Hi,
I'm facing a problem with my web application.
I'm using Tomcat 7.0.56, Java 1.8, Postgres 9.4 and Debian 7.
The application is configured as followed :
The web server is located in a DMZ.
The database server is located in our LAN.
To communicate with each other, a firewall has been setup (Cisco asa firewall)
To authenticate an user to the website, I use the tomcat JDBC Realm.
At the beginning, everything works fine, but after about an hour of inactivity,
its impossible to authenticate again :
Tomcat process seems to be running but doesn't log anything and doesn't answer
any other requests.
The firewall is rejecting the connection with the following message : Deny TCP
(no connection) from WEB/50790 to DB/5432 FIN ACK on interface DMZ_clients
I thought, the problem was after a while, if tomcat connexions were not used,
the firewall would drop them.
So, I tried to add "keepAlive" time-outs (tomcat site, postgres side, ) but
none of them worked :
Here is the tomcat context.xml :
<Resource name="jdbc/elkar" auth="Container"
type="javax.sql.DataSource"
driverClassName="org.postgresql.Driver"
url="jdbc:postgresql://10.2.1.128/elkar" username="asa"
password="mei!z60Hm" maxActive="100" maxIdle="20"
maxWait="10000" maxAge="60000"
removeAbandonned="true" removeAbandonnedTimeout="60"
keepAlive="true" autoReconnect="true"
/>
The postgresql.conf :
# - TCP Keepalives -
# see "man 7 tcp" for details
#tcp_keepalives_idle = 300 # TCP_KEEPIDLE, in seconds;
# 0 selects the system
default
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
# 0 selects the system
default
#tcp_keepalives_count = 0
And finally, the Sysctl.conf :
net.ipv4.tcp_keepalive_time = 900
net.ipv4.tcp_keepalive_intvl = 60
net.ipv4.tcp_keepalive_probes = 9
Before that, the application was tested without using the firewall and
everything worked fine.
If you have any idea of why this is happening, I haven't found a solution yet.
Regards, Luc D.
