Let us play this scenario.

You have a web site at AWS.
Using CloudFront you successfully obtained SSL Certificate.
After SSL is established and the lock icon is well visible at the URL to your web site you might experience some troubles.

For example, the web site fails responding and eventually produces a disappointing 504 Error message.
We would like to save you hours or even days of research (that we spent some time in the past).
The most probable reason is this error that you might spot in the log file:

Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name.
HTTP method names must be tokens

The error was initiated by the HTTP request from a client. The request which has some unexpected format.
The request will have no response from the application. The application has not even seen the request.
Each error like that keeps a socket open and adds to a number of "Open Files".
So when you check the log of Open Files, you can see it is growing with more messages that ends like this:
CLOSE-WAIT.

As the number of Open Files gets to the limit then the application becomes silent and all you can see is the 504 Errror message.

How to check the Open Files log

$lfos

To store this log for analysis do the following:

$lfos > lfos.txt

To check the messages specific to your web site use this command:

$lfos -i:80 > lfos.port80.txt

How to check and increase the limit of Open Files

$ulimit -u -Hn

This command will describe the limit for a current user.
For example, if you logged to the system as root this will show the limit for the root user.

And then you can increase the limit by editing the file below:

$vi /etc/security/limits.conf

Read this file, check if there is any record with nofile attribute, like that:

Was it clear so far?

# - nofile maximum number of open files

Make sure that there is no other nofile records and change that record for example to:

* - nofile 90000

The nofile limit can be used with soft and hard attributes.
The hard limit is actual system limit similar to what you established above.

The soft limit is temporary limit.
Once the user exceeds the soft limit, a timer begins. Once the user goes below the soft limit, the timer gets reset. However, if the user's usage remains above the soft limit when the timer expires, the soft limit is enforced as a hard limit. By default, the soft limit timer is seven days.

Examples of setting soft and hard limits:

* soft nofile 10000
* hard nofile 90000

How to prevent the errors in the first place
Of course, increasing the lfos limits will just prolong the living time for your web site, but will not prevent the finale hour.

The real solution is find all cases when the site is not responding and cure the illness, not the symptoms.
There could be more errors.
Analyze your application log and do more testing...

Coming back to HTTP request related errors.

First make sure that the errors related to different non-ASCII coding is taken care of.

For example, Tomcat -based sites should include the URIEncoding="UTF-8" attribute in the tomcat/conf/server.xml - file.

Modify the Connector part of the server.xml


<Connector                                                                 

  connectionTimeout="20000"                                  

  port="80" protocol="HTTP/1.1" redirectPort="443"/>

to the following:


<Connector                                                                 

  URIEncoding="UTF-8" connectionTimeout="20000"                                  

  port="80" protocol="HTTP/1.1" redirectPort="443"/>

If you have a Java-based application that supports the web site, try to process possible errors in the filter part of the servlet.