newbie: multiple ports for same tomcat server 5.0
I have recently inherted a tomcat 5 server (today - do want want to upgrade at this point). There is a SSI server on the outside that sends request to 8009 for this tomcat server (from what I have been told). The tomcat server is running on port 8082. I have been tasked to change this tomcat server to accept request from 8082 when they are coming from the outside and port 80 if you are inside the network. The outisde goes from an address that accepts the request on port 80 and then sends it to tomcat on port 8082. The inside I would set DHCP to send directly to the tomcat server and by pass the SSI server. Therefore I need to allow this tomcat server to listen on port 80 and port 8082. I am including my server.xml file. Thanks, factory org.apache.catalina.users.MemoryUserDatabaseFactory pathname conf/tomcat-users.xml -- View this message in context: http://old.nabble.com/newbie%3A-multiple-ports-for-same-tomcat-server-5.0-tp27262778p27262778.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: multiple ports for same tomcat server 5.0
Chart wrote: I have recently inherted a tomcat 5 server (today - do want want to upgrade at this point). There is a SSI server on the outside that sends request to 8009 for this tomcat server (from what I have been told). The tomcat server is running on port 8082. I have been tasked to change this tomcat server to accept request from 8082 when they are coming from the outside and port 80 if you are inside the network. The outisde goes from an address that accepts the request on port 80 and then sends it to tomcat on port 8082. The inside I would set DHCP to send directly to the tomcat server and by pass the SSI server. Therefore I need to allow this tomcat server to listen on port 80 and port 8082. I am including my server.xml file. Thanks, factory org.apache.catalina.users.MemoryUserDatabaseFactory pathname conf/tomcat-users.xml Finally a question at my level ! :-) What you have above, graphically (*), is like this : Users Users Users Users | || | | || | | || (HTTP protocol) (HTTP protocol) SSI server | (Apache httpd ?) | | | Apache/Tomcat connector| (inside Apache)| (mod_jk ?) | | | (AJP protocol) Tomcat AJP connector Tomcat HTTP connector |--| | Tomcat | -- | | | | webappswebapps webapps And you want this : Users Users External Users Internal Users | || | | || | | || | (HTTP protocol) (HTTP protocol) (HTTP protocol) SSI server | | (Apache httpd ?)| | | | | Apache/Tomcat connector | | (inside Apache) | | (mod_jk ?)| | | | | Tomcat AJP connector Tomcat HTTP connectorTomcat HTTP connector || |- | Tomcat Host | -- | | | | webappswebapps webapps Can you guess ? You just need to duplicate this section, and change one attribute : > connectionTimeout="2" disableUploadTimeout="true" port="8082" > redirectPort="8443" maxSpareThreads="75" maxThreads="150" > minSpareThreads="25"> > Easy, no ? (*) Well, I am doing my best, but there's a limit to what one can do in text emails Note that there is a catch, above : if there is already another server listening on port 80, it will not work. You need to choose, only one server listening on each port is allowed. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: newbie: multiple ports for same tomcat server 5.0
> From: André Warnier [mailto:a...@ice-sa.com] > Subject: Re: newbie: multiple ports for same tomcat server 5.0 > > What you have above, graphically (*), is like this : Nice pictures. (The lost art of ASCII art.) > You just need to duplicate this section, and change one attribute : > > > connectionTimeout="2" disableUploadTimeout="true" port="8082" > > redirectPort="8443" maxSpareThreads="75" maxThreads="150" > > minSpareThreads="25"> > > One addition: you might want to use an address attribute in each to limit which IP addresses Tomcat will listen on, and avoid port conflicts. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: multiple ports for same tomcat server 5.0
Caldarale, Charles R wrote: From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: newbie: multiple ports for same tomcat server 5.0 What you have above, graphically (*), is like this : Nice pictures. (The lost art of ASCII art.) Thanks. Unfortunately, I have a feeling that only fellow artists of the same school and period would really appreciate the effort. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: multiple ports for same tomcat server 5.0
Hello Chuck, I was going through this email thread and have a question for you. We have a similar setup like this in one of our containers but we do not use the address attribute as you mentioned in the connector declaration. You mentioned that adding the address attribute is recommended to prevent port conflicts. Can you please elaborate on this? I am having difficulties in imagining a scenario where this would result in a port conflict (an example would be great). Thanks Anurag -- Anurag Kapur Associate - Technology, Sapient Corporation. http://www.linkedin.com/in/anuragkapur http://www.google.com/profiles/anuragkapur -- On Thu, Jan 21, 2010 at 7:47 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: André Warnier [mailto:a...@ice-sa.com] > > Subject: Re: newbie: multiple ports for same tomcat server 5.0 > > > > What you have above, graphically (*), is like this : > > Nice pictures. (The lost art of ASCII art.) > > > You just need to duplicate this section, and change one attribute : > > > > > connectionTimeout="2" disableUploadTimeout="true" port="8082" > > > redirectPort="8443" maxSpareThreads="75" maxThreads="150" > > > minSpareThreads="25"> > > > > > One addition: you might want to use an address attribute in each > to limit which IP addresses Tomcat will listen on, and avoid > port conflicts. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
RE: newbie: multiple ports for same tomcat server 5.0
