Re: Regarding IPv6 support

[Nitish Chitta]

Thanks for all the responses.

Regards,
Nitish

On Wed, Aug 3, 2022 at 2:58 PM Konstantin Kolinko 
wrote:

> ср, 3 авг. 2022 г. в 10:19, Nitish Chitta :
> >
> > Hello Team,
> > I wanted to know if Tomcat 7 supports requests with IPv6 addresses in the
> > URL as I am getting an HTTP 404 error when trying to hit the server with
> an
> > IPv6 address.
>
> 1. Tomcat 7 has reached  End of Life and is no longer supported.
>
> 2. If the server answers with 404 it means that it does work and can
> answer.
>
> Check your access logs (as generated by AccessLogValve) to see
>
> a.. that the server receives the requests
> b. what is the actual IP address of your client, as seen by the server.
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Regarding IPv6 support

[Konstantin Kolinko]

ср, 3 авг. 2022 г. в 10:19, Nitish Chitta :
>
> Hello Team,
> I wanted to know if Tomcat 7 supports requests with IPv6 addresses in the
> URL as I am getting an HTTP 404 error when trying to hit the server with an
> IPv6 address.

1. Tomcat 7 has reached  End of Life and is no longer supported.

2. If the server answers with 404 it means that it does work and can answer.

Check your access logs (as generated by AccessLogValve) to see

a.. that the server receives the requests
b. what is the actual IP address of your client, as seen by the server.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Regarding IPv6 support

[Jason Wee]

check if tomcat is listening on ipv6, using ss or netstat command.
need more details about your environment, how requests are pass to
container, etc...

On Wed, Aug 3, 2022 at 3:26 PM Nitish Chitta  wrote:
>
> I have done the required changes i.e added the IPv6 address to the
> connector that the server should listen on. Do I have to add any other
> property or am I missing something?
>
> On Wed, Aug 3, 2022 at 12:51 PM Jason Wee  wrote:
>
> > yes, it should, read here
> > https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
> >
> > On Wed, Aug 3, 2022 at 3:19 PM Nitish Chitta 
> > wrote:
> > >
> > > Hello Team,
> > > I wanted to know if Tomcat 7 supports requests with IPv6 addresses in the
> > > URL as I am getting an HTTP 404 error when trying to hit the server with
> > an
> > > IPv6 address.
> > >
> > > Thanks & Regards,
> > > Nitish
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Regarding IPv6 support

[Han Li]

> 2022年8月3日 15:18，Nitish Chitta  写道：
> 
> Hello Team,
> I wanted to know if Tomcat 7 supports requests with IPv6 addresses in the
> URL as I am getting an HTTP 404 error when trying to hit the server with an
> IPv6 address.

Don’t you get a 404 error when you use an IPV4 address?

> 
> Thanks & Regards,
> Nitish


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Regarding IPv6 support

[Nitish Chitta]

I have done the required changes i.e added the IPv6 address to the
connector that the server should listen on. Do I have to add any other
property or am I missing something?

On Wed, Aug 3, 2022 at 12:51 PM Jason Wee  wrote:

> yes, it should, read here
> https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
>
> On Wed, Aug 3, 2022 at 3:19 PM Nitish Chitta 
> wrote:
> >
> > Hello Team,
> > I wanted to know if Tomcat 7 supports requests with IPv6 addresses in the
> > URL as I am getting an HTTP 404 error when trying to hit the server with
> an
> > IPv6 address.
> >
> > Thanks & Regards,
> > Nitish
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Regarding IPv6 support

[Jason Wee]

yes, it should, read here
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html

On Wed, Aug 3, 2022 at 3:19 PM Nitish Chitta  wrote:
>
> Hello Team,
> I wanted to know if Tomcat 7 supports requests with IPv6 addresses in the
> URL as I am getting an HTTP 404 error when trying to hit the server with an
> IPv6 address.
>
> Thanks & Regards,
> Nitish

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Regarding IPv6 support

[Nitish Chitta]

Hello Team,
I wanted to know if Tomcat 7 supports requests with IPv6 addresses in the
URL as I am getting an HTTP 404 error when trying to hit the server with an
IPv6 address.

Thanks & Regards,
Nitish

Re: AccessLogValve and IPv6 string representation (RFC 5952 section 4)

[Manuel Dominguez Sarmiento]

Nevermind. For some reason we had omitted this is already supported by the 
ipv6Canonical flag. 

RTFM!

Manuel Dominguez Sarmiento


> On 13 Apr 2020, at 20:46, Manuel Dominguez Sarmiento  wrote:
> 
>  Hi, we are in the middle of a thorough review to fully support IPv6 across 
> our platform. It has come to our attention that Java does not fully conform 
> to RFC 5952 section 4 which deals with IPv6 zero compression (i.e. ::1 
> instead of 0:0:0:0:0:0:0:1 for localhost). We have confirmed that Tomcat's 
> AccessLogValve is using the standard Java implementation. How can we 
> guarantee zero compression to be used in AccessLogValve?
> 
> We are using Guava's InetAddresses.toAddrString() across our systems to deal 
> with this. We know we can use a custom AccessLogValve extending the standard 
> behaviour, but we were wondering whether there was any other solution, option 
> or flag around this. We've thought of using a custom request attribute to 
> hold the IP address, but this is not very elegant. In particular, we'd lose 
> the IP address if the filter we would use to set the request attribute is not 
> invoked for any reason.
> 
> This is not minor, since we use access logs a lot to diagnose issues, and 
> cross-reference IP addresses with many other systems which are fully RFC 
> 5952-compliant. Having separate representations for the same IP address will 
> eventually lead to either trouble, misdiagnosis, missed records, etc.
> 
> Any suggestions?
> 
> Manuel Dominguez Sarmiento
> 

Re: AccessLogValve and IPv6 string representation (RFC 5952 section 4)

[Michael Osipov]

Am 2020-04-14 um 01:45 schrieb Manuel Dominguez Sarmiento:
Hi, we are in the middle of a thorough review to fully support IPv6 
across our platform. It has come to our attention that Java does not 
fully conform to RFC 5952 section 4 which deals with IPv6 zero 
compression (i.e. ::1 instead of 0:0:0:0:0:0:0:1 for localhost). We have 
confirmed that Tomcat's AccessLogValve is using the standard Java 
implementation. How can we guarantee zero compression to be used in 
AccessLogValve?


Are you explicitly referring to:

4.2.1.  Shorten as Much as Possible

   The use of the symbol "::" MUST be used to its maximum capability.
   For example, 2001:db8:0:0:0:0:2:1 must be shortened to 2001:db8::2:1.
   Likewise, 2001:db8::0:1 is not acceptable, because the symbol "::"
   could have been used to produce a shorter representation 2001:db8::1.


Have you considered raising with net-...@openjdk.java.net?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

AccessLogValve and IPv6 string representation (RFC 5952 section 4)

[Manuel Dominguez Sarmiento]

Hi, we are in the middle of a thorough review to fully support IPv6 
across our platform. It has come to our attention that Java does not 
fully conform to RFC 5952 section 4 which deals with IPv6 zero 
compression (i.e. ::1 instead of 0:0:0:0:0:0:0:1 for localhost). We have 
confirmed that Tomcat's AccessLogValve is using the standard Java 
implementation. How can we guarantee zero compression to be used in 
AccessLogValve?


We are using Guava's InetAddresses.toAddrString() across our systems to 
deal with this. We know we can use a custom AccessLogValve extending the 
standard behaviour, but we were wondering whether there was any other 
solution, option or flag around this. We've thought of using a custom 
request attribute to hold the IP address, but this is not very elegant. 
In particular, we'd lose the IP address if the filter we would use to 
set the request attribute is not invoked for any reason.


This is not minor, since we use access logs a lot to diagnose issues, 
and cross-reference IP addresses with many other systems which are fully 
RFC 5952-compliant. Having separate representations for the same IP 
address will eventually lead to either trouble, misdiagnosis, missed 
records, etc.


Any suggestions?

*Manuel Dominguez Sarmiento*

Re: Tomcat and IPv6

[Martin Grigorov]

Hi,

On Tue, Mar 17, 2020 at 9:22 PM 
wrote:

> We have a team having issues with Tomcat, AJP, and switching to IPv6. They
> are currently running version 9.0.31. Below are the errors being received:
>
> [Tue Mar 17 10:50:38 2020] [1412:139846332929792] [error]
> ajp_service::jk_ajp_common.c (2796): (Greenworker1) connecting to tomcat
> failed (rc=-3, errors=13, client_errors=0).
> [Tue Mar 17 10:50:38 2020] [1412:139846332929792] [error]
> service::jk_lb_worker.c (1686): All tomcat instances failed, no more
> workers left
> [Tue Mar 17 10:50:38 2020] [1408:139846332929792] [error]
> ajp_send_request::jk_ajp_common.c (1725): (Greenworker1) connecting to
> backend failed. Tomcat is probably not started or is listening on the wrong
> port (errno=111)
>
> Here is the connector from the server.xml
>
>  packetSize="65536"
> maxKeepAliveRequests="-1" protocol="AJP/1.3" secretRequired="false"
> address="::" />
>

Check Tomcat's logs.
Check whether it has bound at port 6209: netstat -antp | grep 6209

Martin


>
>
> And here is the info from web server workers.properties
>
> cat workers.properties
>
> # for OLTP web instance
> # Define a worker named 'worker1' (more workers can be added as comma
> separated values)
> worker.list=loadbalancer
>
> # Default Worker Properties
> worker.workerDefault.type=ajp13
> worker.workerDefault.port=6209
> worker.workerDefault.lbfactor=1
> worker.workerDefault.socket_timeout=300
> worker.workerDefault.socket_keepalive=true
> worker.workerDefault.connection_pool_timeout=300
> worker.workerDefault.connection_pool_minsize=1
> worker.workerDefault.connection_pool_size=225
> worker.workerDefault.max_packet_size=65536
>
> # Node #1 properties
> worker.Greenworker1.reference=worker.workerDefault
> worker.Greenworker1.host=
>
> # Node #2 properties
> #worker.Greenworker2.reference=worker.workerDefault
> #worker.Greenworker2.host=
>
> # Node #3 properties
> #worker.Greenworker3.reference=worker.workerDefault
> #worker.Greenworker3.host=
>
> # Load-balancing behaviour
> worker.loadbalancer.type=lb
> worker.loadbalancer.balance_workers=Greenworker1
> worker.loadbalancer.sticky_session=1
>
>
> For HOST1, etc. should this be the IPv6 address or what?
>
> Thanks,
>
> Dream * Excel * Explore * Inspire
> Jon McAlexander
> Asst Vice President
>
> Middleware Product Engineering
> Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
>
> Upcoming PTO: 11/8, 11/11, 11/15, 11/22, 11/28, 11/29, 12/2, 12/6, 12/13,
> 12/20 - 12/31
>
> 8080 Cobblestone Rd | Urbandale, IA 50322
> MAC: F4469-010
> Tel 515-988-2508 | Cell 515-988-2508
>
> jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
>
>
> This message may contain confidential and/or privileged information. If
> you are not the addressee or authorized to receive this for the addressee,
> you must not use, copy, disclose, or take any action based on this message
> or any information herein. If you have received this message in error,
> please advise the sender immediately by reply e-mail and delete this
> message. Thank you for your cooperation.
>
>

Tomcat and IPv6

[jonmcalexander]

We have a team having issues with Tomcat, AJP, and switching to IPv6. They are 
currently running version 9.0.31. Below are the errors being received:

[Tue Mar 17 10:50:38 2020] [1412:139846332929792] [error] 
ajp_service::jk_ajp_common.c (2796): (Greenworker1) connecting to tomcat failed 
(rc=-3, errors=13, client_errors=0).
[Tue Mar 17 10:50:38 2020] [1412:139846332929792] [error] 
service::jk_lb_worker.c (1686): All tomcat instances failed, no more workers 
left
[Tue Mar 17 10:50:38 2020] [1408:139846332929792] [error] 
ajp_send_request::jk_ajp_common.c (1725): (Greenworker1) connecting to backend 
failed. Tomcat is probably not started or is listening on the wrong port 
(errno=111)

Here is the connector from the server.xml




And here is the info from web server workers.properties

cat workers.properties

# for OLTP web instance
# Define a worker named 'worker1' (more workers can be added as comma separated 
values)
worker.list=loadbalancer

# Default Worker Properties
worker.workerDefault.type=ajp13
worker.workerDefault.port=6209
worker.workerDefault.lbfactor=1
worker.workerDefault.socket_timeout=300
worker.workerDefault.socket_keepalive=true
worker.workerDefault.connection_pool_timeout=300
worker.workerDefault.connection_pool_minsize=1
worker.workerDefault.connection_pool_size=225
worker.workerDefault.max_packet_size=65536

# Node #1 properties
worker.Greenworker1.reference=worker.workerDefault
worker.Greenworker1.host=

# Node #2 properties
#worker.Greenworker2.reference=worker.workerDefault
#worker.Greenworker2.host=

# Node #3 properties
#worker.Greenworker3.reference=worker.workerDefault
#worker.Greenworker3.host=

# Load-balancing behaviour
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=Greenworker1
worker.loadbalancer.sticky_session=1


For HOST1, etc. should this be the IPv6 address or what?

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President

Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions

Upcoming PTO: 11/8, 11/11, 11/15, 11/22, 11/28, 11/29, 12/2, 12/6, 12/13, 12/20 
- 12/31

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>


This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[tomcat/perl]

On 10.03.2020 15:44, Martin Grigorov wrote:

On Tue, Mar 10, 2020 at 3:56 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Martin,

On 3/10/20 04:43, Martin Grigorov wrote:

We can define custom address like "loopback" for which Tomcat will
bind on both "127.0.0.1" and "::1" depending on the values of
java.net.preferIPv4Stack and java.net.preferIPv6Addresses, but I
am not sure whether it is worth it

This is kind of an interesting suggestion, as would maybe supporting
"all" as an alias for both 0.0.0.0 and :: together (the old default
behavior, which is no longer possible with a single ).

Are there any examples of these kinds of things in other products, or
does everyone just manually define two separate connector-like entities?

httpd just does:

   Listen 0.0.0.0
   Listen ::

Which is pretty simple. Tomcat's  configuration is a lot
more verbose and so repeating it is doubly so.



Another option is to make "address" attribute multi valued, e.g.
comma/space separated.



My 2 cent :

Since the changes were necessary, have been made and are presumably there to stay, and 
since this seems to have caused a lot of confusion with a lot of sysadmins, mainly among 
the ones which had a working front-end/back-end configuration, which suddenly stopped 
working when they made a minor version upgrade. And since even so, it seems that when the 
change was made, there was quite an underestimate of the side-effects and the impact this 
would have in the practical reality out there, should there not be a separate addition to 
the documentation, explaining this AJP Connector and its settings "from the ground up", 
starting with the fact that currently, it is basically insecure if used on an open network 
(and that this was not its original purpose).

(At least that's my sysadmin-level understanding of what I've read here so far).

And when talking about changing some Connector attributes, maybe a review should be made 
first, downwards as well as upwards :
- downwards : ultimately a Connector represents a socket (or more than one ?), at the OS 
TCP/IP stack level. Some information from that OS-level socket presumably "filters up" 
through whatever layers there can be between it, and the container level and the Java 
servlets running inside that container. Is that information liklely to be used at the 
application level, and would proposed changes be neutral in that respect ?
- upwards : it seems from the accumulated discussions here, that (for example) to 
implement some of the changes/improvement, users (sysadmins) may have to go as far as 
duplicating the whole Connector tag, to implement the "listen only on localhost" feature 
(but, that this depends both on the underlying OS and on the in-between layer between that 
OS and the Connector). And, if some application software currently "interrogates" the 
Connector to find out about its IP address (or the IP address of the client connected to 
it), what answer would it get if the "address" attribute would become multi-value ? 
/Could/ it even get such an answer, if the underlying socket is not one, but two ?


I don't know the answer to the above questions, and I don't even know whether they really 
are valid questions.  But again, I look at this from a sysadmin configurator point of 
view, without necessarily a deep understanding on the Java finery underlying all this, and 
I'm quite confused and worried that I could inadvertently break some user application and 
not really understand why.


And maybe another underlying question : is it really unthinkable to have an AJP connection 
capable of running under SSL ? (I mean directly, not under some external setup like 
stunnel e.g.)






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[tomcat/perl]

On 11.03.2020 09:30, Piyush Kumar Nayak wrote:

What's the point of " ipv6v6only" attribute. The doc says :
"If listening on an IPv6 address on a dual stack system, should the connector only 
listen on the IPv6 address? If not specified the default is false and the connector will 
listen on the IPv6 address and the equivalent IPv4 address if present."

So if I set address to "::1" and " ipv6v6only" is left to its default, 
shouldn’t, the connector listen to both the addresses.



I guess it depends on the precise meaning of "on a dual stack system" ..




-Original Message-
From: Martin Grigorov 
Sent: Tuesday, March 10, 2020 8:14 PM
To: Tomcat Users List 
Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

On Tue, Mar 10, 2020 at 3:56 PM Christopher Schultz < 
ch...@christopherschultz.net> wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Martin,

On 3/10/20 04:43, Martin Grigorov wrote:

We can define custom address like "loopback" for which Tomcat will
bind on both "127.0.0.1" and "::1" depending on the values of
java.net.preferIPv4Stack and java.net.preferIPv6Addresses, but I am
not sure whether it is worth it

This is kind of an interesting suggestion, as would maybe supporting
"all" as an alias for both 0.0.0.0 and :: together (the old default
behavior, which is no longer possible with a single ).

Are there any examples of these kinds of things in other products, or
does everyone just manually define two separate connector-like entities?

httpd just does:

   Listen 0.0.0.0
   Listen ::

Which is pretty simple. Tomcat's  configuration is a lot
more verbose and so repeating it is doubly so.



Another option is to make "address" attribute multi valued, e.g.
comma/space separated.

Martin




- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5nnHEACgkQHPApP6U8
pFirYA/9HvjI2fX//oqTFvmgGXW/7memXkrUkMiQ3JrUhwc5KrSn4CJAamwiqzTr
Lm+CACeEuiMK4qGbQ+NSpfql0k1pb8BUTX7Ut/KW1lsa8t/DY2DU0SNBw3mvnfL1
XoTsAbQgswpoxozZe11ZZyo42O2BCqTcO8Yp2X3K6DUAGvusPl00VMzpYfgsoLCv
ZvxljLPRY5szRfCf7qrXOtPoByxvnKX2coQBIKJ8+MEKIo6ZApNX8OPf2HNGjvPT
/OCRef/+uIXQaGIYOS8OlNxmFLEs/iGPZ2412l0rAA1hArlW4yCe7eDe3RCbiMeH
FKHbqgbTRPNXWTqf3/BqEimcQj6YdXm+k019IDWGS7vhfPkiBci6qbKO9GLVjSct
4R9J++/s5CQp7zC3aM1kS5Paoho+CMevMneD0c6m4lGvM007jX4yr1z3QZxtFzqg
KpcYieJgWGl0pOVw4s5YnngK1WXosb7gyjEN7ktPEE4xdeTk57shceGg1YDDRpyG
n9gtwiXJf1zwUMOq0ttHNNvLdXL+y2Ud7adG5Sjg/5Y3RCP9vAQNdq+CcHS3aLGo
WVfME5zcrSJlpD0arqg5ZNduYMAwgvO1GEnqfFEfEKpPXJNXAzX9YtCm0/ckFMC6
gB7xVv72Ow7kmsftA478+nPCiZTwmkVyLqVoOIr0+OSTn0tiDu0=
=ewrT
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[Piyush Kumar Nayak]

What's the point of " ipv6v6only" attribute. The doc says :
"If listening on an IPv6 address on a dual stack system, should the connector 
only listen on the IPv6 address? If not specified the default is false and the 
connector will listen on the IPv6 address and the equivalent IPv4 address if 
present. "

So if I set address to "::1" and " ipv6v6only" is left to its default, 
shouldn’t, the connector listen to both the addresses.


-Original Message-
From: Martin Grigorov  
Sent: Tuesday, March 10, 2020 8:14 PM
To: Tomcat Users List 
Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

On Tue, Mar 10, 2020 at 3:56 PM Christopher Schultz < 
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Martin,
>
> On 3/10/20 04:43, Martin Grigorov wrote:
> > We can define custom address like "loopback" for which Tomcat will 
> > bind on both "127.0.0.1" and "::1" depending on the values of 
> > java.net.preferIPv4Stack and java.net.preferIPv6Addresses, but I am 
> > not sure whether it is worth it
> This is kind of an interesting suggestion, as would maybe supporting 
> "all" as an alias for both 0.0.0.0 and :: together (the old default 
> behavior, which is no longer possible with a single ).
>
> Are there any examples of these kinds of things in other products, or 
> does everyone just manually define two separate connector-like entities?
>
> httpd just does:
>
>   Listen 0.0.0.0
>   Listen ::
>
> Which is pretty simple. Tomcat's  configuration is a lot 
> more verbose and so repeating it is doubly so.
>

Another option is to make "address" attribute multi valued, e.g.
comma/space separated.

Martin


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5nnHEACgkQHPApP6U8
> pFirYA/9HvjI2fX//oqTFvmgGXW/7memXkrUkMiQ3JrUhwc5KrSn4CJAamwiqzTr
> Lm+CACeEuiMK4qGbQ+NSpfql0k1pb8BUTX7Ut/KW1lsa8t/DY2DU0SNBw3mvnfL1
> XoTsAbQgswpoxozZe11ZZyo42O2BCqTcO8Yp2X3K6DUAGvusPl00VMzpYfgsoLCv
> ZvxljLPRY5szRfCf7qrXOtPoByxvnKX2coQBIKJ8+MEKIo6ZApNX8OPf2HNGjvPT
> /OCRef/+uIXQaGIYOS8OlNxmFLEs/iGPZ2412l0rAA1hArlW4yCe7eDe3RCbiMeH
> FKHbqgbTRPNXWTqf3/BqEimcQj6YdXm+k019IDWGS7vhfPkiBci6qbKO9GLVjSct
> 4R9J++/s5CQp7zC3aM1kS5Paoho+CMevMneD0c6m4lGvM007jX4yr1z3QZxtFzqg
> KpcYieJgWGl0pOVw4s5YnngK1WXosb7gyjEN7ktPEE4xdeTk57shceGg1YDDRpyG
> n9gtwiXJf1zwUMOq0ttHNNvLdXL+y2Ud7adG5Sjg/5Y3RCP9vAQNdq+CcHS3aLGo
> WVfME5zcrSJlpD0arqg5ZNduYMAwgvO1GEnqfFEfEKpPXJNXAzX9YtCm0/ckFMC6
> gB7xVv72Ow7kmsftA478+nPCiZTwmkVyLqVoOIr0+OSTn0tiDu0=
> =ewrT
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[Martin Grigorov]

On Tue, Mar 10, 2020 at 3:56 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Martin,
>
> On 3/10/20 04:43, Martin Grigorov wrote:
> > We can define custom address like "loopback" for which Tomcat will
> > bind on both "127.0.0.1" and "::1" depending on the values of
> > java.net.preferIPv4Stack and java.net.preferIPv6Addresses, but I
> > am not sure whether it is worth it
> This is kind of an interesting suggestion, as would maybe supporting
> "all" as an alias for both 0.0.0.0 and :: together (the old default
> behavior, which is no longer possible with a single ).
>
> Are there any examples of these kinds of things in other products, or
> does everyone just manually define two separate connector-like entities?
>
> httpd just does:
>
>   Listen 0.0.0.0
>   Listen ::
>
> Which is pretty simple. Tomcat's  configuration is a lot
> more verbose and so repeating it is doubly so.
>

Another option is to make "address" attribute multi valued, e.g.
comma/space separated.

Martin


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5nnHEACgkQHPApP6U8
> pFirYA/9HvjI2fX//oqTFvmgGXW/7memXkrUkMiQ3JrUhwc5KrSn4CJAamwiqzTr
> Lm+CACeEuiMK4qGbQ+NSpfql0k1pb8BUTX7Ut/KW1lsa8t/DY2DU0SNBw3mvnfL1
> XoTsAbQgswpoxozZe11ZZyo42O2BCqTcO8Yp2X3K6DUAGvusPl00VMzpYfgsoLCv
> ZvxljLPRY5szRfCf7qrXOtPoByxvnKX2coQBIKJ8+MEKIo6ZApNX8OPf2HNGjvPT
> /OCRef/+uIXQaGIYOS8OlNxmFLEs/iGPZ2412l0rAA1hArlW4yCe7eDe3RCbiMeH
> FKHbqgbTRPNXWTqf3/BqEimcQj6YdXm+k019IDWGS7vhfPkiBci6qbKO9GLVjSct
> 4R9J++/s5CQp7zC3aM1kS5Paoho+CMevMneD0c6m4lGvM007jX4yr1z3QZxtFzqg
> KpcYieJgWGl0pOVw4s5YnngK1WXosb7gyjEN7ktPEE4xdeTk57shceGg1YDDRpyG
> n9gtwiXJf1zwUMOq0ttHNNvLdXL+y2Ud7adG5Sjg/5Y3RCP9vAQNdq+CcHS3aLGo
> WVfME5zcrSJlpD0arqg5ZNduYMAwgvO1GEnqfFEfEKpPXJNXAzX9YtCm0/ckFMC6
> gB7xVv72Ow7kmsftA478+nPCiZTwmkVyLqVoOIr0+OSTn0tiDu0=
> =ewrT
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Martin,

On 3/10/20 04:43, Martin Grigorov wrote:
> We can define custom address like "loopback" for which Tomcat will
> bind on both "127.0.0.1" and "::1" depending on the values of
> java.net.preferIPv4Stack and java.net.preferIPv6Addresses, but I
> am not sure whether it is worth it
This is kind of an interesting suggestion, as would maybe supporting
"all" as an alias for both 0.0.0.0 and :: together (the old default
behavior, which is no longer possible with a single ).

Are there any examples of these kinds of things in other products, or
does everyone just manually define two separate connector-like entities?

httpd just does:

  Listen 0.0.0.0
  Listen ::

Which is pretty simple. Tomcat's  configuration is a lot
more verbose and so repeating it is doubly so.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5nnHEACgkQHPApP6U8
pFirYA/9HvjI2fX//oqTFvmgGXW/7memXkrUkMiQ3JrUhwc5KrSn4CJAamwiqzTr
Lm+CACeEuiMK4qGbQ+NSpfql0k1pb8BUTX7Ut/KW1lsa8t/DY2DU0SNBw3mvnfL1
XoTsAbQgswpoxozZe11ZZyo42O2BCqTcO8Yp2X3K6DUAGvusPl00VMzpYfgsoLCv
ZvxljLPRY5szRfCf7qrXOtPoByxvnKX2coQBIKJ8+MEKIo6ZApNX8OPf2HNGjvPT
/OCRef/+uIXQaGIYOS8OlNxmFLEs/iGPZ2412l0rAA1hArlW4yCe7eDe3RCbiMeH
FKHbqgbTRPNXWTqf3/BqEimcQj6YdXm+k019IDWGS7vhfPkiBci6qbKO9GLVjSct
4R9J++/s5CQp7zC3aM1kS5Paoho+CMevMneD0c6m4lGvM007jX4yr1z3QZxtFzqg
KpcYieJgWGl0pOVw4s5YnngK1WXosb7gyjEN7ktPEE4xdeTk57shceGg1YDDRpyG
n9gtwiXJf1zwUMOq0ttHNNvLdXL+y2Ud7adG5Sjg/5Y3RCP9vAQNdq+CcHS3aLGo
WVfME5zcrSJlpD0arqg5ZNduYMAwgvO1GEnqfFEfEKpPXJNXAzX9YtCm0/ckFMC6
gB7xVv72Ow7kmsftA478+nPCiZTwmkVyLqVoOIr0+OSTn0tiDu0=
=ewrT
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[Martin Grigorov]

Hi,

On Mon, Mar 9, 2020 at 9:34 PM Piyush Kumar Nayak 
wrote:

> There appears to be a change in the behavior of AJP connector in Tomcat,
> with respect to the protocol stack of the loopback address it binds to.
> With older versions it binds to both IPv6 and IPv4 interface, but with
> 9.0.31 it appears to bind to IPv4 only, if the address attribute is removed
> from the connector config


Do you use java.net.preferIPv4Stack or java.net.preferIPv6Stack system
properties ?
Tomcat Ajp protocol
uses getEndpoint().setAddress(InetAddress.getLoopbackAddress()); [1] which
by default would use ipv6 [2].
netstat would print 127.0.0.1 but the protocol will be tcp6 (first column),
not tcp

1.
https://github.com/apache/tomcat/blob/613babf191855c9bfed845b6926c012965840849/java/org/apache/coyote/ajp/AbstractAjpProtocol.java#L53
2.
https://docs.oracle.com/javase/8/docs/technotes/guides/net/ipv6_guide/index.html


The problem is that the server socket can bind only on one interface (ipv4
or ipv6) or all interfaces (both ipv4 and ipv6 + both loopback and external
ones), but there is no option to bind only all loopback interfaces.
I've just played a bit with this, binding on
netAddress.getLoopbackAddress() gives (Ubuntu 19.10):

tcp6   0  0 127.0.0.1:23456 :::*LISTEN
 11756/java

and then I can connect to it by using either "localhost" or "127.0.0.1" as
a hostname for the client socket.
Using "::1" or any of 127.x.y.z different than 127.0.0.1 fails as well. I
need to bind a ServerSocket for those additionally to make it work.

As we have found in one of the mail threads few days ago at the moment the
only way to bind to several addresses is to have two  elements
in server.xml - one for "127.0.0.1" and another for "::1". If one needs to
listen on 127.0.0.2
then a third  would be needed.

We can define custom address like "loopback" for which Tomcat will bind on
both "127.0.0.1" and "::1" depending on the values
of java.net.preferIPv4Stack and java.net.preferIPv6Addresses, but I am not
sure whether it is worth it

So ugly test code ahead:import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.nio.charset.StandardCharsets;

/**
 *
 */
public class Test {

   public static class Server {
  public static void main(String[] args) throws IOException {
 InetAddress[] addr = new InetAddress[] {
   InetAddress.getLoopbackAddress(),
   InetAddress.getByName("::1")   // THIS IS NEEDED for clients
to be able to connect to ::1
 };
 for (final InetAddress address : addr) {
ServerSocket server = new ServerSocket(23456, 10, address);
server.setReuseAddress(true);
System.out.println("Accepting at " + address);
Thread t = new Thread(() -> {
   try {
  while (true) {
 final Socket accepted = server.accept();
 System.out.println("Accepted connection from: " +
accepted);
 try (OutputStream outputStream =
accepted.getOutputStream()) {

outputStream.write("Blah".getBytes(StandardCharsets.UTF_8));
 }
  }
   } catch (IOException e) {
  e.printStackTrace();
   }
});
t.start();
 }
 System.in.read();
  }
   }

   public static class Client {
  public static void main(String[] args) throws IOException {
 int portNumber = 23456;
 String[] hostNames = new String[] {
   "localhost",
   "127.0.0.1",
   "::1"
 };

 for (final String hostname : hostNames) {
InetAddress addr = InetAddress.getByName(hostname);
try (
   Socket echoSocket = new Socket(addr, portNumber);
   BufferedReader in =
 new BufferedReader(
   new
InputStreamReader(echoSocket.getInputStream()));
) {
   System.out.println(hostname + ": Read: " + in.readLine());
}
 }
  }
   }
}

I'll be glad if someone shows me a trick to bind on all loopback interfaces
with one ServerSocket!

Martin


>
>
> Tomcat 9.0.16 - default config
> 
> netstat -ano | findstr 8009
>   TCP0.0.0.0:8009   0.0.0.0:0  LISTENING
>  19832
>   TCP[::]:8009  [::]:0 LISTENING
>  19832
>
> Tomcat 9.0.31 - note that address attribute is removed... in the standard
> config it is set to "::1".
>  secret="seckey" />
&g

Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Piyush,

On 3/9/20 15:34, Piyush Kumar Nayak wrote:
> There appears to be a change in the behavior of AJP connector in
Tomcat, with respect to the protocol stack of the loopback address it
binds to.
> With older versions it binds to both IPv6 and IPv4 interface, but
with 9.0.31 it appears to bind to IPv4 only, if the address attribute
is removed from the connector config
>
> Tomcat 9.0.16 - default config  protocol="AJP/1.3" redirectPort="8443" /> netstat -ano | findstr
> 8009 TCP0.0.0.0:8009   0.0.0.0:0
> LISTENING
   19832
> TCP[::]:8009  [::]:0 LISTENING
   19832
>
> Tomcat 9.0.31 - note that address attribute is removed... in the
standard config it is set to "::1".
> 
> netstat -ano | findstr 8009 TCP127.0.0.1:8009 0.0.0.0:0
> LISTENING
   8964
>
> Even if the default is used it listens to IPv6 only  protocol="AJP/1.3" address="::1" port="8009"
redirectPort="8443" secret="seckey" />
> TCP[::1]:8009 [::]:0 LISTENING
 3880
>
> As per the docs, the default for ipv6v6only attribute is false.
Should it not listen to both the protocol stacks.

The old default was "no address specified" and so Java would generally
bind to all interfaces.

The new default is "localhost", so it may be sensitive to the
name-resolution that your system performs when you ask it for the
interface for "localhost". If it gives only an IPv4 address, you'll
get IPv4. If only IPv6, then only IPv6. If both, then probably both.
Actually, maybe not. I don't think you can bind to two interfaces at
the same time, unless those interfaces are the "all interfaces"
metainterface.

- -chris

> -Original Message- From: Piyush Kumar Nayak
>  Sent: Saturday, March 7, 2020 5:29 PM
> To: Tomcat Users List  Subject: RE: bind
> Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31
>
> Chris, In both the cases, ISAPI and mod_jk, the hostname is set to
> "localhost" Tomcat and webserver are on the same host machine.
>
>
> -Original Message- From: Christopher Schultz
>  Sent: Friday, March 6, 2020 8:20 PM
> To: users@tomcat.apache.org Subject: Re: bind Tomcat to IPv4 and
> IPv6 loopback, Tomcat 9.0.31
>
> Piyush,
>
> On 3/5/20 14:40, Piyush Kumar Nayak wrote:
>> Thanks Mark, Two connector configs works. Any ideas, on why the
>> behavior if different for ISAPI and mod_jk modules?
>
> What do your configurations look like for each module?
>
> -chris
>
>> -Original Message- From: Mark H. Wood 
>> Sent: Thursday, March 5, 2020 10:28 PM To:
>> users@tomcat.apache.org Subject: Re: bind Tomcat to IPv4 and IPv6
>> loopback, Tomcat 9.0.31
>
>> On Thu, Mar 05, 2020 at 01:52:57PM +, Piyush Kumar Nayak
>> wrote:
>>> Is there a way to get Tomcat's AJP connector to bind to both
>>> IPv4 and IPv6 loopback addresses.
>>>
>>> By default, it seems that Tomcat binds to IPv4 loopback Default
>>>  connector config : >> redirectPort="8447" packetSize="65535" secret="xxx"
>>> tomcatAuthentication="false"/>
>>>
>>> netstat -ano | findstr 8014 TCP 127.0.0.1:8014 0.0.0.0:0
>>> LISTENING 8616 TCP 127.0.0.1:8014 127.0.0.1:57510 ESTABLISHED
>>> 8616 TCP 127.0.0.1:57510 127.0.0.1:8014 ESTABLISHED 11800
>>>
>>> Introducing the address attribute like so  : >> protocol="AJP/1.3" address="::1" port="8014"
>>> redirectPort="8447" packetSize="65535" secret="xxx"
>>> tomcatAuthentication="false"/> binds it to IPv6 loopback TCP
>>> [::1]:8014 [::]:0 LISTENING 8616 TCP [::1]:8014 [::1]:57522
>>> ESTABLISHED 8616 TCP [::1]:57522 [::1]:8014 ESTABLISHED 6564
>>>
>>> Is there a way to make it bind to both the loopbacks. The
>>> problem we are facing is our Tomcat installations can have
>>> connector configured with IIS or Apache HTTPD. Apache
>>> connector, by default seems to make a socket connection using
>>> the address ::1 (IPv6 loop back address), whereas IIS connector
>>> tries to bind to the IPv4 loopback.
>
>> Two things I would try:
>
>> 1.  Two connectors, one with address='::1' and the other with
>> address='127.0.0.1', both with port='8014'.
>
>> 2.  Configure the other end explicitly:  tell HTTPD and IIS which
>>  address to use, and then configure your AJP Connector to match.
>
>> -- Mark H. Wood Lead Technology Analyst
>
>> University L

RE: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[Piyush Kumar Nayak]

There appears to be a change in the behavior of AJP connector in Tomcat, with 
respect to the protocol stack of the loopback address it binds to.
With older versions it binds to both IPv6 and IPv4 interface, but with 9.0.31 
it appears to bind to IPv4 only, if the address attribute is removed from the 
connector config

Tomcat 9.0.16 - default config

netstat -ano | findstr 8009
  TCP0.0.0.0:8009   0.0.0.0:0  LISTENING   19832
  TCP[::]:8009  [::]:0 LISTENING   19832
  
Tomcat 9.0.31 - note that address attribute is removed... in the standard 
config it is set to "::1". 

netstat -ano | findstr 8009
  TCP127.0.0.1:8009 0.0.0.0:0  LISTENING   8964

Even if the default is used it listens to IPv6 only
 
TCP[::1]:8009 [::]:0 LISTENING   3880

As per the docs, the default for ipv6v6only attribute is false. Should it not 
listen to both the protocol stacks.

-Piyush.

-Original Message-
From: Piyush Kumar Nayak  
Sent: Saturday, March 7, 2020 5:29 PM
To: Tomcat Users List 
Subject: RE: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

Chris,
In both the cases, ISAPI and mod_jk, the hostname is set to "localhost"
Tomcat and webserver are on the same host machine.


-Original Message-
From: Christopher Schultz 
Sent: Friday, March 6, 2020 8:20 PM
To: users@tomcat.apache.org
Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Piyush,

On 3/5/20 14:40, Piyush Kumar Nayak wrote:
> Thanks Mark, Two connector configs works. Any ideas, on why the 
> behavior if different for ISAPI and mod_jk modules?

What do your configurations look like for each module?

- -chris

> -Original Message- From: Mark H. Wood 
> Sent: Thursday, March 5, 2020 10:28 PM To: users@tomcat.apache.org
> Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31
>
> On Thu, Mar 05, 2020 at 01:52:57PM +, Piyush Kumar Nayak
> wrote:
>> Is there a way to get Tomcat's AJP connector to bind to both IPv4 and
>> IPv6 loopback addresses.
>>
>> By default, it seems that Tomcat binds to IPv4 loopback Default 
>> connector config : > redirectPort="8447" packetSize="65535" secret="xxx"
>> tomcatAuthentication="false"/>
>>
>> netstat -ano | findstr 8014 TCP 127.0.0.1:8014 0.0.0.0:0 LISTENING
>> 8616 TCP 127.0.0.1:8014 127.0.0.1:57510 ESTABLISHED
>> 8616 TCP 127.0.0.1:57510 127.0.0.1:8014 ESTABLISHED 11800
>>
>> Introducing the address attribute like so  : > protocol="AJP/1.3" address="::1" port="8014" redirectPort="8447"
>> packetSize="65535" secret="xxx" tomcatAuthentication="false"/> binds 
>> it to IPv6 loopback TCP [::1]:8014 [::]:0 LISTENING 8616 TCP
>> [::1]:8014 [::1]:57522 ESTABLISHED 8616 TCP [::1]:57522
>> [::1]:8014 ESTABLISHED 6564
>>
>> Is there a way to make it bind to both the loopbacks. The problem we 
>> are facing is our Tomcat installations can have connector configured 
>> with IIS or Apache HTTPD. Apache connector, by default seems to make 
>> a socket connection using the address ::1 (IPv6 loop back address), 
>> whereas IIS connector tries to bind to the
>> IPv4 loopback.
>
> Two things I would try:
>
> 1.  Two connectors, one with address='::1' and the other with 
> address='127.0.0.1', both with port='8014'.
>
> 2.  Configure the other end explicitly:  tell HTTPD and IIS which 
> address to use, and then configure your AJP Connector to match.
>
> -- Mark H. Wood Lead Technology Analyst
>
> University Library Indiana University - Purdue University Indianapolis
> 755 W. Michigan Street Indianapolis, IN 46202
> 317-274-0749 www.ulib.iupui.edu
>
> -
>
>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5iYv0ACgkQHPApP6U8
pFj1zQ//ad7HvYwxxRINeF0UFw2bA1cIOcvJ2E5tFqDvdEtu52RIkQQaqNF2cMlA
VCE3M2HZFL2WvazAAVWFpzt3pIU0fe7BPAJneNF850maFHQ+05Agh3MKd/2VUjhe
5rad1JeNqRlXAAmPCEqOCewxj2z9+yEyNu/x2hHlEpFVdSpeTjGQbhiAEBL50qjk
FICEtw9QrCXw9JHCtPC5XBcbbkoUboejbeTdKz6n31djkwFpLigISgEds8haF7Kl
E7jx46/rqXxOUyRR9JFzWjGUC5Aim51WDn+gJruUhkd/CLAUcIHbbG6G3J7FKQGp
kYah8/sBCjCxuHVQtzmj6CopuYr+EkLNTe9GZyLnVDlQCv5GGSmwlsNSehRMEVbC
rDjoRbbaG/tDjtO9dao8w1Okae91DobzwdpM1XIKIuYgUuU83f+bz4P0KfCfeVzH
OH/YEmSFChynlYU31dd7HJTqdJUOVT2kTK3qncon2PEDHBoyEC+/F1wTFb16WlG9
XCG31UqhxGXxJ5p8Z5ts4jga

RE: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[Piyush Kumar Nayak]

Chris,
In both the cases, ISAPI and mod_jk, the hostname is set to "localhost"
Tomcat and webserver are on the same host machine.


-Original Message-
From: Christopher Schultz  
Sent: Friday, March 6, 2020 8:20 PM
To: users@tomcat.apache.org
Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Piyush,

On 3/5/20 14:40, Piyush Kumar Nayak wrote:
> Thanks Mark, Two connector configs works. Any ideas, on why the 
> behavior if different for ISAPI and mod_jk modules?

What do your configurations look like for each module?

- -chris

> -Original Message- From: Mark H. Wood 
> Sent: Thursday, March 5, 2020 10:28 PM To: users@tomcat.apache.org
> Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31
>
> On Thu, Mar 05, 2020 at 01:52:57PM +, Piyush Kumar Nayak
> wrote:
>> Is there a way to get Tomcat's AJP connector to bind to both IPv4 and 
>> IPv6 loopback addresses.
>>
>> By default, it seems that Tomcat binds to IPv4 loopback Default 
>> connector config : > redirectPort="8447" packetSize="65535" secret="xxx"
>> tomcatAuthentication="false"/>
>>
>> netstat -ano | findstr 8014 TCP 127.0.0.1:8014 0.0.0.0:0 LISTENING 
>> 8616 TCP 127.0.0.1:8014 127.0.0.1:57510 ESTABLISHED
>> 8616 TCP 127.0.0.1:57510 127.0.0.1:8014 ESTABLISHED 11800
>>
>> Introducing the address attribute like so  : > protocol="AJP/1.3" address="::1" port="8014" redirectPort="8447"
>> packetSize="65535" secret="xxx" tomcatAuthentication="false"/> binds 
>> it to IPv6 loopback TCP [::1]:8014 [::]:0 LISTENING 8616 TCP 
>> [::1]:8014 [::1]:57522 ESTABLISHED 8616 TCP [::1]:57522
>> [::1]:8014 ESTABLISHED 6564
>>
>> Is there a way to make it bind to both the loopbacks. The problem we 
>> are facing is our Tomcat installations can have connector configured 
>> with IIS or Apache HTTPD. Apache connector, by default seems to make 
>> a socket connection using the address ::1 (IPv6 loop back address), 
>> whereas IIS connector tries to bind to the
>> IPv4 loopback.
>
> Two things I would try:
>
> 1.  Two connectors, one with address='::1' and the other with 
> address='127.0.0.1', both with port='8014'.
>
> 2.  Configure the other end explicitly:  tell HTTPD and IIS which 
> address to use, and then configure your AJP Connector to match.
>
> -- Mark H. Wood Lead Technology Analyst
>
> University Library Indiana University - Purdue University Indianapolis 
> 755 W. Michigan Street Indianapolis, IN 46202
> 317-274-0749 www.ulib.iupui.edu
>
> -
>
>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5iYv0ACgkQHPApP6U8
pFj1zQ//ad7HvYwxxRINeF0UFw2bA1cIOcvJ2E5tFqDvdEtu52RIkQQaqNF2cMlA
VCE3M2HZFL2WvazAAVWFpzt3pIU0fe7BPAJneNF850maFHQ+05Agh3MKd/2VUjhe
5rad1JeNqRlXAAmPCEqOCewxj2z9+yEyNu/x2hHlEpFVdSpeTjGQbhiAEBL50qjk
FICEtw9QrCXw9JHCtPC5XBcbbkoUboejbeTdKz6n31djkwFpLigISgEds8haF7Kl
E7jx46/rqXxOUyRR9JFzWjGUC5Aim51WDn+gJruUhkd/CLAUcIHbbG6G3J7FKQGp
kYah8/sBCjCxuHVQtzmj6CopuYr+EkLNTe9GZyLnVDlQCv5GGSmwlsNSehRMEVbC
rDjoRbbaG/tDjtO9dao8w1Okae91DobzwdpM1XIKIuYgUuU83f+bz4P0KfCfeVzH
OH/YEmSFChynlYU31dd7HJTqdJUOVT2kTK3qncon2PEDHBoyEC+/F1wTFb16WlG9
XCG31UqhxGXxJ5p8Z5ts4jgaTRgNEMJQk19MCKfQcF6TAE8zXrOIRaTArB5eh1Ch
QgvUU2MFAYIoAup+5vQtaX52+9YM2CMPFy6IMdikNFCsy1O/2K11H7vf+K18xsmm
TOYf6up+AfAkcPTlzKfBhY0zjInVuYRZpM+oXqZm6oAC/TNH2G8=
=/AOd
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Piyush,

On 3/5/20 14:40, Piyush Kumar Nayak wrote:
> Thanks Mark, Two connector configs works. Any ideas, on why the
> behavior if different for ISAPI and mod_jk modules?

What do your configurations look like for each module?

- -chris

> -Original Message- From: Mark H. Wood 
> Sent: Thursday, March 5, 2020 10:28 PM To: users@tomcat.apache.org
> Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31
>
> On Thu, Mar 05, 2020 at 01:52:57PM +, Piyush Kumar Nayak
> wrote:
>> Is there a way to get Tomcat's AJP connector to bind to both IPv4
>> and IPv6 loopback addresses.
>>
>> By default, it seems that Tomcat binds to IPv4 loopback Default
>> connector config : > redirectPort="8447" packetSize="65535" secret="xxx"
>> tomcatAuthentication="false"/>
>>
>> netstat -ano | findstr 8014 TCP 127.0.0.1:8014 0.0.0.0:0
>> LISTENING 8616 TCP 127.0.0.1:8014 127.0.0.1:57510 ESTABLISHED
>> 8616 TCP 127.0.0.1:57510 127.0.0.1:8014 ESTABLISHED 11800
>>
>> Introducing the address attribute like so  : > protocol="AJP/1.3" address="::1" port="8014" redirectPort="8447"
>> packetSize="65535" secret="xxx" tomcatAuthentication="false"/>
>> binds it to IPv6 loopback TCP [::1]:8014 [::]:0 LISTENING 8616
>> TCP [::1]:8014 [::1]:57522 ESTABLISHED 8616 TCP [::1]:57522
>> [::1]:8014 ESTABLISHED 6564
>>
>> Is there a way to make it bind to both the loopbacks. The problem
>> we are facing is our Tomcat installations can have connector
>> configured with IIS or Apache HTTPD. Apache connector, by default
>> seems to make a socket connection using the address ::1 (IPv6
>> loop back address), whereas IIS connector tries to bind to the
>> IPv4 loopback.
>
> Two things I would try:
>
> 1.  Two connectors, one with address='::1' and the other with
> address='127.0.0.1', both with port='8014'.
>
> 2.  Configure the other end explicitly:  tell HTTPD and IIS which
> address to use, and then configure your AJP Connector to match.
>
> -- Mark H. Wood Lead Technology Analyst
>
> University Library Indiana University - Purdue University
> Indianapolis 755 W. Michigan Street Indianapolis, IN 46202
> 317-274-0749 www.ulib.iupui.edu
>
> -
>
>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5iYv0ACgkQHPApP6U8
pFj1zQ//ad7HvYwxxRINeF0UFw2bA1cIOcvJ2E5tFqDvdEtu52RIkQQaqNF2cMlA
VCE3M2HZFL2WvazAAVWFpzt3pIU0fe7BPAJneNF850maFHQ+05Agh3MKd/2VUjhe
5rad1JeNqRlXAAmPCEqOCewxj2z9+yEyNu/x2hHlEpFVdSpeTjGQbhiAEBL50qjk
FICEtw9QrCXw9JHCtPC5XBcbbkoUboejbeTdKz6n31djkwFpLigISgEds8haF7Kl
E7jx46/rqXxOUyRR9JFzWjGUC5Aim51WDn+gJruUhkd/CLAUcIHbbG6G3J7FKQGp
kYah8/sBCjCxuHVQtzmj6CopuYr+EkLNTe9GZyLnVDlQCv5GGSmwlsNSehRMEVbC
rDjoRbbaG/tDjtO9dao8w1Okae91DobzwdpM1XIKIuYgUuU83f+bz4P0KfCfeVzH
OH/YEmSFChynlYU31dd7HJTqdJUOVT2kTK3qncon2PEDHBoyEC+/F1wTFb16WlG9
XCG31UqhxGXxJ5p8Z5ts4jgaTRgNEMJQk19MCKfQcF6TAE8zXrOIRaTArB5eh1Ch
QgvUU2MFAYIoAup+5vQtaX52+9YM2CMPFy6IMdikNFCsy1O/2K11H7vf+K18xsmm
TOYf6up+AfAkcPTlzKfBhY0zjInVuYRZpM+oXqZm6oAC/TNH2G8=
=/AOd
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[Piyush Kumar Nayak]

Thanks Mark,
Two connector configs works.
Any ideas, on why the behavior if different for ISAPI and mod_jk modules?


