Topic
17 replies Latest Post - ‏2014-01-21T21:29:08Z by Alasdair
bmparees
bmparees
9 Posts
ACCEPTED ANSWER

Pinned topic liberty localhost port binding

‏2013-12-20T15:59:13Z |

By default my liberty 8.5.5 server is binding to a random port on 127.0.0.1:

$ bin/server start
Starting server defaultServer.
Server defaultServer started with process ID 12683.

$ netstat -anp | grep 12683
tcp6       0      0 127.0.0.1:9080          :::*                    LISTEN      12683/java          
tcp6       0      0 127.0.0.1:55967         :::*                    LISTEN      12683/java          
 

I know the binding to 9080 can be configured, but what is listening on port 55967 and can I either disable it, or change the host it is binding to?

 

  • AlexMulholland
    AlexMulholland
    32 Posts
    ACCEPTED ANSWER

    Re: liberty localhost port binding

    ‏2014-01-03T20:06:54Z  in response to bmparees

    Hello Ben,

    The Liberty server acquires an ephemeral port to be used by the command listener.  This is used for example by the 'server' command script to stop the server, generate dumps etc.  

    There is an APAR in the works that will allow users to override the port number or to disable the port completely, but be aware that the latter will mean that some commands will no longer work.

    http://www-01.ibm.com/support/docview.wss?uid=swg1PM89272

    If this is a critical problem and you have a support contract you can request an iFix through the normal service process.

    Regards, Alex.

     

     

    • bmparees
      bmparees
      9 Posts
      ACCEPTED ANSWER

      Re: liberty localhost port binding

      ‏2014-01-16T15:29:09Z  in response to AlexMulholland

      No support contract unfortunately.  In looking at that apar it indicates you'll be able to specify the port, but it doesn't say anything about disabling.  Maybe that was just left out of the description and setting the port to "-1" will disable it entirely? 

      Alternatively/in addition, it would be nice to be able to specify which interface(s) it binds to, though I assume localhost was chosen for security reasons.

       

       

       

      • Alasdair
        Alasdair
        55 Posts
        ACCEPTED ANSWER

        Re: liberty localhost port binding

        ‏2014-01-17T00:05:05Z  in response to bmparees

        It only listens on localhost for security reasons. I wouldn't want to allow that to be overridden.

        You are correct that setting it to -1 disables the command listener.

        Alasdair

        • bmparees
          bmparees
          9 Posts
          ACCEPTED ANSWER

          Re: liberty localhost port binding

          ‏2014-01-17T16:23:24Z  in response to Alasdair

          For my particular use case, allowing it to be configured as anything in 127.*.*.* would be sufficient, so it could still restrict to localhost, just not solely 127.0.0.1

           

           

          • erin.schnabel
            erin.schnabel
            16 Posts
            ACCEPTED ANSWER

            Re: liberty localhost port binding

            ‏2014-01-17T18:50:15Z  in response to bmparees

            Can you please elaborate on this usecase? We do not hard-code 127.0.0.1, but we do mandate a loopback address be used when we bind the socket.

            • bmparees
              bmparees
              9 Posts
              ACCEPTED ANSWER

              Re: liberty localhost port binding

              ‏2014-01-17T20:29:07Z  in response to erin.schnabel

              I'm considering developing a Liberty cartridge (runtime option)  for the OpenShift PaaS, however the OpenShift PaaS runs applications inside a secure linux container which does not allow binding to 127.0.0.1 since that would not properly isolate applications running in different containers on the same host.  Each container is assigned its own loopback ip which applications/runtimes inside that container can bind to.

              Again, just disabling the port is sufficient, but it might be nice for uses to still be able to use the command interface (locally).

              (full disclosure, I now work on the RedHat OpenShift team)

               

               

              • erin.schnabel
                erin.schnabel
                16 Posts
                ACCEPTED ANSWER

                Re: liberty localhost port binding

                ‏2014-01-20T15:16:16Z  in response to bmparees

                Have you tried changing the localhost entry in /etc/hosts on these systems to match the assigned loopback? I'm curious if that would solve your problem, while allowing the command port to be available (which is useful should you ever need to dump the server..)

