running packed WAR files with embedded tomcat
Hello All, I'm trying to create a very basic embeded tomcat 7 application to host a packed WAR file. My code looks like: Tomcat tomcat = new Tomcat() tomcat.setPort(port) tomcat.setBaseDir(".") tomcat.addWebapp(pathToWarFile, contextName) It seems to work, but I'm getting an exception on startup complaining about the missing webapps directory: SEVERE: Exception fixing docBase for context [/quickstart] java.io.IOException: Application base [{1}] for host [/private/tmp/./webapps] does not exist or is not a directory. Can someone please direct me to a better way to do this? Is Tomcat#addWebapp not appropriate if hosting a packed WAR file? Thanks! --john
Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
Jeffrey Janner wrote: -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Monday, January 20, 2014 4:11 PM To: 'Tomcat Users List'; 'Tomcat Users List' Subject: RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 3:08 PM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 2:41 PM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 1:47 PM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 11:01 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 10:09 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] Sent: Sunday, January 19, 2014 9:19 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey, On 19.1.2014 6:03, Christopher Schultz wrote: maxHttpHeaderSize="8192" Could it be as simple as having set the "address" attribute? +1 BTW, setting attribute preverIPv4Stack=true on server side doesn't mean anything for the client. The client will try to connect with the protocol he prefers. The client may also fall back to other protocol (e.g. if IPv6 connection fails several times, try with IPv4). I see that access log is not configured. Is there a reason for that? Without access log you can't tell if the remote request reaches Tomcat or not. So, for start, I suggest you configure access log for Tomcat 7 and report back if something is logged after you try to connect from the remote host. Note that Tomcat may postpone writes to the log files, so make sure you stop Tomcat before you check your logs. If there is no record of remote requests in Tomcat 7 access logs, I suggest you analyze what is going on with Wireshark or some other packet analyzer. You can that see if the client: 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. which exactly IPv4/v6 adress does it use, 4. is TCP three- way handshake successfull. Only when you confirm that three-way handshake is succsessful and that the destionation IP adress is IPv4 "10.4.1.20", you may say that the request should have reached Tomcat. -Ognjen Added the access log. Absolutely 0 entries from any address that is not the local system. Can you configure your Tomcat-6 to run under your Java-7 ? (in the principle, I think that this should work; I don't know about the practice) This would help determine if the difference resides in the Java or the Tomcat. Tried it a different way. Since TC7 is supposed to support Java 1.6, switched my TC7 to use the existing Java6. No luck. Noticed that 7.0.47 is old now. Going to try 7.0.50. Did you try a simple : telnet 10.4.1.20 (just to see if 'anything' from outside can connect to your AWS/Tomcat port) Nope, just timeouts. If the connection is not rejected right away with a "connection refused by host", it normally means that a LISTEN port is opened on that port. Taken "strictly by the book" and according to your presumed accurate description of the symptoms above, A timeout suggests to me that the connection request packet (SYN ?) is received and accepted by the server, but that the return packet which should tell the client so (ACK ?), never makes it back to the client. Hence the client waits, until the timeout kicks in. Are you sure that this server has a route back to the client ? Or, are you sure that your descriptions so far are really accurate ? For example, is it really the same server on which you can make this succeed/fail just by switching the Java and/or Tomcat version, no other changes involved ? (Also see Konstantin's question about the apparent discrepancy between the netstat output and your server.xml). Yep, just stopping one service and starting the other. It's something weird with the server, since an identical Tomcat 6 install wouldn't work with a copied and stripped configuration. I'm double- checking everything, but I think the server's tied the outside IP to the wrong internal IP. T
Weird certificate situation -- I don't even understand why it works at all!
It seems that one of our customers moved their server to a different physical box, over the weekend, and we're now seeing some definite weirdness: Their Tomcat now shows a certificate that expired this past September. But it gets weirder: Their connector for port 443 in server.xml shows a word as the alias. The word we usually use when setting up a customer's SSL. But when I examine their keystore in Keytool, it shows the digit "1" as the only alias in the keystore. Why would this even work at all? -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
> -Original Message- > From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > Sent: Monday, January 20, 2014 4:11 PM > To: 'Tomcat Users List'; 'Tomcat Users List' > Subject: RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS > Windows system > > > -Original Message- > > From: André Warnier [mailto:a...@ice-sa.com] > > Sent: Monday, January 20, 2014 3:08 PM > > To: Tomcat Users List > > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > AWS > > Windows system > > > > Jeffrey Janner wrote: > > >> -Original Message- > > >> From: André Warnier [mailto:a...@ice-sa.com] > > >> Sent: Monday, January 20, 2014 2:41 PM > > >> To: Tomcat Users List > > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > > >> AWS Windows system > > >> > > >> Jeffrey Janner wrote: > > -Original Message- > > From: André Warnier [mailto:a...@ice-sa.com] > > Sent: Monday, January 20, 2014 1:47 PM > > To: Tomcat Users List > > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL > > on AWS Windows system > > > > Jeffrey Janner wrote: > > >> -Original Message- > > >> From: André Warnier [mailto:a...@ice-sa.com] > > >> Sent: Monday, January 20, 2014 11:01 AM > > >> To: Tomcat Users List > > >> Subject: Re: Cannot connect from outside using Tomcat > 7/APR/SSL > > >> on AWS Windows system > > >> > > >> Jeffrey Janner wrote: > > -Original Message- > > From: André Warnier [mailto:a...@ice-sa.com] > > Sent: Monday, January 20, 2014 10:09 AM > > To: Tomcat Users List > > Subject: Re: Cannot connect from outside using Tomcat > > 7/APR/SSL > > on AWS Windows system > > > > Jeffrey Janner wrote: > > >> -Original Message- > > >> From: Ognjen Blagojevic > > >> [mailto:ognjen.d.blagoje...@gmail.com] > > >> Sent: Sunday, January 19, 2014 9:19 AM > > >> To: Tomcat Users List > > >> Subject: Re: Cannot connect from outside using Tomcat > > >> 7/APR/SSL > > >> on AWS Windows system > > >> > > >> Jeffrey, > > >> > > >> On 19.1.2014 6:03, Christopher Schultz wrote: > > > >> maxHttpHeaderSize="8192" > > >>> Could it be as simple as having set the "address" > > attribute? > > >> +1 > > >> > > >> BTW, setting attribute preverIPv4Stack=true on server side > > >> doesn't mean anything for the client. The client will try > > >> to connect with > > the > > >> protocol he prefers. The client may also fall back to > other > > >> protocol (e.g. if IPv6 connection fails several times, try > > >> with > > >> IPv4). > > >> I see that access log is not configured. Is there a reason > > >> for > > >> that? > > >> Without access log you can't tell if the remote request > > >> reaches > > >> Tomcat or not. So, for start, I suggest you configure > > >> access log for Tomcat 7 and report back if something is > > >> logged > > after > > >> you > > try > > >> to connect from the remote host. Note that Tomcat may > > >> postpone writes > > to > > >> the log files, so make sure you stop Tomcat before you > > >> check > > your > > logs. > > >> If there is no record of remote requests in Tomcat 7 > access > > logs, > > >> I > > >> suggest you analyze what is going on with Wireshark or > some > > other > > >> packet analyzer. You can that see if the client: > > >> > > >> 1. tries to connect using IPv6 or IPv4, 2. is falling > back, > > 3. > > >> which exactly IPv4/v6 adress does it use, 4. is TCP three- > > way > > >> handshake successfull. > > >> > > >> Only when you confirm that three-way handshake is > > succsessful > > and > > >> that the destionation IP adress is IPv4 "10.4.1.20", you > > >> may say > > that > > >> the request should have reached Tomcat. > > >> > > >> -Ognjen > > > Added the access log. Absolutely 0 entries from any > address > > > that > > >> is > > not the local system. > > Can you configure your Tomcat-6 to run under your Java-7 ? > > (in the principle, I think that this should work; I don't > > know about the practice) This would help determine if the > > difference > > resides in the Java or the Tomcat. > > > > >>> Tried it a different way. Since TC7 is supposed to support > > Java > > >>> 1.6, > > >> switched my TC7 to use the existing Java6. > > >>> No luck. > > >>> Noticed that 7.0.47 is old now. Going to try 7.0.50. > > >>> > > >> Did you try a simple : >
RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
> -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Monday, January 20, 2014 3:08 PM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS > Windows system > > Jeffrey Janner wrote: > >> -Original Message- > >> From: André Warnier [mailto:a...@ice-sa.com] > >> Sent: Monday, January 20, 2014 2:41 PM > >> To: Tomcat Users List > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > >> AWS Windows system > >> > >> Jeffrey Janner wrote: > -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Monday, January 20, 2014 1:47 PM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > AWS Windows system > > Jeffrey Janner wrote: > >> -Original Message- > >> From: André Warnier [mailto:a...@ice-sa.com] > >> Sent: Monday, January 20, 2014 11:01 AM > >> To: Tomcat Users List > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL > >> on AWS Windows system > >> > >> Jeffrey Janner wrote: > -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Monday, January 20, 2014 10:09 AM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat > 7/APR/SSL > on AWS Windows system > > Jeffrey Janner wrote: > >> -Original Message- > >> From: Ognjen Blagojevic > >> [mailto:ognjen.d.blagoje...@gmail.com] > >> Sent: Sunday, January 19, 2014 9:19 AM > >> To: Tomcat Users List > >> Subject: Re: Cannot connect from outside using Tomcat > >> 7/APR/SSL > >> on AWS Windows system > >> > >> Jeffrey, > >> > >> On 19.1.2014 6:03, Christopher Schultz wrote: > >> maxHttpHeaderSize="8192" > >>> Could it be as simple as having set the "address" > attribute? > >> +1 > >> > >> BTW, setting attribute preverIPv4Stack=true on server side > >> doesn't mean anything for the client. The client will try to > >> connect with > the > >> protocol he prefers. The client may also fall back to other > >> protocol (e.g. if IPv6 connection fails several times, try > >> with > >> IPv4). > >> I see that access log is not configured. Is there a reason > >> for > >> that? > >> Without access log you can't tell if the remote request > >> reaches > >> Tomcat or not. So, for start, I suggest you configure access > >> log for Tomcat 7 and report back if something is logged > after > >> you > try > >> to connect from the remote host. Note that Tomcat may > >> postpone writes > to > >> the log files, so make sure you stop Tomcat before you check > your > logs. > >> If there is no record of remote requests in Tomcat 7 access > logs, > >> I > >> suggest you analyze what is going on with Wireshark or some > other > >> packet analyzer. You can that see if the client: > >> > >> 1. tries to connect using IPv6 or IPv4, 2. is falling back, > 3. > >> which exactly IPv4/v6 adress does it use, 4. is TCP three- > way > >> handshake successfull. > >> > >> Only when you confirm that three-way handshake is > succsessful > and > >> that the destionation IP adress is IPv4 "10.4.1.20", you may > >> say > that > >> the request should have reached Tomcat. > >> > >> -Ognjen > > Added the access log. Absolutely 0 entries from any address > > that > >> is > not the local system. > Can you configure your Tomcat-6 to run under your Java-7 ? > (in the principle, I think that this should work; I don't know > about the practice) This would help determine if the > difference > resides in the Java or the Tomcat. > > >>> Tried it a different way. Since TC7 is supposed to support > Java > >>> 1.6, > >> switched my TC7 to use the existing Java6. > >>> No luck. > >>> Noticed that 7.0.47 is old now. Going to try 7.0.50. > >>> > >> Did you try a simple : > >> > >> telnet 10.4.1.20 > >> > >> (just to see if 'anything' from outside can connect to your > >> AWS/Tomcat > >> port) > >> > > Nope, just timeouts. > If the connection is not rejected right away with a "connection > refused by host", it normally means that a LISTEN port is opened > on > >> that port. > Taken "strictly by the book" and according to your presumed > accurate description of the symptoms above, > > A timeout suggests to me that the connection request packet (SYN > ?) >
Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 2:41 PM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 1:47 PM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 11:01 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 10:09 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] Sent: Sunday, January 19, 2014 9:19 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey, On 19.1.2014 6:03, Christopher Schultz wrote: maxHttpHeaderSize="8192" Could it be as simple as having set the "address" attribute? +1 BTW, setting attribute preverIPv4Stack=true on server side doesn't mean anything for the client. The client will try to connect with the protocol he prefers. The client may also fall back to other protocol (e.g. if IPv6 connection fails several times, try with IPv4). I see that access log is not configured. Is there a reason for that? Without access log you can't tell if the remote request reaches Tomcat or not. So, for start, I suggest you configure access log for Tomcat 7 and report back if something is logged after you try to connect from the remote host. Note that Tomcat may postpone writes to the log files, so make sure you stop Tomcat before you check your logs. If there is no record of remote requests in Tomcat 7 access logs, I suggest you analyze what is going on with Wireshark or some other packet analyzer. You can that see if the client: 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. which exactly IPv4/v6 adress does it use, 4. is TCP three-way handshake successfull. Only when you confirm that three-way handshake is succsessful and that the destionation IP adress is IPv4 "10.4.1.20", you may say that the request should have reached Tomcat. -Ognjen Added the access log. Absolutely 0 entries from any address that is not the local system. Can you configure your Tomcat-6 to run under your Java-7 ? (in the principle, I think that this should work; I don't know about the practice) This would help determine if the difference resides in the Java or the Tomcat. Tried it a different way. Since TC7 is supposed to support Java 1.6, switched my TC7 to use the existing Java6. No luck. Noticed that 7.0.47 is old now. Going to try 7.0.50. Did you try a simple : telnet 10.4.1.20 (just to see if 'anything' from outside can connect to your AWS/Tomcat port) Nope, just timeouts. If the connection is not rejected right away with a "connection refused by host", it normally means that a LISTEN port is opened on that port. Taken "strictly by the book" and according to your presumed accurate description of the symptoms above, A timeout suggests to me that the connection request packet (SYN ?) is received and accepted by the server, but that the return packet which should tell the client so (ACK ?), never makes it back to the client. Hence the client waits, until the timeout kicks in. Are you sure that this server has a route back to the client ? Or, are you sure that your descriptions so far are really accurate ? For example, is it really the same server on which you can make this succeed/fail just by switching the Java and/or Tomcat version, no other changes involved ? (Also see Konstantin's question about the apparent discrepancy between the netstat output and your server.xml). Yep, just stopping one service and starting the other. It's something weird with the server, since an identical Tomcat 6 install wouldn't work with a copied and stripped configuration. I'm double- checking everything, but I think the server's tied the outside IP to the wrong internal IP. Trying to come up with a way to check that. Note, the connectors and hosts my original posted server.xml are taken from my original install, but that also has another pair of connectors (different IPv4 address) and some hosts that should only respond on that address, though they are all under one service/engine combo. The troublesome address connectors and hosts are commented out in the original and the original restarted before I try to start the newer setups. Suggestion: read Part III of the article which I mentioned earlie
RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
