You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Yuri E <th...@gmail.com> on 2012/12/06 17:19:46 UTC
I can only access Tomcat 7 when running via console (startup.bat)
Hi,
I'm using Windows XP Professional SP3, 32 bits, and Tomcat 7.0.
Recently I started developping a web application for the company I'm
working for, and I decided to use Tomcat as Web Server.
The first thing I did was download the zip version, and start Tomcat using
the Windows Command Prompt (startup.bat). Then, I deployed my app and
configured my router (TP-Link) to foward the 8080 port to my IP adress (it
has reserved IP by MAC adress). I'm using DHCP connection to access web.
I tried to access my webb app through "http://localhost:8080", and
everything was fine, then I tried with "http://[router-ip]:8080", and it
worked without problems.
But I didn't liked the console window which appears when Tomcat is started,
so I decided to install Tomcat through the .exe installer. First, I stopped
Tomcat by closing the console window opened in the startup, and then I
installed Tomcat as service using the .exe.
I restarted the computer, and Tomcat automatically started. Good. But when
I went to access my web app again using router's IP, I couldn't. Then, I
tried to access Tomcat's Welcome Page using Firefox (http://localhost:8080),
and everything was ok. After that, I tried using my router's IP (with
Firefox), and I received an error message saying that "the connection was
reset".
What I want to know is what I need to do to access Tomcat (running as
service) from web, taking into account that it works perfectly when running
in the console window.
Thanks for any help.
*Yuri E. - Brazil*
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
André,
On 12/11/12 6:28 PM, André Warnier wrote:
> Yuri E wrote:
>>>
>> I added a exception for the 8080 port in the Windows XP Firewall
>> settings. Tomcat is working now. Thanks for all the answers.
>>
>
> Yuri, for me that still does not explain why you could access
> Tomcat from "outside" when it was running in a console, but not
> when it was running as a service. Just opening port 8080 should
> either allow both, or none. Something here doesn't fit.
Just like Chuck said:
Running from the console runs java.exe (or javaw.exe -- can't
remember). He probably said "Allow" at some point long ago to a pop-up
asking about java.exe accepting network connections.
Running as a service runs Tomcat7.exe and services probably never
pop-up anything asking for allowing incoming network connections, so
it remained blocked.
It's probably worth logging an enhancement request to (optionally)
configure the firewall when installing Tomcat as a service.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEAREIAAYFAlDIogQACgkQ9CaO5/Lv0PBQVACgn2vhBv1jgCfDnyNKDzgSBNf0
zoIAn00GDKPi8l2epOirBeUmujIGFDQS
=P9Fm
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by Yuri E <th...@gmail.com>.
2012/12/11 André Warnier <aw...@ice-sa.com>
> Yuri E wrote:
>
>>
>>> I added a exception for the 8080 port in the Windows XP Firewall
>> settings.
>> Tomcat is working now.
>> Thanks for all the answers.
>>
>>
> Yuri, for me that still does not explain why you could access Tomcat from
> "outside" when it was running in a console, but not when it was running as
> a service.
> Just opening port 8080 should either allow both, or none.
> Something here doesn't fit.
>
I know that's weird, but It's the exactly what happens to me.
Firewall status:
- on -> only the "console way" is accessible from Internet (outside my
local network)
- on, with 8080 port added to "Exceptions List" (Exceptions tab in Firewall
Settings) -> both ways are accessible from Internet
- off -> both ways are accessible from Internet
> Or what exception exactly did you add ?
>
>
>
I went to Windows Firewall Settings window, then, in the "Exceptions" tab,
I added the 8080 port (I also named as TomcatTCP) with the "TCP" option
selected, then I added the 8080 port again (named as TomcatUDP) with the
"UDP" option selected.
After all this, two itens were added to the Exceptions List: TomcatTCP and
TomcatUDP. Then I could access Tomcat (so my app too) from global Internet
(using the router's IP).
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<us...@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by André Warnier <aw...@ice-sa.com>.
Yuri E wrote:
>>
> I added a exception for the 8080 port in the Windows XP Firewall settings.
> Tomcat is working now.
> Thanks for all the answers.
>
Yuri, for me that still does not explain why you could access Tomcat from "outside" when
it was running in a console, but not when it was running as a service.
Just opening port 8080 should either allow both, or none.
Something here doesn't fit.
Or what exception exactly did you add ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by Yuri E <th...@gmail.com>.
2012/12/11 Christopher Schultz <ch...@christopherschultz.net>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Yuri,
>
> On 12/10/12 11:22 PM, Yuri E wrote:
> > 2012/12/10 Daniel Mikusa <dm...@vmware.com>
> >
> >> On Dec 10, 2012, at 11:28 AM, André Warnier wrote:
> >>
> >>> Yuri E wrote:
> >>>> 2012/12/7 André Warnier <aw...@ice-sa.com>
> >>>>> Christopher Schultz wrote:
> >>>>>
> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
> >>>>>>
> >>>>>> André,
> >>>>>>
> >>>>>> On 12/7/12 1:55 PM, André Warnier wrote:
> >>>>>>
> >>>>>>> I am relatively familiar with tomcat under Windows,
> >>>>>>> and if your explanations of what works and what
> >>>>>>> doesn't above are exact, then I don't know either.
> >>>>>>>
> >>>>>> One possibility: during the installation, the user chose
> >>>>>> to bind only to localhost instead of 0.0.0.0.
> >>>>>>
> >>>>> Aaaah. Yes, and that choice probably only exists in the
> >>>>> Service
> >> installer.
> >>>>> That would fit. And he would see that with netstat.
> >>>>>
> >>>>>>
> >>>> "netstat -abn" results: -- running Tomcat on console: TCP
> >>>> 0.0.0.0:8009 0.0.0.0:0 LISTENING
> >> 3844
> >>>> [java.exe] TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
> >> 3844
> >>>> [java.exe] TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING
> >> 3844
> >>>> [java.exe] -- running Tomcat as Service: TCP 0.0.0.0:8009
> >>>> 0.0.0.0:0 LISTENING
> >> 488
> >>>> [Tomcat7.exe] TCP 0.0.0.0:8080 0.0.0.0:0
> >>>> LISTENING
> >> 488
> >>>> [Tomcat7.exe] TCP 127.0.0.1:8005 0.0.0.0:0
> >>>> LISTENING
> >> 488
> >>>> [Tomcat7.exe]
> >>>
> >>> Well, Chris, that was a worthy guess, but apparently it is not
> >>> the
> >> reason here.
> >>>
> >>> Didactic section :
> >>>
> >>> In both cases above (running in a console window and running
> >>> as a
> >> Service), we have Tomcat listening :
> >>> - on port 8080, all interfaces, all IP addresses. That's the
> >>> HTTP
> >> Connector
> >>> (see in server.xml) - on port 8009, all interfaces, all IP
> >>> addresses. That's the AJP
> >> Connector
> >>> (see in server.xml) (and maybe you don't need that one, and
> >>> can
> >> comment it out)
> >>> - on port 8005, only on the "localhost" address. That is the
> >>> "shutdown
> >> port", which is limited to listening for calls originating from
> >> the same physical host, for security reasons (so that nobody can
> >> shut down your Tomcat from the internet e.g.)
> >>>
> >>> And the reason why in one case the process is "Tomcat7.exe"
> >>> and in the
> >> other case it is "java.exe" :
> >>> - when Tomcat runs as a Service, there is a "service wrapper"
> >>> involved,
> >> which "wraps around" the java process (and Tomcat in it), and
> >> which provides the special functions that Windows Services must
> >> provide for Windows (like listening to Windows "star/stop
> >> service" messages etc..). This wrapper is a copy of the
> >> procrun.exe program, renamed to "tomcat7.exe" for convenience.
> >>> So when you run Tomcat as a Service, Windows really starts
> >> "tomcat7.exe", and tomcat7.exe runs java.exe which runs tomcat.
> >>>
> >>> -- end of didactic section --
> >>>
> >>>
> >>> To summarise what is happening now :
> >>>
> >>> 1) Tomcat running in a console window : a) can be accessed
> >>> from a browser running on the same machine b) can be accessed
> >>> from a browser running on another machine
> >>>
> >>> 2) Tomcat running as a Windows Service : a) can be accessed
> >>> from a browser running on the same machine b) but cannot be
> >>> accessed from a browser running on another machine
> >>>
> >>> while in both cases it is listening to 0.0.0.0:8080
> >>>
> >>> It it was a DNS issue, then both 1-b and 2-b wouldn't work.
> >>> But only 2-b
> >> doesn't work.
> >>> If it was a firewall issue or similar, we'd have the same. If
> >>> it was an issue of the java parameters or others used when
> >>> starting
> >> tomcat as a service, then both 2-a and 2-b would not work. But
> >> 2-a works.
> >>>
> >>> Some weird MS security rule, applying to services but not to
> >>> regular
> >> processes ?
> >>>
> >>> Yuri, can you repeat for us which exact URL's you are using to
> >>> access
> >> Tomcat, in each of the cases above ?
> >>>
> >>> 1-a : 1-b : 2-a : 2-b :
> >>>
> >>> and how the problem shows up, when "it does not work" ?
> >>
> >> Also, if you have a firewall running on the server, how is it
> >> configured? Do you have a rule to allow tcp on port 8080? I ask
> >> because some firewalls will restrict at the application level as
> >> well as the port level. For example, only "java.exe" is allowed
> >> to listen on port 8080.
> >>
> >> Dan
> >>
> >>
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>>
> >>>
> >>>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>
> >>
> >>
> >> ---------------------------------------------------------------------
> >>
> >>
> >>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> > I couldn't access your answers at work today. Then I decided to
> > make the tests at home. I installed Tomcat exactly as the same
> > manner as I installed on my work PC. The problem was the same. But
> > then I read the answers, and I saw something that I've not tried
> > yet. The Windows Firewall. I turned off the Firewall, and
> > everything worked very well. Now I have to test the same solution
> > on my work PC.
>
> Yup: Windows, like many other OSs, can whitelist certain processes for
> binding to certain ports. For some reason, a binary not on the
> whitelist appears to still be able to bind to the port, but nothing
> can access it.
>
> The Windows firewall has a configuration screen where you can modify
> those binaries that may do certain things. You'll need to duplicate
> the "java.exe" one that we are fairly sure works (or maybe
> "javaw.exe") and change the binary to "Tomcat7.exe".
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
>
> iEYEAREIAAYFAlDHQSAACgkQ9CaO5/Lv0PBckgCgiokfKX6mwgJAgq4F27+XwTSn
> 7/QAn2LEqDU2JQ1JLrtyNOwihTv2Kv42
> =1GjK
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
I added a exception for the 8080 port in the Windows XP Firewall settings.
Tomcat is working now.
Thanks for all the answers.
*Yuri E. - Brazil*
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Yuri,
On 12/10/12 11:22 PM, Yuri E wrote:
> 2012/12/10 Daniel Mikusa <dm...@vmware.com>
>
>> On Dec 10, 2012, at 11:28 AM, André Warnier wrote:
>>
>>> Yuri E wrote:
>>>> 2012/12/7 André Warnier <aw...@ice-sa.com>
>>>>> Christopher Schultz wrote:
>>>>>
>>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>>>>>
>>>>>> André,
>>>>>>
>>>>>> On 12/7/12 1:55 PM, André Warnier wrote:
>>>>>>
>>>>>>> I am relatively familiar with tomcat under Windows,
>>>>>>> and if your explanations of what works and what
>>>>>>> doesn't above are exact, then I don't know either.
>>>>>>>
>>>>>> One possibility: during the installation, the user chose
>>>>>> to bind only to localhost instead of 0.0.0.0.
>>>>>>
>>>>> Aaaah. Yes, and that choice probably only exists in the
>>>>> Service
>> installer.
>>>>> That would fit. And he would see that with netstat.
>>>>>
>>>>>>
>>>> "netstat -abn" results: -- running Tomcat on console: TCP
>>>> 0.0.0.0:8009 0.0.0.0:0 LISTENING
>> 3844
>>>> [java.exe] TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
>> 3844
>>>> [java.exe] TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING
>> 3844
>>>> [java.exe] -- running Tomcat as Service: TCP 0.0.0.0:8009
>>>> 0.0.0.0:0 LISTENING
>> 488
>>>> [Tomcat7.exe] TCP 0.0.0.0:8080 0.0.0.0:0
>>>> LISTENING
>> 488
>>>> [Tomcat7.exe] TCP 127.0.0.1:8005 0.0.0.0:0
>>>> LISTENING
>> 488
>>>> [Tomcat7.exe]
>>>
>>> Well, Chris, that was a worthy guess, but apparently it is not
>>> the
>> reason here.
>>>
>>> Didactic section :
>>>
>>> In both cases above (running in a console window and running
>>> as a
>> Service), we have Tomcat listening :
>>> - on port 8080, all interfaces, all IP addresses. That's the
>>> HTTP
>> Connector
>>> (see in server.xml) - on port 8009, all interfaces, all IP
>>> addresses. That's the AJP
>> Connector
>>> (see in server.xml) (and maybe you don't need that one, and
>>> can
>> comment it out)
>>> - on port 8005, only on the "localhost" address. That is the
>>> "shutdown
>> port", which is limited to listening for calls originating from
>> the same physical host, for security reasons (so that nobody can
>> shut down your Tomcat from the internet e.g.)
>>>
>>> And the reason why in one case the process is "Tomcat7.exe"
>>> and in the
>> other case it is "java.exe" :
>>> - when Tomcat runs as a Service, there is a "service wrapper"
>>> involved,
>> which "wraps around" the java process (and Tomcat in it), and
>> which provides the special functions that Windows Services must
>> provide for Windows (like listening to Windows "star/stop
>> service" messages etc..). This wrapper is a copy of the
>> procrun.exe program, renamed to "tomcat7.exe" for convenience.
>>> So when you run Tomcat as a Service, Windows really starts
>> "tomcat7.exe", and tomcat7.exe runs java.exe which runs tomcat.
>>>
>>> -- end of didactic section --
>>>
>>>
>>> To summarise what is happening now :
>>>
>>> 1) Tomcat running in a console window : a) can be accessed
>>> from a browser running on the same machine b) can be accessed
>>> from a browser running on another machine
>>>
>>> 2) Tomcat running as a Windows Service : a) can be accessed
>>> from a browser running on the same machine b) but cannot be
>>> accessed from a browser running on another machine
>>>
>>> while in both cases it is listening to 0.0.0.0:8080
>>>
>>> It it was a DNS issue, then both 1-b and 2-b wouldn't work.
