btkibler Posted April 3, 2014 Share Posted April 3, 2014 The ReportServer AMI for AWS (launched as a standalone AMI, not via CloudFormation) works just fine when I run it in a public EC2 instance, or in the "default VPC" with a public IP address. However, if I run it in a private VPC, with no hostname and just an IP address, the login screen fails. I'm able to see the default splash screen just fine, but when I click on the login button (i.e. http://<ip-address>/jaspersoft-pro), it just hangs.There are no errors in catalina.out, and I can see that the /jaspersoft-pro web context has been loaded.There is a suspicious error in /var/logs/tomcat7/tomcat7-initd.log:[/code]-sh: line 0: export: `/bin/sh': not a valid identifier-sh: line 0: export: `/etc/jasperserver/fix_hostname_issue_in_vpc.sh': not a valid identifierrm: cannot remove `/tmp/instance-type': Operation not permitted/tmp/instance-type: Permission denied/usr/sbin/tomcat7: line 21: .: /etc/sysconfig/: is a directory I can see the request hitting the webserver via tcpdump, so I know there's not a firewall problem, but the server stops reading the socket, and after a few TCP retries, the socket is eventually dropped.Any other errors to look for, or things to try fixing?Thanks,Ben EDIT: I was able to login to the VPC JRS instance from a browser on another machine in the same VPC. This leads me to believe the root problem is somewhere else in the network stack, not specific to the JRS configuration. However, it's still very odd that other servlets in the JRS Tomcat instance work, and it's only the /jasperserver-pro web context that doesn't work... Link to comment Share on other sites More sharing options...
Solution btkibler Posted April 4, 2014 Author Solution Share Posted April 4, 2014 The root cause was an app-aware rule in the Palo Alto firewall between our corporate network and the AWS VPC. The Jaspersoft landing page wasn't blocked (allowed by generic "web-browsing" policy), but once the firewall saw the /jasperserver-pro URL, the traffic was identified as "Jaspersoft", and blocked by default.Once we fixed the firewall, the login page worked just fine. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now