Yes, exactly. I have been thrown to the wolves and it is really causing a problem because our application rollout schedule has been pushed back because of this problem and its been going on for like 3 weeks. The other annoying thing is that the application vendor does not support getting the app to work externally, so I have no real help desk to turn to.
Thank you for the further details... "I'm with ya". I have the following connector string in my server.xml file: <Connector port="8009" redirectPort="8443" enableLookups="false" protocol="AJP/1.3" URIEncoding="UTF-8"/> I will attach the file itself to make sure you guys think it looks ok. I ran the netstat command you gave me... lots of stuff there! But I do see this: TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 4 Thanks in advance! awarnier wrote: > > oh oh. So it looks like you have been thrown to the wolves, he ? > The positive side of it, is that if you solve it, you'll be the star. > > Time for some ascii-art I think. > > Except for firewalls, you have the following schema : > > > Browser-1 <---> <---> - webapp > Browser-2 <---> IIS + IR <---> AJP + Tomcat - webapp > ... <---> - webapp > Browser-n <---> <---> - webapp > > The dotted lines represent TCP/IP connections. > IIS + IR : IIS plus the Isapi_Redirector module > AJP + Tomcat : The Tomcat <Connector protocol="AJP"> module, plus Tomcat > itself, and then > the applications (webapps) running in Tomcat. > > A request starts at the browser, goes to IIS over a connection to port 80 > (if simple > HTTP), or port 443 (if HTTPS). > IIS sees that this request is really for Tomcat, so it passes it to its > Isapi_redirector > module. > The Isapi_redirector module creates another connection to Tomcat's AJP > "Connector", this > time over port 8009, where presumably this AJP connector is listening. > When the AJP connector receives the request, it creates a "thread" in > Tomcat to handle > this request. > A thread is like a sub-process of tomcat; it is created to process one > request, and will > disappear when this request is processsed and it has sent the response. > To create the response, the thread "runs" one of the webapps. > > Now to clear some side-issues : > - the protocol/format used between the browsers and IIS may be HTTP or > HTTPS (SSL), > - but the protocol/format between the "IR" module on the IIS side, and the > "AJP" module on > the Tomcat side, is neither. It is using a special protocol/format named > AJP. (So the > notion of SSL is not relevant here; the decryption already happens at the > IIS level, and > over the AJP connection the data flows essentially "in clear".) > > For this whole scheme to work, there are a few pre-requisites : > - the browsers must be able to establish a TCP/IP connection to the IIS > server. I guess > that part works. > - the IIS server (and its IR module), must be able to establish a TCP > connection to the > AJP module of Tomcat, which is usually configured to "listen" on port # > 8009. > - the numbers of requests sent at the same time by the sum of all the > browsers, needs to > be more or less matched to the number of connections that the IR module > and the AJP module > can establish between themselves (otherwise some browser requests would > never reach Tomcat) > - the number of simultaneous threads that the AJP connector can start > inside of Tomcat, > must also be more or less matched to the number of browser requests. > Otherwise, requests > would pile up and have to wait, for a thread to become available to take > care of them. > In the long term, that is not sustainable. > > So the first thing here, would be to make sure that the Tomcat AJP > connector is really > listening on port 8009. The wish for that is indicated, inside your > server.xml, by a tag > like : > <Connector port="8009" protocol="AJP/1.3" ... /> > Do you have such a tag ? > > The second step would be to verify that it is really listening there. > For that, you could use the "netstat" command in a command window on the > server, as follows : > > netstat -aon -p tcp > > and look for a line that looks like this : > > TCP 0.0.0.0:8009 0.0.0.0:0 LISTEN > 2704 > > (the important part being that ":8009" part) > > Do you see that ? > > > > > > > > > > amythyst wrote: >> Thanks for the reply. >> >> With that script, how exactly would I execute that script? >> Pardon my ignorance, but I am a database developer that has been thrown >> into >> networking because our network admin is at a loss to what the problem is >> and >> doesn't seem keen on fixing it. >> >> According to him, all the ports that we are using are open on the >> firewall... 8080, 8081, 443, 8443 and 8009. Tomcat is set to listen on >> port >> 8009 and I have configured the server.xml file to accept requests from >> 8009. >> >> When you ask how many threads I have configured you're talking about >> worker >> threads right? I only have the one. >> >> >> Michael Ludwig-6 wrote: >>> amythyst schrieb am 27.12.2010 um 06:52 (-0800): >>>> Hi, yes we have a connector configured for port 8009. >>> Configured, okay; but it is not replying to your redirector's requests. >>> You can test AJP connectivity using this Perl script: >>> >>> http://www.perlmonks.org/?node_id=766945 >>> >>>> Question about the firewall... IIS is set up for port 8081 and 443 >>>> for our default website. The application is running on 8080 and >>>> 8443. And as I said, tomcat is listening on 8009 to route traffic to >>>> the application. In the firewall, I believe the network guy has set >>>> up port 8081 to allow traffic inside. Does he also need to do >>>> something for 8009 or 8080 and 8443? >>> He needs to allow Tomcat to listen on 8009, and IIS to connect to >>> tomcat-server:8009. The other two ports your Tomcat is configured to >>> listen on should be irrelevant as far as the ISAPI redirector is >>> concerned; it does AJP, not HTTP or HTTPS. >>> >>>> We are running the app with SSL, so it would be the secure ports I >>>> should be focusing on right? >>> Not for the AJP connection between IIS and Tomcat. >>> >>>> Below are my worker files for the connector: >>>> >>>> # uriworkermap.properties - IIS >>>> /jira/*=worker1 >>> Okay. >>> >>>> # workers.properties.minimal - >>>> worker.list=worker1 >>>> worker.worker1.type=ajp13 >>>> worker.worker1.host=localhost >>>> worker.worker1.port=8009 >>> Also okay. If you don't configure the connection_pool_size, the >>> default applies, which is 250 for IIS. >>> >>> http://tomcat.apache.org/connectors-doc/reference/workers.html >>> >>> How many threads have you configured for your AJP connector? >>> >>> -- >>> Michael Ludwig >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/isapi_redirector.dll-Problems---Bad-Gateway--tp30500400p30546606.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
