Non-root users cannot start Tomcat listening to port 80
I. Problems
After a website is bound to a domain name, port 80 is directly used for access through the domain name. Therefore, tomcat must listen to port 80. For security reasons, tomcat generally runs without the root identity. In summary, tomcat listening to port 80 needs to be run as a common user. In this case, startup fails, and no permission is reported, because only the root identity can listen to ports below 1024 that are well-known.
Ii. Solution
(The following are not verified)
There are a few different solutions to work around this:
- Install and configure Apache or nginx as a reverse proxy server, which can be started as root to open the port, and then downgrade its privileges back to a normal user.
- Set up a firewall on the server using
iptables
or an alternative, so that the lower port number is forwarded internally to a higher port number listened by Confluence.
- Use jsvc, which is able to open ports as root, and then downgrade privileges.
- Use authbind to grant privileges for a non-root user to open a privileged port.
1. port forwarding through iptables
- Tomcat listens to port 8080 (other ports are not well-known, run sudo iptables-t nat-a prerouting-p tcp -- dport 80-j REDIRECT -- to-port 8080 to forward requests to port 80 to port 8080.
- The iptables rule settings take effect immediately, but the configuration information in iptables is cleared after the machine is restarted. Therefore, you can save these configurations so that iptables is automatically loaded when the interface is started:
(1) save the firewall rules: sudo iptables-save>/etc/firewall iptables. rules
(2) edit/etc/network/interfaces and add a row at the end: pre-up iptables-restore </etc/zsmiptables. rules
References:
1. Configure local Tomcat application port 80 forwarding in Linux
After the iptables rule is set, it takes effect immediately. After the machine is restarted, the configuration information in iptables will be cleared.
You can save these configurations so that iptables is automatically loaded at startup, saving you the need to re-input each time.
Iptables-save and iptables-restore are used to save and restore settings.
First, save the firewall rules to the/etc/iptables. up. rules file:
Iptables-save>/etc/iptables. up. rules
Then modify the script/etc/network/interfaces, add a line at the end, and apply the firewall rules when the network starts:
Pre-up iptables-restore </etc/iptables. up. rules
Ubuntu uses iptables to simplify Firewall Configuration:
Sudo ufw disable & sudo ufw default allow ensures that the INPUT/FORWARD/OUTPUT links are in the ACCEPT state. Otherwise, network access is interrupted, including ssh.
Sudo iptables-F & sudo iptables-X & sudo iptables-Z & sudo iptables-L
Sudo iptables-a input-m state -- state ESTABLISHED, RELATED-j ACCEPT
Sudo iptables-a input-I lo-j ACCEPT
Sudo iptables-a input-p tcp-I eth0 -- dport 22-j ACCEPT
Sudo iptables-a input-p tcp-I eth0 -- dport 80-j ACCEPT
Sudo iptables-a input-j DROP
Iptables-save>/etc/iptables. up. rules switch to the root user for execution, and The sudo will prompt that the user has no permission.
Add a line to the end of sudo nano/etc/network/interfaces and apply the firewall rules when the network starts:
Pre-up iptables-restore </etc/iptables. up. rules
(The former statement uses iptables-restore </etc/zsmiptables. put rules in a script and put it under/etc/network/if-pre-up.d/, but never succeeded; use the latter to put iptables-restore </etc/hosts iptables. rules is successfully added to the end of/etc/network/interfaces)
2. Use isvc
Jsvc can use the port as the root role, so you can use it. In addition, this method also makes tomcat a service and can be started on its own.
For more Tomcat tutorials, see the following:
Install and configure the Tomcat environment in CentOS 6.6
Install JDK + Tomcat in RedHat Linux 5.5 and deploy Java Projects
Tomcat authoritative guide (second edition) (Chinese/English hd pdf + bookmarks)
Tomcat Security Configuration and Performance Optimization
How to Use Xshell to view Tomcat real-time logs with Chinese garbled characters in Linux
Install JDK and Tomcat in CentOS 64-bit and set the Tomcat Startup Procedure
Install Tomcat in CentOS 6.5
Tomcat details: click here
Tomcat: click here
This article permanently updates the link address: