I have a CentOS 7 VM on Azure and having serious troubles to make it reachable from Internet.
Meanwhile it looks to be perfectly reachable by internal network:
[root#localhost bin]# telnet 192.168.200.128 8080
Trying 192.168.200.128...
Connected to 192.168.200.128.
Escape character is '^]'.
But i cannot reach it from internet by public IP:
> telnet x.x.x.x 8080
Connessione a x.x.x.x...Impossibile aprire una connessione con l'host. sulla porta 8080: Connessione non riuscita
(public IP removed for security purpose)
The port 8080 is correctly open on Azure NSG:
Priority
Name
Port
Protocol
Source
Destination
Action
350
Tomcat
8080
TCP
Any
Any
Allow
The port 8080 is correctly open and listening by Tomcat on VM:
[root#localhost ~]# netstat -tulpn | grep LISTEN
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 14987/java
tcp 0 0 0.0.0.0:5001 0.0.0.0:* LISTEN 14987/java
tcp 0 0 127.0.0.1:29130 0.0.0.0:* LISTEN 6594/mdsd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 616/rpcbind
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 14987/java
Firwall on VM is disabled :
[root#localhost ~]# service firewalld status
Redirecting to /bin/systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
I really have no idea what I'm missing here...
This is my server.xml :
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080"
protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
useIPVHosts="true"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8089" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" resolveHosts="true"/>
</Host>
</Engine>
</Service>
</Server>
Any help would be really appreciated!
Note that NGINX on port 80 is working perfectly also from internet!
I tried to reproduce the same in my environment I got the same error to make reachable Internet as port 8080.
To resolve this issue:
First, I have installed default Java development and runtime in CentOS 7.
sudo yum install java-1.8.0-openjdk-devel
And try to download a Tomcat bin file. I have downloaded apache-tomcat-9.0.68.tar.gz file in my directory like below.
When download is completed, try using this command to extract the tar file.
tar -xf apache-tomcat-9.0.68.tar.gz
And move the source file to the /opt/tomcat directory.
sudo mv apache-tomcat-9.0.68 /opt/tomcat/
Try following below script:
sudo mv apache-tomcat-9.0.27 /opt/tomcat/
sudo ln -s /opt/tomcat/apache-tomcat-9.0.27 /opt/tomcat/latest
sudo chown -R tomcat: /opt/tomcat
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
I used Sudo vi for text editor create a tomcat.service unit file and pasted from document content.
sudo vi /etc/systemd/system/tomcat.service
Try to start the tomcat:
Finally, when I try to run the firewall to access the tomcat interface from the outside of the local network it's works successfully.
Result:
Check whether you have added port 8080 in your vm as below:
In your virtual machine -> networking ->add inbound port rule -> add port 8080 like below.
Reference:
Install Tomcat 9 on CentOS 7 | Linuxize
Related
I am currently working with ActiveMQ and JMS. I am facing the problem that I want to change the port of the ActiveMQ web console (running as localhost on Linux - ubuntu 22). Working on the default port (8161) is no problem, but when I change the port in the file jetty.xml the web console does not start (or starts briefly and then stops).
Here are the steps I did (installation path is: /opt/apache-activemq-5.17.1/)
$ cd opt/apache-activemq-5.17.1/conf
$ sudo nano jetty.xml
Change port from 8161 to 61616 in jetty.xml:
<bean id="jettyPort" class="org.apache.activemq.web.WebConsolePort" init-method="init-method="start">
<!-- the default port number for the web console -->
<property name="host" value="127.0.0.1"/>
<!--property name="port" value="8161"/>-->
<property name="port" value=61616">
</bean>
After saving and returning I start ActiveMQ:
$ cd /opt/apache-activemq-5.17.1/bin/linux-x86-64
$ ls -l
total 152
-rwxr-xr-x 1 root root 15456 Mai 22 10:07 activemq
-rwxr-xr-x 1 root root 15248 Mai 22 10:07 libwrapper.so
-rwxr-xr-x 1 root root 111027 Mai 22 10:07 wrapper
-rw-r--r-- 1 root root 6730 Mai 22 10:07 wrapper.conf
$ sudo ./activemq start
Starting ActiveMQ Broker...
# Checking the status
$ sudo ./activemq status
ActiveMQ Broker is running (26867).
# Checking the status again (about 2-5 seconds execution last command)
$ sudo ./activemq status
ActiveMQ Broker is not running.
Edit/Solution:
The server did not start because OpenWire is already listening on port 61616. I have restored the default configurations. If you work with JMS, it is simply possible to access ActiveMQ on the default port 8161 via the browser and send messages with tcp://localhost:61616 in Java. Thanks to the user justin-bertram!
By default ActiveMQ listens on port 61616 for connections from OpenWire clients. See this in activemq.xml:
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
Therefore, if you change Jetty to also listen on port 61616 either Jetty or ActiveMQ itself will fail to start since only one service can be bound to any specific port at a time.
On running startup.sh, this is the output shown
Using CATALINA_BASE: /opt/tomcat
Using CATALINA_HOME: /opt/tomcat
Using CATALINA_TMPDIR: /opt/tomcat/temp
Using JRE_HOME: /usr/lib/jvm/java-1.8.0-openjdk-amd64
Using CLASSPATH: /opt/tomcat/bin/bootstrap.jar:/opt/tomcat/bin/tomcat-juli.jar
Tomcat started.
