Re: Issue with AJP listener
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 4/30/20 05:02, Martin Grigorov wrote: > Hi, > > On Thu, Apr 30, 2020 at 11:15 AM Mark Thomas > wrote: > >> On 29/04/2020 18:11, Christopher Schultz wrote: >>> Mark, >>> >>> On 4/28/20 13:33, Mark Thomas wrote: On 28/04/2020 16:30, Satya Kishore Thumu wrote: > Hi Chris, Post the Ghostcat changes tomcat now listens only > on ipv4 by default, what if somebody is using on IPv6, > Tomcat starts to listen on mapped IPv4 address which I > think is not correct. > I know that we can use ::1 in IPv6. Is there a way tomcat > can listen on both loopback addresses when available. >>> Not that I am aware of with the Java API. >>> >>> I think we had discussed the possibility of looking for a >>> "magic" value in the address="..." field to go back to the >>> previous behavior. The problem is that any reasonable string >>> you can choose can also be a valid hostname that should, >>> arguably, be used to resolve the IP address of the interface >>> (e.g. "localhost"). >> >> There is the empty string. We could use that as equivalent to >> the wildcard address (listen on all interfaces). >> > > The suggestion we discussed few weeks back was to have a special > value for "address" that would mean "localhost both IPv4 & IPv6", > e.g. "tomcat:localhost". If this special value is used then Tomcat > can create two Connector instances, one for 127.0.0.1 and another > for ::1, and use the rest of the Connector settings for both of > them. Another option would be to have "addresses" instead of "address", where we use comma-separated values for the interface IP addresses. I don't believe a comma is valid in a hostname or IP address expression. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6rMw0ACgkQHPApP6U8 pFgYgQ/8DquKg2LRoiF6GvS8hnmLUnQ7DuBeRSNPX4KZjDw7fkN8F/dV6Ko1ePVv eIKL3gv/yLCWRJ0a0PSFueUij21n3LNVwTp5KlKyR6Qba4mwQRNbqyu1n7Wtwn0g Fg1UerCKslLhu8IwXaHvt35zfuP012SAR3a1cJf5voV81Un90PQOGrPuMtZDeYau T3crtPnFOMaKbVKjPW1G68U0hEVGMXfyU4DIg6tiH82Fnvs2d3PwAyddxRRSESXs oPLqxIBRqQa2ElJaF1cBtYGDAlSdMp0XMYZSpuBtkXgz01SyoEDuGXeBehii1rju IcO/GsAhmOM4VDCv2hurJp2zf5N/Wq5jUdbTmRtPtLhYHys/PabQof5zjVunovOh Rfmmoej+xrkU6NS6HtIsEzb++A8/hVLROB09GpgAT6YgAyVCBi/aS1yxE4n4sxVt JFqih7pNKfyuiX9AUgJPm5EtzveMbQPTJF9GatRysrNzZ7S91kvDGTQ5+6aKm5Ci rlVvMT+2/5ztIkj7N0XmjGMMJwiwq4+T2PBJOk8FFOLwPzeec17QjtDwbtASheUu ytnY1vYKYw2x1SGnGmsIxYXsFTlJKOirwSSAMg0IflUpQiCHz38K7hDRtzhdS+aW E1sP5fmMh63d8Mw8v7YcFKYMr3Q/4Tt1pF9GBAM7paQeTfM5i38= =9+mk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with AJP listener
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 4/30/20 04:15, Mark Thomas wrote: > On 29/04/2020 18:11, Christopher Schultz wrote: >> Mark, >> >> On 4/28/20 13:33, Mark Thomas wrote: >>> On 28/04/2020 16:30, Satya Kishore Thumu wrote: Hi Chris, Post the Ghostcat changes tomcat now listens only on ipv4 by default, what if somebody is using on IPv6, Tomcat starts to listen on mapped IPv4 address which I think is not >>> correct. I know that we can use ::1 in IPv6. Is there a way tomcat can listen on both loopback addresses when >>> available. >> >>> Not that I am aware of with the Java API. >> >> I think we had discussed the possibility of looking for a >> "magic" value in the address="..." field to go back to the >> previous behavior. The problem is that any reasonable string you >> can choose can also be a valid hostname that should, arguably, be >> used to resolve the IP address of the interface (e.g. >> "localhost"). > > There is the empty string. We could use that as equivalent to the > wildcard address (listen on all interfaces). > > There is no option I am aware of (before or after the AJP changes) > that would allow listening on just 127.0.0.1 and ::1 Oh, duh. Yeah, I was thinking "all interfaces", not ust "all localhost-y interfaces". Blank would work for "all". >> I think the only practical way to do this would be to add >> another attribute like bindOnAllInterfaces="true" where we ignore >> the "address" attribute. Or maybe "address" always wins, but >> bindOnAllInterfaces="false" is the default. > > I'm not a fan of another attribute unless we really have to. bindOnAllInterfaces wouldn't be necessary (see above) but maybe "bindOnAllLocalInterfaces" or something like that. It's not that hard to (a) pick one or (b) configure two s. