My QA Server IFConfig is showing following IP:
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.16.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:73:6e:ba:54 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno16780032: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 146.213.179.50 netmask 255.255.255.210 broadcast 146.213.179.119
inet6 fc80::250:56ff:fea0:6dc9 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:a0:6d:b9 txqueuelen 1000 (Ethernet)
RX packets 529734790 bytes 285217050121 (265.6 GiB)
RX errors 0 dropped 19 overruns 0 frame 0
TX packets 502519153 bytes 423616456297 (394.5 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno33559296: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.2 netmask 255.255.255.240 broadcast 10.0.1.14
inet6 fc80::250:56ff:fea0:498c prefixlen 64 scopeid 0x20<link>
ether 00:50:56:a0:49:8b txqueuelen 1000 (Ethernet)
RX packets 176687369 bytes 54833457460 (51.0 GiB)
RX errors 0 dropped 14 overruns 0 frame 0
TX packets 180706064 bytes 34257419515 (31.9 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno50338560: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.8 netmask 255.255.255.240 broadcast 10.0.2.10
inet6 fc80::250:56ff:fca0:67c7 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:a0:67:a7 txqueuelen 1000 (Ethernet)
RX packets 3322039516 bytes 2382840054404 (2.1 TiB)
RX errors 0 dropped 20 overruns 0 frame 0
TX packets 2212620398 bytes 2317370292546 (2.1 TiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 130568922 bytes 39557947765 (36.8 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 130568922 bytes 39557947765 (36.8 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
When i use curl command on QA; it shows following:
curl bot.whatismyipaddress.com
153.110.231.215
But when i write following java Rest API on same Machine (wildfly server)
and call that API from another client in same machine (wildfly server) using public domain name. I get following IP:
146.192.61.46
Code:
#GetMapping("/customers/all")
public List<XxtoneCustomersV> getAllCustomers(HttpServletRequest request){
LOG.info("Remote Addr: " + request.getRemoteAddr());
When i hit same rest api from local i get my correct IP Address.
Why is such difference in IP in linux commands and java code? Am i using correct java method?
Also the one i retrieved from Curl appears Public IP (if ifconfig returns internal ones) so same should not get in remoteAddr?
This is probably because the second client in the QA machine routes the request through local interface instead of the Internet. To overcome this, first check which IP the second client resolves for the public domain name. If it resolves an internal IP, then you may add the public IP to the host file to force the second client to use Internet route.
I use bellow code to create reactor netty http client and use this client to send request.
ConnectionProvider connectionProvider = ConnectionProvider.builder("lead")
.maxConnections(10)
.pendingAcquireTimeout(Duration.ofSeconds(60))
.pendingAcquireMaxCount(10)
.maxLifeTime(Duration.ofSeconds(100))
.maxIdleTime(Duration.ofSeconds(60))
.build();
HttpClient httpClient = HttpClient.create(connectionProvider)
.keepAlive(true);
I loop send request:
for (; ; ) {
httpClient.get().uri("http://localhost:5230/test")
.response()
.subscribe();
}
I hope http client only create 10 connection to http server,but the result not as expected,client create many connection to http server(server listen on 5230 port)(this connection soon closed):
$ netstat -nap |grep "5230" output
TCP 127.0.0.1:5230 0.0.0.0:0 LISTENING 1980
TCP 127.0.0.1:5230 127.0.0.1:51012 ESTABLISHED 1980
TCP 127.0.0.1:5230 127.0.0.1:51014 ESTABLISHED 1980
TCP 127.0.0.1:5230 127.0.0.1:51015 ESTABLISHED 1980
TCP 127.0.0.1:5230 127.0.0.1:51016 ESTABLISHED 1980
TCP 127.0.0.1:5230 127.0.0.1:51017 ESTABLISHED 1980
TCP 127.0.0.1:5230 127.0.0.1:51018 ESTABLISHED 1980
TCP 127.0.0.1:5230 127.0.0.1:51019 ESTABLISHED 1980
TCP 127.0.0.1:5230 127.0.0.1:51020 ESTABLISHED 1980
TCP 127.0.0.1:5230 127.0.0.1:51021 ESTABLISHED 1980
TCP 127.0.0.1:5230 127.0.0.1:51022 ESTABLISHED 1980
TCP 127.0.0.1:50393 127.0.0.1:5230 TIME_WAIT 0
TCP 127.0.0.1:50394 127.0.0.1:5230 TIME_WAIT 0
TCP 127.0.0.1:50395 127.0.0.1:5230 TIME_WAIT 0
TCP 127.0.0.1:50396 127.0.0.1:5230 TIME_WAIT 0
TCP 127.0.0.1:50397 127.0.0.1:5230 TIME_WAIT 0
TCP 127.0.0.1:50398 127.0.0.1:5230 TIME_WAIT 0
TCP 127.0.0.1:50399 127.0.0.1:5230 TIME_WAIT 0
TCP 127.0.0.1:50400 127.0.0.1:5230 TIME_WAIT 0
TCP 127.0.0.1:50401 127.0.0.1:5230 TIME_WAIT 0
.... there is many connection in TIME_WAIT status....
How can i make sure http client only create 10 connection to http server?
Version:
jdk 1.8.0_201
reactory-netty 1.0.3
netty 4.15.9.Final
With the help of Violeta Georgieva,in reactory netty response() method will case http client close connection,so http client create many connection to server:create connection -> send request -> close connection。
The below code works as expected:
httpClient.get().uri("http://127.0.0.1:5230/test")
.responseSingle(new BiFunction<HttpClientResponse, ByteBufMono, Mono<String>>() {
#Override
public Mono<String> apply(HttpClientResponse response, ByteBufMono byteBufMono) {
return byteBufMono.asString();
}
})
.subscribe();
centos 7, tomcat 8.5.
a.war and rest.war are in the same tomcat.
a.war use following code to call rest.war:
import org.apache.http.impl.client.DefaultHttpClient;
DefaultHttpClient httpClient = new DefaultHttpClient();
HttpPost httpPost = new HttpPost(url);
httpPost.addHeader(HTTP.CONTENT_TYPE, "application/json");
StringEntity se = new StringEntity(json.toString());
se.setContentType("text/json");
se.setContentEncoding(new BasicHeader(HTTP.CONTENT_TYPE, "application/json"));
httpPost.setEntity(se);
HttpResponse response = httpClient.execute(httpPost);
however, if url of HttpPost(url) is <public ip>:80, then httpClient.execute(httpPost) will throw connection refused.
while if url of HttpPost(url) is localhost:80 or 127.0.0.1:80, then httpClient.execute(httpPost) is success.
why? and how can solve this problem?
Note: if I access a.war from browser with public ip like http://<public ip>/a in my computer, all operations are success.
my tomcat connector is:
<Connector
port="80"
protocol="HTTP/1.1"
connectionTimeout="60000"
keepAliveTimeout="15000"
maxKeepAliveRequests="-1"
maxThreads="1000"
minSpareThreads="200"
maxSpareThreads="300"
minProcessors="100"
maxProcessors="900"
acceptCount="1000"
enableLookups="false"
executor="tomcatThreadPool"
maxPostSize="-1"
compression="on"
compressionMinSize="1024"
redirectPort="8443" />
my server has no domain, only has a public ip, its /etc/hosts is:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
updated with some commands run in server:
ss -nltp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:* users:(("rpcbind",pid=643,fd=8))
LISTEN 0 128 *:80 *:* users:(("java",pid=31986,fd=53))
LISTEN 0 128 *:22 *:* users:(("sshd",pid=961,fd=3))
LISTEN 0 1 127.0.0.1:8005 *:* users:(("java",pid=31986,fd=68))
LISTEN 0 128 :::111 :::* users:(("rpcbind",pid=643,fd=11))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=961,fd=4))
LISTEN 0 80 :::3306 :::* users:(("mysqld",pid=1160,fd=19))
netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 643/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 31986/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 961/sshd
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 31986/java
tcp6 0 0 :::111 :::* LISTEN 643/rpcbind
tcp6 0 0 :::22 :::* LISTEN 961/sshd
tcp6 0 0 :::3306 :::* LISTEN 1160/mysqld
ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 1396428 bytes 179342662 (171.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1396428 bytes 179342662 (171.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
p2p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.25 netmask 255.255.255.0 broadcast 192.168.1.255
ether f8:bc:12:a3:4f:b7 txqueuelen 1000 (Ethernet)
RX packets 5352432 bytes 3009606926 (2.8 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2839034 bytes 559838396 (533.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: p2p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether f8:bc:12:a3:4f:b7 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.25/24 brd 192.168.1.255 scope global noprefixroute dynamic p2p1
valid_lft 54621sec preferred_lft 54621sec
route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 p2p1
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 p2p1
ip route
default via 192.168.1.1 dev p2p1 proto dhcp metric 100
192.168.1.0/24 dev p2p1 proto kernel scope link src 192.168.1.25 metric 100
iptables -L -n -v --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
You probably have configured one of these:
Firewall public IP's ports, so that nothing goes through.
