Re: three problems
Clearly, my eyes aren't as sharp when I'm half-awake. Here's the culprit: : REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with : icmp-host-prohibited That's the tail end of the chain, so any rules appended to that chain (like the Tomcat rule I showed you) will never be reached. Rerun the iptables --list command, but use the switch to show rule numbers. You can then run the other iptables command I showed you, but use *insert* instead of *append*. Be sure to insert above that last reject rule. See the iptables docs/manpage for more info, commandline switches, etc. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: three problems
Thanks QM! This works now! :) yuppiii! I run the same command for the iptables with a bit change: iptables -t filter -I RH-Firewall-1-INPUT 7\ -p tcp --dport 8080 \ -m state --state NEW -j ACCEPT service iptables save the -I option to insert this rule in a specific line number, in my case 7. And it works. My tomcat can be seen from the outside now. By the way, I managed to run tomcat from a user tomcat and not from root. :) Also, I added the following lines in the server.xml file at the very end. After the last /Context tag and before the last /Host tag: Context path=/~dln docBase=/home/dln/wwwdocs debug=0 reloadable=true crossContext=true /Context This allows me to now see the jsp's located in /home/dln/wwwdocs as http://my.domain.com:8080/~dln/myfile.jsp But I would like to be able to access this file with no 8080 port at all, like this: http://my.domain.com/~dln/myfile.jsp Does anybody know how to accomplish this? I tested the following : http://localhost:8080/examples and http://localhost/examples and they both work fine. If I try to reach from the outside http://my.domain.com:8080/examples it works fine, but I cannot see the http://my.domain.com/examples -Original Message- From: QM [mailto:[EMAIL PROTECTED] Sent: Friday, June 18, 2004 6:18 AM To: Tomcat Users List Subject: Re: three problems Clearly, my eyes aren't as sharp when I'm half-awake. Here's the culprit: : REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with : icmp-host-prohibited That's the tail end of the chain, so any rules appended to that chain (like the Tomcat rule I showed you) will never be reached. Rerun the iptables --list command, but use the switch to show rule numbers. You can then run the other iptables command I showed you, but use *insert* instead of *append*. Be sure to insert above that last reject rule. See the iptables docs/manpage for more info, commandline switches, etc. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: three problems
On Fri, Jun 18, 2004 at 12:30:26PM -0600, Casas, Claudia wrote: : Thanks QM! This works now! :) yuppiii! Excellent -- and thank you for posting what you did. That'll help someone else in the archives. : But I would like to be able to access this file with no 8080 port at : all, like this: http://my.domain.com/~dln/myfile.jsp : Does anybody know how to accomplish this? You once mentioned, Apache is in front of Tomcat, correct? This will involve a tweak to the JK config, and (perhaps) Apache's mod_userdir (or whatever it's called) to pass requests for /~user to Tomcat. I'm vague on the details, because I'm short on time today. Good luck, -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
three problems
Hello everyone, I am pretty new to tomcat. I just managed to install apache2.0.49 and tomcat4.1.30 and the jk1.2 connector on linux redhat 3 AS. I was so happy because when I typed: http://localhost:8080/examples and http://localhost/examples I am able to view my jsp and servlet examples. I have encounted three problems unfortunately: 1) When I go to another PC and try to access my server: http://my.domain.com:8080 http://my.domain.com:8080/ I get The page cannot be displayed but if I access http://my.domain.com:80 http://my.domain.com/ (apache), it works fine Why in this world can I access my tomcat from my server directly but not from outside my server?? 2) When I run tomcat as root, my mod_jk.conf file is automatically created inside my conf directory. But if I run it as a tomcat user, then no mod_jk.conf file is created. 3) But not least, I would like to web applications through my user directories and not through the tomcat directory. I know I have to add something in the context path area, but not sure what to do. Please, if anyone has an answer to these problems, I would really appreciate your help. !-- Claudia Casas Application Development Coordinator Digital Media Center, Ext. 5940 -- Technology does not drive change -- it enables change.
Re: three problems
On Thu, Jun 17, 2004 at 05:44:51PM -0600, Casas, Claudia wrote: : 1) When I go to another PC and try to access my server: : http://my.domain.com:8080 http://my.domain.com:8080/ I get The page : cannot be displayed : but if I access http://my.domain.com:80 http://my.domain.com/ : (apache), it works fine : : Why in this world can I access my tomcat from my server directly but not : from outside my server?? You must explicitly setup Tomcat to listen on IP addresses other than localhost if you want to access Tomcat remotely (but not through Apache). Refer to the address attr of the Connector element in server.xml. : 2) When I run tomcat as root, my mod_jk.conf file is automatically : created inside my conf directory. : But if I run it as a tomcat user, then no mod_jk.conf file is : created. Most likely, a permissions problem: is the directory writable to the (non-root) user in question? : 3) But not least, I would like to web applications through my user : directories and not through the tomcat directory. : I know I have to add something in the context path area, but not : sure what to do. There's a config directive for this, something like userdir. I don't know it off the top of my head, but a search on the Tomcat site should find it. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: three problems
Thanks for your prompt answer, Could you be more specific on the address attr? I have the following in the Connector element on my server.xml: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 masProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / -Original Message- From: QM [mailto:[EMAIL PROTECTED] Sent: Thursday, June 17, 2004 6:09 PM To: Tomcat Users List Subject: Re: three problems On Thu, Jun 17, 2004 at 05:44:51PM -0600, Casas, Claudia wrote: : 1) When I go to another PC and try to access my server: : http://my.domain.com:8080 http://my.domain.com:8080/ I get The page : cannot be displayed : but if I access http://my.domain.com:80 http://my.domain.com/ : (apache), it works fine : : Why in this world can I access my tomcat from my server directly but not : from outside my server?? You must explicitly setup Tomcat to listen on IP addresses other than localhost if you want to access Tomcat remotely (but not through Apache). Refer to the address attr of the Connector element in server.xml. : 2) When I run tomcat as root, my mod_jk.conf file is automatically : created inside my conf directory. : But if I run it as a tomcat user, then no mod_jk.conf file is : created. Most likely, a permissions problem: is the directory writable to the (non-root) user in question? : 3) But not least, I would like to web applications through my user : directories and not through the tomcat directory. : I know I have to add something in the context path area, but not : sure what to do. There's a config directive for this, something like userdir. I don't know it off the top of my head, but a search on the Tomcat site should find it. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: three problems
On Thu, Jun 17, 2004 at 06:23:30PM -0600, Casas, Claudia wrote: : Connector className=org.apache.coyote.tomcat4.CoyoteConnector : port=8080 minProcessors=5 masProcessors=75 ^^^ did you mean, max? I see the address attr isn't being used, so Tomcat should be listening on all available IPs. For sanity's sake, please confirm that Tomcat's running: lsof -i :8080 If that returns data, then it's down to a networking issue. Is there a firewall between the other computer and the Tomcat machine? For example, what's the output of iptables --list -n -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: three problems
At 05:23 PM 6/17/2004, you wrote: Thanks for your prompt answer, Could you be more specific on the address attr? I have the following in the Connector element on my server.xml: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 masProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / To add to QM's comments: You're accessing it locally by hitting http://localhost:8080, right? If you're access it remotely with http://www.x.com/myapp, can you access it locally with http://www.x.com/myapp? Try accessing it remotely with http://ip-address-here/myapp and see what happens. In any case, this should be a networking issue... justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: three problems
