It is true that the JVM process must run as the root user in order to open a server socket on port 80 on non-Windows operating systems. But, the JVM would not need to run as root if something outside the JVM process could relay all port 80 TCP connections to Tomcat on some port higher than 1024 (such as port 8080, for example).
Tomcat can open its web server on port 8080, andsomething else with the proper permissions can relay port 80 TCP connections to Tomcat’s port 8080. This is often referredto as port relaying or net filtering and is such a handy and common feature that there are more ways than one to do this on any given operating system.
You can route all port 80 TCP connections to all network destinations that the machine is configured for by entering these two commands:
# iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
# iptables -t nat -I OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
They will add the necessary relaying rules to your iptables configuration. This tells the kernel that all TCP connections destined for the machine on port 80 need to be redirected to port 8080.
No comments:
Post a Comment