> From: Anurag Kapur [mailto:anuragka...@gmail.com] > Subject: Re: newbie: multiple ports for same tomcat server 5.0 > > You mentioned that adding the address attribute is recommended > to prevent port conflicts. I didn't say it was recommended, just that it was one way to avoid port conflicts, especially if you wanted both elements to use a standard port, such as 80. The other way, of course, is to simply use different ports. In the case being discussed in the thread, the OP wanted to segregate external users and internal ones, and typically that's done by using separate IP addresses for each group. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: newbie: multiple ports for same tomcat server 5.0
Chuck, I am now confused. I stated I am using port 8082 from the outside and need to use port 80 on the inside. So I am using different ports. So the port conflick that you talked about orignal would never happen (is this correct?). If I am going to have a port conflick, how would Impliment what you stated? n828cl wrote: > >> From: Anurag Kapur [mailto:anuragka...@gmail.com] >> Subject: Re: newbie: multiple ports for same tomcat server 5.0 >> >> You mentioned that adding the address attribute is recommended >> to prevent port conflicts. > > I didn't say it was recommended, just that it was one way to avoid port > conflicts, especially if you wanted both elements to use a > standard port, such as 80. The other way, of course, is to simply use > different ports. In the case being discussed in the thread, the OP wanted > to segregate external users and internal ones, and typically that's done > by using separate IP addresses for each group. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/newbie%3A-multiple-ports-for-same-tomcat-server-5.0-tp27262778p27277458.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: newbie: multiple ports for same tomcat server 5.0
> From: Chart [mailto:ccha...@hotmail.com] > Subject: RE: newbie: multiple ports for same tomcat server 5.0 > > I stated I am using port 8082 from the outside and > need to use port 80 on the inside. If your front-end is on the same machine, you will have a port conflict, since it's already got port 80 assigned. If the front-end is on a different machine, you shouldn't have a conflict. However, if port 8082 is open to the outside world, is there anything that stops the outside world from using the public IP address and accessing Tomcat on port 80? Perhaps your firewall settings are such that you've taken care of that, but it's not clear. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: newbie: multiple ports for same tomcat server 5.0
Chuck, Yes we have a firewall that does not allow traffic from the IIS server to the tomcat server on port 80. Just for learning purposes. Could you take the line out of my original file and add information like you had stated in your original update? thanks, n828cl wrote: > >> From: Chart [mailto:ccha...@hotmail.com] >> Subject: RE: newbie: multiple ports for same tomcat server 5.0 >> >> I stated I am using port 8082 from the outside and >> need to use port 80 on the inside. > > If your front-end is on the same machine, you will have a port conflict, > since it's already got port 80 assigned. If the front-end is on a > different machine, you shouldn't have a conflict. However, if port 8082 > is open to the outside world, is there anything that stops the outside > world from using the public IP address and accessing Tomcat on port 80? > > Perhaps your firewall settings are such that you've taken care of that, > but it's not clear. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/newbie%3A-multiple-ports-for-same-tomcat-server-5.0-tp27262778p27277828.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: newbie: multiple ports for same tomcat server 5.0
> From: Chart [mailto:ccha...@hotmail.com] > Subject: RE: newbie: multiple ports for same tomcat server 5.0 > > Just for learning purposes. Could you take the line out of my > original file and add information like you had stated in your > original update? Sorry, I don't understand what you're asking for. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: multiple ports for same tomcat server 5.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chart, On 1/21/2010 1:53 PM, Chart wrote: > There is a SSI server on the outside that sends request to > 8009 for this tomcat server (from what I have been told). The tomcat > server is running on port 8082. You mean that Tomcat is accepting requests on port 8082. What kind of requests, HTTP? > I have been tasked to change this tomcat > server to accept request from 8082 when they are coming from the outside and > port 80 if you are inside the network. If Tomcat is already listening to port 8082, then it will continue to do so. There should be no need to change anything, unless you have instructed Tomcat to listen only on a certain interface (like localhost). > The outisde goes from an address > that accepts the request on port 80 and then sends it to tomcat on port > 8082. Okay, this sounds like your setup already does exactly what your requirements state. Congratulations: you're done! > The inside I would set DHCP to send directly to the tomcat server > and by pass the SSI server. Uh, wait... what? > Therefore I need to allow this tomcat server > to listen on port 80 and port 8082. Where is the SSI server? Same machine, or someplace else? Is it okay if remote users go directly to port 80 on the Tomcat machine, or do you need to prohibit them from doing so? > That's your original HTTP with just the port number changed. Now, if your SSI server (btw: never heard that term before) is running on the local machine and already listening to port 80, then you'll have to do as Chuck suggests and have Tomcat bind to localhost (or some other interface) as to avoid conflicts with the aforementioned server who already owns port 80. Also, if you're running on *NIX, port 80 is considered "privileged" and you therefore must make arrangements to be able to bind to that port. If this is the case, please let us know and we can help you do that. If you ever move up to 5.5 or (even better) 6.0, you might want to consider using an that allows all your s to share a single thread pool. That way, you won't run the risk of having lots of threads sitting around doing nothing because one of the is under-used. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktZ9ekACgkQ9CaO5/Lv0PDiTQCgteVJ5u57pedwpVFPRX/TVcXR 2Y4An3+hNFRqaxpzCRlrJHC9tIxgjkr8 =XntN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: multiple ports for same tomcat server 5.0
