I really need your help. I read that the wsdl for a jax-ws webservice will be generated on the fly for every request. By this, the addresses like the soap endpoint will be adjusted to the request url.
In my case it, no matter wheather internal or external request, the addresses are always refered to localhost:8080.
Does sb have a clue how can I handle this issue?
Thanks in advance
Maybe I haven't described my problem very well.
I have a ws created with jax-ws
Its deployed on a tomcat server 5.5.17
Access with local ip works fine http://192.168.1.20:8070/mywebservice?wsdl
Access with external ip doesn't work resp. the ws "engine" rewrites the url by using the local ip and not the external one
external.domain.de:8070/mywebservice?wsdl
For external.domain all urls in the wsdl are rewritten to the local ip
To the xsdschemaLocation and the soap:address location
Could the proxy server the problem? Request through the proxy makes the webservice think that it is an local access and not a external.
How can I prevent this behaviour on server side?Changes in web.xml or sun.jax (Changes on client side are regrettably not possible)
This is a classic problem when accessing web-services thru external proxies.
For this to work properly, you have to do the following
1) Add another HTTP connector in your Tomcat's server.xml. Say on port 8071, just copy the 8080 Connector Dfn. and set the port to 8071.
2) And in that Connector's defn. you have to add the external IP and Port as proxyHost and proxyPort.
i.e. your server.xml should contain one more Connector entry some thing like this
<Connector port="8071" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
proxyHost="external.domain.de" proxyPort="8070" />
And make sure that Connections to external.domain.de on port 8070, get forwarded to 192.168.1.20 and port 8071, instead of 8070.
I told you to setup a new connector, assuming you would want to access the WS internally as well as externally. That way the internal port connector on 8070, does not use proxyhost and change the hostname for internal requests, but any requests coming from external sources via external.domain.de on port 8071 , will get the external.domain.de as hostname and 8070 as port.
If your WS is going to be accessed only from external clients, then you don't really need 2 connectors, just add the proxyHost and proxyPort directives to the 8070 connector and you're done.
But be warned, that even internal requests, will now see the hostname as external.domain.de.
More info # https://tomcat.apache.org/tomcat-5.5-doc/config/http.html#Proxy_Support
Related
I have a JHipster monolithic application (Angular + Java SpringBoot + Tomcat container, everything together) deployed successfully in a EC2. I could set the security groups in order to enable 8443 incoming requests to the Public DNS and I am able to access it from any browser.
After that, I've requested a public certificate from Amazon for a domain I've already acquired with Route53.
So the idea was to use 443 instead of 8443, and the real domain (instead the Public DNS provided by AWS), so in effect I've created a ELB (all in the same VPC, security group and hosted zone). This ELB is listening in 443 and has a redirect to 8443 as default action.
But.. ERR_CONNECTION_REFUSED is what the browser shows..
It is important to mention that since AWS does not allow us to download the certificate (at least I don't see any option for that in the console) in the JDK of the EC2 where the app runs I've installed a custom certificate (generated with keytools) in order to apply it in Tomcat to listening the already mentioned 8443 port.
I also tried running in 8080 instead of 8443 (and of course updating the security groups) but no change..
Could you give me a clue about what I'm missing? So far the unique way I see is to create a new EC2 with a NGINX to act as a reverse proxy (with a rewrite policy maybe) behind the ELB, but I prefer to avoid additional complexity unless absolutely needed.
Additional data:
Tomcat server configuration:
server:
port: 8443
server.ssl.key-store: keystore.p12
server.ssl.key-store-password: thePassword
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: theKeyAlias
Security group inbound rules:
Custom TCP 8443 with 172.31.0.0/16 (the same range of the ELB)
HTTPS TCP 443 with 0.0.0.0/0 and ::/0
Also the AWS Certificate is enabled and already issued (CNAME record set was created in Route53)
**UPDATE 1 - 04 February 2019 22:21 (GMT-3) **
Guys, I finally decided to have a NGINX behind the ELB. Also I've realized that communication between NGINX and App Server could be HTTP, therefore my app is gonna listen in port 8080, simplifying a bit the scheme. I've realized also that I need only one certificate in order to have the "browser padlock" and encrypted all traffic between clients and ELB, so no matter if it is not possible to download it (it is not needed to install also in NGINX nor App. Server).
At the Apache level you should add a listener on port 443 which would proxy pass the requests on port 8443. This will make sure that all incoming requests on port 443 of the domain will be passed to the application running on port 8443 of the server
listen 443;
location /{
proxy_pass http://127.0.0.1:8443;
}
Finally issue RESOLVED I could make work fine the NGINX and also I had to change another things:
I've passed from an Application Load Balancer to a Classic Load Balancer. The final scheme is like I've explained in the UPDATE of this topic, I mean:
User connects via HTTP or HTTPS through Classic LB and then it goes to EC2 NGINX listening on port 80.
Then from NGINX to WebApp I've used a proxy_pass in this way:
location / {
proxy_pass http://172.x.y.z:8080;
}
And finally an HTTP forward in NGINX to use HTTPS exclusively:
proxy_set_header X-Forwarded-Proto $scheme;
if ( $http_x_forwarded_proto != 'https' )
{
return 301 https://$host$request_uri;
}
Lijo Abraham, your answer helped me to have a clear direction and this post shows the exactly solution applied (thats why I will green tick this post).
Many thanks and regards.
**UPDATE 1 - 10 February 2019 17:21 (GMT-3) ** Finally I've remade all again using Application ELB this time instead of Classic ELB (the latter deprecated) and everything works as expected, don't know why in the beginning ELB Classic didn't work (probably some error in security groups rules configuration or something kind of that).
