I am running Apache ActiveMQ 5.5 on CentOS 5.5.
I have searched the ActiveMQ website, source code, configuration files, and I cannot find any reference to this port. Yet, when I start the broker, this is one of three TCP ports listened to by the JVM.
Does anyone know what port 64119 is used for by Apache ActiveMQ?
I have tried with ActiveMQ 5.4.2 on Ubuntu. It listens on:
61616 - broker protocol
8161 - web admin
39271 - JMX remote port
Server is not listening on any other ports.
EDIT: I checked with 5.5.0 and also restarted the broker (both 5.4.2 and 5.5.0) several times. JMX port is always different, looks like it's being randomized. I bet your 64119 changes over time as well.
To make it clear, connect to ActiveMQ broker with jvisualvm, you should see an open connection from jvisualvm to ActiveMQ process on this port (I can see it with lsof).
Related
I am trying to connect to a JMX port that I have defined to be 1099 (as is the default) on my Java application (Java 8 and with Spring Boot 1.4 and Tomcat) using a client such as JConsole, Java Mission Control, or Java VisualVM, but I am reaching an error:
java.rmi.ConnectException: Connection refused to host: 10.xxx.xxx.xx, nested exception is:
java.net.ConnectException: Connection timed out
...
Note that I hid the exact host IP, but it is the pod IP of the particular Kubernetes-managed Docker container that my service is deployed in. I try to connect to the JMX port using the following service URL:
jconsole service:jmx:rmi://<nodeIP>:<nodePort>/jndi/rmi://<nodeIP>:<nodePort>/jmxrmi
I know that JMX opens a random high port, and I have tried to resolve that by including a custom #Configuration class that forces that high port to also serve on port 1099. I have gone into the actual container and pod and ran
netstat -tulpn
to see the ports that are opened, and I have confirmed that the only ports opened are 8443 (which my application is running on) and 1099 (the JMX port); this indicates that my class works. I also ensured that port 1099 is open on the Kubernetes side, so that is not what is blocking it.
As many answers surrounding a JMX remote connection have suggested, I have tried many variations of the following Java options to no avail:
-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.jmi.port=1099 -Djava.rmi.server.hostname=0.0.0.0
The answers have suggested forcing the JMX port and the RMI registry port to be the same, but none of these have worked.
I believe the issue may be because the hostname (as I tried to make dynamic with -Djava.rmi.server.hostname=0.0.0.0) can not resolve to the different hostnames (pod IPs) that are created every time my service is deployed.
Thus, it looks like the connection cannot complete because JMX is unable to see what hostname Kubernetes is assigning after my service is deployed.
Is there a way for JMX to recognize the Kubernetes hostname? Or, is there some other way to connect remotely to a JMX port through a Kubernetes-deployed service?
EDIT 1: I have done some additional research, and maybe an optional JMXMP instead of RMI may work? Has anyone gotten this working with Tomcat?
The, jmx remote connection is a pain to work with, proxying it is impossible from my view. I had similar problems and in the end I just used jolokia to connect.
Jolokia is a JMX-HTTP bridge giving an alternative to JSR-160 connectors. It is an agent based approach with support for many platforms. In addition to basic JMX operations it enhances JMX remoting with unique features like bulk requests and fine grained security policies. -> http://jolokia.org
I'm trying to open a TCP connection from cloudfoundry application.
As I came to know that Cloudroundtry doesn't support TCP ports yet.
However in the documentation here https://docs.cloudfoundry.org/devguide/deploy-apps/prepare-to-deploy.html#ports
It says under Port Limitations
The default cf-release manifest assigns port 4443 for TCP/WebSocket communications.
Does this mean that I can open TCP connection on port 4443, I have tried running a ServerSocket on 4443, however this port is not accessible from outside cloudfoundry machine.
I'm aware of the long polling, WebSocket and Servlet 3.1 non blocking full duplex method. However I don't want to implement these if I can simply use port 4443 for direct TCP connections.
Please confirm if it's possible to use this port for TCP connections, if not then what does the documentation above mean ?
The documentation above is stating that, by default, port 4443 is used as a WebSocket port to be forwarded to the Cloud Foundry router. This port is not what your application would listen on, but is the external port a client would connect to, e.g. run.pivotal.io:4443. This means that you cannot have a direct TCP connection to your app using it, since the router expects an HTTP request upgrade.
There has been ongoing work to enable TCP routing on Cloud Foundry, and the functionality should start to become available on certain Cloud Foundry installations in the near future. More information can be found on our github repo: https://github.com/cloudfoundry-incubator/routing-release.
We are facing the problem that our Java EJB3 client is behind a firewall that allows only outgoing traffic to port 80. The client communicates with a Glassfish server for EJB calls and JMS messages. Therefore we have to somehow direct all traffic (IIOP & JMS) through this one single port. Does anybody know how to do this?
We are using Glassfish 4.1 as a server. I have heard of JProxy but that seems to be inactive by now.
We could theoretically use SSH port forwarding but that would bypass the Glassfish authentication.
Hi from the server's side (even though your problem is the client) you can change the IIOP port either by the admin console or editing your domain.xml .
<iiop-service>
<orb use-thread-pool-ids="thread-pool-1"></orb>
<iiop-listener address="0.0.0.0" port="3700" lazy-init="true" id="orb-listener-1"></iiop-listener>
<iiop-listener address="0.0.0.0" port="3820" id="SSL" security-enabled="true">
<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as"></ssl>
</iiop-listener>
The thing is that you need to pass through the IIOP traffic to port 80 and then hit the actual remote server. I think you need to check your options on creating an SSL tunnel, see here
I'm trying to setup a Solaris KSSL proxy (http://www.c0t0d0s0.org/archives/5575-Less-known-Solaris-Features-kssl.html) as a frontend to a Jetty web server.
I'm able to make KSSL work with Apache web server so that KSSL redirects all incoming SSL traffic from port 443 into an Apache web server listening on port 28080.
However the same configuration does not work when Jetty is listening on port 28080. I verified that the KSSL requests does not even reach Jetty or at least I cannot see them in the access log. Furthermore even if I set a simple Java class which just listens on a server socket, KSSL cannot redirect requests to it.
My question is what are the pre-requisites from a web server in order to be able to get requests from KSSL ?
Best regards,
Lior
There are 2 very common gotchas when working with kssl.
The first is that the apache listening IP has to be the same
as your ksslcfg command. So if you have Listen 123.123.123.123:28080 in
the httpd.conf file, then you must use a ksslcfg command with the same IP.
You cannot have it listening on ANY (*) and then list an IP in ksslcfg,
or listen on an IP and leave out the IP on ksslcfg. Whatever netstat shows
is listening on port 28080 must match the IP used in ksslcfg
(or don't use the IP it is listening on *)
The second is that you must do the operations in this order:
ksslcfg
restart apache
It doesn't not work if ksslcfg is run without restarting apache afterward.
I've seen many people on the web testing with something like
localhost in their ksslcfg command. It won't work unless you also
had localhost as the Listen IP in the apache configuration.
I started a Grails app listening to the default port 8080, as well as running grails as root to listen at port 80:
#grails -Dserver.port=80 run-app
This works perfectly well on localhost, but when I access it from an external IP address, it just fails to work. Just to be sure, I have Apache running on the same server and I can access it perfectly fine over the Internet.
Is there some configuration option I am missing here to ask Grails to listen on all IP addresses?
I even tried this but to no avail:
#grails -Dserver.host=0.0.0.0 -Dserver.port=80 run-app
I am using Grails 1.4.0M1 on Ubuntu 10.04 on an EC2 instance.
Thanks in advance.
Hanxue
If you really want to run it with run-app, the enter your servers IP address in your command-line, like this:
#grails -Dserver.host=xx.xx.xx.xx -Dserver.port=80 run-app
But you will probably find that you get a conflict with your Apache server running on the same IP.
I think you should look into using mod_proxy and mod_proxy_apj to "hide" your grails server beghind your Apache server
As cjstehno noted, in production you should run the app as a war deployed to an AppServer (Tomcat, TCServer, etc) And ideally have that running behind a WebServer (Apache) to route traffic.
See --> http://grails.org/doc/latest/guide/17.%20Deployment.html
if you are on ec2, make sure that the firewall has port 80 opened up to the world (or whatever ip you are connecting from). this is not the default and trips up many first time users of ec2.