tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adria Stembridge <adrya.stembri...@gmail.com>
Subject Re: New to Tomcat -- SSL
Date Sat, 12 Dec 2009 17:22:16 GMT
>
> Don't the Tomcat logs say anything helpful ?


Actually, yes...

SEVERE: Catalina.start:
LifecycleException:  service.getName(): "Catalina";  Protocol handler start
failed: java.net.BindException: *Permission denied:80*
    at org.apache.catalina.connector.Connector.start(Connector.java:1097)
    at
org.apache.catalina.core.StandardService.start(StandardService.java:457)
    at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Dec 11, 2009 5:21:20 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 643 ms

I'm approaching my wits end with this project.

*server.xml*:

<?xml version="1.0" encoding="UTF-8"?>
<Server>
  <Listener className="org.apache.catalina.core.AprLifecycleListener"/>
  <Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
  <Listener
className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"/>
  <GlobalNamingResources>
    <Environment
      name="simpleValue"
      type="java.lang.Integer"
      value="30"/>
    <Resource
      auth="Container"
      description="User database that can be updated and saved"
      name="UserDatabase"
      type="org.apache.catalina.UserDatabase"
      pathname="conf/tomcat-users.xml"
      factory="org.apache.catalina.users.MemoryUserDatabaseFactory"/>
  </GlobalNamingResources>
  <Service
      name="Catalina">
    <Connector
        port="80"
        redirectPort="443"
        minSpareThreads="25"
        connectionTimeout="20000"
        maxSpareThreads="75"
        maxThreads="150">
    </Connector>
    <Connector
        port="443"
        scheme="https"
        secure="true"
        keystoreFile="/my/keystore"
        keystorePass="mysecretpassword"
        SSLEnabled="true"
        sslProtocol="TLS"
        maxSpareThreads="75"
        maxThreads="150"
        minSpareThreads="25"
        clientAuth="false">
    </Connector>
    <Engine
        defaultHost="localhost"
        name="Catalina">
      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"/>
      <Host
          appBase="webapps"
          name="localhost">
      </Host>
    </Engine>
  </Service>
</Server>


*Scanning ports from a different system:*

[Linux]:~$ nmap -p80,443,8080,8443 my.domain.org

Starting Nmap 4.62 ( http://nmap.org ) at 2009-12-12 12:15 EST
Interesting ports on my.domain.org (1.1.1.1):
PORT     STATE  SERVICE
80/tcp   open   http
443/tcp  open   https
8080/tcp closed http-proxy
8443/tcp closed https-alt

Nmap done: 1 IP address (1 host up) scanned in 0.071 seconds


*Iptables -L*
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:webcache
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:pcsync-https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:ddi-tcp-1
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited

*netstat -tln
*
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address
State
tcp        0      0 0.0.0.0:3306                0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:111                 0.0.0.0:*
LISTEN
tcp        0      0 127.0.0.1:631               0.0.0.0:*
LISTEN
tcp        0      0 127.0.0.1:25                0.0.0.0:*
LISTEN
tcp        0      0 127.0.0.1:6011              0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:892                 0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:7006                0.0.0.0:*
LISTEN
tcp        0      0 ::ffff:127.0.0.1:8005       :::*
LISTEN
tcp        0      0 :::80                       :::*
LISTEN
tcp        0      0 :::22                       :::*
LISTEN
tcp        0      0 ::1:6011                    :::*
LISTEN
tcp        0      0 :::443                      :::*
LISTEN
tcp        0      0 :::7006                     :::*
LISTEN


*iptables*
[Linux]# more /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8888 -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT


If I shut down apache httpd service, ports 80 and 443 are not open, despite
the server.xml file saying otherwise.

I'm at my wits end with this.  Any pointers or links to documentation to
help figure this out is greatly appreciated.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message