Symptoms
-
Java application is not working:
503 Service Temporarily Unavailable
-
Tomcat service is running:
# systemctl status tomcat.service
â tomcat.service – Apache Tomcat Web Application Container
Loaded: loaded (/usr/lib/systemd/system/tomcat.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-09-15 13:00:33 +0530; 42min ago
Main PID: 18645 (java)
Memory: 1.5G
CGroup: /system.slice/tomcat.service -
There are the following records in
/var/log/tomcat/catalina.<TIME_STAMP>.log
file:PLESK_INFO: SEVERE: Failed to initialize connector [Connector[HTTP/1.1-9080]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-9080]]
…
Caused by: java.net.BindException: Permission denied (Bind failed) <null>:9080
…
Caused by: java.net.BindException: Permission denied (Bind failed) -
There is the same record if check system logs of Tomcat service
# journalctl -u tomcat.service | grep 9080
…
Sep 15 11:25:17 hostname[12411]: SEVERE: Failed to initialize end point associated with ProtocolHandler [“http-bio-9080”]
Sep 15 11:25:17 hostname[12411]: java.net.BindException: Permission denied (Bind failed) <null>:9080
Sep 15 11:25:17 hostname[12411]: SEVERE: Failed to initialize connector [Connector[HTTP/1.1-9080]]
Sep 15 11:25:17 hostname[12411]: org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-9080]]
Sep 15 11:25:17 hostname[12411]: Caused by: java.net.BindException: Permission denied (Bind failed) <null>:9080 -
SELinux mode is set to enforcing:
# getenforce
Enforcing -
Following errors in
/var/log/plesk/panel.log
on attempt to manage Java applications in Domains > example.com > Java Applications:ERR [panel] Unable to query Tomcat Manager: Failed connect to 127.0.0.1:9080; Connection refused
ERR [panel] Unable to start up Java application: Possible reason - Tomcat Java service is not currently running on the server. -
The service does not listen on ports 9080 and 9008:
# netstat -tlpn | grep -c 9080
0
# netstat -tlpn | grep -c 9008
0
Cause
SELinux policy prohibit services to use non-standard ports
Resolution
-
Connect to the server via SSH
-
Adjust SELinux policy to allow Tomcat to use the ports:
# semanage port -a -t http_port_t -p tcp 9080 2>/dev/null || semanage port -m -t http_port_t -p tcp 9080
# semanage port -a -t http_port_t -p tcp 9008 2>/dev/null || semanage port -m -t http_port_t -p tcp 9008 -
Restart Tomcat service:
# systemctl restart tomcat.service