-Original Message-
From: Mark H. Wood  
Sent: Thursday, March 5, 2020 10:28 PM
To: users@tomcat.apache.org
Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

On Thu, Mar 05, 2020 at 01:52:57PM +, Piyush Kumar Nayak wrote:
> Is there a way to get Tomcat's AJP connector to bind to both IPv4 and IPv6 
> loopback addresses.
> 
> By default, it seems that Tomcat binds to IPv4 loopback Default 
> connector config :
>  packetSize="65535" secret="xxx" tomcatAuthentication="false"/>
> 
> netstat -ano | findstr 8014
> TCP 127.0.0.1:8014 0.0.0.0:0 LISTENING 8616 TCP 127.0.0.1:8014 
> 127.0.0.1:57510 ESTABLISHED 8616 TCP 127.0.0.1:57510 127.0.0.1:8014 
> ESTABLISHED 11800
> 
> Introducing the address attribute like so  :
>  redirectPort="8447" packetSize="65535" secret="xxx" 
> tomcatAuthentication="false"/> binds it to IPv6 loopback TCP 
> [::1]:8014 [::]:0 LISTENING 8616 TCP [::1]:8014 [::1]:57522 
> ESTABLISHED 8616 TCP [::1]:57522 [::1]:8014 ESTABLISHED 6564
> 
> Is there a way to make it bind to both the loopbacks. The problem we are 
> facing is our Tomcat installations can have connector configured with IIS or 
> Apache HTTPD.
> Apache connector, by default seems to make a socket connection using the 
> address ::1 (IPv6 loop back address), whereas IIS connector tries to bind to 
> the IPv4 loopback.

Two things I would try:

1.  Two connectors, one with address='::1' and the other with
address='127.0.0.1', both with port='8014'.

2.  Configure the other end explicitly:  tell HTTPD and IIS which
address to use, and then configure your AJP Connector to match.

--
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[Mark H. Wood]

On Thu, Mar 05, 2020 at 01:52:57PM +, Piyush Kumar Nayak wrote:
> Is there a way to get Tomcat's AJP connector to bind to both IPv4 and IPv6 
> loopback addresses.
> 
> By default, it seems that Tomcat binds to IPv4 loopback
> Default connector config :
>  packetSize="65535" secret="xxx" tomcatAuthentication="false"/>
> 
> netstat -ano | findstr 8014
> TCP 127.0.0.1:8014 0.0.0.0:0 LISTENING 8616
> TCP 127.0.0.1:8014 127.0.0.1:57510 ESTABLISHED 8616
> TCP 127.0.0.1:57510 127.0.0.1:8014 ESTABLISHED 11800
> 
> Introducing the address attribute like so  :
>  packetSize="65535" secret="xxx" tomcatAuthentication="false"/>
> binds it to IPv6 loopback
> TCP [::1]:8014 [::]:0 LISTENING 8616
> TCP [::1]:8014 [::1]:57522 ESTABLISHED 8616
> TCP [::1]:57522 [::1]:8014 ESTABLISHED 6564
> 
> Is there a way to make it bind to both the loopbacks. The problem we are 
> facing is our Tomcat installations can have connector configured with IIS or 
> Apache HTTPD.
> Apache connector, by default seems to make a socket connection using the 
> address ::1 (IPv6 loop back address), whereas IIS connector tries to bind to 
> the IPv4 loopback.

Two things I would try:

1.  Two connectors, one with address='::1' and the other with
address='127.0.0.1', both with port='8014'.

2.  Configure the other end explicitly:  tell HTTPD and IIS which
address to use, and then configure your AJP Connector to match.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: PGP signature

Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[Martin Grigorov]

Hi,

Check this thread:
https://lists.apache.org/thread.html/r1f83f0c731a8737fdf4dad13ae402acd2fdc1ab1a86605af5b496a5f%40%3Cusers.tomcat.apache.org%3E


On Thu, Mar 5, 2020 at 3:53 PM Piyush Kumar Nayak 
wrote:

>
> Is there a way to get Tomcat's AJP connector to bind to both IPv4 and IPv6
> loopback addresses.
>
> By default, it seems that Tomcat binds to IPv4 loopback
> Default connector config :
>  packetSize="65535" secret="xxx" tomcatAuthentication="false"/>
>
> netstat -ano | findstr 8014
> TCP 127.0.0.1:8014 0.0.0.0:0 LISTENING 8616
> TCP 127.0.0.1:8014 127.0.0.1:57510 ESTABLISHED 8616
> TCP 127.0.0.1:57510 127.0.0.1:8014 ESTABLISHED 11800
>
> Introducing the address attribute like so  :
>  redirectPort="8447" packetSize="65535" secret="xxx"
> tomcatAuthentication="false"/>
> binds it to IPv6 loopback
> TCP [::1]:8014 [::]:0 LISTENING 8616
> TCP [::1]:8014 [::1]:57522 ESTABLISHED 8616
> TCP [::1]:57522 [::1]:8014 ESTABLISHED 6564
>
> Is there a way to make it bind to both the loopbacks. The problem we are
> facing is our Tomcat installations can have connector configured with IIS
> or Apache HTTPD.
> Apache connector, by default seems to make a socket connection using the
> address ::1 (IPv6 loop back address), whereas IIS connector tries to bind
> to the IPv4 loopback.
>
> Thanks,
> Piyush.
>

bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31

[Piyush Kumar Nayak]

Is there a way to get Tomcat's AJP connector to bind to both IPv4 and IPv6 
loopback addresses.

By default, it seems that Tomcat binds to IPv4 loopback
Default connector config :


netstat -ano | findstr 8014
TCP 127.0.0.1:8014 0.0.0.0:0 LISTENING 8616
TCP 127.0.0.1:8014 127.0.0.1:57510 ESTABLISHED 8616
TCP 127.0.0.1:57510 127.0.0.1:8014 ESTABLISHED 11800

Introducing the address attribute like so  :

binds it to IPv6 loopback
TCP [::1]:8014 [::]:0 LISTENING 8616
TCP [::1]:8014 [::1]:57522 ESTABLISHED 8616
TCP [::1]:57522 [::1]:8014 ESTABLISHED 6564

Is there a way to make it bind to both the loopbacks. The problem we are facing 
is our Tomcat installations can have connector configured with IIS or Apache 
HTTPD.
Apache connector, by default seems to make a socket connection using the 
address ::1 (IPv6 loop back address), whereas IIS connector tries to bind to 
the IPv4 loopback.

Thanks,
Piyush.

Re: SSL and IPv6 when using address to set a specific IP

[Rick Trudeau]

On Mon, Mar 5, 2018 at 10:35 AM, Mark Thomas <ma...@apache.org> wrote:
> On 05/03/18 15:00, Mark Thomas wrote:
>> On 05/03/18 02:02, Rick Trudeau wrote:
>>> Hi,
>>> I'm having some problems using SSL on my connector when binding it to
>>> a specific IPv6 address.
>>> I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12.
>
> 
>
>>> 05-Mar-2018 01:11:11.724 WARNING [main]
>>> org.apache.tomcat.util.net.AbstractEndpoint.registerJmx Unable to
>>> generate a valid JMX object name for the SSLHostConfig associated
>>> withhost [_default_]
>>>  javax.management.MalformedObjectNameException: Invalid character ':'
>>> in value part of property
>
> 
>
>>> Has anyone had any success binding to a specific IPv6 literal address
>>> when using SSL?
>>
>> Ah. That looks like a bug generating the MBean name from the address
>> attribute. Let me take a look.
>
> The good news is that that error shouldn't stop the TLS connector
> working although it won't be exposed via JMX.
>
> I've fixed this but unfortunately the next set of releases were tagged
> this morning so the fix won't be available until 9.0.7 / 8.5.30 which -
> unless the current releases fail for some reason - most likely won't be
> available until early next month.
>
> Mark
>


Well that's certainly a quick turnaround!
Thanks for you help with this Mark, we'll keep our eyes open for 8.5.30.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL and IPv6 when using address to set a specific IP

[Mark Thomas]

On 05/03/18 15:00, Mark Thomas wrote:
> On 05/03/18 02:02, Rick Trudeau wrote:
>> Hi,
>> I'm having some problems using SSL on my connector when binding it to
>> a specific IPv6 address.
>> I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12.



>> 05-Mar-2018 01:11:11.724 WARNING [main]
>> org.apache.tomcat.util.net.AbstractEndpoint.registerJmx Unable to
>> generate a valid JMX object name for the SSLHostConfig associated
>> withhost [_default_]
>>  javax.management.MalformedObjectNameException: Invalid character ':'
>> in value part of property



>> Has anyone had any success binding to a specific IPv6 literal address
>> when using SSL?
> 
> Ah. That looks like a bug generating the MBean name from the address
> attribute. Let me take a look.

The good news is that that error shouldn't stop the TLS connector
working although it won't be exposed via JMX.

I've fixed this but unfortunately the next set of releases were tagged
this morning so the fix won't be available until 9.0.7 / 8.5.30 which -
unless the current releases fail for some reason - most likely won't be
available until early next month.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL and IPv6 when using address to set a specific IP

[Mark Thomas]

On 05/03/18 02:02, Rick Trudeau wrote:
> Hi,
> I'm having some problems using SSL on my connector when binding it to
> a specific IPv6 address.
> I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12.
> 
> My connector config looks like this:
> maxThreads="150"
>scheme="https"
>secure="true"
>SSLEnabled="true"
>keystoreFile="/opt/keystore/keystore"
>keystorePass="secret"
>clientAuth="false"
>keyAlias="myAlias"
>sslProtocol="TLS"
>address="fe80::a00:27ff:fe13:ca0d"/>
> 
> catalina.out shows this exception immediately after startup.  I think
> it indicates there are some parsing errors when parsing the IPv6
> address.
> 
> 05-Mar-2018 01:11:11.141 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-jsse-nio-fe80:0:0:0:a00:27ff:fe13:ca0d-8443"]
> 05-Mar-2018 01:11:11.709 INFO
> [main]org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector
> Using a shared selector for servlet write/read
> 05-Mar-2018 01:11:11.724 WARNING [main]
> org.apache.tomcat.util.net.AbstractEndpoint.registerJmx Unable to
> generate a valid JMX object name for the SSLHostConfig associated
> withhost [_default_]
>  javax.management.MalformedObjectNameException: Invalid character ':'
> in value part of property
> at javax.management.ObjectName.construct(ObjectName.java:618)
> at javax.management.ObjectName.(ObjectName.java:1382)
> at 
> org.apache.tomcat.util.net.AbstractEndpoint.registerJmx(AbstractEndpoint.java:1105)
> at 
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1095)
> at 
> org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
> at 
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
> at 
> org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at 
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at 
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
>     at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
> 
> If I remove address attribute to allow binding on all interfaces,
> things are good.  But my use case, however, requires binding to a
> specific IPv6 address.
> Since these SSL attributes are deprecated from what I've read, I've
> also tried moving the SSL configs to the newer SSLHostConfig block,
> but the same error remains.
> 
> Has anyone had any success binding to a specific IPv6 literal address
> when using SSL?

Ah. That looks like a bug generating the MBean name from the address
attribute. Let me take a look.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

SSL and IPv6 when using address to set a specific IP

[Rick Trudeau]

Hi,
I'm having some problems using SSL on my connector when binding it to
a specific IPv6 address.
I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12.

My connector config looks like this:


catalina.out shows this exception immediately after startup.  I think
it indicates there are some parsing errors when parsing the IPv6
address.

05-Mar-2018 01:11:11.141 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-jsse-nio-fe80:0:0:0:a00:27ff:fe13:ca0d-8443"]
05-Mar-2018 01:11:11.709 INFO
[main]org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector
Using a shared selector for servlet write/read
05-Mar-2018 01:11:11.724 WARNING [main]
org.apache.tomcat.util.net.AbstractEndpoint.registerJmx Unable to
generate a valid JMX object name for the SSLHostConfig associated
withhost [_default_]
 javax.management.MalformedObjectNameException: Invalid character ':'
in value part of property
at javax.management.ObjectName.construct(ObjectName.java:618)
at javax.management.ObjectName.(ObjectName.java:1382)
at 
org.apache.tomcat.util.net.AbstractEndpoint.registerJmx(AbstractEndpoint.java:1105)
at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1095)
at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
at 
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)

If I remove address attribute to allow binding on all interfaces,
things are good.  But my use case, however, requires binding to a
specific IPv6 address.
Since these SSL attributes are deprecated from what I've read, I've
also tried moving the SSL configs to the newer SSLHostConfig block,
but the same error remains.

Has anyone had any success binding to a specific IPv6 literal address
when using SSL?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

IPV6

[Vivek Shende]

Hello

I am having below query for tomcat 8.5.15 version. Please help.

I am using tomcat 8.5.15 and my network is supporting both ipv4 and ipv6
address stacks. However, I want tomcat to listen to only ipv6 address (not
ipv4).

I was trying to find the solution on google and reached to tomcat's manual
- http://library.bec.ac.in/docs/config/http.html. On this page, the address
attribute description says --->

For servers with more than one IP address, this attribute specifies which
address will be used for listening on the specified port. By default, the
connector will listen all local addresses. Unless the JVM is configured
otherwise using system properties, the Java based connectors (NIO, NIO2)
will listen on both IPv4 and IPv6 addresses when configured with either
0.0.0.0 or ::. The APR/native connector will only listen on IPv4 addresses
if configured with 0.0.0.0 and will listen on IPv6 addresses (and
optionally IPv4 addresses depending on the setting of ipv6onlyv6) if
configured with ::.

According to above description, with the use of ipv6onlyv6, tomcat will
listen only on ipv6 address,  I tried below combination --

**

Above combination worked flawlessly in windows machine. but when I am using
the combination in linux suse, it's not working. This combination is not
blocking ipv4 address stack, in linux suse. Tomcat is listening to both
ipv6 and ipv4 address stacks.

Below is linux system details (via uname -a) --

Linux ip-10-1-29-39.ec2.internal 3.12.49-1-default #1 SMP Fri Dec 11
11:36:56 UTC 2015 (6571a4b) x86_64 x86_64 x86_64 GNU/Linux

Re: tomcat7 installs to connect to ipv6:::8080 on Ubuntu 14.04

[Christopher Schultz]

Christoph,

On 2/22/16 10:56 AM, Christoph P.U. Kukulies wrote:
> Being at the problem again since I would like to run haproxy against
> tomcat7.
> 
> Here are my connectors:
>   proxyName="test.mydomain.org" maxThreads="150" enableLookups="false"
>  redirectPort="8443" acceptCount="100" connectionTimeout="2"
>  disableUploadTimeout="true" address="0.0.0.0" />
>   proxyName="www.foobar.de" maxThreads="150" enableLookups="false"
>  redirectPort="8443" acceptCount="100" connectionTimeout="2"
>  disableUploadTimeout="true" address="0.0.0.0" />
>   proxyName="www.mydomain.org" maxThreads="150" enableLookups="false"
>  redirectPort="8443" acceptCount="100" connectionTimeout="2"
>  disableUploadTimeout="true" address="0.0.0.0" />
>   proxyName="www.other.org" maxThreads="150" enableLookups="false"
>  redirectPort="8443" acceptCount="100" connectionTimeout="2"
>  disableUploadTimeout="true" address="0.0.0.0" />
>   proxyName="www.foobaz.de" maxThreads="150" enableLookups="false"
>  redirectPort="8443" acceptCount="100" connectionTimeout="2"
>  disableUploadTimeout="true" address="0.0.0.0" />
>   proxyName="msg.foobaz.org" maxThreads="150" enableLookups="false"
>  redirectPort="8443" acceptCount="100" connectionTimeout="2"
>  disableUploadTimeout="true" address="0.0.0.0" />
> 
> 
> I added the address entry on each connector to no avail:
> 
> # netstat -an
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address   Foreign Address State
> tcp0  0 0.0.0.0:21 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:22 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:25 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:36762 0.0.0.0:*   LISTEN
> tcp0  0 127.0.0.1:6 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:2049 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:993 0.0.0.0:*   LISTEN
> tcp0  0 127.0.0.1:10024 0.0.0.0:*   LISTEN
> tcp0  0 127.0.0.1:10025 0.0.0.0:*   LISTEN
> tcp0  0 127.0.0.1:3306 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:587 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:48397 0.0.0.0:*   LISTEN
> tcp0  0 127.0.0.1:783 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:143 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:111 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:53264 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:80 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:41584 0.0.0.0:*   LISTEN
> tcp0  0 0.0.0.0:38836 0.0.0.0:*   LISTEN
> tcp0  0 127.0.0.1:3306 127.0.0.1:39401 ESTABLISHED
> tcp0  0 79.80.81.82:993 73.74.75.76:4849   ESTABLISHED
> tcp0  0 79.80.81.82:993 73.74.75.76:4867   ESTABLISHED
> tcp0  0 79.80.81.82:22 73.74.75.76:4491   ESTABLISHED
> tcp0  0 79.80.81.82:993 73.74.75.76:4870   ESTABLISHED
> tcp0  0 79.80.81.82:993 73.74.75.76:4854   ESTABLISHED
> tcp0  0 79.80.81.82:993 73.74.75.76:4873   ESTABLISHED
> tcp0  0 79.80.81.82:993 73.74.75.76:4869   ESTABLISHED
> tcp0  0 79.80.81.82:993 73.74.75.76:4868   ESTABLISHED
> tcp6   0  0 :::8085 :::*LISTEN
> tcp6   0  0 :::8086 :::*LISTEN
> tcp6   0  0 :::22 :::*LISTEN
> tcp6   0  0 :::25 :::*LISTEN
> tcp6   0  0 :::44001 :::*LISTEN
> tcp6   0  0 :::2049 :::*LISTEN
> tcp6   0  0 :::993 :::*LISTEN
> tcp6   0  0 127.0.0.1:8005 :::*LISTEN
> tcp6   0  0 :::42696 :::*LISTEN
> tcp6   0  0 :::59018 :::*LISTEN
> tcp6   0  0 :::587 :::*LISTEN
> tcp6   0  0 :::57999 :::*LISTEN
> tcp6   0  0 :::143 :::*

Re: tomcat7 installs to connect to ipv6:::8080 on Ubuntu 14.04

[Christoph P.U. Kukulies]

Being at the problem again since I would like to run haproxy against 
tomcat7.


Here are my connectors:








I added the address entry on each connector to no avail:

# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address   Foreign Address State
tcp0  0 0.0.0.0:21 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:22 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:25 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:36762 0.0.0.0:*   LISTEN
tcp0  0 127.0.0.1:6 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:2049 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:993 0.0.0.0:*   LISTEN
tcp0  0 127.0.0.1:10024 0.0.0.0:*   LISTEN
tcp0  0 127.0.0.1:10025 0.0.0.0:*   LISTEN
tcp0  0 127.0.0.1:3306 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:587 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:48397 0.0.0.0:*   LISTEN
tcp0  0 127.0.0.1:783 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:143 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:111 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:53264 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:80 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:41584 0.0.0.0:*   LISTEN
tcp0  0 0.0.0.0:38836 0.0.0.0:*   LISTEN
tcp0  0 127.0.0.1:3306 127.0.0.1:39401 ESTABLISHED
tcp0  0 79.80.81.82:993 73.74.75.76:4849   ESTABLISHED
tcp0  0 79.80.81.82:993 73.74.75.76:4867   ESTABLISHED
tcp0  0 79.80.81.82:22 73.74.75.76:4491   ESTABLISHED
tcp0  0 79.80.81.82:993 73.74.75.76:4870   ESTABLISHED
tcp0  0 79.80.81.82:993 73.74.75.76:4854   ESTABLISHED
tcp0  0 79.80.81.82:993 73.74.75.76:4873   ESTABLISHED
tcp0  0 79.80.81.82:993 73.74.75.76:4869   ESTABLISHED
tcp0  0 79.80.81.82:993 73.74.75.76:4868   ESTABLISHED
tcp6   0  0 :::8085 :::*LISTEN
tcp6   0  0 :::8086 :::*LISTEN
tcp6   0  0 :::22 :::*LISTEN
tcp6   0  0 :::25 :::*LISTEN
tcp6   0  0 :::44001 :::*LISTEN
tcp6   0  0 :::2049 :::*LISTEN
tcp6   0  0 :::993 :::*LISTEN
tcp6   0  0 127.0.0.1:8005 :::*LISTEN
tcp6   0  0 :::42696 :::*LISTEN
tcp6   0  0 :::59018 :::*LISTEN
tcp6   0  0 :::587 :::*LISTEN
tcp6   0  0 :::57999 :::*LISTEN
tcp6   0  0 :::143 :::*LISTEN
tcp6   0  0 :::111 :::*LISTEN
tcp6   0  0 :::8080 :::*LISTEN
tcp6   0  0 :::8081 :::*LISTEN
tcp6   0  0 :::8082 :::*LISTEN
tcp6   0  0 :::8083 :::*LISTEN
tcp6   0  0 :::51795 :::*LISTEN
tcp6   0  0 127.0.0.1:39401 127.0.0.1:3306  ESTABLISHED

--
Christoph

Am 01.12.2015 um 20:12 schrieb Christopher Schultz:

Christoph,

On 12/1/15 12:49 PM, Christoph P.U. Kukulies wrote:

it is (was) in server.xml: (I now only have tomcat listening on port
8009 proxy_ajp)



I then did a
service tomcat7 restart
netstat -an | grep 8080


and saw tcp6 still listed and no tcp

Now it look like this: (after enabling ipv6 in sysctl.conf again):

tcp0  0 127.0.0.1:49393 127.0.0.1:8009  ESTABLISHED
tcp0  0 127.0.0.1:49395 127.0.0.1:8009  ESTABLISHED
tcp6   0  0 :::8009 :::*LISTEN
tcp6   0  0 127.0.0.1:8009 127.0.0.1:49395 ESTABLISHED
tcp6   0  0 127.0.0.1:8009 127.0.0.1:49393 ESTABLISHED

No port :8080 in that list.

-chris




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat7 installs to connect to ipv6:::8080 on Ubuntu 14.04

[Christoph P.U. Kukulies]

Hi Chris,

it is (was) in server.xml: (I now only have tomcat listening on port 
8009 proxy_ajp)





I then did a
service tomcat7 restart
netstat -an | grep 8080


and saw tcp6 still listed and no tcp

Now it look like this: (after enabling ipv6 in sysctl.conf again):

tcp0  0 127.0.0.1:49393 127.0.0.1:8009  ESTABLISHED
tcp0  0 127.0.0.1:49395 127.0.0.1:8009  ESTABLISHED
tcp6   0  0 :::8009 :::*LISTEN
tcp6   0  0 127.0.0.1:8009 127.0.0.1:49395 ESTABLISHED
tcp6   0  0 127.0.0.1:8009 127.0.0.1:49393 ESTABLISHED



Am 30.11.2015 um 19:01 schrieb Christopher Schultz:

Christoph,

On 11/30/15 8:20 AM, Christoph P.U. Kukulies wrote:

Am 30.11.2015 um 12:12 schrieb Mark Thomas:

On 30/11/2015 10:51, Christoph P.U. Kukulies wrote:

I installed tomcat7 (apt-get) on an Ubuntu 14.04.3 LTS machine and found
it being installed as listening
to

tcp6  00 :::8080 :::* LISTEN

How can I turn that to

tcp0  0 0.0.0.0:80800.0.0.0:* LISTEN


Do I have to disable ipv6 in Ubuntu first or can I switch that by
tweaking some config file or so?

Try setting the address attribute of the connector to "0.0.0.0"

Mark


You mean in server.xml: in the   section address="0.0.0.0" ?
Doesn't seem to work.

I finally got rid of it by adding the lines

|net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 =
1 net.ipv6.conf.lo.disable_ipv6 = 1 to /etc/sysctl.conf and rebooted
Ubuntu. |

You should not have to disable IPv6 across the whole machine in order to
bind to the IPv4 interface.

