eclipse:远程调试防火墙后面的 tomcat 服务器
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6717396/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
eclipse: remote debugging a tomcat server behind a firewall
提问by guido
After starting tomcat with jpda on, while at my company I can remote debug a bunch of web applications in eclipse. For a number of reasons I am now in need of developing and remote debugging those same webapps from outside the company firewall, and i can only access that server via ssh on port 22.
在打开 jpda 的情况下启动 tomcat 后,在我的公司,我可以在 eclipse 中远程调试一堆 Web 应用程序。出于多种原因,我现在需要从公司防火墙外部开发和远程调试那些相同的 web 应用程序,而且我只能通过端口 22 上的 ssh 访问该服务器。
I tunneled most needed ports (svn, nexus, tomcat itself, from the server or via the server) to localhost and those services work fine, but I cannot start the eclipse debugger in any way; i'm getting "connection timed out while waiting for packet XXX" or "connection refused" from the second time i try on. Checking with nmap on the server, it reports the port open before the first connection attempt, and it becomes closed after that. I get no interesting output log in catalina.out
我将最需要的端口(svn、nexus、tomcat 本身、从服务器或通过服务器)隧道连接到本地主机,这些服务工作正常,但我无法以任何方式启动 eclipse 调试器;从我第二次尝试开始,我收到“等待数据包 XXX 时连接超时”或“连接被拒绝”。使用服务器上的 nmap 检查,它在第一次连接尝试之前报告端口打开,之后它变为关闭。我在 catalina.out 中没有得到有趣的输出日志
The command i use to start the tunnel is:
我用来启动隧道的命令是:
ssh -L 8000:localhost:8000 [email protected]
iptables was temporarily stopped both on the server and in the local machine for testing.
iptables 在服务器和本地机器上都被暂时停止以进行测试。
Am i missing something? Do I need to forward some other port to localhost? Or is it in some way involved name resolution?
我错过了什么吗?我是否需要将其他端口转发到本地主机?还是以某种方式涉及名称解析?
EDIT
编辑
Open ports before connection attemp from eclipse:
从 Eclipse 尝试连接之前打开端口:
root@lnxulisse:/opt/apache-tomcat-6.0.32/bin# lsof -p 2147 -n |grep TCP
java 2147 root 4u IPv4 640850 0t0 TCP *:8000 (LISTEN)
java 2147 root 38u IPv6 640859 0t0 TCP *:http-alt (LISTEN)
java 2147 root 40u IPv6 640865 0t0 TCP *:https (LISTEN)
java 2147 root 46u IPv6 640908 0t0 TCP 127.0.0.1:18005 (LISTEN)
java 2147 root 48r IPv6 642625 0t0 TCP 172.24.0.82:48347->172.24.0.82:mysql (ESTABLISHED)
java 2147 root 181u IPv6 640891 0t0 TCP 172.24.0.82:60353->172.24.0.82:mysql (ESTABLISHED)
and after:
之后:
java 2147 root 4u IPv6 642769 0t0 TCP 172.24.0.82:48956->172.24.0.82:mysql (ESTABLISHED)
java 2147 root 5u IPv4 640851 0t0 TCP 127.0.0.1:8000->127.0.0.1:34193 (ESTABLISHED)
java 2147 root 38u IPv6 640859 0t0 TCP *:http-alt (LISTEN)
java 2147 root 40u IPv6 640865 0t0 TCP *:https (LISTEN)
java 2147 root 46u IPv6 640908 0t0 TCP 127.0.0.1:18005 (LISTEN)
java 2147 root 181u IPv6 640891 0t0 TCP 172.24.0.82:60353->172.24.0.82:mysql (ESTABLISHED)
exact eclipse error returned is:
返回的确切 eclipse 错误是:
Exception occurred during launch
Failed to connect to remote JVM. Connection timed out.
Timeout occurred while waiting for packet 204.
(the packet number varies on each attempt).
(数据包编号因每次尝试而异)。
in workspace/.metadata/.logi get:
在workspace/.metadata/.log我得到:
!ENTRY org.eclipse.osgi 2 0 2011-07-17 18:43:53.024
!MESSAGE While loading class "org.eclipse.core.net.proxy.IProxyService", thread "Thread[main,6,main]" timed out waiting (5000ms) for thread "Thread[Thread-6,5,main]" to finish starting bundle "org.eclipse.core.net_1.2.1.r35x_20090812-1200 [232]". To avoid deadlock, thread "Thread[main,6,main]" is proceeding but "org.eclipse.core.net.proxy.IProxyService" may not be fully initialized.
!STACK 0
org.osgi.framework.BundleException: State change in progress for bundle "reference:file:plugins/org.eclipse.core.net_1.2.1.r35x_20090812-1200.jar" by thread "Thread-6".
at org.eclipse.osgi.framework.internal.core.AbstractBundle.beginStateChange(AbstractBundle.java:1073)
at org.eclipse.osgi.framework.internal.core.AbstractBundle.start(AbstractBundle.java:278)
[...]
!ENTRY org.eclipse.ui.ide 4 4 2011-07-17 18:43:53.028
!MESSAGE Proxy service could not be found.
eclipse is configured for direct internet connection.
eclipse 配置为直接连接互联网。
EDIT 2
编辑 2
I think the solution might be here:
我认为解决方案可能在这里:
http://blog.cantremember.com/debugging-with-jconsole-jmx-ssh-tunnels/
http://blog.cantremember.com/debugging-with-jconsole-jmx-ssh-tunnels/
but i have some trouble understanding his JNDI/RMI settings, and to what extent that applies to my configuration.
但是我在理解他的 JNDI/RMI 设置以及在多大程度上适用于我的配置时遇到了一些麻烦。
EDIT 3
编辑 3
This is a clarification for those answering "use <lan|local ip address>instead of <localhost>"
这是对回答“使用<lan|local ip address>而不是<localhost>”的人的澄清
- computer A: my workstation in the company
- computer B: my workstation at home
- computer C: server running tomcat
- 电脑A:我在公司的工作站
- 电脑B:我家里的工作站
- 计算机C:运行tomcat的服务器
B and C are in two different sub-networks in the same network infrastructure; only connections to port 22 of C from outside are allowed (and somewhat "proxied", I don't know network internals).
B和C在同一个网络基础设施中的两个不同的子网中;只允许从外部连接到 C 的端口 22(并且有点“代理”,我不知道网络内部结构)。
A is "outside" (my dsl connection with dynamic ip address).
A 是“外部”(我的 dsl 连接与动态 IP 地址)。
Debugging on C from B via ssh tunnel -> works
Debugging on C from A via ssh tunnel -> connection timed out while waiting for packet XXX
采纳答案by guido
Well I am answering myself after a long time; in my specific case, the solution was to put eclipse JVM in listening mode:
好吧,我在很长一段时间后回答自己;在我的具体情况下,解决方案是将 eclipse JVM 置于侦听模式:
Connection Type: "Standard (Socket Listen)"
and reverse the direction of the tunnel:
并反转隧道的方向:
ssh -L 8001:localhost:8001 user@work (run on server (S), "localhost" is W)
ssh -R 8001:localhost:8001 user@work (run at home (H), "localhost" is W)
Some explanation: as in the question, my situation was:
一些解释:在问题中,我的情况是:
H -------------------> S not working ( ssh -L 8001:S:8001 user@S from H)
H W -------> S working ( ssh -L 8001:S:8001 user@S from W)
home work server
While reversing like this:
像这样倒车时:
H <------- W S ssh -R 8001:localhost:8001 user@W (from H)
H W <------- S ssh -L 8001:localhost:8001 user@W (from S)
home work server
did the trick. In other words, whatever is written on S:8001, is forwarded to W:8001, and whatever in turn is written to W:8001, is forwarded to H:8001, where my eclipse JVM is listening.
成功了。换句话说,无论写在 S:8001 上,都被转发到 W:8001,而写到 W:8001 的任何内容,都被转发到 H:8001,我的 eclipse JVM 正在监听。
The tomcat JVM on S should be started with server=n, with arguments:
S 上的 tomcat JVM 应该以 server=n 启动,并带有参数:
-agentlib:jdwp=transport=dt_socket,server=n,suspend=n,address=8001
回答by Andre Holzner
This articlesuggests that the default port on which the remote Java virtual machine (JVM) is listening in debugging mode is 1044. You should tunnel the port on which the remote JVM is running as well.
本文建议远程 Java 虚拟机 (JVM) 在调试模式下侦听的默认端口是 1044。您还应该对运行远程 JVM 的端口进行隧道传输。
More generally, you could run wireshark/tcpdump to see to which port connection attempts are made when starting the debugger.
更一般地,您可以运行wireshark/tcpdump 来查看启动调试器时尝试连接到哪些端口。
EDIT:
编辑:
A few more things I would try:
我会尝试的更多事情:
- check on the remote host (e.g. with
ps auxwwwif it's Linux) with which arguments (look for what comes behind-Xrunjdwpor withlsof -p PID_OF_JVM_TO_BE_DEBUGGEDon which TCP port it listens (look for lines withTCPandLISTENin thelsofoutput) - make sure that the JVM on the remote host listens on the
lointerface, not the network interface (that's what you specify with thelocalhostin the-Loption to ssh). - Does starting the debugger by hand on the machine where you start eclipse with
jdb -attach localhost:8000work ? (you could also try this on the remote host to ensure the debugger is running on the port 8000) - make sure that eclipse tries to connect to
localhost(when not specifying a bind address before the first 8000 with the-Loption ssh listens on thelointerface)
- 检查远程主机上(例如,与
ps auxwww如果公司的Linux)与参数(找什么来背后-Xrunjdwp或lsof -p PID_OF_JVM_TO_BE_DEBUGGED在哪个TCP端口侦听(寻线,TCP并且LISTEN在lsof输出) - 确保远程主机上的 JVM 侦听
lo接口,而不是网络接口(这是您localhost在-Lssh 选项中指定的)。 - 是否在您开始使用 eclipse 的机器上手动启动调试器
jdb -attach localhost:8000?(您也可以在远程主机上尝试此操作以确保调试器在端口 8000 上运行) - 确保 eclipse 尝试连接到
localhost(当在第一个 8000 之前没有指定绑定地址时,使用-L选项 ssh 在lo接口上侦听)
回答by Daniel S.
I often had this problem when doing remote debugging. I do not know the exact reason for this problem, but I used the below solution and maybe it works for you, too:
我在做远程调试的时候经常遇到这个问题。我不知道这个问题的确切原因,但我使用了下面的解决方案,也许它也适用于你:
instead of
代替
ssh -L 8000:localhost:8000 user@remotehost
is used
用来
ssh -L 8000:remotehost:8000 user@remotehost
for creating the SSH tunnel (note the remotehost instead of localhost between the port numbers in the second example). Instead of the remote host's name, you can also use the normal IP address of the remote host (not the loopback address 127.0.0.1, but the true local network IP address).
用于创建 SSH 隧道(注意第二个示例中端口号之间的远程主机而不是 localhost)。您也可以使用远程主机的普通 IP 地址(不是环回地址 127.0.0.1,而是真正的本地网络 IP 地址)来代替远程主机的名称。
Hope it helps and good luck!
希望它有所帮助并祝你好运!
回答by Daniel Trebbien
Assuming the remote Tomcat instance has been started with something like -Xrunjdwp:transport=dt_socket,server=y,address=8000,suspend=n, try this command:
假设远程 Tomcat 实例已经用类似的东西启动-Xrunjdwp:transport=dt_socket,server=y,address=8000,suspend=n,试试这个命令:
ssh -L 8000:0.0.0.0:8000 [email protected] -N
On my Mac, I tried out ssh -L 10701:localhost:10700 user@localhost -Nlocally, where a Tomcat instance was started with -Xrunjdwp:transport=dt_socket,server=y,address=10700,suspend=n, and attempting to attach on port 10701 within Eclipse, I kept seeing "Failed to connect to remote VM com.sun.jdi.connect.spi.ClosedConnectionException". By changing the tunnel command to ssh -L 10701:0.0.0.0:10700 user@localhost -N, Eclipse was able to attach.
在我的 Mac 上,我在本地尝试了Tomcat 实例的启动位置,并尝试连接到 Eclipse 中的端口 10701,我一直看到“无法连接到远程 VM com.sun.jdi.connect.spi.ClosedConnectionException”。通过将隧道命令更改为,Eclipse 能够附加。ssh -L 10701:localhost:10700 user@localhost -N-Xrunjdwp:transport=dt_socket,server=y,address=10700,suspend=nssh -L 10701:0.0.0.0:10700 user@localhost -N
回答by Uwe Plonus
Can you please give the exact parameters of the -Xrunjdwp parameter?
你能给出 -Xrunjdwp 参数的确切参数吗?
Also do you have tried different methods for debugging (server=y/n, suspend=y/n)?
您是否也尝试过不同的调试方法(server=y/n, suspend=y/n)?
Perhaps inversing the connection (let the tomcat connect to the debugger instead of letting the debugger connect to tomcat) may help.
也许反转连接(让 tomcat 连接到调试器而不是让调试器连接到 tomcat)可能会有所帮助。
