subject:"Secure connection \- only ipv6 listener at port 8443"

Re: Secure connection - only ipv6 listener at port 8443

2024-01-08 Thread Christoph Kukulies

Ubuntu 22.04.3
Thanks. Output is indeed "0". So it listens to both protocol versions. Will 
stick with this of course :)

--
Christoph


> Am 08.01.2024 um 11:15 schrieb EML :
> 
> Run this command (I'm assuming you're on Linux):
> 
>  $ cat /proc/sys/net/ipv6/bindv6only
> 
> The default output is 0 on Linux (the Windows equivalent is apparently 1). 0 
> means that an IPv6 socket will connect to *both* IPv6 and IPv4  (look up 
> IPV6_V6ONLY).
> 
> You can force Java to listen to IPv4 only, with something like 
> 'Environment="JAVA_OPTS_APPEND=-Djava.net.preferIPv4Stack=true', but you 
> probably don't want to do this.
> 
> On 08/01/2024 09:40, Christoph Kukulies wrote:
>> Hi,
>> 
>> I'm trying to connect to a tomcat9 server for which I made an entry in 
>> server.xml:
>> 
>>  >maxThreads="150" SSLEnabled="true" >
>>   
>> 
>>   >  certificateFile="conf/localhost-rsa-cert.pem"
>>  certificateChainFile="conf/localhost-rsa-chain.pem"
>>  type="RSA" />
>> 
>> 
>> 
>> and the following entries are also present, FWIW:
>> 
>> >  proxyName="cms.mysite.de  > >" maxThreads="150" enableLookups="false"
>>  redirectPort="8443" acceptCount="100" connectionTimeout="2"
>>  disableUploadTimeout="true" />
>> >  proxyName="othername.de  > >" maxThreads="150" enableLookups="false"
>>  redirectPort="8443" acceptCount="100" connectionTimeout="2"
>>  disableUploadTimeout="true" />
>> >  proxyName="other.de  > >" maxThreads="150" enableLookups="false"
>>  redirectPort="8443" acceptCount="100" connectionTimeout="2"
>>  disableUploadTimeout="true" />
>> >  proxyName="alternate.de  > >" maxThreads="150" enableLookups="false"
>>  redirectPort="8443" acceptCount="100" connectionTimeout="2"
>>  disableUploadTimeout="true" />
>> 
>> 
>> Connection to the server through port 8443 seems to work (filtered by ufw)
>> but I'm wondering why I don't see any tcp/v4 connection.
>> 
>> root@mail:/var/lib/tomcat9/logs# ufw status numbered
>> Status: active
>> 
>>   To Action  From
>>   -- --  
>> [ 1] 25 ALLOW INAnywhere
>> [ 2] 443ALLOW INAnywhere
>> [ 3] 993ALLOW INAnywhere
>> [ 4] 587ALLOW INAnywhere
>> [ 5] 80 ALLOW INAnywhere
>> [ 6] 22 ALLOW IN33.180.24.29
>> [ 7] 8080/tcp   ALLOW IN33.180.24.29
>> [ 8] 8443/tcp   ALLOW IN33.180.24.29
>> [ 9] 25 (v6)ALLOW INAnywhere (v6)
>> [10] 443 (v6)   ALLOW INAnywhere (v6)
>> [11] 993 (v6)   ALLOW INAnywhere (v6)
>> [12] 587 (v6)   ALLOW INAnywhere (v6)
>> [13] 80 (v6)ALLOW INAnywhere (v6)
>> 
>> root@mail:/var/lib/tomcat9/logs# netstat -an | grep 8443
>> tcp6   0  0 :::*8443*:::*LISTEN
>> 08-Jan-2024 10:25:55.513 INFO [main] 
>> org.apache.catalina.core.StandardEngine.startInternal Starting Servlet 
>> engine: [Apache Tomcat/9.0.58 (Ubuntu)]
>> 08-Jan-2024 10:25:55.532 INFO [main] 
>> org.apache.catalina.startup.HostConfig.deployWAR Deploying web application 
>> archive [/var/lib/tomcat9/webapps/ROOT.war]
>> 08-Jan-2024 10:26:07.487 INFO [main] 
>> org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned 
>> for TLDs yet contained no TLDs. Enable debug logging for this logger for a 
>> complete list of JARs that were scanned but no TLDs were found in them. 
>> Skipping unneeded JARs during scanning can improve startup time and JSP 
>> compilation time.
>> 08-Jan-2024 10:26:23.038 INFO [main] 
>> org.apache.catalina.startup.HostConfig.deployWAR Deployment of web 
>> application archive [/var/lib/tomcat9/webapps/ROOT.war] has finished in 
>> [27,506] ms
>> 08-Jan-2024 10:26:23.043 INFO [main] 
>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
>> ["http-nio-8082"]
>> 08-Jan-2024 10:26:23.079 INFO [main] 
>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
>> ["http-nio-8081"]
>> 08-Jan-2024 10:26:23.094 INFO [main] 
>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
>> ["http-nio-8080"]
>> 08-Jan-2024 10:26:23.098 INFO [main] 
>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
>> ["http-nio-8086"]
>> 08-Jan-2024 10:26:23.108 INFO [main] 
>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
>> ["https-openssl-apr-8443"]
>> 08-Jan-2024 10:26:23.133 INFO [main] 
>> org.apache.catalina.startup.Catalina.start Server

