I am facing a weird issue, my keycloak is running successfully in minikube but at the same time I am not able to access by port forwarding to 8080. I wanted my own spi to be deployed so created a new docker image file as shown below.
FROM jboss/keycloak:latest
ADD common-keycloak-spi-0.1.jar /opt/jboss/keycloak/standalone/deployments/
ENTRYPOINT ["/usr/bin/env"]
CMD ["sh","/opt/jboss/tools/docker-entrypoint.sh"]
Now this runs fine in docker container but when I am trying to depoloy it on kubernetes I am unable to access the service by using port forwading.
vipul#vipul-Latitude-5530:~/Downloads$ kubectl port-forward springdoc-64f8dbf547-xrqcl 8080:8080
Forwarding from 127.0.0.1:8080 -> 8080
Forwarding from [::1]:8080 -> 8080
Handling connection for 8080
Handling connection for 8080
E0216 15:24:29.872454 24829 portforward.go:407] an error occurred forwarding 8080 -> 8080: error forwarding port 8080 to pod 5ad97759ea56d8d9acbeecc9dc3cda33bdb0ff138b5c126de37cb7bad985b74f, uid : exit status 1: 2023/02/16 09:54:29 socat[93218] E connect(5, AF=2 127.0.0.1:8080, 16): Connection refused
E0216 15:24:29.873263 24829 portforward.go:233] lost connection to pod
Handling connection for 8080
E0216 15:24:29.874222 24829 portforward.go:345] error creating error stream for port 8080 -> 8080: EOF
vipul#vipul-Latitude-5530:~/Downloads$ kubectl exec springdoc-64f8dbf547-xrqcl -- /bin/bash
And also getting NONE for any port and host port in kubectl describe .
Thanks
You can check the following step to troubleshoot the issue:
Check whether the firewall is blocking the port. “netstat -anp | grep 8080”
Check the pod is configured correctly with port and host port in the config yaml file. Use thislink as a reference.
If you are using the same port configuration in Docker container and in the kubectl will not access the same port so try to check the port number.
Also you can check the blog by Ales Nosek for hostport.
Related
I changed default port number from 8080 to 8082 in application.properties file using server.port=8082. Even after changing port number, if I try to run sprint boot app, server is taking default port 8080 and application is not starting.
Error message;
Description:
Web server failed to start. Port 8080 was already in use.
Action:
Identify and stop the process that's listening on port 8080 or configure this application to listen on another port.
i solved it like this
Solution
Enter 'server.port='8080' (changed port number) in the following 'application.properties' file where you can create a project.
After connecting to the terminal
Type 'sudo lsof -i :[port number you want to check]' to see which ports are running.
Delete server.port and run it again.
I am trying to start a zookeeper server from a a Java code withing a webapp. But somehow I see that it is trying to start on the Tomcat port rather than the port provided in the properties file.
I keep seeing this:
WARN | o.e.j.s.ServletContextHandler#269d82e2{/,null,UNAVAILABLE} contextPath ends with /*
WARN | Empty contextPath
StartZooKeeperServer EXCEPTION: org.apache.zookeeper.server.admin.AdminServer$AdminServerException: Problem starting AdminServer on address 0.0.0.0, port 8080 and command URL /commands
org.apache.zookeeper.server.admin.AdminServer$AdminServerException: Problem starting AdminServer on address 0.0.0.0, port 8080 and command URL /commands
at org.apache.zookeeper.server.admin.JettyAdminServer.start(JettyAdminServer.java:107)
at org.apache.zookeeper.server.ZooKeeperServerMain.runFromConfig(ZooKeeperServerMain.java:138)
But I have the clientPort set in the properties as 2182.
If you need any more information please do let me know.
The problem is not with the Zookeeper server but with the Admin Server.
Admin Server binds by default to port 8080. However, this port is allocated in your system so this exception is thrown.
You can add the following property to your zookeeper configuration:
admin.serverPort=9876 (any port other than 8080)
You can even disable this server if you do not need it using:
admin.enableServer=false
More information on the Zookeeper admin server:
https://zookeeper.apache.org/doc/r3.6.1/zookeeperAdmin.html#sc_adminserver
I'm trying to connect to a jmx port remotely but I can't seem to connect to it even though the port is open. Its a java process running in a container on a server thats a Nomad worker. Its running on 29406.
Here is what netstat shows:
netstat -tulpn | grep 29406
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 10.137.2.166:29406 0.0.0.0:* LISTEN -
udp 0 0 10.137.2.166:29406 0.0.0.0:* -
And this is whats in /etc/hosts
cat /etc/hosts
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
I've downloaded jmxterm on the server to try and connect to it, and noticed an interesting behavior. When I try using localhost to connect to the port, I get this:
#RuntimeIOException: Runtime IO exception: Failed to retrieve RMIServer stub: javax.naming.ServiceUnavailableException [Root exception is java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
java.net.ConnectException: Connection refused (Connection refused)]
When I use its own IP address, it then seems to work:
$>open 10.137.2.166:29406
#Connection to 10.137.2.166:29406 is opened
$>
Curious to understand why localhost doesn't work when I'm running this on the server itself...
