tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Mikusa <dmik...@vmware.com>
Subject Re: I can only access Tomcat 7 when running via console (startup.bat)
Date Mon, 10 Dec 2012 16:38:57 GMT
On Dec 10, 2012, at 11:28 AM, André Warnier wrote:

> Yuri E wrote:
>> 2012/12/7 André Warnier <aw@ice-sa.com>
>>> Christopher Schultz wrote:
>>> 
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA256
>>>> 
>>>> André,
>>>> 
>>>> On 12/7/12 1:55 PM, André Warnier wrote:
>>>> 
>>>>> I am relatively familiar with tomcat under Windows, and if your
>>>>> explanations of what works and what doesn't above are exact, then
>>>>> I don't know either.
>>>>> 
>>>> One possibility: during the installation, the user chose to bind only
>>>> to localhost instead of 0.0.0.0.
>>>> 
>>> Aaaah. Yes, and that choice probably only exists in the Service installer.
>>> That would fit.
>>> And he would see that with netstat.
>>> 
>>>> 
>> "netstat -abn" results:
>> --
>> running Tomcat on console:
>> TCP    0.0.0.0:8009           0.0.0.0:0              LISTENING       3844
>> [java.exe]
>> TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       3844
>> [java.exe]
>> TCP    127.0.0.1:8005         0.0.0.0:0              LISTENING       3844
>> [java.exe]
>> --
>> running Tomcat as Service:
>> TCP    0.0.0.0:8009           0.0.0.0:0              LISTENING       488
>> [Tomcat7.exe]
>> TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       488
>> [Tomcat7.exe]
>> TCP    127.0.0.1:8005         0.0.0.0:0              LISTENING       488
>> [Tomcat7.exe]
> 
> Well, Chris, that was a worthy guess, but apparently it is not the reason here.
> 
> Didactic section :
> 
> In both cases above (running in a console window and running as a Service), we have Tomcat
listening :
> - on port 8080, all interfaces, all IP addresses.  That's the HTTP Connector
>   (see in server.xml)
> - on port 8009, all interfaces, all IP addresses.  That's the AJP Connector
>   (see in server.xml) (and maybe you don't need that one, and can comment it out)
> - on port 8005, only on the "localhost" address.  That is the "shutdown port", which
is limited to listening for calls originating from the same physical host, for security reasons
(so that nobody can shut down your Tomcat from the internet e.g.)
> 
> And the reason why in one case the process is "Tomcat7.exe" and in the other case it
is "java.exe" :
> - when Tomcat runs as a Service, there is a "service wrapper" involved, which "wraps
around" the java process (and Tomcat in it), and which provides the special functions that
Windows Services must provide for Windows (like listening to Windows "star/stop service" messages
etc..).  This wrapper is a copy of the procrun.exe program, renamed to "tomcat7.exe" for convenience.
> So when you run Tomcat as a Service, Windows really starts "tomcat7.exe", and tomcat7.exe
runs java.exe which runs tomcat.
> 
> -- end of didactic section --
> 
> 
> To summarise what is happening now :
> 
> 1) Tomcat running in a console window :
>   a) can be accessed from a browser running on the same machine
>   b) can be accessed from a browser running on another machine
> 
> 2) Tomcat running as a Windows Service :
>   a) can be accessed from a browser running on the same machine
>   b) but cannot be accessed from a browser running on another machine
> 
> while in both cases it is listening to 0.0.0.0:8080
> 
> It it was a DNS issue, then both 1-b and 2-b wouldn't work. But only 2-b doesn't work.
> If it was a firewall issue or similar, we'd have the same.
> If it was an issue of the java parameters or others used when starting tomcat as a service,
then both 2-a and 2-b would not work. But 2-a works.
> 
> Some weird MS security rule, applying to services but not to regular processes ?
> 
> Yuri, can you repeat for us which exact URL's you are using to access Tomcat, in each
of the cases above ?
> 
> 1-a :
> 1-b :
> 2-a :
> 2-b :
> 
> and how the problem shows up, when "it does not work" ?

Also, if you have a firewall running on the server, how is it configured?  Do you have a rule
to allow tcp on port 8080?  I ask because some firewalls will restrict at the application
level as well as the port level.  For example, only "java.exe" is allowed to listen on port
8080.

Dan


> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message