Followed this step by step for installation: https://phoenixnap.com/kb/how-to-install-tomcat-ubuntu
Opened the port using
sudo ufw allow 8080/tcp
sudo ufw allow 8080
netstat -tunlp | grep java gives this:
tcp6 0 0 :::8080 :::* LISTEN 13705/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 13705/java
But the http://ip:8008 does not show up the tomcat home page.
I am able to view the apache homepage at http://ip after apache2 installation but tomcat doesn't seem to work at all.
There is no error in catalina.out, last line says this
15-Jun-2020 23:10:05.846 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [1,223] milliseconds
Thanks in advance for the help.
Access application using http://127.0.0.1:8080 and test. If you want to access the application on IP address then add IP address in server.xml file and test.
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" address="IP-address" redirectPort="8443" />
My issue is that i cannot access (web-browse) my linux tomcat server from my windows local machine
So the Tomcat8 runs on RHL system on port 8080 and is configured in server.xml like this:
<Connector port="8080" address="localhost"
maxHttpHeaderSize="8192" maxPostSize="262144"
maxThreads="250" minSpareThreads="25"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="60000" disableUploadTimeout="true" />
The result if I try netstat command on application is this:
[root#XXXX]# sudo netstat -tanpu | grep ":8080"
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 21357/java
On my Windows 7 machine the netstat command return this:
netstat -na | find "10.111.XX.XXX"
TCP 10.12X.XX.XXX:24093 10.11X.XX.XXX:22 ESTABLISHED
TCP 10.12X.XX.XXX:62502 10.11X.XX.XXX:22 ESTABLISHED
I don't know exactly where to search further for this issue, can someone maybe help?
Thank you in advance!
Check if the internal firewall blocks the 8080 port. Something like
iptables -nvL
will help
I've installed Tomcat 9 on Ubuntu 18.04(VM). I cannot access tomcat using IP address from a browser (or curl)
On the VM, tomcat is running and curl http://1.2.3.4:8080 works.
But the same externally does not..
l-OSX: hal$ curl https://10.51.253.163:8080 -v
* Rebuilt URL to: https://10.51.253.163:8080/
* Trying 10.51.253.163...
* connect to 10.51.253.163 port 8080 failed: Operation timed out
* Failed to connect to 10.51.253.163 port 8080: Operation timed out
Tomcat's server.xml
<Engine name="Catalina" defaultHost="10.51.253.163">
...
<Host name="10.51.253.163" appBase="webapps"
unpackWARs="true" autoDeploy="true">
UFW is Inactive
sudo ufw status verbose`
Status: inactive`
Ping to the VM works
l-OSX: hal$ ping 10.51.253.163
PING 10.51.253.163 (10.51.253.163): 56 data bytes
64 bytes from 10.51.253.163: icmp_seq=0 ttl=58 time=111.914 ms
64 bytes from 10.51.253.163: icmp_seq=1 ttl=58 time=93.793 ms
Appreciate any help on this!
After some research and help from IT Support team, i was able to resolve this as below:
VM > Manage Security
Add Security Rule
Allow Port: 8080 on Protocol: TCP
Able to access Tomcat from browser.
Am using JDK 1.6, tomcat 7.0.32, and Red Hat Linux.
I need help setting up SSL on my local tomcat instance.
After looking at the instructions on the official tomcat 7 website:
[url=http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html]http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html[/url]
I followed the directions like this:
(1) cd $CATALINA_HOME/conf
(2) Create a certificate and store it in a new key store.
keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks
(3) Uncomment the SSL connector configuration in Tomcat's conf/server.xml, specifying your key store file and password.
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="./conf/keystore.jks"
keystorePass="mypassword"
/>
(4) Export the certificate from the key store.
keytool -exportcert -alias tomcat -file tomcat.crt -keystore keystore.jks
When I tried to (which would have been Step # 5) import the certificate into the trust store.
keytool -importcert -alias tomcat -file tomcat.crt -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts
I get the following prompt for my password (after which I enter in "mypassword"):
Enter keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
(I disregarded this step by the way because I found it on Google but not on the official Tomcat7-SSL-Howto documentation - please let me know if its necessary).
My full server.xml file (located under $CATALINA_HOME/conf):
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
<Listener className="org.apache.catalina.core.JasperListener"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<GlobalNamingResources>
<Resource auth="Container"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
name="UserDatabase"
pathname="conf/tomcat-users.xml"
type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>
<Service name="Catalina">
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="./conf/keystore.jks"
keystorePass="mypassword"
/>
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
<Engine defaultHost="localhost" name="Catalina">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
pattern="%h %l %u %t "%r" %s %b"
prefix="localhost_access_log."
suffix=".txt"/>
</Host>
</Engine>
</Service>
</Server>
Tomcat's server output:
INFO: Initializing ProtocolHandler ["http-bio-8080"]
Dec 17, 2012 5:17:59 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
Dec 17, 2012 5:17:59 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
Dec 17, 2012 5:43:08 PM org.apache.catalina.startup.Catalina start
Dec 17, 2012 5:43:08 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Dec 17, 2012 5:43:08 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8443"]
Dec 17, 2012 5:43:08 PM org.apache.coyote.AbstractP
INFO: Server startup in 9611 ms
When I go to my bash shell and type this in:
curl -X GET https://localhost:8443
I get the following error output:
curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Am I missing a step here?
I just want to enable SSL on Tomcat 7 and test it using curl.
Would appreciate it if someone could point me in the right direction.
For importing the certificate you should try "changeit", which is the defualt password for cacerts keystore