Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Tomcat Users »

Re: installing Tomcat without being root

John Turner

2003-06-02

Replies:

On Mon, 2 Jun 2003 15:38:08 +0200, <kurtc@(protected):

>> On Mon, 2 Jun 2003 09:44:07 +0200, <kurtc@(protected):
>>
>> Only root can bind a process to port 80.
>
> Well, i dont see the point here (cause i'm a newbie), but i would like to
> get this result:
> 1)An user contact www.myhost.com
> 2) the resolver asks to the DNS for that name, and the DNS answers with
> the
> pair IP:PORT (ie www.myhost.com:8080)

It doesn't work like that. DNS knows nothing about port numbers. HTTP =
80, HTTPS = 443, that's a browser thing, not a server thing. If a user
types "http://your.host.com" in their browser, the browser is going to
contact port 80...plain and simple and there's no changing it.

You'll need one of the following: 1) proxy, 2) port forwarding (like a
proxy but could be done with something like SSH), 3) URL forwarding service
(like zoneedit.com), or 4) a redirect like you've mentioned.

Ports under 1024 are reserved for security reasons. Very good security
reasons, and chances are the only people you will find who will disagree
with the restrictions on ports less than 1024 will be newbies (also for
good reason).

For example, how would you like it if just any user on a server could run a
mail daemon on port 25? Port 110, sniffing POP3 passwords from other
users? Etc. etc. ad nauseam.

> In this way my TomCat, running at 8080, will be contacted at each
> request.
> The actual solution (crappy) is to have an index.php file in my home
> directory which redirect to www.myhost.com:8080.
> If the former solution could be done, my question would be: how to do
> that ?

You'll need to use some sort of port forwarder or proxy. Apache can do the
proxying, but you'll need to be root to configure it and test the
configuration (in which case the whole thing is moot because then you could
start Tomcat as root on port 80), or you'll need to use something like SSH
or iptables/ipchains (or some other package) to do the forwarding for you.
Either way, you still need to be root.

You could just use an external forwarding service...zoneedit.com has one.

John

--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)


©2008 junlu.com - Jax Systems, LLC, U.S.A.