Tomcat may bind a specific IP, e.g. localhost (see Connector elements in tomcat's server.xml)
Apache httpd, nginx or another reverse proxy might handle various virtual host names, and also they might handle localhost different than the public IP
Port Forwarding - if you only forward localhost:80 to localhost:8080 (tomcat's default port), you might not have anything on publicip:80 that forwards that traffic as well.
Edit after your comment:
incoming traffic seems to be fine, but outgoing you do have those problems. Adding from #stringy05's comment: Check if the IP in question is routable from your server: You're connecting to whatever IP from that server, so use another means to create an outgoing connection, e.g. curl.
Explanation for #1 & #3:
If you connect to an external http server, it will handle the request differently based on the hostname used. It might well be that the IP "hostname" is blocked, either by a high level firewall, or just handled differently than the URL by the webserver itself. In most cases you can check this by connecting to the webserver in question from any other system, e.g. your own browser.
If Tomcat is listening (bound) to your public IP-adres it should work, but maybe your public IP-adres belongs to some other device, like a SOHO router, than your problem is similar to this:
https://superuser.com/questions/208710/public-ip-address-answered-by-router-not-internal-web-server-with-port-forwardi
But without an DNS name you cannot simply add a line to /etc/hosts but you can add the public IP-adres to one of your Network Interfaces Cards (NIC) like lo (loopback), eth0, etc. as described in one of these articles:
https://www.garron.me/en/linux/add-secondary-ip-linux.html
https://www.thegeekdiary.com/centos-rhel-6-how-to-addremove-additional-ip-addresses-to-a-network-interface/
E.g. with public IP-address 1.2.3.4 you would need (which will only be effective until next reboot and worst case might interfere with your ability to connect to the server with e.g. SSH!):
sudo ip addr add 1.2.3.4/32 dev lo
It may be useful to have the output of these commands to better understand your setup, feel free to share it in your question, with consistently anonymized public IP-adres):
Either one of these (ss = socket stat, newer replacement for good old netstat):
ss -nltp
netstat -nltp
And one of these:
ifconfig
ip addr show
And last but not least either one of these:
route
ip route
I don't expect that we need to know your firewall config, but if you use it, it may be interesting to keep an eye on it while you are at it:
iptables -L -n -v --line-numbers
Try putting your public domain names into the local /etc/hosts file of your server like this:
127.0.0.1 localhost YOURPUBLIC.DOMAIN.NAME
This way your Java code does not need to try to use the external IP-adres but instead connects directly to Tomcat.
Good luck!
I think the curl timeout explains it - you have a firewall rule somewhere that is stopping the server accessing the public IP address.
If there's no reason the service can't be accessed using localhost or the local hostname then do that but if you need to call the service via a public IP then it's a matter of working out why the request gets a timeout from the server.
Some usual suspects:
The server might not actually have internet access - can you curl https://www.google.com?
There might be a forward proxy required - a sys admin will know this sort of thing
There might be IP whitelisting on some infra around your server - think AWS security groups, load balancer IP whitelists that sort of thing. To fix that you need to know the public IP of your server curl https://canihazip.com/s and get that added to the whitelist
I spent some time for the ports used by jvm on krt boxes. I see each jvm opens 10 ports.
Five are defined in the command line for mgmt., http, debug, jmx and ajp. Out of the other
five I can understand 1 for activemq and 2 for jdbc. There are two unknown to me
One out of that connects back to the server and another does not show what it is listening
To. The one option I read on net it to increase the range of ephemeral ports (we have 32k
Starting we can go 16k) I am not sure how we can dictate the port numbers for the five
Which are not defined today
Some commands to describe the situation.
[krtdev7#surya:/env/krtdev7/bin]$krtport KRTDataHistory-1
PORT ASSIGNMENTS:
=================
mgmt/shutdown=17091
http=17291
ajp=17491
jmx=17691
debug=17891
[krtdev7#surya:/env/krtdev7/bin] $ netstat -ap|grep 16831
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:17291 0.0.0.0:* LISTEN 16831/java
tcp 0 0 0.0.0.0:17491 0.0.0.0:* LISTEN 16831/java
tcp 0 0 0.0.0.0:36691 0.0.0.0:* LISTEN 16831/java
tcp 0 0 0.0.0.0:40596 0.0.0.0:* LISTEN 16831/java
tcp 0 0 0.0.0.0:17691 0.0.0.0:* LISTEN 16831/java
tcp 0 0 localhost:17091 0.0.0.0:* LISTEN 16831/java
tcp 0 0 0.0.0.0:17891 0.0.0.0:* LISTEN 16831/java
tcp 0 0 surya.internal.su:51631 sky.internal.s:ncube-lm ESTABLISHED 16831/java
tcp 0 0 surya.internal.su:40938 agni.internal.sun:61616 ESTABLISHED 16831/java
tcp 0 0 surya.internal.su:51630 sky.internal.s:ncube-lm ESTABLISHED 16831/java
unix 2 [ ] STREAM CONNECTED 16386441 16831/java**
Now we can see the 5 extra ports are assigned Could anybody let me know how to control these 5 extra port assignment rather how to make the jvm choose from the range of ports for these 5 extra ports?
Im trying to setup a Hadoop single node cluster following this article -
http://www.bogotobogo.com/Hadoop/BigData_hadoop_Install_on_ubuntu_single_node_cluster.php
Everthing looks good but when start the hadoop and list all the ports I see few are missing.
These are the ports in my machine.
tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN 1001 50434 5765/java
tcp 0 0 0.0.0.0:50010 0.0.0.0:* LISTEN 1001 45587 5461/java
tcp 0 0 0.0.0.0:50075 0.0.0.0:* LISTEN 1001 45594 5461/java
tcp 0 0 0.0.0.0:8030 0.0.0.0:* LISTEN 1001 47365 5765/java
tcp 0 0 0.0.0.0:8031 0.0.0.0:* LISTEN 1001 47353 5765/java
tcp 0 0 0.0.0.0:8032 0.0.0.0:* LISTEN 1001 47373 5765/java
tcp 0 0 0.0.0.0:8033 0.0.0.0:* LISTEN 1001 50861 5765/java
tcp 0 0 0.0.0.0:40641 0.0.0.0:* LISTEN 1001 50843 5885/java
tcp 0 0 0.0.0.0:50020 0.0.0.0:* LISTEN 1001 46697 5461/java
tcp 0 0 0.0.0.0:8040 0.0.0.0:* LISTEN 1001 50850 5885/java
tcp 0 0 0.0.0.0:8042 0.0.0.0:* LISTEN 1001 50854 5885/java
tcp 0 0 0.0.0.0:50090 0.0.0.0:* LISTEN 1001 46221 5610/java
and this the list from the link.
hduser#laptop:~$ netstat -plten | grep java
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:50020 0.0.0.0:* LISTEN 1001 1843372 10605/java
tcp 0 0 127.0.0.1:54310 0.0.0.0:* LISTEN 1001 1841277 10447/java
tcp 0 0 0.0.0.0:50090 0.0.0.0:* LISTEN 1001 1841130 10895/java
tcp 0 0 0.0.0.0:50070 0.0.0.0:* LISTEN 1001 1840196 10447/java
tcp 0 0 0.0.0.0:50010 0.0.0.0:* LISTEN 1001 1841320 10605/java
tcp 0 0 0.0.0.0:50075 0.0.0.0:* LISTEN 1001 1841646 10605/java
tcp6 0 0 :::8040 :::* LISTEN 1001 1845543 11383/java
tcp6 0 0 :::8042 :::* LISTEN 1001 1845551 11383/java
tcp6 0 0 :::8088 :::* LISTEN 1001 1842110 11252/java
tcp6 0 0 :::49630 :::* LISTEN 1001 1845534 11383/java
tcp6 0 0 :::8030 :::* LISTEN 1001 1842036 11252/java
tcp6 0 0 :::8031 :::* LISTEN 1001 1842005 11252/java
tcp6 0 0 :::8032 :::* LISTEN 1001 1842100 11252/java
tcp6 0 0 :::8033 :::* LISTEN 1001 1842162 11252/java
Few important things that I miss is 50070 which is used for the web portal.
You can check which Hadoop processes are running using jps command.
This will show you the process names like NameNode, ResourceManager etc. preceded by their process Id.
eg:
7413 Jps
38754 ResourceManager
37054 NameNode
37338 SecondaryNameNode
This tells you that the Namenode and the Resource manager are alive.
You can then use netstat to check which ports these processes are using. eg:
netstat -lnptu |grep 37054
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 37054/java
tcp 0 0 127.0.0.1:50070 0.0.0.0:* LISTEN 37054/java
The ports can be changed by setting the appropriate configuration parameter in the correct configuration file.