Note: I am not using Pivotal CF.
I have a java application deployed on CloudFoundry. I am using embedded Jetty to host my Jersey REST API. This API is by default exposed on port 8080 by cloud foundry.
My application also needs some websockets to stream data to the browser. I am using Java-WebSocket (https://github.com/TooTallNate/Java-WebSocket) for this. On my local machine, I was using port 8887 for my websocket connection. Everything worked fine.
After deploying on CloudFoundry, I can access my REST API but not my websocket. After searching a bit online, I found that websocket connections are only allowed on port 4443 (http://docs.run.pivotal.io/release-notes/)
I changed my server side to reflect this
import org.java_websocket.server.WebSocketServer;
public class MyWebSocket extends WebSocketServer {
public MyWebSocket() throws UnknownHostException {
super(new InetSocketAddress(4443));
}
#Override
public void onOpen(org.java_websocket.WebSocket websocket, ClientHandshake handshake) {
// Handle this
}
}
On my client side, I am connecting the websocket using the following
wss://my_cf_app.com:4443/
But I am getting the following exception.
WebSocket connection to 'wss://my_cf_app.com:4443/' failed:
Establishing a tunnel via proxy server failed
I also tried to connect the websocket on server side using "PORT" environment variable of CF but I get "Address already in use" error in Java-WebSocket.
I have tried many different things but I am unable to figure this out. Any help would be awesome.
After deploying on CloudFoundry, I can access my REST API but not my websocket. After searching a bit online, I found that websocket connections are only allowed on port 4443 (http://docs.run.pivotal.io/release-notes/)
Port 4443 is specific to Pivotal Web Services (and some installs of CF that run on AWS). Most PCF installs do not have a separate port for WSS, but just use 443 along with the HTTPS traffic. The port used ultimately depends on the load balancer being used in front of the CF installation and what it supports.
You would never have your application listen on port 4443. Port 4443 is the external port for traffic where the load balancer listens. This traffic will be directed to the port assigned to your application, which is $PORT (env variable).
I also tried to connect the websocket on server side using "PORT" environment variable of CF but I get "Address already in use" error in Java-WebSocket.
This is the correct behavior, i.e. you should be listening on the port assigned through $PORT env variable. What the error is telling you is that something is already listening on this port and you cannot have two things listening on the same port.
There is only one port available per application at this time (likely to change in the future). For now, if you have two separate applications listening on two separate ports then you need to push them to CF as two separate applications.
What you can do to make them appear like one application to end users is to map each one to a specific path. See the --route-path argument of cf push or docs for cf create-route.
https://docs.cloudfoundry.org/devguide/deploy-apps/routes-domains.html#create-route
Related
So I'm trying to connect two clients in a Java application, but in a way that one client acts as a server and other client acts as a ... client. I managed to connect them locally which works perfect, but I've been researching whether I can connect a client to a server that are not on a same network (via IPv4 or IPv6). I have read that I should do port forwarding on my router server-side. I know how to port forward, but shouldn't it be possible to do without port forwarding? If I understand correctly, only server-side should be port forwarded and the server can respond to the client without the need for the client to port forward their router? So if I'm correct, another solution would be a 'global' third party server(that is port forwarded) that would connect two clients by receiving and passing information from one client to another?
I'm just learning here, so I'm sorry if this has already been answered here but I haven't found answers to all of this in one place and I'm trying to come to a conclusion.
Yes, you can access a computer from outside the network and connect to a server
You must download the (ngrok) tool on the device that contains the server and run the tool
The client will contact the server without the need to forward the ports
ngrok
Explain the use of the tool on the site with a download link
shouldn't it be possible to do without port forwarding
Yes, you can make a connection between two machines without port-forwarding.
Example: Web servers
Take for example, web servers. By default a web server sits there listening on port 80, with 80 being the port assigned by convention for HTTP.
The web client (browser or such) sends a request by trying to connect on port 80. If there are no obstacles in the way, then the connection proceeds.
Restricted port access
However, there may be an obstacle.
One common obstacle: Unix-oriented operating systems (BSD, macOS, Solaris, Linux, AIX, etc.) by convention restrict access to ports numbered under 1,024 for security reasons. The operating system blocks any incoming connections on port 80. With that security blockage in place, the web request never reaches the server.
Port-forwarding with a packet-filter tool
One way to get past this restriction is to have the web server listen on an unrestricted port, a port numbered above 1,024, up to the 64K limit, such as 8080. Then configure the packet filter tool on the server machine’s OS to do port-forwarding. The incoming request for port 80 is altered to go to port 8080 instead.
A connection is then established between the web server and the web client.
The client thinks it is talking to the server on port 80.
The server thinks the client asked for port 8080.
With the packet filter tool in the middle altering packets on-the-fly, both server and client is none the wiser about packets being altered.
You may want to configure your firewall to allow HTTP connections from outside the machine only on 80, including blocking any external requests for 8080. In this case, only packets altered from 80 to 8080 will reach your web server. Common practice is to close as many ports as possible on a server.
FYI: For encrypted HTTP (HTTPS), the conventional port is 443 rather than 80.
Not a programming issue
Notice that there is no programming issue here. As the programmer, your client software should attempt to connect on the port number as documented for the server in which you are interested. On the server-side machine, or server-side router, port-forwarding will be configured as needed. Your client programming does not care about, or even know about, any port-forwarding that may or may not be in place. Port-forwarding is a network-admin issue, and should be transparent to the programmer.
See sister sites for networking issues
As a network-admin issue, look to the sister sites such as Server Fault and Network Engineering rather than Stack Overflow.
I have one java spring boot application deployed on pcf environment. I have used statsd client library to send metrics to the statsd server. So the problem is how do I specify host and port in statsd client so that it can send metrics.
public StatsDClient statsDClient(
#Value("${metrics.statsd.host:localhost}") String host,
#Value("${metrics.statsd.port:8125}") int port,
#Value("${metrics.prefix:example.app}") String prefix
) {
return new NonBlockingStatsDClient(prefix, host, port);
}
I have to specify the host and port for the PCF deployed app, How to do it ?
If I am understanding it correctly you have two apps running in PCF.
One Spring boot app- which you are calling some client app.
Second is your statsd server
and you need to establish a communication between these two.
As Daniel mentioned in comment you have two ways to do it.
HTTP/TCP
Internal Route
Problem with option 1 is that you may not be able to use that with host and port separately as PCF internally doing that.
I'd recommended to use the second option- Internal route which gives you clear host name and port which you need to configure in client app.
Here are the steps you can follow to configure the Container-to-Container networking
Add a new route to your server app -i.e. app1.apps.internal
Create network policy with client and server app - link
Define property in config server or code-base whatever process you are using for property externalization - Your final URL would look like: app1.apps.internal:8080
I'm trying to set up three services to run on the same port (port 80). Two of the services are hosted on IIS thus enabling bindings to use the same port. One of the three services is however hosted on a Tomcat server as it is a Java Servlet. How can i set this up so that all can be accessed through port 80?
I've tried using URL Rewrite in the IIS to forward the request to port 8080 where the Tomcat service is active but it doesn't work with other services being active on port 80.
Any other ideas?
EDIT
I have no support for URL Rewrite not working for this purpose other than my own attempts. If anyone have used it and knows it should work, please shout out as it would be an optimal solution with minimal complexity to the system!
I'm new in Azure and I'm having some troubles here. I'm implementing a JAVA server application on my Azure VM. It's listening for requests from an Android client. I have tested the java server app on my machine and it works great. When I run the same java server application on my Azure VM it looks like there are other apps trying to connect through the same port. I have checked and every single time I change the port it happens again (it happens when the firewall is down, when I don't shut down the firewall it doesn't even receive a single request).
I have a message showing when there is a connection through the port 4567 and couple seconds after I start my server app it shows that there is a connection from a similar IP than the one I have assigned and I haven't yet run my android app. I configured the endpoints, and I even shut down the firewall and it is giving the same issue. The client app and the server app are working perfectly if I run the server on my local machine. Help would be really appreciated, thanks in advance.
What you might be seeing is the way Azure manages/monitors public Endpoints. When you expose a public endpoint for your VM Azure will behind the scenes periodically test that port to make sure it is up and listening for traffic. This is part of the way Azure manages load balancing for public Endpoints. Because of this, if you watch connections to your the local port on your VM to which the public endpoint is mapped, you will see connections from Azure internal IPs.
I know my RMI app works correctly - it works fine when the server is on localhost and inside the LAN but when connecting to an external RMI server it fails when trying to make stub calls
So the server is bound to localhost (an internal IP - 192.168.1.73) but the client is specifying an external IP (45.4.234.56) - which then gets forwarded to the internal server. How do you resolve this problem?
thanks
The "simplest" approach is for your network admin to add IP forwarding from a specific port on the firewall to your server.
Assuming this isn't an option (and it probably isn't), then RMI supports tunnelling over HTTP. The performance is poor, but it's much more firewall-friendly.
http://java.sun.com/javase/6/docs/technotes/guides/rmi/faq.html#firewallOut
This well-worn method is popular since
it requires almost no setup, and works
quite well in firewalled environments
which permit you to handle HTTP
through a proxy, but disallow regular
outbound TCP connections.
If Java RMI fails to make a normal (or
SOCKS) connection to the intended
server, and it notices that a HTTP
proxy server is configured, it will
attempt to tunnel Java RMI requests
through that proxy server, one at a
time.