Apache Server at <domain> Port 6443
We're using Apache 2.2.15 and Tomcat 6.0.35, installed on different
servers (both HP-UX), which we will call server-A (Apache) and server-B
(Tomcat). Apache is stand-alone and Tomcat is installed as part of
another application. And here is the flow of control (the load balancer
distributes to two Apache servers, but we only show one here):
browser ->https->
load balancer ->https->
Apache server-A (6443)-> https->
Tomcat server-B (53309)->http-> other servers
The only log file that contained an error was the Apache access_log on
server-A:
[error] (502): proxy: pass request body failed to xxx.xxx.xxx.xxx:53309
(server-B's FQDN)
(where xxx.xxx.xxx.xxx is server-B's IP)
The Apache's ssl.conf on server-A defines a virtual host that passes
requests coming in on port 6443 to Tomcat on server-B port 53309. Here
are a few details from the ssl.conf:
Listen 0.0.0.0:6443
<VirtualHost _default_:6443>
SSLEngine on
SSLProtocol TLSv1
ProxyPass / https://server-B:53309/
</VirtualHost>
We confirmed there is connectivity from server-A to port 53309 on
server-B using telnet on server-A:
[server-A]>telnet server-B 53309
Trying...
Connected to server-B.
Escape character is '^]'.
telnet> quit
Connection closed.
[server-A]>
We confirmed that server-B is listening on port 53309:
netstat -a | grep 53309
tcp 0 0 *.53309 *.*
LISTEN
We confirmed that Tomcat on server-B is configured to handle port 53309,
from this excerpt from its server.xml:
<Connector description="Content Switch HTTPS" maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="/keystore/server-ks.p12"
keystoreType="PKCS12" keystorePass="pass"
truststoreFile="/keystore/ts.jks" truststoreType="JKS"
truststorePass="pass" clientAuth="false" algorithm="SunX509"
sslProtocol="TLS" port="53309" />
We confirmed Tomcat was started successfully on server-B and listening
on port 53309, from the application log:
2013-08-22 18:01:49,321 INFO : Succesfully started Apache Tomcat/6.0.35
@ Catalina:53309
Any ideas on what might be going on?
