LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-15-2016, 06:19 PM   #1
baedamichi
LQ Newbie
 
Registered: Apr 2014
Posts: 7

Rep: Reputation: Disabled
Problems with tomcat6 - cannot access Tomcat Manager + firewall blocks port 8080


A good day to you dear community!

After 5 days of trying to fix my tomcat6 problems, I decided to com eto the community for help...

The setup is actually rather simple. A fresh install of Novell Open Enterprise (aka Suse Linux Enterprise plus a few Novell addons) server with a fresh install of tomcat 6 (and the manager application of tomcat6 too).

This server is one of several machines which are all in a subnet and connected to the internet with Endian Firewall as a gateway.

For a better understanding, here's a link to a dropbox-folder containing all the relevant files:

https://www.dropbox.com/sh/iwb9o9e3f...JCilVuyCa?dl=0
Sorry about that, but you can only attach small files and only 5 here...

I'm experiencing two problems for which I still don't have a solution after endless hours of trying:

1) The Suse Firewall doesn't let any hosts connect to my tomcat6 machine on port 8080. Apart from the standard firewall exceptions (http server, https) which you can enable in Suse (see screenshot 1), I even created custom rules for ports 8080 and 8443 just to make sure they are included. Ant to make even more sure they're open, I created that rule for internal, external and demilitarized zone.

Still, going to http://<ip>:8080 from another machine on the same subnet always results in a timeout. Well, not always, it always works as soon as I completely disable the firewall on my tomcat machine. I don't understand it, why would the firewall still block port 8080 even if it is in the exception list? (And yes, of course, I restarted the firewall after each and every configuration change, being a Windows guy, I even tried rebooting the server itself - no luck there).

2) I cannot get the authentication for the manager to work. As soon as I click "manager" on the tomcat welcome page, I get prompted for a username/password, as expected. But the correct credentials as per the tomcat-user.xml are simply not accepted.

I think I set the user by the book, following the instructions on the tomcat website itself:

From my tomcat-users.xml:

<tomcat-users>
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<!--
NOTE: The sample user and role entries below are wrapped in a comment
and thus are ignored when reading this file. Do not forget to remove
<!.. ..> that surrounds them.
-->
<role rolename="manager-gui"/>
<user username="tomcat-admin" password="cat-dog-888" roles="manager-gui"/>
</tomcat-users>

From my server.xml:

<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="/etc/tomcat6/tomcat-users.xml" />
</GlobalNamingResources>

A bit further down:

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>

I don't know what's wrong here...

Tomcat is up and running, rctomcat6 start doesn't throw me any erros, and netstat -ntpl | grep 8080 shows that tomcat is listening on port 8080 as I want it to. The logfiles don't show any errors related to user authetication or tomcat6 itself, there are many errors concerning one of the installed webapps (the one called vce), but of course I tried everything also with that webapps not installed (i.e. deleted from the webapps directory), no change there either.

Any help from a linux specialist would be greatly appreciated.

Cheers and thanks a lot,

Peter
Attached Files
File Type: txt catalina.2016-10-15.log.txt (239.5 KB, 13 views)
File Type: txt catalina.policy.txt (10.3 KB, 10 views)
File Type: txt catalina.properties.txt (3.7 KB, 11 views)
File Type: txt context.xml.txt (1.4 KB, 8 views)
File Type: txt localhost.2016-10-15.log.txt (87.2 KB, 6 views)
 
Old 10-17-2016, 03:55 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,566

Rep: Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794
Hi,

1)Re. the Suse firewall, I know nothing as I don't use Suse. But you may try yast to configure it.


2)
Quote:
The logfiles don't show any errors related to user authetication or tomcat6 itself, there are many errors concerning one of the installed webapps (the one called vce), but of course I tried everything also with that webapps not installed (i.e. deleted from the webapps directory), no change there either.
Well I see that you get some errors in catalina.2016-10-15.log, like:
Quote:
<-snip->
SEVERE: Parse Fatal Error at line 33 column 3: The element type "role" must be terminated by the matching end-tag "</role>".
org.xml.sax.SAXParseException: The element type "role" must be terminated by the matching end-tag "</role>".
<-snip->
Your tomcat-users.xml looks good, so perhaps tomcat reads a different one (is it /etc/tomcat6/tomcat-users.xml?)
Anyway double check tomcat-users.xml for errors (like not-closed tags), or write one from scratch


Regards
 
Old 10-17-2016, 03:08 PM   #3
baedamichi
LQ Newbie
 
Registered: Apr 2014
Posts: 7

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by bathory View Post
Hi,
1)Re. the Suse firewall, I know nothing as I don't use Suse. But you may try yast to configure it.
I did use Yast to coonfigure it, te exceptions of port 8080 and 8443 are shown in Yast, but the linux machine still doesn't accept requests to these ports. That's exactly my prolem.