                • bmparees
                  bmparees
                  9 Posts
                  ACCEPTED ANSWER

                  Re: liberty localhost port binding

                  ‏2014-01-21T00:54:20Z  in response to erin.schnabel

                  Unfortunately that's not an option for an Openshift environment.  These are secured container environments within a single linux OS.  They have separate process namespaces, but the network and filesystem environment is global.  The difference is that selinux rules enforce what ports/ips/files processes running within a given container can access.
                   

                  So a process within a container would not be able to modify the global /etc/hosts file.  In addition, there can be (will be) multiple containers running, each with its own loopback ip, so just updating the /etc/hosts localhost value to point to one of them wouldn't really solve the problem. 

                   

                  • Alasdair
                    Alasdair
                    55 Posts
                    ACCEPTED ANSWER

                    Re: liberty localhost port binding

                    ‏2014-01-21T10:14:58Z  in response to bmparees

                    Hi,

                    I'm really not familiar with this environment, but in general how are processes running in this environment expected to discover the loopback ip they should be using? Is it literally that they are expected to be configured, or is there some magic way to discover it?

                    Thanks
                    Alasdair

                    • bmparees
                      bmparees
                      9 Posts
                      ACCEPTED ANSWER

                      Re: liberty localhost port binding

                      ‏2014-01-21T14:39:45Z  in response to Alasdair

                      They can pick up the assigned IP via an environment variable.  If Liberty supported configuring this I'd expect to write some scripting to update the liberty config w/ the right IP based on the environment variable before starting Liberty.

                       

                      • Alasdair
                        Alasdair
                        55 Posts
                        ACCEPTED ANSWER

                        Re: liberty localhost port binding

                        ‏2014-01-21T18:17:13Z  in response to bmparees

                        Do you mean if I were do something like this System.getenv(SOME_CONSTANT_ENV_NAME); I would get the right IP? 

                        Thanks
                        Alasdair

                        • bmparees
                          bmparees
                          9 Posts
                          ACCEPTED ANSWER

                          Re: liberty localhost port binding

                          ‏2014-01-21T18:48:56Z  in response to Alasdair

                          Precisely, though again my intent would be to generate the config xml already containing the correct value, via a script that used the environment variable, so Liberty would not need to be aware of any environment variable.
                            (Unless the Liberty config allows reference to environment variables?  that would simplify things of course)

                           

                          • Alasdair
                            Alasdair
                            55 Posts
                            ACCEPTED ANSWER

                            Re: liberty localhost port binding

                            ‏2014-01-21T20:06:43Z  in response to bmparees

                            Assuming you are using a release after 8.5.5.0 you can do this:

                            ${env.HOST}

                            which will resolve to the HOST environment variable.

                            Will the environment variable name vary depending on which container is being used? Or is it a fixed environment variable?

                            • bmparees
                              bmparees
                              9 Posts
                              ACCEPTED ANSWER

                              Re: liberty localhost port binding

                              ‏2014-01-21T20:19:41Z  in response to Alasdair

                              the environment variable name will be fixed, so that could definitely work.

                               

                               

                              • Alasdair
                                Alasdair
                                55 Posts
                                ACCEPTED ANSWER

                                Re: liberty localhost port binding

                                ‏2014-01-21T20:26:48Z  in response to bmparees

                                And the million dollar question would be what is the environment variable called?

                                • bmparees
                                  bmparees
                                  9 Posts
                                  ACCEPTED ANSWER

                                  Re: liberty localhost port binding

                                  ‏2014-01-21T20:31:36Z  in response to Alasdair

                                  The million dollar answer: TBD.

                                  A likely candidate would be:  OPENSHIFT_LIBERTY_IP  (This would be the IP liberty would be expected to bind to for all ports..   http requests are proxied into the ip from the host's external ip, so liberty does not need to (nor would be allowed to) bind to it.

                                  But i'm not sure why you would need that information?  I assume you're not going to hardcode anything into Liberty...

                                   

                                  • Alasdair
                                    Alasdair
                                    55 Posts
                                    ACCEPTED ANSWER

                                    Re: liberty localhost port binding

                                    ‏2014-01-21T21:29:08Z  in response to bmparees

                                    No, I'm certainly not planning to hardcode that into Liberty. I was trying to understand whether this was a standardish linux environment property, like $HOST, or not. If it was then I might have had Liberty pick it up, but not with that property.

                                    Congratulations on your new job. Good luck.