-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Bruce,
On 6/23/14, 2:30 PM, Bruce Lombardi wrote: > Moving the SSL port from 8443 to 443 has solved the problem. It > appears that when the url www.something.net is entered, Firefox > remembers that this is an SSL site and automatically add the "s" > to get https. In fact after the timeout the url line in the > browser shows https:www.something.net. Obviously, this is > defaulting to the standard SSL port (443), which does not work if > 8443 is used. Moving the port to 443 solved the problem. > > If you read about setting up Tomcat, the default SSL port is 8443. > Maybe this is done for testing, but it never seems to be explained > that there might be problems with 8443. I have never experienced the behavior you describe. Certain clients do cache responses from servers, so it's possible that you had a bad setup at some point that redirected :80 -> :443 and then Firefox wouldn't forget that response and change to :8443. The :8443 default configuration makes sense because :443 is often used by web servers like Apache httpd, MS IIS, etc. and we don't want to a) interfere with them or b) cause Tomcat to fail to start. I don't believe there are any problems with using port 8443 for SSL. - -chris > -----Original Message----- From: Christopher Schultz > [mailto:ch...@christopherschultz.net] Sent: Friday, June 20, 2014 > 10:51 AM To: Tomcat Users List Subject: Re: Browsers suddenly > start timing out when accessing port 80 of secure site > > Jeffrey, > > On 6/20/14, 10:24 AM, Jeffrey Janner wrote: >>> -----Original Message----- From: Bruce Lombardi >>> [mailto:brlom...@gmail.com] Sent: Thursday, June 19, 2014 >>> 11:33 AM To: users@tomcat.apache.org Subject: Browsers suddenly >>> start timing out when accessing port 80 of secure site >>> >>> We have a Java application running on Tomcat 7.0.52 on an >>> Amazon Web Services EC2 Windows 2008 R2 server. Tomcat is setup >>> so that our application is the root application and is >>> accessible from port 80. The application and Tomcat are >>> configured with SSL so that whenever anyone types in the url >>> for the site (e.g. www.something.net) Tomcat will switch into >>> HTTPS and use port 8443. >>> >>> This all works fine, but it seems that if for some reason a >>> browser times out when accessing the site, it will never >>> connect to the site again, and any attempt to connect using >>> www.something.net will show that the connection has timed out. >>> Yet if you put in the port number (e.g., >>> www.something.net:8443) it comes up right away. We have seen >>> this happen on both Chrome (Version 35.0.1916.153 m) and >>> Firefox (Version 30.0). >>> >>> On Chrome I was able to get the browser to connect to the site >>> by going to Settings > Advanced > Clear Browser Data and >>> clearing browser history, download history, cookies, and cached >>> images and files. Once I did that the site came up immediately >>> with www.something.net and switch to HTTPS as it is supposed to >>> do. >>> >>> On Firefox, I get the same thing. It will not connect unless I >>> add the port. I tried clearing cached web content, setting the >>> cache limit to zero, and clearing offline web content. None of >>> this worked. Re-installing Firefox did work. >>> >>> It took me several months to encounter this problem. But other >>> users have encountered it right away (e.g., when setting up a >>> new machine). >>> >>> Using browser development tools and Tomcat logs, I was able to >>> see the following: >>> >>> . When working chrome send get to url. Tomcat responds >>> with HTTP 302 and redirects to the secure port. The Tomcat >>> localhost_access_log reflects these transmissions. >>> >>> . When not working, Firefox sends get to url, but no >>> response is returned. The Tomcat localhost_access_log is >>> blank. >>> >>> Can anyone shed any light on this? Is this a Tomcat issue or >>> something to do with the browsers? Is there anything I can >>> look for in the logs that may help? >>> >>> Bruce > >> Sounds like a browser issue to me > > +1 > > I've found that many browsers cache responses - including error > responses -- longer than one might expect. Try a complete > page-refresh using SHIFT-CTRL-R (or SHIFT-CMD-R), and if that > doesn't work, clear all cache and possibly restart the browser if > that doesn't work. > >> , Bruce, unless you've got something else in your topology that >> could be causing the issue. Say a proxy, for instance? Also, are >> you sure on the subsequent attempts that your URL starts off >> with http:// and not https://. It's a pretty easy detail to >> overlook. > >> And on a just curious basis: Why redirect to 8443 instead of the >> standard HTTPS port of 443? Then you wouldn't need the port >> number in the URL. > > +1 > > (And if you can't because you already have a web server running, > try routing the Tomcat traffic through the web server.) > > -chris > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTqXItAAoJEBzwKT+lPKRYQRcQAJYezlrd2gWD/00OVCGmUbUT pxOHVwWJtIu7UhF9tuqDs3fsWzIXZRNMmwiislp59MAZmlgg2SgRh89SfZqRJQpm xrO5gglvNWJgpl3IjwEd1wBFwJvJXY9BuPfKaBPx03pqICHtR7pNGvF+l0PtUVYB pDvgbqqjsL6+3i0W0ah6lwgyFNeOwKX+Vy3nfvnlZaMqyySS550ZhLmJRfDp/vXo MqPOmIyaiwOLEfoqNDRoNdUuHh9T8Gp+PHQJjQuCOZASHasEM0bg5g0u19sNl5uv woTJShw4YzRvojGWl2ogP4j69AuP9tLY/05gOPz7nzAztVht1/zrZjYTFIDETb9M WvE9Ywl+R4C/OFO+quTuLBPcJrHKP/gjEikYMGI5W8osWqu7BgGGNZLyE2XzGoZp tNdQ+++Ef+TaNfG9WB22jdb4XKlPHLRb4mGOqKe+Evr5OM+Mi9YjTMTfDAF+94JV nxci+4KBRJ2p2rkhGfUAd1wIy234TwlSTpDvbC5QsSpTWYUos03MVGVVidRer8lz A9AiVGN/fcLWqUXAtb4J9s0Pa9I5Re5asg9bZbYhBoDQluqKlWf9EX5bLHUBT25v y/zr4Qa6DQL3gBFV7cEX+S9nq0WKUwydEoPhODxTNaERb9Ds09HoupwFx+pu/iGH gEOeBMI74346PebDl8HF =3kvJ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org