Dr. Axel Rauschmayer is a freelance software engineer, blogger and educator, located in Munich, Germany. Axel is a DZone MVB and is not an employee of DZone and has posted 246 posts at DZone. You can read more from them at their website. View Full User Profile

Running Tomcat on Port 80 in a User Account

07.10.2010
| 17892 views |
  • submit to reddit

If you already have a servlet container and also need a web server, there is usually no need to turn to a dedicated web server such as Apache. Instead, your servlet container can easily perform double duty, by putting your HTML files into the “ROOT” web application. If you run Tomcat on Linux, you have two choices: First, run it on a user account. Then you can only use “non-privileged” ports which start at 1024 (this is why Tomcat’s default is to use port 8080). Second, run it on a root account, but that poses security risks. There are many solutions out there for running Tomcat on port 8080 on a user account. The simplest solution that I have found is to use authbind. To do so, you need to perform the following steps:

Step 1: Install authbind

Step 2: Make port 80 available to authbind (you need to be root)

touch /etc/authbind/byport/80
chmod 500 /etc/authbind/byport/80
chown glassfish /etc/authbind/byport/80

Step 3: Make IPv4 the default (authbind does not currently support IPv6). To do so, create the file TOMCAT/bin/setenv.sh with the following content:

CATALINA_OPTS="-Djava.net.preferIPv4Stack=true"

Step 4: Change startup.sh

exec authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"
# OLD: exec "$PRGDIR"/"$EXECUTABLE" start "$@"

From http://2ality.blogspot.com/2010/07/running-tomcat-on-port-80-in-user.html

Published at DZone with permission of Axel Rauschmayer, author and DZone MVB.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Comments

Jonathan Fisher replied on Sat, 2010/07/10 - 10:14am

If you plan on using tomcat to host static content, be sure install the APR native lib. With the APR installed, tomcat can run @ near-httpd speeds. Otherwise you'll be hosting using java sockets, which is much slower.

Erdinç Kocaman replied on Sat, 2010/07/10 - 12:42pm

One more way; Running on Port 8080 using ordinary user and forwarding coming requests for port 80 to port 8080 with iptables. Related link : http://rifers.org/wiki/display/RIFE/Installing+Tomcat+on+port+80+with+iptables

Gilbert Herschberger replied on Sat, 2010/07/10 - 1:29pm

Could you please provide a link for installing a web application as "ROOT"? Thanks,

Loren Kratzke replied on Sat, 2010/07/10 - 3:01pm

Great tips Axel and Erdinc, and good advice Jonathan.

But Gilbert, the whole idea is to never run as root. No good can come from it. In corner cases such as a sys admin webapp, your app should run as a non-root user and execute shell commands via sudo to limit the potential damage that a command injection flaw in your app could cause.

Personally, I have always fronted with Apache using mod_proxy to map dynamic stuff to Tomcat and aliases for the static content. In this way I can run many Tomcat instances efficiently. But the authbind trick seems quite useful when there is a single Tomcat instance hosting primarilly dynamic content. Nice alternative to have in the old toolbox for sure.

Gilbert Herschberger replied on Sat, 2010/07/10 - 7:01pm

Of course, I mean when 'your servlet container can easily perform double duty, by putting your HTML files into the “ROOT” web application'. How do I install my web application in the "/" context?

Loren Kratzke replied on Sun, 2010/07/11 - 1:29am in response to: Gilbert Herschberger

Ah, trick question.

Method 1: Name your war file ROOT.war

Method 2: Place a ROOT.xml file in $CATALINA_BASE/conf/[ENGINE_NAME]/[HOST_NAME]/ directory that points to your war file.

Axel Rauschmayer replied on Mon, 2010/07/12 - 6:43am in response to: Loren Kratzke

Just putting (e.g. .html) files into the directory $TOMCAT/webapps/ROOT might also work. It did for me.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.