Port 80/443 Conf

The best way to have tomcat run on port 80, but not be root, is to use iptables.

One can change the tomcat connector, but since non root processes don't have access to ports under 1024, nothing will happen. Since iptables is part of the kernal and already running on most servers, it's a relativly short jump to turn on forward from port 80 to 8080, tomcat's native port.

The iptables command is:

iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j REDIRECT --to-port 8080

To make this happen with SuSE, you need to tag into the SuSEfirewall2 system ( this is a series of scripts that do all the heavy lifting of iptables in SuSE so you don't have to)

You could edit the /etc/sysconfig/SuSEfirewall2 config file, but since we already have the iptables command we can simply insert it into the /etc/sysconfig/scripts/SuSEfirewall2-custom config file.

Don't forget to activate the custom-config file in your main config file. (/etc/sysconfig/SuSEfirewall2 section 25)

My thanks to Ramon Casha whose article the iptables command and idea is pulled from >>http://linux.org.mt/article/tomcat-ports


Most of the instructions on how to do this are at >>http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html

However, there are some peculularities to using the IBM jre as opposed to the sun.

In the tomcat connector, one has to use algorithm="IbmX509" and sslProtocol="SSL"

If you don't use the right algorithm, you'll see it in your tomcat log. The second item IExplorer doesn't work with.

As with the port 80 instuctions, you'll need to add a hook in the custom firewall rules (it's detailed in the other inst)

Comments