Spring Boot app is configured (default) to run Tomcat on port 8080. This application gets deployed on AWS via BoxFuse tool and exposed at port 8080 (as expected/configured).
I have tried setting server port to 80 in boot application properties but it causes permission denied issue and the solution seems to be modifying iptables or reverse proxy. ipTables modification is not possible due to boxFuse image/env not being editable.
Question: Is there a way in BoxFuse to setup the spring boot application on port 80 without actually setting up another instance for reverse proxy? It is an overhead to setup an instance just for port correction since can't change the iptables.
Also, Is it possible that this application is run with root privileges on the AWS instance so that I do not need to modify iptables or set up reverse proxy?
There is a -ports.Name option available when deploying the application with BoxFuse.
Docs: https://cloudcaptain.sh/docs/gradle/run
Example:
boxfuse -ports.http=80 -env=test run myapprepo/myapp:0.1
Verified on local dev environment. For Mac, it should be run as a privileged command via sudo
sudo boxfuse -ports.http=80 run myapprepo/myapp:0.1
To add, works for 443 too.
Related
I am using Windows command to run my spring-boot application with emblemed tomcat. Beside, I need to run many console application using CommandlineRunner. Off cource I am facing port in use issue.
***************************
APPLICATION FAILED TO START
***************************
Description:
Web server failed to start. Port 8080 was already in use.
Action:
Identify and stop the process that's listening on port 8080 or configure this application to listen on another port.
I can set port in every console application but I need to run at least 10 console application at the same time.
Do I have any config or solution for application auto-change port?
You can auto generate port number to get rid from Port was already in use. just put server.port= 0 in properties or yml. It is auto generate server port in console.
application.properties
server.port= 0
application.yml
server:
port : 0
console
How to expose ${PORT} spring boot application in docker?
Spring boot application starts on a random port and I have to expose the same in docker.
Is it possible?
As mentioned in the comment, better to have a static port on the application side otherwise mapping exact port will be hard.
How to configure port for a Spring Boot application
Another option is to use the host network, so you will be able to access the application using container port, but this option is available for Linux only.
If you use the host network mode for a container, that container’s network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated. For instance, if you run a container which binds to port 80 and you use host networking, the container’s application is available on port 80 on the host’s IP address.
docker-host-network
docker run -it --net host --rm my_app
suppose your app is running on some random port 8087, then you will able to access the application using http://localhost:8087 because of --net host
I have created a Google compute instance with Container-optimized-OS image.
I have configured the firewall to allow http and https.
I am using the docker image with spring boot application which connects to cloudsql. When I use run command on compute engine instance ssh, i.e. (docker run --rm name), the spring boot app is started successfully.
When I try to access the webservices through compute engine instance external ip, it is not working.
I went through a different question, and found that I should try using the sudo wget http://localhost command on the instance cli first and if it is good then everything should be good. But I am getting a connection refused message on 127.0.0.1:80.
I also tried the command to open port from Container optimized OS, I.E.
sudo iptables -w -A INPUT -p tcp --dport 80 -j ACCEPT , nothing is working.
The default port for Spring Boot is 8080 and not 80.
Run this command inside the instance container to see what ports are in LISTENING state:
sudo netstat -tulpn | grep LISTEN
You can redirect port 80 to port 8080 with this command:
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
Note: This iptables command only redirects port 80 to 8080 on network interfaces. This has no effect for localhost or 127.0.0.1.
For Google Compute Engine instances you do not need to enable ports using iptables. This is done via Google VPC firewall rules. You can use both but make sure you understand exactly what you are configuring and the side effects.
Note: Your Spring Boot application needs to listen on 0.0.0.0 and not 127.0.0.1 nor localhost. The last two are internal only addresses. 0.0.0.0 means listen on all network interfaces.
Note: Do not use sudo in front of wget. This is not necessary.
First, confirm what port your springboot application uses - if it's 8080 or 80. This depends on what you have configured inside application.properties file. This port is referred to as ContainerPort in below steps.
Execute docker run <image-name>:<tag>. This will run the image and show container logs on the console. If there is something wrong with your spring-boot app, the logs will show that and the container will shutdown. Press Ctrl+C to stop the container and return to shell.
If there is no error in step 1 run docker run -d -p<HostPort>:<ContainerPort> <image-name>:<tag>. Here HostPort is any free port in your GCP host VM and ContainerPort is the port used by your spring boot application within the container. Option d starts your container in detached mode.
Run docker ps and make sure that the container started in step 2 is running. It may not run if there is an error - for example if the HostPort you specified is already in use.
If step 3 shows that the container is running, execute curl http://localhost:<HostPort>/<End-Point-Path>. Here End-Point-Path is a valid path to a working endpoint within the container. If the endpoint is correct you should see expected result from the spring-boot app in the console.
Navigate to Google Cloud Console -> VPC network -> Firewall rules and add a firewall rule to open HostPort on your GCP VM.
Access your endpoint via the VM's external IP with URL - http://<VM-External-IP>:<HostPort>/<End-Point-Path>
Unless there is an application issue with your spring-boot app these steps should get you going.
I was able to build the correct solution by your help (John Hanley and Cyac).
I am combining both solutions in order to help the next person facing this.
As told by John, by default Spring boot uses port 8080, not 80 and as specified by Cyac you need to specify the port as 80 explicitly in application.properties file using
server.port=80
Make sure you expose the port 80 in docker image
On GCP Contaier optimized OS make sure you have allowed traffic for HTTP and HTTPs
Run command:
sudo iptables -w -A INPUT -p tcp --dport 80 -j ACCEPT
Run docker using:
docker run -p 80:80 SPRING_IMAGE.
Where SPRING_IMAGE is the name of the docker image with spring boot build.
Test by using curl http://localhost/ENDPOINT_NAME , e.g. http://localhost/shops/all
I tried to run this hello world app on an AWS EC2 instance with docker-compose up --build . It works as expected and is accessible remotely from the EC2 public IP when I use port 80 i.e., "80:80" as shown in the docker-compose file.
However, if I change to another port such as "5106:80", it is not accessible from a remote host using <public IPv4 address>:5106 even though it's available locally if I ssh unto the EC2 instance and try localhost:5106. Please note:
I've ensured the EC2 is in a public subnet and I have configured the security group to make the port (in this case, 5106) accept inbound traffic from my laptop.
I know it's not a problem with the hello-world app because I experience exactly the same problem with another app i.e., only port 80 works with docker-compose port mapping on EC2.
As it works with port 80 and doesn't work with port 5106 it could mean one of two possibilities:
There is an issue with your security groups. You should check you have added port 5106 in your inbound rules of your security group.
There is an issue with a firewall or antivirus that doesn't allow you to connect to web pages in different ports rather than 80 or 443. You may try if this happens with another device or on another network.
In this case, it seemed to be the latter.
Possible that the docker network needs to be deleted?
docker network rm $(docker network ls -q)
Then run docker-compose up again.
I set up JMX on one of services running on Amazon EC2 instance but it doesn't work properly. I'm using VisualVM to connect and after short period of pending it fails with timeout. Looks like it fails because of missing response data or lags. I checked that JMX port is enabled in security group and also tried with different port with no JMX enabled and also with port not enabled in security group settings and both fails immediately, so it looks different. My EC2 instance and desktop both have Ubuntu 12.04 and JDK 7 installed.
It turns out ports don't make sense since connection is SSL secured. I have a private key and have no idea how to use it with JConsole or VisualVM.
JMX needs an RMI registry operating on an open port. By default the RMI registry port is chosen randomly at the startup time and it doesn't play well with firewalls.
Since JDK7u4 you can use
-Dcom.sun.management.jmxremote.rmi.port=<port>
to set the RMI port to be used. Then you can enable that port in the security group.
Note the .rmi. part of the above setting because this usually gets confused with the com.sun.management.jmxremote.port setting. You should not!
This works for me. Set the JMX options on your server:
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=<some port>
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Djava.rmi.server.hostname=localhost
Open up an SSH tunnel:
ssh -i /path/to/key -D <some port> username#public_dns_address
Start VisualVM:
jvisualvm -J-Dnetbeans.system_socks_proxy=localhost:<some port> -J-Djava.net.useSystemProxies=true
Add a remote connection to the server. Add a JMX connection using the port you've specified for JMX.
To be clear, in all three cases above, should be the same port.