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6rMqcACgkQHPApP6U8 pFgnyw/+LYpT5nw8niom6OQIKCwWtc8VsytgrYUqS0/3X0HRL71cHCiNJccsdUlA KkaP/0a+swJQ9rMd+NPcFAU2xrfIsz0j3qeJZJufHdjShnEuJQ0i4QAYuD+RNp+p aVibo27/Jx3jbfATQPepKKu16ddTgUwnZWSLS7SpKgMSCdUlh9STYP+juQ0coUGq PTK4HukIirmC+olsbblwB3Vdc0UIF6mFnyDYKuS+OQHjfLj7yJhGXU2lwSgDzQ2a woEt4+NUHwautfbqMR9hobUk2yoPOGjBRJjPHyIOhaVhCf5Sm4FGT6PsZO0Btrys 01RT+SFaavglSrPzq3seQ86c3yJ4HlLg6BttEJpGI2eXKP3EpEh0YgFXGN+/3mPD hQdfZzrQLuQaTjh7YhN+kgNT0gdcvmuQ/9naEF9azjzMQVDGrDaNp9kDY0RrjV3C ZYlh9+jlr+Wx6OmZeTEJgzbJjUHpxqSr9zudKMJqu3cOPWtO9oWAYMeGo0PQyYHG XcGECyRUvsZi0vD8WGIuX8/N0gIS1p+B1/D4kUKHuhOP199V/gvjxKzYMe8rBCI8 GXHjzaj3oObWR9ygdsX/4XErqN1NUJ93z+XemHFL+wVRpEU+Xrga3b9bJAhvs921 rIPNlBkQANFJOqZZOr5q9yjV8gD4mktRBEC1PDLDKPgAwtjmnKY= =XbuY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Issue with AJP listener
Hi Mark, But that would have been the problem even earlier when Tomcat was listening on all available ip's on the machine. If not listening on two port's may be we should try to use IPv6 loopback rather than Mapped IPv4 address when IPv6 is Enabled. That would be inline with apache's resolution of localhost as well. Kishore -Original Message- From: Mark Thomas Sent: Thursday, April 30, 2020 2:47 PM To: users@tomcat.apache.org Subject: Re: Issue with AJP listener On 30/04/2020 10:02, Martin Grigorov wrote: > Hi, > > On Thu, Apr 30, 2020 at 11:15 AM Mark Thomas wrote: > >> On 29/04/2020 18:11, Christopher Schultz wrote: >>> Mark, >>> >>> On 4/28/20 13:33, Mark Thomas wrote: >>>> On 28/04/2020 16:30, Satya Kishore Thumu wrote: >>>>> Hi Chris, Post the Ghostcat changes tomcat now listens only on >>>>> ipv4 by default, what if somebody is using on IPv6, Tomcat starts >>>>> to listen on mapped IPv4 address which I think is not >>>> correct. >>>>> I know that we can use ::1 in IPv6. Is there a way tomcat can >>>>> listen on both loopback addresses when >>>> available. >>> >>>> Not that I am aware of with the Java API. >>> >>> I think we had discussed the possibility of looking for a "magic" >>> value in the address="..." field to go back to the previous behavior. >>> The problem is that any reasonable string you can choose can also be >>> a valid hostname that should, arguably, be used to resolve the IP >>> address of the interface (e.g. "localhost"). >> >> There is the empty string. We could use that as equivalent to the >> wildcard address (listen on all interfaces). >> > > The suggestion we discussed few weeks back was to have a special value > for "address" that would mean "localhost both IPv4 & IPv6", e.g. > "tomcat:localhost". > If this special value is used then Tomcat can create two Connector > instances, one for 127.0.0.1 and another for ::1, and use the rest of > the Connector settings for both of them. That gets messy, quickly. What do you do about the thread pools? Split maxThreads between them somehow? Use an executor? I think it is better to leave that to the system admin. I would expect "localhost" to resolve to the same thing for both httpd and Tomcat. There may be more mileage in figuring out what this isn't the case and solving that problem. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME Cryptographic Signature
Re: Issue with AJP listener
