tomcat not accessible from web browser

sabsac

New Member
Credits
89
I have installed jenkins on centos 7 on my gcp instance. It is configured to listen on port 8080. then I installed tomcat server on the same system. I configured the hhtp port to listen on port 8090 in server.xml file. I am not able access tomcat on my web browsers.Port 8090 is not showing up when do a "systemctl status tomcat" command


tomcat port.png
o
 


f33dm3bits

Gold Member
Gold Supporter
Credits
6,156
Is there something listening on port 8090? Also did you add port 8090 to your firewall to allow connections from outside? And you will probably need to add port 8090 to your selinux configuration as well for it to allow to run as a http port.
 

sabsac

New Member
Credits
89
this is google cloud console so I have allowed all traffic in firewall rules for incoming.yes jenkins is listening to port 8080
 

sabsac

New Member
Credits
89
the catalina server is showing following error in the log:
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8090"]
java.net.BindException: Permission denied (Bind failed) <null>:8090
 

f33dm3bits

Gold Member
Gold Supporter
Credits
6,156
the catalina server is showing following error in the log:
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8090"]
java.net.BindException: Permission denied (Bind failed) <null>:8090
It's probably what I mentioned in my first reply, selinux. Check your log file to be sure it's selinux:
Code:
grep avc /var/log/audit/audit.log
Then add the port to your selinux to allow it to bind as http port. Read the man page:
Code:
man semanage port
 
Last edited:

sabsac

New Member
Credits
89
grep avc /var/log/audit/audit.log
type=USER_AVC msg=audit(1595343305.680:445): pid=423 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received policyload notice (seqno=2) exe=2F7573722F62696E2F646275732D6461656D6F6E3B3566313730313931202864656C6574656429 sauid=81 hostname=? addr=? terminal=?'
type=AVC msg=audit(1595567971.725:317): avc: denied { name_bind } for pid=1983 comm="java" src=8090 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:eek:bject_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1595570522.592:379): avc: denied { name_bind } for pid=2144 comm="java" src=8090 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:eek:bject_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1595601828.089:182): avc: denied { name_bind } for pid=1331 comm="java" src=8090 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:eek:bject_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1595604081.421:379): avc: denied { name_bind } for pid=1577 comm="java" src=8090 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:eek:bject_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1595609429.377:760): avc: denied { name_bind } for pid=2379 comm="java" src=8090 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:eek:bject_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1595610182.369:1558): avc: denied { name_bind } for pid=2705 comm="java" src=8090 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:eek:bject_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1595611358.439:3982): avc: denied { name_bind } for pid=3244 comm="java" src=8090 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:eek:bject_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1595655314.254:130): avc: denied { name_bind } for pid=847 comm="java" src=8090 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:eek:bject_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1595657920.820:198): avc: denied { name_bind } for pid=1523 comm="java" src=8090 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:eek:bject_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0
 

f33dm3bits

Gold Member
Gold Supporter
Credits
6,156
Yes so like I said selinux is blocking you from binding on port 8090. Add port 8090 as a http port, read the man page I mentioned, and use the example on port 8090.
 

sabsac

New Member
Credits
89
Thanks for helping me solve my issue. my grattitudes. "grep avc /var/log/audit/audit.log " it was se linux issue. By the way what is a this avc folder and where can I read official documentation about this folder in centos 7?
 

f33dm3bits

Gold Member
Gold Supporter
Credits
6,156
Thanks for helping me solve my issue. my grattitudes. "grep avc /var/log/audit/audit.log " it was se linux issue. By the way what is a this avc folder and where can I read official documentation about this folder in centos 7?
You can read the rhel7 documentation about selinux.
 


Members online


Top