Jetty CXF with two hosts and same ports - jetty

The server starts normally, but ignore the second host.
10.23.18.240 works, 10.23.18.241 don't.
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
<httpj:engine-factory bus="cxf">
<httpj:engine port="443" host="10.23.18.240">
...
</httpj:engine>
<httpj:engine port="443" host="10.23.18.241">
...
</httpj:engine>
</httpj:engine-factory>

If you want to jetty listen to all the network interfaces of the box, you should use host "0.0.0.0".

Related

Tomcat9 remote debugging

Is there some trick for remote debugging a Tomcat9 from outside localhost?
I have a AWS bastion -> server setup and on the server itself
ss -tunlp sees 127.0.0.1:8787 0.0.0.0:*
but nmap on the bastion server doesn't see 8787 open
the other (visible) stuff on the server ss lists as *:port which looks "wider" for sure
The security group for the server is OK and a reachability analysis confirms it. A also see all the other stuff (MySQL, RDP, SSH etc) that I use in exactly the same way
Thanks in advance,
Nik
/etc/default/tomcat9 (on Ubuntu 20) has the line
#JAVA_OPTS="${JAVA_OPTS} -agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n"
which should be uncommented but apparently is implicitly for binding the listener only on localhost. Changing the port format to
JAVA_OPTS="${JAVA_OPTS} -agentlib:jdwp=transport=dt_socket,address=*:8080,server=y,suspend=n"
widens the binding to external access

How do I block a loopback connection to some port on Windows?

Adding an inbound Windows Firewall rule (via COM from C++) for local port 80 and addresses ANY, 127.0.0.1 or 0.0.0.0 does not block a local browser from accessing a local web server running on port 80. For debugging/testing purposes, I need to simulate loss of network connectivity between two programs running on the same computer. Is there a way to do this programmatically, on the command line, or with a tool?
In this question, they say allegedly there is no way to do this in the Windows Firewall:
How do I block localhost connections with the Windows 7/2008R2 firewall?
Is there a way, other than Windows Firewall, just to simulate loss of network connectivity between programs running on the same computer?
There is WIPFW -- a Windows port of FreeBSD's IPFW. However, I failed to get it to block localhost connections. Maybe you'll have more luck.
Alternatively, you can try a hack. If your programs establish a connection using the localhost host name instead of directly by the 127.0.0.1 IP address, you may change your hosts file to point the localhost name to some non-existing or otherwise unreachable address.

Can Immutant be configured to use something other than 8080 as well as to use SSL?

I am playing around with immutant and was wondering how to set two things:
to setup an alternative ssl port
to use port 80 instead of port 8080
To change the http port, you have two options - you can edit
$IMMUTANT_HOME/jboss/standalone/configuration/standalone.xml and
change the <socket-binding name='http' ... element, or pass
-Dhttp.port=80 to lein immutant run or standalone.sh, depending
on how you are starting Immutant.
To alter the https port, your only option currently is to edit the
<socket-binding name='https' ... entry in
$IMMUTANT_HOME/jboss/standalone/configuration/standalone.xml.

Can I use port 80 in my VCL client-server app's

Usually I use some random port for my client-server applications in Delphi/C++ Builder. But, since I work in a building with a strong firewall policies I would like to use port 80 (TCP and/or UDP).
My question is, will I have any problems in my client-server communication if there are other applications using the same port? I suppose my server will pick up that communication as well? I would like to avoid any possible conflicts with other app's.
Yes you will have problems, if there is an application which is listening to port 80, then you can not use that port.
Notice, Browsers use port 80 as target ports, they don't listen to 80. So, don't count them when you want use that port.
If I understand your question correctly, you appear to be concerned about the ports on the client-side, not the server side. Your application is free to connect to a server which is listening on port 80 and it will not interfere with any other client applications running on the same machine. If it did interfere, things like multiple browsers / tabs would not be possible.
There are some excellent answers on this question which explain in more detail how ports work.
There can only be problems if there are other servers listening on port 80 on the server machine. In this case your application would not be able to bind to port 80. The app will not interfere with web browsers, because they use a random port on the client side.
If the network uses application-layer firewalls, they can block non-HTTP data over port 80. So if your application uses port 80 simply 'because it is not protected by most firewalls', be prepared for such more strict firewall settings, which do not allow your client/server communication.

Sharing port 443 between IIS and a C++ service

Because of a certain requirement i need to have a service listening on port 443 (an maybe 80) to coexist with IIS on a same windows 2008 server. Its possible to have a Windows Service Hosted WCF service to share port 80 with IIS but i was wondering if this is possible to do in a C++ service? I've read answers about similar questions like this, this and this but i still haven't got an appropriate answer.
Only one application may be bound to an ip-address/port-number pair. If a socket is bound to INADDR_ANY and some port, then no other application my bind to that port.
If you want two applications to receive data on a port, you need some kind of proxy that listens on the actual port, while the other programs listens on some other port or address that the proxy-server connects to.
Using a proxy seems to be the way that WCF handles port-sharing. Quote from this link:
When a net.tcp binding enables port sharing (by setting portSharingEnabled=true on the
transport binding element), it implicitly allows an external process (namely the
SMSvcHost.exe, which hosts the Net.TCP Port Sharing Service) to manage the TCP socket on
its behalf.