Post your address="0.0.0.0" configuration. How did you verify the
behavior after the change?

Did you also try CATALINA_OPTS="-Djava.net.preferIPv4Stack=true"?


No, did not try this but will do so.
Cheers,

Christoph



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat7 installs to connect to ipv6:::8080 on Ubuntu 14.04

[Christopher Schultz]

Christoph,

On 12/1/15 12:49 PM, Christoph P.U. Kukulies wrote:
> it is (was) in server.xml: (I now only have tomcat listening on port
> 8009 proxy_ajp)
> 
> connectionTimeout="2"
>URIEncoding="UTF-8"
>address="0.0.0.0" redirectPort="8443" />
> 
> I then did a
> service tomcat7 restart
> netstat -an | grep 8080
> 
> 
> and saw tcp6 still listed and no tcp
> 
> Now it look like this: (after enabling ipv6 in sysctl.conf again):
> 
> tcp0  0 127.0.0.1:49393 127.0.0.1:8009  ESTABLISHED
> tcp0  0 127.0.0.1:49395 127.0.0.1:8009  ESTABLISHED
> tcp6   0  0 :::8009 :::*LISTEN
> tcp6   0  0 127.0.0.1:8009 127.0.0.1:49395 ESTABLISHED
> tcp6   0  0 127.0.0.1:8009 127.0.0.1:49393 ESTABLISHED

No port :8080 in that list.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat7 installs to connect to ipv6:::8080 on Ubuntu 14.04

[Christopher Schultz]

Christoph,

On 11/30/15 8:20 AM, Christoph P.U. Kukulies wrote:
> Am 30.11.2015 um 12:12 schrieb Mark Thomas:
>> On 30/11/2015 10:51, Christoph P.U. Kukulies wrote:
>>> I installed tomcat7 (apt-get) on an Ubuntu 14.04.3 LTS machine and found
>>> it being installed as listening
>>> to
>>>
>>> tcp6  00 :::8080 :::* LISTEN
>>>
>>> How can I turn that to
>>>
>>> tcp    0  0 0.0.0.0:80800.0.0.0:* LISTEN
>>>
>>>
>>> Do I have to disable ipv6 in Ubuntu first or can I switch that by
>>> tweaking some config file or so?
>> Try setting the address attribute of the connector to "0.0.0.0"
>>
>> Mark
>>
> You mean in server.xml: in the   section address="0.0.0.0" ?
> Doesn't seem to work.
> 
> I finally got rid of it by adding the lines
> 
> |net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 =
> 1 net.ipv6.conf.lo.disable_ipv6 = 1 to /etc/sysctl.conf and rebooted
> Ubuntu. |

You should not have to disable IPv6 across the whole machine in order to
bind to the IPv4 interface.

Post your address="0.0.0.0" configuration. How did you verify the
behavior after the change?

Did you also try CATALINA_OPTS="-Djava.net.preferIPv4Stack=true"?

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

tomcat7 installs to connect to ipv6:::8080 on Ubuntu 14.04

[Christoph P.U. Kukulies]

I installed tomcat7 (apt-get) on an Ubuntu 14.04.3 LTS machine and found 
it being installed as listening

to

tcp6  00 :::8080 :::* LISTEN

How can I turn that to

tcp0  0 0.0.0.0:80800.0.0.0:* LISTEN


Do I have to disable ipv6 in Ubuntu first or can I switch that by 
tweaking some config file or so?


--
Christoph Kukulies


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat7 installs to connect to ipv6:::8080 on Ubuntu 14.04

[Mark Thomas]

On 30/11/2015 10:51, Christoph P.U. Kukulies wrote:
> I installed tomcat7 (apt-get) on an Ubuntu 14.04.3 LTS machine and found
> it being installed as listening
> to
> 
> tcp6  00 :::8080 :::* LISTEN
> 
> How can I turn that to
> 
> tcp0  0 0.0.0.0:80800.0.0.0:* LISTEN
> 
> 
> Do I have to disable ipv6 in Ubuntu first or can I switch that by
> tweaking some config file or so?

Try setting the address attribute of the connector to "0.0.0.0"

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat7 installs to connect to ipv6:::8080 on Ubuntu 14.04

[Christoph P.U. Kukulies]

Am 30.11.2015 um 12:12 schrieb Mark Thomas:

On 30/11/2015 10:51, Christoph P.U. Kukulies wrote:

I installed tomcat7 (apt-get) on an Ubuntu 14.04.3 LTS machine and found
it being installed as listening
to

tcp6  00 :::8080 :::* LISTEN

How can I turn that to

tcp0  0 0.0.0.0:80800.0.0.0:* LISTEN


Do I have to disable ipv6 in Ubuntu first or can I switch that by
tweaking some config file or so?

Try setting the address attribute of the connector to "0.0.0.0"

Mark


You mean in server.xml: in the   section address="0.0.0.0" ?
Doesn't seem to work.

I finally got rid of it by adding the lines

|net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 
1 net.ipv6.conf.lo.disable_ipv6 = 1 to /etc/sysctl.conf and rebooted 
Ubuntu. |



--
Christoph



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

I can not set Hostname property to IPv6 address using JK Status Manager

[Hiroto Shimizu]

Hi

I use mod_jk 1.2.40, httpd-2.2.15-29.el6.centos.x86_64.
In web browser Firefox, I set Hostname property to IPv6
address(2001:c0a8::1) using JK Status Manager, But error occured.

Is there a solution to the problem?

-mod_jk.log
[Thu Jun 12 11:09:13.029 2014] [4233:140197382711040] [info]
commit_member::jk_status.c (3369): Status worker 'jkstatus' setting 'host'
for sub worker 'ajp13w' to '2001%3Ac0a8%3A%3A1'
[Thu Jun 12 11:09:13.029 2014] [4233:140197382711040] [error]
commit_member::jk_status.c (3384): Status worker 'jkstatus' failed
resolving address '2001%3Ac0a8%3A%3A1:8009' for sub worker 'ajp13w'.
-

Re: I can not set Hostname property to IPv6 address using JK Status Manager

[Konstantin Kolinko]

2014-06-12 13:34 GMT+04:00 Hiroto Shimizu shimizuhiroto...@gmail.com:
 Hi

 I use mod_jk 1.2.40, httpd-2.2.15-29.el6.centos.x86_64.
 In web browser Firefox, I set Hostname property to IPv6
 address(2001:c0a8::1) using JK Status Manager, But error occured.

 Is there a solution to the problem?

 -mod_jk.log
 [Thu Jun 12 11:09:13.029 2014] [4233:140197382711040] [info]
 commit_member::jk_status.c (3369): Status worker 'jkstatus' setting 'host'
 for sub worker 'ajp13w' to '2001%3Ac0a8%3A%3A1'
 [Thu Jun 12 11:09:13.029 2014] [4233:140197382711040] [error]
 commit_member::jk_status.c (3384): Status worker 'jkstatus' failed
 resolving address '2001%3Ac0a8%3A%3A1:8009' for sub worker 'ajp13w'.
 -

Please create an issue in Bugzilla. It would be better to include a
step-by-step recipe to reproduce the issue.

There were some fixes to jk_resolve, but in your case the problem is
that url-encoded parameter value (2001%3Ac0a8%3A%3A1) is passed as
is to the jk_resolve method.

Looking at the code, jk_status.c has its own HTTP query parameters
parsing (status_parse_uri() in native/common/jk_status.c), implemented
by splitting the query string.
The url-decoding of parameters is not performed. There is a comment
that it had been planned, but has not been implemented yet.

/* XXX Depending on the params values, we might need to trim and decode */


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I can not set Hostname property to IPv6 address using JK Status Manager

[Hiroto Shimizu]

Konstantin

Thank you for your reply.
I created an issue in Bugzilla.

https://issues.apache.org/bugzilla/show_bug.cgi?id=56618

 The url-decoding of parameters is not performed. There is a comment
 that it had been planned, but has not been implemented yet.

  /* XXX Depending on the params values, we might need to trim and decode
*/
Thank you for telling me about the problem.


2014-06-12 19:02 GMT+09:00 Konstantin Kolinko knst.koli...@gmail.com:

 2014-06-12 13:34 GMT+04:00 Hiroto Shimizu shimizuhiroto...@gmail.com:
  Hi
 
  I use mod_jk 1.2.40, httpd-2.2.15-29.el6.centos.x86_64.
  In web browser Firefox, I set Hostname property to IPv6
  address(2001:c0a8::1) using JK Status Manager, But error occured.
 
  Is there a solution to the problem?
 
  -mod_jk.log
  [Thu Jun 12 11:09:13.029 2014] [4233:140197382711040] [info]
  commit_member::jk_status.c (3369): Status worker 'jkstatus' setting
 'host'
  for sub worker 'ajp13w' to '2001%3Ac0a8%3A%3A1'
  [Thu Jun 12 11:09:13.029 2014] [4233:140197382711040] [error]
  commit_member::jk_status.c (3384): Status worker 'jkstatus' failed
  resolving address '2001%3Ac0a8%3A%3A1:8009' for sub worker 'ajp13w'.
  -

 Please create an issue in Bugzilla. It would be better to include a
 step-by-step recipe to reproduce the issue.

 There were some fixes to jk_resolve, but in your case the problem is
 that url-encoded parameter value (2001%3Ac0a8%3A%3A1) is passed as
 is to the jk_resolve method.

 Looking at the code, jk_status.c has its own HTTP query parameters
 parsing (status_parse_uri() in native/common/jk_status.c), implemented
 by splitting the query string.
 The url-decoding of parameters is not performed. There is a comment
 that it had been planned, but has not been implemented yet.

 /* XXX Depending on the params values, we might need to trim and decode */


 Best regards,
 Konstantin Kolinko

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat ipv6

[olivier giorgi]

Hello to all,

How to configure Tomcat in ipv6 ?

What are the corresponding changes to be done in server.xml ?
 
Is there a specific JVM argument ?
 
Thanks in advance.
Best regards Olivier.

Re: Tomcat ipv6

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Olivier,

Please do not hijack threads by replying to an existing message on the
list. Instead, start a completely new message with the desired subject.

- -chris

On 8/9/13 2:46 PM, olivier giorgi wrote:
 Hello to all,
 
 How to configure Tomcat in ipv6 ?
 
 What are the corresponding changes to be done in server.xml ?
 
 Is there a specific JVM argument ?
 
 Thanks in advance. Best regards Olivier.
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSBUqVAAoJEBzwKT+lPKRYMVoQAJUwhCsW84lxm1CvWdD5nkOe
X4yiAsj/R0ZEiD/mDZ9OvGHXqD38fOHbdZXlliwvj5m6M+/csQ8rw7sKhon0shK3
nUVfiXSnfgwhGihu/G3JVnNba67FlFlceDWCgRnwxbPtIIIWE0Wt3AMgwmM1Cskm
CfF49M59XHp7wKpEUUUyhqrwGUoRd2fJeONZ7vtwpl4CktH8WOwJMXRmco4CVP2f
s6vRUA+SwEl0SQnin0TbJY/PQpjh/1d5UARPMI/rKN8aECc00IVflG6f354u++Cj
uRYoOwsf3u6Vkssv6nFHXWH9mzfEPsiYGacbqFY+HqT8AXlYVHXi4Kq6mxQURETz
iG3QoX7y/E6d/t2LbNR3kUnJrSbIR83DUaGoUVS2FmRhOq2DkT3JtueezuMAFiXq
K4ww6Lt/HkJ9XRs9Pk4lxT1z4Ve6bP0/42KfhiDHoCjEKvhp2pT2VCulSvBmWbOi
OgCrA1Em8UIQX2gyVXmUKZJSl3JfQ6++YBL/p0wW3nIPIb3iHSE5TsIBqTsTWYeL
2B9hv8ncprlbi0MMykJ82iCflruWmiY5sbRuhMO5qKBaBtDVBSFDMAG6kVaVTZPZ
7gpYrkx+QD4+K6NDz3DAIRKZLE+B0x6T/edHN4tzewPL4ZCjcvjFFgBPZ6DG3g31
AfzCSmYGujYN9R1zB5lY
=7eI6
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Do you know how to configure Tomcat in ipv6 ?

[olivier giorgi]

Hello to all,
 
Please, could you help me about the following subject:
 
How to configure Tomcat in ipv6 ?
 
Thanks in advance.
Best regards Olivier.

RE: Do you know how to configure Tomcat in ipv6 ?

[Gilles Badouet]

In order to do what?

Your question is too generic!!





Kind regards





Gilles Rubens Badouet

Student ID: 3940347

Faculty of Engineering and Computing

MSc Network Computing Course

Mobile: 07424486426


From: olivier giorgi olivier_gio...@yahoo.fr
Sent: 01 August 2013 17:17
To: users@tomcat.apache.org
Subject: Do you know how to configure Tomcat in ipv6 ?

Hello to all,

Please, could you help me about the following subject:

How to configure Tomcat in ipv6 ?

Thanks in advance.
Best regards Olivier.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Do you know how to configure Tomcat in ipv6 ?

[Jeffrey Janner]

 -Original Message-
 From: olivier giorgi [mailto:olivier_gio...@yahoo.fr]
 Sent: Thursday, August 01, 2013 11:17 AM
 To: users@tomcat.apache.org
 Subject: Do you know how to configure Tomcat in ipv6 ?
 
 Hello to all,
 
 Please, could you help me about the following subject:
 
 How to configure Tomcat in ipv6 ?
 
 Thanks in advance.
 Best regards Olivier.

Start here: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 7.0.035 and IPv6 environment

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Geet,

On 3/28/13 1:32 AM, Geett Chanddra Singha wrote:
 Thanks Konstantin Kolinko!
 
 It will be great help for me if you could provide steps to
 configure the same or documents, where in I could get configuration
 steps.

Well, you could search the archives... that's what they are there for.
Or, you could read the online documentation:

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Standard_Implementation

Look at the address attribute. On many systems, a single interface
has both IPv4 and IPv6 addresses, so you may or may not be able to do
this:

Connector address=0.0.0.0 port=8080 /
Connector address=:: port=8080 /

I'm not sure if Tomcat interprets the address value prior to handing
it off to APR... if so, you may have to use 0:0:0:0:0:0:0:0 for your
IPv6 address because IIRC Tomcat/JVM does not understand IPv6 shorthand.

Anyhow, if the above doesn't work (because port 8080 can only be bound
once per interface), you'll need to do something like this:

Connector address=0.0.0.0 port=8080 /
Connector address=:: port=8081 /!-- note the different port --

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJRVEMCAAoJEBzwKT+lPKRYJDUQAJ+cHan9+A0geZFCgnBLQwkO
WisvbujMEgerX5D8dRLciTgeUaiMPDYFi9fMVRRMkNKIgZ1TGlzKI6YcpO4swmRL
p0NeyD6AdvmnhsJSGSo/3BwnN0TR6mih1vFHElVXY2ffDZFldvUcwvS9Fb+b+U4O
oBYuGki2xr+IwLE6+WBdmdq4cSQECfVGeJ5t5aSqwgcfs55LsrhMap5dmhp/FUFs
9jcXaNeAQ19MM1yZ7fD8UQLZg0j8KexmEYzhQq4oTJg0DqS42KgNMRi5St0z4aly
JWj16//VvSbbCAqYy733jxc6l/T74KRKzrqUcUS142TdjdmVTUEQ2M+qRmORcwhW
2Dlx0sl/5008LC9tEI4GHrCImjBMh98grbDnQ+J+n5YnAEImk84MK1JUm0z7kWYJ
fhlofW1fWW7ofgRmlPK0qTl8FNWmQ0ngK36mrlwR9inHDZ2ss5CgEB/xezmskWBp
L9E9vJSmWwrd9bCowpnR4Q49XFJybxA7s6d1NjR5ko/I3cuYpkdvSnh5Y4np7eOA
k4l2IYS5IBsYoNJw3zwSh9gyXwK7FJEP2lk1zSH/fMjn/VGz0MtSyXAtjUcjQPDQ
2JArjThILt3E3Z0ddJfrKshFglXkUfnuT7UsMUjMwaZoFy24R6RKtsEqxjW59Fay
Aa97kkFAYQZV1LAZ4Qeq
=/thP
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Apache Tomcat 7.0.035 and IPv6 environment

[Geett Chanddra Singha]

Hi All,

I have a web application hosted on Apache Tomcat Version 7.0.035.
We are trying to make the web application run IPv6 environment.

Environment Details
Windows 2008 server machine, 64-bit OS
Java version: JRE 1.7.x

The home page of web application is not accessible using the IPv6 address.
The connectivity to windows server machine goes though IPv6 address.

Here is the Tomcat startup log details:

Mar 28, 2013 10:21:47 AM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR
version 1.4
.6.
Mar 28, 2013 10:21:47 AM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], ra
ndom [true].
Mar 28, 2013 10:21:48 AM org.apache.catalina.core.AprLifecycleListener
initializ
eSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1c 10 May 2012)
Mar 28, 2013 10:21:49 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [http-apr-9080]
Mar 28, 2013 10:21:49 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [ajp-apr-8009]
Mar 28, 2013 10:21:49 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 3117 ms
Mar 28, 2013 10:21:49 AM org.apache.catalina.core.StandardService
startInternal
INFO: Starting service Catalina
Mar 28, 2013 10:21:49 AM org.apache.catalina.core.StandardEngine
startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.35
Mar 28, 2013 10:21:49 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory
C:\Users\Administrator\Desktop\apache-
tomcat-7.0.35\webapps\docs
Mar 28, 2013 10:21:50 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory
C:\Users\Administrator\Desktop\apache-
tomcat-7.0.35\webapps\examples
Mar 28, 2013 10:21:51 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory
C:\Users\Administrator\Desktop\apache-
tomcat-7.0.35\webapps\host-manager
Mar 28, 2013 10:21:51 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory
C:\Users\Administrator\Desktop\apache-
tomcat-7.0.35\webapps\manager
Mar 28, 2013 10:21:51 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory
C:\Users\Administrator\Desktop\apache-
tomcat-7.0.35\webapps\ROOT
Mar 28, 2013 10:21:51 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler [http-apr-9080]
Mar 28, 2013 10:21:51 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler [ajp-apr-8009]
Mar 28, 2013 10:21:51 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2536 ms

Please help me to get solution for this.

-- 
Thanks  Regards
Geett Chanddra Singha

Re: Apache Tomcat 7.0.035 and IPv6 environment

[Konstantin Kolinko]

2013/3/28 Geett Chanddra Singha gee...@gmail.com:
 Hi All,

 I have a web application hosted on Apache Tomcat Version 7.0.035.
 We are trying to make the web application run IPv6 environment.

 Environment Details
 Windows 2008 server machine, 64-bit OS
 Java version: JRE 1.7.x

 The home page of web application is not accessible using the IPv6 address.
 The connectivity to windows server machine goes though IPv6 address.

 Here is the Tomcat startup log details:

 Mar 28, 2013 10:21:47 AM org.apache.catalina.core.AprLifecycleListener init
 INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR
 version 1.4
 .6.

APR connector cannot listen on both IPv4 and IPv6 addresses at the same time.
You have to choose one (with address attribute).

If you need both IPv4 and IPv6, configure 2 connectors.

It has been discussed previously. Search the archives.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 7.0.035 and IPv6 environment

[Geett Chanddra Singha]

Thanks Konstantin Kolinko!

It will be great help for me if you could provide steps to configure the
same or documents, where in I could get configuration steps.

On Thu, Mar 28, 2013 at 10:56 AM, Konstantin Kolinko knst.koli...@gmail.com
 wrote:

 2013/3/28 Geett Chanddra Singha gee...@gmail.com:
  Hi All,
 
  I have a web application hosted on Apache Tomcat Version 7.0.035.
  We are trying to make the web application run IPv6 environment.
 
  Environment Details
  Windows 2008 server machine, 64-bit OS
  Java version: JRE 1.7.x
 
  The home page of web application is not accessible using the IPv6
 address.
  The connectivity to windows server machine goes though IPv6 address.
 
  Here is the Tomcat startup log details:
 
  Mar 28, 2013 10:21:47 AM org.apache.catalina.core.AprLifecycleListener
 init
  INFO: Loaded APR based Apache Tomcat Native library 1.1.24 using APR
  version 1.4
  .6.

 APR connector cannot listen on both IPv4 and IPv6 addresses at the same
 time.
 You have to choose one (with address attribute).

 If you need both IPv4 and IPv6, configure 2 connectors.

 It has been discussed previously. Search the archives.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 
Thanks  Regards
Geett Chanddra Singha

Re: Issue in IPv6 evironment

[André Warnier]

Geett Chanddra Singha wrote:

Hi All,

I would like to know is that is it ok to add this as shown below

protocol=org.apache.coyote.http11.Http11Protocol

in

Connector port=8080 maxHttpHeaderSize=8192 *
maxThreads=150 minSpareThreads=25 maxSpareThreads=75
enableLookups=false  acceptCount=100 connectionTimeout=2
disableUploadTimeout=true /



As there are certainly differences in the tag attributes between different versions of 
Tomcat, it would be a good idea to mention

- what version of Tomcat (x.y.z) you are using
- under what version of Java
- under what platform O.S.

This is by the way a good practice in general for *any* question to the list, as it 
usually saves time for everyone.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Issue in IPv6 evironment

[Geett Chanddra Singha]

Hi,

- what version of Tomcat (x.y.z) you are using
  - *Tomcat Version 6.0.035*

- under what version of Java
  - *Java version 1.6.033*
*
*
- under what platform O.S.
 - *Windows and Linux*

Regards,
Geett

On Wed, Mar 6, 2013 at 3:56 PM, André Warnier a...@ice-sa.com wrote:

 Geett Chanddra Singha wrote:

 Hi All,

 I would like to know is that is it ok to add this as shown below

 protocol=org.apache.coyote.**http11.Http11Protocol

 in

 Connector port=8080 maxHttpHeaderSize=8192 *
 maxThreads=150 minSpareThreads=25 maxSpareThreads=75
 enableLookups=false  acceptCount=100 connectionTimeout=2
 disableUploadTimeout=true /


 As there are certainly differences in the tag attributes between
 different versions of Tomcat, it would be a good idea to mention
 - what version of Tomcat (x.y.z) you are using
 - under what version of Java
 - under what platform O.S.

 This is by the way a good practice in general for *any* question to the
 list, as it usually saves time for everyone.



 --**--**-
 To unsubscribe, e-mail: 
 users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 
Thanks  Regards
Geett Chanddra Singha

Re: Issue in IPv6 evironment

[Ognjen Blagojevic]

Geett,

On 6.3.2013 11:37, Geett Chanddra Singha wrote:

- what version of Tomcat (x.y.z) you are using
   - *Tomcat Version 6.0.035*

- under what version of Java
   - *Java version 1.6.033*
*
*
- under what platform O.S.
  - *Windows and Linux*



1. Did I understand correctly:

- You are able to access your Tomcat server using HTTPS over IPv6.

- If you do not add protocol attribute to your HTTP connector, you are 
unable to access Tomcat server using HTTP.


- After you add protocol attribute everything works as expected.

Right? What about IPv4? Do you use it? Is it similar situation when you 
use IPv4 (works only when you add protocol attribute)? Are you sure 
that IPv6 protocol is being used? Do you access your server using 
hostname or IP address?



2. Your access to HTTP might be blocked due to:

a. Wrong URL (you must use port 8080)

b. Network/OS firewall (port 8080 is blocked) -- check with telnet 
server.example.com 8080, does it work? Repeat the same using IPv6 
address, does it work?


c. Tomcat not starting on port 8080 -- check log files for entry 'INFO: 
Initializing ProtocolHandler [http-bio-8080]', are there any errors? 
If log files look OK, and they have no errors, also check access log. Do 
you see entry for requested URL there? What does it look like?


-Ognjen

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Issue in IPv6 evironment

[Geett Chanddra Singha]

Thanks Ognjen!

1. Did I understand correctly:

- You are able to access your Tomcat server using HTTPS over IPv6.

- If you do not add protocol attribute to your HTTP connector, you are
unable to access Tomcat server using HTTP.

- After you add protocol attribute everything works as expected.

Right? What about IPv4? Do you use it? Is it similar situation when you use
IPv4 (works only when you add protocol attribute)? Are you sure that IPv6
protocol is being used? Do you access your server using hostname or IP
address?


Your are right, the same change works for IPv4 environment (i.e. RHEL)


2. Your access to HTTP might be blocked due to:

a. Wrong URL (you must use port 8080)

b. Network/OS firewall (port 8080 is blocked) -- check with telnet
server.example.com 8080, does it work? Repeat the same using IPv6 address,
does it work?

c. Tomcat not starting on port 8080 -- check log files for entry 'INFO:
Initializing ProtocolHandler [http-bio-8080]', are there any errors? If
log files look OK, and they have no errors, also check access log. Do you
see entry for requested URL there? What does it look like?
---
Since , the same change works for IPv4 environment (i.e. RHEL), we don't
have issues mentioned.

So I would like to know whether the change can be incorporated to
server.xml, if not please let me know solution/workaround.

Regards,
Geett

On Wed, Mar 6, 2013 at 4:42 PM, Ognjen Blagojevic 
ognjen.d.blagoje...@gmail.com wrote:

 Geett,


 On 6.3.2013 11:37, Geett Chanddra Singha wrote:

 - what version of Tomcat (x.y.z) you are using
- *Tomcat Version 6.0.035*


 - under what version of Java
- *Java version 1.6.033*
 *

 *
 - under what platform O.S.
   - *Windows and Linux*



 1. Did I understand correctly:

 - You are able to access your Tomcat server using HTTPS over IPv6.

 - If you do not add protocol attribute to your HTTP connector, you are
 unable to access Tomcat server using HTTP.

 - After you add protocol attribute everything works as expected.

 Right? What about IPv4? Do you use it? Is it similar situation when you
 use IPv4 (works only when you add protocol attribute)? Are you sure that
 IPv6 protocol is being used? Do you access your server using hostname or IP
 address?


 2. Your access to HTTP might be blocked due to:

 a. Wrong URL (you must use port 8080)

 b. Network/OS firewall (port 8080 is blocked) -- check with telnet
 server.example.com 8080, does it work? Repeat the same using IPv6
 address, does it work?

 c. Tomcat not starting on port 8080 -- check log files for entry 'INFO:
 Initializing ProtocolHandler [http-bio-8080]', are there any errors? If
 log files look OK, and they have no errors, also check access log. Do you
 see entry for requested URL there? What does it look like?

 -Ognjen


 --**--**-
 To unsubscribe, e-mail: 
 users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 
Thanks  Regards
Geett Chanddra Singha

Re: Issue in IPv6 evironment

[Ognjen Blagojevic]

Geett,

On 6.3.2013 15:14, Geett Chanddra Singha wrote:

Right? What about IPv4? Do you use it? Is it similar situation when you use
IPv4 (works only when you add protocol attribute)? Are you sure that IPv6
protocol is being used? Do you access your server using hostname or IP
address?


Your are right, the same change works for IPv4 environment (i.e. RHEL)


(Sigh) So many questions, so few answers.



2. Your access to HTTP might be blocked due to:

a. Wrong URL (you must use port 8080)

b. Network/OS firewall (port 8080 is blocked) -- check with telnet
server.example.com 8080, does it work? Repeat the same using IPv6 address,
does it work?

c. Tomcat not starting on port 8080 -- check log files for entry 'INFO:
Initializing ProtocolHandler [http-bio-8080]', are there any errors? If
log files look OK, and they have no errors, also check access log. Do you
see entry for requested URL there? What does it look like?
---
Since , the same change works for IPv4 environment (i.e. RHEL), we don't
have issues mentioned.

So I would like to know whether the change can be incorporated to
server.xml, if not please let me know solution/workaround.


In order to try to find the solution for your problem, we must first 
diagnose what exactly is the problem, and why can't you access Tomcat 
when there is no protocol attribute specified in the connector.


Adding attribute protocol=org.apache.coyote.http11.Http11Protocol to 
HTTP connector would only make a difference if you have APR/native 
connector installed (perhaps faulty). Did you install it?


That is why I would like to see your Tomcat startup logs WITH and 
WITHOUT protocol attribute. We are looking for something like this:


  Mar 01, 2013 01:02:03 AM org.apache.coyote.AbstractProtocol start
  INFO: Starting ProtocolHandler [http-apr/bio-8080]

Could you please provide log contents for both cases.

-Ognjen

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Issue in IPv6 evironment

[Geett Chanddra Singha]

Thanks Ognjen! for your debugging tips.

I shall provide you information.

My apologies for not providing enough information to you.
Next time I shall come up with more information :)

On Thu, Mar 7, 2013 at 2:22 AM, Ognjen Blagojevic 
ognjen.d.blagoje...@gmail.com wrote:

 Geett,


 On 6.3.2013 15:14, Geett Chanddra Singha wrote:

 Right? What about IPv4? Do you use it? Is it similar situation when you
 use
 IPv4 (works only when you add protocol attribute)? Are you sure that
 IPv6
 protocol is being used? Do you access your server using hostname or IP
 address?
 --**--**
 --**--**
 

 Your are right, the same change works for IPv4 environment (i.e. RHEL)


 (Sigh) So many questions, so few answers.



  2. Your access to HTTP might be blocked due to:

 a. Wrong URL (you must use port 8080)

 b. Network/OS firewall (port 8080 is blocked) -- check with telnet
 server.example.com 8080, does it work? Repeat the same using IPv6
 address,
 does it work?

 c. Tomcat not starting on port 8080 -- check log files for entry 'INFO:
 Initializing ProtocolHandler [http-bio-8080]', are there any errors? If
 log files look OK, and they have no errors, also check access log. Do you
 see entry for requested URL there? What does it look like?
 --**--**
 --**--**
 --**--**
 ---
 Since , the same change works for IPv4 environment (i.e. RHEL), we don't
 have issues mentioned.

 So I would like to know whether the change can be incorporated to
 server.xml, if not please let me know solution/workaround.


 In order to try to find the solution for your problem, we must first
 diagnose what exactly is the problem, and why can't you access Tomcat when
 there is no protocol attribute specified in the connector.

 Adding attribute protocol=org.apache.coyote.**http11.Http11Protocol to
 HTTP connector would only make a difference if you have APR/native
 connector installed (perhaps faulty). Did you install it?

 That is why I would like to see your Tomcat startup logs WITH and WITHOUT
 protocol attribute. We are looking for something like this:

   Mar 01, 2013 01:02:03 AM org.apache.coyote.**AbstractProtocol start
   INFO: Starting ProtocolHandler [http-apr/bio-8080]

 Could you please provide log contents for both cases.


 -Ognjen

 --**--**-
 To unsubscribe, e-mail: 
 users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 
Thanks  Regards
Geett Chanddra Singha

Re: Issue in IPv6 evironment

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Geett,

On 3/5/13 10:45 PM, Geett Chanddra Singha wrote:
 Hi All,
 
 I am using Apache Tomcat version 6.0.035 for a web application,
 everything seems to be working fine when I access the application
 in HTTPS mode,however if I try to access in HTTP mode, I am not
 able launch home page of web application.As a workaround I made a
 small change as highlighted in red color in server.xml as given
 below:
 
 Connector port=8080 maxHttpHeaderSize=8192 * 
 protocol=org.apache.coyote.http11.Http11Protocol* 
 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 
 enableLookups=false  acceptCount=100 connectionTimeout=2
 disableUploadTimeout=true /
 
 So I would like to know is it ok add mentioned parameter to
 server.xml.

Colors, etc. are stripped by the list. Please use text-only to
indicate any diffs you want to show.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlE23OgACgkQ9CaO5/Lv0PCUgwCgj844bGdrVWNYm4OcOAxTW462
18AAn3rTkodHOIm7hKVcfvP/s2Jl9jTE
=2CVm
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Issue in IPv6 evironment

[Geett Chanddra Singha]

Chris,

Thanks for letting me know,

What I wanted to know is that is it ok to add this as shown below

protocol=org.apache.coyote.http11.Http11Protocol

in

Connector port=8080 maxHttpHeaderSize=8192 *
maxThreads=150 minSpareThreads=25 maxSpareThreads=75
enableLookups=false  acceptCount=100 connectionTimeout=2
disableUploadTimeout=true /

Regards::Geet

On Wed, Mar 6, 2013 at 11:36 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Geett,

 On 3/5/13 10:45 PM, Geett Chanddra Singha wrote:
  Hi All,
 
  I am using Apache Tomcat version 6.0.035 for a web application,
  everything seems to be working fine when I access the application
  in HTTPS mode,however if I try to access in HTTP mode, I am not
  able launch home page of web application.As a workaround I made a
  small change as highlighted in red color in server.xml as given
  below:
 
  Connector port=8080 maxHttpHeaderSize=8192 *
  protocol=org.apache.coyote.http11.Http11Protocol*
  maxThreads=150 minSpareThreads=25 maxSpareThreads=75
  enableLookups=false  acceptCount=100 connectionTimeout=2
  disableUploadTimeout=true /
 
  So I would like to know is it ok add mentioned parameter to
  server.xml.

 Colors, etc. are stripped by the list. Please use text-only to
 indicate any diffs you want to show.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iEYEAREIAAYFAlE23OgACgkQ9CaO5/Lv0PCUgwCgj844bGdrVWNYm4OcOAxTW462
 18AAn3rTkodHOIm7hKVcfvP/s2Jl9jTE
 =2CVm
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 
Thanks  Regards
Geett Chanddra Singha

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Zorro]

Op 27-11-2012 23:56, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Harm-Jan,

On 11/27/12 3:32 PM, Zorro wrote:

Op 27-11-2012 20:00, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1

Harm-Jan,

On 11/26/12 3:16 PM, Zorro wrote:

I have now this in my server.xml: For IPv4: Connector
port=80 protocol=HTTP/1.1 connectionTimeout=2
redirectPort=8443 address=0.0.0.0 / For IPv6: Connector
port=80 protocol=HTTP/1.1 connectionTimeout=2
redirectPort=8443 address=::0 /

With this setup I can connect to port 80 over Ipv4 And IPv6 to
my Linux box.

So, a recap:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address
is specified

* APR connector binds only to IPv6 interface is IPv6 is
available, otherwise only IPv4

* Linux vs. Windows is not relevant

Do I have that all right? Or does Linux work as expected (bind to
both interfaces) and Windows does not?

Ideally, this should work everywhere:

Connector port=80 protocol=HTTP/1.1 /

... and listen on both 0.0.0.0:80 and :::80

The only configuration shown by Zorro has two connectors and says
that works on Windows.


On a Windows Vista PC I have also installed Tomcat 7.0.32 and
the Windows installation set downloaded from tomcat.apache.org
uses per default the Native Library. I have not changed
anything in the configuration yet and on that PC a telnet
127.0.0.1 80 is ok while a IPv6 telnet ::1 80 fails.

You mean using the above configuration?

So, you have 2 connectors on Windows and one of them doesn't work
at all? Please stop Tomcat, delete all log files, confirm your
(2-connector) configuration, start Tomcat, then re-post your
Connector configuration and the complete catalina.out log file,
plus versions of everything all at once.

Better yet, if you could provide a matrix of configurations that
*do* work versus *don't* work, that would be great, too. I'm
specifically interested in knowing if this is a generic APR
problem, or only APR-on-Windows. Jeffrey Janner has had problems
on Windows (which may be a win32 TCP/IP stack problem) but if it
doesn't work on Linux, either, then perhaps it really is a bug
with APR or tcnative.


Maybe its worth it to include it in the documentation of the
native library.

Maybe it's worth filing a bug report. If I can get you to
cough-up full details, it will make it much easier.

- -chris

Chris,

This is what I observed. Tomcat 7.0.32

1. Linux (Fedora 14, gcc 4.5.1, OpenJDK IcedTea6 1.9.10 java
version 1.6.0_20)

One connector for port 80 defined without the address attribute:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address
is specified * APR connector binds only to IPv6 interface if IPv6
is available, otherwise only IPv4

-

2. Windows Vista (java version 1.7.0_09)

One connector for port 80 defined without the address attribute:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address
is specified * APR connector binds only to IPv4 interface (not to
IPv6).

What about when specifying two connectors, one for IPV4 and one for IPv6?


Chris, André,

Specifying 2 Connectors in the server.xml:
For IPv4:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=0.0.0.0/

For IPv6:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=::0/


1. Linux

  * APR connector binds for IPv6 to the IPv6 Connector and for IPv4 to 
the IPv4 Connector

* NIO/BIO connector binds to the IPv4 Connector

For NIO/BIO the catalina.log shows exceptions:
SEVERE: Failed to initialize end point associated with ProtocolHandler 
[http-bio-0:0:0:0:0:0:0:0-80]

java.net.BindException: Address already in use /0:0:0:0:0:0:0:0:80
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)
...

-

2. Windows Vista

  * APR connector binds for IPv6 to the IPv6 Connector and for IPv4 to 
the IPv4 Connector

* NIO/BIO connector binds to the IPv4 Connector

For NIO/BIO the catalina.log shows exceptions:
28-nov-2012 21:45:55 org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler 
[http-bio-0:0:0:0:0:0:0:0-80]

java.net.BindException: Address already in use: JVM_Bind /0:0:0:0:0:0:0:0:80
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)
...

Regards,
Harm-Jan


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[André Warnier]

Zorro wrote:

Op 27-11-2012 23:56, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Harm-Jan,

On 11/27/12 3:32 PM, Zorro wrote:

Op 27-11-2012 20:00, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1

Harm-Jan,

On 11/26/12 3:16 PM, Zorro wrote:

I have now this in my server.xml: For IPv4: Connector
port=80 protocol=HTTP/1.1 connectionTimeout=2
redirectPort=8443 address=0.0.0.0 / For IPv6: Connector
port=80 protocol=HTTP/1.1 connectionTimeout=2
redirectPort=8443 address=::0 /

With this setup I can connect to port 80 over Ipv4 And IPv6 to
my Linux box.

So, a recap:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address
is specified

* APR connector binds only to IPv6 interface is IPv6 is
available, otherwise only IPv4

* Linux vs. Windows is not relevant

Do I have that all right? Or does Linux work as expected (bind to
both interfaces) and Windows does not?

Ideally, this should work everywhere:

Connector port=80 protocol=HTTP/1.1 /

... and listen on both 0.0.0.0:80 and :::80

The only configuration shown by Zorro has two connectors and says
that works on Windows.


On a Windows Vista PC I have also installed Tomcat 7.0.32 and
the Windows installation set downloaded from tomcat.apache.org
uses per default the Native Library. I have not changed
anything in the configuration yet and on that PC a telnet
127.0.0.1 80 is ok while a IPv6 telnet ::1 80 fails.

You mean using the above configuration?

So, you have 2 connectors on Windows and one of them doesn't work
at all? Please stop Tomcat, delete all log files, confirm your
(2-connector) configuration, start Tomcat, then re-post your
Connector configuration and the complete catalina.out log file,
plus versions of everything all at once.

Better yet, if you could provide a matrix of configurations that
*do* work versus *don't* work, that would be great, too. I'm
specifically interested in knowing if this is a generic APR
problem, or only APR-on-Windows. Jeffrey Janner has had problems
on Windows (which may be a win32 TCP/IP stack problem) but if it
doesn't work on Linux, either, then perhaps it really is a bug
with APR or tcnative.


Maybe its worth it to include it in the documentation of the
native library.

Maybe it's worth filing a bug report. If I can get you to
cough-up full details, it will make it much easier.

- -chris

Chris,

This is what I observed. Tomcat 7.0.32

1. Linux (Fedora 14, gcc 4.5.1, OpenJDK IcedTea6 1.9.10 java
version 1.6.0_20)

One connector for port 80 defined without the address attribute:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address
is specified * APR connector binds only to IPv6 interface if IPv6
is available, otherwise only IPv4

-

2. Windows Vista (java version 1.7.0_09)

One connector for port 80 defined without the address attribute:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address
is specified * APR connector binds only to IPv4 interface (not to
IPv6).

What about when specifying two connectors, one for IPV4 and one for IPv6?


Chris, André,

Specifying 2 Connectors in the server.xml:
For IPv4:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=0.0.0.0/

For IPv6:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=::0/


1. Linux

  * APR connector binds for IPv6 to the IPv6 Connector and for IPv4 to 
the IPv4 Connector

* NIO/BIO connector binds to the IPv4 Connector

For NIO/BIO the catalina.log shows exceptions:
SEVERE: Failed to initialize end point associated with ProtocolHandler 
[http-bio-0:0:0:0:0:0:0:0-80]

java.net.BindException: Address already in use /0:0:0:0:0:0:0:0:80
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)
...

-

2. Windows Vista

  * APR connector binds for IPv6 to the IPv6 Connector and for IPv4 to 
the IPv4 Connector

* NIO/BIO connector binds to the IPv4 Connector

For NIO/BIO the catalina.log shows exceptions:
28-nov-2012 21:45:55 org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler 
[http-bio-0:0:0:0:0:0:0:0-80]
java.net.BindException: Address already in use: JVM_Bind 
/0:0:0:0:0:0:0:0:80

at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)
...

Maybe I am interpreting this wrong, but in my view this confirms what I was trying to 
explain before (and again, I am no expert but I go by what I found by Googling).
It goes a bit along these lines (and sorry if I'm mixing up things a bit, I have a cold, 
I'm tired and want to go to bed; but I'm sure you can correct).


- On an O.S. which has a dual-capable IP stack (meaning basically : an IP stack which is 
basically IPv6, but can handle IPv4 also) :
  - java connectors, when not specifying an address, will bind to both ::0 (IPv6) and 
0.0.0.0 (IPv4) (there is no magic there, it's the IP stack who does it).

  - java connectors, when

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

André,

On 11/26/12 3:14 PM, André Warnier wrote:
 Also, I don't know if this is really relevant here, but I seem to 
 remember a parameter or attribute somewhere named 
 preferIPv4Stack/preferIPv6Stack.

That is for configuring the Java networking stack, so I suspect it has
no effect on the APR/native networking configuration.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlC1C4YACgkQ9CaO5/Lv0PBGqQCgkLYyMUySFopTHuxDW68n61o2
hmAAoKDJ6ZoDTBYhttP5DrCa4iJzkdMv
=UzLU
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Harm-Jan,

On 11/26/12 3:16 PM, Zorro wrote:
 I have now this in my server.xml: For IPv4: Connector port=80
 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443
 address=0.0.0.0 / For IPv6: Connector port=80
 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443
 address=::0 /
 
 With this setup I can connect to port 80 over Ipv4 And IPv6 to my
 Linux box.

So, a recap:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address is
specified

* APR connector binds only to IPv6 interface is IPv6 is available,
otherwise only IPv4

* Linux vs. Windows is not relevant

Do I have that all right? Or does Linux work as expected (bind to both
interfaces) and Windows does not?

Ideally, this should work everywhere:

Connector port=80 protocol=HTTP/1.1 /

... and listen on both 0.0.0.0:80 and :::80

The only configuration shown by Zorro has two connectors and says that
works on Windows.

 On a Windows Vista PC I have also installed Tomcat 7.0.32 and the 
 Windows installation set downloaded from tomcat.apache.org uses
 per default the Native Library. I have not changed anything in the
 configuration yet and on that PC a telnet 127.0.0.1 80 is ok while
 a IPv6 telnet ::1 80 fails.

You mean using the above configuration?

So, you have 2 connectors on Windows and one of them doesn't work at
all? Please stop Tomcat, delete all log files, confirm your
(2-connector) configuration, start Tomcat, then re-post your
Connector configuration and the complete catalina.out log file, plus
versions of everything all at once.

Better yet, if you could provide a matrix of configurations that *do*
work versus *don't* work, that would be great, too. I'm specifically
interested in knowing if this is a generic APR problem, or only
APR-on-Windows. Jeffrey Janner has had problems on Windows (which may
be a win32 TCP/IP stack problem) but if it doesn't work on Linux,
either, then perhaps it really is a bug with APR or tcnative.

 Maybe its worth it to include it in the documentation of the
 native library.

Maybe it's worth filing a bug report. If I can get you to cough-up
full details, it will make it much easier.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlC1DdMACgkQ9CaO5/Lv0PB7/QCfVuX1sz1f8TWFRFf0amCTTkAz
HCAAn1sWzO1daDKAemV3b2zI2YAemboE
=n8bC
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Zorro]

Op 27-11-2012 20:00, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Harm-Jan,

On 11/26/12 3:16 PM, Zorro wrote:

I have now this in my server.xml: For IPv4: Connector port=80
protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443
address=0.0.0.0 / For IPv6: Connector port=80
protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443
address=::0 /

With this setup I can connect to port 80 over Ipv4 And IPv6 to my
Linux box.

So, a recap:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address is
specified

* APR connector binds only to IPv6 interface is IPv6 is available,
otherwise only IPv4

* Linux vs. Windows is not relevant

Do I have that all right? Or does Linux work as expected (bind to both
interfaces) and Windows does not?

Ideally, this should work everywhere:

Connector port=80 protocol=HTTP/1.1 /

... and listen on both 0.0.0.0:80 and :::80

The only configuration shown by Zorro has two connectors and says that
works on Windows.


On a Windows Vista PC I have also installed Tomcat 7.0.32 and the
Windows installation set downloaded from tomcat.apache.org uses
per default the Native Library. I have not changed anything in the
configuration yet and on that PC a telnet 127.0.0.1 80 is ok while
a IPv6 telnet ::1 80 fails.

You mean using the above configuration?

So, you have 2 connectors on Windows and one of them doesn't work at
all? Please stop Tomcat, delete all log files, confirm your
(2-connector) configuration, start Tomcat, then re-post your
Connector configuration and the complete catalina.out log file, plus
versions of everything all at once.

Better yet, if you could provide a matrix of configurations that *do*
work versus *don't* work, that would be great, too. I'm specifically
interested in knowing if this is a generic APR problem, or only
APR-on-Windows. Jeffrey Janner has had problems on Windows (which may
be a win32 TCP/IP stack problem) but if it doesn't work on Linux,
either, then perhaps it really is a bug with APR or tcnative.


Maybe its worth it to include it in the documentation of the
native library.

Maybe it's worth filing a bug report. If I can get you to cough-up
full details, it will make it much easier.

- -chris


Chris,

This is what I observed.
Tomcat 7.0.32

1. Linux (Fedora 14, gcc 4.5.1, OpenJDK IcedTea6 1.9.10 java version 
1.6.0_20)


One connector for port 80 defined without the address attribute:

 * NIO/BIO connector binds to both IPv4 and IPv6 when no address is 
specified
 * APR connector binds only to IPv6 interface if IPv6 is available, 
otherwise only IPv4


-

2. Windows Vista (java version 1.7.0_09)

One connector for port 80 defined without the address attribute:

 * NIO/BIO connector binds to both IPv4 and IPv6 when no address is 
specified

 * APR connector binds only to IPv4 interface (not to IPv6).


Regards,
Harm-Jan


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Jeffrey Janner]

 -Original Message-
 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Sent: Tuesday, November 27, 2012 1:01 PM
 To: Tomcat Users List
 Subject: Re: Using the Tomcat Native Library can only connect over ipv6
 But not over ipv4
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Harm-Jan,
 
 On 11/26/12 3:16 PM, Zorro wrote:
  I have now this in my server.xml: For IPv4: Connector port=80
  protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443
  address=0.0.0.0 / For IPv6: Connector port=80
  protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443
  address=::0 /
 
  With this setup I can connect to port 80 over Ipv4 And IPv6 to my
  Linux box.
 
 So, a recap:
 
 * NIO/BIO connector binds to both IPv4 and IPv6 when no address is
 specified
 
 * APR connector binds only to IPv6 interface is IPv6 is available,
 otherwise only IPv4
 
 * Linux vs. Windows is not relevant
 
 Do I have that all right? Or does Linux work as expected (bind to both
 interfaces) and Windows does not?
 
 Ideally, this should work everywhere:
 
 Connector port=80 protocol=HTTP/1.1 /
 
 ... and listen on both 0.0.0.0:80 and :::80
 
 The only configuration shown by Zorro has two connectors and says that
 works on Windows.
 
  On a Windows Vista PC I have also installed Tomcat 7.0.32 and the
  Windows installation set downloaded from tomcat.apache.org uses per
  default the Native Library. I have not changed anything in the
  configuration yet and on that PC a telnet 127.0.0.1 80 is ok while a
  IPv6 telnet ::1 80 fails.
 
 You mean using the above configuration?
 
 So, you have 2 connectors on Windows and one of them doesn't work at
 all? Please stop Tomcat, delete all log files, confirm your
 (2-connector) configuration, start Tomcat, then re-post your
 Connector configuration and the complete catalina.out log file, plus
 versions of everything all at once.
 
 Better yet, if you could provide a matrix of configurations that *do*
 work versus *don't* work, that would be great, too. I'm specifically
 interested in knowing if this is a generic APR problem, or only APR-on-
 Windows. Jeffrey Janner has had problems on Windows (which may be a
 win32 TCP/IP stack problem) but if it doesn't work on Linux, either,
 then perhaps it really is a bug with APR or tcnative.
 
  Maybe its worth it to include it in the documentation of the native
  library.
 
 Maybe it's worth filing a bug report. If I can get you to cough-up full
 details, it will make it much easier.
 
