> -----Original Message-----
> From: Konstantin Preißer [mailto:kpreis...@apache.org]
> Sent: Wednesday, January 22, 2014 8:03 AM
> To: 'Tomcat Users List'
> Subject: [OT] RE: Cannot connect from outside using Tomcat 7/APR/SSL on
> AWS Windows system
>
> Hi Jeffrey,
>
> > -----Original Message-----
> > From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> > Sent: Tuesday, January 21, 2014 10:19 PM
>
> > Eureka, I finally figured it out!
> > It was a real eureka moment, some remembrance burned its way up from
> > my subconscious and I had the answer.
> > Ready guys? Really surprised no one mentioned it.
> > It was Windows F-ing Firewall!!!!!
>
> Good to hear that you could find and solve the problem.
>
> (Off topic:)
>
> > I HATE WINDOWS!!!!!!
>
> What I can't quite understand is, how one can "hate" Windows or its "F-
> ing" firewall, if they just do what they were configured to do...
> ;-)
>
> When setting up the Windows Firewall, I normally only create rules for
> specific (TCP) ports, not for specific executables, so that the
> firewall allows connections to a TCP port regardless of what the name
> or path of the executable is.
>
Well, I wouldn't run Windows at all, except my backup "staff"
doesn’t/can't/won't understand Linux.
That said, this is the only setup that I actually run the Windows software
firewall (or Linux's iptables for that matter), because I don't really trust
the Amazon security infrastructure on its own. All my own servers sit behind a
firewall appliance that I know and trust and can monitor, and I generally can
trust those persons who have internal access.
The reason I did this as executables instead of just opening a set of ports
(80,443), is that I wanted to be sure I caught any ports the executable might
need in addition to the one's I know about directly. Plus, I like to run JMX
for monitoring, and have several instances, each with their own JMX port set.
So it's either do it by executable, or adding/updating a JMX rule each time I
add a new instance, and likely run into this "why won't it work" problem all
over again.
Sort of a preference thingy I guess.