On 30/04/2020 10:02, Martin Grigorov wrote: > Hi, > > On Thu, Apr 30, 2020 at 11:15 AM Mark Thomas wrote: > >> On 29/04/2020 18:11, Christopher Schultz wrote: >>> Mark, >>> >>> On 4/28/20 13:33, Mark Thomas wrote: On 28/04/2020 16:30, Satya Kishore Thumu wrote: > Hi Chris, Post the Ghostcat changes tomcat now listens only on > ipv4 by default, what if somebody is using on IPv6, Tomcat starts > to listen on mapped IPv4 address which I think is not correct. > I know that we can use ::1 in IPv6. Is there a way tomcat can > listen on both loopback addresses when available. >>> Not that I am aware of with the Java API. >>> >>> I think we had discussed the possibility of looking for a "magic" >>> value in the address="..." field to go back to the previous behavior. >>> The problem is that any reasonable string you can choose can also be a >>> valid hostname that should, arguably, be used to resolve the IP >>> address of the interface (e.g. "localhost"). >> >> There is the empty string. We could use that as equivalent to the >> wildcard address (listen on all interfaces). >> > > The suggestion we discussed few weeks back was to have a special value for > "address" that would mean "localhost both IPv4 & IPv6", e.g. > "tomcat:localhost". > If this special value is used then Tomcat can create two Connector > instances, one for 127.0.0.1 and another for ::1, and use the rest of the > Connector settings for both of them. That gets messy, quickly. What do you do about the thread pools? Split maxThreads between them somehow? Use an executor? I think it is better to leave that to the system admin. I would expect "localhost" to resolve to the same thing for both httpd and Tomcat. There may be more mileage in figuring out what this isn't the case and solving that problem. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with AJP listener
Hi, On Thu, Apr 30, 2020 at 11:15 AM Mark Thomas wrote: > On 29/04/2020 18:11, Christopher Schultz wrote: > > Mark, > > > > On 4/28/20 13:33, Mark Thomas wrote: > >> On 28/04/2020 16:30, Satya Kishore Thumu wrote: > >>> Hi Chris, Post the Ghostcat changes tomcat now listens only on > >>> ipv4 by default, what if somebody is using on IPv6, Tomcat starts > >>> to listen on mapped IPv4 address which I think is not > >> correct. > >>> I know that we can use ::1 in IPv6. Is there a way tomcat can > >>> listen on both loopback addresses when > >> available. > > > >> Not that I am aware of with the Java API. > > > > I think we had discussed the possibility of looking for a "magic" > > value in the address="..." field to go back to the previous behavior. > > The problem is that any reasonable string you can choose can also be a > > valid hostname that should, arguably, be used to resolve the IP > > address of the interface (e.g. "localhost"). > > There is the empty string. We could use that as equivalent to the > wildcard address (listen on all interfaces). > The suggestion we discussed few weeks back was to have a special value for "address" that would mean "localhost both IPv4 & IPv6", e.g. "tomcat:localhost". If this special value is used then Tomcat can create two Connector instances, one for 127.0.0.1 and another for ::1, and use the rest of the Connector settings for both of them. > > There is no option I am aware of (before or after the AJP changes) that > would allow listening on just 127.0.0.1 and ::1 > > > I think the only practical way to do this would be to add another > > attribute like bindOnAllInterfaces="true" where we ignore the > > "address" attribute. Or maybe "address" always wins, but > > bindOnAllInterfaces="false" is the default. > > I'm not a fan of another attribute unless we really have to. > > > Because it is possible to bind to all interfaces, right? Just don't > > specify a specific interface when creating the server socket? > > Yes. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Issue with AJP listener
