I need to attach a jdb debug session to a java application that is being executed in a remote host, but I am unable to do it. I am working on linux, with openjdk 1.8.0_65, 64-Bit Server VM.
What I have tried
In order to enable the port listening, I have run the java application adding the following arguments to the command line:
-Xdebug -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:8000,server=y,suspend=n
The following message is displayed in the console:
Listening for transport dt_socket at address: 8000
And the application starts running normally.
Then, from the remote host, I execute the following command:
> jdb -connect com.sun.jdi.SocketAttach:hostname=<remote_host>,port=8000
It fails, the output is:
java.net.ConnectException: Conexión rehusada
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
[...]
Fatal error:
Unable to attach to target VM.
What I have checked
In order to check that the port is actually open and I can connect to it from the remote host, I have performed the following operations:
Lets call the host that is executing the java app. hostA, and the one from which I wan to attach the jdb hostB, then:
Check that there is actually a socket listening on port 8000 in hostA
> netstat -tualpn | grep :8000
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 1399/<app_name>
In hostA, check that I can connect to the port 8000 (in other words, try to connect from the local host)
> nc -vz localhost 8000
nc: connect to localhost port 8000 (tcp) failed: Connection refused
Connection to localhost 8000 port [tcp/irdmi] succeeded!
With telnet, it seems that it can connect but the connection is closed as soon as it is stablished, maybe because the JVM is expecting some sort of request?
> telnet localhost 8000
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
The java app. displays the following message when telnet connection is closed:
Debugger failed to attach: timeout during handshak
From hostB, check that I can connect to hostA, port 8000
> nc -vz hostA 8000
nc: connect to hostA port 8000 (tcp) failed: Connection refused
With telnet:
> telnet hostA 8000
Trying 172.17.10.127...
telnet: connect to address 172.17.10.127: Connection refused
So, I can't connect from hostA to hostB through the port 8000, although the JVM is listenning in the port 8000, in hostA.
Since the above fails, I have checked if the firewall is causing the connection refused. I have done it by using the nc command:
In hostA:
# First kill the java app (otherwise the port is busy), then:
> nc -l 8000
In hostB:
> nc -vz <hostA> 8000
Connection to hostA 8000 port [tcp/irdmi] succeeded!
As far as I understand, the above means that there is no firewall (or equivalent) blocking the port.
EDIT
Of course, I have tried to do jdb -attach but it fails even doing it from hostA.
I don't have enough points to comment. So I'm including this as an answer. It really isn't. BUT:
-Xdebug -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:8000,serv=y,suspend=n
Isn't it supposed to be:
-Xdebug -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:8000,server=y,suspend=n
??
[EDIT] You are probably already accounting for this - but also, if you are listening on 127.0.0.1, then it stands to reason that you won't connect from a remote computer. No doubt you are using an actual address, and just didn't include it here...
I have found the connection problem. In the command I use to launch the java application, I have changed the address parameter as following:
Before:
-Xdebug -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:8000,server=y,suspend=n
After (see address):
-Xdebug -agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n
Related
I want to run a simple Spring Boot application on my Ubuntu 16.04.6 x64 droplet. To allow incoming connections I had to open the 8080 port, since this is where the embedded tomcat server in the spring boot jar will listen for connections.
I used the ufw allow 8080 command and now I see this on me droplet.
#ufw status
Status: active
To Action From
-- ------ ----
8080 ALLOW Anywhere
22 ALLOW Anywhere
80 ALLOW Anywhere
8080 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
I made sure I have my application running:
java -jar myservice.jar &
Netstat reports that something is listening on 8080:
# netstat -aon
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State Timer
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 XXX XX.XXX.XX.XXX:22 XX.XX.XXX.XX:64021 ESTABLISHED on (0.11/0/0)
tcp6 0 0 :::8080 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::22 :::* LISTEN off (0.00/0/0)
Yet when I do telnet outside the server I get:
telnet XX.XXX.XX.XXX 8080
Connecting To XX.XXX.XX.XXX...Could not open connection to the host, on port 8080: Connect failed
And when I do telnet on the server I get:
# telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
In Digital Ocean's Firewall control panel I have the following setup:
HTTP requests to the server just hang and never return. They don't even reach the tomcat server, judging by the lack of logs.
What am I missing? Any suggestions would be really appreciated!
UPDATE 1:
Local (inside the server) curl requests to my healthcheck endpoint were also hanging. However I left one for longer period and I got this application log:
2019-05-13 18:39:48.723 WARN 5873 --- [nio-8080-exec-2] o.a.c.util.SessionIdGeneratorBase : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [214,287] milliseconds.
This explained why the request was hanging, so applying the answer from this post fixed that. Now I'm able to hit my endpoint on the server and it's responding.
However outside the box, requests are still not making it to the server. Telnet outside still says Could not open connection to the host, on port 8080.
I'm not 100% sure why, but the Firewall rules from the Digital Ocean Firewall Control panel were interfering with my droplet configuration.
I've deleted the Firewall rules from the control panel and now netstat reports that my 8080 port is open and I'm able to talk to the server from the outside world, finally.
#nmap -sS -O XX.XXX.XX.XXX
Starting Nmap 7.01 ( https://nmap.org ) at 2019-05-13 21:13 UTC
Nmap scan report for myservice (XX.XXX.XX.XXX)
Host is up (0.000024s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
8080/tcp open http-proxy
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.8 - 3.19
Network Distance: 0 hops
Also check UPDATE 1 from the question as it was also causing bizarre confusion.
This question already has answers here:
Connection refused (PGError) (postgresql and rails)
(6 answers)
Closed 9 years ago.
I am trying to connect postgresql but I am getting this error.
org.postgresql.util.PSQLException: Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
My pg_hba.conf file is like this.
TYPE DATABASE USER CIDR-ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
I would be much obliged if anyone please be so kind enough to explain whats hoing on here and how should I correct it.
The error you quote has nothing to do with pg_hba.conf; it's failing to connect, not failing to authorize the connection.
Do what the error message says:
Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections
You haven't shown the command that produces the error. Assuming you're connecting on localhost port 5432 (the defaults for a standard PostgreSQL install), then either:
PostgreSQL isn't running
PostgreSQL isn't listening for TCP/IP connections (listen_addresses in postgresql.conf)
PostgreSQL is only listening on IPv4 (0.0.0.0 or 127.0.0.1) and you're connecting on IPv6 (::1) or vice versa. This seems to be an issue on some older Mac OS X versions that have weird IPv6 socket behaviour, and on some older Windows versions.
PostgreSQL is listening on a different port to the one you're connecting on
(unlikely) there's an iptables rule blocking loopback connections
(If you are not connecting on localhost, it may also be a network firewall that's blocking TCP/IP connections, but I'm guessing you're using the defaults since you didn't say).
So ... check those:
ps -f -u postgres should list postgres processes
sudo lsof -n -u postgres |grep LISTEN or sudo netstat -ltnp | grep postgres should show the TCP/IP addresses and ports PostgreSQL is listening on
BTW, I think you must be on an old version. On my 9.3 install, the error is rather more detailed:
$ psql -h localhost -p 12345
psql: could not connect to server: Connection refused
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 12345?
I had a problem here, is it possible that JDBC connecting to the amazon MySQL server remotely? I searching on the Internet for solution but ended up receiving the error
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
I am using jsch.jar to connect the remote server, then call up JDBC connector trying to connect MySQL DB, I had successfully connected to the remote server yet I cannot connect MySQL DB on amazon, here is my code
testPutty t = new testPutty();
t.connect("admin", "", "xx:xx:xx:xx", "openSSHPrivateKey", 22);
t.connect();
System.out.println("connected");
Class.forName("com.mysql.jdbc.Driver");
DriverManager.getConnection("jdbc:mysql://staging.ppyhcsxnlkji.ap-southwest-1.rds.amazonaws.com:3306/staging","superuser","password");
System.out.println("hello world");
t.close();
First set up the tunnel with SSH. You haven't shown what testPutty is so I'll assume it's a thin Java wrapper around a command line invocation of Putty. The command line option for setting up a tunnel is
-L[localport]:[host]:[remoteport]
For your example this would be
-L3306:staging.ppyhcsxnlkji.ap-southwest-1.rds.amazonaws.com:3306
This sets up a tunnel that forwards connections to local port 3306 to port 3306 on the given host (staging...amazonaws.com) on port 3306, routed through the host that is the target of the SSH command (in your sample xx:xx:xx:xx).
Then, your connection string needs to use localhost instead of the actual remote:
jdbc:mysql://localhost:3306/staging
If 3306 on your local host is not available because you are also running a local copy of MySQL, just choose a different unused port.
I'm trying to connect to a RMI registry that I have started on a remote server, but I get the following exception after a while:
java.rmi.ConnectException: Connection refused to host: *.*.*.*; nested exception is:
java.net.ConnectException: Connection timed out
By running the client localy on the server everything works, but I can't connect to it remotely; Not even from telnet. However, if I run
start rmiregistry 1337
I can connet to it remotely from telnet. I'm assuming that it's something I have to set up when I'm running the server code, but I have trouble finding out what it is.
This is part of the server code:
String codeBasePath = "file:/C:/*path*/build/classes";
System.setProperty("java.rmi.server.codebase", codeBasePath);
System.setProperty("java.rmi.server.hostname", *host IP*);
RemoteFileServer server = new FileServer();
Registry registry = LocateRegistry.createRegistry(PORT);
registry.bind(*name*, server);
System.out.println("Server ready");
Let me know if you need more info/code to help me figure it out.
Ok there is two options I can think of
1 - Did you give permission for incoming connections with a security policy. This step is quite simple actually see here: rmi run tutorial
2 - The port might be closed for outside from OS. For example if you are using linux you need to open the port from iptables like:
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1099 -j ACCEPT
iptables -A OUTPUT -m state --state NEW -m tcp -p tcp --dport 1099 -j ACCEPT
or if you use windows you can configure it from firewall.
If anything is unclear you can ask.
I'm running a socket on my Mac laptop and when I telnet the IP address of my computer it says (IP is hidden for security reasons):
telnet 7-.---.--.--- 4005
Trying 7-.---.--.---...
telnet: connect to address 7-.---.--.---: Connection refused
telnet: Unable to connect to remote host
However when I do telnet on "localhost" it works it says (did not hide any info this is the raw message):
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying fe80::1...
telnet: connect to address fe80::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Update - Opened Firewall
Now after opening all of the ports localhost still works the same way as before however when I try the raw IP I get this new error:
Trying 7-.---.--.---...
telnet: connect to address 7-.---.--.---: Operation timed out
telnet: Unable to connect to remote host
The server is listening on the loopback interface only (INADDR_LOOPBACK), not all interfaces (INADDR_ANY) or a firewall is interfering with the connection.
Probably a firewall: generally localhost is not barred, but the external IP interface is.