Search This Blog

2012-10-11

Tomcat shutdown port 8005 - Remote Shutdown

Product: Tomcat
Version: Any version
File: CATALINA_HOME\conf\server.xml (D:\Internet\Web\tomcat7.0.32\conf\server.xml)

In default Tomcat installation, you will find following line in above global server configuration file

Line 22: <Server port="8005" shutdown="SHUTDOWN">

This configuration allows remote shutdown Tomcat by telnet to port 8005. Something to note

1. Port 8005 is on TCP protocol. This is important for firewall configuration
2. Port 8005 must be available for Tomcat to start. Use "netstate -an | grep 8005 | grep LISTEN" to confirm prior of Tomcat startup
3. The shutdown command is configurable, and case sensitive. In this default configuration (as above), it must be uppercase SHUTDOWN. It can configure to other value if there is a security concern
4. If port number is -1, then remote shutdown is disabled

Following steps illustrate how to shut it down remotely (I will login directly to Tomcat server and shut it down by telnet)

1. Use telnet client to login to localhost or any Tomcat server. For Windows 7, telnet command is removed, so I used PuTTY. The protocol is set to "Raw" as Tomcat shutdown port 8005 will interpret all characters send
2. Once connected, Tomcat gives 10 second to type the shutdown command (SHUTDOWN or other configured shutdown command in server.xml). If no command entered, following error will appear in Tomcat log

Oct 11, 2012 12:29:05 PM org.apache.catalina.core.StandardServer await
WARNING: StandardServer.await: read:
java.net.SocketTimeoutException: Read timed out
        at java.net.SocketInputStream.socketRead0(Native Method)
        at java.net.SocketInputStream.read(SocketInputStream.java:150)
        at java.net.SocketInputStream.read(SocketInputStream.java:121)
        at java.net.SocketInputStream.read(SocketInputStream.java:203)
        at org.apache.catalina.core.StandardServer.await(StandardServer.java:478)
        at org.apache.catalina.startup.Catalina.await(Catalina.java:766)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:712)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:322)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:451)

Oct 11, 2012 12:29:05 PM org.apache.catalina.core.StandardServer await
WARNING: StandardServer.await: Invalid command '' received


3. Entered "SHUTDOWN" in uppercase to shutdown Tomcat immediately, and telnet session will be terminated
4. If lowercase "shutdown" was entered, then the telnet will terminated, while Tomcat will show following message

Oct 11, 2012 12:32:47 PM org.apache.catalina.core.StandardServer await
WARNING: StandardServer.await: Invalid command 'shutdown' received

Other references:

http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html
- Refers to section "Remote Address Filter" if want to allow or deny remote access to shutdown Tomcat. This will implies make use of Valve className org.apache.catalina.valves.RemoteAddrValve (by IP) or className org.apache.catalina.valves.RemoteHostValve (by hostname)
- Following CATALINA_HOME/conf/Catalina/localhost/manager.xml configuration illustrates to allow login from IP range 192.168.5 only

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192\.168\.5\.\d+" />

No comments: