Return-Path: 
 <users-return-245788-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 678B110DA9
	for <apmail-tomcat-users-archive@www.apache.org>;
 Mon, 20 Jan 2014 19:47:44 +0000 (UTC)
Received: (qmail 66144 invoked by uid 500); 20 Jan 2014 19:47:40 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 66049 invoked by uid 500); 20 Jan 2014 19:47:40 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 66040 invoked by uid 99); 20 Jan 2014 19:47:40 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Jan 2014 19:47:40 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of aw@ice-sa.com designates
 212.85.38.229 as permitted sender)
Received: from [212.85.38.229] (HELO tor.combios.es) (212.85.38.229)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Jan 2014 19:47:33 +0000
Received: from [192.168.245.129] (p549E32F9.dip0.t-ipconnect.de
 [84.158.50.249])
	(Authenticated sender: andre.warnier@ice-sa.com)
	by tor.combios.es (Postfix) with ESMTPA id 6AEE53C0AF2
	for <users@tomcat.apache.org>; Mon, 20 Jan 2014 20:47:37 +0100 (CET)
Message-ID: <52DD7D39.3020007@ice-sa.com>
Date: Mon, 20 Jan 2014 20:47:05 +0100
From: =?UTF-8?B?QW5kcsOpIFdhcm5pZXI=?= <aw@ice-sa.com>
Reply-To: Tomcat Users List <users@tomcat.apache.org>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows
 system
References: 
 <7215BA462D00D343B2837F9113F0131F0181A1D53E@POSTOFFICE02.polydyne.com>
 <52DB5CA1.6050603@christopherschultz.net> <52DBECD1.2080200@gmail.com>
 <7215BA462D00D343B2837F9113F0131F0181A1D872@POSTOFFICE02.polydyne.com>
 <52DD4A05.5090507@ice-sa.com>
 <7215BA462D00D343B2837F9113F0131F0181A1D8A4@POSTOFFICE02.polydyne.com>
 <52DD563E.8080402@ice-sa.com>
 <7215BA462D00D343B2837F9113F0131F0181A1D8D8@POSTOFFICE02.polydyne.com>
In-Reply-To: 
 <7215BA462D00D343B2837F9113F0131F0181A1D8D8@POSTOFFICE02.polydyne.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org

Jeffrey Janner wrote:
>> -----Original Message-----
>> From: André Warnier [mailto:aw@ice-sa.com]
>> Sent: Monday, January 20, 2014 11:01 AM
>> To: Tomcat Users List
>> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on AWS
>> Windows system
>>
>> Jeffrey Janner wrote:
>>>> -----Original Message-----
>>>> From: André Warnier [mailto:aw@ice-sa.com]
>>>> Sent: Monday, January 20, 2014 10:09 AM
>>>> To: Tomcat Users List
>>>> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on
>>>> AWS Windows system
>>>>
>>>> Jeffrey Janner wrote:
>>>>>> -----Original Message-----
>>>>>> From: Ognjen Blagojevic [mailto:ognjen.d.blagojevic@gmail.com]
>>>>>> Sent: Sunday, January 19, 2014 9:19 AM
>>>>>> To: Tomcat Users List
>>>>>> Subject: Re: Cannot connect from outside using Tomcat 7/APR/SSL on
>>>>>> AWS Windows system
>>>>>>
>>>>>> Jeffrey,
>>>>>>
>>>>>> On 19.1.2014 6:03, Christopher Schultz wrote:
>>>>>>>> <Connector address="10.4.1.20" port="443"
>> maxHttpHeaderSize="8192"
>>>>>>> Could it be as simple as having set the "address" attribute?
>>>>>> +1
>>>>>>
>>>>>> BTW, setting attribute preverIPv4Stack=true on server side doesn't
>>>>>> mean anything for the client. The client will try to connect with
>>>> the
>>>>>> protocol he prefers. The client may also fall back to other
>>>>>> protocol (e.g. if IPv6 connection fails several times, try with
>> IPv4).
>>>>>> I see that access log is not configured. Is there a reason for
>> that?
>>>>>> Without access log you can't tell if the remote request reaches
>>>>>> Tomcat or not. So, for start, I suggest you configure access log
>>>>>> for Tomcat 7 and report back if something is logged after you try
>>>>>> to connect from the remote host. Note that Tomcat may postpone
>>>>>> writes
>>>> to
>>>>>> the log files, so make sure you stop Tomcat before you check your
>>>> logs.
>>>>>> If there is no record of remote requests in Tomcat 7 access logs,
>> I
>>>>>> suggest you analyze what is going on with Wireshark or some other
>>>>>> packet analyzer. You can that see if the client:
>>>>>>
>>>>>> 1. tries to connect using IPv6 or IPv4, 2. is falling back, 3.
>>>>>> which exactly IPv4/v6 adress does it use, 4. is TCP three-way
>>>>>> handshake successfull.
>>>>>>
>>>>>> Only when you confirm that three-way handshake is succsessful and
>>>>>> that the destionation IP adress is IPv4 "10.4.1.20", you may say
>>>> that
>>>>>> the request should have reached Tomcat.
>>>>>>
>>>>>> -Ognjen
>>>>> Added the access log.  Absolutely 0 entries from any address that
>> is
>>>> not the local system.
>>>> Can you configure your Tomcat-6 to run under your Java-7 ?
>>>> (in the principle, I think that this should work; I don't know about
>>>> the practice) This would help determine if the difference resides in
>>>> the Java or the Tomcat.
>>>>
>>> Tried it a different way.  Since TC7 is supposed to support Java 1.6,
>> switched my TC7 to use the existing Java6.
>>> No luck.
>>> Noticed that 7.0.47 is old now.  Going to try 7.0.50.
>>>
>> Did you try a simple :
>>
>> telnet 10.4.1.20 <Tomcat listen port>
>>
>> (just to see if 'anything' from outside can connect to your AWS/Tomcat
>> port)
>>
> Nope, just timeouts. 

If the connection is not rejected right away with a "connection refused by host", it 
normally means that a LISTEN port is opened on that port.

Taken "strictly by the book" and according to your presumed accurate description of the 
symptoms above,

A timeout suggests to me that the connection request packet (SYN ?) is received and 
accepted by the server, but that the return packet which should tell the client so (ACK 
?), never makes it back to the client.
Hence the client waits, until the timeout kicks in.

Are you sure that this server has a route back to the client ?

Or, are you sure that your descriptions so far are really accurate ? For example, is it 
really the same server on which you can make this succeed/fail just by switching the Java 
and/or Tomcat version, no other changes involved ?
(Also see Konstantin's question about the apparent discrepancy between the netstat output 
and your server.xml).




  What's really interesting, I can't seem to get a TC6/Java6 to work now either, at least 
not a newly installed one.  If I uncomment the relevant setup from the original and 
restart it works.  But a fresh TC6 install copying the webapps dir and the Service 
directory in conf and the server.xml, and I'm having the same problem.  Time to run from 
Amazon!!!!!
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org