On Tue, Dec 10, 2019 at 9:42 AM Christopher Schultz <ch...@christopherschultz.net> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Chris, > > On 12/9/19 17:10, Chris Cheshire wrote: > > In CATALINA_BASE/bin/setenv.sh I have the following : > > > > CATALINA_OPTS="-Dcom.sun.management.jmxremote > > -Dcom.sun.management.jmxremote.ssl=false > > -Dcom.sun.management.jmxremote.authenticate=false" > > Okay. > > > In CATALINA_BASE/conf/server.xml I have a listener configured : > > > > <Listener > > className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" > > rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" > > useLocalPorts="true" /> > > > > > > Upon startup I see in logs : INFO [main] > > org.apache.catalina.mbeans.JmxRemoteLifecycleListener.createServer > > The JMX Remote Listener has configured the registry on port > > [10001] and the server on port [10002] for the [Platform] server > > > > > > $ netstat -an | grep 10001 tcp4 0 0 127.0.0.1.10001 > > *.* LISTEN tcp6 0 0 ::1.10001 > > *.* LISTEN > > > > On my local machine I have a tunnel set up as follows : ssh -N > > -L10001:localhost:10001 -L10002:localhost:10002 user@remotehost > > > > (where user is the user tomcat is running under) > > > > When I try to add a remote JMX connection in VisualVM on my client > > machine to localhost:10001 I get an error dialog after a brief > > delay with the message "Cannot connect to localhost:10001 using > > service:jmx:rmi:///jndi/rmi://localhost:10001/jmxrmi". If I change > > it to port 10002 I get the same error. On the server at this time > > : $ netstat -an | grep 10001 tcp4 0 0 127.0.0.1.10001 > > *.* LISTEN tcp6 0 0 ::1.10001 > > *.* LISTEN tcp4 0 0 127.0.0.1.62637 > > 127.0.0.1.10001 TIME_WAIT > > > > > > If I try to use jconsole connecting to port 10001 I get the error > > "Connection failed: non-JRMP server at remote endpoint". Connecting > > to port 10002 I get the error "Connection failed: no such object > > in table" > > You should be using the port defined by rmiRegistryPortPlatform, so > 10001 is the correct port to use. > > > I've been through the tomcat configuration documentation a couple > > times but I can't see what else I need to configure. > > What you have looks good to me without reproducing it myself. Can you do > : > > $ netstat -an | grep 1000[0-9] > > ? > > Just to be sure about both ports? >
$ netstat -an | grep 1000[0-9] tcp6 0 0 :::10001 :::* LISTEN tcp6 0 0 :::10002 :::* LISTEN Hmmmm. Tomcat is only listening on ipv6 ports, but my tunnel is using ipv4. After digging around [1], I added this to CATALINA_OPTS in setenv.sh -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true $ netstat -an | grep 1000[0-9] tcp 0 0 0.0.0.0:10001 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:10002 0.0.0.0:* LISTEN When I try to connect with jconsole I get the same error (non-JRMP server at remote endpoint), with the server showing tcp 0 0 0.0.0.0:10001 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:10002 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:10001 127.0.0.1:43803 TIME_WAIT tcp 0 0 127.0.0.1:10001 127.0.0.1:43815 TIME_WAIT I have also updated sshd_config with PermitTunnel yes and restarted that. Still no change. Chris [1] https://serverfault.com/questions/390840/how-does-one-get-tomcat-to-bind-to-ipv4-address --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
