Hi,
I would like to know more about firewall configuration for crowd in RHEL 7.4.
I have added the 8095 with firewall-cmd and semanage commands, but still can't access to crowd through web browser.
What could be wrong? How to check if crowd is running?
Thanks.
Hi @Bob B
You should run a simple netstat to check whether port 8095 is actually listening
$ netstat -an | grep 8095
You should also check what you've got in <crowd.install.directory>/apache-tomcat/logs/catalina.out. When Crowd has successfully started, you should get the following INFO log message:
2018-02-26 09:46:40,077 localhost-startStop-1 INFO [com.atlassian.crowd.startup] Starting Crowd Server, Version: 3.1.2 (Build:#891 - 2018-01-19)
*********************************************************************************************
*
* You can now use the Crowd server by visiting http://localhost:8095/crowd
*
*********************************************************************************************
Did you reload the firewall service after you added the new rule?
$ sudo firewall-cmd --reload
Thanks.
netstat -an | grep 8095
tcp6 0 0 :::8095 :::* LISTEN
the log says x.x.x.8095/opeidserver
does it mean i've installed wrong server?
EDIT:
and x.x.x.8095/opeidserver still refused to connect ... Ihave Jira core server installed on same computer and Jira core is working fine...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The OpenID server is bundled in the default Crowd installation package. The first server to be started is Crowd Server then OpenID server. So, it's just fine that you see that the OpenID server is started, it does not mean that the Crowd server is not. Check the catalina.out file, a few lines before the log about the OpenID server you should see the same info about the Crowd server.
On your Crowd server, do you get 8095/tcp in the results of the following command?
$ sudo firewall-cmd --list-ports
On a remote Linux machine, what do you get with a simple TCP connection to your Crowd server?
$ nc -vz <CROWD_SERVER_IP> 8095
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
BTW I've noticed that the output of your netstat command is "tcp6" which means IPv6. Are you really trying to connect to an IPv6 address? If your Crowd server FQDN was bound to an IPv4 address I think you would see "tcp" or "tcp46" as a result of the netstat command.
If you want to force Crowd to use IPv4, add the -Djava.net.preferIPv4Stack=true option in apache-tomcat/bin/setenv.sh
JAVA_OPTS="-Xms128m -Xmx512m -Dfile.encoding=UTF-8 -Djava.net.preferIPv4Stack=true $JAVA_OPTS"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you @Bruno Vincent. Turns out the port was disabled in network level... I had to change the default port to 80 (since i don't have network admin access) to make it run...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.