Well, I just finished installing tomcat5 also. When I run http://my.ip.address:8080 or http://my.domain.com:8080 I still get the same error the page cannot be displayed I run the commands that QM suggested and there are the results: lsof -i :8080 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME java2801 root3u IPv4 7503 TCP *:webcache (LISTEN) iptables --list -n hain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- 0.0.0.0/00.0.0.0/0 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 icmp type 255 ACCEPT esp -- 0.0.0.0/00.0.0.0/0 ACCEPT ah -- 0.0.0.0/00.0.0.0/0 ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:25 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:80 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:21 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:23 REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited Does anyone know how to read this and to help me figure out if there is any restricition inside my server or overall from the network? From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] Sent: Thu 6/17/2004 7:33 PM To: Tomcat Users List Subject: RE: three problems At 05:23 PM 6/17/2004, you wrote: Thanks for your prompt answer, Could you be more specific on the address attr? I have the following in the Connector element on my server.xml: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8080 minProcessors=5 masProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true / To add to QM's comments: You're accessing it locally by hitting http://localhost:8080, right? If you're access it remotely with http://www.x.com/myapp, can you access it locally with http://www.x.com/myapp? Try accessing it remotely with http://ip-address-here/myapp and see what happens. In any case, this should be a networking issue... justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: three problems
On Thu, Jun 17, 2004 at 08:26:34PM -0600, Casas, Claudia wrote: : lsof -i :8080 : COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME : java2801 root3u IPv4 7503 TCP *:webcache (LISTEN) This is good. (Well, technically, it's not a good idea to run Tomcat as root -- but we'll get to that later ;) The iptables output confirms: your firewall is configured to explicitly allow only certain traffic. Tomcat (port 8080) isn't in that list. Adding it is simple: iptables -t filter -A RH-Firewall-1-INPUT \ -p tcp --dport 8080 \ -m state --state NEW -j ACCEPT Be sure to test that out and, if it doesn't break anything else, save your changes: service iptables save -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: three problems
Oki doki, I just added the port 8080 following QM suggestions and also thanks very much for your help. The results here: But unfortunately I still cannot see my http://my.ip.address:8080. Getting page cannot be displayed. :( lsof -i :8080 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME java22990 root3u IPv4 58125 TCP *:webcache (LISTEN) iptables --list -n Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- 0.0.0.0/00.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- 0.0.0.0/00.0.0.0/0 ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 icmp typ`e 255 ACCEPT esp -- 0.0.0.0/00.0.0.0/0 ACCEPT ah -- 0.0.0.0/00.0.0.0/0 ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:25 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:80 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:21 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:23 REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibited all -- 0.0.0.0/00.0.0.0/0 ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:8080 state NEW From: QM [mailto:[EMAIL PROTECTED] Sent: Thu 6/17/2004 8:38 PM To: Tomcat Users List Subject: Re: three problems On Thu, Jun 17, 2004 at 08:26:34PM -0600, Casas, Claudia wrote: : lsof -i :8080 : COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME : java2801 root3u IPv4 7503 TCP *:webcache (LISTEN) This is good. (Well, technically, it's not a good idea to run Tomcat as root -- but we'll get to that later ;) The iptables output confirms: your firewall is configured to explicitly allow only certain traffic. Tomcat (port 8080) isn't in that list. Adding it is simple: iptables -t filter -A RH-Firewall-1-INPUT \ -p tcp --dport 8080 \ -m state --state NEW -j ACCEPT Be sure to test that out and, if it doesn't break anything else, save your changes: service iptables save -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: three problems
Casas, Claudia wrote: Oki doki, I just added the port 8080 following QM suggestions and also thanks very much for your help. The results here: But unfortunately I still cannot see my http://my.ip.address:8080. Getting page cannot be displayed. :( OK, so, you have a mild network permission issue. Can you access it via Apache? http://my.domain.com/path/to/deployed/webapp/ If yes, then go that way and nibble on the Linux firewall along the way. One good tool for setting up Linux IPtables fiewall is ShoreWall. It is a set of templates that have easy to setup general config files, like zones, interfaces, rules,... When ShoreWall is activated, it uses those config files, plus it's internal templates, to generate IPtables rules. It might be easier to setup network access permissions that way. So, the nice thing is that ShoreWall is not another new plugin that requires X or Y to work as intended. It is a set of templates on top of IP tables. You can always remove it, clear IPtables or add something to the bunch manually (not a good idea, really). Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]