Tomcat is deployed under Linux, and for security we start with a non-root user, but the 80 port number cannot be accessed directly at the time of the domain binding. As we all know, under Unix, non-root users can not listen to more than 1024 of the port number, the Tomcat server can not be bound to the 80 port. So here we need to use Linux port forwarding mechanism, to the 80-port service request to go to 8080 port.
1. Install Iptables-persistent
sudo apt-get update
sudo apt-get install iptables-persistent
1
2
2. Add 80 ports jump to 8080 rule
sudo iptables-t nat-a prerouting-p tcp--dport 80-j REDIRECT--to-port 8080
1
3. Save Jump Rules
sudo service iptables-persistent Save
Scene
If you are debugging a WEB program with resin, you need to restart the resin frequently. This WEB program needs to be on port 80, and Linux limit 1024 must have root permission to open. But you don't want to always drive a root terminal when you're trying to tune a program. In this case, you can open the resin on the default 8080 port and use iptables to achieve the same effect as if the service was on port 80.
Method
Transfer the TCP connection to port 80 to the local 8080 port. This requirement can be met by using Dnat (destination network address translation) technology. Because Iptables has different ways of handling local and remote connections, it needs to be handled separately. The following assumes that the IP of this computer is 192.168.4.177.
Remote connection
A remote connection is a connection to this machine by another machine. This kind of connected packets will first pass through the prerouting chain in the iptables, so just make Dnat in the prerouting chain.
# iptables-t nat-a prerouting-p tcp-i eth0-d 192.168.4.177--dport 80-j dnat--to 192.168.4.177:8080
Local connection
A local connection refers to a port on this computer that uses 127.0.0.1 or native IP to access this computer. Locally connected packets are not passed through the NIC, but are processed by the kernel and sent directly to the local process. This kind of data packet only passes through the OUTPUT chain in the iptables, but does not pass through the prerouting chain. So it needs to be dnat in the OUTPUT chain. In addition to 127.0.0.1, access to native IP (i.e. 192.168.4.177) is also a local connection.
# iptables-t nat-a output-p tcp-d 127.0.0.1--dport 80-j dnat--to 127.0.0.1:8080
# iptables-t nat-a output-p tcp-d 192.168.4.177--dport 80-j dnat--to 127.0.0.1:8080
Attention matters
You may need to turn on IP forwarding by using the following command:
# echo 1 >/proc/sys/net/ipv4/ip_forward
If you want to reset iptables, you need to first empty the NAT table when experimenting:
# iptables-f-T NAT
