RapidAnalytics behind a firewall
colo
New Altair Community Member
Hello everybody,
I just installed the RapidAnalytics bundle (including JBoss application server) on a machine running Windows 2008 Server (external provider). Everything works fine if I access the server via remote desktop and use things locally. Now I wanted to connect RapidMiner on my local machine to the new server, but I can't establish a connection. First I tried to connect a remote repository from RapidMiner, then I tried to open the web interface (using the server's ip address including the port number (http://x.x.x.x:8080). After a while I received a timeout. So I opened port 8080 on the firewall (Windows firewall) without any results. After some testing I totally disabled the server's firewall for a short moment. But neither RapidMiner nor the web interface allowed connections after that. Instead of a timeout I receive a immediate "connection refused" with the firewall disabled. Since I am not famliar with JBoss and application servers in general, I have no clue where to look for the source of this problem. Maybe the access is restricted to a local network!?
I checked the note on page 9/11 of the RapidAnalytics manual, and found this line for my server:
Regards
Matthias
I just installed the RapidAnalytics bundle (including JBoss application server) on a machine running Windows 2008 Server (external provider). Everything works fine if I access the server via remote desktop and use things locally. Now I wanted to connect RapidMiner on my local machine to the new server, but I can't establish a connection. First I tried to connect a remote repository from RapidMiner, then I tried to open the web interface (using the server's ip address including the port number (http://x.x.x.x:8080). After a while I received a timeout. So I opened port 8080 on the firewall (Windows firewall) without any results. After some testing I totally disabled the server's firewall for a short moment. But neither RapidMiner nor the web interface allowed connections after that. Instead of a timeout I receive a immediate "connection refused" with the firewall disabled. Since I am not famliar with JBoss and application servers in general, I have no clue where to look for the source of this problem. Maybe the access is restricted to a local network!?
I checked the note on page 9/11 of the RapidAnalytics manual, and found this line for my server:
<soap:address location="http://127.0.0.1:8080/RAWS/RepositoryService"/>The manual states "Check whether the host name is actually a host name under which the host is known in the local network." which seems not to be true. I would really appreciate any hints, since I am really looking forward to use the server and to enjoy its advantages.
Regards
Matthias
0
Answers
-
As I expected this was a JBoss issue not a RapidAnalytics one. And shame on me, this is mentioned in the manual. But first I misinterpreted the short notice in chapter 2. Anyway, here is what I did and found.
The server was bound to localhost only and the web interface was not accessible from the server via hostname (only localhost and 127.0.0.1 did it). Searching for JBoss and firewall issues I found some cases in which people also thougt this was a firewall problem. Using the parameter -b x.x.x.x for run.bat (certainly also true for other operating systems and the respective startup scripts) allows binding the server to ip address x.x.x.x. I just used run.bat -b 0.0.0.0 to allow access from all ip addresses/network interfaces. This change combined with the firewall rules allowing communication for port 8080 made the web interface immediately accessible from my PC.
But now I am facing another problem, which is definetely RapidMiner associated this time. When adding (and trying to browse) the remote repository I receive this error message:Exception: com.sun.xml.internal.ws.client.ClientTransportException
The previously mentioned line now reads
Message: HTTP transport error: java.net.UnknownHostException: CT50146
Stack trace:
com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(Unknown Source)
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unknown Source)
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(Unknown Source)
com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unknown Source)
com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown Source)
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
$Proxy31.getFolderContents(Unknown Source)
com.rapidminer.repository.remote.RemoteFolder.ensureLoaded(RemoteFolder.java:115)
com.rapidminer.repository.remote.RemoteFolder.getSubfolders(RemoteFolder.java:146)
com.rapidminer.repository.gui.RepositoryTreeModel$3.run(RepositoryTreeModel.java:186)
Cause
Exception: java.net.UnknownHostException
Message: CT50146
Stack trace:
java.net.PlainSocketImpl.connect(Unknown Source)
java.net.SocksSocketImpl.connect(Unknown Source)
java.net.Socket.connect(Unknown Source)
java.net.Socket.connect(Unknown Source)
sun.net.NetworkClient.doConnect(Unknown Source)
sun.net.www.http.HttpClient.openServer(Unknown Source)
sun.net.www.http.HttpClient.openServer(Unknown Source)
sun.net.www.http.HttpClient.<init>(Unknown Source)
sun.net.www.http.HttpClient.New(Unknown Source)
sun.net.www.http.HttpClient.New(Unknown Source)
sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(Unknown Source)
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unknown Source)
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(Unknown Source)
com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unknown Source)
com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown Source)
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
$Proxy31.getFolderContents(Unknown Source)
com.rapidminer.repository.remote.RemoteFolder.ensureLoaded(RemoteFolder.java:115)
com.rapidminer.repository.remote.RemoteFolder.getSubfolders(RemoteFolder.java:146)
com.rapidminer.repository.gui.RepositoryTreeModel$3.run(RepositoryTreeModel.java:186)<soap:address location="http://CT50146:8080/RAWS/RepositoryService"/>
CT50146 is indeed the host name of the server but why is it resolved when connecting via ip address and why does it cause trouble? The local hostname should not be used since it is useless when accessing over the internet / from an external network.
