Amazon EC2- Tomcat remote debugging issue

Question

I have Tomcat 8 running on Amazon Linux EC2 instance. I started Tomcat in debug mode by ./catalina.sh jpda start

I think the server started in debug mode as I can see the line: Listening for transport dt_socket at address: 8000 at the start of the log. Also my security group has 8000 port open for inbound requests.

I am trying to debug this remotely from my Eclipse Mars 4.5.1 on Mac El Capitan. But it keeps giving me error Failed to connect to remote VM. Connection refused.

Is there something that I am missing? What is the way I can debug this more?

---EDITS FOR MORE INFO---

Adding some more information. I don't know if it would be helpful.

Running command: netstat -an | grep 80 gives following ouput:

tcp        0      0 127.0.0.1:8000              0.0.0.0:*                   LISTEN      
tcp        0      0 172.31.26.122:80            185.30.165.34:80            SYN_RECV    
tcp        0      0 127.0.0.1:3306              127.0.0.1:55080             ESTABLISHED 
tcp        0      0 ::ffff:127.0.0.1:8005       :::*                        LISTEN      
tcp        0      0 :::8009                     :::*                        LISTEN      
tcp        0      0 :::80                       :::*                        LISTEN      
tcp        0      0 ::ffff:127.0.0.1:55080      ::ffff:127.0.0.1:3306       ESTABLISHED 
udp        0      0 0.0.0.0:980                 0.0.0.0:*                               
udp        0      0 :::980                      :::*                                    
unix  2      [ ACC ]     SEQPACKET  LISTENING     8016   @/org/kernel/udev/udevd
unix  3      [ ]         DGRAM                    8025   
unix  3      [ ]         DGRAM                    8024   

But running command netstat -an | grep 8000 gives just:

tcp        0      0 127.0.0.1:8000              0.0.0.0:*                   LISTEN 

One more thing I noticed. The IP in Tomcat manager under Server Information is different than actual public IP. Is that expected?

Answer 1

I had exactly the same issue. The cause is that Tomcat is listening port 8000 only on localhost only. To let Tomcat to listen to outside world, we need to tell it the outside world IP. Since Tomcat starts using user 'tomcat' by default, the address should locate at where catalina.sh expects. This is how I finally resolved it:

1. Navigate to the Security Group and add a custom TCP rule for the port you will use for remote debug. Limit the Source IP(s) to those of the networks you use, if possible. My home ADSL has a static IP, and I limit access the remote debug port to myself only.
2. Create a 'setenv.sh' file in the same folder and 'catalina.sh', typically under '/usr/share/tomcat/bin/"

3. Add just one line:

   export JPDA_ADDRESS={host private IP}:{port}
   

   Replace {host private IP} with your EC2 instance private IP and {port} with the port number you plan to use for remote debug. I don't know if EC2 public IP will work. Didn't bother to try.

4. Correct owner and group if necessary(tomcat:tomcat for example):

   sudo chown tomcat:tomcat setenv.sh
   

5. Enable execution bit

   sudo chmod a+x setenv.sh
   

6. Start or restart Tomcat using

   catalina.sh jpda start
   

Regarding to the private and public IP for EC2. Yeap, I observed same thing using 'netstat'.

Answer 2

The debugger is only listening on the localhost interface which is strictly local to the VM. There are two things that you can do to fix this,

1. Set up the JPDA on tomcat to listen on the external IP interface, set the JPDA_ADDRESS parameter to :8000. This is risky as anyone can now connect to the debugger.
2. Use SSH tunneling to set up a secure connection from you MAC to the remote instance. From your mac do a ssh command: ssh -N username@ip -L 8000/localhost/8000, then you should be able to connect the eclipse instance running on the MAC with the tomcat JPDA, using localhost:8000 as the connection address in eclipse.