Re: Secure connection - only ipv6 listener at port 8443

2024-01-08 Thread EML


Run this command (I'm assuming you're on Linux):

 $ cat /proc/sys/net/ipv6/bindv6only

The default output is 0 on Linux (the Windows equivalent is apparently 
1). 0 means that an IPv6 socket will connect to *both* IPv6 and IPv4  
(look up IPV6_V6ONLY).


You can force Java to listen to IPv4 only, with something like 
'Environment="JAVA_OPTS_APPEND=-Djava.net.preferIPv4Stack=true', but you 
probably don't want to do this.


On 08/01/2024 09:40, Christoph Kukulies wrote:

Hi,

I'm trying to connect to a tomcat9 server for which I made an entry in 
server.xml:


 
  
        
  
        
            

and the following entries are also present, FWIW:

     proxyName="cms.mysite.de 
" maxThreads="150" enableLookups="false"

 redirectPort="8443" acceptCount="100" connectionTimeout="2"
     disableUploadTimeout="true" />
     proxyName="othername.de 
" maxThreads="150" enableLookups="false"

 redirectPort="8443" acceptCount="100" connectionTimeout="2"
     disableUploadTimeout="true" />
     proxyName="other.de 
" maxThreads="150" enableLookups="false"

 redirectPort="8443" acceptCount="100" connectionTimeout="2"
     disableUploadTimeout="true" />
     proxyName="alternate.de 
" maxThreads="150" enableLookups="false"

 redirectPort="8443" acceptCount="100" connectionTimeout="2"
     disableUploadTimeout="true" />


Connection to the server through port 8443 seems to work (filtered by ufw)
but I'm wondering why I don't see any tcp/v4 connection.

root@mail:/var/lib/tomcat9/logs# ufw status numbered
Status: active

  To                         Action      From
  --                         --      
[ 1] 25                         ALLOW IN    Anywhere
[ 2] 443                        ALLOW IN    Anywhere
[ 3] 993                        ALLOW IN    Anywhere
[ 4] 587                        ALLOW IN    Anywhere
[ 5] 80                         ALLOW IN    Anywhere
[ 6] 22                         ALLOW IN    33.180.24.29
[ 7] 8080/tcp                   ALLOW IN    33.180.24.29
[ 8] 8443/tcp                   ALLOW IN    33.180.24.29
[ 9] 25 (v6)                    ALLOW IN    Anywhere (v6)
[10] 443 (v6)                   ALLOW IN    Anywhere (v6)
[11] 993 (v6)                   ALLOW IN    Anywhere (v6)
[12] 587 (v6)                   ALLOW IN    Anywhere (v6)
[13] 80 (v6)                    ALLOW IN    Anywhere (v6)

root@mail:/var/lib/tomcat9/logs# netstat -an | grep 8443
tcp6       0      0 :::*8443*                :::*                    
LISTEN
08-Jan-2024 10:25:55.513 INFO [main] 
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet 
engine: [Apache Tomcat/9.0.58 (Ubuntu)]
08-Jan-2024 10:25:55.532 INFO [main] 
org.apache.catalina.startup.HostConfig.deployWAR Deploying web 
application archive [/var/lib/tomcat9/webapps/ROOT.war]
08-Jan-2024 10:26:07.487 INFO [main] 
org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was 
scanned for TLDs yet contained no TLDs. Enable debug logging for this 
logger for a complete list of JARs that were scanned but no TLDs were 
found in them. Skipping unneeded JARs during scanning can improve 
startup time and JSP compilation time.
08-Jan-2024 10:26:23.038 INFO [main] 
org.apache.catalina.startup.HostConfig.deployWAR Deployment of web 
application archive [/var/lib/tomcat9/webapps/ROOT.war] has finished 
in [27,506] ms
08-Jan-2024 10:26:23.043 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-nio-8082"]
08-Jan-2024 10:26:23.079 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-nio-8081"]
08-Jan-2024 10:26:23.094 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-nio-8080"]
08-Jan-2024 10:26:23.098 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-nio-8086"]
08-Jan-2024 10:26:23.108 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["https-openssl-apr-8443"]
08-Jan-2024 10:26:23.133 INFO [main] 
org.apache.catalina.startup.Catalina.start Server startup in [27735] 
milliseconds