Thanks in advance for any suggestions!
Best regards
Matthias0 -
Hi,
so the error message means: The hostname is unknown. Well, I guess you knew that. Can you use the hostname in any other application like Firefox or ping? I would be surprised. I guess you either have to setup a proper DNS or configure the host name in your host lookup table locally (or get enterprise support :-))
Best,
Simon0 -
Hi Simon,
thank you. I was still looking for a way to avoid the use of the hostname (and use IP address instead) but didn't think of "making the hostname work". As I described the hostname was a local one of the server but was useless when accessing from external networks. One line binding the local hostname to the global IP address in my Windows hosts table did the trick. Now the hostname is correctly resolved and allows using the remote repository from RapidMiner. Perhaps you might want to add a note into the manual, that the server has to be accessible via hostname and what can be done, if no global name is available.
Thanks again for your hint pointing me to the quite simple solution.
Best regards
Matthias0 -
Hi,
yes, that part is a bit tricky. I thought there was a hint in the manual though. I may have to check.
Best,
Simon0 -
I am also having this same problem.
I cannot access RA externally, and initially thought it was a firewall issue - but have since ruled that out.
I have installed, and can run RA locally, by going to localhost:8080, but when I try to browse to this site across the internet it does not work.
If I then run run.bat -b 0.0.0.0 I then get to see a jboss 404 error page both locally and from the internet.
I then need to restart the rapidanalytics service a few times before it will work again locally.
I have read the documentation - but I could see any clear explaination of how to expose RapidAnalytics for the internet.
Does anyone know the answer?
Thanks0 -
Hi,
maybe at this stage some general clarification would be good. There are two general issues that are rather unrelated to RA itself: (1) Making JBoss listen on the right interfaces and (2) making the client know whom to talk with.
To have JBoss listen on all devices, start "run.bat -b 0.0.0.0" or "run.sh -b 0.0.0.0". You can go to server/default/deploy/jbossweb.sar/server.xml and check the binding address. If the option is checked in the installer, this may have been overridden.
Once you got that working, point your browser to localhost:8080, hostname:8080, 127.0.0.1:8080 and ipaddress:8080 (e.g. 192.168.1.1:8080) to see whether you can access it from everywhere, in particular from the host that you want to use RapidMiner on. If the IP addresses work but the hostnames don't then this is a DNS problem. Note that configuring a hostname in the local network will not automatically make that name known to other hosts.
<Connector protocol="HTTP/1.1" port="${jboss.web.http.port}" address="${jboss.bind.address}"
redirectPort="${jboss.web.https.port}" />
Now issue (2). When RapidMiner talks to RapidAnalytics for the first time it will use the hostname you specify when you add the repository. After that, it uses the one listed in the WSDL files, e.g. http://localhost:8080/RAWS/RepositoryService?wsdl close to the very bottom:
The example above (taken from the initial post) is bad because 127.0.0.1 has a different meaning on each host. It always means the host you are on. JBoss will do its best to fill in a reasonable value here and when your network is well configured this will work. If it is not, you can override this setting by editing server/default/deployers/jbossws-jaxrpc.deployer/META-INF/stack-agnostic-jboss-beans.xml. Therein, look for this line:
<soap:address location="http://127.0.0.1:8080/RAWS/RepositoryService"/>
Note that by default, the value of the variable jboss.bind.address is used again. If that does not work, just replace the contents of this tag by whatever is an appropriate hostname and check your WSDL file again. To make sure everything works fine, go to http://localhost:8080/RAWS/RepositoryService?wsdl and check whether the hostname has been inserted. To be absolutely sure, copy it out of the XML and paste into your browser's URL field. If that works, RapidMiner will connect correctly.
<property name="webServiceHost">${jboss.bind.address}</property>
Hope this helps.
Best,
Simon
P.S.: One more common pitfall: When hostnames are not configured correctly and your ISP thinks it is a good idea to use a DNS server that, whenever it cannot resolve a hostname, points you to a search engine, you're in trouble. When that happens in a browser it may be ok because you will see that you arrived at a search form. When that happens to RapidMiner, this can get really confusing: RapidMiner will try to access http://yourhost:8080/RepositoryRService?wsdl expecting an XML file. But when "yourhost" is misspelt and the DNS server redirects RapidMiner to a search form it will receive some rather meaningless HTML and complain about malformed XML.0 -
In my experience, the main way to avoid having a wrong or incomplete hostname in the configuration of RapidAnalytics / JBOSS is to use the fully qualified domain name (FQDN) of your hostname when indicating your server name in the initial steps of the installation.
By FQDN I mean the server "full name" as needed by a browser running on the client computer, to find such hostname.
Example: in my case indicating something like myserver didn't work, but I needed to indicate a name like myserver.xx.company.com when i filled the pre-installation forms.
Assuming you already have some web server like Apache2 or IIS running on your server, you can test whether your hostname will work by simply writing "http://myhostname" in your client browser address field. If it works with that name, your connection from a RM running on that client to RA running on the server should work.
I hope this helps.0