Can't connect to Tomcat on port 8080 (port 80 works)
Finally worked it out. Usually when we order a dedicated server from our hosting provider we spec it with no firewall. However in this case (due to an admin error) they set it up with their basic firewall option which allows port 80 but not 8080. This firewall sits in front of the actual server so I had no way of knowing it was there until I stumbled across the settings in the server control panel on the hosting providers website. Sigh. Thanks for everyone's advice anyway. :)
Related videos on Youtube
MrRichT
Updated on September 18, 2022Comments
-
MrRichT over 1 year
We have a bunch of
Centos 6
dedicated servers hosting our web applications that are set up behind a reverse proxy. The reverse proxy is running Haproxy and forwards web requests to the backend servers. We periodically have to add a new server which we configure using Puppet (software, users, firewall), so they should theoretically be set up the same.I have an issue with the latest server I've added where for some reason I can't connect when running Tomcat on port 8080 (our default Puppet setup), however it connects fine if I manually amend
server.xml
andhaproxy.cfg
to useport 80
.I initially thought I'd made a mistake in
iptables
but I've tried temporarily allowing all traffic, with no luck. My rules were initially port specific and I've tried expanding them to all ports, although the original rule included port 80 and 8080 together along with 443 and 8443, so this was unlikely to be the issue.I can connect locally on the server via localhost (http://localhost:8080/sitename), but I can't connect remotely, either by domain name through the proxy, or directly by hostname or IP address.
I've tried monitoring port 8080 on eth0 using
sudo tcpdump -i eth0 port 8080
and got nothing.Not sure what to try next. Any advice/help would be appreciated, thanks.
Edit: Netstat output looks like this...
tcp 0 0 :::8080 :::* LISTEN 29875/jsvc.exec
Edit2: Regarding iptables, I've tried temporarily setting the default policy to accept (it's normally drop) on both the reverse proxy and the backend server. Also the rules all come from the same file that Puppet uses to set iptables on all our backend servers.
-
MrRichT about 8 yearsGetting connection timed out from telnet.
-
Admin about 8 yearsWell, I think we've narrowed it down to the reverse proxy. If this is the only host behind this proxy that is not responding, it sounds like you should be able to log the traffic there to see why.
-