> -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Monday, January 20, 2014 2:41 PM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS > Windows system > > Jeffrey Janner wrote: > >> -Original Message- > >> From: André Warnier [mailto:a...@ice-sa.com] > >> Sent: Monday, January 20, 2014 1:47 PM > >> To: Tomcat Users List > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > >> AWS Windows system > >> > >> Jeffrey Janner wrote: > -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Monday, January 20, 2014 11:01 AM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > AWS Windows system > > Jeffrey Janner wrote: > >> -Original Message- > >> From: André Warnier [mailto:a...@ice-sa.com] > >> Sent: Monday, January 20, 2014 10:09 AM > >> To: Tomcat Users List > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL > >> on AWS Windows system > >> > >> Jeffrey Janner wrote: > -Original Message- > From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] > Sent: Sunday, January 19, 2014 9:19 AM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat > 7/APR/SSL > on AWS Windows system > > Jeffrey, > > On 19.1.2014 6:03, Christopher Schultz wrote: > >> maxHttpHeaderSize="8192" > > Could it be as simple as having set the "address" attribute? > +1 > > BTW, setting attribute preverIPv4Stack=true on server side > doesn't mean anything for the client. The client will try to > connect with > >> the > protocol he prefers. The client may also fall back to other > protocol (e.g. if IPv6 connection fails several times, try > with > IPv4). > I see that access log is not configured. Is there a reason for > that? > Without access log you can't tell if the remote request > reaches > Tomcat or not. So, for start, I suggest you configure access > log for Tomcat 7 and report back if something is logged after > you > >> try > to connect from the remote host. Note that Tomcat may postpone > writes > >> to > the log files, so make sure you stop Tomcat before you check > >> your > >> logs. > If there is no record of remote requests in Tomcat 7 access > >> logs, > I > suggest you analyze what is going on with Wireshark or some > >> other > packet analyzer. You can that see if the client: > > 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. > which exactly IPv4/v6 adress does it use, 4. is TCP three-way > handshake successfull. > > Only when you confirm that three-way handshake is succsessful > >> and > that the destionation IP adress is IPv4 "10.4.1.20", you may > say > >> that > the request should have reached Tomcat. > > -Ognjen > >>> Added the access log. Absolutely 0 entries from any address > >>> that > is > >> not the local system. > >> Can you configure your Tomcat-6 to run under your Java-7 ? > >> (in the principle, I think that this should work; I don't know > >> about the practice) This would help determine if the difference > >> resides in the Java or the Tomcat. > >> > > Tried it a different way. Since TC7 is supposed to support Java > > 1.6, > switched my TC7 to use the existing Java6. > > No luck. > > Noticed that 7.0.47 is old now. Going to try 7.0.50. > > > Did you try a simple : > > telnet 10.4.1.20 > > (just to see if 'anything' from outside can connect to your > AWS/Tomcat > port) > > >>> Nope, just timeouts. > >> If the connection is not rejected right away with a "connection > >> refused by host", it normally means that a LISTEN port is opened on > that port. > >> > >> Taken "strictly by the book" and according to your presumed accurate > >> description of the symptoms above, > >> > >> A timeout suggests to me that the connection request packet (SYN ?) > >> is received and accepted by the server, but that the return packet > >> which should tell the client so (ACK ?), never makes it back to the > client. > >> Hence the client waits, until the timeout kicks in. > >> > >> Are you sure that this server has a route back to the client ? > >> > >> Or, are you sure that your descriptions so far are really accurate ? > >> For example, is it really the same server on which you can make this > >> succeed/fail just by switching the Java and/or Tomcat version, no > >> other changes involved ? > >> (Also see Kons
RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
> -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Monday, January 20, 2014 2:41 PM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS > Windows system > > Jeffrey Janner wrote: > >> -Original Message- > >> From: André Warnier [mailto:a...@ice-sa.com] > >> Sent: Monday, January 20, 2014 1:47 PM > >> To: Tomcat Users List > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > >> AWS Windows system > >> > >> Jeffrey Janner wrote: > -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Monday, January 20, 2014 11:01 AM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > AWS Windows system > > Jeffrey Janner wrote: > >> -Original Message- > >> From: André Warnier [mailto:a...@ice-sa.com] > >> Sent: Monday, January 20, 2014 10:09 AM > >> To: Tomcat Users List > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL > >> on AWS Windows system > >> > >> Jeffrey Janner wrote: > -Original Message- > From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] > Sent: Sunday, January 19, 2014 9:19 AM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat > 7/APR/SSL > on AWS Windows system > > Jeffrey, > > On 19.1.2014 6:03, Christopher Schultz wrote: > >> maxHttpHeaderSize="8192" > > Could it be as simple as having set the "address" attribute? > +1 > > BTW, setting attribute preverIPv4Stack=true on server side > doesn't mean anything for the client. The client will try to > connect with > >> the > protocol he prefers. The client may also fall back to other > protocol (e.g. if IPv6 connection fails several times, try > with > IPv4). > I see that access log is not configured. Is there a reason for > that? > Without access log you can't tell if the remote request > reaches > Tomcat or not. So, for start, I suggest you configure access > log for Tomcat 7 and report back if something is logged after > you > >> try > to connect from the remote host. Note that Tomcat may postpone > writes > >> to > the log files, so make sure you stop Tomcat before you check > >> your > >> logs. > If there is no record of remote requests in Tomcat 7 access > >> logs, > I > suggest you analyze what is going on with Wireshark or some > >> other > packet analyzer. You can that see if the client: > > 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. > which exactly IPv4/v6 adress does it use, 4. is TCP three-way > handshake successfull. > > Only when you confirm that three-way handshake is succsessful > >> and > that the destionation IP adress is IPv4 "10.4.1.20", you may > say > >> that > the request should have reached Tomcat. > > -Ognjen > >>> Added the access log. Absolutely 0 entries from any address > >>> that > is > >> not the local system. > >> Can you configure your Tomcat-6 to run under your Java-7 ? > >> (in the principle, I think that this should work; I don't know > >> about the practice) This would help determine if the difference > >> resides in the Java or the Tomcat. > >> > > Tried it a different way. Since TC7 is supposed to support Java > > 1.6, > switched my TC7 to use the existing Java6. > > No luck. > > Noticed that 7.0.47 is old now. Going to try 7.0.50. > > > Did you try a simple : > > telnet 10.4.1.20 > > (just to see if 'anything' from outside can connect to your > AWS/Tomcat > port) > > >>> Nope, just timeouts. > >> If the connection is not rejected right away with a "connection > >> refused by host", it normally means that a LISTEN port is opened on > that port. > >> > >> Taken "strictly by the book" and according to your presumed accurate > >> description of the symptoms above, > >> > >> A timeout suggests to me that the connection request packet (SYN ?) > >> is received and accepted by the server, but that the return packet > >> which should tell the client so (ACK ?), never makes it back to the > client. > >> Hence the client waits, until the timeout kicks in. > >> > >> Are you sure that this server has a route back to the client ? > >> > >> Or, are you sure that your descriptions so far are really accurate ? > >> For example, is it really the same server on which you can make this > >> succeed/fail just by switching the Java and/or Tomcat version, no > >> other changes involved ? > >> (Also see Kons
Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 1:47 PM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 11:01 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 10:09 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] Sent: Sunday, January 19, 2014 9:19 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey, On 19.1.2014 6:03, Christopher Schultz wrote: maxHttpHeaderSize="8192" Could it be as simple as having set the "address" attribute? +1 BTW, setting attribute preverIPv4Stack=true on server side doesn't mean anything for the client. The client will try to connect with the protocol he prefers. The client may also fall back to other protocol (e.g. if IPv6 connection fails several times, try with IPv4). I see that access log is not configured. Is there a reason for that? Without access log you can't tell if the remote request reaches Tomcat or not. So, for start, I suggest you configure access log for Tomcat 7 and report back if something is logged after you try to connect from the remote host. Note that Tomcat may postpone writes to the log files, so make sure you stop Tomcat before you check your logs. If there is no record of remote requests in Tomcat 7 access logs, I suggest you analyze what is going on with Wireshark or some other packet analyzer. You can that see if the client: 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. which exactly IPv4/v6 adress does it use, 4. is TCP three-way handshake successfull. Only when you confirm that three-way handshake is succsessful and that the destionation IP adress is IPv4 "10.4.1.20", you may say that the request should have reached Tomcat. -Ognjen Added the access log. Absolutely 0 entries from any address that is not the local system. Can you configure your Tomcat-6 to run under your Java-7 ? (in the principle, I think that this should work; I don't know about the practice) This would help determine if the difference resides in