The only way I've gotten jconsole (running on my laptop) to connect to it is by using an ssh tunnel like this:
ssh -Nf -D 7777 10.137.2.166
jconsole -J-DsocksProxyHost=localhost -J-DsocksProxyPort=7777 service:jmx:rmi:///jndi/rmi://10.137.2.166:29406/jmxrmi -J-DsocksNonProxyHosts=
I feel like I should be able to connect to it without creating a tunnel but unsure why I can't. If I run telnet locally from my laptop to the host, the connection does seem to open...
telnet 10.137.2.166 29406
Trying 10.137.2.166...
Connected to 10.137.2.166.
Escape character is '^]'.
To successful JMX handshake
the jmx server should be available by a host name outside (should also be declared on server jvm via java.rmi.server.hostname system property)
in addition to one open port (can be explicitly declared via com.sun.management.jmxremote.rmi.port jvm property) the jmx server chooses random another that's used for new jmx connection. It's quite problematic because you can't foresee particular port in order to exclude it from server's firewall restrictions, so the tunneling is necessary.
Server listened at only 10.137.2.166.
When you trying to create new socket with localhost domain, your application tying to establish 127.0.0.1 adress but your application not listening at this ip.
If you want to connect with localhost domain you have few options for solving.
Change your server configuration to listen on 127.0.0.1 and 10.137.2.166 at same time.
Change your server configuration to listen on 0.0.0.0 .
Listening at 0.0.0.0 its not recommended for security reasons .
Use iptables to forward port. Requires root privileges.
sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp -i lo --dport 29406 -j DNAT --to-destination 10.137.2.166:29406
iptables -A FORWARD -p tcp -d 10.137.2.166 --dport 29406 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
if you don't have root privileges you can use socat.
socat TCP-LISTEN:29406,fork,bind=127.0.0.1 TCP:10.137.2.166:29406
I only used jmx for visualvm connection and in this case they are two ports required to be available:
com.sun.management.jmxremote.port=9010
com.sun.management.jmxremote.rmi.port=9011
Also the java.rmi.server.hostname need to be set accordingly to the right network interface as the port will be bound only on that interface.
Once the ports are available from your client, you can use the jmx connection on the jmxremote.port port.
I'm using AWS Fargate as my container platform. My container base image is openjdk:8-alpine and the application is a spring-boot app. I'm attempting to use JavaMailSender to send emails over a vpn tunnel to our internal SMTP server on port 25. This works while testing the container locally, using the same SMTP server.
I've mainly used this guide https://www.baeldung.com/spring-email for the email functionality in my spring boot app.
If I add the following commands to the docker entrypoint I test hostname resolving and telnet connection. The host and dig commands always work. Sometimes telnet works and other times it will timeout, causing a re-deployment of the container. When sending emails I see the same behavior. Some emails will send while others fail due to a timeout connecting to the SMTP server.
## Dockerfile
FROM openjdk:8-alpine
COPY core/target/app.jar /app/app.jar
WORKDIR /app
CMD CMD host $my_smtp_server \
&& dig $my_smtp_server \
&& telnet $my_smtp_server 25 \
&& java -jar $app.jar
EXPOSE 8080 25
## application.properties
# Mail config
#------------
spring.mail.default-encoding=UTF-8
spring.mail.host=$my_smtp_server
spring.mail.port=25
spring.mail.protocol=smtp
spring.mail.properties.mail.smtp.starttls.enable=false
spring.mail.properties.mail.smtp.starttls.required=false
spring.mail.properties.mail.smtp.auth=false
spring.mail.properties.mail.smtp.connectiontimeout=5000
spring.mail.properties.mail.smtp.timeout=5000
spring.mail.properties.mail.smtp.writetimeout=5000
#------------
Emails should send every time I invoke the function in my application.
I need to debug my app remotely, but I unable to do that, due to the following error:
Unable to open debugger port (X.X.X.X:8000): java.net.ConnectException "Connection timed out: connect"
I have:
Java app running in Tomcat on a remote server (Debian)
IntelliJ Idea running locally (Windows)
I came to the conclusion that cause of problem is that port 8000, used for remote debugging, is inaccessible via external ip, only via 'localhost'. Following are causes, why I think so:
A remote debug is working on an expected port:
root#victor-app-server:/opt/tomcat-home/bin# netstat -tulpn | grep 8000
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 3773/java
I able to telnet to it via 'localhost':
root#victor-app-server:/opt/tomcat-home/bin# telnet localhost 8000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
But unable to telnet via external ip:
root#victor-app-server:/opt/tomcat-home/bin# telnet X.X.X.X 8000
Trying X.X.X.X...
telnet: Unable to connect to remote host: Connection timed out
Here is output of iptables:
root#victor-app-server:/opt/tomcat-home/bin# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
How can I fix this issue with 8000 port? Or maybe there is other cause to my main problem?
This is the command that did the trick for me:
sudo ufw allow <debug_port>
I had a same problem via Java 11 and address property such as these JVM arguments:
-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=6565
However my problem is solved by change value of address property like this sample:
-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=*:6565
Now 6565 port is accessible externally.
Try "iptables -F" which unblocks the firewalls