"downstream server wanted client certificate but none are configured" that is the problem. Do you have
verify-client in the AS configuration?
setting verify-client="false" fixed the issue, it works now but intermittently i get expected response but when i refresh i get the following:
The proxy server received an invalid response from an upstream server.
Apache/2.2.15 (Red Hat) Server at www.mydomain.com Port 443
The following is in apache ssl error log:
[error] (502)Unknown error 502: proxy: pass request body failed to 127.0.0.1:8843 (localhost)
[Wed Nov 21 14:04:50 2012] [error] proxy: pass request body failed to 127.0.0.1:8843 (localhost) from 127.0.0.1 ()
I looked it up and other people mention that app server configuration is not setup the same as webserver mod_cluster configuration. Any pointers on what configuration to look at?
The "bad gateway" probably JBPAPP-9493 :-(
Jean-Frederic was probably too modest to mention his cool fix: https://github.com/modcluster/mod_cluster/commit/855cdda451eb561abe10463133f36360d5a302fe :-)
If you get this 502 at the same time as you observe httpd's CLOSE_WAIT sockets via netstat, the fix will help you.
BTW: ... and you probably don't want the SSLProxyVerify require.
@Jean how can i confirm that the problem i am having is JBPAPP-9493? i dont see anything in jboss logs. does this fix apply for jboss EAP6 too?
@Michael i am not using SSLProxyVerify require. I see CLOSE_WAIT already when starting jboss and apache before hitting the application. How many is a sign of the problem?
netstat -an | grep -i close
tcp 8 0 127.0.0.1:36368 127.0.0.1:8743 CLOSE_WAIT
tcp 8 0 127.0.0.1:36381 127.0.0.1:8743 CLOSE_WAIT
tcp 8 0 127.0.0.1:36376 127.0.0.1:8743 CLOSE_WAIT
tcp 8 0 127.0.0.1:36373 127.0.0.1:8743 CLOSE_WAIT
tcp 8 0 127.0.0.1:36378 127.0.0.1:8743 CLOSE_WAIT
tcp 8 0 127.0.0.1:36369 127.0.0.1:8743 CLOSE_WAIT
tcp 8 0 127.0.0.1:36375 127.0.0.1:8743 CLOSE_WAIT
"does this fix apply for jboss EAP6 too?" it is planned to fix the problem in 6.0.1 (JBPAPP6-1170).
Thanks are there any instructions on installing the fix? I couldnt find them from the link above
if you have a support contract you should create a case and you will get your binary and the instructions how to install it, if no that is a bit more complex and that depends on the platform you are using.
The patch is in a C module so you need either try with the branch 1.2.x or checkout the tag corresponding to your EAP version.
To build mod_cluster use the instruction http://docs.jboss.org/mod_cluster/1.2.0/html/native.building.html to install the patch copy the mod_proxy_cluster.so to the httpd modules directory.