the Java or the Tomcat. Tried it a different way. Since TC7 is supposed to support Java 1.6, switched my TC7 to use the existing Java6. No luck. Noticed that 7.0.47 is old now. Going to try 7.0.50. Did you try a simple : telnet 10.4.1.20 (just to see if 'anything' from outside can connect to your AWS/Tomcat port) Nope, just timeouts. If the connection is not rejected right away with a "connection refused by host", it normally means that a LISTEN port is opened on that port. Taken "strictly by the book" and according to your presumed accurate description of the symptoms above, A timeout suggests to me that the connection request packet (SYN ?) is received and accepted by the server, but that the return packet which should tell the client so (ACK ?), never makes it back to the client. Hence the client waits, until the timeout kicks in. Are you sure that this server has a route back to the client ? Or, are you sure that your descriptions so far are really accurate ? For example, is it really the same server on which you can make this succeed/fail just by switching the Java and/or Tomcat version, no other changes involved ? (Also see Konstantin's question about the apparent discrepancy between the netstat output and your server.xml). Yep, just stopping one service and starting the other. It's something weird with the server, since an identical Tomcat 6 install wouldn't work with a copied and stripped configuration. I'm double-checking everything, but I think the server's tied the outside IP to the wrong internal IP. Trying to come up with a way to check that. Note, the connectors and hosts my original posted server.xml are taken from my original install, but that also has another pair of connectors (different IPv4 address) and some hosts that should only respond on that address, though they are all under one service/engine combo. The troublesome address connectors and hosts are commented out in the original and the original restarted before I try to start the newer setups. Suggestion: read Part III of the article which I mentioned earlier (http://www.excelsior-usa.com/articles/tomcat-amazon-ec2-basic.html), particularly the section "Assigning an Elastic IP Address". It suggests that there is a lot more going on with AWS instances than merely tying up a socket to an IP add
RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
> -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Monday, January 20, 2014 1:47 PM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS > Windows system > > Jeffrey Janner wrote: > >> -Original Message- > >> From: André Warnier [mailto:a...@ice-sa.com] > >> Sent: Monday, January 20, 2014 11:01 AM > >> To: Tomcat Users List > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > >> AWS Windows system > >> > >> Jeffrey Janner wrote: > -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Monday, January 20, 2014 10:09 AM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > AWS Windows system > > Jeffrey Janner wrote: > >> -Original Message- > >> From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] > >> Sent: Sunday, January 19, 2014 9:19 AM > >> To: Tomcat Users List > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL > >> on AWS Windows system > >> > >> Jeffrey, > >> > >> On 19.1.2014 6:03, Christopher Schultz wrote: > >> maxHttpHeaderSize="8192" > >>> Could it be as simple as having set the "address" attribute? > >> +1 > >> > >> BTW, setting attribute preverIPv4Stack=true on server side > >> doesn't mean anything for the client. The client will try to > >> connect with > the > >> protocol he prefers. The client may also fall back to other > >> protocol (e.g. if IPv6 connection fails several times, try with > >> IPv4). > >> I see that access log is not configured. Is there a reason for > >> that? > >> Without access log you can't tell if the remote request reaches > >> Tomcat or not. So, for start, I suggest you configure access log > >> for Tomcat 7 and report back if something is logged after you > try > >> to connect from the remote host. Note that Tomcat may postpone > >> writes > to > >> the log files, so make sure you stop Tomcat before you check > your > logs. > >> If there is no record of remote requests in Tomcat 7 access > logs, > >> I > >> suggest you analyze what is going on with Wireshark or some > other > >> packet analyzer. You can that see if the client: > >> > >> 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. > >> which exactly IPv4/v6 adress does it use, 4. is TCP three-way > >> handshake successfull. > >> > >> Only when you confirm that three-way handshake is succsessful > and > >> that the destionation IP adress is IPv4 "10.4.1.20", you may say > that > >> the request should have reached Tomcat. > >> > >> -Ognjen > > Added the access log. Absolutely 0 entries from any address that > >> is > not the local system. > Can you configure your Tomcat-6 to run under your Java-7 ? > (in the principle, I think that this should work; I don't know > about the practice) This would help determine if the difference > resides in the Java or the Tomcat. > > >>> Tried it a different way. Since TC7 is supposed to support Java > >>> 1.6, > >> switched my TC7 to use the existing Java6. > >>> No luck. > >>> Noticed that 7.0.47 is old now. Going to try 7.0.50. > >>> > >> Did you try a simple : > >> > >> telnet 10.4.1.20 > >> > >> (just to see if 'anything' from outside can connect to your > >> AWS/Tomcat > >> port) > >> > > Nope, just timeouts. > > If the connection is not rejected right away with a "connection refused > by host", it normally means that a LISTEN port is opened on that port. > > Taken "strictly by the book" and according to your presumed accurate > description of the symptoms above, > > A timeout suggests to me that the connection request packet (SYN ?) is > received and accepted by the server, but that the return packet which > should tell the client so (ACK ?), never makes it back to the client. > Hence the client waits, until the timeout kicks in. > > Are you sure that this server has a route back to the client ? > > Or, are you sure that your descriptions so far are really accurate ? > For example, is it really the same server on which you can make this > succeed/fail just by switching the Java and/or Tomcat version, no other > changes involved ? > (Also see Konstantin's question about the apparent discrepancy between > the netstat output and your server.xml). > Yep, just stopping one service and starting the other. It's something weird with the server, since an identical Tomcat 6 install wouldn't work with a copied and stripped configuration. I'm double-checking everything, but I think the server's tied the outside IP to the wrong internal IP. Trying to come up with a way to check that. Note, the connectors and hosts my original posted server.xml are taken from my original install, but that also has
RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
> -Original Message- > From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] > Sent: Monday, January 20, 2014 1:04 PM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS > Windows system > > 2014/1/20 Jeffrey Janner : > >> -Original Message- > >> From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] > >> Sent: Sunday, January 19, 2014 9:19 AM > >> To: Tomcat Users List > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > >> AWS Windows system > >> > \> C:\Users\Administrator>netstat -ano > > > > Active Connections > > > > Proto Local Address Foreign AddressState > PID > > TCP0.0.0.0:25 0.0.0.0:0 LISTENING > 1244 > > TCP0.0.0.0:1350.0.0.0:0 LISTENING > 792 > > TCP0.0.0.0:4450.0.0.0:0 LISTENING > 4 > > TCP0.0.0.0:3389 0.0.0.0:0 LISTENING > 1944 > > TCP0.0.0.0:5985 0.0.0.0:0 LISTENING > 4 > > TCP0.0.0.0:8086 0.0.0.0:0 LISTENING > 14676 > > TCP0.0.0.0:8087 0.0.0.0:0 LISTENING > 1592 > > TCP0.0.0.0:8088 0.0.0.0:0 LISTENING > 7596 > > TCP0.0.0.0:8089 0.0.0.0:0 LISTENING > 4100 > > TCP0.0.0.0:8090 0.0.0.0:0 LISTENING > 19600 > > 1. What is the above line, listening on port "8090" for the same PID? > Such port number is not mentioned in server.xml that you cited. [Jeff Janner] JMX, set in the Java tab of the commons daemon wrapper. > > > TCP10.4.1.20:80 0.0.0.0:0 LISTENING > 19600 > > TCP10.4.1.20:443 0.0.0.0:0 LISTENING > 19600 > > Interestingly, even though IPv6 is unchecked in the Windows network > properties, the stack is still available and if the address is > unspecified, you will get some IPv6 connections configured. > > TCP[::]:135 [::]:0 LISTENING > 792 > > TCP[::]:445 [::]:0 LISTENING > 4 > > TCP[::]:3389 [::]:0 LISTENING > 1944 > > TCP[::]:5985 [::]:0 LISTENING > 4 > > TCP[::]:8086 [::]:0 LISTENING > 14676 > > TCP[::]:8087 [::]:0 LISTENING > 1592 > > TCP[::]:8088 [::]:0 LISTENING > 7596 > > TCP[::]:8089 [::]:0 LISTENING > 4100 > > > > > I can connect using the server's local IE and the configured "local" > IP address. > > I cannot connect from any system, anywhere, using the "external" IP > address. > > 2. If Tomcat listens locally and you can connect locally to its IP, > then Tomcat's own job is done. > > Check our NATs/ routers and your firewalls. > [Jeff Janner] Yea, it's something with the server, but I can't suss it. Read some of my later posts, but it seems to only want to work with my original Tomcat6 install (though I deleted it and re-created somewhere during all this). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 11:01 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 10:09 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] Sent: Sunday, January 19, 2014 9:19 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey, On 19.1.2014 6:03, Christopher Schultz wrote: maxHttpHeaderSize="8192" Could it be as simple as having set the "address" attribute? +1 BTW, setting attribute preverIPv4Stack=true on server side doesn't mean anything for the client. The client will try to connect with the protocol he prefers. The client may also fall back to other protocol (e.g. if IPv6 connection fails several times, try with IPv4). I see that access log is not configured. Is there a reason for that? Without access log you can't tell if the remote request reaches Tomcat or not. So, for start, I suggest you configure access log for Tomcat 7 and report back if something is logged after you try to connect from the remote host. Note that Tomcat may postpone writes to the log files, so make sure you stop Tomcat before you check your logs. If there is no record of remote requests in Tomcat 7 access logs, I suggest you analyze what is going on with Wireshark or some other packet analyzer. You can that see if the client: 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. which exactly IPv4/v6 adress does it use, 4. is TCP three-way handshake successfull. Only when you confirm that three-way handshake is succsessful and that the destionation IP adress is IPv4 "10.4.1.20", you may say that the request should have reached Tomcat. -Ognjen Added the access log. Absolutely 0 entries from any address that is not the local system. Can you configure your Tomcat-6 to run under your Java-7 ? (in the principle, I think that this should work; I don't know about the practice) This would help determine if the difference resides in the Java or the Tomcat. Tried it a different way. Since TC7 is supposed to support Java 1.6, switched my TC7 to use the existing Java6. No luck. Noticed that 7.0.47 is old now. Going to try 7.0.50. Did you try a simple : telnet 10.4.1.20 (just to see if 'anything' from outside can connect to your AWS/Tomcat port) Nope, just timeouts. If the connection is not rejected right away with a "connection refused by host", it normally means that a LISTEN port is opened on that port. Taken "strictly by the book" and according to your presumed accurate description of the symptoms above, A timeout suggests to me that the connection request packet (SYN ?) is received and accepted by the server, but that the return packet which should tell the client so (ACK ?), never makes it back to the client. Hence the client waits, until the timeout kicks in. Are you sure that this server has a route back to the client ? Or, are you sure that your descriptions so far are really accurate ? For example, is it really the same server on which you can make this succeed/fail just by switching the Java and/or Tomcat version, no other changes involved ? (Also see Konstantin's question about the apparent discrepancy between the netstat output and your server.xml). What's really interesting, I can't seem to get a TC6/Java6 to work now either, at least not a newly installed one. If I uncomment the relevant setup from the original and restart it works. But a fresh TC6 install copying the webapps dir and the Service directory in conf and the server.xml, and I'm having the same problem. Time to run from Amazon! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
2014/1/20 Jeffrey Janner : >> -Original Message- >> From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] >> Sent: Sunday, January 19, 2014 9:19 AM >> To: Tomcat Users List >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS >> Windows system >> \> C:\Users\Administrator>netstat -ano > > Active Connections > > Proto Local Address Foreign AddressState PID > TCP0.0.0.0:25 0.0.0.0:0 LISTENING 1244 > TCP0.0.0.0:1350.0.0.0:0 LISTENING 792 > TCP0.0.0.0:4450.0.0.0:0 LISTENING 4 > TCP0.0.0.0:3389 0.0.0.0:0 LISTENING 1944 > TCP0.0.0.0:5985 0.0.0.0:0 LISTENING 4 > TCP0.0.0.0:8086 0.0.0.0:0 LISTENING 14676 > TCP0.0.0.0:8087 0.0.0.0:0 LISTENING 1592 > TCP0.0.0.0:8088 0.0.0.0:0 LISTENING 7596 > TCP0.0.0.0:8089 0.0.0.0:0 LISTENING 4100 > TCP0.0.0.0:8090 0.0.0.0:0 LISTENING 19600 1. What is the above line, listening on port "8090" for the same PID? Such port number is not mentioned in server.xml that you cited. > TCP10.4.1.20:80 0.0.0.0:0 LISTENING 19600 > TCP10.4.1.20:443 0.0.0.0:0 LISTENING 19600 > Interestingly, even though IPv6 is unchecked in the Windows network > properties, the stack is still available and if the address is unspecified, > you will get some IPv6 connections configured. > TCP[::]:135 [::]:0 LISTENING 792 > TCP[::]:445 [::]:0 LISTENING 4 > TCP[::]:3389 [::]:0 LISTENING 1944 > TCP[::]:5985 [::]:0 LISTENING 4 > TCP[::]:8086 [::]:0 LISTENING 14676 > TCP[::]:8087 [::]:0 LISTENING 1592 > TCP[::]:8088 [::]:0 LISTENING 7596 > TCP[::]:8089 [::]:0 LISTENING 4100 > > I can connect using the server's local IE and the configured "local" IP > address. > I cannot connect from any system, anywhere, using the "external" IP address. 2. If Tomcat listens locally and you can connect locally to its IP, then Tomcat's own job is done. Check our NATs/ routers and your firewalls. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
> -Original Message- > From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > Sent: Monday, January 20, 2014 12:09 PM > To: 'Tomcat Users List'; 'Tomcat Users List' > Subject: RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS > Windows system > > > -Original Message- > > From: André Warnier [mailto:a...@ice-sa.com] > > Sent: Monday, January 20, 2014 11:01 AM > > To: Tomcat Users List > > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > AWS > > Windows system > > > > Jeffrey Janner wrote: > > >> -Original Message- > > >> From: André Warnier [mailto:a...@ice-sa.com] > > >> Sent: Monday, January 20, 2014 10:09 AM > > >> To: Tomcat Users List > > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > > >> AWS Windows system > > >> > > >> Jeffrey Janner wrote: > > -Original Message- > > From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] > > Sent: Sunday, January 19, 2014 9:19 AM > > To: Tomcat Users List > > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL > > on AWS Windows system > > > > Jeffrey, > > > > On 19.1.2014 6:03, Christopher Schultz wrote: > > >> > maxHttpHeaderSize="8192" > > > Could it be as simple as having set the "address" attribute? > > +1 > > > > BTW, setting attribute preverIPv4Stack=true on server side > > doesn't mean anything for the client. The client will try to > > connect with > > >> the > > protocol he prefers. The client may also fall back to other > > protocol (e.g. if IPv6 connection fails several times, try with > > IPv4). > > > > I see that access log is not configured. Is there a reason for > > that? > > > > Without access log you can't tell if the remote request reaches > > Tomcat or not. So, for start, I suggest you configure access log > > for Tomcat 7 and report back if something is logged after you > try > > to connect from the remote host. Note that Tomcat may postpone > > writes > > >> to > > the log files, so make sure you stop Tomcat before you check > your > > >> logs. > > If there is no record of remote requests in Tomcat 7 access > logs, > > I > > suggest you analyze what is going on with Wireshark or some > other > > packet analyzer. You can that see if the client: > > > > 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. > > which exactly IPv4/v6 adress does it use, 4. is TCP three-way > > handshake successfull. > > > > Only when you confirm that three-way handshake is succsessful > and > > that the destionation IP adress is IPv4 "10.4.1.20", you may say > > >> that > > the request should have reached Tomcat. > > > > -Ognjen > > >>> Added the access log. Absolutely 0 entries from any address that > > is > > >> not the local system. > > >> Can you configure your Tomcat-6 to run under your Java-7 ? > > >> (in the principle, I think that this should work; I don't know > > >> about the practice) This would help determine if the difference > > >> resides in the Java or the Tomcat. > > >> > > > Tried it a different way. Since TC7 is supposed to support Java > > > 1.6, > > switched my TC7 to use the existing Java6. > > > No luck. > > > Noticed that 7.0.47 is old now. Going to try 7.0.50. > > > > > Did you try a simple : > > > > telnet 10.4.1.20 > > > > (just to see if 'anything' from outside can connect to your > AWS/Tomcat > > port) > > > Nope, just timeouts. What's really interesting, I can't seem to get a > TC6/Java6 to work now either, at least not a newly installed one. If I > uncomment the relevant setup from the original and restart it works. > But a fresh TC6 install copying the webapps dir and the Service > directory in conf and the server.xml, and I'm having the same problem. > Time to run from Amazon! > Went back to my original install and uncommented my comments around the / elements and everything is working again. This is really frustrating. Everything I'm doing should just work. The last setup was copying this same server.xml and necessary directories, and removing the excess stuff from server.xml and it wouldn't work. Something really hinky going one with the IP mapping on the server. Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
> -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Monday, January 20, 2014 11:01 AM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS > Windows system > > Jeffrey Janner wrote: > >> -Original Message- > >> From: André Warnier [mailto:a...@ice-sa.com] > >> Sent: Monday, January 20, 2014 10:09 AM > >> To: Tomcat Users List > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > >> AWS Windows system > >> > >> Jeffrey Janner wrote: > -Original Message- > From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] > Sent: Sunday, January 19, 2014 9:19 AM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > AWS Windows system > > Jeffrey, > > On 19.1.2014 6:03, Christopher Schultz wrote: > >> maxHttpHeaderSize="8192" > > Could it be as simple as having set the "address" attribute? > +1 > > BTW, setting attribute preverIPv4Stack=true on server side doesn't > mean anything for the client. The client will try to connect with > >> the > protocol he prefers. The client may also fall back to other > protocol (e.g. if IPv6 connection fails several times, try with > IPv4). > > I see that access log is not configured. Is there a reason for > that? > > Without access log you can't tell if the remote request reaches > Tomcat or not. So, for start, I suggest you configure access log > for Tomcat 7 and report back if something is logged after you try > to connect from the remote host. Note that Tomcat may postpone > writes > >> to > the log files, so make sure you stop Tomcat before you check your > >> logs. > If there is no record of remote requests in Tomcat 7 access logs, > I > suggest you analyze what is going on with Wireshark or some other > packet analyzer. You can that see if the client: > > 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. > which exactly IPv4/v6 adress does it use, 4. is TCP three-way > handshake successfull. > > Only when you confirm that three-way handshake is succsessful and > that the destionation IP adress is IPv4 "10.4.1.20", you may say > >> that > the request should have reached Tomcat. > > -Ognjen > >>> Added the access log. Absolutely 0 entries from any address that > is > >> not the local system. > >> Can you configure your Tomcat-6 to run under your Java-7 ? > >> (in the principle, I think that this should work; I don't know about > >> the practice) This would help determine if the difference resides in > >> the Java or the Tomcat. > >> > > Tried it a different way. Since TC7 is supposed to support Java 1.6, > switched my TC7 to use the existing Java6. > > No luck. > > Noticed that 7.0.47 is old now. Going to try 7.0.50. > > > Did you try a simple : > > telnet 10.4.1.20 > > (just to see if 'anything' from outside can connect to your AWS/Tomcat > port) > Nope, just timeouts. What's really interesting, I can't seem to get a TC6/Java6 to work now either, at least not a newly installed one. If I uncomment the relevant setup from the original and restart it works. But a fresh TC6 install copying the webapps dir and the Service directory in conf and the server.xml, and I'm having the same problem. Time to run from Amazon!
Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 10:09 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] Sent: Sunday, January 19, 2014 9:19 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey, On 19.1.2014 6:03, Christopher Schultz wrote: Could it be as simple as having set the "address" attribute? +1 BTW, setting attribute preverIPv4Stack=true on server side doesn't mean anything for the client. The client will try to connect with the protocol he prefers. The client may also fall back to other protocol (e.g. if IPv6 connection fails several times, try with IPv4). I see that access log is not configured. Is there a reason for that? Without access log you can't tell if the remote request reaches Tomcat or not. So, for start, I suggest you configure access log for Tomcat 7 and report back if something is logged after you try to connect from the remote host. Note that Tomcat may postpone writes to the log files, so make sure you stop Tomcat before you check your logs. If there is no record of remote requests in Tomcat 7 access logs, I suggest you analyze what is going on with Wireshark or some other packet analyzer. You can that see if the client: 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. which exactly IPv4/v6 adress does it use, 4. is TCP three-way handshake successfull. Only when you confirm that three-way handshake is succsessful and that the destionation IP adress is IPv4 "10.4.1.20", you may say that the request should have reached Tomcat. -Ognjen Added the access log. Absolutely 0 entries from any address that is not the local system. Can you configure your Tomcat-6 to run under your Java-7 ? (in the principle, I think that this should work; I don't know about the practice) This would help determine if the difference resides in the Java or the Tomcat. Tried it a different way. Since TC7 is supposed to support Java 1.6, switched my TC7 to use the existing Java6. No luck. Noticed that 7.0.47 is old now. Going to try 7.0.50. Might also try to follow this : http://www.excelsior-usa.com/articles/tomcat-amazon-ec2-basic.html (Seems quick and painless; just to see if it works then). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: webservices deployment.
Vicky B wrote: HI All, If I want to deploy the webapplication which uses webservice like soap or rest do I need a soap engine or rest engine in tomcat ? Short answer : no. You do not need any "extra additional Tomcat package" for that. The web application is what provides the SOAP or Rest "Web Service". Tomcat just provides the client/server connectivity and the fact of running that web application when the client asks for it. or including libraries in the war file is enough? It should be (I presume you are talking about the war-file containing the "Web Service application"). Maybe the SOAP/Rest web-application of which you are thinking, requires other things to be added to Tomcat before you can use it. But that is an issue of that application, not of Tomcat. The documentation of your web-application will tell you what is needed. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, January 20, 2014 10:09 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey Janner wrote: -Original Message- From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] Sent: Sunday, January 19, 2014 9:19 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey, On 19.1.2014 6:03, Christopher Schultz wrote: Could it be as simple as having set the "address" attribute? +1 BTW, setting attribute preverIPv4Stack=true on server side doesn't mean anything for the client. The client will try to connect with the protocol he prefers. The client may also fall back to other protocol (e.g. if IPv6 connection fails several times, try with IPv4). I see that access log is not configured. Is there a reason for that? Without access log you can't tell if the remote request reaches Tomcat or not. So, for start, I suggest you configure access log for Tomcat 7 and report back if something is logged after you try to connect from the remote host. Note that Tomcat may postpone writes to the log files, so make sure you stop Tomcat before you check your logs. If there is no record of remote requests in Tomcat 7 access logs, I suggest you analyze what is going on with Wireshark or some other packet analyzer. You can that see if the client: 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. which exactly IPv4/v6 adress does it use, 4. is TCP three-way handshake successfull. Only when you confirm that three-way handshake is succsessful and that the destionation IP adress is IPv4 "10.4.1.20", you may say that the request should have reached Tomcat. -Ognjen Added the access log. Absolutely 0 entries from any address that is not the local system. Can you configure your Tomcat-6 to run under your Java-7 ? (in the principle, I think that this should work; I don't know about the practice) This would help determine if the difference resides in the Java or the Tomcat. Tried it a different way. Since TC7 is supposed to support Java 1.6, switched my TC7 to use the existing Java6. No luck. Noticed that 7.0.47 is old now. Going to try 7.0.50. Did you try a simple : telnet 10.4.1.20 (just to see if 'anything' from outside can connect to your AWS/Tomcat port) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
