>
> Don't the Tomcat logs say anything helpful ?
Actually, yes...
SEVERE: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler start
failed: java.net.BindException: *Permission denied:80*
at org.apache.catalina.connector.Connector.start(Connector.java:1097)
at
org.apache.catalina.core.StandardService.start(StandardService.java:457)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Dec 11, 2009 5:21:20 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 643 ms
I'm approaching my wits end with this project.
*server.xml*:
<?xml version="1.0" encoding="UTF-8"?>
<Server>
<Listener className="org.apache.catalina.core.AprLifecycleListener"/>
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener
className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"/>
<GlobalNamingResources>
<Environment
name="simpleValue"
type="java.lang.Integer"
value="30"/>
<Resource
auth="Container"
description="User database that can be updated and saved"
name="UserDatabase"
type="org.apache.catalina.UserDatabase"
pathname="conf/tomcat-users.xml"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"/>
</GlobalNamingResources>
<Service
name="Catalina">
<Connector
port="80"
redirectPort="443"
minSpareThreads="25"
connectionTimeout="20000"
maxSpareThreads="75"
maxThreads="150">
</Connector>
<Connector
port="443"
scheme="https"
secure="true"
keystoreFile="/my/keystore"
keystorePass="mysecretpassword"
SSLEnabled="true"
sslProtocol="TLS"
maxSpareThreads="75"
maxThreads="150"
minSpareThreads="25"
clientAuth="false">
</Connector>
<Engine
defaultHost="localhost"
name="Catalina">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"/>
<Host
appBase="webapps"
name="localhost">
</Host>
</Engine>
</Service>
</Server>
*Scanning ports from a different system:*
[Linux]:~$ nmap -p80,443,8080,8443 my.domain.org
Starting Nmap 4.62 ( http://nmap.org ) at 2009-12-12 12:15 EST
Interesting ports on my.domain.org (1.1.1.1):
PORT STATE SERVICE
80/tcp open http
443/tcp open https
8080/tcp closed http-proxy
8443/tcp closed https-alt
Nmap done: 1 IP address (1 host up) scanned in 0.071 seconds
*Iptables -L*
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:webcache
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:pcsync-https
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ddi-tcp-1
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
*netstat -tln
*
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 0.0.0.0:3306 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:6011 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:892 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:7006 0.0.0.0:*
LISTEN
tcp 0 0 ::ffff:127.0.0.1:8005 :::*
LISTEN
tcp 0 0 :::80 :::*
LISTEN
tcp 0 0 :::22 :::*
LISTEN
tcp 0 0 ::1:6011 :::*
LISTEN
tcp 0 0 :::443 :::*
LISTEN
tcp 0 0 :::7006 :::*
LISTEN
*iptables*
[Linux]# more /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8888 -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
If I shut down apache httpd service, ports 80 and 443 are not open, despite
the server.xml file saying otherwise.
I'm at my wits end with this. Any pointers or links to documentation to
help figure this out is greatly appreciated.
