Tomcat Firewall JMX RMI 规格严格

zoukankan html css js c++ java

Tomcat Firewall JMX RMI 规格严格

今天同事在现场遇到这样一个问题，堆栈如下：

[2012-05-10 15:26:52,798] INFO  [main] util.RMIClientSocketFactory ClientSocketFactory.createSocket(10.154.2.23, 63828) -> 10.154.2.23

[2012-05-10 15:27:13,802] ERROR <root> Failed to obtain jmx connection to service:jmx:rmi:///jndi/rmi://10.154.2.23:8999/jmxrmi, cause: Connection refused to host: 10.154.2.23; nested exception is:

java.net.ConnectException: Connection timed out: connect

[2012-05-10 15:27:13,803] ERROR [main] util.JmxUtil Failed to obtain jmx connection to service:jmx:rmi:///jndi/rmi://10.154.2.23:8999/jmxrmi, cause: Connection refused to host: 10.154.2.23; nested exception is:

java.net.ConnectException: Connection timed out: connect

[2012-05-10 15:27:13,803] WARN  [main] tomcat.TomcatMonitor55 Connection refused to host: 10.154.2.23; nested exception is:

java.net.ConnectException: Connection timed out: connect

java.rmi.ConnectException: Connection refused to host: 10.154.2.23; nested exception is:

java.net.ConnectException: Connection timed out: connect

at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)

at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)

at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)

at sun.rmi.server.UnicastRef.invoke(Unknown Source)

at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)

at javax.management.remote.rmi.RMIConnector.getConnection(Unknown Source)

at javax.management.remote.rmi.RMIConnector.connect(Unknown Source)

at javax.management.remote.JMXConnectorFactory.connect(Unknown Source)

Caused by: java.net.ConnectException: Connection timed out: connect

at java.net.DualStackPlainSocketImpl.connect0(Native Method)

at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)

at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)

at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)

at java.net.AbstractPlainSocketImpl.connect(Unknown Source)

at java.net.PlainSocketImpl.connect(Unknown Source)

at java.net.SocksSocketImpl.connect(Unknown Source)

at java.net.Socket.connect(Unknown Source)

at java.net.Socket.connect(Unknown Source)

at java.net.Socket.<init>(Unknown Source)

at java.net.Socket.<init>(Unknown Source)

... 12 more

去除了公司的代码提示。

解决方案，必须参考tomcat官网和tomcat源码以及Sun的JMX指南，这类问题，Sun提出解决方案了，Tomcat实现了，并且在其官网上有，这是我发的邮件，就不加工了：

这个问题很清晰，因为你是用RMI连接的,JMXRMI一共开放两个端口，一个RMIRegistry端口，就是你界面配置的端口，另一个是RMI协议栈随机选择，这个端口如果不人工控制的话，操作

系统会随机选择的，你开启防火墙当然不行了，因为还有一个端口需要开放。

这个问题解决方案也很简单，必须人为选择端口，这个Tomcat文档上有，这个是从Tomcat官网上找到的：

JMX Remote Lifecycle Listener (org.apache.catalina.mbeans.JmxRemoteLifecycleListener)
This listener requires catalina-jmx-remote.jar to be placed in $CATALINA_HOME/lib. This jar may be found in the extras directory of the binary download area.

The JMX Remote Lifecycle Listener fixes the ports used by the JMX/RMI Server making things much simpler if you need to connect jconsole or a similar tool to a remote Tomcat instance that is running behind a firewall. Only these ports are configured via the listener. The remainder of the configuration is via the standard system properties for configuring JMX. If this listener was configured in server.xml as:

<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
          rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" />

需要你根据现场的Tomcat版本手工下载一个 catalina-jmx-remote.jar 包，这个包里面就有这个Listener类，其中10002是你之前配置的8999，10001就是我们要新添加的端口，这个
必须也在防火墙里面配置。

上面的配置需要放在tomcat conf下的server.xml里面。

另外这个10002配置后，你的-Dcom.sun.management.jmxremote.port=8999 就不要添加了，去掉这句。

查看全文

相关阅读:
CSP第二轮比赛注意事项
 2021 CCF非专业级别软件能力认证第一轮 (CSP-S)提高级 C++答案及解析
 2021 CCF非专业级别软件能力认证第一轮 (CSP-J)入门级 C++答案及解析
 Python编程与实际运用
 CCF NOI大纲
 搭建自己的kms服务器激活windows和office
腾讯云数据库连接navicat
Java unicode编码转换
 git 强制更新版本
 oracle相关

原文地址：https://www.cnblogs.com/diyunpeng/p/2494951.html