httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] tomcat without apache in front
Date Wed, 20 May 2009 21:07:53 GMT
singh@allumezinfotech.com wrote:
> 
> This is one thing i have heard from many what's the big deal in opening
> port 80 of app servers? any pointers

There is no big deal having Tomcat answer directly on port 80.
This topic then would be better posted on the Tomcat users mailing list, 
but in a nutshell :

To be able to open listening server ports < 1024, a process needs to run 
as root.  Port 80 is < 1024.

Apache always starts as user root, opens a listening port 80, then 
switches to another user-id with lesser permissions to answer requests.

Tomcat does not do that by itself.  To start it listening on port 80, 
you have to run it as root, and then it continues to run as root, which 
is a bit less comfortable in terms of security.
But, you can use a wrapper (named jsvc), to achieve the same thing as 
Apache.
This is already how Tomcat is started by default on some platforms 
(Linux Debian and Ubuntu e.g.), but it is available for all.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message