On 29/04/2020 18:11, Christopher Schultz wrote: > Mark, > > On 4/28/20 13:33, Mark Thomas wrote: >> On 28/04/2020 16:30, Satya Kishore Thumu wrote: >>> Hi Chris, Post the Ghostcat changes tomcat now listens only on >>> ipv4 by default, what if somebody is using on IPv6, Tomcat starts >>> to listen on mapped IPv4 address which I think is not >> correct. >>> I know that we can use ::1 in IPv6. Is there a way tomcat can >>> listen on both loopback addresses when >> available. > >> Not that I am aware of with the Java API. > > I think we had discussed the possibility of looking for a "magic" > value in the address="..." field to go back to the previous behavior. > The problem is that any reasonable string you can choose can also be a > valid hostname that should, arguably, be used to resolve the IP > address of the interface (e.g. "localhost"). There is the empty string. We could use that as equivalent to the wildcard address (listen on all interfaces). There is no option I am aware of (before or after the AJP changes) that would allow listening on just 127.0.0.1 and ::1 > I think the only practical way to do this would be to add another > attribute like bindOnAllInterfaces="true" where we ignore the > "address" attribute. Or maybe "address" always wins, but > bindOnAllInterfaces="false" is the default. I'm not a fan of another attribute unless we really have to. > Because it is possible to bind to all interfaces, right? Just don't > specify a specific interface when creating the server socket? Yes. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with AJP listener
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 4/28/20 13:33, Mark Thomas wrote: > On 28/04/2020 16:30, Satya Kishore Thumu wrote: >> Hi Chris, Post the Ghostcat changes tomcat now listens only on >> ipv4 by default, what if somebody is using on IPv6, Tomcat starts >> to listen on mapped IPv4 address which I think is not > correct. >> I know that we can use ::1 in IPv6. Is there a way tomcat can >> listen on both loopback addresses when > available. > > Not that I am aware of with the Java API. I think we had discussed the possibility of looking for a "magic" value in the address="..." field to go back to the previous behavior. The problem is that any reasonable string you can choose can also be a valid hostname that should, arguably, be used to resolve the IP address of the interface (e.g. "localhost"). I think the only practical way to do this would be to add another attribute like bindOnAllInterfaces="true" where we ignore the "address" attribute. Or maybe "address" always wins, but bindOnAllInterfaces="false" is the default. Because it is possible to bind to all interfaces, right? Just don't specify a specific interface when creating the server socket? - -chris >> -Original Message----- From: Christopher Schultz >> Sent: Tuesday, April 28, 2020 8:19 >> PM To: users@tomcat.apache.org Subject: Re: Issue with AJP >> listener >> >> Satya, >> >> On 4/28/20 06:06, Satya Kishore Thumu wrote: >>> We are using apache before Tomcat as front end and using modjk >>> for connection between apache and Tomcat. After upgrading >>> tomcat(to 7.0.100 as we have other dependencies we can't use >>> latest as of now), i'm unable to use ajp.host as "localhost" in >>> IPv6 and works only with ::1. Need help if there is any >>> configuration that can be done to use localhost even in IPv6 >>> environment. >> >> The issue is that Tomcat changed its default "address" from "all >> interfaces" to "localhost". This change was made in Tomcat >> 7.0.100 in the 7.0.x branch. >> >> Apache httpd and Java may disagree as to how "localhost" >> resolves. If you want to force Tomcat to use the IPv4 address, >> you