View previous topic :: View next topic |
Author |
Message |
lord n00b
Joined: 16 Oct 2002 Posts: 73 Location: Linköping, Sweden
|
Posted: Thu Mar 27, 2003 12:06 am Post subject: Binding ports below 1024 |
|
|
I dont want to run tomcat as root, but I cannot bind ports below 1024. I've tried to google, but I cannot find any 'solutions' to my problem. Only references to that there is such rules...
Is it possible to allow a specific user to bind a specific port? |
|
Back to top |
|
|
caffiend n00b
Joined: 26 Mar 2003 Posts: 48 Location: Oakland, CA
|
Posted: Thu Mar 27, 2003 12:30 am Post subject: |
|
|
ummm... shouldn't you be configuring your webserver to talk to tomcat rather than letting users do so directly? |
|
Back to top |
|
|
lord n00b
Joined: 16 Oct 2002 Posts: 73 Location: Linköping, Sweden
|
Posted: Thu Mar 27, 2003 1:10 am Post subject: |
|
|
At the moment, I'm only running totally static homepages on some of my domains, and the ones that are dynamic are using servlets.
I'm eventually gonna move to Apache with JK2 when I'm in need of PHP and other similar stuff... but till then, why whould I want to run a webserver talking to another webserver? Seems that it would only have a negative impact on performance, or am I missing somthing here? =) |
|
Back to top |
|
|
caffiend n00b
Joined: 26 Mar 2003 Posts: 48 Location: Oakland, CA
|
Posted: Thu Mar 27, 2003 1:31 am Post subject: |
|
|
frankly I know almost nothing when it comes to java including tomcat...
but from the tomcat-apache howto I get...
Tomcat is not as fast as Apache when it comes to static pages.
Tomcat is not as configurable as Apache.
Tomcat is not as robust as Apache.
in server.xml change the Http10Connector port to 80 from 8080 I would think that it would give up root after it had bound to the port like Apache, but I'm not 100% on that... |
|
Back to top |
|
|
caffiend n00b
Joined: 26 Mar 2003 Posts: 48 Location: Oakland, CA
|
Posted: Thu Mar 27, 2003 1:40 am Post subject: |
|
|
Quote: | in server.xml change the Http10Connector port to 80 from 8080 I would think that it would give up root after it had bound to the port like Apache, but I'm not 100% on that... |
and I was rightfully so in my lack of certainty, it seems that there is no method currently to allow tomcat to give up root after binding to the port.
Your best bet if you still do not want to use Apache is to forward port 80 requests to 8080 |
|
Back to top |
|
|
absinthe Retired Dev
Joined: 06 Oct 2002 Posts: 111 Location: San Francisco, CA, USA
|
Posted: Sat Mar 29, 2003 12:04 am Post subject: Re: Binding ports below 1024 |
|
|
lord wrote: | I dont want to run tomcat as root, but I cannot bind ports below 1024. I've tried to google, but I cannot find any 'solutions' to my problem. Only references to that there is such rules...
Is it possible to allow a specific user to bind a specific port? |
Emerge tomcat-4.1.24 (it's currently masked for testing but should work ok for you).
It installs Tomcat as user 'tomcat', and binds Tomcat to port 8080 by default. That should be fine if you are using Apache as your front-end on port 80.
Now, getting Apache to bind to Tomcat requires a connector: mod_jk. Currently we do not have a package for this (it is under development though). Getting the connector installed is fortunately not difficult. Apache provides binaries for the mod_jk.
Please see: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1.2.2/
At least until we have an ebuild that builds this (timeframe 2-4 weeks from this writing), that should give you everything you need. There is also a link on that page pointing to documentation for how to install mod_jk and configure Apache for it. It should tell you everything you need to know. |
|
Back to top |
|
|
absinthe Retired Dev
Joined: 06 Oct 2002 Posts: 111 Location: San Francisco, CA, USA
|
Posted: Sat Mar 29, 2003 12:39 am Post subject: |
|
|
One note about running servlet engines (Tomcat, Orion, Resin, JBoss) on port 80... by default all of these run on a port higher than 1024 (usually 8080). No service should run as root, including these... and JBoss, Orion, and Tomcat all install and run non-root.
However, ports < 1024 are restricted to root access. Apache works around this limitation by launching the initial process as root and switching to the apache user. No such solution exists for the servlet engines in this way.
Here's how you work around this. If you're not running a firewall on the machine, install one (ipchains or iptables). Then port forwarding from port 80 to something else (usually 8080). You can do this either on your network gateways, or on the machines running Tomcat/Orion itself.
Hope this helps. |
|
Back to top |
|
|
lord n00b
Joined: 16 Oct 2002 Posts: 73 Location: Linköping, Sweden
|
Posted: Sat Mar 29, 2003 4:37 pm Post subject: |
|
|
Thanks for the advice! I'll look into it as asap =) ...
Orion is a really nice applicataion server... I know actually one of the two founders of orion and he's a really nice guy =)) |
|
Back to top |
|
|
absinthe Retired Dev
Joined: 06 Oct 2002 Posts: 111 Location: San Francisco, CA, USA
|
Posted: Sat Mar 29, 2003 7:53 pm Post subject: |
|
|
lord wrote: | Orion is a really nice applicataion server... I know actually one of the two founders of orion and he's a really nice guy =)) |
Yup. Orion is great stuff. It's what I use for my personal website and also for various one-off web apps (even php driven) inside my home.
Tomcat has always been rather sloppy, slow, and buggy in comparison -- and while it's gotten much better recently, it's still a ways from Orion and Resin.
Resin is also great software; Orion and Resin are almost directly comparable. |
|
Back to top |
|
|
helmers Guru
Joined: 16 Sep 2002 Posts: 553 Location: Stange, Norway
|
Posted: Sun Apr 20, 2003 9:14 pm Post subject: |
|
|
Hi!
So, if I want a application for a normal user to be able to listen on port 21, what do I do?(as in please explain it sloooowlyyyy) _________________ C is for Cookies! |
|
Back to top |
|
|
|