There appears to be a change in the behavior of AJP connector in Tomcat, with respect to the protocol stack of the loopback address it binds to. With older versions it binds to both IPv6 and IPv4 interface, but with 9.0.31 it appears to bind to IPv4 only, if the address attribute is removed from the connector config
Tomcat 9.0.16 - default config <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> netstat -ano | findstr 8009 TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 19832 TCP [::]:8009 [::]:0 LISTENING 19832 Tomcat 9.0.31 - note that address attribute is removed... in the standard config it is set to "::1". <Connector protocol="AJP/1.3" port="8009" redirectPort="8443" secret="seckey" /> netstat -ano | findstr 8009 TCP 127.0.0.1:8009 0.0.0.0:0 LISTENING 8964 Even if the default is used it listens to IPv6 only <Connector protocol="AJP/1.3" address="::1" port="8009" redirectPort="8443" secret="seckey" /> TCP [::1]:8009 [::]:0 LISTENING 3880 As per the docs, the default for ipv6v6only attribute is false. Should it not listen to both the protocol stacks. -Piyush. -----Original Message----- From: Piyush Kumar Nayak <pna...@adobe.com.INVALID> Sent: Saturday, March 7, 2020 5:29 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: RE: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31 Chris, In both the cases, ISAPI and mod_jk, the hostname is set to "localhost" Tomcat and webserver are on the same host machine. -----Original Message----- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Friday, March 6, 2020 8:20 PM To: users@tomcat.apache.org Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Piyush, On 3/5/20 14:40, Piyush Kumar Nayak wrote: > Thanks Mark, Two connector configs works. Any ideas, on why the > behavior if different for ISAPI and mod_jk modules? What do your configurations look like for each module? - -chris > -----Original Message----- From: Mark H. Wood <mw...@iupui.edu> > Sent: Thursday, March 5, 2020 10:28 PM To: users@tomcat.apache.org > Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31 > > On Thu, Mar 05, 2020 at 01:52:57PM +0000, Piyush Kumar Nayak > wrote: >> Is there a way to get Tomcat's AJP connector to bind to both IPv4 and >> IPv6 loopback addresses. >> >> By default, it seems that Tomcat binds to IPv4 loopback Default >> connector config : <Connector protocol="AJP/1.3" port="8014" >> redirectPort="8447" packetSize="65535" secret="xxx" >> tomcatAuthentication="false"/> >> >> netstat -ano | findstr 8014 TCP 127.0.0.1:8014 0.0.0.0:0 LISTENING >> 8616 TCP 127.0.0.1:8014 127.0.0.1:57510 ESTABLISHED >> 8616 TCP 127.0.0.1:57510 127.0.0.1:8014 ESTABLISHED 11800 >> >> Introducing the address attribute like so : <Connector >> protocol="AJP/1.3" address="::1" port="8014" redirectPort="8447" >> packetSize="65535" secret="xxx" tomcatAuthentication="false"/> binds >> it to IPv6 loopback TCP [::1]:8014 [::]:0 LISTENING 8616 TCP >> [::1]:8014 [::1]:57522 ESTABLISHED 8616 TCP [::1]:57522 >> [::1]:8014 ESTABLISHED 6564 >> >> Is there a way to make it bind to both the loopbacks. The problem we >> are facing is our Tomcat installations can have connector configured >> with IIS or Apache HTTPD. Apache connector, by default seems to make >> a socket connection using the address ::1 (IPv6 loop back address), >> whereas IIS connector tries to bind to the >> IPv4 loopback. > > Two things I would try: > > 1. Two connectors, one with address='::1' and the other with > address='127.0.0.1', both with port='8014'. > > 2. Configure the other end explicitly: tell HTTPD and IIS which > address to use, and then configure your AJP Connector to match. > > -- Mark H. Wood Lead Technology Analyst > > University Library Indiana University - Purdue University Indianapolis > 755 W. Michigan Street Indianapolis, IN 46202 > 317-274-0749 www.ulib.iupui.edu > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5iYv0ACgkQHPApP6U8 pFj1zQ//ad7HvYwxxRINeF0UFw2bA1cIOcvJ2E5tFqDvdEtu52RIkQQaqNF2cMlA VCE3M2HZFL2WvazAAVWFpzt3pIU0fe7BPAJneNF850maFHQ+05Agh3MKd/2VUjhe 5rad1JeNqRlXAAmPCEqOCewxj2z9+yEyNu/x2hHlEpFVdSpeTjGQbhiAEBL50qjk FICEtw9QrCXw9JHCtPC5XBcbbkoUboejbeTdKz6n31djkwFpLigISgEds8haF7Kl E7jx46/rqXxOUyRR9JFzWjGUC5Aim51WDn+gJruUhkd/CLAUcIHbbG6G3J7FKQGp kYah8/sBCjCxuHVQtzmj6CopuYr+EkLNTe9GZyLnVDlQCv5GGSmwlsNSehRMEVbC rDjoRbbaG/tDjtO9dao8w1Okae91DobzwdpM1XIKIuYgUuU83f+bz4P0KfCfeVzH OH/YEmSFChynlYU31dd7HJTqdJUOVT2kTK3qncon2PEDHBoyEC+/F1wTFb16WlG9 XCG31UqhxGXxJ5p8Z5ts4jgaTRgNEMJQk19MCKfQcF6TAE8zXrOIRaTArB5eh1Ch QgvUU2MFAYIoAup+5vQtaX52+9YM2CMPFy6IMdikNFCsy1O/2K11H7vf+K18xsmm TOYf6up+AfAkcPTlzKfBhY0zjInVuYRZpM+oXqZm6oAC/TNH2G8= =/AOd -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org B KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB [ X ܚX KK[XZ[ \ \ ][ X ܚX P X ] \X K ܙ B ܈Y][ۘ[ [X[ K[XZ[ \ \ Z[ X ] \X K ܙ B