On 1/20/2014 8:08 AM, André Warnier wrote: Jeffrey Janner wrote: -Original Message- From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] Sent: Sunday, January 19, 2014 9:19 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey, On 19.1.2014 6:03, Christopher Schultz wrote: Could it be as simple as having set the "address" attribute? +1 BTW, setting attribute preverIPv4Stack=true on server side doesn't mean anything for the client. The client will try to connect with the protocol he prefers. The client may also fall back to other protocol (e.g. if IPv6 connection fails several times, try with IPv4). I see that access log is not configured. Is there a reason for that? Without access log you can't tell if the remote request reaches Tomcat or not. So, for start, I suggest you configure access log for Tomcat 7 and report back if something is logged after you try to connect from the remote host. Note that Tomcat may postpone writes to the log files, so make sure you stop Tomcat before you check your logs. If there is no record of remote requests in Tomcat 7 access logs, I suggest you analyze what is going on with Wireshark or some other packet analyzer. You can that see if the client: 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. which exactly IPv4/v6 adress does it use, 4. is TCP three-way handshake successfull. Only when you confirm that three-way handshake is succsessful and that the destionation IP adress is IPv4 "10.4.1.20", you may say that the request should have reached Tomcat. -Ognjen Added the access log. Absolutely 0 entries from any address that is not the local system. Can you configure your Tomcat-6 to run under your Java-7 ? (in the principle, I think that this should work; I don't know about the practice) This would help determine if the difference resides in the Java or the Tomcat. This should work. A quick test on my Windows system indicates that Tomcat 6.0.37 / JRE 1.7.0_51 runs fine and allows connections on port 8080 from remote machines. /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
> -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Monday, January 20, 2014 10:09 AM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS > Windows system > > Jeffrey Janner wrote: > >> -Original Message- > >> From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] > >> Sent: Sunday, January 19, 2014 9:19 AM > >> To: Tomcat Users List > >> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on > >> AWS Windows system > >> > >> Jeffrey, > >> > >> On 19.1.2014 6:03, Christopher Schultz wrote: > >>> Could it be as simple as having set the "address" attribute? > >> +1 > >> > >> BTW, setting attribute preverIPv4Stack=true on server side doesn't > >> mean anything for the client. The client will try to connect with > the > >> protocol he prefers. The client may also fall back to other protocol > >> (e.g. if IPv6 connection fails several times, try with IPv4). > >> > >> I see that access log is not configured. Is there a reason for that? > >> > >> Without access log you can't tell if the remote request reaches > >> Tomcat or not. So, for start, I suggest you configure access log for > >> Tomcat 7 and report back if something is logged after you try to > >> connect from the remote host. Note that Tomcat may postpone writes > to > >> the log files, so make sure you stop Tomcat before you check your > logs. > >> > >> If there is no record of remote requests in Tomcat 7 access logs, I > >> suggest you analyze what is going on with Wireshark or some other > >> packet analyzer. You can that see if the client: > >> > >> 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. which > >> exactly IPv4/v6 adress does it use, 4. is TCP three-way handshake > >> successfull. > >> > >> Only when you confirm that three-way handshake is succsessful and > >> that the destionation IP adress is IPv4 "10.4.1.20", you may say > that > >> the request should have reached Tomcat. > >> > >> -Ognjen > > > > Added the access log. Absolutely 0 entries from any address that is > not the local system. > > > > Can you configure your Tomcat-6 to run under your Java-7 ? > (in the principle, I think that this should work; I don't know about > the practice) This would help determine if the difference resides in > the Java or the Tomcat. > Tried it a different way. Since TC7 is supposed to support Java 1.6, switched my TC7 to use the existing Java6. No luck. Noticed that 7.0.47 is old now. Going to try 7.0.50. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: webservices deployment.
On Jan 20, 2014, at 11:17 AM, Vicky B wrote: > if I don't have to do anything special for soap or rest then when going for > paid app server we don't get any other advantage other then support + ejb > container? First, don’t top post. Post inline, like this comment, or at the bottom. Second, Tomcat implements the Servlet, JSP, EL and WebSocket (7.0.x & 8.0.x) specs [1]. This is intentionally a minimal set, that provides a nice foundation on which you build applications. Beyond that, you can include support for other specifications by including the proper JAR files with your application. Things like JPA, Transactions, JSF and others. I believe JAX-WS and JAX-RS are possible to include like this. I don’t use them though, so perhaps someone else can confirm that. As far as what you get from commercial app servers, I’ll leave that up to their marketing pages to explain. Dan [1] - http://tomcat.apache.org/whichversion.html > > > On Sun, Jan 19, 2014 at 7:21 PM, Daniel Mikusa wrote: > >> On Jan 19, 2014, at 4:34 AM, Vicky B wrote: >> >>> HI All, >>> >>> If I want to deploy the webapplication which uses webservice like soap >> or >>> rest do I need a soap engine or rest engine in tomcat ? or including >> libraries in the war file is enough? >> >> You are not required to add anything to Tomcat. You could simply build >> your app with whatever libraries it requires and deploy to Tomcat. I've >> done this with SOAP & REST apps using Spring Web Services & Spring MVC. >> Works great. >> >> Do you have a particular framework / set of libraries you're targeting? >> Perhaps someone on this list has used them with an app deployed to Tomcat. >> >> Dan >> >>> >>> >>> -- >>> >>> >>> >>> *Thanks & Regards Vickyb* >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > > -- > > > > *Thanks & Regards Vickyb* - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: webservices deployment.
if I don't have to do anything special for soap or rest then when going for paid app server we don't get any other advantage other then support + ejb container? On Sun, Jan 19, 2014 at 7:21 PM, Daniel Mikusa wrote: > On Jan 19, 2014, at 4:34 AM, Vicky B wrote: > > > HI All, > > > > If I want to deploy the webapplication which uses webservice like soap > or > > rest do I need a soap engine or rest engine in tomcat ? or including > libraries in the war file is enough? > > You are not required to add anything to Tomcat. You could simply build > your app with whatever libraries it requires and deploy to Tomcat. I've > done this with SOAP & REST apps using Spring Web Services & Spring MVC. > Works great. > > Do you have a particular framework / set of libraries you're targeting? > Perhaps someone on this list has used them with an app deployed to Tomcat. > > Dan > > > > > > > -- > > > > > > > > *Thanks & Regards Vickyb* > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- *Thanks & Regards Vickyb*
RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Friday, January 17, 2014 4:06 PM To: 'Tomcat Users List' Subject: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system OK Guys, I've got a really strange one here. I'm trying to upgrade an existing configuration that is working fine under Tomcat 6. The existing setup is: Amazon Web Services instance (VPC with NAT) Windows Server 2008 R2 Datacenter Java JDK1.6.0_43 Tomcat 6.0.36 APR 1.1.23 (comes in the installer) The setup is working fine under this configuration. On the same system, I've installed: Java JDK1.7.0_51 Tomcat 7.0.47 (added -Djava.net.preferIPv4Stack=true to startup parameters) APR 1.1.29 (comes in the installer) I've copied the application to this setup, and made the necessary adjustments to the server.xml to reflect 7.x changes (I think). When I run the new Tomcat7/Java7 configuration, everything appears to startup correctly, and there are no errors in the logs. I can connect using the server's local IE and the configured "local" IP address. I cannot connect from any system, anywhere, using the "external" IP address. I can stop the Tomcat7 and start the Tomcat6 and immediately connect from anywhere. Is there some flag I'm missing for the APR library? I've also tried it with Tomcat 7.0.42 and Java JDK1.7.0_25 which is working correctly in our local test environment, but I can't get it to work on AWS. For completeness, here's my server.xml and startup log: [server.xml] qwdemo qwdemo.rfxix.com dwdemo dwdemo.rfxix.com [catalina.log] Jan 17, 2014 3:32:59 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR version 1.4.8. Jan 17, 2014 3:32:59 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Jan 17, 2014 3:33:00 PM org.apache.catalina.core.AprLifecycleListener initializeSSL INFO: OpenSSL successfully initialized (OpenSSL 1.0.1e 11 Feb 2013) Jan 17, 2014 3:33:00 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["http-apr-10.4.1.20-80"] Jan 17, 2014 3:33:00 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["http-apr-10.4.1.20-443"] Jan 17, 2014 3:33:00 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1469 ms Jan 17, 2014 3:33:00 PM org.apache.catalina.core.StandardService startInternal INFO: Starting service PolyDemo Jan 17, 2014 3:33:00 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.47 Jan 17, 2014 3:33:00 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor C:\Program Files\Apache Software