should be able to do this in your conf/server.xml: >> >> >> >> Then restart Tomcat. This will cause Tomcat to bind to the IPv4 >> flavor of "localhost" and httpd should be abel to communicate >> again. >> >> Note that there were other changes related to AJP connections in >> the same version. Please read this carefully: >> >> http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.100 _(v >> >> ioletagg) >> >> Hope that helps, -chris >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6ptUsACgkQHPApP6U8 pFjQkhAAgkMw19FJbqM3T8d1L2zAzE1WnGeCg4nrcubtOWGXz9wFJO4yQX1B6gX8 VprMAgRcggYWxtsQ5LUbrrFNwQ+3X85+c/t+MY8fHtgXx0+gaPO1f6x8tv/2LfO9 Yqeg2hmeEpF5jAlmV3FInwsxkbdZs0NSsa8bmH2x9SUHLfaag15Xc1BF7uh2yACl FGW2hB55mSscLg9CUycRip6KwB/56OTppRI/9iv0EOS9Vh9BivzX2UMFbeNO/ovu k+DPrT5VVFIAx3ai/u+WxRwRjVJ30EQ8gW1U8fAERjifgH9LpDjv3nU1zgBU9xCJ keq3X3WeBwfdL4sMV+jALot8QJOpSfhnnOWWt7mY18tT9KtPnnDO1Ns/jHOdWmN6 9tSOPrTx1Dz39LdjxZMKjR7NKuhfJPC7h1+KoN7xJXgK8L5h3Vj7D5TCFZHhmqwW oCAl4xFhbPWA/ZDmwDZGCz4JCQSieJOqlN7kJRfs+elnj6nQMZ9jBM9L985ygAbg ISnI9Tv6dEjloRH9KPzC5If7YqUa9/D9XKS2C60fSttMPFRu7VTlwsHK9dJGS1w4 twwO8rX3zu+c8i5I0yHASj64obnnpJjDJFAkHoVNxRJ8RHQWk423F2TRaGOUzDGv H/xdv0cQAUO18WejoZY3Nl4ug5d1e7vVmR7yibrrHSIE8y4gOIw= =EeKr -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with AJP listener
On 28/04/2020 16:30, Satya Kishore Thumu wrote: > Hi Chris, > Post the Ghostcat changes tomcat now listens only on ipv4 by default, what > if somebody is using on IPv6, > Tomcat starts to listen on mapped IPv4 address which I think is not correct. > I know that we can use ::1 in IPv6. > Is there a way tomcat can listen on both loopback addresses when available. Not that I am aware of with the Java API. Mark > > Thank you, > Kishore > > -Original Message- > From: Christopher Schultz > Sent: Tuesday, April 28, 2020 8:19 PM > To: users@tomcat.apache.org > Subject: Re: Issue with AJP listener > > Satya, > > On 4/28/20 06:06, Satya Kishore Thumu wrote: >> We are using apache before Tomcat as front end and using modjk for >> connection between apache and Tomcat. After upgrading tomcat(to >> 7.0.100 as we have other dependencies we can't use latest as of now), >> i'm unable to use ajp.host as "localhost" in IPv6 and works only with >> ::1. Need help if there is any configuration that can be done to use >> localhost even in IPv6 environment. > > The issue is that Tomcat changed its default "address" from "all interfaces" > to "localhost". This change was made in Tomcat 7.0.100 in the 7.0.x branch. > > Apache httpd and Java may disagree as to how "localhost" resolves. If you > want to force Tomcat to use the IPv4 address, you should be able to do this > in your conf/server.xml: > > > > Then restart Tomcat. This will cause Tomcat to bind to the IPv4 flavor of > "localhost" and httpd should be abel to communicate again. > > Note that there were other changes related to AJP connections in the same > version. Please read this carefully: > > http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.100_(v > ioletagg) > > Hope that helps, > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Issue with AJP listener
Hi Chris, Post the Ghostcat changes tomcat now listens only on ipv4 by default, what if somebody is using on IPv6, Tomcat starts to listen on mapped IPv4 address which I think is not correct. I know that we can use ::1 in IPv6. Is there a way tomcat can listen on both loopback addresses when available. Thank you, Kishore -Original Message- From: Christopher Schultz Sent: Tuesday, April 28, 2020 8:19 PM To: users@tomcat.apache.org Subject: Re: Issue with AJP listener -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Satya, On 4/28/20 06:06, Satya Kishore Thumu wrote: > We are using apache before Tomcat as front end and using modjk for > connection between apache and Tomcat. After upgrading tomcat(to > 7.0.100 as we have other dependencies we can't use latest as of now), > i'm unable to use ajp.host as "localhost" in IPv6 and works only with > ::1. Need help if there is any configuration that can be done to use > localhost even in IPv6 environment. The issue is that Tomcat changed its default "address" from "all interfaces" to "localhost". This change was made in Tomcat 7.0.100 in the 7.0.x branch. Apache httpd and Java may disagree as to how "localhost" resolves. If you want to force Tomcat to use the IPv4 address, you should be able to do this in your conf/server.xml: Then restart Tomcat. This will cause Tomcat to bind to the IPv4 flavor of "localhost" and httpd should be abel to communicate again. Note that there were other changes related to AJP connections in the same version. Please read this carefully: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.100_(v ioletagg) Hope that helps, - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6oQlAACgkQHPApP6U8 pFiwuw//dlNNPtsCM85g8ejOawkY4LCOCJTkXc5q6vO1mbjMkrUd/0AnShdpTDLS 8tQSv6HY/b9pXv02hISK067P3y6zF9GOgoZPHZ/u5WErvAYpQnX77nrytuejhLXI QumMEojR9QTOxhsXXx2cn4Z4EjrQQ3yR4TjJ0yiuLmQDD24NlNww+LtXCidbponv t4hrplShX/OH8X4Il41t0cGM5Rij6qgiI5AnwBpzULJ0wroj/Hnu6w6GSO/xxY4h ToZmnKSN8sPkEs8UQKc0tf6NCZUGXMmbz3XoGgM9sL31uQI8+NuwinYChjBfy2JA /bn+n5uKZ60ut0TLTwYA3nj5C7EhypszZtVYQmAqWtbVo+kHdhE6wqMbuGPdRgui wEBItaAOCBxrMLXZyFGjMVam76AbG/RBNHsBTnogOVbHSl5CrM1jCjB8s/+uLlmB Y/sSbgqvXxYjCBic3G+6++u5QQ4OwzZUuidcjQGpkDNOfqk5Bxl757C+vGrcwnjx vYmRUQHJcHdiVJvzCrSw0OlL7/Q6w5lFE383Fdirs+DMIyj3qprFzHn25ShNAsPN Pe9FqL8E55mNBchxjWEdKgqryS5Po20Tm1vnwK/UDECfsf+/0mpNCCaZpXcLFaco Ex4UCamwEPwGNeeunRIys/8eKKRCoEa8l2VhiB9JkjlqeDWFplY= =pcIq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME Cryptographic Signature
Re: Issue with AJP listener
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Satya, On 4/28/20 06:06, Satya Kishore Thumu wrote: > We are using apache before Tomcat as front end and using modjk for > connection between apache and Tomcat. After upgrading tomcat(to > 7.0.100 as we have other dependencies we can't use latest as of > now), i'm unable to use ajp.host as "localhost" in IPv6 and works > only with ::1. Need help if there is any configuration that can be > done to use localhost even in IPv6 environment. The issue is that Tomcat changed its default "address" from "all interfaces" to "localhost". This change was made in Tomcat 7.0.100 in the 7.0.x branch. Apache httpd and Java may disagree as to how "localhost" resolves. If you want to force Tomcat to use the IPv4 address, you should be able to do this in your conf/server.xml: Then restart Tomcat. This will cause Tomcat to bind to the IPv4 flavor of "localhost" and httpd should be abel to communicate again. Note that there were other changes related to AJP connections in the same version. Please read this carefully: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.100_(v ioletagg) Hope that helps, - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6oQlAACgkQHPApP6U8 pFiwuw//dlNNPtsCM85g8ejOawkY4LCOCJTkXc5q6vO1mbjMkrUd/0AnShdpTDLS 8tQSv6HY/b9pXv02hISK067P3y6zF9GOgoZPHZ/u5WErvAYpQnX77nrytuejhLXI QumMEojR9QTOxhsXXx2cn4Z4EjrQQ3yR4TjJ0yiuLmQDD24NlNww+LtXCidbponv t4hrplShX/OH8X4Il41t0cGM5Rij6qgiI5AnwBpzULJ0wroj/Hnu6w6GSO/xxY4h ToZmnKSN8sPkEs8UQKc0tf6NCZUGXMmbz3XoGgM9sL31uQI8+NuwinYChjBfy2JA /bn+n5uKZ60ut0TLTwYA3nj5C7EhypszZtVYQmAqWtbVo+kHdhE6wqMbuGPdRgui wEBItaAOCBxrMLXZyFGjMVam76AbG/RBNHsBTnogOVbHSl5CrM1jCjB8s/+uLlmB Y/sSbgqvXxYjCBic3G+6++u5QQ4OwzZUuidcjQGpkDNOfqk5Bxl757C+vGrcwnjx vYmRUQHJcHdiVJvzCrSw0OlL7/Q6w5lFE383Fdirs+DMIyj3qprFzHn25ShNAsPN Pe9FqL8E55mNBchxjWEdKgqryS5Po20Tm1vnwK/UDECfsf+/0mpNCCaZpXcLFaco Ex4UCamwEPwGNeeunRIys/8eKKRCoEa8l2VhiB9JkjlqeDWFplY= =pcIq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with AJP listener