>>> But only 2-b
>> doesn't work.
>>> If it was a firewall issue or similar, we'd have the same. If
>>> it was an issue of the java parameters or others used when
>>> starting
>> tomcat as a service, then both 2-a and 2-b would not work. But
>> 2-a works.
>>>
>>> Some weird MS security rule, applying to services but not to
>>> regular
>> processes ?
>>>
>>> Yuri, can you repeat for us which exact URL's you are using to
>>> access
>> Tomcat, in each of the cases above ?
>>>
>>> 1-a : 1-b : 2-a : 2-b :
>>>
>>> and how the problem shows up, when "it does not work" ?
>>
>> Also, if you have a firewall running on the server, how is it
>> configured? Do you have a rule to allow tcp on port 8080? I ask
>> because some firewalls will restrict at the application level as
>> well as the port level. For example, only "java.exe" is allowed
>> to listen on port 8080.
>>
>> Dan
>>
>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>>
>>>
>>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>>
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> I couldn't access your answers at work today. Then I decided to
> make the tests at home. I installed Tomcat exactly as the same
> manner as I installed on my work PC. The problem was the same. But
> then I read the answers, and I saw something that I've not tried
> yet. The Windows Firewall. I turned off the Firewall, and
> everything worked very well. Now I have to test the same solution
> on my work PC.
Yup: Windows, like many other OSs, can whitelist certain processes for
binding to certain ports. For some reason, a binary not on the
whitelist appears to still be able to bind to the port, but nothing
can access it.
The Windows firewall has a configuration screen where you can modify
those binaries that may do certain things. You'll need to duplicate
the "java.exe" one that we are fairly sure works (or maybe
"javaw.exe") and change the binary to "Tomcat7.exe".
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEAREIAAYFAlDHQSAACgkQ9CaO5/Lv0PBckgCgiokfKX6mwgJAgq4F27+XwTSn
7/QAn2LEqDU2JQ1JLrtyNOwihTv2Kv42
=1GjK
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by Yuri E <th...@gmail.com>.
2012/12/10 Daniel Mikusa <dm...@vmware.com>
> On Dec 10, 2012, at 11:28 AM, André Warnier wrote:
>
> > Yuri E wrote:
> >> 2012/12/7 André Warnier <aw...@ice-sa.com>
> >>> Christopher Schultz wrote:
> >>>
> >>>> -----BEGIN PGP SIGNED MESSAGE-----
> >>>> Hash: SHA256
> >>>>
> >>>> André,
> >>>>
> >>>> On 12/7/12 1:55 PM, André Warnier wrote:
> >>>>
> >>>>> I am relatively familiar with tomcat under Windows, and if your
> >>>>> explanations of what works and what doesn't above are exact, then
> >>>>> I don't know either.
> >>>>>
> >>>> One possibility: during the installation, the user chose to bind only
> >>>> to localhost instead of 0.0.0.0.
> >>>>
> >>> Aaaah. Yes, and that choice probably only exists in the Service
> installer.
> >>> That would fit.
> >>> And he would see that with netstat.
> >>>
> >>>>
> >> "netstat -abn" results:
> >> --
> >> running Tomcat on console:
> >> TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING
> 3844
> >> [java.exe]
> >> TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
> 3844
> >> [java.exe]
> >> TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING
> 3844
> >> [java.exe]
> >> --
> >> running Tomcat as Service:
> >> TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING
> 488
> >> [Tomcat7.exe]
> >> TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
> 488
> >> [Tomcat7.exe]
> >> TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING
> 488
> >> [Tomcat7.exe]
> >
> > Well, Chris, that was a worthy guess, but apparently it is not the
> reason here.
> >
> > Didactic section :
> >
> > In both cases above (running in a console window and running as a
> Service), we have Tomcat listening :
> > - on port 8080, all interfaces, all IP addresses. That's the HTTP
> Connector
> > (see in server.xml)
> > - on port 8009, all interfaces, all IP addresses. That's the AJP
> Connector
> > (see in server.xml) (and maybe you don't need that one, and can
> comment it out)
> > - on port 8005, only on the "localhost" address. That is the "shutdown
> port", which is limited to listening for calls originating from the same
> physical host, for security reasons (so that nobody can shut down your
> Tomcat from the internet e.g.)
> >
> > And the reason why in one case the process is "Tomcat7.exe" and in the
> other case it is "java.exe" :
> > - when Tomcat runs as a Service, there is a "service wrapper" involved,
> which "wraps around" the java process (and Tomcat in it), and which
> provides the special functions that Windows Services must provide for
> Windows (like listening to Windows "star/stop service" messages etc..).
> This wrapper is a copy of the procrun.exe program, renamed to
> "tomcat7.exe" for convenience.
