tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cheltenham, Chris" <ccheltenham-...@philasd.org>
Subject RE: Binding a non root user to port 443
Date Tue, 13 Mar 2018 18:18:05 GMT
Chris,

Do you believe this is the best way to redirect the ports or is it better 
all around for the OS to handle that.

I.E. iptables

I may lobby for iptables but the admins are pushing back.


===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571


-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Tuesday, March 13, 2018 2:03 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Binding a non root user to port 443

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chris,

On 3/13/18 1:26 PM, Cheltenham, Chris wrote:
> Is there a way to redirect ports 80 and 443 to 8443.
>
> I have a non root user but I cannot use CentOS firewalld nor iptables.

How about authbind?

> I have tried these things.
>
> <Connectorport="443"protocol="HTTP/1.1" enableLookups="false"
> redirectPort="8443"/>

The redirectPort here is useless (it's for redirecting non-secure traffic to 
a secure port). Here, you are already secure (and redirecting to 8443 won't 
go anywhere. Just remove the attribute.

> But it still fails.

This will fail on most *NIXs because non-root can't bind to ports below 
1024.

Are you able to run jsvc? It will allow you to bind to ports and then drop 
privileges.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqoEk4dHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFie3Q/9EQNO8FUrJOT1RvK1
L1/kh37xsg6P0QwQJmPf2FT1jyw1485BHU6v1WlOAj65RskoRj0YDgCXb4EKlKqm
Tla1205+El0ZjIKzKVUnipqmmIDcGgaHq+T1BV4L3KSKHa4t4Kf1c42xkuXA0XkJ
bV2kCbZU29Utz82hNZmOK86X2RwveoNipPMDjJQFhm/inikE8tYhhl4qsoTPnpEW
FQMB3+KkPvtdju2B9vW2mv85z6kBlDA3A4DfhOsnjJ0mBkcICGogRJ8Y1qMAfnGm
z+4vH9Lf83Qdr3XNW/il4Viv5DjM9KpO5oZZuSSGdax0wMyqgY/dgEVPc0NSRkAj
z+uhAXSjx03DGCmSpcO8txRT3f/uLiRRz5RxH9s4U1eLbXXdqhpZaum4x0uLhzC5
t3+GKGCtE5pqvLg6lyikKHF8SQjS1EGL1Za3Nsqi0Yy09I8QHoHuTRP1MyobGB7p
h191divVIstWkpcAtO4rkTw5dWepGGFUBmxrJQ60zMMOgYlXTYWpbQAqjKmQcNd/
cQpMhSbKBEFOYjEvlF4d7afAsF/6ir3/Ye2oLzmdADvzgMBZzRkSnlVZc7X4m60C
d8c9S6NIwVhZuio2ydZ1wHQ73bXoxyt+wO6+3AiE0ixYH/9IC8hbYQwOCSjXm6ti
05E7jxsIcHs2su73QTyy0rUIkdQ=
=XLrN
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message