SFS2X Not Binding 8443

Post here your questions about SFS2X. Here we discuss all server-side matters. For client API questions see the dedicated forums.

Moderators: Lapo, Bax

Void*
Posts: 75
Joined: 15 Feb 2021, 13:49

SFS2X Not Binding 8443

Postby Void* » 16 Sep 2022, 10:41

We're not sure why. Using

Code: Select all

netstat -lt
we can see that nothing else is bound to the port.

I've re-uploaded the certificate and double checked that they're valid by importing the PKCS12 version on my Windows machine and checking the cert path.

Tomcat comes up in the log and says it's running. Our second environment is running fine with the same code, so we're not sure what's wrong with this one and would appreciate any ideas of things to check.

Couple of extra notes; we use UFW which has

Code: Select all

8443 ALLOW Anywhere
set.
IPv6 *is* enabled, but it doesn't seem to affect any other parts of SFS an we only started having this problem in the last 2 days.
The boot logs show nothing of note that I can discern (nothing saying the certs are invalid/not found or that the Tomcat server can't boot etc.)

Thanks in advance.
User avatar
Lapo
Site Admin
Posts: 23007
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: SFS2X Not Binding 8443

Postby Lapo » 17 Sep 2022, 06:43

Hi,
what version of SFS2X are you using? And what OS?
Is it a physical server or virtual? (vps?, docker?)

I'd suggest testing with a simple telnet test:

Code: Select all

telnet localhost 8443

this at least will tell you if the port is bound on the loopback interface, which is typically not affected by any firewalls.

As regards the netstat command... it depends what OS you're running on. For example the same command on Mac does an entirely different thing.

Thanks
Lapo
--
gotoAndPlay()
...addicted to flash games
Void*
Posts: 75
Joined: 15 Feb 2021, 13:49

Re: SFS2X Not Binding 8443

Postby Void* » 18 Sep 2022, 18:37

SFS2X: 2.18.3
OS: Ubuntu 20.04.5 LTS
Server Type: Physical Machine | Xeon E5-2430 v2 - 96GB RAM, 4TB SAS

Code: Select all

telnet localhost 8443
results in

Code: Select all

telnet: Unable to connect to remote host: Connection refused


Hardware configuration of both boxes is identical. Software configuration is restored from a standard backup image (including SFS) and then our extension is placed on top.
We have tried restoring the image and then the code which results in the same failure on this specific box.

Ultimately we believe it to be an issue with this particular box, but if possible we'd like information from SFS to tell us what exactly is failing.

For what it's worth, I spun up a test instance of NGINX and bound that to 8443 without issue (with and without the same SSL we are providing to SFS), which tells me that binding to the port itself is okay, but nothing in SFS is giving me any diagnostic info, or I don't know where to find it.

Thanks.
User avatar
Lapo
Site Admin
Posts: 23007
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: SFS2X Not Binding 8443

Postby Lapo » 19 Sep 2022, 07:53

Hi,
generally speaking it does sound strange since we've been actively using Ubuntu 20.x on dozens of test machines, and we've never seen any port binding issues.

SFS2X reports the status of port binding in the logs/boot/boot.log for both TCP and UDP. However this is only a yes/no type of reporting because the underlying JDK API will not tell you what is the cause of a port binding error (other than a "port already in use" message).

I believe this is pretty standard for any application, even if written in C++, since the OS will signal that the port is already bound and you will have to manually investigate your OS config to understand what else is going on.

As regards HTTP/Websocket ports (in SFS2X) they are managed by Tomcat so I'd expect some error thrown by this component. It is possible however that these don't show up in the logs if the error happens very early in the boot phase.

Try running the server with the sfs2x.sh script instead and check if there's any error in the terminal. L

Let us know.
p.s. = did you run NGINX under the same user that runs SFS2X?
Lapo

--

gotoAndPlay()

...addicted to flash games
Void*
Posts: 75
Joined: 15 Feb 2021, 13:49

Re: SFS2X Not Binding 8443

Postby Void* » 19 Sep 2022, 17:59

Ahh, running the SFS2X script was something I had clean forgot to do!

This problem is now solved. See below for info

Running the script-file gave us something interesting;

SEVERE: Failed to initialize component [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1049)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1042)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
at com.smartfoxserver.v2.http.TomcatServer.start(TomcatServer.java:43)
at com.smartfoxserver.v2.SmartFoxServer$1.run(SmartFoxServer.java:324)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.lang.IllegalArgumentException: Cannot recover key
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:231)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1213)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1226)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:603)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1046)
... 16 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at java.base/sun.security.provider.KeyProtector.recover(KeyProtector.java:304)
at java.base/sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:144)
at java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:90)
at java.base/java.security.KeyStore.getKey(KeyStore.java:1057)
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:352)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:245)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 23 more


Which I am guessing is some kind of inability to read the SSL file.

To answer your nginx question, yes, I simply ran it under my local user account (didn't even bother starting it as a service)

However, there may be a key difference here, that I used the raw files (cer/key) to load SSL in nginx, and the JKS for SFS. I generated the JKS file using the keytool in JDK 11 (11.0.16 via apt install)

Given the message I got above, I went ahead and re-generated the JKS file again and got the same problem. I've checked the clock and timezone settings, and they all seem to match.

As a "hail mary" I decided to generate the JKS on the sister machine (as this meant installing the JDK on it), using the Eclipse Adoptium JDK (11.0.16.1+1), which appears to have solved the problem. Generating the key on the primary machine, again broke it (performed to check repeatability). I have installed EA JDK on the primary machine, and now this too works correctly.

I have re-installed the package manager version of JDK 11.0.16 and it no longer fails. So, I'm going to guess there was a problem with the JDK installation.

Thanks for the assist.
User avatar
Lapo
Site Admin
Posts: 23007
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: SFS2X Not Binding 8443

Postby Lapo » 20 Sep 2022, 07:35

Yes, unfortunately with the proliferation of different JDKs from different vendors we have seen a couple issues here and there.
I would not expect this sort of problem with the same major version of the JDK, so this is new to me. If I remember correctly we had a similar problem when creating the keystore with a previous JDK (8.x) and deploying to an environment running JRE 11.x

Anyways, I am glad it's now solved.

Cheers
Lapo

--

gotoAndPlay()

...addicted to flash games

Return to “SFS2X Questions”

Who is online

Users browsing this forum: No registered users and 65 guests