> > So when you run Tomcat as a Service, Windows really starts
> "tomcat7.exe", and tomcat7.exe runs java.exe which runs tomcat.
> >
> > -- end of didactic section --
> >
> >
> > To summarise what is happening now :
> >
> > 1) Tomcat running in a console window :
> > a) can be accessed from a browser running on the same machine
> > b) can be accessed from a browser running on another machine
> >
> > 2) Tomcat running as a Windows Service :
> > a) can be accessed from a browser running on the same machine
> > b) but cannot be accessed from a browser running on another machine
> >
> > while in both cases it is listening to 0.0.0.0:8080
> >
> > It it was a DNS issue, then both 1-b and 2-b wouldn't work. But only 2-b
> doesn't work.
> > If it was a firewall issue or similar, we'd have the same.
> > If it was an issue of the java parameters or others used when starting
> tomcat as a service, then both 2-a and 2-b would not work. But 2-a works.
> >
> > Some weird MS security rule, applying to services but not to regular
> processes ?
> >
> > Yuri, can you repeat for us which exact URL's you are using to access
> Tomcat, in each of the cases above ?
> >
> > 1-a :
> > 1-b :
> > 2-a :
> > 2-b :
> >
> > and how the problem shows up, when "it does not work" ?
>
> Also, if you have a firewall running on the server, how is it configured?
> Do you have a rule to allow tcp on port 8080? I ask because some
> firewalls will restrict at the application level as well as the port level.
> For example, only "java.exe" is allowed to listen on port 8080.
>
> Dan
>
>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
I couldn't access your answers at work today. Then I decided to make the
tests at home. I installed Tomcat exactly as the same manner as I installed
on my work PC. The problem was the same. But then I read the answers, and I
saw something that I've not tried yet. The Windows Firewall. I turned off
the Firewall, and everything worked very well. Now I have to test the same
solution on my work PC.
Thanks to everyone.
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by Daniel Mikusa <dm...@vmware.com>.
On Dec 10, 2012, at 11:28 AM, André Warnier wrote:
> Yuri E wrote:
>> 2012/12/7 André Warnier <aw...@ice-sa.com>
>>> Christopher Schultz wrote:
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA256
>>>>
>>>> André,
>>>>
>>>> On 12/7/12 1:55 PM, André Warnier wrote:
>>>>
>>>>> I am relatively familiar with tomcat under Windows, and if your
>>>>> explanations of what works and what doesn't above are exact, then
>>>>> I don't know either.
>>>>>
>>>> One possibility: during the installation, the user chose to bind only
>>>> to localhost instead of 0.0.0.0.
>>>>
>>> Aaaah. Yes, and that choice probably only exists in the Service installer.
>>> That would fit.
>>> And he would see that with netstat.
>>>
>>>>
>> "netstat -abn" results:
>> --
>> running Tomcat on console:
>> TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 3844
>> [java.exe]
>> TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 3844
>> [java.exe]
>> TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING 3844
>> [java.exe]
>> --
>> running Tomcat as Service:
>> TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 488
>> [Tomcat7.exe]
>> TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 488
>> [Tomcat7.exe]
>> TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING 488
>> [Tomcat7.exe]
>
> Well, Chris, that was a worthy guess, but apparently it is not the reason here.
>
> Didactic section :
>
> In both cases above (running in a console window and running as a Service), we have Tomcat listening :
> - on port 8080, all interfaces, all IP addresses. That's the HTTP Connector
> (see in server.xml)
> - on port 8009, all interfaces, all IP addresses. That's the AJP Connector
> (see in server.xml) (and maybe you don't need that one, and can comment it out)
> - on port 8005, only on the "localhost" address. That is the "shutdown port", which is limited to listening for calls originating from the same physical host, for security reasons (so that nobody can shut down your Tomcat from the internet e.g.)
>
> And the reason why in one case the process is "Tomcat7.exe" and in the other case it is "java.exe" :
> - when Tomcat runs as a Service, there is a "service wrapper" involved, which "wraps around" the java process (and Tomcat in it), and which provides the special functions that Windows Services must provide for Windows (like listening to Windows "star/stop service" messages etc..). This wrapper is a copy of the procrun.exe program, renamed to "tomcat7.exe" for convenience.
> So when you run Tomcat as a Service, Windows really starts "tomcat7.exe", and tomcat7.exe runs java.exe which runs tomcat.
>
> -- end of didactic section --
>
>
> To summarise what is happening now :
>
> 1) Tomcat running in a console window :
> a) can be accessed from a browser running on the same machine
> b) can be accessed from a browser running on another machine
>
> 2) Tomcat running as a Windows Service :
> a) can be accessed from a browser running on the same machine
> b) but cannot be accessed from a browser running on another machine
>
> while in both cases it is listening to 0.0.0.0:8080
>
> It it was a DNS issue, then both 1-b and 2-b wouldn't work. But only 2-b doesn't work.
> If it was a firewall issue or similar, we'd have the same.
> If it was an issue of the java parameters or others used when starting tomcat as a service, then both 2-a and 2-b would not work. But 2-a works.
>
> Some weird MS security rule, applying to services but not to regular processes ?
>
> Yuri, can you repeat for us which exact URL's you are using to access Tomcat, in each of the cases above ?
>
> 1-a :
> 1-b :
> 2-a :
> 2-b :
>
> and how the problem shows up, when "it does not work" ?
Also, if you have a firewall running on the server, how is it configured? Do you have a rule to allow tcp on port 8080? I ask because some firewalls will restrict at the application level as well as the port level. For example, only "java.exe" is allowed to listen on port 8080.
Dan
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: I can only access Tomcat 7 when running via console
(startup.bat)
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: André Warnier [mailto:aw@ice-sa.com]
> Subject: Re: I can only access Tomcat 7 when running via console (startup.bat)
> If it was a firewall issue or similar, we'd have the same.
Not necessarily.
> Some weird MS security rule, applying to services but not to regular processes ?
Some protection mechanisms (not just MS) only allow specific, registered processes to use the NIC. If that were in place, it's quite possible that "java.exe" is registered, but "Tomcat7.exe" is not. 127.0.0.1 does not use the NIC, so this might explain why the service is unreachable from outside the box.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by André Warnier <aw...@ice-sa.com>.
Yuri E wrote:
> 2012/12/7 André Warnier <aw...@ice-sa.com>
>
>> Christopher Schultz wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>>
>>> André,
>>>
>>> On 12/7/12 1:55 PM, André Warnier wrote:
>>>
>>>> I am relatively familiar with tomcat under Windows, and if your
>>>> explanations of what works and what doesn't above are exact, then
>>>> I don't know either.
>>>>
>>> One possibility: during the installation, the user chose to bind only
>>> to localhost instead of 0.0.0.0.
>>>
>> Aaaah. Yes, and that choice probably only exists in the Service installer.
>> That would fit.
>> And he would see that with netstat.
>>
>>>
> "netstat -abn" results:
>
> --
>
> running Tomcat on console:
>
>
> TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 3844
> [java.exe]
>
> TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 3844
> [java.exe]
>
> TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING 3844
> [java.exe]
>
> --
>
> running Tomcat as Service:
>
> TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 488
> [Tomcat7.exe]
>
> TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 488
> [Tomcat7.exe]
>
> TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING 488
> [Tomcat7.exe]
>
Well, Chris, that was a worthy guess, but apparently it is not the reason here.
Didactic section :
In both cases above (running in a console window and running as a Service), we have Tomcat
listening :
- on port 8080, all interfaces, all IP addresses. That's the HTTP Connector
(see in server.xml)
- on port 8009, all interfaces, all IP addresses. That's the AJP Connector
(see in server.xml) (and maybe you don't need that one, and can comment it out)
- on port 8005, only on the "localhost" address. That is the "shutdown port", which is
limited to listening for calls originating from the same physical host, for security
reasons (so that nobody can shut down your Tomcat from the internet e.g.)
And the reason why in one case the process is "Tomcat7.exe" and in the other case it is
"java.exe" :
- when Tomcat runs as a Service, there is a "service wrapper" involved, which "wraps
around" the java process (and Tomcat in it), and which provides the special functions that
Windows Services must provide for Windows (like listening to Windows "star/stop service"
messages etc..). This wrapper is a copy of the procrun.exe program, renamed to
"tomcat7.exe" for convenience.
So when you run Tomcat as a Service, Windows really starts "tomcat7.exe", and tomcat7.exe
runs java.exe which runs tomcat.
-- end of didactic section --
To summarise what is happening now :
1) Tomcat running in a console window :
a) can be accessed from a browser running on the same machine
b) can be accessed from a browser running on another machine
2) Tomcat running as a Windows Service :
a) can be accessed from a browser running on the same machine
b) but cannot be accessed from a browser running on another machine
while in both cases it is listening to 0.0.0.0:8080
It it was a DNS issue, then both 1-b and 2-b wouldn't work. But only 2-b doesn't work.
If it was a firewall issue or similar, we'd have the same.
If it was an issue of the java parameters or others used when starting tomcat as a
service, then both 2-a and 2-b would not work. But 2-a works.
Some weird MS security rule, applying to services but not to regular processes ?
Yuri, can you repeat for us which exact URL's you are using to access Tomcat, in each of
the cases above ?
1-a :
1-b :
2-a :
2-b :
and how the problem shows up, when "it does not work" ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by Yuri E <th...@gmail.com>.
2012/12/7 André Warnier <aw...@ice-sa.com>
> Christopher Schultz wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> André,
>>
>> On 12/7/12 1:55 PM, André Warnier wrote:
>>
>>> I am relatively familiar with tomcat under Windows, and if your
>>> explanations of what works and what doesn't above are exact, then
>>> I don't know either.
