RE: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

Mon, 09 Mar 2020 12:34:52 -0700 

There appears to be a change in the behavior of AJP connector in Tomcat, with 
respect to the protocol stack of the loopback address it binds to.
With older versions it binds to both IPv6 and IPv4 interface, but with 9.0.31 
it appears to bind to IPv4 only, if the address attribute is removed from the 
connector config

Tomcat 9.0.16 - default config
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
netstat -ano | findstr 8009
  TCP    0.0.0.0:8009           0.0.0.0:0              LISTENING       19832
  TCP    [::]:8009              [::]:0                 LISTENING       19832
  
Tomcat 9.0.31 - note that address attribute is removed... in the standard 
config it is set to "::1". 
<Connector protocol="AJP/1.3" port="8009" redirectPort="8443" secret="seckey" />
netstat -ano | findstr 8009
  TCP    127.0.0.1:8009         0.0.0.0:0              LISTENING       8964

Even if the default is used it listens to IPv6 only    
 <Connector protocol="AJP/1.3" address="::1" port="8009" redirectPort="8443" 
secret="seckey" />
TCP    [::1]:8009             [::]:0                 LISTENING       3880

As per the docs, the default for ipv6v6only attribute is false. Should it not 
listen to both the protocol stacks.

-Piyush.

-----Original Message-----
From: Piyush Kumar Nayak <pna...@adobe.com.INVALID> 
Sent: Saturday, March 7, 2020 5:29 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: RE: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

Chris,
In both the cases, ISAPI and mod_jk, the hostname is set to "localhost"
Tomcat and webserver are on the same host machine.


-----Original Message-----
From: Christopher Schultz <ch...@christopherschultz.net>
Sent: Friday, March 6, 2020 8:20 PM
To: users@tomcat.apache.org
Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Piyush,

On 3/5/20 14:40, Piyush Kumar Nayak wrote:
> Thanks Mark, Two connector configs works. Any ideas, on why the 
> behavior if different for ISAPI and mod_jk modules?

What do your configurations look like for each module?

- -chris

> -----Original Message----- From: Mark H. Wood <mw...@iupui.edu>
> Sent: Thursday, March 5, 2020 10:28 PM To: users@tomcat.apache.org
> Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31
>
> On Thu, Mar 05, 2020 at 01:52:57PM +0000, Piyush Kumar Nayak
> wrote:
>> Is there a way to get Tomcat's AJP connector to bind to both IPv4 and
>> IPv6 loopback addresses.
>>
>> By default, it seems that Tomcat binds to IPv4 loopback Default 
>> connector config : <Connector protocol="AJP/1.3" port="8014"
>> redirectPort="8447" packetSize="65535" secret="xxx"
>> tomcatAuthentication="false"/>
>>
>> netstat -ano | findstr 8014 TCP 127.0.0.1:8014 0.0.0.0:0 LISTENING
>> 8616 TCP 127.0.0.1:8014 127.0.0.1:57510 ESTABLISHED
>> 8616 TCP 127.0.0.1:57510 127.0.0.1:8014 ESTABLISHED 11800
>>
>> Introducing the address attribute like so  : <Connector 
>> protocol="AJP/1.3" address="::1" port="8014" redirectPort="8447"
>> packetSize="65535" secret="xxx" tomcatAuthentication="false"/> binds 
>> it to IPv6 loopback TCP [::1]:8014 [::]:0 LISTENING 8616 TCP
>> [::1]:8014 [::1]:57522 ESTABLISHED 8616 TCP [::1]:57522
>> [::1]:8014 ESTABLISHED 6564
>>
>> Is there a way to make it bind to both the loopbacks. The problem we 
>> are facing is our Tomcat installations can have connector configured 
>> with IIS or Apache HTTPD. Apache connector, by default seems to make 
>> a socket connection using the address ::1 (IPv6 loop back address), 
>> whereas IIS connector tries to bind to the
>> IPv4 loopback.
>
> Two things I would try:
>
> 1.  Two connectors, one with address='::1' and the other with 
> address='127.0.0.1', both with port='8014'.
>
> 2.  Configure the other end explicitly:  tell HTTPD and IIS which 
> address to use, and then configure your AJP Connector to match.
>
> -- Mark H. Wood Lead Technology Analyst
>
> University Library Indiana University - Purdue University Indianapolis
> 755 W. Michigan Street Indianapolis, IN 46202
> 317-274-0749 www.ulib.iupui.edu
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5iYv0ACgkQHPApP6U8
pFj1zQ//ad7HvYwxxRINeF0UFw2bA1cIOcvJ2E5tFqDvdEtu52RIkQQaqNF2cMlA
VCE3M2HZFL2WvazAAVWFpzt3pIU0fe7BPAJneNF850maFHQ+05Agh3MKd/2VUjhe
5rad1JeNqRlXAAmPCEqOCewxj2z9+yEyNu/x2hHlEpFVdSpeTjGQbhiAEBL50qjk
FICEtw9QrCXw9JHCtPC5XBcbbkoUboejbeTdKz6n31djkwFpLigISgEds8haF7Kl
E7jx46/rqXxOUyRR9JFzWjGUC5Aim51WDn+gJruUhkd/CLAUcIHbbG6G3J7FKQGp
kYah8/sBCjCxuHVQtzmj6CopuYr+EkLNTe9GZyLnVDlQCv5GGSmwlsNSehRMEVbC
rDjoRbbaG/tDjtO9dao8w1Okae91DobzwdpM1XIKIuYgUuU83f+bz4P0KfCfeVzH
OH/YEmSFChynlYU31dd7HJTqdJUOVT2kTK3qncon2PEDHBoyEC+/F1wTFb16WlG9
XCG31UqhxGXxJ5p8Z5ts4jgaTRgNEMJQk19MCKfQcF6TAE8zXrOIRaTArB5eh1Ch
QgvUU2MFAYIoAup+5vQtaX52+9YM2CMPFy6IMdikNFCsy1O/2K11H7vf+K18xsmm
TOYf6up+AfAkcPTlzKfBhY0zjInVuYRZpM+oXqZm6oAC/TNH2G8=
=/AOd
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

B KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB  [  
X  ܚX KK[XZ[
 \ \  ][  X  ܚX P X ]
 \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
 \ \  Z[ X ]
 \X K ܙ B

Reply via email to