Now here we have a case where I, the dummy on this forum, spend hours creating a work of ascii art explaining clearly and precisely to the OP what he needs to change, and where subsequently the two gurus manage, in just a couple of posts, to totally confuse the OP. t. (And, by the way, it appears that "SSI", mentioned by the OP in the initial post, and which somewhat puzzled me too but which I decided to just copy along, should in reality have been noted "IIS". Which makes it a lot clearer for everyone now.) So, Chart, bear with me. Go back to the picture. In the first version, there was your current configuration, with the IIS server, which in all likelihood is currently listening on port 80. In your original post, you indicated your intention of turning it off, and having (internal) users access Tomcat directly on port 80. For that, you need Tomcat to listen on port 80, which it doesn't yet do currently. So I tried to show you what you need to do to Tomat, so that it will listen on port 80 (essentially, add a , similar to the one you have for port 8082, but this new one listening on port 80). Unfortunately, in version 2 of the picture, where I represented this additional Connector, I also left in the IIS server (which also listens on port 80). If both IIS and Tomcat are running on the same host, that does not work. You cannot have IIS and Tomcat both listen, at the same time, on all IP addresses of the same host, and on port 80. There is a conflict : only one of them can be doing that at any one time. So, - if the IIS server is on another host than Tomcat, then it is fine, there is no conflict, and what I showed in version 2 is fine. - if the IIS server and Tomcat are on the same host, then in principle only one of them can be listening on port 80. So you have to start /either/ IIS /or/ Tomcat, but not both at the same time. Which is OK if as you mentioned, you are going to eliminate IIS anyway. (If you try to start Tomcat that way while IIS is running, Tomcat will not start, because it will be unable to open port 80; it is already taken). IF however, IIS and Tomcat being on the same host, AND for some reason you still want to leave IIS running, then there is still a way to avoid the conflict. But it involves the fact that your host has at least 2 distinct IP addresses, and a bit more configuration. Which we will then explain to you if that is your case. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: multiple ports for same tomcat server 5.0
I have everything working from the first post. Per the last update the problem looks like I confused chuck on my original post when I thought I stated the that IIS was running on a different box. There are two distinct boxes (one of the outside running IIS and one on the inside running Tomcat). Therefore everything that Chuck stated in the post confused me and everyone else that has read the updates, because he thought everything was running on one box. I appreciate everyone help and everything is working. awarnier wrote: > > Now here we have a case where I, the dummy on this forum, spend hours > creating a work of ascii art explaining clearly and precisely to the OP > what he needs to change, and where subsequently the two gurus manage, in > just a couple of posts, to totally confuse the OP. > t. > > > (And, by the way, it appears that "SSI", mentioned by the OP in the > initial post, and which somewhat puzzled me too but which I decided to > just copy along, should in reality have been noted "IIS". Which makes > it a lot clearer for everyone now.) > > > So, Chart, bear with me. > > Go back to the picture. > > In the first version, there was your current configuration, with the IIS > server, which in all likelihood is currently listening on port 80. > > In your original post, you indicated your intention of turning it off, > and having (internal) users access Tomcat directly on port 80. > > For that, you need Tomcat to listen on port 80, which it doesn't yet do > currently. > So I tried to show you what you need to do to Tomat, so that it will > listen on port 80 (essentially, add a , similar to the one > you have for port 8082, but this new one listening on port 80). > > Unfortunately, in version 2 of the picture, where I represented this > additional Connector, I also left in the IIS server (which also listens > on port 80). > If both IIS and Tomcat are running on the same host, that does not work. > You cannot have IIS and Tomcat both listen, at the same time, on all IP > addresses of the same host, and on port 80. > There is a conflict : only one of them can be doing that at any one time. > > So, > > - if the IIS server is on another host than Tomcat, then it is fine, > there is no conflict, and what I showed in version 2 is fine. > > - if the IIS server and Tomcat are on the same host, then in principle > only one of them can be listening on port 80. So you have to start > /either/ IIS /or/ Tomcat, but not both at the same time. > Which is OK if as you mentioned, you are going to eliminate IIS anyway. > (If you try to start Tomcat that way while IIS is running, Tomcat will > not start, because it will be unable to open port 80; it is already > taken). > > IF however, IIS and Tomcat being on the same host, AND for some reason > you still want to leave IIS running, then there is still a way to avoid > the conflict. But it involves the fact that your host has at least 2 > distinct IP addresses, and a bit more configuration. > Which we will then explain to you if that is your case. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/newbie%3A-multiple-ports-for-same-tomcat-server-5.0-tp27262778p27282311.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
