Thanks for the detailed and clear explanation..
That does indeed sound like something to add to the Wiki.
On 15.07.2019 15:43, Arbelo, Ralph wrote:
Sure. Here's what worked for me. As I mentioned in my original post, this is an
Ubuntu 16.04 server with OpenJDK 11 installed and the Apache Tomcat 9.0.21
binary installation. I compiled the JSVC and created a setenv.sh file with some
environmental variables. Tested starting Tomcat with daemon.sh and it came up
on 8080. Now to get it to work on port 80:
Install authbind and configure it
o sudo apt install authbind
o sudo touch /etc/authbind/byport/80
o sudo chmod 500 /etc/authbind/byport/80
o sudo chown tomcat /etc/authbind/byport/80 (this assumes you're running
Tomcat as user tomcat)
Edit server.xml to change the connector port from 8080 to 80 (make sure Tomcat
isn’t running before editing)
Now you should be able to start Tomcat with authbind as the tomcat user
o sudo su - tomcat
o authbind -deep /usr/local/apache-tomcat-9.0.21/bin/daemon.sh start
(note your path will vary depending on version of Tomcat and where you
installed it)
If you're using a systemd script to manage the service, edit the ExecStart
command to include authbind. This is the simple script I use, but there are
others out there:
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target
[Service]
Type=forking
Environment=CATALINA_PID=/usr/local/apache-tomcat-9.0.21/logs/catalina-daemon.pid
Environment=CATALINA_HOME=/usr/local/apache-tomcat-9.0.21
ExecStart=/usr/bin/authbind --deep
/usr/local/apache-tomcat-9.0.21/bin/daemon.sh start
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target
If you want to run Tomcat via HTTPS you can do the same thing, just touch the
file 443 in /etc/authbind/byport.
Thanks,
Ralph
On 7/12/19, 4:40 PM, "Christopher Schultz" <ch...@christopherschultz.net>
wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
André and Ralph,
On 7/12/19 05:59, André Warnier (tomcat) wrote:
> On 11.07.2019 21:37, Arbelo, Ralph wrote:
>> Thank you for your reply, André.
>>
>> Unfortunately, the Tomcat 9 Ubuntu package is only available on
>> Ubuntu 18 and 19 (at least that I could find). I'm on 16 at the
>> moment (though I did think about upgrading) which is why I'm
>> using the binary distribution from tomcat.apache.org.
>>
>> The good news is I was able to get authbind to work. If anyone
>> is interested in the steps I used, please let me know.
>>
>
> Yes, of course. The fact of posting this to the mailing list, may
> help someone else later resolve a similar issue more quickly. .. if
> they search the mailing list archive first, of course.
Sounds like a good thing to add to the Wiki, too.
- -chris
>> Thanks again, Ralph
>>
>>
>>
>> On 7/10/19, 5:29 AM, "André Warnier (tomcat)" <a...@ice-sa.com>
>> wrote:
>>
>> Hi. Apologies for breaking conventions of this list and
>> top-posting..
>>
>> It seems that the issue below is more of a question for the
>> Ubuntu list, than Tomcat's.
>>
>> The standard /etc/init.d/tomcat9 startup script included in the
>> Ubuntu tomcat9 package, should allow starting tomcat 9 on port 80
>> without any changes to the tomcat configuration or scripts (other
>> than setting the Connector to port 80 in server.xml). If "it
>> doesn't work", you should consult the Ubuntu user's support list,
>> where you are more likely to find appropriate answers. See here
>> :
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__ubuntu.com_suppo
rt_community-2Dsupport&d=DwIDaQ&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZ
hHbOU&r=yU49ICjDxaD7z2G3Zm_yr4Iprw-m6yW-pk9yfkB8GpE&m=C-ylp1u0rXLaw8PuIu
2iihe8t9J5yoRDho4_9flKXd4&s=5Vjv2foGMSmFIvWhdp77aYdkojYCLQdZ7iYmgP1z16M&
e=
>>
>>
>>
>>
At another level : below, you mention trying authbind (which is
>> what the standard Ubuntu startup script does), but "I could not
>> get it to work". Did you check that the settings of authbind are
>> correct, for port 80 ? See :
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__manpages.ubuntu.c
om_manpages_bionic_man1_authbind.1.html&d=DwIDaQ&c=kbmfwr1Yojg42sGEpaQh5
ofMHBeTl9EI2eaqQZhHbOU&r=yU49ICjDxaD7z2G3Zm_yr4Iprw-m6yW-pk9yfkB8GpE&m=C
- -ylp1u0rXLaw8PuIu2iihe8t9J5yoRDho4_9flKXd4&s=GXIhb1mYfUXA5OiXdNRVVG3HqNX
u29cuaJW44oIbEvY&e=
>>
>>
>>
>>
On 09.07.2019 15:49, Arbelo, Ralph wrote:
>>> Hello,
>>>
>>> I have Tomcat 9.0.21 installed (binary distribution) on an
>> Ubuntu 16.04 server. My Java version is OpenJDK 11.0.4. I have
>> the JSVC built and run the dameon.sh script to start and stop
>> Tomcat via a systemd script. Everything works great, but now I
>> need to run it on port 80 & 443. On our old server we have a
>> script we use, but it doesn’t work upon startup (due to the
>> needing to use sudo to get privileges to bind to port 80). For
>> this new build, I was hoping to streamline the process and have
>> Tomcat start upon boot. I’ve been doing a lot of Google searching
>> on binding port 80 on Tomcat, but most of what I found was for
>> older versions. Here’s what I found:
>>>
>>> * Use iptables to redirect 8080 to 80 * Proxy with NGINX or
>>> Apache * Use authbind
>>>
>>> I’d rather not use iptables to redirect as (from what I
>> understand) you still have to allow direct access to port 8080.
>>>
>>> I tried using authbind, but I could not get it to work. All
>>> the
>> procedures I found were for older versions of Tomcat, so I don’t
>> know if authbind will even work with Tomcat 9.
>>>
>>> Finally my questions-
>>>
>>> 1. Has anyone successfully used authbind with Tomcat 9? 2.
>>> Anything I’m missing with getting Tomcat to bind with
>> port 80? Should I just bite the bullet and use an HTTP proxy?
>>>
>>> Thank you! Ralph
>>>
>>> Ralph Arbelo Library IT Services - River Campus Libraries
>>> University of Rochester 121B Rush Rhees Library, Rochester, NY
>>> 14627 o: 585.275.3449 - f: 585.275.1032
>>>
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0o8C0ACgkQHPApP6U8
pFj0zg//ZKOehL4z6TQIps3hpDhcEv8oQX7jiDykavd7oUnt5I/oOtwfUW1dnce9
jB1jnyoFS3Aws//PYcnUD3qSYG0et5wKzq/oaFnqXItif5WhTpeRVlmROy2AsiG7
iCF0xcw7e2jD8VOSqJ+gZED0CwfMDBzq1Q++wgmDiBw7CzypZcaWJ9PoYJ+SmIyL
ZlL5K99DUKUQOVZrIQoqoCKoDGwlUvCIlNlsLwkdvqW6JehlkEhDfb9H2fS8Pb5v
gCBlbdrUeH1XVXTI7So2DSBuAetG9dZnR7dXD26oU98HST9y+YDJg9fqlIqQbm1F
/dwqrsa3joSlI3L2iv3K4GNR/OucOQdwMMmCyXEEm4gBwmq8G3rDUN4U4PpItoFz
PZ88x7heJN9nDFBTnmbl8h/zxMGTMOUhzeyRSZqhyX4/0Jp5wjOS7iWBpPHmWUMk
vQZspsGD+MrAsqxKFN74CIHY+tJEmu/eNrfkEtScXbUo+6wYewc/TTUWQDwEixF6
XA3ht2zc2LC+llOyo5Ce2ytVPRJT5ZwnE/VfkUYZLgcmzSaIEVa0HO0KlCgy0STD
wvu7cdzCvbXPIPrSMiMj8ppVUmG8NjD/m0CoQ82i12Qr7rxN+P1qdWhIC+tuvfzX
B9S51eGq5//8z0B5dsPiiWHwpFD9cvZXk6gE7Yr42dceWs3bZro=
=wmte
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