Quote:
Originally Posted by bathory View Post
2)
Well I see that you get some errors in catalina.2016-10-15.log
Thanks for pointing that out, I must have overlooked that.

I uninstalled tomcat6 using Yast, then reinstalled, now I don't have any errors in catalina.log except for "java.io.IOException: Failed to access resource /WEB-INF/lib/[taglibs-core].jar". I The file mentioned is a symlink, which in turn links to another symlink, which in turn links to a file which is there. So I wouldn't know why there is an access error.

Btw, now I don't even get prompted for a password when clicking "Tomcat Manager" but a "problem loading page" errord (not a file not found error, tomcat-manager is installed).

Any ideas what else I might try?


Regards
 
Old 10-17-2016, 03:19 PM   #4
baedamichi
LQ Newbie
 
Registered: Apr 2014
Posts: 7

Original Poster
Rep: Reputation: Disabled
Got my host manager working! The error was quite simple I guess, I think you shouldn't have tabstops in your tomcat-users.xml, might I be right in that assumption?

I can now access host manager as intended, how wonderful.

That still leaes two problems:

1) One error message remaining in catalina.log:
java.io.IOException: Failed to access resource /WEB-INF/lib/[taglibs-core].jar

Haven't tested if this errod affects tomcat6, the manager application seems to be plain html without java. I will test. But still, being a newbie in a linux newbie forum, I would simply like to know what exactly that error message means.

2) Still got my firewall problem. With firewall turned off, I can perfectly access tomcat from other machines, but as soon as my firewall is on it stops working, even though the correct exceptions are set in Yast. Anyone with any ideas?

Cheers, Peter
 
Old 10-17-2016, 03:21 PM   #5
baedamichi
LQ Newbie
 
Registered: Apr 2014
Posts: 7

Original Poster
Rep: Reputation: Disabled
Oh, people probably want to know what's in my tomcat.xml:

<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<tomcat-users>
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<!--
NOTE: The sample user and role entries below are wrapped in a comment
and thus are ignored when reading this file. Do not forget to remove
<!.. ..> that surrounds them.
-->

<role rolename="tomcat"/>
<role rolename="manager-gui"/>
<role rolename="admin-gui"/>
<user username="meow" password="dontask" roles="tomcat,manager-gui,admin-gui"/>

</tomcat-users>


Apart from tomcat.xml, I haven't changed anything after reinstlling tomcat using Yast.
 
Old 10-18-2016, 03:47 AM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,566

Rep: Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794
Quote:
Originally Posted by baedamichi View Post
That still leaes two problems:

1) One error message remaining in catalina.log:
java.io.IOException: Failed to access resource /WEB-INF/lib/[taglibs-core].jar

Haven't tested if this errod affects tomcat6, the manager application seems to be plain html without java. I will test. But still, being a newbie in a linux newbie forum, I would simply like to know what exactly that error message means.

2) Still got my firewall problem. With firewall turned off, I can perfectly access tomcat from other machines, but as soon as my firewall is on it stops working, even though the correct exceptions are set in Yast. Anyone with any ideas?

Cheers, Peter
1. This is a strange filename [taglibs-core].jar that tomcat complains about. Dunno how you got it, but I guess it has something to do with the Suse tomcat package.
I suggest you to uninstall the tomcat package using yast and then download a binary directly from apache-tomcat. You just extract it and it's ready for use.

2. As I told you I have never used Suse, so I cannont help you on this. But if the yast firewall setup doesn't work as expected, you may try to do it directly from CLI. Just make a backup of the file(s) you edit before anything else.

Regards
 
Old 10-22-2016, 03:50 AM   #7
baedamichi
LQ Newbie
 
Registered: Apr 2014
Posts: 7

Original Poster
Rep: Reputation: Disabled
Hi,

I posted my problem in the SUSE forums, maybe those guys will know what to do.

Installing "another" tomcat6 than the one in the OES2015 repos is something I would only want to do as a last resort, as many Novell services depend on it.

Post about the firewall problem:

https://forums.suse.com/showthread.p...4859#post34859

Post about the strange Java message tomcat complains about:

https://forums.suse.com/showthread.p...4860#post34860
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Tomcat6 stops listening on port 80 when i change from port 8080 to port 80 trongthect Linux - Server 1 07-27-2012 05:41 PM
[SOLVED] Tomcat6 stops listening when i change from port 8080 Droa Linux - Server 7 07-26-2012 03:56 PM
CentOS 5: iptables - cannot open port 80 and nat to port 8080 for Tomcat steve willett Linux - Networking 4 09-24-2010 04:03 AM
Tomcat port 8080 stuck open theofb Linux - Networking 4 01-03-2009 05:13 PM
access 8080 web server port through squid running on 8080 sunethj Linux - Networking 11 05-18-2007 02:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration