tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Singleton <>
Subject Re: Get rid of 8080 port in Tomcat 3.3
Date Fri, 23 Feb 2007 15:03:38 GMT
Steffen Heil wrote:
> Hi
>> That's the way You should go:
> I totally disagree.
> First, it would surely be best to update to 6.0 and run it using jsvc....
> However, let's look at the solution in the link above.
> 1. "The Apache solution". (Which should be called the "httpd" solution.)
> This will work, and might be okay, if you are already running apache on that
> system.
> BUT tomcat itself can be faster (at least newer ones, I don't know about
> 3.x) without httpd.
> 2. The IP tables solution
> You webapplication will not know about the different port and encode urls
> incorrecly. Bad Idea and impossible if SSL is required.

Dunno whether there are flaws in the particular solution
which Stefan referred to, but your assertions about
iptables solutions are not generally true.

Using well documented iptables port mapping techniques
you can run Tomcat 5.5 as non-privileged user, with SSL
on port 443 on several address-based virtual hosts, each
with their own certificates.  No jsvc (or any other s/ware
or processes) required.  URL encoding works as intended
(indeed, we rely on it exclusively, configuring Tomcat to
never send cookies).  This solution in production > 1 year.
What's the basis for your claims?

> 3. The rinetd solution
> Good for development and tests. Adds a little overhead AND destroy a lot of
> logging and security, as tomcat will always see ONE client ip.
> 4. IPchains alternative
> see 2.
> Otherwise get jsvc to work for you.
> Regards,
>   Steffen

Paul Singleton

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message