I have been using Amazon EC2 to run my Tomcat+MySQL website for a while and is now migrating to Google Cloud Platform. I start a compute engine instance (Ubuntu 16.04), connect to it via ssh and use apt-get to install mysql/tomcat7.
The problem I encountered is that tomcat will not start. The catalina.out log didn't have a "Server startup at xxxms" message, and I can't connect to 8080 port via browser.
The last several lines of catalina.out is
Jul 10, 2017 7:06:20 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 928 ms
Jul 10, 2017 7:06:20 PM org.apache.catalina.core.StandardService startInternal INFO: Starting service Catalina
Jul 10, 2017 7:06:20 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.68 (Ubuntu)
Jul 10, 2017 7:06:20 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor /etc/tomcat7/Catalina/localhost/host-manager.xml
Jul 10, 2017 7:06:21 PM org.apache.catalina.startup.TldConfig execute INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
When I use netstat to check, it shows user tomcat7 is listening to 8080
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 115 32984 -
$ id -u tomcat7
$ 115
I try to wget localhost:8080 in ssh terminal, it shows
Connecting to localhost (localhost)|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response...
and just hang there.
Any idea or suggestion will be greatly appreciated!
Update
It turns out that firewall is not the root cause of the problem, and even without allowing port 8443 Tomcat will work (Of coz you need to allow 8080). The reason that there's no "Server started" message showing up is Tomcat take extremely long time to startup (1346049 ms the first time, 354034 ms when restarted, no web app installed except for the default index.html), and the reason for no responding to request is also that it has not finished starting up yet.
This is the first time I have seen that Tomcat takes so long to start and also the reason I didn't realize it in the first place. I suspect (with some search) this is caused by Tomcat Jar scanning. Will keep update this question once I have more detail.
Update - Problem Solved
It turns out that I encounter the same problem here and the solution is here. In short, much of the time is consumed by the following task:
Creation of SecureRandom instance for session ID generation using [SHA1PRNG]
which require Java to load /dev/random to get random numbers. /dev/random typically get its entropy source from keyboard/mouse input, which cannot provide enough randomness on a headless virtual machine. This causes the random number to be "used up" during computation and cause a lot of wait. The solution is to install haveged, which use some other source to provide randomness (details in the link).
I installed haveged, and now tomcat only takes 1 sec to startup and everything works normal.
Thanks for asking such interesting question.
I've never used Google Cloud services but I managed to replicate your issue.
After reading a little I found that you need to update your Firewall Rules to enable access to 8080 port.
Go to:
1) (Hamburguer Icon, upper left)
2) Networking
3) Firewall Rules
4) Add new
I created one called 'allow-tomcat7' with this properties:
Descripción
Enables Tomcat 7 access
Red
default
Prioridad
1000
Dirección
Entrada
Acción tras coincidencia
Permitir
Filtros de origen
Intervalos de IP
0.0.0.0/0
Protocolos y puertos
tcp:8080
tcp:8443
udp:8080
There's an option for 'target tags' when you edit the configuration, although I've created a 'tag' and applied it only to my new EC instance it didn't work. I had to remove target tags and it worked like a charm:
Make sure you allow access only for your IP address!
You'll need to adjust your security settings, otherwise, you'll become a honeypot, once I've enabled the port for everyone several bots started to scan it:
daychuzleo#testing-tomcat:~$ sudo tcpdump -i ens4 port 8080
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens4, link-type EN10MB (Ethernet), capture size 262144 bytes
20:39:31.437634 IP 170.251.221.183.54162 > testing-tomcat.c.hip-river-163201.internal.http-alt: Flags [.], seq 1638030511:1638030512, ack 1250919796, win 259, length 1: HTTP
20:39:31.437665 IP testing-tomcat.c.hip-river-163201.internal.http-alt > 170.251.221.183.54162: Flags [.], ack 1, win 231, options [nop,nop,sack 1 {0:1}], length 0
20:39:37.133899 IP 170.251.221.183.53878 > testing-tomcat.c.hip-river-163201.internal.http-alt: Flags [.], seq 2436191518:2436191519, ack 4071767590, win 259, length 1: HTTP
20:39:37.133930 IP testing-tomcat.c.hip-river-163201.internal.http-alt > 170.251.221.183.53878: Flags [.], ack 1, win 222, options [nop,nop,sack 1 {0:1}], length 0
20:39:51.379839 IP 170.251.221.183.54162 > testing-tomcat.c.hip-river-163201.internal.http-alt: Flags [F.], seq 1, ack 1, win 259, length 0
20:39:51.392375 IP 170.251.221.183.47923 > testing-tomcat.c.hip-river-163201.internal.http-alt: Flags [S], seq 1420913913, win 8192, options [mss 1386,nop,wscale 8,nop,nop,sackOK,unknown-76 0x01010a18e9680005,unknown-76 0x0c01,nop,eol], length 0
20:39:51.392410 IP testing-tomcat.c.hip-river-163201.internal.http-alt > 170.251.221.183.47923: Flags [S.], seq 507557961, ack 1420913914, win 28400, options [mss 1420,nop,nop,sackOK,nop,wscale 7], length 0
20:39:51.421934 IP testing-tomcat.c.hip-river-163201.internal.http-alt > 170.251.221.183.54162: Flags [.], ack 2, win 231, length 0
20:39:51.586555 IP 170.251.221.183.47923 > testing-tomcat.c.hip-river-163201.internal.http-alt: Flags [.], ack 1, win 259, length 0
20:39:51.590317 IP 170.251.221.183.47923 > testing-tomcat.c.hip-river-163201.internal.http-alt: Flags [P.], seq 1:389, ack 1, win 259, length 388: HTTP: GET / HTTP/1.1
20:39:51.590337 IP testing-tomcat.c.hip-river-163201.internal.http-alt > 170.251.221.183.47923: Flags [.], ack 389, win 231, length 0
I was unable to make it work with wget, but I think with this you'll found it out.
