[英]Ubuntu EC2 Server not connecting to Public-IP port 8080 for Tomcat7 & GeoServer
We have a server running a Flask App, which uses GeoServer under Tomcat7 to serve map data internally to the App itself, and externally via WMS to authenticated users. 我们有一台运行Flask应用程序的服务器,该服务器使用Tomcat7下的GeoServer在内部向应用程序本身提供地图数据,并通过WMS在外部将其提供给经过身份验证的用户。
This was all working fine until after some minor code edit/reload, command-line updates/upgrades and reboot (including reboot from EC2 console) when things stopped working. 一切工作正常,直到一些停止工作的小代码编辑/重新加载,命令行更新/升级和重新启动(包括从EC2控制台重新启动)之后。
After a bit of digging and debugging, it seems as if all the elements of the system are working ok individually, but the crucial requests to Tomcat7 and GeoServer via port 8080 are not connecting and timeout (usually after around 2mins). 经过一番挖掘和调试之后,似乎系统的所有元素都可以正常工作,但是通过端口8080对Tomcat7和GeoServer的关键请求没有连接并且没有超时(通常在大约2分钟后)。
I've taken a look at lots of online help for similar problems and checked, implemented and tested several of the suggestions, but nothing seems to clear the blockage. 我查看了许多有关类似问题的在线帮助,并检查,实施和测试了其中的一些建议,但似乎没有什么可以消除障碍。
I'm no expert (though I'm learning lots in the process!) and I've tried all the obvious & recommended things as far as I can tell. 我不是专家(尽管我在此过程中学到了很多知识!),但据我所知,我已经尝试了所有显而易见的建议事项。
I now seem to be going round in circles (ie nowhere) on this, so any suggestions as to what I might try next would be most gratefully received. 我现在似乎对此进行了盘旋(即无处可寻),因此,非常感激收到有关我接下来可能尝试的任何建议。
Background Info: 背景信息:
Security Group configured and applied to EC2 instance with rules as follows: 安全组使用以下规则配置并应用于EC2实例:
INBOUND RULES Type Protocol Port Range Source HTTP TCP 80 0.0.0.0/0 HTTP TCP 80 ::/0 Custom TCP Rule TCP 8080 xxxx/32 Custom TCP Rule TCP 5432 xxxx/32 SSH TCP 22 xxxx/32 Custom TCP Rule TCP 443 0.0.0.0/0 Custom TCP Rule TCP 443 ::/0 OUTBOUND RULES Type Protocol Port Range Destination All traffic All All 0.0.0.0/0
Domain name resolves Ok to the Public IP 域名将Ok解析为公共IP
Checked this post and updated /usr/share/tomcat7/bin/catalina.sh to add the following: 检查了这篇文章,并更新了/usr/share/tomcat7/bin/catalina.sh添加以下内容:
JAVA_OPTS=" $JAVA_OPTS -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Ad=true "
Checked this post and updated /etc/tomcat7/server.xml to make the Connector string: 检查了这篇文章并更新了/etc/tomcat7/server.xml来制作连接器字符串:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" address="0.0.0.0" useIPVHosts="true" />
Checked what's listening on different ports using netstat: 使用netstat检查了不同端口上正在侦听的内容:
root@ip-xxx-xx-xx-xx:/var/log/apache2# netstat -ltnpa | grep -i --colour LISTEN tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 1438/sendmail: MTA: tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1437/java tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1208/sshd tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 1350/postgres tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1438/sendmail: MTA: tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 1437/java tcp6 0 0 :::80 :::* LISTEN 1456/apache2 tcp6 0 0 :::22 :::* LISTEN 1208/sshd tcp6 0 0 :::5432 :::* LISTEN 1350/postgres tcp6 0 0 :::443 :::* LISTEN 1456/apache2
Problems Observed 观察到的问题
Debug reveals that the Flask app sends well-formed requests to http://Public-IP:8080/geoserver/roar/wms ?... but the call to urllib2.urlopen(req) throws exception '[Errno 110] Connection timed out', which is reported with abort(404). 调试显示,Flask应用程序将格式正确的请求发送到http:// Public-IP:8080 / geoserver / roar / wms ?...,但对urllib2.urlopen (req)的调用引发了异常'[Errno 110]连接超时out”,这是在abort(404)中报告的。
If I take the request string (with Public-IP) and paste it in the browser it works. 如果我获取请求字符串(使用Public-IP)并将其粘贴到浏览器中,它将起作用。 Note this is http:// and not https:// - not sure if this is significant - see below for notes on using https://
请注意,这是http://而不是https://-不知道这是否有意义-请参阅以下有关使用https://的说明
If I try cURL from the command line using the Public-IP, I get timeout messages: 如果我使用Public-IP从命令行尝试cURL,则会收到超时消息:
connect to Public-IP port 8080 failed: Connection timed out
* Failed to connect to Public-IP port 8080: Connection timed out
* Closing connection 0
If I try cURL from the command line using the localhost, eg to Tomcat7 on port 8080, it works… 如果我使用本地主机从命令行尝试cURL,例如到端口8080上的Tomcat7,它将起作用…
$ curl -v localhost:8080/
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Accept-Ranges: bytes
< ETag: W/"1896-1493801565000"
< Last-Modified: Wed, 03 May 2017 08:52:45 GMT
< Content-Type: text/html
< Content-Length: 1896
< Date: Fri, 22 Jun 2018 09:39:46 GMT
<
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Apache Tomcat</title>
</head>
<body>
<h1>It works !</h1>
etc…….
If I try cURL from the command line using the Private-IP, eg to Tomcat7 on port 8080, it works… 如果我在命令行中使用Private-IP尝试cURL,例如在端口8080上的Tomcat7,它将起作用……
$ curl -v Private-IP:8080/
* Trying Private-IP...
* Connected to Private-IP (Private-IP) port 8080 (#0)
> GET / HTTP/1.1
> Host: Private-IP:8080
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Accept-Ranges: bytes
< ETag: W/"1896-1493801565000"
< Last-Modified: Wed, 03 May 2017 08:52:45 GMT
< Content-Type: text/html
< Content-Length: 1896
< Date: Fri, 22 Jun 2018 09:42:30 GMT
<
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Apache Tomcat</title>
</head>
<body>
<h1>It works !</h1>
etc…….
If I simply try connecting to port 8080 from the browser using http:// with either the domain name or the Public-IP, I get the Tomcat7 index.html 'It works!' 如果我只是尝试使用带有域名或Public-IP的http://从浏览器连接到端口8080,我将得到Tomcat7 index.html“有效!” response.
响应。
If I try the same using https://, I get the following from Mozilla… 如果我使用https://尝试相同的操作,我将从Mozilla获得以下信息…
Secure Connection Failed
An error occurred during a connection to Public-IP:8080. SSL received a record that
exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
The page you are trying to view cannot be shown because the authenticity of the received data
could not be verified.
and from IE (suggested settings are turned on)… 并从IE(建议的设置已打开)…
This page can’t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to
https://Public-IP:8080 again. If this error persists, it is possible that this site uses an
unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered
secure. Please contact your site administrator.
and from Chrome… 和Chrome浏览器…
This site can’t provide a secure connection
Public-IP sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR
如果Flask应用程序和GeoServer在同一EC2服务器上运行,则它们应通过localhost
而不是私有IP或公共IP相互通信
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.