 - -chris

Chris, 
I want to say that it might have been a Windows stack limitation, at least up 
until the Windows 7 stack (which is Server 2008 R2).  Earlier versions didn't 
support dual-bind, but I can't be positive.  I have one of those server and can 
check it when I have a freer moment in a few days.  I'll report back to this 
thread.
Jeff

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[André Warnier]

Zorro wrote:

Op 27-11-2012 20:00, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Harm-Jan,

On 11/26/12 3:16 PM, Zorro wrote:

I have now this in my server.xml: For IPv4: Connector port=80
protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443
address=0.0.0.0 / For IPv6: Connector port=80
protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443
address=::0 /

With this setup I can connect to port 80 over Ipv4 And IPv6 to my
Linux box.

So, a recap:

* NIO/BIO connector binds to both IPv4 and IPv6 when no address is
specified

* APR connector binds only to IPv6 interface is IPv6 is available,
otherwise only IPv4

* Linux vs. Windows is not relevant

Do I have that all right? Or does Linux work as expected (bind to both
interfaces) and Windows does not?

Ideally, this should work everywhere:

Connector port=80 protocol=HTTP/1.1 /

... and listen on both 0.0.0.0:80 and :::80

The only configuration shown by Zorro has two connectors and says that
works on Windows.


On a Windows Vista PC I have also installed Tomcat 7.0.32 and the
Windows installation set downloaded from tomcat.apache.org uses
per default the Native Library. I have not changed anything in the
configuration yet and on that PC a telnet 127.0.0.1 80 is ok while
a IPv6 telnet ::1 80 fails.

You mean using the above configuration?

So, you have 2 connectors on Windows and one of them doesn't work at
all? Please stop Tomcat, delete all log files, confirm your
(2-connector) configuration, start Tomcat, then re-post your
Connector configuration and the complete catalina.out log file, plus
versions of everything all at once.

Better yet, if you could provide a matrix of configurations that *do*
work versus *don't* work, that would be great, too. I'm specifically
interested in knowing if this is a generic APR problem, or only
APR-on-Windows. Jeffrey Janner has had problems on Windows (which may
be a win32 TCP/IP stack problem) but if it doesn't work on Linux,
either, then perhaps it really is a bug with APR or tcnative.


Maybe its worth it to include it in the documentation of the
native library.

Maybe it's worth filing a bug report. If I can get you to cough-up
full details, it will make it much easier.

- -chris


Chris,

This is what I observed.
Tomcat 7.0.32

1. Linux (Fedora 14, gcc 4.5.1, OpenJDK IcedTea6 1.9.10 java version 
1.6.0_20)


One connector for port 80 defined without the address attribute:

 * NIO/BIO connector binds to both IPv4 and IPv6 when no address is 
specified
 * APR connector binds only to IPv6 interface if IPv6 is available, 
otherwise only IPv4


-

2. Windows Vista (java version 1.7.0_09)

One connector for port 80 defined without the address attribute:

 * NIO/BIO connector binds to both IPv4 and IPv6 when no address is 
specified

 * APR connector binds only to IPv4 interface (not to IPv6).




In all 4 cases above, you can quickly check exactly what is bound to what, by using the 
netstat command after you have started Tomcat.


The options of netstat vary somewhat depending on the OS.
Under Linux, I'd try :
ps -ef | grep tomcat (to find out its PID)

netstat --tcp -pan | grep LISTEN | grep (tomcat's PID)

Under Windows :
netstat -aon




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Harm-Jan,

On 11/27/12 3:32 PM, Zorro wrote:
 Op 27-11-2012 20:00, Christopher Schultz schreef:
 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
 
 Harm-Jan,
 
 On 11/26/12 3:16 PM, Zorro wrote:
 I have now this in my server.xml: For IPv4: Connector
 port=80 protocol=HTTP/1.1 connectionTimeout=2
 redirectPort=8443 address=0.0.0.0 / For IPv6: Connector
 port=80 protocol=HTTP/1.1 connectionTimeout=2
 redirectPort=8443 address=::0 /
 
 With this setup I can connect to port 80 over Ipv4 And IPv6 to
 my Linux box.
 So, a recap:
 
 * NIO/BIO connector binds to both IPv4 and IPv6 when no address
 is specified
 
 * APR connector binds only to IPv6 interface is IPv6 is
 available, otherwise only IPv4
 
 * Linux vs. Windows is not relevant
 
 Do I have that all right? Or does Linux work as expected (bind to
 both interfaces) and Windows does not?
 
 Ideally, this should work everywhere:
 
 Connector port=80 protocol=HTTP/1.1 /
 
 ... and listen on both 0.0.0.0:80 and :::80
 
 The only configuration shown by Zorro has two connectors and says
 that works on Windows.
 
 On a Windows Vista PC I have also installed Tomcat 7.0.32 and
 the Windows installation set downloaded from tomcat.apache.org
 uses per default the Native Library. I have not changed
 anything in the configuration yet and on that PC a telnet
 127.0.0.1 80 is ok while a IPv6 telnet ::1 80 fails.
 You mean using the above configuration?
 
 So, you have 2 connectors on Windows and one of them doesn't work
 at all? Please stop Tomcat, delete all log files, confirm your 
 (2-connector) configuration, start Tomcat, then re-post your 
 Connector configuration and the complete catalina.out log file,
 plus versions of everything all at once.
 
 Better yet, if you could provide a matrix of configurations that
 *do* work versus *don't* work, that would be great, too. I'm
 specifically interested in knowing if this is a generic APR
 problem, or only APR-on-Windows. Jeffrey Janner has had problems
 on Windows (which may be a win32 TCP/IP stack problem) but if it
 doesn't work on Linux, either, then perhaps it really is a bug
 with APR or tcnative.
 
 Maybe its worth it to include it in the documentation of the 
 native library.
 Maybe it's worth filing a bug report. If I can get you to
 cough-up full details, it will make it much easier.
 
 - -chris
 
 Chris,
 
 This is what I observed. Tomcat 7.0.32
 
 1. Linux (Fedora 14, gcc 4.5.1, OpenJDK IcedTea6 1.9.10 java
 version 1.6.0_20)
 
 One connector for port 80 defined without the address attribute:
 
 * NIO/BIO connector binds to both IPv4 and IPv6 when no address
 is specified * APR connector binds only to IPv6 interface if IPv6
 is available, otherwise only IPv4
 
 -
 
 2. Windows Vista (java version 1.7.0_09)
 
 One connector for port 80 defined without the address attribute:
 
 * NIO/BIO connector binds to both IPv4 and IPv6 when no address
 is specified * APR connector binds only to IPv4 interface (not to
 IPv6).

What about when specifying two connectors, one for IPV4 and one for IPv6?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlC1RTMACgkQ9CaO5/Lv0PACPgCcDxAOM3Cya0+gF2btkUXXFHcA
9P8AoI5VNewZO4wN7x1JwfbTql2QhOSQ
=6SMB
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Zorro,

On 11/23/12 4:37 PM, Zorro wrote:
 its not really a problem but if we ever migrate the internet to
 IPv6 it would be brilliant to have the connector serving both
 protocols which the http-bio-80 connector seems to be able to do

Let me double-check: are you saying that Tomcat/APR will only do IPv4
*or* IPv6 but not both? ... and that the BIO and NIO connectors *will*
allow both?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlCzwCwACgkQ9CaO5/Lv0PD6pQCfbPXCmEL6pW17tjcszd3LdYFY
/XgAnjVCEAOW2uGGsEccq+AOeaX8DIBz
=wR4p
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Jeffrey Janner]

 -Original Message-
 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Sent: Monday, November 26, 2012 1:17 PM
 To: Tomcat Users List
 Subject: Re: Using the Tomcat Native Library can only connect over ipv6
 But not over ipv4
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Zorro,
 
 On 11/23/12 4:37 PM, Zorro wrote:
  its not really a problem but if we ever migrate the internet to
  IPv6 it would be brilliant to have the connector serving both
  protocols which the http-bio-80 connector seems to be able to do
 
 Let me double-check: are you saying that Tomcat/APR will only do IPv4
 *or* IPv6 but not both? ... and that the BIO and NIO connectors *will*
 allow both?
 
 - -chris

Chris -
This has long been an issue with the Windows version of APR.
If you leave off the address= parameter of the connector, it will default to 
IPv6 only.
The workaround I've been using for years is the address=0.0.0.0 feature, 
since I'm an IPv4 only setup.
Theoretically, it should set up both connections, but doesn't.
I'm not sure if anyone's ever found a reason for this behavior, but it does 
only seem to affect APR connections.
You can search back in history a year or so for more detailed analysis if you'd 
like.  (search for my posts on the subject.)
Jeff

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[André Warnier]

Jeffrey Janner wrote:

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Monday, November 26, 2012 1:17 PM
To: Tomcat Users List
Subject: Re: Using the Tomcat Native Library can only connect over ipv6
But not over ipv4

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Zorro,

On 11/23/12 4:37 PM, Zorro wrote:

its not really a problem but if we ever migrate the internet to
IPv6 it would be brilliant to have the connector serving both
protocols which the http-bio-80 connector seems to be able to do

Let me double-check: are you saying that Tomcat/APR will only do IPv4
*or* IPv6 but not both? ... and that the BIO and NIO connectors *will*
allow both?

- -chris


Chris -
This has long been an issue with the Windows version of APR.
If you leave off the address= parameter of the connector, it will default to 
IPv6 only.
The workaround I've been using for years is the address=0.0.0.0 feature, 
since I'm an IPv4 only setup.
Theoretically, it should set up both connections, but doesn't.
I'm not sure if anyone's ever found a reason for this behavior, but it does 
only seem to affect APR connections.
You can search back in history a year or so for more detailed analysis if you'd 
like.  (search for my posts on the subject.)
Jeff



Note that as per earlier in this thread, there is a workaround, consisting of defining 2 
Connectors, one for IPv4 and one for IPv6, both on the same port, 80 e.g.


Also, I don't know if this is really relevant here, but I seem to remember a parameter or 
attribute somewhere named preferIPv4Stack/preferIPv6Stack.

...
Ok, I was digging a bit deeper in Google, and this is by no means an authoritative 
explanation, just my take on it so far :
At least some versions of Windows seem to have 2 independent IP stacks, one for IPv4 and 
one for IPv6.  (As opposed to one IPv6 stack which can also do IPv4 when required).
And natively under such an OS, one cannot bind a server socket to both an IPv4 and an IPv6 
address; one needs two separate sockets.  Apparently also, the JVM can to some extend 
hide this from Java programs, and perform it's magic under the hood, binding to one or 
the other or both as required, while still making it look as one socket to the Java program.
(wild guess : maybe that APR, being native and closer to the OS, doesn't allow this, 
while the other Connector variations do).


You can still open 2 separate Connectors though.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Zorro]

Op 26-11-2012 20:31, Jeffrey Janner schreef:

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Monday, November 26, 2012 1:17 PM
To: Tomcat Users List
Subject: Re: Using the Tomcat Native Library can only connect over ipv6
But not over ipv4

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Zorro,

On 11/23/12 4:37 PM, Zorro wrote:

its not really a problem but if we ever migrate the internet to
IPv6 it would be brilliant to have the connector serving both
protocols which the http-bio-80 connector seems to be able to do

Let me double-check: are you saying that Tomcat/APR will only do IPv4
*or* IPv6 but not both? ... and that the BIO and NIO connectors *will*
allow both?

- -chris

Chris -
This has long been an issue with the Windows version of APR.
If you leave off the address= parameter of the connector, it will default to 
IPv6 only.
The workaround I've been using for years is the address=0.0.0.0 feature, 
since I'm an IPv4 only setup.
Theoretically, it should set up both connections, but doesn't.
I'm not sure if anyone's ever found a reason for this behavior, but it does 
only seem to affect APR connections.
You can search back in history a year or so for more detailed analysis if you'd 
like.  (search for my posts on the subject.)
Jeff


Chris,

I think the answer as also Jeff pointed out is yes.

After building and installing the APR based Tomcat Native Library on in 
my case Fedora 14 Linux I could not connect to IPv4 adresses served by 
my Linux box.


Assuming I had done something wrong I had done tens of rebuilds of 
OpenSSL, APR and the Native library.
After searching a LOT on internet I found a similar issue described on 
Stackoverflow and then I found out that connecting to address ::1 on 
port 80 on my Linux box went ok.


As you and André explained to me specifying the address attribute with 
0.0.0.0 on the Connector forced the APR connector to use IPv4.


I have now this in my server.xml:
For IPv4:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=0.0.0.0 /

For IPv6:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=::0 /


With this setup I can connect to port 80 over Ipv4 And IPv6 to my Linux box.

On a Windows Vista PC I have also installed Tomcat 7.0.32 and the 
Windows installation set downloaded from tomcat.apache.org uses per 
default the Native Library.
I have not changed anything in the configuration yet and on that PC a 
telnet 127.0.0.1 80 is ok while a IPv6 telnet ::1 80 fails.


Maybe its worth it to include it in the documentation of the native library.

Regards,
Harm-Jan Zwinderman


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Zorro]

Op 23-11-2012 23:00, André Warnier schreef:

Zorro wrote:

Op 23-11-2012 22:04, André Warnier schreef:

Zorro wrote:

Op 23-11-2012 20:06, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Zorro,

On 11/22/12 5:07 PM, Zorro wrote:

Hi,

I tried to use the Apache Tomcat Native Library 1.1.24 using APR
version 1.4.6 with my Tomcat 7.0.32 server but after installing it
I cannot connect over ipv4.

Using Tomcat with the Native Library on Fedora 14 everything starts
up fine. However a telnet 127.0.0.1 80 gives a 'Connection
refused'. But with a telnet ::1 80 I can connect to Tomcat!

Using the http-bio-80 connector I can connect to Tomcat over ipv4
as well over ipv6. Both telnet 127.0.0.1 80 and telnet ::1 80 do
connect to Tomcat.

Is there a way to use the Apache Tomcat Native Library also for
ipv4 connections?

Try setting address=127.0.0.1 in your Connector. Or 0.0.0.0 if
you want to listen on all IPv4 interfaces.

- -chris

Hi Chris,

Thank you for your response.

Indeed setting the address attribute to 0.0.0.0 in the Connector 
element solves the issue.


Tomcat is then indeed listening to all IPv4 interfaces. Though 
connecting over IPv6 is not possible then.




Can't you them set up a second Connector, with an equivalent IPv6 
address ?
Since it is bound to different addresses, it shouldn't conflict with 
the first, or would it ?


I have set them up now as:
For IPv4:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=0.0.0.0 /


For IPv6:
Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=::0 /


As I understand it, this way one cannot use port 80 simultaneously 
for IPv4 and IPv6?




Well, honestly I wonder.  But on the face of it, I don't immediately 
see why not.  Have you tried it ?

(I mean, set both Connectors above for port 80)
..

Hi André,

Indeed setting both connectors to port 80 is also functioning.

Thank you!

Harm-Jan Zwinderman


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Zorro,

On 11/22/12 5:07 PM, Zorro wrote:
 Hi,
 
 I tried to use the Apache Tomcat Native Library 1.1.24 using APR
 version 1.4.6 with my Tomcat 7.0.32 server but after installing it 
 I cannot connect over ipv4.
 
 Using Tomcat with the Native Library on Fedora 14 everything starts
 up fine. However a telnet 127.0.0.1 80 gives a 'Connection
 refused'. But with a telnet ::1 80 I can connect to Tomcat!
 
 Using the http-bio-80 connector I can connect to Tomcat over ipv4
 as well over ipv6. Both telnet 127.0.0.1 80 and telnet ::1 80 do
 connect to Tomcat.
 
 Is there a way to use the Apache Tomcat Native Library also for
 ipv4 connections?

Try setting address=127.0.0.1 in your Connector. Or 0.0.0.0 if
you want to listen on all IPv4 interfaces.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlCvyRsACgkQ9CaO5/Lv0PDN0QCghJbWT49Kd9GoYRMvCMmv/vnH
Y2wAoIQDs4o/vDutxV/9MMJJeA8aqHPP
=tsi7
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Zorro]

Op 23-11-2012 20:06, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Zorro,

On 11/22/12 5:07 PM, Zorro wrote:

Hi,

I tried to use the Apache Tomcat Native Library 1.1.24 using APR
version 1.4.6 with my Tomcat 7.0.32 server but after installing it
I cannot connect over ipv4.

Using Tomcat with the Native Library on Fedora 14 everything starts
up fine. However a telnet 127.0.0.1 80 gives a 'Connection
refused'. But with a telnet ::1 80 I can connect to Tomcat!

Using the http-bio-80 connector I can connect to Tomcat over ipv4
as well over ipv6. Both telnet 127.0.0.1 80 and telnet ::1 80 do
connect to Tomcat.

Is there a way to use the Apache Tomcat Native Library also for
ipv4 connections?

Try setting address=127.0.0.1 in your Connector. Or 0.0.0.0 if
you want to listen on all IPv4 interfaces.

- -chris

Hi Chris,

Thank you for your response.

Indeed setting the address attribute to 0.0.0.0 in the Connector 
element solves the issue.


Tomcat is then indeed listening to all IPv4 interfaces. Though 
connecting over IPv6 is not possible then.


Regards,
Harm-Jan Zwinderman


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[André Warnier]

Zorro wrote:

Op 23-11-2012 20:06, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Zorro,

On 11/22/12 5:07 PM, Zorro wrote:

Hi,

I tried to use the Apache Tomcat Native Library 1.1.24 using APR
version 1.4.6 with my Tomcat 7.0.32 server but after installing it
I cannot connect over ipv4.

Using Tomcat with the Native Library on Fedora 14 everything starts
up fine. However a telnet 127.0.0.1 80 gives a 'Connection
refused'. But with a telnet ::1 80 I can connect to Tomcat!

Using the http-bio-80 connector I can connect to Tomcat over ipv4
as well over ipv6. Both telnet 127.0.0.1 80 and telnet ::1 80 do
connect to Tomcat.

Is there a way to use the Apache Tomcat Native Library also for
ipv4 connections?

Try setting address=127.0.0.1 in your Connector. Or 0.0.0.0 if
you want to listen on all IPv4 interfaces.

- -chris

Hi Chris,

Thank you for your response.

Indeed setting the address attribute to 0.0.0.0 in the Connector 
element solves the issue.


Tomcat is then indeed listening to all IPv4 interfaces. Though 
connecting over IPv6 is not possible then.




Can't you them set up a second Connector, with an equivalent IPv6 address ?
Since it is bound to different addresses, it shouldn't conflict with the first, 
or would it ?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Zorro]

Op 23-11-2012 22:04, André Warnier schreef:

Zorro wrote:

Op 23-11-2012 20:06, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Zorro,

On 11/22/12 5:07 PM, Zorro wrote:

Hi,

I tried to use the Apache Tomcat Native Library 1.1.24 using APR
version 1.4.6 with my Tomcat 7.0.32 server but after installing it
I cannot connect over ipv4.

Using Tomcat with the Native Library on Fedora 14 everything starts
up fine. However a telnet 127.0.0.1 80 gives a 'Connection
refused'. But with a telnet ::1 80 I can connect to Tomcat!

Using the http-bio-80 connector I can connect to Tomcat over ipv4
as well over ipv6. Both telnet 127.0.0.1 80 and telnet ::1 80 do
connect to Tomcat.

Is there a way to use the Apache Tomcat Native Library also for
ipv4 connections?

Try setting address=127.0.0.1 in your Connector. Or 0.0.0.0 if
you want to listen on all IPv4 interfaces.

- -chris

Hi Chris,

Thank you for your response.

Indeed setting the address attribute to 0.0.0.0 in the Connector 
element solves the issue.


Tomcat is then indeed listening to all IPv4 interfaces. Though 
connecting over IPv6 is not possible then.




Can't you them set up a second Connector, with an equivalent IPv6 
address ?
Since it is bound to different addresses, it shouldn't conflict with 
the first, or would it ?


I have set them up now as:
For IPv4:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=0.0.0.0 /


For IPv6:
Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=::0 /


As I understand it, this way one cannot use port 80 simultaneously for 
IPv4 and IPv6?


Regards,
Harm-Jan Zwinderman

(its not really a problem but if we ever migrate the internet to IPv6 it 
would be brilliant to have the connector serving both protocols which 
the http-bio-80 connector seems to be able to do)



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[André Warnier]

Zorro wrote:

Op 23-11-2012 22:04, André Warnier schreef:

Zorro wrote:

Op 23-11-2012 20:06, Christopher Schultz schreef:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Zorro,

On 11/22/12 5:07 PM, Zorro wrote:

Hi,

I tried to use the Apache Tomcat Native Library 1.1.24 using APR
version 1.4.6 with my Tomcat 7.0.32 server but after installing it
I cannot connect over ipv4.

Using Tomcat with the Native Library on Fedora 14 everything starts
up fine. However a telnet 127.0.0.1 80 gives a 'Connection
refused'. But with a telnet ::1 80 I can connect to Tomcat!

Using the http-bio-80 connector I can connect to Tomcat over ipv4
as well over ipv6. Both telnet 127.0.0.1 80 and telnet ::1 80 do
connect to Tomcat.

Is there a way to use the Apache Tomcat Native Library also for
ipv4 connections?

Try setting address=127.0.0.1 in your Connector. Or 0.0.0.0 if
you want to listen on all IPv4 interfaces.

- -chris

Hi Chris,

Thank you for your response.

Indeed setting the address attribute to 0.0.0.0 in the Connector 
element solves the issue.


Tomcat is then indeed listening to all IPv4 interfaces. Though 
connecting over IPv6 is not possible then.




Can't you them set up a second Connector, with an equivalent IPv6 
address ?
Since it is bound to different addresses, it shouldn't conflict with 
the first, or would it ?


I have set them up now as:
For IPv4:
Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=0.0.0.0 /


For IPv6:
Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 
redirectPort=8443 address=::0 /


As I understand it, this way one cannot use port 80 simultaneously for 
IPv4 and IPv6?




Well, honestly I wonder.  But on the face of it, I don't immediately see why not.  Have 
you tried it ?

(I mean, set both Connectors above for port 80)
..


(its not really a problem but if we ever migrate the internet to IPv6 it 
would be brilliant to have the connector serving both protocols which 
the http-bio-80 connector seems to be able to do)





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Using the Tomcat Native Library can only connect over ipv6 But not over ipv4

[Zorro]

Hi,

I tried to use the Apache Tomcat Native Library 1.1.24 using APR version 
1.4.6 with my Tomcat 7.0.32 server but after installing it

I cannot connect over ipv4.

Using Tomcat with the Native Library on Fedora 14 everything starts up fine.
However a telnet 127.0.0.1 80 gives a 'Connection refused'.
But with a telnet ::1 80 I can connect to Tomcat!

Using the http-bio-80 connector I can connect to Tomcat over ipv4 as 
well over ipv6.

Both telnet 127.0.0.1 80 and telnet ::1 80 do connect to Tomcat.

Is there a way to use the Apache Tomcat Native Library also for ipv4 
connections?


Kind regards,
Harm-Jan Zwinderman


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: HTTP NIO connector not supporting IPv6

[Jeffrey Janner]

 -Original Message-
 From: Daniel Mikusa [mailto:dmik...@vmware.com]
 Sent: Wednesday, September 12, 2012 2:14 PM
 To: Tomcat Users List
 Subject: Re: HTTP NIO connector not supporting IPv6
 
 On Sep 12, 2012, at 2:44 PM, Jeffrey Janner wrote:
 
  -Original Message-
  From: Daniel Mikusa [mailto:dmik...@vmware.com]
  Sent: Wednesday, September 12, 2012 10:00 AM
  To: Tomcat Users List
  Subject: Re: HTTP NIO connector not supporting IPv6
 
  On Sep 12, 2012, at 1:29 AM, Aditi Sinha wrote:
 
  Thanks Dan, Jeff.
 
 
 
  There are no errors in catalina.log file.
 
  The connector tags are defined as below in server.xml. This
  configuration does not support IPv6.
 
 
  Connector port=8080 protocol=*HTTP/1.1*
  connectionTimeout=2
  redirectPort=8443 /
 
 
 
  Connector port=8443 protocol=*
  org.apache.coyote.http11.Http11NioProtocol* SSLEnabled=true
  maxThreads=150
 
  scheme=https secure=true clientAuth=false
  sslProtocol=TLS
  keystoreFile=xx keystorePass=xx/
 
 
  Tried it on my MBP (10.7 w/Java 1.6.0_35) and it worked fine.  Tried
  on Windows XP (only version I have available) w/ Java 1.6.0_35 and
  was able to replicate the problem behavior.  According to the
  following bug report this is a limitation of the OS / JVM.  Looks
  like a recent versions of Windows and a recent version of the JVM
 are
  required to resolve this.
 
  Try upgrading from 1.6.0_25 to 1.6.0_35.
 
  http://bugs.sun.com/view_bug.do?bug_id=6230761
 
  Dan
 
  One workaround is to explicitly define the IPv4 and IPv6 addressing
 in the connector.
  That is, add address=0.0.0.0 for any IPv4 connectors and
  address=[::] for any IPv6 connectors. (Or use your real addresses
 instead of the any addresses listed here.) This means setting up 2
 sets of connectors for each port/protocol, but there's nothing wrong
 with being explicit.
  This is what I had to do to get the APR protocol to set up for IPv4.
 
 
 With all due respect, I do not think that this is going to work for the
 poster.  You're saying that your workaround was for an issue with the
 APR connector, but the poster is using the NIO connector.  The APR
 connector does not use NIO or the JVM, so I don't think your workaround
 is relevant.  In fact I tried your workaround previously without
 success.  The problem is that on older versions of Windows (pre-vista)
 and older versions of the JVM, the NIO libraries do not support IPv6
 (see bug report).
 
 As a side note, the poster could switch from NIO to the APR connector,
 and it would likely resolve his problem (just like he reported
 switching to the BIO connector resolved his problem).  Just assuming
 that the poster wants to stick with the NIO connector.
 
 Dan
 

Yes, Dan.  But the OP stated he is using Windows Server 2008, which is the 
server version of Vista. Since he doesn't say he's on 2008 R2 (which is 
Windows 7 Server), so we'll assume that he's at least at a Vista-level 
networking.

The bug you mention is specifically about dual-mode socket support, that is, 
being able to specify the port and not the address and having Java set up to 
sockets which listen/talk on both the IPv4  IPv6 addresses of the machine. At 
least if I read it correctly.  Re-reading it, it might not be there for NIO, no 
matter what you try.  My work-around would specifically show whether the 
support is there or not for IPv6 in NIO, i.e., use it as a diagnostic tool, if 
nothing else.

But yes, reading the bug, really closely, makes it appear that the support for 
NIO IPv6 was not back-ported to JDK6 until this last July, specifically 
6u33-b34.  So the OP should probably start up upgrading his Java to jdk1.6_34 
or later and see if that doesn't fix it first.

Personally, I prefer the APR to NIO, but mainly because SSL is easier to manage 
under APR. I believe there are some esoteric advantages to using NIO, but I'd 
have to go back to the comparison chart to tell you what they are.  The OP may 
have a specific use case that requires those features.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: HTTP NIO connector not supporting IPv6

[Aditi Sinha]

Thanks Dan, Jeff for sharing so much of infomation.

I will try the below option and share the result.

Try upgrading from 1.6.0_25 to 1.6.0_35.

Thanks  Regards,
Aditi


On Thu, Sep 13, 2012 at 7:39 PM, Jeffrey Janner jeffrey.jan...@polydyne.com
 wrote:

  -Original Message-
  From: Daniel Mikusa [mailto:dmik...@vmware.com]
   Sent: Wednesday, September 12, 2012 2:14 PM
  To: Tomcat Users List
  Subject: Re: HTTP NIO connector not supporting IPv6
 
  On Sep 12, 2012, at 2:44 PM, Jeffrey Janner wrote:
 
   -Original Message-
   From: Daniel Mikusa [mailto:dmik...@vmware.com]
   Sent: Wednesday, September 12, 2012 10:00 AM
   To: Tomcat Users List
   Subject: Re: HTTP NIO connector not supporting IPv6
  
   On Sep 12, 2012, at 1:29 AM, Aditi Sinha wrote:
  
   Thanks Dan, Jeff.
  
  
  
   There are no errors in catalina.log file.
  
   The connector tags are defined as below in server.xml. This
   configuration does not support IPv6.
  
  
   Connector port=8080 protocol=*HTTP/1.1*
   connectionTimeout=2
   redirectPort=8443 /
  
  
  
   Connector port=8443 protocol=*
   org.apache.coyote.http11.Http11NioProtocol* SSLEnabled=true
   maxThreads=150
  
   scheme=https secure=true clientAuth=false
   sslProtocol=TLS
   keystoreFile=xx keystorePass=xx/
  
  
   Tried it on my MBP (10.7 w/Java 1.6.0_35) and it worked fine.  Tried
   on Windows XP (only version I have available) w/ Java 1.6.0_35 and
   was able to replicate the problem behavior.  According to the
   following bug report this is a limitation of the OS / JVM.  Looks
   like a recent versions of Windows and a recent version of the JVM
  are
   required to resolve this.
  
   Try upgrading from 1.6.0_25 to 1.6.0_35.
  
   http://bugs.sun.com/view_bug.do?bug_id=6230761
  
   Dan
  
   One workaround is to explicitly define the IPv4 and IPv6 addressing
  in the connector.
   That is, add address=0.0.0.0 for any IPv4 connectors and
   address=[::] for any IPv6 connectors. (Or use your real addresses
  instead of the any addresses listed here.) This means setting up 2
  sets of connectors for each port/protocol, but there's nothing wrong
  with being explicit.
   This is what I had to do to get the APR protocol to set up for IPv4.
 
 
  With all due respect, I do not think that this is going to work for the
  poster.  You're saying that your workaround was for an issue with the
  APR connector, but the poster is using the NIO connector.  The APR
  connector does not use NIO or the JVM, so I don't think your workaround
  is relevant.  In fact I tried your workaround previously without
  success.  The problem is that on older versions of Windows (pre-vista)
  and older versions of the JVM, the NIO libraries do not support IPv6
  (see bug report).
 
  As a side note, the poster could switch from NIO to the APR connector,
  and it would likely resolve his problem (just like he reported
  switching to the BIO connector resolved his problem).  Just assuming
  that the poster wants to stick with the NIO connector.
 
  Dan
 

 Yes, Dan.  But the OP stated he is using Windows Server 2008, which is the
 server version of Vista. Since he doesn't say he's on 2008 R2 (which is
 Windows 7 Server), so we'll assume that he's at least at a Vista-level
 networking.

 The bug you mention is specifically about dual-mode socket support, that
 is, being able to specify the port and not the address and having Java set
 up to sockets which listen/talk on both the IPv4  IPv6 addresses of the
 machine. At least if I read it correctly.  Re-reading it, it might not be
 there for NIO, no matter what you try.  My work-around would specifically
 show whether the support is there or not for IPv6 in NIO, i.e., use it as a
 diagnostic tool, if nothing else.

 But yes, reading the bug, really closely, makes it appear that the support
 for NIO IPv6 was not back-ported to JDK6 until this last July, specifically
 6u33-b34.  So the OP should probably start up upgrading his Java to
 jdk1.6_34 or later and see if that doesn't fix it first.

 Personally, I prefer the APR to NIO, but mainly because SSL is easier to
 manage under APR. I believe there are some esoteric advantages to using
 NIO, but I'd have to go back to the comparison chart to tell you what they
 are.  The OP may have a specific use case that requires those features.



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: HTTP NIO connector not supporting IPv6

[Daniel Mikusa]

On Sep 12, 2012, at 1:29 AM, Aditi Sinha wrote:

 Thanks Dan, Jeff.
 
 
 
 There are no errors in catalina.log file.
 
 The connector tags are defined as below in server.xml. This configuration
 does not support IPv6.
 
 
  Connector port=8080 protocol=*HTTP/1.1* connectionTimeout=2
 redirectPort=8443 /
 
 
 
  Connector port=8443 protocol=*
 org.apache.coyote.http11.Http11NioProtocol* SSLEnabled=true
 maxThreads=150
 
  scheme=https secure=true clientAuth=false sslProtocol=TLS
 keystoreFile=xx keystorePass=xx/
 

Tried it on my MBP (10.7 w/Java 1.6.0_35) and it worked fine.  Tried on Windows 
XP (only version I have available) w/ Java 1.6.0_35 and was able to replicate 
the problem behavior.  According to the following bug report this is a 
limitation of the OS / JVM.  Looks like a recent versions of Windows and a 
recent version of the JVM are required to resolve this.

Try upgrading from 1.6.0_25 to 1.6.0_35.

http://bugs.sun.com/view_bug.do?bug_id=6230761

Dan


 
 
 
 
 
 
 Below configuration supports IPv6. The only difference is the protocol.
 
 
 
  Connector port=8080 protocol=*org.apache.coyote.http11.Http11Protocol*
 connectionTimeout=2 redirectPort=8443 /
 
 
 
  Connector port=8443 protocol=*org.apache.coyote.http11.Http11Protocol*
 SSLEnabled=true maxThreads=150
 
  scheme=https secure=true clientAuth=false sslProtocol=TLS
 keystoreFile=xx keystorePass=xx/
 
 
 
 Please let me know if something missing here?
 
 
 
 Thanks  Regards,
 
 Aditi
 
 
 On Tue, Sep 11, 2012 at 7:30 PM, Jeffrey Janner jeffrey.jan...@polydyne.com
 wrote:
 
 -Original Message-
 From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
 Sent: Tuesday, September 11, 2012 8:57 AM
 To: 'Tomcat Users List'
 Subject: RE: HTTP NIO connector not supporting IPv6
 
 Aditi -
 
 All connectors support both IPv4 and IPv6, including BIO, NIO, and
 native/APR. However, how you configure the connector will affect which
 protocol is supported.
 
 As far as I've been able to tell from empirical testing (see previous
 threads), if you leave off the address parameter, the java-based
 connectors (BIO  NIO) will set up listeners on both of the any
 addresses, i.e. 0.0.0.0:port for IPv4 and [::]:port for IPv6. Unless
 it's been fixed in a recent release, the APR will only set up to listen
 on the IPv6 address.  You have to specifically give it the IPv4 any
 if you want IPv4 support. Since I only support IPv4 right now, I
 haven't re-tested the current version of APR. (pltr)
 
 So, as Daniel says, please resend your message with copies of the
 actual connector tags, minus any passwords and excess comments.  If
 you are seeing any errors in your catalina.log file, those would be
 helpful as well.
 
 Jeff
 
 
 p.s. sorry for the top-post, it's early.
 p.p.s.  The above is testing done under Windows servers.
 
 Also, you really should upgrade to the latest sun JDK (jdk1.6.0_35).
 There are issues with some of the lower versions, but I don't think any
 that affect the connector mechanism.
 
 
 -Original Message-
 From: Aditi Sinha [mailto:adisinha0...@gmail.com]
 Sent: Tuesday, September 11, 2012 7:21 AM
 To: Tomcat Users List
 Subject: HTTP NIO connector not supporting IPv6
 
 Hi,
 
 
 
 We have a web server hosted on Apache Tomcat Version 7.0.22.
 
 Machine details: Windows 2008 server machine, 32-bit OS
 
 Java version:  jdk1.6.0_25
 
 
 
 Two HTTP connectors are defined in server.xml.
 
 1.   For non-SSL requests:  Connector with  protocol=HTTP/1.1
(HTTP
 BIO connector)
 
 2.   For SSL requests:  Connector with
 protocol=org.apache.coyote.http11.Http11NioProtocol   (HTTP NIO
 connector)
 
 
 
 With the above configuration server is not accessible through the
 IPv6
 address.   The netstat -an command also does not list the connector
 ports(defined in server.xml).
 
 
 
 *On modifying these two connectors to use the BIO implementation,
 protocol=org.apache.coyote.http11.Http11Protocol
 the server supports IPv6.  *
 
 
 
 Any idea why HTTP NIO connector would not support IPv6?
 
 
 
 Thanks  Regards,
 
 Aditi
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: HTTP NIO connector not supporting IPv6

[Jeffrey Janner]

 -Original Message-
 From: Daniel Mikusa [mailto:dmik...@vmware.com]
 Sent: Wednesday, September 12, 2012 10:00 AM
 To: Tomcat Users List
 Subject: Re: HTTP NIO connector not supporting IPv6
 
 On Sep 12, 2012, at 1:29 AM, Aditi Sinha wrote:
 
  Thanks Dan, Jeff.
 
 
 
  There are no errors in catalina.log file.
 
  The connector tags are defined as below in server.xml. This
  configuration does not support IPv6.
 
 
   Connector port=8080 protocol=*HTTP/1.1*
 connectionTimeout=2
  redirectPort=8443 /
 
 
 
   Connector port=8443 protocol=*
  org.apache.coyote.http11.Http11NioProtocol* SSLEnabled=true
  maxThreads=150
 
   scheme=https secure=true clientAuth=false
 sslProtocol=TLS
  keystoreFile=xx keystorePass=xx/
 
 
 Tried it on my MBP (10.7 w/Java 1.6.0_35) and it worked fine.  Tried on
 Windows XP (only version I have available) w/ Java 1.6.0_35 and was
 able to replicate the problem behavior.  According to the following bug
 report this is a limitation of the OS / JVM.  Looks like a recent
 versions of Windows and a recent version of the JVM are required to
 resolve this.
 
 Try upgrading from 1.6.0_25 to 1.6.0_35.
 
 http://bugs.sun.com/view_bug.do?bug_id=6230761
 
 Dan
 
One workaround is to explicitly define the IPv4 and IPv6 addressing in the 
connector.
That is, add address=0.0.0.0 for any IPv4 connectors and address=[::] for 
any IPv6 connectors. (Or use your real addresses instead of the any addresses 
listed here.)
This means setting up 2 sets of connectors for each port/protocol, but there's 
nothing wrong with being explicit.
This is what I had to do to get the APR protocol to set up for IPv4.

Plus, why do you have asterisks (*) bracketing the protocols?  All examples 
I've ever seen don't use them.  They are just quoted strings. From the default 
server.xml shipped with Tomcat:
Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true
   maxThreads=150 scheme=https secure=true
   clientAuth=false sslProtocol=TLS /



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: HTTP NIO connector not supporting IPv6

[Daniel Mikusa]

On Sep 12, 2012, at 2:44 PM, Jeffrey Janner wrote:

 -Original Message-
 From: Daniel Mikusa [mailto:dmik...@vmware.com]
 Sent: Wednesday, September 12, 2012 10:00 AM
 To: Tomcat Users List
 Subject: Re: HTTP NIO connector not supporting IPv6
 
 On Sep 12, 2012, at 1:29 AM, Aditi Sinha wrote:
 
 Thanks Dan, Jeff.
 
 
 
 There are no errors in catalina.log file.
 
 The connector tags are defined as below in server.xml. This
 configuration does not support IPv6.
 
 
 Connector port=8080 protocol=*HTTP/1.1*
 connectionTimeout=2
 redirectPort=8443 /
 
 
 
 Connector port=8443 protocol=*
 org.apache.coyote.http11.Http11NioProtocol* SSLEnabled=true
 maxThreads=150
 
 scheme=https secure=true clientAuth=false
 sslProtocol=TLS
 keystoreFile=xx keystorePass=xx/
 
 
 Tried it on my MBP (10.7 w/Java 1.6.0_35) and it worked fine.  Tried on
 Windows XP (only version I have available) w/ Java 1.6.0_35 and was
 able to replicate the problem behavior.  According to the following bug
 report this is a limitation of the OS / JVM.  Looks like a recent
 versions of Windows and a recent version of the JVM are required to
 resolve this.
 
 Try upgrading from 1.6.0_25 to 1.6.0_35.
 
 http://bugs.sun.com/view_bug.do?bug_id=6230761
 
 Dan
 
 One workaround is to explicitly define the IPv4 and IPv6 addressing in the 
 connector.
 That is, add address=0.0.0.0 for any IPv4 connectors and address=[::] for 
 any IPv6 connectors. (Or use your real addresses instead of the any 
 addresses listed here.)
 This means setting up 2 sets of connectors for each port/protocol, but 
 there's nothing wrong with being explicit.
 This is what I had to do to get the APR protocol to set up for IPv4.


With all due respect, I do not think that this is going to work for the poster. 
 You're saying that your workaround was for an issue with the APR connector, 
but the poster is using the NIO connector.  The APR connector does not use NIO 
or the JVM, so I don't think your workaround is relevant.  In fact I tried your 
workaround previously without success.  The problem is that on older versions 
of Windows (pre-vista) and older versions of the JVM, the NIO libraries do not 
support IPv6 (see bug report).

As a side note, the poster could switch from NIO to the APR connector, and it 
would likely resolve his problem (just like he reported switching to the BIO 
connector resolved his problem).  Just assuming that the poster wants to stick 
with the NIO connector.

Dan



 
 Plus, why do you have asterisks (*) bracketing the protocols?  All examples 
 I've ever seen don't use them.  They are just quoted strings. From the 
 default server.xml shipped with Tomcat:
Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true
   maxThreads=150 scheme=https secure=true
   clientAuth=false sslProtocol=TLS /
 
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to support IPv6 on Apache Tomcat Version 7.0.22

[Aditi Sinha]

Chris,



Thanks for the info. I would start another email thread.



Regards,

Aditi


On Mon, Sep 10, 2012 at 7:11 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Aditi,

 On 9/10/12 3:19 AM, Aditi Sinha wrote:
  Wanted to know if the HTTP NIO connectors do not support IPv6?

 AFAIK, all Tomcat connectors support IPv6 if your JVM and OS support
 IPv6 (and tcnative/apr support IPv6 if you are using APR). If you are
 having a specific problem, please start another thread and give as
 much configuration and error message/behavior detail as possible.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

 iEYEARECAAYFAlBN7hkACgkQ9CaO5/Lv0PAMeACcCAdvrdWGjEkvPpXFyoUqhKUT
 YYEAoL5pbfvhCoRyd3rFMPW4sxfAlOzN
 =ebYS
  -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

HTTP NIO connector not supporting IPv6

[Aditi Sinha]

Hi,



We have a web server hosted on Apache Tomcat Version 7.0.22.

Machine details: Windows 2008 server machine, 32-bit OS

Java version:  jdk1.6.0_25



Two HTTP connectors are defined in server.xml.

1.   For non-SSL requests:  Connector with  protocol=HTTP/1.1
(HTTP
BIO connector)

2.   For SSL requests:  Connector with
protocol=org.apache.coyote.http11.Http11NioProtocol   (HTTP NIO
connector)



With the above configuration server is not accessible through the IPv6
address.   The “netstat –an” command also does not list the connector
ports(defined in server.xml).



*On modifying these two connectors to use the BIO implementation,
protocol=“org.apache.coyote.http11.Http11Protocol”
the server supports IPv6.  *



Any idea why HTTP NIO connector would not support IPv6?



Thanks  Regards,

Aditi

Re: HTTP NIO connector not supporting IPv6

[Daniel Mikusa]

On Sep 11, 2012, at 8:21 AM, Aditi Sinha wrote:

 Hi,
 
 
 
 We have a web server hosted on Apache Tomcat Version 7.0.22.
 
 Machine details: Windows 2008 server machine, 32-bit OS
 
 Java version:  jdk1.6.0_25
 
 
 
 Two HTTP connectors are defined in server.xml.

Please include the full configuration for your two connectors, or better yet 
include your entire server.xml (minus comments).

 
 1.   For non-SSL requests:  Connector with  protocol=HTTP/1.1
(HTTP
 BIO connector)
 
 2.   For SSL requests:  Connector with
 protocol=org.apache.coyote.http11.Http11NioProtocol   (HTTP NIO
 connector)
 
 
 
 With the above configuration server is not accessible through the IPv6
 address.   The “netstat –an” command also does not list the connector
 ports(defined in server.xml).

What is the output of netstat -an?  Can you include that as well?

Dan


 
 
 
 *On modifying these two connectors to use the BIO implementation,
 protocol=“org.apache.coyote.http11.Http11Protocol”
 the server supports IPv6.  *
 
 
 
 Any idea why HTTP NIO connector would not support IPv6?
 
 
 
 Thanks  Regards,
 
 Aditi


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: HTTP NIO connector not supporting IPv6

[Jeffrey Janner]

Aditi -

All connectors support both IPv4 and IPv6, including BIO, NIO, and native/APR. 
However, how you configure the connector will affect which protocol is 
supported.

As far as I've been able to tell from empirical testing (see previous threads), 
if you leave off the address parameter, the java-based connectors (BIO  NIO) 
will set up listeners on both of the any addresses, i.e. 0.0.0.0:port for 
IPv4 and [::]:port for IPv6. Unless it's been fixed in a recent release, the 
APR will only set up to listen on the IPv6 address.  You have to specifically 
give it the IPv4 any if you want IPv4 support. Since I only support IPv4 
right now, I haven't re-tested the current version of APR. (pltr)

So, as Daniel says, please resend your message with copies of the actual 
connector tags, minus any passwords and excess comments.  If you are seeing 
any errors in your catalina.log file, those would be helpful as well.

Jeff

 -Original Message-
 From: Aditi Sinha [mailto:adisinha0...@gmail.com]
 Sent: Tuesday, September 11, 2012 7:21 AM
 To: Tomcat Users List
 Subject: HTTP NIO connector not supporting IPv6
 
 Hi,
 
 
 
 We have a web server hosted on Apache Tomcat Version 7.0.22.
 
 Machine details: Windows 2008 server machine, 32-bit OS
 
 Java version:  jdk1.6.0_25
 
 
 
 Two HTTP connectors are defined in server.xml.
 
 1.   For non-SSL requests:  Connector with  protocol=HTTP/1.1
 (HTTP
 BIO connector)
 
 2.   For SSL requests:  Connector with
 protocol=org.apache.coyote.http11.Http11NioProtocol   (HTTP NIO
 connector)
 
 
 
 With the above configuration server is not accessible through the IPv6
 address.   The netstat -an command also does not list the connector
 ports(defined in server.xml).
 
 
 
 *On modifying these two connectors to use the BIO implementation,
 protocol=org.apache.coyote.http11.Http11Protocol
 the server supports IPv6.  *
 
 
 
 Any idea why HTTP NIO connector would not support IPv6?
 
 
 
 Thanks  Regards,
 
 Aditi


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: HTTP NIO connector not supporting IPv6

[Jeffrey Janner]

 -Original Message-
 From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
 Sent: Tuesday, September 11, 2012 8:57 AM
 To: 'Tomcat Users List'
 Subject: RE: HTTP NIO connector not supporting IPv6
 
 Aditi -
 
 All connectors support both IPv4 and IPv6, including BIO, NIO, and
 native/APR. However, how you configure the connector will affect which
 protocol is supported.
 
 As far as I've been able to tell from empirical testing (see previous
 threads), if you leave off the address parameter, the java-based
 connectors (BIO  NIO) will set up listeners on both of the any
 addresses, i.e. 0.0.0.0:port for IPv4 and [::]:port for IPv6. Unless
 it's been fixed in a recent release, the APR will only set up to listen
 on the IPv6 address.  You have to specifically give it the IPv4 any
 if you want IPv4 support. Since I only support IPv4 right now, I
 haven't re-tested the current version of APR. (pltr)
 
 So, as Daniel says, please resend your message with copies of the
 actual connector tags, minus any passwords and excess comments.  If
 you are seeing any errors in your catalina.log file, those would be
 helpful as well.
 
 Jeff
 
 
p.s. sorry for the top-post, it's early.
p.p.s.  The above is testing done under Windows servers.

Also, you really should upgrade to the latest sun JDK (jdk1.6.0_35).  There are 
issues with some of the lower versions, but I don't think any that affect the 
connector mechanism.


  -Original Message-
  From: Aditi Sinha [mailto:adisinha0...@gmail.com]
  Sent: Tuesday, September 11, 2012 7:21 AM
  To: Tomcat Users List
  Subject: HTTP NIO connector not supporting IPv6
 
  Hi,
 
 
 
  We have a web server hosted on Apache Tomcat Version 7.0.22.
 
  Machine details: Windows 2008 server machine, 32-bit OS
 
  Java version:  jdk1.6.0_25
 
 
 
  Two HTTP connectors are defined in server.xml.
 
  1.   For non-SSL requests:  Connector with  protocol=HTTP/1.1
  (HTTP
  BIO connector)
 
  2.   For SSL requests:  Connector with
  protocol=org.apache.coyote.http11.Http11NioProtocol   (HTTP NIO
  connector)
 
 
 
  With the above configuration server is not accessible through the
 IPv6
  address.   The netstat -an command also does not list the connector
  ports(defined in server.xml).
 
 
 
  *On modifying these two connectors to use the BIO implementation,
  protocol=org.apache.coyote.http11.Http11Protocol
  the server supports IPv6.  *
 
 
 
  Any idea why HTTP NIO connector would not support IPv6?
 
 
 
  Thanks  Regards,
 
  Aditi
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: HTTP NIO connector not supporting IPv6

[Aditi Sinha]

Thanks Dan, Jeff.



There are no errors in catalina.log file.

The connector tags are defined as below in server.xml. This configuration
does not support IPv6.



  Connector port=8080 protocol=*HTTP/1.1* connectionTimeout=2
redirectPort=8443 /



  Connector port=8443 protocol=*
org.apache.coyote.http11.Http11NioProtocol* SSLEnabled=true
maxThreads=150

  scheme=https secure=true clientAuth=false sslProtocol=TLS
keystoreFile=xx keystorePass=xx/







Below configuration supports IPv6. The only difference is the protocol.



  Connector port=8080 protocol=*org.apache.coyote.http11.Http11Protocol*
connectionTimeout=2 redirectPort=8443 /



  Connector port=8443 protocol=*org.apache.coyote.http11.Http11Protocol*
SSLEnabled=true maxThreads=150

  scheme=https secure=true clientAuth=false sslProtocol=TLS
keystoreFile=xx keystorePass=xx/



 Please let me know if something missing here?



Thanks  Regards,

Aditi


On Tue, Sep 11, 2012 at 7:30 PM, Jeffrey Janner jeffrey.jan...@polydyne.com
 wrote:

  -Original Message-
  From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
  Sent: Tuesday, September 11, 2012 8:57 AM
  To: 'Tomcat Users List'
  Subject: RE: HTTP NIO connector not supporting IPv6
 
  Aditi -
 
  All connectors support both IPv4 and IPv6, including BIO, NIO, and
  native/APR. However, how you configure the connector will affect which
  protocol is supported.
 
  As far as I've been able to tell from empirical testing (see previous
  threads), if you leave off the address parameter, the java-based
  connectors (BIO  NIO) will set up listeners on both of the any
  addresses, i.e. 0.0.0.0:port for IPv4 and [::]:port for IPv6. Unless
  it's been fixed in a recent release, the APR will only set up to listen
  on the IPv6 address.  You have to specifically give it the IPv4 any
  if you want IPv4 support. Since I only support IPv4 right now, I
  haven't re-tested the current version of APR. (pltr)
 
  So, as Daniel says, please resend your message with copies of the
  actual connector tags, minus any passwords and excess comments.  If
  you are seeing any errors in your catalina.log file, those would be
  helpful as well.
 
  Jeff
 

 p.s. sorry for the top-post, it's early.
 p.p.s.  The above is testing done under Windows servers.

 Also, you really should upgrade to the latest sun JDK (jdk1.6.0_35).
  There are issues with some of the lower versions, but I don't think any
 that affect the connector mechanism.


   -Original Message-
   From: Aditi Sinha [mailto:adisinha0...@gmail.com]
   Sent: Tuesday, September 11, 2012 7:21 AM
   To: Tomcat Users List
   Subject: HTTP NIO connector not supporting IPv6
  
   Hi,
  
  
  
   We have a web server hosted on Apache Tomcat Version 7.0.22.
  
   Machine details: Windows 2008 server machine, 32-bit OS
  
   Java version:  jdk1.6.0_25
  
  
  
   Two HTTP connectors are defined in server.xml.
  
   1.   For non-SSL requests:  Connector with  protocol=HTTP/1.1
   (HTTP
   BIO connector)
  
   2.   For SSL requests:  Connector with
   protocol=org.apache.coyote.http11.Http11NioProtocol   (HTTP NIO
   connector)
  
  
  
   With the above configuration server is not accessible through the
  IPv6
   address.   The netstat -an command also does not list the connector
   ports(defined in server.xml).
  
  
  
   *On modifying these two connectors to use the BIO implementation,
   protocol=org.apache.coyote.http11.Http11Protocol
   the server supports IPv6.  *
  
  
  
   Any idea why HTTP NIO connector would not support IPv6?
  
  
  
   Thanks  Regards,
  
   Aditi
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to support IPv6 on Apache Tomcat Version 7.0.22

[Aditi Sinha]

Hi Chris,

Apologies for coming back on this one after a long gap.

Wanted to know if the HTTP NIO connectors do not support IPv6?

In our server.xml we had below two connectors  defined.  This configuration
did not support Ipv6 For both ssl and non-ssl requests.



1.   For non-SSL requests:  HTTP Connector with  protocol=HTTP/1.1
  *(HTTP BIO connector)*

2.   For SSL requests:  HTTP Connector with protocol=
org.apache.coyote.http11.Http11NioProtocol   *(HTTP NIO connector)*



On modifying these two connectors to use the BIO implementation,  *protocol*
*=**“org.apache.coyote.http11.Http11Protocol”* the server supports IPv6.


Is there any other configuration required so that HTTP NIO connector would
support IPv6?

Thanks  Regards,
Aditi


On Tue, Jul 10, 2012 at 10:11 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Aditi,

 On 7/9/12 5:37 AM, Aditi Sinha wrote:
  I could get the comparison of the three connectors here
 
 http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Connector_Comparison
 
   With the BIO connector specified, the server is not responding to
  the https request. Is it because SSL Handshake is Blocking for BIO
  connector?

 Everything is blocking for the BIO connection -- that's what the B
 stands for.

  We need to support SSL. Is there a way to have below configuration
  support IPv6?

 I can't see a reason why you can't use SSL over any of the connectors.
 What happens when you try to connect? Note that AJP never supports
 HTTPS (at least not directly -- the web proxy must terminate the SSL
 connection, but can forward the details like cipher, client
 certificate, etc. to Tomcat and your webapp).

  HTTP Connector: NIO protocol

 Connector protocol=org.apache.coyote.ajp.Http11NioProtocol

/

  AJP Connector: APR protocol/NIO protocol.

 Connector protocol=org.apache.coyote.ajp.AjpNioProtocol

/

 That should be all that is necessary.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAk/8W0IACgkQ9CaO5/Lv0PA0RwCfe8hWScXATo/pPjBCcsGCwWi5
 jYgAoKRjazQPQkEe0T1vwlvulMc/kgk5
 =k0tm
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to support IPv6 on Apache Tomcat Version 7.0.22

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Aditi,

On 9/10/12 3:19 AM, Aditi Sinha wrote:
 Wanted to know if the HTTP NIO connectors do not support IPv6?

AFAIK, all Tomcat connectors support IPv6 if your JVM and OS support
IPv6 (and tcnative/apr support IPv6 if you are using APR). If you are
having a specific problem, please start another thread and give as
much configuration and error message/behavior detail as possible.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBN7hkACgkQ9CaO5/Lv0PAMeACcCAdvrdWGjEkvPpXFyoUqhKUT
YYEAoL5pbfvhCoRyd3rFMPW4sxfAlOzN
=ebYS
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 7.0.27 listens only @IPv6 localhost, ignores 'use IPv4' JAVA_OPTS in tomcat.conf. How to correctly force IPv4?

[k9157]

I've installed

rpm -qa | grep -i ^tomcat
tomcat-lib-7.0.27-7.1.noarch
tomcat-docs-webapp-7.0.27-7.1.noarch
tomcat-javadoc-7.0.27-7.1.noarch
tomcat-webapps-7.0.27-7.1.noarch
tomcat-admin-webapps-7.0.27-7.1.noarch
tomcat-servlet-3_0-api-7.0.27-7.1.noarch
tomcat-7.0.27-7.1.noarch
tomcat-el-2_2-api-7.0.27-7.1.noarch
tomcat-jsp-2_2-api-7.0.27-7.1.noarch


with

  update-alternatives --config java
  There are 2 choices for the alternative java (providing
  /usr/bin/java).
  
SelectionPath   Priority  
Status
  
0/usr/lib64/jvm/jre-1.7.0-openjdk/bin/java   17147
auto mode
  * 1/usr/lib64/jvm/jre-1.7.0-openjdk/bin/java   17147
  manual mode
2/usr/lib64/jvm/jre-1.7.0-sun/bin/java   1700 
manual mode

on

uname -a
Linux svr 3.1.10-1.16-desktop #1 SMP PREEMPT Wed Jun 27
05:21:40 UTC 2012 (d016078) x86_64 x86_64 x86_64
GNU/Linux

IPv4 is enabled on the server.  The IPv6 stack is also enabled, and
necessarily configured as,

grep bindv6only /etc/sysctl.conf
net.ipv6.bindv6only = 1

I want Tomcat listening on the IPv4 localhost @ 127.0.0.1.

So, reading here -
http://tomcat.10.n6.nabble.com/Tomcat-uses-IPv6-td2164369.html#a2164371
- and elsewhere, I set

vi /etc/tomcat/tomcat.conf
...
JAVA_OPTS=Djava.net.preferIPv4Stack=true
-Djava.net.preferIPv4Addresses=true
CATALINA_OPTS=Djava.net.preferIPv4Stack=true
-Djava.net.preferIPv4Addresses=true
...

now, @ tomcat start,

ps ax | grep tomcat
 6530 ?Sl 0:03 /etc/alternatives/jre/bin/java
 -Djava.net.preferIPv4Stack=true
 -Djava.net.preferIPv4Addresses=true
 -Djava.net.preferIPv4Stack=true
 -Djava.net.preferIPv4Addresses=true -classpath
 
:/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
 -Dcatalina.base=/usr/share/tomcat
 -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
 -Djava.io.tmpdir=/var/cache/tomcat/temp
 
-Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
 org.apache.catalina.startup.Bootstrap start

but, Tomcat still listens only on IPv6

netstat -pan --tcp | grep 8080
tcp0  0 :::8080 :::*
   LISTEN  6530/java

and is unavailable/unreachable @ 127.0.0.1

telnet 127.0.0.1 8080
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

telnet ::1 8080
Trying ::1...
Connected to ::1.
Escape character is '^]'.
telnet

has the method for getting Tomcat to listen only @ IPv4 changed for v7?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7.0.27 listens only @IPv6 localhost, ignores 'use IPv4' JAVA_OPTS in tomcat.conf. How to correctly force IPv4?

[Tony Anecito]

I do it at the OS level via the adaptor properties for windows. If your network 
does not support IPv6 I would disable it else you will get errors in your logs 
about IPv6 for like say DHCP assignment.
 
Regards,
-Tony

--- On Sun, 7/22/12, k9...@operamail.com k9...@operamail.com wrote:


From: k9...@operamail.com k9...@operamail.com
Subject: Tomcat 7.0.27 listens only @IPv6 localhost, ignores 'use IPv4' 
JAVA_OPTS in tomcat.conf. How to correctly force IPv4?
To: users@tomcat.apache.org
Date: Sunday, July 22, 2012, 9:03 AM



I've installed

    rpm -qa | grep -i ^tomcat
        tomcat-lib-7.0.27-7.1.noarch
        tomcat-docs-webapp-7.0.27-7.1.noarch
        tomcat-javadoc-7.0.27-7.1.noarch
        tomcat-webapps-7.0.27-7.1.noarch
        tomcat-admin-webapps-7.0.27-7.1.noarch
        tomcat-servlet-3_0-api-7.0.27-7.1.noarch
        tomcat-7.0.27-7.1.noarch
        tomcat-el-2_2-api-7.0.27-7.1.noarch
        tomcat-jsp-2_2-api-7.0.27-7.1.noarch


with

  update-alternatives --config java
  There are 2 choices for the alternative java (providing
  /usr/bin/java).
  
    Selection    Path                                       Priority  
    Status
  
    0            /usr/lib64/jvm/jre-1.7.0-openjdk/bin/java   17147    
    auto mode
  * 1            /usr/lib64/jvm/jre-1.7.0-openjdk/bin/java   17147    
  manual mode
    2            /usr/lib64/jvm/jre-1.7.0-sun/bin/java       1700     
    manual mode

on

    uname -a
        Linux svr 3.1.10-1.16-desktop #1 SMP PREEMPT Wed Jun 27
        05:21:40 UTC 2012 (d016078) x86_64 x86_64 x86_64
        GNU/Linux

IPv4 is enabled on the server.  The IPv6 stack is also enabled, and
necessarily configured as,

    grep bindv6only /etc/sysctl.conf
        net.ipv6.bindv6only = 1

I want Tomcat listening on the IPv4 localhost @ 127.0.0.1.

So, reading here -
http://tomcat.10.n6.nabble.com/Tomcat-uses-IPv6-td2164369.html#a2164371
- and elsewhere, I set

    vi /etc/tomcat/tomcat.conf
        ...
        JAVA_OPTS=Djava.net.preferIPv4Stack=true
        -Djava.net.preferIPv4Addresses=true
        CATALINA_OPTS=Djava.net.preferIPv4Stack=true
        -Djava.net.preferIPv4Addresses=true
        ...

now, @ tomcat start,

    ps ax | grep tomcat
 6530 ?        Sl     0:03 /etc/alternatives/jre/bin/java
 -Djava.net.preferIPv4Stack=true
 -Djava.net.preferIPv4Addresses=true
 -Djava.net.preferIPv4Stack=true
 -Djava.net.preferIPv4Addresses=true -classpath
 :/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
 -Dcatalina.base=/usr/share/tomcat
 -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
 -Djava.io.tmpdir=/var/cache/tomcat/temp
 -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
 org.apache.catalina.startup.Bootstrap start

but, Tomcat still listens only on IPv6

    netstat -pan --tcp | grep 8080
        tcp        0      0 :::8080                 :::*        
                   LISTEN      6530/java

and is unavailable/unreachable @ 127.0.0.1

    telnet 127.0.0.1 8080
        Trying 127.0.0.1...
        telnet: connect to address 127.0.0.1: Connection refused

    telnet ::1 8080
        Trying ::1...
        Connected to ::1.
        Escape character is '^]'.
        telnet

has the method for getting Tomcat to listen only @ IPv4 changed for v7?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7.0.27 listens only @IPv6 localhost, ignores 'use IPv4' JAVA_OPTS in tomcat.conf. How to correctly force IPv4?

[k9157]

Hi,

On Sun, Jul 22, 2012, at 09:29 AM, Tony Anecito wrote:
 I do it at the OS level via the adaptor properties for windows. If your
 network does not support IPv6 I would disable it else you will get errors
 in your logs about IPv6 for like say DHCP assignment.

My network supports IPv6 just fine.

This server is configured for dual-stack, with separate sockets
specified for IPv4  IPv6 as defined at:

https://www.kernel.org/doc/man-pages/online/pages/man7/ipv6.7.html

IPV6_V6ONLY (since Linux 2.4.21 and 2.6)
  If this flag is set to true (nonzero),
  then the socket is restricted to
  sending and receiving IPv6 packets only. 
  In this case, an IPv4 and an
  IPv6 application can bind to a single port
  at the same time.

  If this flag is set to false (zero), then
  the socket can be used to
  send and receive packets to and from an
  IPv6 address or an IPv4-mapped
  IPv6 address.

  The argument is a pointer to a boolean
  value in an integer.

  The default value for this flag is defined
  by the contents of the file
  /proc/sys/net/ipv6/bindv6only.  The
  default value for that file is 0
  (false).

In this config, any/all other apps on the box can be easily configured
to listen on IPv4 /or IPv6.

I need Tomcat to listen/respond on IPv4 localhost @ 127.0.0.1.

Atm, it appears to be ignoring instructions to do so.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7.0.27 listens only @IPv6 localhost, ignores 'use IPv4' JAVA_OPTS in tomcat.conf. How to correctly force IPv4?

[k9157]

reading here on this issue:

Re: Tomcat is only listening with ip6 and not ip4
http://linux.derkeiler.com/Mailing-Lists/Debian/2009-12/msg01262.html

 ... Thus you should report a bug against Tomcat. Also
you can replace net.ipv6.bindv6only=1 with
net.ipv6.bindv6only=0 in your /etc/sysctl.d/ as a
temporary solution. ...

filed - 

Bug 53583 - Tomcat 7.0.27 ignores 'use IPv4' JAVA_OPTS in tomcat.conf,
listens only @IPv6 localhost when separate IPv4/IPv6 sockets are
specified
https://issues.apache.org/bugzilla/show_bug.cgi?id=53583

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 7.0.27 listens only @IPv6 localhost, ignores 'use IPv4' JAVA_OPTS in tomcat.conf. How to correctly force IPv4?

[Caldarale, Charles R]

 From: k9...@operamail.com [mailto:k9...@operamail.com] 
 Subject: Tomcat 7.0.27 listens only @IPv6 localhost, ignores 
 'use IPv4' JAVA_OPTS in tomcat.conf. How to correctly force IPv4?

 I've installed
   rpm -qa | grep -i ^tomcat
   tomcat-lib-7.0.27-7.1.noarch
   tomcat-docs-webapp-7.0.27-7.1.noarch
   tomcat-javadoc-7.0.27-7.1.noarch
   tomcat-webapps-7.0.27-7.1.noarch
   tomcat-admin-webapps-7.0.27-7.1.noarch
   tomcat-servlet-3_0-api-7.0.27-7.1.noarch
   tomcat-7.0.27-7.1.noarch
   tomcat-el-2_2-api-7.0.27-7.1.noarch
   tomcat-jsp-2_2-api-7.0.27-7.1.noarch

What happens if you install a real Tomcat from tomcat.apache.org, rather than a 
mangled 3rd-party version?

What do your Connector elements in your server.xml file look like?

Have you installed APR?

What's in the Tomcat logs (assuming you can even find them with a 3rd-party 
installation)?

BTW. it's not necessary to set both CATALINA_OPTS and JAVA_OPTS.  JAVA_OPTS is 
used for both Tomcat startup and shutdown, CATALINA_OPTS only for startup.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7.0.27 listens only @IPv6 localhost, ignores 'use IPv4' JAVA_OPTS in tomcat.conf. How to correctly force IPv4?

[Tim Watts]

On Sun, 2012-07-22 at 08:03 -0700, k9...@operamail.com wrote:
   Linux svr 3.1.10-1.16-desktop #1 SMP PREEMPT Wed Jun 27
   05:21:40 UTC 2012 (d016078) x86_64 x86_64 x86_64
   GNU/Linux
 
 IPv4 is enabled on the server.  The IPv6 stack is also enabled, and
 necessarily configured as,
 
   grep bindv6only /etc/sysctl.conf
   net.ipv6.bindv6only = 1
 
 I want Tomcat listening on the IPv4 localhost @ 127.0.0.1.

So you want Tomcat to listen on all IPv6 addresses plus the IPv4
loopback address but no other IPv4 addresses?

Since you've told the OS to not allow IPv4 connections on IPv6 sockets,
I believe you would need to configure a separate Connector on the same
port for the IPv4 loopback address.


 
 So, reading here -
 http://tomcat.10.n6.nabble.com/Tomcat-uses-IPv6-td2164369.html#a2164371
 - and elsewhere, I set
 
   vi /etc/tomcat/tomcat.conf
   ...
   JAVA_OPTS=Djava.net.preferIPv4Stack=true
   -Djava.net.preferIPv4Addresses=true
   CATALINA_OPTS=Djava.net.preferIPv4Stack=true
   -Djava.net.preferIPv4Addresses=true
   ...
 
 now, @ tomcat start,
 
   ps ax | grep tomcat
6530 ?Sl 0:03 /etc/alternatives/jre/bin/java
-Djava.net.preferIPv4Stack=true
-Djava.net.preferIPv4Addresses=true
-Djava.net.preferIPv4Stack=true
-Djava.net.preferIPv4Addresses=true -classpath

 :/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
-Dcatalina.base=/usr/share/tomcat
-Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
-Djava.io.tmpdir=/var/cache/tomcat/temp

 -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
org.apache.catalina.startup.Bootstrap start
 
 but, Tomcat still listens only on IPv6
 
   netstat -pan --tcp | grep 8080
   tcp0  0 :::8080 :::*
  LISTEN  6530/java
 
 and is unavailable/unreachable @ 127.0.0.1
 
   telnet 127.0.0.1 8080
   Trying 127.0.0.1...
   telnet: connect to address 127.0.0.1: Connection refused
 
   telnet ::1 8080
   Trying ::1...
   Connected to ::1.
   Escape character is '^]'.
   telnet
 
 has the method for getting Tomcat to listen only @ IPv4 changed for v7?
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 



signature.asc
Description: This is a digitally signed message part

Re: Tomcat 7.0.27 listens only @IPv6 localhost, ignores 'use IPv4' JAVA_OPTS in tomcat.conf. How to correctly force IPv4?

[k9157]

Hi,

On Sun, Jul 22, 2012, at 01:24 PM, Tim Watts wrote:
 On Sun, 2012-07-22 at 08:03 -0700, k9...@operamail.com wrote:
  Linux svr 3.1.10-1.16-desktop #1 SMP PREEMPT Wed Jun 27
  05:21:40 UTC 2012 (d016078) x86_64 x86_64 x86_64
  GNU/Linux
  
  IPv4 is enabled on the server.  The IPv6 stack is also enabled, and
  necessarily configured as,
  
  grep bindv6only /etc/sysctl.conf
  net.ipv6.bindv6only = 1
  
  I want Tomcat listening on the IPv4 localhost @ 127.0.0.1.
 
 So you want Tomcat to listen on all IPv6 addresses plus the IPv4
 loopback address but no other IPv4 addresses?

No.  I want Tomcat7 to listen ONLY on one address: the IPv4 loopback @
127.0.0.1.  No other IPv4 addresses, and no IPv6 addresses at all.

Specifying a listener proptocol, address  port should be a fairly
commonplace undertaking ...

 Since you've told the OS to not allow IPv4 connections on IPv6 sockets,
 I believe you would need to configure a separate Connector on the same
 port for the IPv4 loopback address.

Not sure if this, then, still holds.

I'd understaood that those 'use IPv4' -D options should do exactly what
I intend to here.   Apparently not, though ...

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 7.0.27 listens only @IPv6 localhost, ignores 'use IPv4' JAVA_OPTS in tomcat.conf. How to correctly force IPv4?

[Caldarale, Charles R]

 From: Tim Watts [mailto:t...@cliftonfarm.org] 
 Subject: Re: Tomcat 7.0.27 listens only @IPv6 localhost, ignores 
 'use IPv4' JAVA_OPTS in tomcat.conf. How to correctly force IPv4?

 Since you've told the OS to not allow IPv4 connections on IPv6 sockets,
 I believe you would need to configure a separate Connector on the same
 port for the IPv4 loopback address.

That shouldn't be necessary.  But since the OP hasn't told us what his 
Connector configuration is, we can only speculate.  An address setting of 
0.0.0.0 in the sole Connector might be adequate.  Need real information.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7.0.27 listens only @IPv6 localhost, ignores 'use IPv4' JAVA_OPTS in tomcat.conf. How to correctly force IPv4?

[k9157]

 What happens if you install a real Tomcat from tomcat.apache.org

same issue

 What do your Connector elements in your server.xml file look like?

It's out-of-the-box:

  ...
  Service name=Catalina
Connector port=8080 protocol=HTTP/1.1
   connectionTimeout=2
   redirectPort=8443 /
Connector port=8009 protocol=AJP/1.3 redirectPort=8443 /
Engine name=Catalina defaultHost=localhost
  ...

 Have you installed APR?

yes.

apr-2-config --version
2.0.0
svn info `apr-2-config --srcdir` | egrep URL|Revision
URL: https://svn.apache.org/repos/asf/apr/apr/trunk
Revision: 1363601

 What's in the Tomcat logs

@ start,

ps ax | grep -i java
21972 ?Sl 0:03
/etc/alternatives/jre/bin/java
-Djava.net.preferIPv4Stack=true
-Djava.net.preferIPv4Addresses=true -classpath

:/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
-Dcatalina.base=/usr/share/tomcat
-Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs=
-Djava.io.tmpdir=/var/cache/tomcat/temp

-Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties

-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
org.apache.catalina.startup.Bootstrap start

logs:

== catalina.2012-07-22.log ==
Jul 22, 2012 10:46:04 AM
org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.23.

== catalina.out ==
Jul 22, 2012 10:46:04 AM
org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.23.

== catalina.2012-07-22.log ==
Jul 22, 2012 10:46:04 AM
org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept
filters [false], random [true].

== catalina.out ==
Jul 22, 2012 10:46:04 AM
org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept
filters [false], random [true].

== catalina.2012-07-22.log ==
Jul 22, 2012 10:46:04 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [http-apr-8080]

== catalina.out ==
Jul 22, 2012 10:46:04 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [http-apr-8080]

== catalina.2012-07-22.log ==
Jul 22, 2012 10:46:04 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [ajp-apr-8009]

== catalina.out ==
Jul 22, 2012 10:46:04 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [ajp-apr-8009]

== catalina.2012-07-22.log ==
Jul 22, 2012 10:46:04 AM org.apache.catalina.startup.Catalina
load
INFO: Initialization processed in 667 ms

== catalina.out ==
Jul 22, 2012 10:46:04 AM org.apache.catalina.startup.Catalina
load
INFO: Initialization processed in 667 ms

== catalina.2012-07-22.log ==
Jul 22, 2012 10:46:04 AM
org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina

== catalina.out ==
Jul 22, 2012 10:46:04 AM
org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina

== catalina.2012-07-22.log ==
Jul 22, 2012 10:46:04 AM org.apache.catalina.core.StandardEngine
startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.27

== catalina.out ==
Jul 22, 2012 10:46:04 AM org.apache.catalina.core.StandardEngine
startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.27

== catalina.2012-07-22.log ==
Jul 22, 2012 10:46:04 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory
/srv/tomcat/webapps/manager

== catalina.out ==
Jul 22, 2012 10:46:04 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory
/srv/tomcat/webapps/manager

== catalina.2012-07-22.log ==
Jul 22, 2012 10:46:04 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory
/srv/tomcat/webapps/examples

== catalina.out ==
Jul 22, 2012 10:46:04 AM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory
/srv/tomcat/webapps/examples

== localhost.2012-07-22.log ==
Jul 22, 2012 10:46:04 AM