Application is accessible over tomcat http port.
Application when accessed from web server(Apache http server) gives bad gateway error.
worker.properties(apache http server) & server.xml(tomcat) are tuned well. Socket/connection timeout is 20 sec on both sides.
Jk.log shows below error.
enter image description here
The error says tomcat is not accepting any connections. But how come at the same time, application is accessible over http.
On tomcat side I dont see any errors in the log.
You use different ports for HTTP connection (default is 8080) and for AJP connection (default is 8009). You can check exact values in conf/server.xml.
Your error indicates that there are some problems between httpd and client (firewall, slow connection etc.). Try to remove timeouts, like worker.ajp13.socket_timeout=3. (https://tomcat.apache.org/connectors-doc/common_howto/timeouts.html)
Make sure that ports are not blocked by possible firewalls. For Ubuntu, UFW (Uncomplicated Firewall) could be used to open AJP connections: ufw enable && ufw allow 8009.
Related
Web Server: Apache Tomcat 8.5
Operating System: Windows Server 2012 R2
Port: 9721
We are running a Web server on our internal network and have about 8500 kiosks connecting through our VPN to a Java servlet that is running on this port: <Server IP Address>:9721
This Web server was set up by a former employee and we are not sure how it was originally configured.
We noticed recently that about 25% of the connection attempts are being refused (Connection Refused error). We found this information by monitoring Port 9721 using PRTG and this monitoring tool is reporting that this port is refusing connections on multiple occasions within each hour throughout the day. I have not been able to find a pattern to the refused connections...it appears to be intermittent.
Our network administrator says it is not a firewall issue, but I have not ruled out this possibility. We have tried to review the "maxconnections" setting in the Tomcat server.xml configuration file, but cannot find the "maxconnections" attribute included in that configuration file. We do not have the Tomcat Manager Application installed on this server that I can find.
How do I troubleshoot and resolve this port connection issue?
I'm a newbie to Spring Boot. I have a REST API application written in Spring Boot. When I execute my Spring Boot JAR, everything is okay and I can access the REST API with the localhost address instead of the actual one:
http://localhost:8083/articles
But when I try to access the REST API by my external IP address, I can't do it:
http://100.90.80.70:8083/articles
netstat -antu command in the Linux terminal gives me the following output:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp6 0 0 :::8083 :::* LISTEN
As I understand, my app is accessible only in localhost, because it hasn't a foreign address.
My application.properties file has only this line:
server.port=8083
Also, when I try to add a server.address line to application.properties like that:
server.address=100.90.80.70
server.port=8083
I have the following Exception: Caused by: java.net.BindException: Cannot assign requested address.
So my question is: how to make Spring Boot application accessible by external IP address of the server? Thank you.
As #Mark said, the problem is in the firewall. I have opened 8083 port in the firewall settings and now I can access my REST API app by the external IP address:
http://100.90.80.70:8083/articles
Linux command to check firewall status:
sudo ufw status verbose
Open 8083 port for remote access by TCP protocol:
sudo ufw allow 8083/tcp
More settings here: https://www.cyberciti.biz/faq/how-to-open-firewall-port-on-ubuntu-linux-12-04-14-04-lts/
I fixed the same by configuring port forwarding on my router, to allow traffic from public ip
In my OpenStack environment, after much debugging, the solution was to create a new Security Group Rule, which looks like this:
Security Group Rule.
Note that my Spring Boot application was deployed on port 8080.
I also noticed that on ubuntu18 the firewall is disabled by default. It did not cause any problems.
IIS is redirecting to Tomcat but SSL is not occurring, basically web page opens but AD user is not "captured" in the process.
Application triggers - "User not Informed" error which is a designed error when AD account is not registered in the system. In our tests users are registered so I can conclude windows authentication does not occurs correctly
I get browser error:
Generic Connector Communication Error:
Please check and adjust your setup:
Ensure that Tomcat is running on given host and port.
If this is a timeout error consider adjusting IIS timeout by changing executionTimeout attribute in web.config (see manual).
connection between Tomcat and IIS experienced error. Please check logat BonCodeAJP13.BonCodeAJP13ServerConnection.p_CreateConnection(BonCodeAJP13PacketCollection packetsToSend)
at BonCodeIIS.BonCodeCallHandler.ProcessRequest(HttpContext context)
Are there any extra settings should I run in IIS or some IIS logs I could check to confirm which AD user is actually accessing tomcat?
Important notes:
IIS8 (Windows SErver 2012) / apache-tomcat-7.0.64 / jdk-7u79-windows-x64
Tomcat service is impersonating (log on as) an AD service account which connects to a SQL 2012 database. Connection to the database occurs through Microsoft JDBC driver.
Only IIS root has a web.config file, application itself does not.
Anonymous + Windows Authentication (Kerberos) are enabled in IIS.
Please let me know of any other relevant information should I provide to help on this troubleshooting.
Thank you so much for all help!
BR
I was able to figure out the problem and fix it.
It was a misconfiguration on Tomcat server.xml "Connector" settings, Added up tomcatauthentication-"false" and now it works flawless.
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false"/>
Running a grails application with grails 2.4, i specify the server port and https ports (9191 and 9192, respectively) in a run-app command:
grails -Dgrails.env=dev -Dgrails.server.port.http=9191 -Dgrails.server.port.https=9192 run-app -https
which gets the server up and running. I can go to the http port just fine, but when i access the https port, i get the following message and then the browser shows a "could not connect" page:
| Server running. Browse to http://localhost:9191/inventory or https://localhost:9192/inventory
14:35:58,091 DEBUG [DefaultListableBeanFactory:128] {localhost-startStop-2} Returning cached instance of singleton bean 'grailsApplication'
14:35:58,092 INFO [GrailsWebApplicationContext:152] {localhost-startStop-2} Closing org.codehaus.groovy.grails.commons.spring.GrailsWebApplicationContext#26a2bd15: startup date [Mon Aug 24 14:35:17 PDT 2015]; parent: Root WebApplicationContext
It looks like going to this non-default port is closing my application! when i don't specify the port, and the default of 8443 is used, the application works fine. I've upgraded this app from a grails 1.3.7 version and never had this issue, now i can only use 8443 as my port, which doesn't work as we have multiple services on this machine requiring HTTPS.
When not running in "production" mode, whatever the port is for http, if you add one and make a request to that URL, it will stop your application. This is used for killing forked grails processes during development.
Just put a gap between your above ports you should be good to go.
I have a servlet based application running on tomcat(7.0.53), oracle jvm (1.7.x) and CentOS(6.5).
There is a script that peridically "sainity checks" the application by issuing GET request to it (every 10sec).
I am encountering the following issue:
When under normal (moderate) load (~4k parallel connections), some of the sanity checks fail with connect timeout (approximately every 10th to 20th request fails).
The connection timeout configured on the client is 120s.
This is happning ONLY when connecting to 127.0.0.1 (loopback), connecting to <IP> of the real lan interface (eth0) does not have this issue*.
So:
curl <args> http://127.0.0.1:<port> fails,
curl <args> http://1.2.3.4:<port> does not fail.
Running tcpdump show that the server side does not send back SYN-ACK in the failed cases.
Note: Out of curiosity, I disabled IPv6 support (net.ipv6.conf.all.disable_ipv6 = 1) and the issue dissapeared.
Before, IPv6 is not used, but IPv6 for the loopback (lo) interface was initialized and the application was bound to all available interfaces (127.0.0.1, ::1 and <IP>).
On the eth interface IPv6 was not initialized at all.
What are the possilbe reasons for this kind of behaviour?
Any ideas for furthure troubleshooting this issue?