Well I configure my production tomcat to only listen on localhost 127.0.0.1
BTW, be carefull on some Suse system localhost is ::1, so an IPv6 address. As such you should make use of 127.0.0.1 in both server.xml and also in the stop script On Thu, 3 Feb 2005 11:14:01 +0100, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > After some playing around I think I've tracked down what the fix is, and > I'd like to throw an idea out as to what could be happening. > > First the fix. The fix is to explicitly state in the AJP13 connector > that the connector should ONLY bind to the loopback address (i.e. add > address="127.0.0.1"). Maybe this should be made the default because; > > a) it's a fix to the issue. > and > b) it also enhances security. > > Those people who are using AJP13 between machines should have the > knowlege to re-configure the connector to allow connections between > different machines. > > Now the suggestion as to why this is happening. > > My machine is behind a firewall, and therefore has non-routable IP > addresses (192.168.x.x). If you lookup the full hostname (a.b.c.d) on > the machine the hosts file resolves it to the private IP, if you look > it up using DNS it resolves to the public IP address of the firewall. > If you lookup the machine name only (a) from on the machine or anywhere > else it resolves via DNS to the public IP of the firewall. > > From what I can tell the AJP13 connector looks up the hostname only, > (which resolves it to the public IP address), then tries to connect to > the AJP13 port on the public IP address, and because the firewall > blocks this traffic, does not connect, and then gives up. > > To back this up I have put the hostname on it's own into the hosts file > (i.e. a resolves to the private IP), and everything worked again. > > Before everyone shouts "you've got a strange config, it's your problem", > I'd like to re-iterate that this issue can be avoided in many ways, and > my personal beleif is that the order of preference of fixes would be; > > 1) Add the address="127.0.0.1" to the default server.xml (which also has > the side effect of increasing security). > 2) If no address is specified then make the shutdown system start by > trying to connect to localhost as opposed to what seems to be the > current behaviour of attempting to resolve to an external address > first. > 3) Require everyone to have the short hostname configured to resolve to > their local IP. > > The reasons for this ordering is that 1 is the least effort by the > fewest people, 2 is more effort but by a small group, 3 has a potential > impact on all users and no matter where you document it will still be > missed by those who beleive in unpack and run. > > Regards, > > Al. > > Al Sutton <[EMAIL PROTECTED]> wrote on 03.02.2005, 07:58:16: > > Ben, > > > > Thanks for this. I'm not using any settings in JAVA_OPTS as shown below; > > > > [EMAIL PROTECTED] al]$ env | grep -i JAVA > > JRE_HOME=/usr/java/jdk1.4/jre > > PATH=/usr/java/jdk1.4/bin:/home/al/utils/apache-ant-1.6.2/bin:/usr/kerberos/ > > bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin > > JAVA_HOME=/usr/java/jdk1.4 > > [EMAIL PROTECTED] al]$ > > > > I've tried this on two machines, one an Athlon XP 2400+ running FC2, and the > > other a Dual Xeon 2.8 GHz running SLES 8, both showed the same problem, so > > I'm pretty sure it's not hardware. The machines are also geographically > > seperated and do not operate on the network (ones on my LAN at home, the > > others on a LAN at work), so I'm pretty sure it's not related to the > > environment external to the machine. > > > > I'm going to upgrade to _07 and get the latest kernel and try again, as > > currently the only difference seems to be that your execting startup and > > shutdown from within the bin directory and I'm executing it from the top > > level (i.e. doing bin/startup.sh and bin/shutdown.sh). > > > > Thanks again, > > > > Al. > > > > > > -----Original Message----- > > From: Ben Souther [mailto:[EMAIL PROTECTED] > > Sent: 02 February 2005 23:32 > > To: Tomcat Users List > > Subject: RE: Shutdown not working under SLES8 and FC2 > > > > > > On Wed, 2005-02-02 at 17:11, Ben Souther wrote: > > > On Wed, 2005-02-02 at 16:43, Al Sutton wrote: > > > Hmmm The latest updates gives me; > > > > > > > > Linux host 2.6.10-1.9_FC2 #1 Thu Jan 13 17:54:57 EST 2005 i686 athlon > > i386 > > > > GNU/Linux > > > > > > > > and I'm on JDK 1.4.2_06 as opposed to _05. > > > > > > > > Would it be possible for you to upgrade?, I'd like to have the exact > > same > > > > environment, but please don't put yourself out or risk a critical > > > > environment. > > > > OK, here you go. > > It turns out that I did have _06 on this machine. I also have > > 2.6.10-1.9_FC2 (which is no longer the latest BTW ;)). > > > > Once again, I started and stopped without a problem. > > Here is the screen dump: > > ---------------------------------------------------------------------------- > > ---- > > [EMAIL PROTECTED] bin]$ uname -a > > Linux bsouther 2.6.10-1.9_FC2 #1 Thu Jan 13 17:54:57 EST 2005 i686 > > athlon i386 GNU/Linux > > [EMAIL PROTECTED] bin]$ export JAVA_HOME=/usr/local/j2sdk1.4.2_06 > > [EMAIL PROTECTED] bin]$ ./startup.sh > > Using CATALINA_BASE: /home/bsouther/tc_test/jakarta-tomcat-5.5.7 > > Using CATALINA_HOME: /home/bsouther/tc_test/jakarta-tomcat-5.5.7 > > Using CATALINA_TMPDIR: /home/bsouther/tc_test/jakarta-tomcat-5.5.7/temp > > Using JRE_HOME: /usr/local/j2sdk1.4.2_06 > > [EMAIL PROTECTED] bin]$ ./shutdown.sh > > Using CATALINA_BASE: /home/bsouther/tc_test/jakarta-tomcat-5.5.7 > > Using CATALINA_HOME: /home/bsouther/tc_test/jakarta-tomcat-5.5.7 > > Using CATALINA_TMPDIR: /home/bsouther/tc_test/jakarta-tomcat-5.5.7/temp > > Using JRE_HOME: /usr/local/j2sdk1.4.2_06 > > Created MBeanServer with ID: e94e92:101d55eb6c4:-8000:bsouther:1 > > [EMAIL PROTECTED] bin]$ ps -ef | grep java > > bsouther 4714 4595 0 18:19 pts/0 00:00:00 grep java > > [EMAIL PROTECTED] bin]$ > > ---------------------------------------------------------------------------- > > ---- > > > > This matches your configuration exactly. > > I also tried with _07 and the latest kernel (as of this afternoon > > ***.12 I believe). > > > > And you definitely aren't running with any JAVA_OPT settings? > > Maybe you have a hardware issue. > > Have you tried on another machine? > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
