tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kees Jan Koster <kjkos...@kjkoster.org>
Subject Re: Another confused person trying to get jconsole to monitor tomcat.
Date Thu, 21 Aug 2008 07:35:34 GMT
Dear Bill,

> I've been through the docs.  I've been through Google.  I can't seem
> to figure this out.
>
> Server: Tomcat 6.0.18, JDK: 1.6.0_07, Redhat Server 5.2
> Client: jconsole from JDK 1.6.0_07 on Windows XP
>
> I've got all of these in $CATALINA_OPTS and they do show up in
> the java command line when I run ps:
>
> -Dcom.sun.management.jmxremote
> -Dcom.sun.management.jmxremote.port=12345
> -Dcom.sun.management.jmxremote.ssl=false
> -Dcom.sun.management.jmxremote.authenticate=false
>
> The Redhat server is running iptables and disallows most things that
> aren't 80/443.  Any other ports that are needed are generally opened
> up only to specific IP's.
>
> I've opened up the JMX port specified above on the Linux firewall:
>
> iptables -A INPUT -s myClientsIp -p tcp -m tcp --dport 12345 -j ACCEPT
>
> I run jconsole:
>
> C:\PathToJava\bin>jconsole myServer.myDomain.com:12345
>
> It can't make the connection.  I've got a feeling it's something to  
> do with
> the firewall.  I've seen some stuff that suggests that there's another
> unspecified port opened up but it didn't really make sense to me.
>
> Note that the server and the client are at different facilities  
> connected
> over the internet which is why I eventually want to get it going with
> authentication and SSL but I can't even get this simple insecure
> version of the connection to work.


I just spent a few hours trying to figure this out myself. The problem  
you are facing is that RMI uses dynamic port allocation. The port you  
are specifying is that of the RMI registry, which only acts as a  
naming service.

The actual JMX port is dynamically chosen by the RMI registry, so  
opening a single port on the firewall does not actually help.

The simple case will never work for your environment. You have to go  
SSL for this to even work. Here is a blog post by Daniel Fuchs with a  
step-by-step for ssl and single port RMI http://blogs.sun.com/jmxetc/entry/jmx_connecting_through_firewalls_using

In the end I just gave up and I now open the firewall between my dev  
machine's IP and the test machine's IP when I need jconsole. I have  
better things to do with my time than fight RMI. :-/
--
Kees Jan

http://java-monitor.com/forum/
kjkoster@kjkoster.org
06-51838192

Human beings make life so interesting. Do you know that in a universe  
so full of wonders,
they have managed to invent boredom. Quite astonishing... -- Terry  
Partchett


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message