eclipse:远程调试防火墙后面的 tomcat 服务器
在打开 jpda 启动 tomcat 后,在我的公司,我可以在 eclipse 中远程调试一堆 Web 应用程序。由于多种原因,我现在需要从公司防火墙外部开发和远程调试这些相同的 Web 应用程序,并且我只能通过端口 22 上的 ssh 访问该服务器。
我通过隧道传输了最需要的端口(svn、nexus、tomcat 本身、从服务器或通过服务器)到本地主机,这些服务工作正常,但我无法以任何方式启动 Eclipse 调试器;我第二次尝试时收到“等待数据包 XXX 时连接超时”或“连接被拒绝”。 使用服务器上的 nmap 检查,它报告在第一次连接尝试之前端口打开,之后端口关闭。我在 catalina.out 中没有得到任何有趣的输出日志
我用来启动隧道的命令是:
ssh -L 8000:localhost:8000 [email protected]
iptables 在服务器和本地计算机上都暂时停止以进行测试。
我错过了什么吗?我需要将其他端口转发到本地主机吗?或者它以某种方式涉及名称解析?
编辑
在 eclipse 连接尝试之前打开端口:
root@lnxulisse:/opt/apache-tomcat-6.0.32/bin# lsof -p 2147 -n |grep TCP
java 2147 root 4u IPv4 640850 0t0 TCP *:8000 (LISTEN)
java 2147 root 38u IPv6 640859 0t0 TCP *:http-alt (LISTEN)
java 2147 root 40u IPv6 640865 0t0 TCP *:https (LISTEN)
java 2147 root 46u IPv6 640908 0t0 TCP 127.0.0.1:18005 (LISTEN)
java 2147 root 48r IPv6 642625 0t0 TCP 172.24.0.82:48347->172.24.0.82:mysql (ESTABLISHED)
java 2147 root 181u IPv6 640891 0t0 TCP 172.24.0.82:60353->172.24.0.82:mysql (ESTABLISHED)
和之后:
java 2147 root 4u IPv6 642769 0t0 TCP 172.24.0.82:48956->172.24.0.82:mysql (ESTABLISHED)
java 2147 root 5u IPv4 640851 0t0 TCP 127.0.0.1:8000->127.0.0.1:34193 (ESTABLISHED)
java 2147 root 38u IPv6 640859 0t0 TCP *:http-alt (LISTEN)
java 2147 root 40u IPv6 640865 0t0 TCP *:https (LISTEN)
java 2147 root 46u IPv6 640908 0t0 TCP 127.0.0.1:18005 (LISTEN)
java 2147 root 181u IPv6 640891 0t0 TCP 172.24.0.82:60353->172.24.0.82:mysql (ESTABLISHED)
返回的确切 eclipse 错误是:(
Exception occurred during launch
Failed to connect to remote JVM. Connection timed out.
Timeout occurred while waiting for packet 204.
每次尝试时数据包编号各不相同)。
在 workspace/.metadata/.log 我得到:
!ENTRY org.eclipse.osgi 2 0 2011-07-17 18:43:53.024
!MESSAGE While loading class "org.eclipse.core.net.proxy.IProxyService", thread "Thread[main,6,main]" timed out waiting (5000ms) for thread "Thread[Thread-6,5,main]" to finish starting bundle "org.eclipse.core.net_1.2.1.r35x_20090812-1200 [232]". To avoid deadlock, thread "Thread[main,6,main]" is proceeding but "org.eclipse.core.net.proxy.IProxyService" may not be fully initialized.
!STACK 0
org.osgi.framework.BundleException: State change in progress for bundle "reference:file:plugins/org.eclipse.core.net_1.2.1.r35x_20090812-1200.jar" by thread "Thread-6".
at org.eclipse.osgi.framework.internal.core.AbstractBundle.beginStateChange(AbstractBundle.java:1073)
at org.eclipse.osgi.framework.internal.core.AbstractBundle.start(AbstractBundle.java:278)
[...]
!ENTRY org.eclipse.ui.ide 4 4 2011-07-17 18:43:53.028
!MESSAGE Proxy service could not be found.
eclipse 配置为直接互联网连接。
编辑2
我认为解决方案可能在这里:
http://blog.cantremember.com/debugging-with-jconsole-jmx-ssh-tunnels/
但我在理解他的 JNDI/RMI 设置时遇到了一些困难,以及这在多大程度上适用于我的配置。
编辑3
这是对那些回答“使用
- 计算机A的澄清:我在公司
- 计算机 B 中的工作站: 我在家庭
- 计算机 C 中的工作站: 运行 tomcat 的服务器
B 和 C 位于同一网络基础设施中的两个不同子网中;只允许从外部连接到 C 的端口 22(并且有点“代理”,我不知道网络内部结构)。
A 是“外部”(我的 dsl 连接与动态 IP 地址)。
Debugging on C from B via ssh tunnel -> works
Debugging on C from A via ssh tunnel -> connection timed out while waiting for packet XXX
After starting tomcat with jpda on, while at my company I can remote debug a bunch of web applications in eclipse. For a number of reasons I am now in need of developing and remote debugging those same webapps from outside the company firewall, and i can only access that server via ssh on port 22.
