tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Turner <tomcat-u...@johnturner.com>
Subject Re: installing Tomcat without being root
Date Mon, 02 Jun 2003 15:14:56 GMT
On Mon, 2 Jun 2003 15:38:08 +0200, <kurtc@inwind.it> wrote:

>> On Mon, 2 Jun 2003 09:44:07 +0200, <kurtc@inwind.it> wrote:
>>
>> Only root can bind a process to port 80.
>
> Well, i dont see the point here (cause i'm a newbie), but i would like to
> get this result:
> 1)An user contact www.myhost.com
> 2) the resolver asks to the DNS for that name, and the DNS answers with 
> the
> pair IP:PORT (ie www.myhost.com:8080)

It doesn't work like that.  DNS knows nothing about port numbers.  HTTP = 
80, HTTPS = 443, that's a browser thing, not a server thing.  If a user 
types "http://your.host.com" in their browser, the browser is going to 
contact port 80...plain and simple and there's no changing it.

You'll need one of the following:  1) proxy, 2) port forwarding (like a 
proxy but could be done with something like SSH), 3) URL forwarding service 
(like zoneedit.com), or 4) a redirect like you've mentioned.

Ports under 1024 are reserved for security reasons.  Very good security 
reasons, and chances are the only people you will find who will disagree 
with the restrictions on ports less than 1024 will be newbies (also for 
good reason).

For example, how would you like it if just any user on a server could run a 
mail daemon on port 25?  Port 110, sniffing POP3 passwords from other 
users?  Etc. etc. ad nauseam.

> In this way my TomCat, running at 8080, will be contacted at each 
> request.
> The actual solution (crappy) is to have an index.php file in my home
> directory which redirect to www.myhost.com:8080.
> If the former solution could be done, my question would be: how to do 
> that ?

You'll need to use some sort of port forwarder or proxy.  Apache can do the 
proxying, but you'll need to be root to configure it and test the 
configuration (in which case the whole thing is moot because then you could 
start Tomcat as root on port 80), or you'll need to use something like SSH 
or iptables/ipchains (or some other package) to do the forwarding for you.  
Either way, you still need to be root.

You could just use an external forwarding service...zoneedit.com has one.

John

-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message