I have a remote server, and its default port is 8080, but you know the browser default use 80 port to access it, so can not access my tomcat.
How to configure it to access the tomcat's 8080 port?
It is under the windows.
If I use www.example.com:8080 in the browser I can access the server, but if I use www.example.com I can not access it.
EDIT
I use Tomcat + IIS (Server Consolidation), IIS occupy the 80 port.
You cannot access the URL on http://www.example.com because the browser will try to make a TCP connection on port 80 while tomcat is listening to post 8080.
If you want to change the port tomcat is listening to, see this question
Another option is to use a proxy in front of your tomcat server. You can use apache web server or Nginx. They can listen to port 80 and forward your request to the tomcat server on port 8080.
Update
As mentioned in the comments below, as the post80 is already taken, adding reverse proxy cannot help. Because the reverse proxy will not be able to listen to port 80.
It is recommended to see which process is using port 80 and then a proper solution can be implemented.
Update
As IIS is listening on port 80, it is recommended to configure IIS to act as the reverse proxy.
You can follow this link to do so.
You can change tomcat connector port number.
Navigate to /tomcat-root/conf folder. Within you will find the server.xml file.
Open the server.xml and search for connector port and change it.
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
I have hosted my spring application in tomcat 7 server .tomcat 7 server that is installed in our own server.our server ip address already map with domain.for now how to map a domain for my spring application. for now i am accessing url like
http:ipaddress:100/appname
If you run your application on port 80 then automatically using your domain you can access your application.
Eg. Your IP: 172.26.87.133
Domain: www.xyz.com
Port:80
Now you can access your application by www.xyz.com/index
Spring is domain agnostic in this case and all configuration are at the tomcat level. This should work out of the box by default, but as I see that you are using port 100, so I assume that someone already played with the configurations.
Note that if you are using Linux OS using port under 1023 maybe an issue look here.
By default tomcat assign the http connector to all IP addresses associated with the server. As your server ip address already map with domain I would expect it to just work. See How do you configure tomcat to bind to a single ip address (localhost) instead of all addresses?
If you are having an issue you should look at your tomcat server.xml file under $CATALINA_BASE/conf
Look for the connector element associated with your port (100) should look similar,if you are using catalina.properties look for bio.http.port.
<Connector acceptCount="100"
connectionTimeout="20000"
executor="tomcatThreadPool"
maxKeepAliveRequests="15"
port="${bio.http.port}"
**address="something-here"**
protocol="org.apache.coyote.http11.Http11Protocol"
redirectPort="${bio.https.port}"/>
If you find the optional address attribute you can comment it out and it should work (assuming you solved linux configurations issue, if exits).
If you what to be more specific (for example from security reason when you have more then one interface) you can specify the IP or domain name here.
See the tomcat documentation for the address attributre here.
I have freshly installed apache-tomcat-7.0.62 on server. It starts without any error but i am unable to access it using : -
http://IP:8080/
here IP is ip address of server.
I have also run following command : -
here is the screenshot
Thanks
Find the server.xml located under confs folder of the catalina(tomcat).
Find out Connector tag which each one indicates for one connector isntance.
If the connector comes with no address attribute(as default), so tomcat will listen for all addresses. If it has address attribute, so just remove it out, or either have another Connector to listen for the related ipv4 address.
<Connector ... address="ip_v4_addr"/>
Check tomcat spec for Connectors here.
Next make sure the port is open and allowed to be invoked by any firewall, also make sure the ip-address is valid(public and reachable), and ISP doesn't block it.
Default port for tomcat(HTTP) is 8080 and 8443 for HTTPS, maybe your ISP doesn't let you workout with non-std ports, or the firewall issue.
I have tomcat installed on my local machine. I see it in server.xml where I have below entry
<Connector executor="tomcatThreadPool"
port="${http.port}"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="${https.port}"
acceptCount="100"
maxKeepAliveRequests="15"/>
where http.port value in catalina.properties is 8080 .
But every time I try to access my application it url http://localhost/myApp I get error
could not connect to localhost but it works fine http://localhost:8080/myApp. I am not getting why it expects
the port 8080 when it is already a default port? What should I do so that I do not have to mention port?
When you write http://localhost/myApp on the Address Bar of your Browser, the request always goes to Port 80, and not Port 8080. So the default is Port 80 here. For http://localhost/myApp to work you need to install something like Apache HTTP Server.
Then you can configure it with the help of a connector like mod_jk or mod_proxy to use http://localhost/myAppi, instead of http://localhost:8080/myApp. So that what ever request comes on Port 80 can be diverted to Port 8080 automatically.
Once you will download mod_jk, simply extract the file mod_jk.so to the modules folder of your Apache HTTP Server.
Hopefully the steps written here How to Configure Apache HTTP Server with Apache Tomcat, might help you in doing that.
On a Windows platform all you have to do is changing the port number in server.xml from 8080 to 80 and you are done.
The above is not true for Unix/Linux environments. Changing the port number might work on Windows but i think it might be slightly tricky on Unix/Solaris.
Under UNIX all ports <1024 are "privileged" ports. Only root may open a privileged port. It is still possible but keep in mind that it is not as simple as changing the port number when on Unix.
There are a number of workarounds for this.
http://raibledesigns.com/rd/entry/how_to_run_tomcat_on
http://mihail.stoynov.com/2011/04/04/howto-start-tomcat-on-port-80-without-root-privileges/
http://java-notes.com/
http://www.klawitter.de/tomcat80.html