Foundation\Tomcat 7.0_DEMO7\conf\PolyDemo\dwdemo.polydyne.com\manager.xml Jan 17, 2014 3:33:01 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor C:\Program Files\Apache Software Foundation\Tomcat 7.0_DEMO7\conf\PolyDemo\dwdemo.polydyne.com\polydyne-backend.xml Jan 17, 2014 3:33:02 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor C:\Program Files\Apache Software Foundation\Tomcat 7.0_DEMO7\conf\PolyDemo\dwdemo.polydyne.com\ROOT.xml Jan 17, 2014 3:33:08 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor C:\Program Files\Apache Software Foundation\Tomcat 7.0_DEMO7\conf\PolyDemo\dwdemo.polydyne.com\SupplyWin.xml Jan 17, 2014 3:33:12 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor C:\Program Files\Apache Software Foundation\Tomcat 7.0_DEMO7\conf\PolyDemo\qwdemo.polydyne.com\manager.xml Jan 17, 2014 3:33:12 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor C:\Program Files\Apache Software Foundation\Tomcat 7.0_DEMO7\conf\PolyDemo\qwdemo.polydyne.com\polydyne-backend.xml Jan 17, 2014 3:33:13 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor C:\Program Files\Apache Software Foundation\Tomcat 7.0_DEMO7\conf\PolyDemo\qwdemo.polydyne.com\ROOT.xml Jan 17, 2014 3:33:17 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor C:\Program Files\Apache Software Foundation\Tomcat 7.0_DEMO7\conf\PolyDemo\qwdemo.polydyne.com\SupplyWin.xml Jan 17, 2014 3:33:21 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["http-apr-10.4.1.20-80"] Jan 17, 2014 3:33:21 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["http-apr-
Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
Jeffrey Janner wrote: -Original Message- From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] Sent: Sunday, January 19, 2014 9:19 AM To: Tomcat Users List Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system Jeffrey, On 19.1.2014 6:03, Christopher Schultz wrote: Could it be as simple as having set the "address" attribute? +1 BTW, setting attribute preverIPv4Stack=true on server side doesn't mean anything for the client. The client will try to connect with the protocol he prefers. The client may also fall back to other protocol (e.g. if IPv6 connection fails several times, try with IPv4). I see that access log is not configured. Is there a reason for that? Without access log you can't tell if the remote request reaches Tomcat or not. So, for start, I suggest you configure access log for Tomcat 7 and report back if something is logged after you try to connect from the remote host. Note that Tomcat may postpone writes to the log files, so make sure you stop Tomcat before you check your logs. If there is no record of remote requests in Tomcat 7 access logs, I suggest you analyze what is going on with Wireshark or some other packet analyzer. You can that see if the client: 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3. which exactly IPv4/v6 adress does it use, 4. is TCP three-way handshake successfull. Only when you confirm that three-way handshake is succsessful and that the destionation IP adress is IPv4 "10.4.1.20", you may say that the request should have reached Tomcat. -Ognjen Added the access log. Absolutely 0 entries from any address that is not the local system. Can you configure your Tomcat-6 to run under your Java-7 ? (in the principle, I think that this should work; I don't know about the practice) This would help determine if the difference resides in the Java or the Tomcat. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
> -Original Message- > From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] > Sent: Sunday, January 19, 2014 9:19 AM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS > Windows system > > Jeffrey, > > On 19.1.2014 6:03, Christopher Schultz wrote: > >> > > > Could it be as simple as having set the "address" attribute? > > +1 > > BTW, setting attribute preverIPv4Stack=true on server side doesn't mean > anything for the client. The client will try to connect with the > protocol he prefers. The client may also fall back to other protocol > (e.g. if IPv6 connection fails several times, try with IPv4). > > I see that access log is not configured. Is there a reason for that? > > Without access log you can't tell if the remote request reaches Tomcat > or not. So, for start, I suggest you configure access log for Tomcat 7 > and report back if something is logged after you try to connect from > the remote host. Note that Tomcat may postpone writes to the log files, > so make sure you stop Tomcat before you check your logs. > > If there is no record of remote requests in Tomcat 7 access logs, I > suggest you analyze what is going on with Wireshark or some other > packet analyzer. You can that see if the client: > > 1. tries to connect using IPv6 or IPv4, > 2. is falling back, > 3. which exactly IPv4/v6 adress does it use, 4. is TCP three-way > handshake successfull. > > Only when you confirm that three-way handshake is succsessful and that > the destionation IP adress is IPv4 "10.4.1.20", you may say that the > request should have reached Tomcat. > > -Ognjen Added the access log. Absolutely 0 entries from any address that is not the local system.
RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
> -Original Message- > From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com] > Sent: Sunday, January 19, 2014 9:19 AM > To: Tomcat Users List > Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS > Windows system > > Jeffrey, > > On 19.1.2014 6:03, Christopher Schultz wrote: > >> > > > Could it be as simple as having set the "address" attribute? > > +1 > -1 The "address" attribute is a standard parameter of the and should have no bearing on the issue, other than informing the connector to ONLY listen on the IPv4 address/port combination specified. This is exactly what is happening as confirmed by netstat. In addition, everything about this Amazon instance is IPv4, from the external IP address, to the internal addressing, to the DNS lookup of the hostname. Therefore, the client should only be accessing via the IPv4 mechanism. In addition, the host supports several Tomcat instances and hosts, so the "address" attribute is required. As a further note, this is the exact same configuration which works on the same server for Tomcat 6. C:\Users\Administrator>netstat -ano Active Connections Proto Local Address Foreign AddressState PID TCP0.0.0.0:25 0.0.0.0:0 LISTENING 1244 TCP0.0.0.0:1350.0.0.0:0 LISTENING 792 TCP0.0.0.0:4450.0.0.0:0 LISTENING 4 TCP0.0.0.0:3389 0.0.0.0:0 LISTENING 1944 TCP0.0.0.0:5985 0.0.0.0:0 LISTENING 4 TCP0.0.0.0:8086 0.0.0.0:0 LISTENING 14676 TCP0.0.0.0:8087 0.0.0.0:0 LISTENING 1592 TCP0.0.0.0:8088 0.0.0.0:0 LISTENING 7596 TCP0.0.0.0:8089 0.0.0.0:0 LISTENING 4100 TCP0.0.0.0:8090 0.0.0.0:0 LISTENING 19600 TCP10.4.1.20:80 0.0.0.0:0 LISTENING 19600 TCP10.4.1.20:443 0.0.0.0:0 LISTENING 19600 Interestingly, even though IPv6 is unchecked in the Windows network properties, the stack is still available and if the address is unspecified, you will get some IPv6 connections configured. TCP[::]:135 [::]:0 LISTENING 792 TCP[::]:445 [::]:0 LISTENING 4 TCP[::]:3389 [::]:0 LISTENING 1944 TCP[::]:5985 [::]:0 LISTENING 4 TCP[::]:8086 [::]:0 LISTENING 14676 TCP[::]:8087 [::]:0 LISTENING 1592 TCP[::]:8088 [::]:0 LISTENING 7596 TCP[::]:8089 [::]:0 LISTENING 4100 > BTW, setting attribute preverIPv4Stack=true on server side doesn't mean > anything for the client. The client will try to connect with the > protocol he prefers. The client may also fall back to other protocol > (e.g. if IPv6 connection fails several times, try with IPv4). I wasn't sure if the preferIPv4Stack would impact this, but I do know that I need it in order to connect to the SMTP server located on the host via localhost when using Java 7. (that might be more to do with the SMTP config) > > I see that access log is not configured. Is there a reason for that? > > Without access log you can't tell if the remote request reaches Tomcat > or not. So, for start, I suggest you configure access log for Tomcat 7 > and report back if something is logged after you try to connect from > the remote host. Note that Tomcat may postpone writes to the log files, > so make sure you stop Tomcat before you check your logs. > > If there is no record of remote requests in Tomcat 7 access logs, I > suggest you analyze what is going on with Wireshark or some other > packet analyzer. You can that see if the client: > > 1. tries to connect using IPv6 or IPv4, > 2. is falling back, > 3. which exactly IPv4/v6 adress does it use, 4. is TCP three-way > handshake successfull. > > Only when you confirm that three-way handshake is succsessful and that > the destionation IP adress is IPv4 "10.4.1.20", you may say that the > request should have reached Tomcat. > > -Ognjen > I can certainly add an access log. It wasn't there since this is a test instance. The client is essentially timing out when connecting via the "external IP". I wouldn't expect this to happen, as NAT usually just works. The overall point of this post is that the only things changed in the setup is the versions of Tomcat/APR/Java being used. I'm wondering if I'm missing something in the config, because I would expect that NAT would just work. Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.a