zoukankan      html  css  js  c++  java
  • Tomcat Firewall JMX RMI 规格严格

    今天同事在现场遇到这样一个问题,堆栈如下:

    [2012-05-10 15:26:52,798] INFO  [main] util.RMIClientSocketFactory ClientSocketFactory.createSocket(10.154.2.23, 63828) -> 10.154.2.23
    [2012-05-10 15:27:13,802] ERROR <root> Failed to obtain jmx connection to service:jmx:rmi:///jndi/rmi://10.154.2.23:8999/jmxrmi, cause: Connection refused to host: 10.154.2.23; nested exception is: 
    java.net.ConnectException: Connection timed out: connect
    [2012-05-10 15:27:13,803] ERROR [main] util.JmxUtil Failed to obtain jmx connection to service:jmx:rmi:///jndi/rmi://10.154.2.23:8999/jmxrmi, cause: Connection refused to host: 10.154.2.23; nested exception is: 
    java.net.ConnectException: Connection timed out: connect
    [2012-05-10 15:27:13,803] WARN  [main] tomcat.TomcatMonitor55 Connection refused to host: 10.154.2.23; nested exception is: 
    java.net.ConnectException: Connection timed out: connect
    java.rmi.ConnectException: Connection refused to host: 10.154.2.23; nested exception is: 
    java.net.ConnectException: Connection timed out: connect
    at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
    at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
    at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
    at sun.rmi.server.UnicastRef.invoke(Unknown Source)
    at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
    at javax.management.remote.rmi.RMIConnector.getConnection(Unknown Source)
    at javax.management.remote.rmi.RMIConnector.connect(Unknown Source)
    at javax.management.remote.JMXConnectorFactory.connect(Unknown Source)
     
    Caused by: java.net.ConnectException: Connection timed out: connect
    at java.net.DualStackPlainSocketImpl.connect0(Native Method)
    at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
    at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
    at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
    at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
    at java.net.PlainSocketImpl.connect(Unknown Source)
    at java.net.SocksSocketImpl.connect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at java.net.Socket.<init>(Unknown Source)
    at java.net.Socket.<init>(Unknown Source)
    ... 12 more

    去除了公司的代码提示。

    解决方案,必须参考tomcat官网和tomcat源码以及Sun的JMX指南,这类问题,Sun提出解决方案了,Tomcat实现了,并且在其官网上有,这是我发的邮件,就不加工了:

    这个问题很清晰,因为你是用RMI连接的,JMXRMI一共开放两个端口,一个RMIRegistry端口,就是你界面配置的端口,另一个是RMI协议栈随机选择,这个端口如果不人工控制的话,操作

    系统会随机选择的,你开启防火墙当然不行了,因为还有一个端口需要开放。

    这个问题解决方案也很简单,必须人为选择端口,这个Tomcat文档上有,这个是从Tomcat官网上找到的:

    JMX Remote Lifecycle Listener (org.apache.catalina.mbeans.JmxRemoteLifecycleListener)
    This listener requires catalina-jmx-remote.jar to be placed in $CATALINA_HOME/lib. This jar may be found in the extras directory of the binary download area.

    The JMX Remote Lifecycle Listener fixes the ports used by the JMX/RMI Server making things much simpler if you need to connect jconsole or a similar tool to a remote Tomcat instance that is running behind a firewall. Only these ports are configured via the listener. The remainder of the configuration is via the standard system properties for configuring JMX. If this listener was configured in server.xml as:

     <Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
              rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" />
     

    需要你根据现场的Tomcat版本手工下载一个 catalina-jmx-remote.jar 包,这个包里面就有这个Listener类,其中10002是你之前配置的8999,10001就是我们要新添加的端口,这个
    必须也在防火墙里面配置。

    上面的配置需要放在tomcat conf下的server.xml里面。

    另外这个10002配置后,你的-Dcom.sun.management.jmxremote.port=8999 就不要添加了,去掉这句。

  • 相关阅读:
    【leetcode】416. Partition Equal Subset Sum
    【leetcode】893. Groups of Special-Equivalent Strings
    【leetcode】892. Surface Area of 3D Shapes
    【leetcode】883. Projection Area of 3D Shapes
    【leetcode】140. Word Break II
    【leetcode】126. Word Ladder II
    【leetcode】44. Wildcard Matching
    【leetcode】336. Palindrome Pairs
    【leetcode】354. Russian Doll Envelopes
    2017.12.22 英语面试手记
  • 原文地址:https://www.cnblogs.com/diyunpeng/p/2494951.html
Copyright © 2011-2022 走看看