>>>
>>
>> One possibility: during the installation, the user chose to bind only
>> to localhost instead of 0.0.0.0.
>>
>
> Aaaah. Yes, and that choice probably only exists in the Service installer.
> That would fit.
> And he would see that with netstat.
>
>>
>>
"netstat -abn" results:
--
running Tomcat on console:
TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 3844
[java.exe]
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 3844
[java.exe]
TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING 3844
[java.exe]
--
running Tomcat as Service:
TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 488
[Tomcat7.exe]
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 488
[Tomcat7.exe]
TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING 488
[Tomcat7.exe]
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by André Warnier <aw...@ice-sa.com>.
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> André,
>
> On 12/7/12 1:55 PM, André Warnier wrote:
>> I am relatively familiar with tomcat under Windows, and if your
>> explanations of what works and what doesn't above are exact, then
>> I don't know either.
>
> One possibility: during the installation, the user chose to bind only
> to localhost instead of 0.0.0.0.
Aaaah. Yes, and that choice probably only exists in the Service installer.
That would fit.
And he would see that with netstat.
>
>> Maybe check the following : when Tomcat is running, in a separate
>> command window enter the command netstat -abn
>
> +1
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
>
> iEYEAREIAAYFAlDCZdkACgkQ9CaO5/Lv0PCm0gCgmKx2kbhnce9828Jgfhmkl/Km
> jOUAn0ikUmua8AW6xQg13NtBQVh84qW/
> =8nsJ
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
André,
On 12/7/12 1:55 PM, André Warnier wrote:
> I am relatively familiar with tomcat under Windows, and if your
> explanations of what works and what doesn't above are exact, then
> I don't know either.
One possibility: during the installation, the user chose to bind only
to localhost instead of 0.0.0.0.
> Maybe check the following : when Tomcat is running, in a separate
> command window enter the command netstat -abn
+1
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEAREIAAYFAlDCZdkACgkQ9CaO5/Lv0PCm0gCgmKx2kbhnce9828Jgfhmkl/Km
jOUAn0ikUmua8AW6xQg13NtBQVh84qW/
=8nsJ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by André Warnier <aw...@ice-sa.com>.
Yuri E wrote:
>> 2012/12/6 Daniel Mikusa <dm...@vmware.com>:
>>> On Dec 6, 2012, at 11:19 AM, Yuri E wrote:
>>>
>>>> so I decided to install Tomcat through the .exe installer. First, I
> stopped
>>>> Tomcat by closing the console window opened in the startup, and then I
>>>> installed Tomcat as service using the .exe.
>>>> I restarted the computer, and Tomcat automatically started. Good. But
> when
>>>> I went to access my web app again using router's IP, I couldn't. Then, I
>>>> tried to access Tomcat's Welcome Page using Firefox (
> http://localhost:8080),
>>>> and everything was ok.
>>> If Tomcat's welcome page is accessible then Tomcat is up and running.
> It's likely that you application failed to deploy.
>>> Have you looked at the server logs and your application logs to see if
> there were any problems?
>> +1
>>
>> The description above sounds like the OP installed a brand new fresh
>> copy of Tomcat, but have not deployed a copy his app on it.
>>
>> There is "manager" webapp available in the standard distributive, that
>> allows one to see what apps are deployed.
>
> With Tomcat running as service, I tested my app with
> "localhost:8080/[myapp]/[servlet]", and it worked,
>
> What basically happens is that I can't access Tomcat (running as service)
> from web (outside my router subnet) . In all other ways, the connection
> works.
>
This may not be the type of answer that you are expecting.
I am relatively familiar with tomcat under Windows, and if your explanations of what works
and what doesn't above are exact, then I don't know either.
It does not seem to make sense that you can connect to Tomcat from outside when Tomcat
runs in a console, but not when the same Tomcat runs as a service.
The reason is probably not with Tomcat, but with something outside of Tomcat.
But it's not a firewall, because you can connect to tomcat when it runs in a console.
And this is Windows XP, so it cannot be p.i.t.a. UAC either.
Maybe check the following :
when Tomcat is running, in a separate command window enter the command
netstat -abn
It should show (in the "local" column), the ports on which something is listening, and in
the last columns, the pid & name of the associated process.
Do this once when tomcat runs in a command window, and once when it runs as a service, and
compare.
You should see at least a line like this :
as a service :
TCP 0.0.0.0:8080 0.0.0.0:0 LISTEN 4028
[tomcat6.exe]
in a command window :
TCP 0.0.0.0:8080 0.0.0.0:0 LISTEN 2112
[java.exe]
That will tell you if it is at least started each time, and listening on the same port.
You should also look each time in the tomcat logs of course.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by Yuri E <th...@gmail.com>.
>2012/12/6 Daniel Mikusa <dm...@vmware.com>:
>> On Dec 6, 2012, at 11:19 AM, Yuri E wrote:
>>
>>> so I decided to install Tomcat through the .exe installer. First, I
stopped
>>> Tomcat by closing the console window opened in the startup, and then I
>>> installed Tomcat as service using the .exe.
>>> I restarted the computer, and Tomcat automatically started. Good. But
when
>>> I went to access my web app again using router's IP, I couldn't. Then, I
>>> tried to access Tomcat's Welcome Page using Firefox (
http://localhost:8080),
>>> and everything was ok.
>>
>> If Tomcat's welcome page is accessible then Tomcat is up and running.
It's likely that you application failed to deploy.
>>
>> Have you looked at the server logs and your application logs to see if
there were any problems?
>>
>
>+1
>
>The description above sounds like the OP installed a brand new fresh
>copy of Tomcat, but have not deployed a copy his app on it.
>
>There is "manager" webapp available in the standard distributive, that
>allows one to see what apps are deployed.
With Tomcat running as service, I tested my app with
"localhost:8080/[myapp]/[servlet]", and it worked,
What basically happens is that I can't access Tomcat (running as service)
from web (outside my router subnet) . In all other ways, the connection
works.
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by Konstantin Kolinko <kn...@gmail.com>.
2012/12/6 Daniel Mikusa <dm...@vmware.com>:
> On Dec 6, 2012, at 11:19 AM, Yuri E wrote:
>
>> so I decided to install Tomcat through the .exe installer. First, I stopped
>> Tomcat by closing the console window opened in the startup, and then I
>> installed Tomcat as service using the .exe.
>> I restarted the computer, and Tomcat automatically started. Good. But when
>> I went to access my web app again using router's IP, I couldn't. Then, I
>> tried to access Tomcat's Welcome Page using Firefox (http://localhost:8080),
>> and everything was ok.
>
> If Tomcat's welcome page is accessible then Tomcat is up and running. It's likely that you application failed to deploy.
>
> Have you looked at the server logs and your application logs to see if there were any problems?
>
+1
The description above sounds like the OP installed a brand new fresh
copy of Tomcat, but have not deployed a copy his app on it.
There is "manager" webapp available in the standard distributive, that
allows one to see what apps are deployed.
(Reminder: do not forget to protect the manager webapp by a
RemoteAddrValve and by choosing a good password).
>> After that, I tried using my router's IP (with
>> Firefox), and I received an error message saying that "the connection was
>> reset".
>>
>> What I want to know is what I need to do to access Tomcat (running as
>> service) from web, taking into account that it works perfectly when running
>> in the console window.
>
> There are differences between running Tomcat in the console and running it as a service. I'm not a windows expert, but I believe that each scenario would run as a different user (console running as your user, the service running as a service account). Perhaps someone more knowledgable about Windows can provide more details.
Correct.
For completeness, there is "Windows" page in the FAQ.
https://wiki.apache.org/tomcat/FAQ/Windows#Q7
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: I can only access Tomcat 7 when running via console (startup.bat)
Posted by Daniel Mikusa <dm...@vmware.com>.
On Dec 6, 2012, at 11:19 AM, Yuri E wrote:
> Hi,
>
> I'm using Windows XP Professional SP3, 32 bits, and Tomcat 7.0.
>
> Recently I started developping a web application for the company I'm
> working for, and I decided to use Tomcat as Web Server.
> The first thing I did was download the zip version, and start Tomcat using
> the Windows Command Prompt (startup.bat). Then, I deployed my app and
> configured my router (TP-Link) to foward the 8080 port to my IP adress (it
> has reserved IP by MAC adress). I'm using DHCP connection to access web.
> I tried to access my webb app through "http://localhost:8080", and
> everything was fine, then I tried with "http://[router-ip]:8080", and it
> worked without problems.
> But I didn't liked the console window which appears when Tomcat is started,
> so I decided to install Tomcat through the .exe installer. First, I stopped
> Tomcat by closing the console window opened in the startup, and then I
> installed Tomcat as service using the .exe.
> I restarted the computer, and Tomcat automatically started. Good. But when
> I went to access my web app again using router's IP, I couldn't. Then, I
> tried to access Tomcat's Welcome Page using Firefox (http://localhost:8080),
> and everything was ok.
If Tomcat's welcome page is accessible then Tomcat is up and running. It's likely that you application failed to deploy.
Have you looked at the server logs and your application logs to see if there were any problems?
> After that, I tried using my router's IP (with
> Firefox), and I received an error message saying that "the connection was
> reset".
>
> What I want to know is what I need to do to access Tomcat (running as
> service) from web, taking into account that it works perfectly when running
> in the console window.
There are differences between running Tomcat in the console and running it as a service. I'm not a windows expert, but I believe that each scenario would run as a different user (console running as your user, the service running as a service account). Perhaps someone more knowledgable about Windows can provide more details.
Dan
>
> Thanks for any help.
>
>
> *Yuri E. - Brazil*
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org