UPDATE:
I forgot to mention some things you may have not configured:
-Allowing Firewall for HTTP and HTTPS in your VM instance:
Try using a web navigator (Chrome, Firefox) don't use wget.
Verify that you're not being filtered by your company firewall, try testing with 4g in your cell phone or an unrestricted network, or just ask your IT team to allow you access to the temporary public IP (and port) generated (each time).
Start the service using:
sudo service tomcat7 start
Try reinstalling tomcat
Other things I did (in the research process)
Moving the service to IPV4 instead of IPV6
daychuzleo#testing-tomcat:~$ netstat -ntpl
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
To do it, edit the default tomcat and add in JavaOPTS the IPV4 option:
vim /etc/default/tomcat
JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC -Djava.net.preferIPv4Stack=true"
Disable the 8443 redirection
Comment the section "redirectPort" in server.xml:
vim /etc/tomcat/server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
address="0.0.0.0"/>
<!--redirectPort="8443" />-->
Verify each change by restarting your tomcat instance.
Related
I have dronekit-sitl installed in a python3 virtual environment on my Windows 10 machine and have used it before by running dronekit-sitl copter with no issues. However, as of today I am running across what seems to be a permission issue when trying to execute the ArduCopter sitl.
$ dronekit-sitl copter
os: win, apm: copter, release: stable
SITL already Downloaded and Extracted.
Ready to boot.
Execute: C:\Users\kyrlon\.dronekit\sitl\copter-3.3\apm.exe --home=-35.363261,149.165230,584,353 --model=quad -I 0
SITL-0> Started model quad at -35.363261,149.165230,584,353 at speed 1.0
SITL-0.stderr> bind port 5760 for 0
Starting sketch 'ArduCopter'
bind failed on port 5760 - Operation not permitted
Starting SITL input
Not sure what might have triggered a new operation permission issue, and I tried to start over with a fresh Python environment, but even after a complete PC shutdown, I am still having the error as shown above.
It turns out that having docker on my system was the culprit and excluding the port I was attempting to use as mentioned in this SO post that led me to this github issue. Running the command in an elevated terminal:
netsh interface ipv4 show excludedportrange protocol=tcp
Provided me the results of the following excluded ports:
Protocol tcp Port Exclusion Ranges
Start Port End Port
---------- --------
1496 1595
1658 1757
1758 1857
1858 1957
1958 2057
2058 2157
2180 2279
2280 2379
2380 2479
2480 2579
2702 2801
2802 2901
2902 3001
3002 3101
3102 3201
3202 3301
3390 3489
3490 3589
3590 3689
3693 3792
3793 3892
3893 3992
3993 4092
4093 4192
4193 4292
4293 4392
4393 4492
4493 4592
4593 4692
4768 4867
4868 4967
5041 5140
5141 5240
5241 5340
5357 5357
5358 5457
5458 5557
5558 5657
5700 5700
5701 5800
8005 8005
8884 8884
15202 15301
15302 15401
15402 15501
15502 15601
15602 15701
15702 15801
15802 15901
15902 16001
16002 16101
16102 16201
16202 16301
16302 16401
16402 16501
16502 16601
16602 16701
16702 16801
16802 16901
16993 17092
17093 17192
50000 50059 *
* - Administered port exclusions.
Turns out that docker or possibly Hyper-V excluded the range that included 5760:
5701 5800
And as mentioned from the github issue, I probably resolved this issue before after a set number of restarts that incremented the port ranges, or possibly got lucky in the past starting dronekit-sitl before docker ran on my system.
Either way, to resolve this issue of Operation not permitted, running the command as admin:
net stop winnat
net start winnat
solved the issue with dronekit-sitl without having to specify a different port besides the default 5760.
These are some of the parameters of my lighttpd config file.
server.modules += ( "mod_wstunnel", "mod_auth")
wstunnel.debug = 4
wstunnel.server.max-read-idle = 86400
#wstunnel.ping-interval = 5
#wstunnel.timeout = 30
When I open my web application, connection is created properly using websocket and connects to my c++ server.
All functionalities work except one.
One requirement of my application is to change the system time of machine, but when system time is changed, connection is closed and in log file it shows as :
`2019-02-12 14:04:10: (gw_backend.c.308) released proc: pid: 0 socket: tcp:127.0.0.1:10002 load: 0`
I want to maintain the connection even if system time is changed.
What other parameters can be used or any modification is required in these parameters?
System OS : Fedora 26
Lighttpd version : 1.4.49
wstunnel.server.max-read-idle does not exist. Did you test the lighttpd config before running it and look at the error trace? It should have noted wstunnel.server.max-read-idle as an unrecognized directive.
The directives you seek are:
server.max-read-idle
server.max-write-idle
server.max-keep-alive-idle
However, if the time on your server (running lighttpd) is jumping more than a few seconds, then I suggest that is your primary problem.
Also, Fedora 26 reach end-of-life on May 29, 2018. Supported Fedora have newer version of lighttpd. The current version of lighttpd is lighttpd 1.4.53.
I am using minicom on Kali Linux native ( Linux 4.6.0-kali1-amd64 x86_64 )
to install embedded linux on a stm32f746g-Disco.
After setting up the tftp protocol, the ethernet connection with the board
, after building the kernel and putting the image in the appropriate folder ( \tftpboot\stm32f7\uImage is the path & name of the image ), I'm starting minicom to comunicate with the board.
The comunication with the board works fine, but the problem is that the board somewhat cannot read the image of the kernel, even if the path is correct:
STM32F746-DISCO> reset
resetting ...
U-Boot 2010.03 (Dec 21 2015 - 04:18:19)
CPU : STM32F7 (Cortex-M7)
Freqs: SYSCLK=200MHz,HCLK=200MHz,PCLK1=50MHz,PCLK2=100MHz
Board: STM32F746 Discovery Rev 1.A, www.emcraft.com
DRAM: 8 MB
In: serial
Out: serial
Err: serial
Net: STM32_MAC
Hit any key to stop autoboot: 0
Auto-negotiation...completed.
STM32_MAC: link UP (100/Full)
Using STM32_MAC device
TFTP from server 172.17.4.1; our IP address is 172.17.4.206
Filename 'stm32f7/uImage'.
Load address: 0xc0007fc0
Loading: *
TFTP error: 'File not found' (1)
Not retrying...
Wrong Image Format for bootm command
ERROR: can't get kernel image! `
The image folder and file is chrooted:
root#DESKTOP-26MQUER:/tftpboot/stm32f7# ls -la
drwxrwxrwx 2 root root 4096 gen 12 16:06 .
drwxrwxrwx 3 root root 4096 gen 10 14:36 ..
-rw-r--r-- 1 root root 0 gen 12 16:06 pippo
-rwxrwxrwx 1 root root 1384352 gen 12 16:02 uImage
the tftp file is this
root#DESKTOP-26MQUER:/tftpboot/stm32f7# cat /etc/xinetd.d/tftp
service tftp
{
protocol = udp
port = 69
socket_type = dgram
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = /tftpboot
disable = no
}
Please notice that the xinetd service is active.
I can't understand the problem, guidance will be appreciated.
If have checked all possible point on tftp config, the issue is still there, you can try a standalone tftp server(standalone means not be managed by xinetd):
1, try to install tftpd-hpa
2, config tftpd-hpa
$ sudo vi /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="-l -c -s"
3, start tftp server
$ sudo service tftpd-hpa restart
Even though this is an old thread.In my case it problem was that (CentOS) /usr/lib/systemd/system/tftp.service contained only -s [path to dir] and xinet wasn't using tftp config.So adding switches from xinet tftp config to tftp.service solve my problem.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
'ab' program freezes after lots of requests, why?
Here's a simple test server:
require 'rubygems'
require 'rack'
require 'thin'
class HelloWorld
def call(env)
[200, {"Content-Type" => "text/plain"}, "OK"]
end
end
Rack::Handler::Thin.run HelloWorld.new, :Port => 9294
#I've tried with these added too, 'rack.multithread' => true, 'rack.multiprocess' => true
Here's a test run:
$ ab -n 20000 http://0.0.0.0:9294/sdf
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 0.0.0.0 (be patient)
Completed 2000 requests
Completed 4000 requests
Completed 6000 requests
Completed 8000 requests
Completed 10000 requests
Completed 12000 requests
Completed 14000 requests
Completed 16000 requests
apr_poll: The timeout specified has expired (70007)
Total of 16347 requests completed
It breaks down at around 16500. Why? How can I find out what's going on. Is it GC in ruby or is it something with number of available network sockets on an OS X machine. I have a MPB 2.5 Ghz 6G memory.
