HTTPS to Tomcat 8003....

Question

I think I have a very similar issue to the two following articles, however we have tried the respective "fixes" and had no joy :&nbsp;
https://devcentral.f5.com/questions/https-to-tomcat8080&nbsp;
https://devcentral.f5.com/questions/apache-tomcat-configuration-ltm&nbsp;
So basically, my situation is this :&nbsp;
CLIENT --&gt; HTTPS --&gt; F5 --&gt; HTTP:8003 --&gt; Tomcat Server&nbsp;
I have created a VIP which handles the SSL-termination. Then I have a server pool with a tomcat server listening on port 8003. 
When I connect directly to the tomcat server on port 8003 inside my network (  ), I get the expected tomcat page.  However, when I connect through my F5 load-balancer to ( , which points to a pool with that contains the tomcat server listening on 8003 ), then I get "This site can’t be reached. "vip_server_name" refused to connect. ERR_CONNECTION_REFUSED.&nbsp;
I need to know what I needs to do to either my F5 load-balancer or my tomcat server to make the connections work?  I "think" it is choking on the HTTPS and HTTP back and forth communications, but I am a lightweight in Linux and Tomcat and I am also fairly new to F5.  Any help is greatly appreciated.&nbsp;

kevin_stewart · Answer

There are a number of things that it could be, but you'd need to run some additional tests to narrow it down.

We first need to verify that traffic is actually getting to the Tomcat server. You can do that with a tcpdump capture on the server side F5 VLAN. You should see the port 8003 traffic in this capture. And since it's not encrypted, you can also see what the requests and response look like (using the -Xs0 switch).
tcpdump -lnni [server side vlan] -Xs0 port 8003

Assuming you see a full TCP 3-way handshake and some data going back and forth, look at the payload. Look for any responses from the server that look like HTTP redirects. You can also install Fiddler on the client side to get a better look. What you're looking for here are any redirects or URLs coming from Tomcat that specify "; instead of ";. This is a non-uncommon problem when application servers don't understand they're in an SSL-terminated environment and continue to send resource links via http.

Let us know what you see from the above tests.

tyson_james · Answer

It was indeed a firewall rule.  Thanks again!!!!&nbsp;

Forum Discussion

HTTPS to Tomcat 8003....

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

F5 monitor for Tomcat/Pega

Apache Tomcat Remote Code Execution via JSP upload (CVE-2017-12615 / CVE-2017-12617)

HTTP Multipart and Security Implications

Apache Tomcat Remote Code Execution on Windows (CVE-2019-0232)

Form Based Authentication with Tomcat not working on F5

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS