tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: tomcat 8.5.28
Date Fri, 02 Mar 2018 16:54:48 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Olaf,

On 3/2/18 9:30 AM, Olaf Kock wrote:
> On 02.03.2018 15:22, Cheltenham, Chris wrote:
>> From: Cheltenham, Chris [mailto:ccheltenham-ext@philasd.org] 
>> Sent: Friday, March 02, 2018 9:08 AM To: 'Tomcat Users List'
>> <users@tomcat.apache.org> Subject: tomcat 8.5.28
>> 
>> Hello,
>> 
>> Has anyone set up tomcat as a non-root use?
>> 
>> I have set it up successfully however, I have to bound the
>> non-root user to port 8443.
>> 
>> What is the best way to reroute 8443 through 443? There are
>> several options. Everything is set up at send to port 443 so I
>> need to reroute 8443 in and out of 443
>> 
>> CentOS 7 by the way -
> "what is the best (TM)?" -> "It depends"
> 
> Tomcat runs well on unprivileged ports, and depending on your OS, 
> familiarity with configuring it, other infrastructure etc, you
> have different options. Are you familiar with them - as you mention
> that there are many?
> 
> You can * use iptables redirection, * have a
> proxy/webserver/loadbalancer in front, * enable unprivileged
> binding to the port

You can also use jsvc which can:

* bind to privileged ports, then drop privileges
* monitor and restart dead Tomcat processes
* send a signal to rotate logs (like stdout!)

I use a reverse-proxy for everything (and I'd recommend that everyone
doing anything in the "real world" do the same), so I don't need such
things, but I think I'd probably want to use jsvc for this purpose
because it's fairly self-contained PLUS you get the auto-restart
capabilities should you want them.

> As we were discussing documentation in another thread these days:
> I've expected to find a solution to your question in the FAQ and
> wanted to link to it - but didn't find any entry there. There's a
> patch to go on my list, with no ETA though. Maybe a side-task
> during that Manchester Tomcat training.

It's in the Wiki, not the user's guide:
https://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_priv
ileges.3F

It doesn't even come up in Google, so it's no wonder that nobody can
find it.

We should probably roll some of this stuff into the user's guide so
it's in a better place. The Wiki is ... not a great place to put
things IMO.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqZgdgACgkQHPApP6U8
pFiGERAAoE7DTJUDhCMMTVT12j1tR5TS/0+TDltXlaT/CWFJ1ulCv2l8Oix4A7RH
oFALw0gYjZg9/WPZd73CEtN5dfKHSffll18mJcSIpaJ2uf2sx+nbcqMpGOxrkQ5x
osM9Vj/X7QTAXfBABwffAzw12kw5QpfwdxfapQS9KkK2U4gvtIB1oo1WCBL+yziA
rKA3mA6IBKIGWk8u9BhbHJeTnmL4mPaIZqLep+M5CgOykfAu7TYdvMViovOxWCTv
o5kB6xsuhZ88zdmkGJ2BGFokl0UzKtcYic3IN/s4KqcU2fM+2UJrSSHocpxW3Nfw
ppmHGp4XaKW6oAFu4VjDDnWjnP6nDs5lH1VLmIySDm8B7nXpqbC7ML/rBde1VFMZ
jVbUojbxJ+jIpXs6jg6nxTCRh/PssvWEQ/3e0Ank+xfJ3s4ay+kXYlP8M4IL8VFV
M8tsXY8pAmknh9BnGV2fz0R49+Ir8aJEBRrYm1TLKnC8L9O/hqqlOEftqikYajvD
qJlYKCmeZfDYdFkKR1TcgcC1kOpZkgdkSCc77NEBM0+y5ln/shDUCX5MkxrHe/zE
leqntUfdWVhsfeG84MR5zmFbcWcNYNVov6A/7cW6Sb5Rlv7PWIcruyTgTEIotqwd
DPFNk54910K3yy4UAyDgBgkiZTqz8k2eWx4W7FGaaMD2c9xCq50=
=9WCp
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message