On Tue, Apr 28, 2020 at 3:39 PM Satya Kishore Thumu wrote: > *@Naga Ramesh*, > we are using apache 2.4.41 and AJP connector 2.4.48. > > worker.ajp13.port=8009 > worker.ajp13.host=localhost > These are entries that we use on Tomcat server.xml and use the same > entries for apache. > > *@martin* Till we upgraded to tomcat 7.0.100, we were able to use > localhost both for IPv4 env and IPv6 as well. > I tried digging up a little into tomcat 7.x code could not find exactly > what changed the behaviour. > Check the changelog for .100: https://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.100_(violetagg) It is in Coyote section: Change the default bind address for the AJP/1.3 connector to be the loopback address. (markt) This is a fix for a security issue. Until .99 Tomcat bound on all network interfaces. Since .100 it binds by default on "localhost" (IPv4) only. You can use 0.0.0.0 to bind on all again but this is highly NOT recommended! https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100 > Thank you, > Kishore > > > On Tue, Apr 28, 2020 at 4:12 PM Martin Grigorov > wrote: > >> Hi, >> >> On Tue, Apr 28, 2020 at 1:06 PM Satya Kishore Thumu >> wrote: >> >> > Hi, >> > We are using apache before Tomcat as front end and using modjk for >> > connection between apache and Tomcat. After upgrading tomcat(to 7.0.100 >> as >> > we have other dependencies we can't use latest as of now), i'm unable to >> > use ajp.host as "localhost" in IPv6 and works only with ::1. Need help >> if >> > there is any configuration that can be done to use localhost even in >> IPv6 >> > environment. >> > >> >> The only way I am aware of is to have two entries - one for >> IPv4 (with "localhost") and another for IPv6 (for "::1"). Both listening >> on >> the same port. >> >> Martin >> >> >> > >> > Thank you, >> > Kishore >> > >> >
Re: Issue with AJP listener
*@Naga Ramesh*, we are using apache 2.4.41 and AJP connector 2.4.48. worker.ajp13.port=8009 worker.ajp13.host=localhost These are entries that we use on Tomcat server.xml and use the same entries for apache. *@martin* Till we upgraded to tomcat 7.0.100, we were able to use localhost both for IPv4 env and IPv6 as well. I tried digging up a little into tomcat 7.x code could not find exactly what changed the behaviour. Thank you, Kishore On Tue, Apr 28, 2020 at 4:12 PM Martin Grigorov wrote: > Hi, > > On Tue, Apr 28, 2020 at 1:06 PM Satya Kishore Thumu > wrote: > > > Hi, > > We are using apache before Tomcat as front end and using modjk for > > connection between apache and Tomcat. After upgrading tomcat(to 7.0.100 > as > > we have other dependencies we can't use latest as of now), i'm unable to > > use ajp.host as "localhost" in IPv6 and works only with ::1. Need help if > > there is any configuration that can be done to use localhost even in IPv6 > > environment. > > > > The only way I am aware of is to have two entries - one for > IPv4 (with "localhost") and another for IPv6 (for "::1"). Both listening on > the same port. > > Martin > > > > > > Thank you, > > Kishore > > > smime.p7s Description: S/MIME Cryptographic Signature
Re: Issue with AJP listener
Hi, On Tue, Apr 28, 2020 at 1:06 PM Satya Kishore Thumu wrote: > Hi, > We are using apache before Tomcat as front end and using modjk for > connection between apache and Tomcat. After upgrading tomcat(to 7.0.100 as > we have other dependencies we can't use latest as of now), i'm unable to > use ajp.host as "localhost" in IPv6 and works only with ::1. Need help if > there is any configuration that can be done to use localhost even in IPv6 > environment. > The only way I am aware of is to have two entries - one for IPv4 (with "localhost") and another for IPv6 (for "::1"). Both listening on the same port. Martin > > Thank you, > Kishore >