I tunneled most needed ports (svn, nexus, tomcat itself, from the server or via the server) to localhost and those services work fine, but I cannot start the eclipse debugger in any way; i'm getting "connection timed out while waiting for packet XXX" or "connection refused" from the second time i try on.
Checking with nmap on the server, it reports the port open before the first connection attempt, and it becomes closed after that. I get no interesting output log in catalina.out
The command i use to start the tunnel is:
ssh -L 8000:localhost:8000 [email protected]
iptables was temporarily stopped both on the server and in the local machine for testing.
Am i missing something? Do I need to forward some other port to localhost? Or is it in some way involved name resolution?
EDIT
Open ports before connection attemp from eclipse:
root@lnxulisse:/opt/apache-tomcat-6.0.32/bin# lsof -p 2147 -n |grep TCP
java 2147 root 4u IPv4 640850 0t0 TCP *:8000 (LISTEN)
java 2147 root 38u IPv6 640859 0t0 TCP *:http-alt (LISTEN)
java 2147 root 40u IPv6 640865 0t0 TCP *:https (LISTEN)
java 2147 root 46u IPv6 640908 0t0 TCP 127.0.0.1:18005 (LISTEN)
java 2147 root 48r IPv6 642625 0t0 TCP 172.24.0.82:48347->172.24.0.82:mysql (ESTABLISHED)
java 2147 root 181u IPv6 640891 0t0 TCP 172.24.0.82:60353->172.24.0.82:mysql (ESTABLISHED)
and after:
java 2147 root 4u IPv6 642769 0t0 TCP 172.24.0.82:48956->172.24.0.82:mysql (ESTABLISHED)
java 2147 root 5u IPv4 640851 0t0 TCP 127.0.0.1:8000->127.0.0.1:34193 (ESTABLISHED)
java 2147 root 38u IPv6 640859 0t0 TCP *:http-alt (LISTEN)
java 2147 root 40u IPv6 640865 0t0 TCP *:https (LISTEN)
java 2147 root 46u IPv6 640908 0t0 TCP 127.0.0.1:18005 (LISTEN)
java 2147 root 181u IPv6 640891 0t0 TCP 172.24.0.82:60353->172.24.0.82:mysql (ESTABLISHED)
exact eclipse error returned is:
Exception occurred during launch
Failed to connect to remote JVM. Connection timed out.
Timeout occurred while waiting for packet 204.
(the packet number varies on each attempt).
in workspace/.metadata/.log i get:
!ENTRY org.eclipse.osgi 2 0 2011-07-17 18:43:53.024
!MESSAGE While loading class "org.eclipse.core.net.proxy.IProxyService", thread "Thread[main,6,main]" timed out waiting (5000ms) for thread "Thread[Thread-6,5,main]" to finish starting bundle "org.eclipse.core.net_1.2.1.r35x_20090812-1200 [232]". To avoid deadlock, thread "Thread[main,6,main]" is proceeding but "org.eclipse.core.net.proxy.IProxyService" may not be fully initialized.
!STACK 0
org.osgi.framework.BundleException: State change in progress for bundle "reference:file:plugins/org.eclipse.core.net_1.2.1.r35x_20090812-1200.jar" by thread "Thread-6".
at org.eclipse.osgi.framework.internal.core.AbstractBundle.beginStateChange(AbstractBundle.java:1073)
at org.eclipse.osgi.framework.internal.core.AbstractBundle.start(AbstractBundle.java:278)
[...]
!ENTRY org.eclipse.ui.ide 4 4 2011-07-17 18:43:53.028
!MESSAGE Proxy service could not be found.
eclipse is configured for direct internet connection.
EDIT 2
I think the solution might be here:
http://blog.cantremember.com/debugging-with-jconsole-jmx-ssh-tunnels/
but i have some trouble understanding his JNDI/RMI settings, and to what extent that applies to my configuration.
EDIT 3
This is a clarification for those answering "use <lan|local ip address> instead of <localhost>"
- computer A: my workstation in the company
- computer B: my workstation at home
- computer C: server running tomcat
B and C are in two different sub-networks in the same network infrastructure; only connections to port 22 of C from outside are allowed (and somewhat "proxied", I don't know network internals).
A is "outside" (my dsl connection with dynamic ip address).