Edit
After some discussion here and testing various things, it seems like changing net.inet.tcp.msl from 15000 to 1000ms makes the problem of testing high frequency web servers with ab go away.
sudo sysctl -w net.inet.tcp.msl=1000 # this is only good for local development
See referenced question with the answer to this problem. 'ab' program freezes after lots of requests, why?
I'll add the solution here for claritys sake. The correct solution for managing to do high frequency tests with ab on os X is to change the 'net.inet.tcp.msl' setting from 15000ms to 1000ms. This should only be done on development boxes.
sudo sysctl -w net.inet.tcp.msl=1000 # this is only good for local development
This answer was found after the good detective work performed in the comments here and comes from an answer to a very similar question here's the answer: https://stackoverflow.com/a/6699135/155031
I think I've got it.
When ab makes connections to your test server, it opens a source port (say, 50134) and makes a connection to the destination port (9294).
The ports that ab opens for the source port are determined by the sysctl settings net.inet.ip.portrange.first and net.inet.ip.portrange.last. For example, on my machine:
philippotter ~ $ sysctl -a | grep ip.portrange
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.first: 49152
net.inet.ip.portrange.last: 65535
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535
This means that ab's source ports will be in the range from 49152 to 65535, which is a total of 16384.
HTTP is a TCP protocol. When a TCP connection is closed, it goes into the TIME_WAIT state, while it waits for any remaining in-transit packets to reach their destinations. This means that the port is not usable for any other purpose until the timeout is reached.
So, putting all of this together, ab uses up all available source ports very quickly; they go into the TIME_WAIT state; they can't be reused; ab is unable to create any more connections.
You can see this if you kill ab when it hangs, and run it again -- it won't be able to create any connections!
I need to use sendmail from Macs in an office. At the moment, I can get it to work on the two development Macs (which I think is due to MAMP being installed and working), but getting it to go on the others seems to be a problem...
I assume it's down to some config issue, and hope there's someway to fix it (without resorting to installing MAMP on each machine !).
I think it may be down to the 'local' nature of the from, but not sure. Here's a dump of /var/log/mail.log if that's any help:
Nov 14 14:37:06 claire-g5 postfix/master[5339]: daemon started -- version 2.4.3, configuration /etc/postfix
Nov 14 14:37:06 claire-g5 postfix/qmgr[5341]: 2B625250BDB: from=<claire#claire-g5.local>, size=1131, nrcpt=1 (queue active)
Nov 14 14:37:06 claire-g5 postfix/qmgr[5341]: D5D19250D5A: from=<claire#claire-g5.local>, size=1191, nrcpt=1 (queue active)
Nov 14 14:37:06 claire-g5 postfix/smtp[5344]: 2B625250BDB: host mx01.xxx.uk[212.x.x.134] said: 451 cannot relay now to <xx#xx.com>, please try again later (in reply to RCPT TO command)
Nov 14 14:37:06 claire-g5 postfix/smtp[5346]: D5D19250D5A: host mx01.xxx.uk[212.x.x.186] said: 451 cannot relay now to <xx#xx.com>, please try again later (in reply to RCPT TO command)
Nov 14 14:37:07 claire-g5 postfix/smtp[5346]: D5D19250D5A: to=<xx#xx.com>, relay=mx01.xxx.uk[212.x.x.134]:25, delay=2350, delays=2349/0.08/0.7/0.12, dsn=4.0.0, status=deferred (host mx01.xxx.uk[212.x.x.134] said: 451 cannot
Nov 14 14:37:07 claire-g5 postfix/pickup[5340]: 1A2EC2511D1: uid=501 from=<claire
Note that it's postfix that you have running on your mac, not sendmail.
The problem is that the machine mx01.xxx.uk[212.x.x.134] is configured to block mail relaying (accepting an email over SMTP and sending it on to the final mail server). The postfix configuration files are normally stored in /etc/postfix so you could start by looking there. In particular, look at the mynetworks setting in main.cf.
Ah ha! Thanks Denis - this looks like the beasty...
### MAMP Postfix Configuration - Start ###
myorigin = example.com
myhostname = mailer.$myorigin
smtpd_sender_restrictions = permit_inet_interfaces
# smart host
relayhost = auth.example.co.uk
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_MAMP_passwd
smtp_sasl_security_options = noanonymous
### MAMP Postfix Configuration - End ###
# DONT REMOVE: MAMP PRO main.cf template compatibility version: 1
I'll give it a go, and get back to you.