root@mail:/var/lib/tomcat9/logs# lsof -i :8443
COMMAND   PID   USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
java   177550 tomcat   43u  IPv6 1853946      0t0  TCP *:8443 (LISTEN)
root@mail:/var/lib/tomcat9/logs#

--
Christoph

Secure connection - only ipv6 listener at port 8443

2024-01-08 Thread Christoph Kukulies

Hi,

I'm trying to connect to a tomcat9 server for which I made an entry in 
server.xml:

   






and the following entries are also present, FWIW:







Connection to the server through port 8443 seems to work (filtered by ufw)
but I'm wondering why I don't see any tcp/v4 connection.

root@mail:/var/lib/tomcat9/logs# ufw status numbered
Status: active

 To Action  From
 -- --  
[ 1] 25 ALLOW INAnywhere  
[ 2] 443ALLOW INAnywhere  
[ 3] 993ALLOW INAnywhere  
[ 4] 587ALLOW INAnywhere  
[ 5] 80 ALLOW INAnywhere  
[ 6] 22 ALLOW IN33.180.24.29 
[ 7] 8080/tcp   ALLOW IN33.180.24.29 
[ 8] 8443/tcp   ALLOW IN33.180.24.29 
[ 9] 25 (v6)ALLOW INAnywhere (v6) 
[10] 443 (v6)   ALLOW INAnywhere (v6) 
[11] 993 (v6)   ALLOW INAnywhere (v6) 
[12] 587 (v6)   ALLOW INAnywhere (v6) 
[13] 80 (v6)ALLOW INAnywhere (v6) 

root@mail:/var/lib/tomcat9/logs# netstat -an | grep 8443
tcp6   0  0 :::8443 :::*LISTEN 
08-Jan-2024 10:25:55.513 INFO [main] 
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: 
[Apache Tomcat/9.0.58 (Ubuntu)]
08-Jan-2024 10:25:55.532 INFO [main] 
org.apache.catalina.startup.HostConfig.deployWAR Deploying web application 
archive [/var/lib/tomcat9/webapps/ROOT.war]
08-Jan-2024 10:26:07.487 INFO [main] 
org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for 
TLDs yet contained no TLDs. Enable debug logging for this logger for a complete 
list of JARs that were scanned but no TLDs were found in them. Skipping 
unneeded JARs during scanning can improve startup time and JSP compilation time.
08-Jan-2024 10:26:23.038 INFO [main] 
org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application 
archive [/var/lib/tomcat9/webapps/ROOT.war] has finished in [27,506] ms
08-Jan-2024 10:26:23.043 INFO [main] org.apache.coyote.AbstractProtocol.start 
Starting ProtocolHandler ["http-nio-8082"]
08-Jan-2024 10:26:23.079 INFO [main] org.apache.coyote.AbstractProtocol.start 
Starting ProtocolHandler ["http-nio-8081"]
08-Jan-2024 10:26:23.094 INFO [main] org.apache.coyote.AbstractProtocol.start 
Starting ProtocolHandler ["http-nio-8080"]
08-Jan-2024 10:26:23.098 INFO [main] org.apache.coyote.AbstractProtocol.start 
Starting ProtocolHandler ["http-nio-8086"]
08-Jan-2024 10:26:23.108 INFO [main] org.apache.coyote.AbstractProtocol.start 
Starting ProtocolHandler ["https-openssl-apr-8443"]
08-Jan-2024 10:26:23.133 INFO [main] org.apache.catalina.startup.Catalina.start 
Server startup in [27735] milliseconds

root@mail:/var/lib/tomcat9/logs# lsof -i :8443
COMMANDPID   USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
java177550 tomcat   43u  IPv6 1853946  0t0  TCP *:8443 (LISTEN)
root@mail:/var/lib/tomcat9/logs# 

--
Christoph



smime.p7s
Description: S/MIME cryptographic signature

Re: Secure connection - only ipv6 listener at port 8443

Re: Secure connection - only ipv6 listener at port 8443

Secure connection - only ipv6 listener at port 8443

3 matches

Site Navigation

Mail list logo

Footer information