-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Marcin,
On 9/18/13 8:58 AM, Marcin Domański wrote: > 2013/9/12 <users-digest-h...@tomcat.apache.org> >> On 9/11/13 2:29 PM, Marcin Domański wrote: >>> Hi there! I am trying to setup a Tomcat instance using only >>> specific address for all communications. This is convenient for >>> us from the point of IPsec. I was able to succeed in http, >>> https, ajp, etc. but for JMX I still cannot get it right. For >>> this example, let's assume, my desired address is 127.2.0.1. >>> Currently my configuration is as follows: >>> >>> - <Listener >>> className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" >>> >>> rmiRegistryPortPlatform="9012" rmiServerPortPlatform="9013" >>> useLocalPorts="true" /> >>> >>> >>> Which allows to connect to the server at >>> "service:jmx:rmi:///jndi/rmi:// 127.2.0.1:9012/jmxrmi but also >>> localhost (means I cannot run second instance with different >>> IP) >> >> Hmm. I would have expected "useLocalPorts" to bind only to >> 127.0.0.1 (i.e. localhost). What does netstat tell you under this >> configuration? > > I see open ports to 127.2.0.1:9012 whenever I have rmiBindAddress > set and applied patch in JmxRemoteLifecycleListener to use > rmiBindAddress instead of localhost around line 304, otherwise I > get exception whenever I use rmiBindAddress=127.2.0.1 and no ports > are open. What patch did you apply? > Netstat with patch and rmiBindAddress=127.0.2.1 and > useLocalPorts=false: TCP 127.0.2.1:9012 XXX:0 > LISTENING TCP 127.0.2.1:9013 XXX:0 > LISTENING > > Netstat with patch and rmiBindAddress=127.0.2.1 and > useLocalPorts=true: > > TCP 127.0.2.1:9012 XXX:0 LISTENING TCP > 127.0.2.1:9013 XXX:0 LISTENING That certainly looks like useLocalPorts is not doing anything in your configuration. I suppose it depends upon whatever patch you applied. I don't think you should require a patch... just don't use useLocalPorts=true and let rmiBindAddresss do its job. Isn't the above what you wanted? To bind on the VPN interface? > Seems that it connects differently because I see it using localhost > for connections to port 9013 and 127.0.2.1 for 9012 (remote > address in netstat) The above look identical to me (both ports are are for 127.0.2.1). Am I missing something? >>> On Windows machine I get a network error basically saying there >>> is no server configured at localhost in >>> JmxRemoteLifecycleListener:304. >> >> You get this on startup? Post the full stack trace, please. >> > > Yes, it is a startup of Tomcat itself, not my J2EE application. You > can try it yourself. Stack is as follows: > > java.io.IOException: Cannot bind to URL > [rmi://localhost:9012/jmxrmi]: > javax.naming.ServiceUnavailableException [Root exception is > java.rmi.ConnectException: Connection refused to host: localhost; > nested exception is: java.net.ConnectException: Connection refused: > connect] I think it's important for you to tell us what your patch does. Nobody knows what you've done in there. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSOesRAAoJEBzwKT+lPKRY6BMQALWgjldYM/1JGZ0Vhs5ge5bz rV90oDZb8k+iLPQIU2X1Rf7/znWz8DauAFvAwS5ghvgljdKBtZuoA6VDVZIzb+BV eERg8Cbe07XY38Jw65chW5YKdxxy2+bMPdAvb5xkO3LjTTJfIkB5ZL8EigvTTaKY zlrk2SreRzSyZiYNvqSjKoUpRMfnVL4EhvXwDauXFSnLnINE4T0CTwJ5lm0Wy3lS 5SDFuAZKRHQ6phEPnRxy0b0CekW3Pucw7m+um/07P2yI3ygkSGRH1hgZPIudDH2E 98I2ei5HdRtgNEMYUbPqpSioaz309nQjb6cVmjnfdInLN0TApw9QTbQG3Yryg8Kx YSwaiMwid2TCvj+KNine4pvmRZ9ddFyslpBO7aqVR/G4Voqgg+ToxRbkqH3pdBqy 32qv3/gLJA7Mame9+0j/X9/+MbsyJqnuHcW+290ERXe5C2gXUXxnWhuLRBqRkKyl +Kr5zh6X5fgO7OX884PjXtvvpZfibGJO66OFTNZDMma02mCjJDnWuNX37I+FXMva PhLqpv7kgB5KbtwG+kliyyxRY9ygfQ/xDudL6d5WCxVjzq7OOxbr+lwxvEHKYfb6 Rz8JVPcgfqmuJ7QshT7vCkUOlGgTsJGxNnXC2n2KgdqeJhhO8TrDgG+QXtChR4SW DaE8PEM0m/u3XpKsUoBs =a8eK -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
