tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ronald Klop (Mailing List)" <ronald-mailingl...@base.nl>
Subject Re: URL "simplification"
Date Mon, 10 Oct 2011 11:59:57 GMT
Simplified explanation:
 Apache httpd starts as user root. Binds port 80 and than drops privileges by setuid("apache")
or setuid("nobody").
 In java you can't easily drop privileges. So if you start as root in Java you can't easily
change user. Of course you can call native code to do this. And that is called jsvc.
 http://commons.apache.org/daemon/jsvc.html

 BTW: if you are not root on a server, you cannot bind port 80 with httpd also.
 BTW2: there are all kinds of new ways of assigning privileges in unix since a few years which
will make it more easy to say 'user x may bind to port 80'. But I have never seen anybody
using it.

 Ronald.


Op maandag, 10 oktober 2011 13:50 schreef Darryl Lewis <darryl.lewis@unsw.edu.au>:
> 
>   
>  Something I've always wondered about, but never figured out, is how does
>  apache run as 'apache user' or 'nobody' and work on a port below 1024, but
>  Tomcat can't?
>  Anyone got a simple explanation?
>  
>  On 10/10/11 9:53 PM, "Mark Thomas" <markt@apache.org> wrote:
>  
>  >On 10/10/2011 09:56, Léa Massiot wrote:
>  >>
>  >> Hello,
>  >>
>  >> Thank you for reading my post. Here is my question:
>  >>
>  >> - Presently, to access my WebApp first page, I have to type in the
>  >>following
>  >> URL in a browser:
>  >> http://hostname-or-ip:8080/my-webapp/
>  >> - Instead, I wish I could type in a URL such as:
>  >> http://my-webapp/
>  >> Is it possible?
>  >> How?
>  >>
>  >> And by the way, I don't know what's the name of such an operation. I
>  >>used
>  >> the expression "URL simplification"...
>  >>
>  >> Thank you for pointing me in the right direction!
>  >
>  >There are three parts to this.
>  >
>  >1. Removing /my-webapp/ from the end of the URL
>  >   - Deploy your web application as the ROOT web application
>  >     Read the docs or search the list archives for the various
>  >     ways of doing this.
>  >
>  >2. Removing the port (8080) from the URL
>  >   - Configure your HTTP connector to use port 80 rather than 8080
>  >     Port 80 is privileged so you'll need to run as root (bad) or use
>  >     a service wrapper (such as jsvc from Commons Daemon) that binds to
>  >     port 80 as root and then drops privileges
>  >   - Use iptables (or equivalent) to map port 8080 to 80
>  >
>  >3. Replace hostname-or-ip with my-webapp
>  >   - This will require a DNS entry that resolves my-webapp to the IP
>  >     address of the machine where Tomcat is running. This is probably
>  >     already set up for the machines host name. If you don't want to use
>  >     that, you can:
>  >     - edit the hosts file on the client (fine for testing)
>  >     - talk to your network administrator about adding an appropriate
>  >       DNS entry
>  >
>  >Mark
>  >
>  >---------------------------------------------------------------------
>  >To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>  >For additional commands, e-mail: users-help@tomcat.apache.org
>  >
>  
>  
>  ---------------------------------------------------------------------
>  To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>  For additional commands, e-mail: users-help@tomcat.apache.org
>   
>  
> 
> 
>
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message