+++ This bug was initially created as a clone of Bug #901145 +++

Complexity: High
project_key: JBEWS

Jira
* [JBPAPP-10319] mod_cluster returns "Bad Gateway" HTTP ErrorCode 502 with https
is likely to affect EWS 2.0 as well.

h3. Issue confirmed

Issue reproduced with *EWS 2.0.0 CR4*. See the attached [^JBPAPP-9493-reproduced-with-EWS2.0.0.CR4.zip]

--- Additional comment from Michal Babacek on 2012-10-31 19:30:36 EDT ---

Link: Added: This issue Cloned from JBPAPP-10319


--- Additional comment from Michal Babacek on 2012-10-31 19:30:36 EDT ---

Link: Added: This issue is related to JBPAPP-10029


--- Additional comment from Michal Babacek on 2012-10-31 19:30:37 EDT ---

Link: Added: This issue is related to JBPAPP-9493


--- Additional comment from Michal Babacek on 2012-10-31 19:33:33 EDT ---

Steps to Reproduce: Removed: h3. How to reproduce
 # Configure AS7 with HTTPS connector as in [^JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip]
 # Configure Httpd + Mod_cluster with SSL as in [^JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip]
 # Start httpd
 # Start AS7
 # Send a request, e.g. like:
 {noformat}
curl https://localhost:8888/SessionTest/session --cert /home/mbabacek/EAP6/Client/client.crt --key /home/mbabacek/EAP6/Client/client.key --cacert /home/mbabacek/EAP6/Client/myca.crt --insecure -c originally_empty_cookiefile.txt -b originally_empty_cookiefile.txt 2> /dev/null
 {noformat}
 # Optionally, wait ~10 minutes. (!) You might start to having errors even without this request free wait period.
 # Sned another request & get an error
 # Eventually, after *STATUS* message is received, you will get correct HTTP 200 again.

(i) *Note:* As soon as STATUS message is received, it picks up again...
 
Workaround Description: Removed: Turning off keepAlive settings, see [Aaron's comment|https://issues.jboss.org/browse/JBPAPP-9493?focusedCommentId=12709722&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12709722] 


--- Additional comment from lfuka on 2012-11-05 07:35:09 EST ---

Link: Added: This issue relates to JBPAPP-9551


--- Additional comment from Michal Babacek on 2012-11-05 08:54:55 EST ---

Release Notes Text: Added: Issue causes mod_cluster to return an HTTP error 502 (Bad Gateway) after a period of inactivity in case only HTTPS connector is enabled for balancer-worker communication. Httpd tries to re-use a connection that have been closed already. SSL handshake fails and HTTP error is triggered. Known workaround: Either allow AJP connector on workers or: Set maxKeepAliveRequests="1" in server.xml, Set smax to 0 in mod_cluster worker configuration, SetEnv proxy-nokeepalive 1 and SetEnv proxy-initial-not-pooled 1 in your httpd configuration.


--- Additional comment from Michal Babacek on 2012-11-05 10:15:18 EST ---

Attachment: Added: JBPAPP-9493-reproduced-with-EWS2.0.0.CR4.zip


--- Additional comment from Misha H. Ali on 2012-11-05 10:23:39 EST ---

Release Notes Docs Status: Added: Documented as Known Issue
Writer: Added: mhusnain
Release Notes Text: Removed: Issue causes mod_cluster to return an HTTP error 502 (Bad Gateway) after a period of inactivity in case only HTTPS connector is enabled for balancer-worker communication. Httpd tries to re-use a connection that have been closed already. SSL handshake fails and HTTP error is triggered. Known workaround: Either allow AJP connector on workers or: Set maxKeepAliveRequests="1" in server.xml, Set smax to 0 in mod_cluster worker configuration, SetEnv proxy-nokeepalive 1 and SetEnv proxy-initial-not-pooled 1 in your httpd configuration. Added: mod_cluster returns a HTTP error 502 (Bad Gateway) after a period of inactivity if only HTTPS connector is enabled for balancer-worker communication. Httpd tries to re-use a connection that have been closed already. SSL handshake fails and HTTP error is triggered.

As a workaround, either allow AJP connector on all workers or set maxKeepAliveRequests="1" in server.xml, Set smax to 0 in mod_cluster worker configuration, SetEnv proxy-nokeepalive 1 and SetEnv proxy-initial-not-pooled 1 in your httpd configuration.


--- Additional comment from Michal Babacek on 2012-11-05 10:55:09 EST ---

Workaround in *Release Notes* by [~aogburn] in [comment|https://issues.jboss.org/browse/JBPAPP-9493?focusedCommentId=12709722&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12709722].

--- Additional comment from Michal Babacek on 2012-11-07 09:59:12 EST ---

Follow the most up-to-date feed on [JBPAPP-10029|https://issues.jboss.org/browse/JBPAPP-10029?focusedCommentId=12732465&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12732465] ...

--- Additional comment from Jiri Skrabal on 2012-11-13 10:56:38 EST ---

Release Notes Docs Status: Removed: Documented as Known Issue 
Writer: Removed: mhusnain 
Release Notes Text: Removed: mod_cluster returns a HTTP error 502 (Bad Gateway) after a period of inactivity if only HTTPS connector is enabled for balancer-worker communication. Httpd tries to re-use a connection that have been closed already. SSL handshake fails and HTTP error is triggered.

As a workaround, either allow AJP connector on all workers or set maxKeepAliveRequests="1" in server.xml, Set smax to 0 in mod_cluster worker configuration, SetEnv proxy-nokeepalive 1 and SetEnv proxy-initial-not-pooled 1 in your httpd configuration. 
Docs QE Status: Removed: NEW 


--- Additional comment from Adam Kovari on 2012-11-14 03:35:55 EST ---

Link: Added: This issue is related to JBPAPP-10409


--- Additional comment from Jean-frederic Clere on 2013-04-23 08:32:28 EDT ---

It needs either the patch from:
https://github.com/modcluster/mod_cluster/commit/855cdda451eb561abe10463133f36360d5a302fe
or:
a release 1.2.4.Final from mod_cluster.