Debugging on C from B via ssh tunnel -> works
Debugging on C from A via ssh tunnel -> connection timed out while waiting for packet XXX
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
本文建议远程 Java 虚拟机 (JVM) 在调试模式下侦听的默认端口是 1044。您还应该对运行远程 JVM 的端口进行隧道传输。
更一般地说,您可以运行wireshark/tcpdump来查看启动调试器时尝试连接到哪个端口。
编辑:
我还想尝试一些事情:
ps auxwww)以及哪些参数(查找后面的内容) -Xrunjdwp或使用lsof -p PID_OF_JVM_TO_BE_DEBUGGED监听哪个 TCP 端口(查找带有TCP和lsof输出中的LISTEN)lo接口,而不是网络接口(这就是您要监听的接口)在 ssh 的 -L 选项中使用 localhost 指定)localhost(当在第一个 8000 之前未使用以下命令指定绑定地址时-L选项 ssh 监听lo接口)This article suggests that the default port on which the remote Java virtual machine (JVM) is listening in debugging mode is 1044. You should tunnel the port on which the remote JVM is running as well.
More generally, you could run wireshark/tcpdump to see to which port connection attempts are made when starting the debugger.
EDIT:
A few more things I would try:
ps auxwwwif it's Linux) with which arguments (look for what comes behind-Xrunjdwpor withlsof -p PID_OF_JVM_TO_BE_DEBUGGEDon which TCP port it listens (look for lines withTCPandLISTENin thelsofoutput)lointerface, not the network interface (that's what you specify with thelocalhostin the-Loption to ssh).jdb -attach localhost:8000work ? (you could also try this on the remote host to ensure the debugger is running on the port 8000)localhost(when not specifying a bind address before the first 8000 with the-Loption ssh listens on thelointerface)我在做远程调试的时候经常遇到这个问题。我不知道这个问题的确切原因,但我使用了下面的解决方案,也许它也适合你:
而不是
用于
创建 SSH 隧道(请注意第二个示例中端口号之间的远程主机而不是 localhost )。您还可以使用远程主机的普通 IP 地址(不是环回地址 127.0.0.1,而是真实的本地网络 IP 地址)来代替远程主机的名称。
希望它有帮助,祝你好运!
I often had this problem when doing remote debugging. I do not know the exact reason for this problem, but I used the below solution and maybe it works for you, too:
instead of
is used
for creating the SSH tunnel (note the remotehost instead of localhost between the port numbers in the second example). Instead of the remote host's name, you can also use the normal IP address of the remote host (not the loopback address 127.0.0.1, but the true local network IP address).
Hope it helps and good luck!
假设远程 Tomcat 实例已使用
-Xrunjdwp:transport=dt_socket,server=y,address=8000,suspend=n之类的内容启动,请尝试以下命令:在我的 Mac 上,我尝试了
ssh -L 10701:localhost:10700 user@localhost -N本地,其中启动了 Tomcat 实例-Xrunjdwp:transport=dt_socket,server=y,address=10700,suspend=n,并尝试在 Eclipse 中连接端口 10701,我一直看到“无法连接到远程 VM com.sun. jdi.connect.spi.ClosedConnectionException”。通过将隧道命令更改为ssh -L 10701:0.0.0.0:10700 user@localhost -N,Eclipse 能够连接。Assuming the remote Tomcat instance has been started with something like
-Xrunjdwp:transport=dt_socket,server=y,address=8000,suspend=n, try this command:On my Mac, I tried out
ssh -L 10701:localhost:10700 user@localhost -Nlocally, where a Tomcat instance was started with-Xrunjdwp:transport=dt_socket,server=y,address=10700,suspend=n, and attempting to attach on port 10701 within Eclipse, I kept seeing "Failed to connect to remote VM com.sun.jdi.connect.spi.ClosedConnectionException". By changing the tunnel command tossh -L 10701:0.0.0.0:10700 user@localhost -N, Eclipse was able to attach.您能否给出 -Xrunjdwp 参数的确切参数?
您还尝试过不同的调试方法(服务器= y / n,挂起= y / n)?
也许反转连接(让 tomcat 连接到调试器而不是让调试器连接到 tomcat)可能会有所帮助。
Can you please give the exact parameters of the -Xrunjdwp parameter?
Also do you have tried different methods for debugging (server=y/n, suspend=y/n)?
Perhaps inversing the connection (let the tomcat connect to the debugger instead of letting the debugger connect to tomcat) may help.
好吧,我在很长一段时间后回答自己;在我的具体情况下,解决方案是将 Eclipse JVM 置于监听模式:
并反转隧道的方向:
一些解释:正如问题中一样,我的情况是:
像这样反转时:
成功了。换句话说,S:8001 上写入的任何内容都会转发到 W:8001,而写入 W:8001 的任何内容都会转发到 H:8001,我的 eclipse JVM 正在侦听该位置。
S 上的 tomcat JVM 应以 server=n 启动,参数为:
Well I am answering myself after a long time; in my specific case, the solution was to put eclipse JVM in listening mode:
and reverse the direction of the tunnel:
Some explanation: as in the question, my situation was:
While reversing like this:
did the trick. In other words, whatever is written on S:8001, is forwarded to W:8001, and whatever in turn is written to W:8001, is forwarded to H:8001, where my eclipse JVM is listening.
The tomcat JVM on S should be started with server=n, with arguments: