3

I run Tomcat7 using JDK7 on Centos6. I enable JMX using the following options:

CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9123 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.local.only=true"

Unfortunately, when I check what ports are opened I discover 2 additional random ports:

netstat -plunt | grep java
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 :::60555                            :::*                LISTEN      22752/java
tcp        0      0 ::ffff:127.0.0.1:8080               :::*                LISTEN      22752/java
tcp        0      0 :::9123                             :::*                LISTEN      22752/java
tcp        0      0 :::40867                            :::*                LISTEN      22752/java

I guess that JMX should open one additional port JMX enabled Java application appears to open a random high order port when JMX client connects

Why JMX in Tomcat opens 2 additional ports?

How can I configure these ports?

If I configure -Dcom.sun.management.jmxremote.local.only=true means additional ports also can be accessed using local access only?

How can I configure ::ffff:127.0.0.1 will appear before all ports opened by JMX?

Community
  • 1
  • 1
Michael
  • 10,063
  • 18
  • 65
  • 104

1 Answers1

1

You can use Tomcat's JMX Remote Lifecycle Listener which allows fixing the ports used by the JMX/RMI Server.
The JMX Remote Lifecycle Listener allows configuring the following ports:

  • rmiRegistryPortPlatform - The port to be used by the JMX/RMI registry for the Platform MBeans. This one should be used instead of the com.sun.management.jmxremote.port system property
  • rmiServerPortPlatform - The port to be used by the Platform JMX/RMI server.

In addtions you can configure the useLocalPorts attribute - Should any clients using these ports be forced to use local ports to connect to the the JMX/RMI server.

Notice that this listener requires catalina-jmx-remote.jar to be placed in $CATALINA_HOME/lib. This jar may be found in the extras directory of the binary download area.

Dror Bereznitsky
  • 20,048
  • 3
  • 48
  • 57
  • Thank you for your help! I success to configure the listener, but... It add 2 additional ports. Now I have 5 ports opened (and no one with `::ffff:127.0.0.1` while I use `useLocalPorts`). Is it Tomcat bug? List of ports: `tcp 0 0 ::ffff:127.0.0.1:8080 :::* tcp 0 0 :::10001 :::* tcp 0 0 :::10002 :::* tcp 0 0 :::34075 :::* tcp 0 0 :::52288 :::* tcp 0 0 :::9123 :::*` – Michael Dec 23 '13 at 07:57
  • 1
    you can set the value of rmiBindAddress to 127.0.0.1 – Dror Bereznitsky Dec 23 '13 at 09:18
  • Thanks, it effect on two ports that was configured in the JmxRemoteLifecycleListener. Any case, it not effect on to additional random ports and I do not understand why they are opened (BTW, you can see that they are random - look on all lists). Is it Tomcat bug? List of ports: `tcp 0 0 :::40973 tcp 0 0 :::32814 tcp 0 0 ::ffff:127.0.0.1:8080 tcp 0 0 ::ffff:127.0.0.1:10001 tcp 0 0 ::ffff:127.0.0.1:10002 tcp 0 0 :::9123` – Michael Dec 23 '13 at 09:56
  • Not sure if this is a Tomcat issue. If you completely disable JMX do you see that the JVM is not listening to those random ports? btw, port 9123 seems to repeat itself – Dror Bereznitsky Dec 23 '13 at 10:00
  • When I comment out JmxRemoteLifecycleListener and JMX settings listed in the question above I have only one port as expected: `tcp 0 0 ::ffff:127.0.0.1:8080 :::*` – Michael Dec 23 '13 at 11:17
  • Port 9123 is configured via JMX and it is expected `-Dcom.sun.management.jmxremote.port=9123`. BTW, it is Tomcat 7.0.47 and Java 1.7.0_45-b18 – Michael Dec 23 '13 at 11:54
  • You should not configure the com.sun.management.jmxremote.port system property when using the JMX Remote Lifecycle Listener. The rmiRegistryPortPlatform attribute is replacing it. This might be the issue – Dror Bereznitsky Dec 23 '13 at 12:48
  • It was improved!! Now I have only one random port (60714 in the list below) when I configure the following JmxRemoteLifecycleListener: `` Is it Tomcat bug? List of ports: `tcp 0 0 ::ffff:127.0.0.1:8080 :::* tcp 0 0 ::ffff:127.0.0.1:10002 :::* tcp 0 0 ::ffff:127.0.0.1:9123 :::* tcp 0 0 :::60714 :::*` – Michael Dec 23 '13 at 13:15
  • This port seems to be related but I'm not sure what it used for. Trying the same setup on a Centos box I see that it is not being used when connecting with JConsole – Dror Bereznitsky Dec 25 '13 at 08:10
  • This thread suggests that the third port is probably related to RMI registry of the local only server : https://bugs.openjdk.java.net/browse/JDK-8035404 – Priyank Jan 04 '22 at 04:49