2010-07-09

Running Tomcat on port 80 in a user account

If you already have a servlet container and also need a web server, there is usually no need to turn to a dedicated web server such as Apache. Instead, your servlet container can easily perform double duty, by putting your HTML files into the “ROOT” web application. If you run Tomcat on Linux, you have two choices: First, run it on a user account. Then you can only use “non-privileged” ports which start at 1024 (this is why Tomcat’s default is to use port 8080). Second, run it on a root account, but that poses security risks. There are many solutions out there for running Tomcat on port 8080 on a user account. The simplest solution that I have found is to use authbind. To do so, you need to perform the following steps:
  1. Install authbind
  2. Make port 80 available to authbind (you need to be root):
    touch /etc/authbind/byport/80
    chmod 500 /etc/authbind/byport/80
    chown glassfish /etc/authbind/byport/80
  3. Make IPv4 the default (authbind does not currently support IPv6). To do so, create the file TOMCAT/bin/setenv.sh with the following content: CATALINA_OPTS="-Djava.net.preferIPv4Stack=true"
  4. Change startup.sh
    exec authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"
    # OLD: exec "$PRGDIR"/"$EXECUTABLE" start "$@"
Flattr

No comments: