Tomcat7 bind to port 80 fails in Ubuntu 14.04LTS

北慕城南 提交于 2019-12-02 16:22:05
Chetan

Following works:

apt-get install authbind

First, set AUTHBIND=yes in /etc/default/tomcat7 file

sudo touch /etc/authbind/byport/80
sudo chmod 500 /etc/authbind/byport/80
sudo chown tomcat7 /etc/authbind/byport/80

There was a reference URL here, but the website has been hacked (marked as unsafe in Edge, and Chrome prompts me to install a browser extension).

JEAN

Let the port 8080 by default in server.xml

Run : sudo /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

EN This redirect traffic from port 80 to 8080 (default in tomcat) in Ubuntu 14.04 it is not possible to set the default port to 80 in server.xml.

FR (Ceci redirige le trafic du port 80 vers 8080 (Par défaut dans tomcat) dans Ubuntu 14.04 il n’est pas possible de mettre le port par défaut à 80 dans server.xml.)

To make this persistent: sudo apt-get install iptables-persistent

EN This package allows you to save iptables rules previously entered. Be sure to answer yes (save the current settings). FR Ce packet permet de sauvegarder les règles iptables entrées précédemment. Il faut répondre ou aux questions, (sauvegarder les paramètres actuels).

Oliver Kohll

I had the same problem. In the end, I used an iptables port redirect instead of the authpriv mechanism

i.e.

1) in /etc/default/tomcat7, set authpriv=no

2) in /etc/tomcat7/server.xml, use

<Connector port=8080...
rather than 80

3) ufw allow 8080/tcp

4) follow the instructions here: https://serverfault.com/questions/238563/can-i-use-ufw-to-setup-a-port-forward

The same can be done for port 443 (SSL) if necessary

Start tomcat services using authbind this will allow user to start ports less than 1024 we do not need to redirect or iptables.

apt-get install authbind -y

To install Authbind software

chmod -R 755 /etc/authbind

group should be user group.

chown -Rh root:group /etc/authbind

After that run the below commands

cd /etc/authbind/byuid

As an example lets imagne user id is 2000 you can use your user id number

echo '0.0.0.0/0:1,1023' > 2000

That file should be own by user and group.

chown : 2000

chmod 700 2000

Add the below line in tomcat startup file $CATALINA_BASE/startup.sh

export JAVA_OPTS="$JAVA_OPTS -Djava.net.preferIPv4Stack=true"

For Starting tomcat using Authbind service startup.sh

Comment the below line

#$CATALINA_HOME/bin/startup.sh

Add This End as the end of the file

AUTHBIND_COMMAND="/usr/bin/authbind --deep /bin/bash -c " 

$AUTHBIND_COMMAND $CATALINA_HOME/bin/startup.sh   

now you should be able to start tomcat services as user with less that 1024 ports.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!