Connections to port 8000 from host machine do not work (connection refused), but local debugging works on the guest machine.
I'm running tomcat 8.5 inside a vagrant box with centos image and self signed cert. The host machine is running windows 7. I can access tomcat's manager application on a secure port 8443 with https, and I can access my webapp also on a secure port 8443 with https. 8443 is not forwarded. Non-secure connections also work on host port 8080, which is forwarded to guest port 80 on vagrant box.
After shutting down tomcat, bin/shutdown.sh and restarting in debug mode via bin/catalina.sh jpda start I can attach jdb on port 8000 via jdb -attach 8000 and I can view threads and classes, and after setting a breakpoint and hitting the app on the secure 8443 I can step through the execution.
I have tried forwarding host port 9000 to guest port 8000 in the Vagrantfile, and also tried various connectors set in tomcat's bin/server.xml to allow connections on port 8000. To allow remote connections, I had to add context files in tomcat's conf/Catalina/localhost with the following text for tomcat's manager application as well as my application:
<Context privileged="true" antiResourceLocking="false"
docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" />
</Context>
I feel like there is probably something else I need to do for tomcat to allow a remote connection on port 8000, but I'm unable to find it with a couple hours of google searches and experimentation.
I figured it out.
In catalina.sh, the JPDA variables are set in an if statement. I was allowing these variables to define how to connect. JPDA_ADDRESS was set as JPDA_ADDRESS="localhost:8000" I removed "localhost:" so it is now set as JPDA_ADDRRESS="8000". I can connect from STS on the host machine now. Below is the if statement from catalina.sh that I changed to allow connections outside the guest machine.
if [ "$1" = "jpda" ] ; then
if [ -z "$JPDA_TRANSPORT" ]; then
JPDA_TRANSPORT="dt_socket"
fi
if [ -z "$JPDA_ADDRESS" ]; then
JPDA_ADDRESS="8000" // only this line changed. was set to "localhost:8000"
fi
if [ -z "$JPDA_SUSPEND" ]; then
JPDA_SUSPEND="n"
fi
if [ -z "$JPDA_OPTS" ]; then
JPDA_OPTS="-agentlib:jdwp=transport=$JPDA_TRANSPORT,address=$JPDA_ADDRESS,server=y,suspend=$JPDA_SUSPEND"
fi
CATALINA_OPTS="$JPDA_OPTS $CATALINA_OPTS"
shift
fi
catalina.sh probably isn't the best place to change the JPDA_ADDRESS. Other posts suggest defining the JPDA variables in setenv.sh, or a custom script that calls catalina.sh with the appropriate commands to start in debug mode.
In addition to this answer, I found an answer to another question which helped me figure out what was wrong. Antony Shumskikh's answer to What are Java command line options to set to allow JVM to be remotely debugged? was helpful.