Problem with port open for HTTPS

If none of the more specific forums is the right place to ask

Problem with port open for HTTPS

Postby Kirill_code » 2020-01-21 13:16

Hi, I have issue:
I use tomcat 9.0.3 with this configs:

<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="mystore2" keystorePass="PWD"
clientAuth="false" sslProtocol="TLS"/>
and this listners:
org.apache.catalina.startup.VersionLoggerListener
org.apache.catalina.core.JreMemoryLeakPreventionListener
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
org.apache.catalina.core.ThreadLocalLeakPreventionListener

when I try connect from browser it throw ERR_CONNECTION_REFUSED

I try open 8443 port by:

iptables -I INPUT 1 -p tcp --dport 8443 -j ACCEPT
ufw allow https
But when I check remotely port closed even though result of ufw status:

Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
8080 ALLOW Anywhere
8443 ALLOW Anywhere
22 ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
8080 (v6) ALLOW Anywhere (v6)
8443 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)

netstat -tulpn | grep LISTEN:

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 622/sshd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 684/mysqld
tcp6 0 0 :::22 :::* LISTEN 622/sshd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 618/java
tcp6 0 0 :::8080 :::* LISTEN 618/java
Kirill_code
 
Posts: 5
Joined: 2020-01-20 08:53

Re: Problem with port open for HTTPS

Postby Chrisdb » 2020-01-21 13:22

Traffic is allowed on your port, but it seems there is nothing listening...

Did you run:
Code: Select all
sudo systemctl start tomcat


btw, quote from the other thread:
Head_on_a_Stick wrote:As noted by p.H above, iptables cannot open or close ports, it can only allow or deny access to them.
Chrisdb
 
Posts: 253
Joined: 2018-04-10 07:16

Re: Problem with port open for HTTPS

Postby Kirill_code » 2020-01-22 08:09

Chrisdb wrote:Traffic is allowed on your port, but it seems there is nothing listening...

Did you run:
Code: Select all
sudo systemctl start tomcat




Yes, Tomcat is running and all fine for 8080 port

What else can be wrong?
Kirill_code
 
Posts: 5
Joined: 2020-01-20 08:53

Re: Problem with port open for HTTPS

Postby Chrisdb » 2020-01-22 08:50

Kirill_code wrote:Yes, Tomcat is running and all fine for 8080 port


Now that's strange, your setup looks like this according to your first post:
Code: Select all
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
...


If Tomcat is listening on port 8080, you will not get any response on 8443...

**EDIT:
Maybe you'll want to redirect to port 8443:
Code: Select all
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8080" maxThreads="200"
... redirectPort="8443" />
Chrisdb
 
Posts: 253
Joined: 2018-04-10 07:16

Re: Problem with port open for HTTPS

Postby Kirill_code » 2020-01-22 10:47

Chrisdb wrote:**EDIT:
Maybe you'll want to redirect to port 8443:
Code: Select all
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8080" maxThreads="200"
... redirectPort="8443" />


Same result.

This is my localhost tomcat config, where all fine for 8080 and 8443 ports

Code: Select all
<?xml version='1.0' encoding='utf-8'?>

<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
 
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
   
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
                />
   

       <Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="mystore" keystorePass="password"
           clientAuth="false" sslProtocol="TLS"/>

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

    <Engine name="Catalina" defaultHost="localhost">

     
      <Realm className="org.apache.catalina.realm.LockOutRealm">
       
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

       
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>
Kirill_code
 
Posts: 5
Joined: 2020-01-20 08:53

Re: Problem with port open for HTTPS

Postby Chrisdb » 2020-01-22 11:56

Check the log files, do you see any errors?

what's the output of
Code: Select all
lsof -i


and (without grep):
Code: Select all
netstat -tulpn
Chrisdb
 
Posts: 253
Joined: 2018-04-10 07:16

Re: Problem with port open for HTTPS

Postby Kirill_code » 2020-01-23 10:11

Chrisdb wrote:Check the log files, do you see any errors?

what's the output of
Code: Select all
lsof -i


and (without grep):
Code: Select all
netstat -tulpn


Thanks for answer. I missed logs in tomcat...Maybe because it didn't show anything in status.

Main problem was in passwords for keystore :D
Kirill_code
 
Posts: 5
Joined: 2020-01-20 08:53


Return to General Questions

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable