// shall I write some keywords here to boost search engine ranking?

Tuesday, January 22, 2008

Run Tomcat on Linux with non-root user on port 80

In Linux, non-root user is not allowed to bind to privileged port (1 - 1024). And for security reason or many others reason, we do not run Tomcat with root user privilege.

This cause our tomcat not able to bind to port 80. This article suggest a few alternative to this problem. Among the alternatives, I prefer the port redirect via iptables.

However, the steps mentioned in the article is not a permanent port redirection. So after some google, I found the steps as below:

1. login as root user
2. type command below to do a port redirection from 80 to 8080:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
3. save the redirection:
iptables-save > /etc/sysconfig/iptables

Done. You can access the Tomcat from others server via port 80. To access from localhost, you still got to access via port 8080.


Anonymous said...

simple, elegant and works like a charm. Thanks so much for this command. I was searching web I saw so many different ways and they all were not working properly. This simply forwards port 80 to 8080 without major change in linux layer. In fact you cold do the same trick for any port to port forwarding.

xmariachi said...

I find it nicer to leave it on port 8080 and leave apache webserver on 80 connect to it passing the dynamic content requests only. Tomcat performs worse than tomcat on static content.
It's a bit more complicated than this :) but I find it nicer to leave it all in the application layer's config.