2

I have a redhat linux server with tomcat 6.0.39 installed. Before I deploy any web application and open my server to the public I would like to learn how to run tomcat startup script with my tomcat user binding to the 80 port.

This is what I have done so far:

  1. Changed port 8080 -> 80; 8443 -> 443 in my server.xml
  2. The tomcat directory is owned by my tomcat user.
  3. Installed authbind.
  4. under /etc/authbind/byport I created two files 80, 443 and made them executable and changed the owner to tomcat.

  5. Inside the startup.sh I changed (exec "$PGDIR"/"$EXECUTABLE" start "$@") to ("exec authbind --deep "$PGDIR"/"$EXECUTABLE" start "$@")

    After following those steps (which is pretty much what most articles tell you to do) I still get permission denied when starting up my tomcat, complaining that it cannot bind ports 80, 443.

    If you could provide any help I would greatly appreciate it, Thanks!

Bratchley
  • 16,684
  • 13
  • 64
  • 103
user3513075
  • 83
  • 2
  • 8
  • I know this isn't your question but one thing that I have success with is doing reverse proxy load balancing [through regular Apache httpd](https://dpaste.de/xyWU) It usually only involves like four lines of configuration and you can eventually get fancy with it and start load balancing between multiple Application Servers or hosting the application server on a different machine/platform than the rest of your site (if it's split up) – Bratchley May 13 '14 at 20:13
  • One other use for doing it the `ProxyPass` way is that I typically have an easier time managing my certs with regular `httpd` and doing it that way gets me out of having to do anything with `keytool` – Bratchley May 13 '14 at 20:17
  • I've used Joel's method as well and it works well for both Apache and Nginx. – slm May 13 '14 at 20:49
  • I appreciate both your inputs/suggestions. The issue is that I was told to use authbind so I need to figure out what I have been doing wrong. – user3513075 May 13 '14 at 22:30

1 Answers1

4

I found these slightly different steps which may help you out.

  1. Install authbind

  2. Make port 80 available to authbind (you need to be root):

    $ sudo touch /etc/authbind/byport/80
$ sudo chmod 500 /etc/authbind/byport/80
$ sudo chown glassfish /etc/authbind/byport/80

  3. Make IPv4 the default (authbind does not currently support IPv6). To do so, create the file TOMCAT/bin/setenv.sh with the following content:

    CATALINA_OPTS="-Djava.net.preferIPv4Stack=true"

  4. Change startup.sh

    exec authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"
# OLD: exec "$PRGDIR"/"$EXECUTABLE" start "$@"

References

slm
  • 363,520
  • 117
  • 767
  • 871