Re: Apache2 adn/or Tomcat6?
On Fri, Feb 22, 2008 at 12:57:22PM -0800, Alan Chaney wrote: Or as I mentioned in a recent email, you can run something like jsvc and set the user to 'tomcat' which allows you to bind to the port and then changes the user. Okay, either I wasn't paying attention the last time I looked at jsvc, or the documentation has improved quite a bit. I've tried it before and it wouldn't do what I wanted. Time to try again. Thanks. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is intuitive he means the exact opposite. pgpdmhe8rTLkl.pgp Description: PGP signature
Re: Apache2 adn/or Tomcat6?
On Fri, Feb 22, 2008 at 11:55 PM, elvberg [EMAIL PROTECTED] wrote: you can run something like jsvc and set the user to 'tomcat' which allows you to bind Howto? By following the directions in the Tomcat documentation? -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache2 adn/or Tomcat6?
Hassan Schroeder ha scritto: On Fri, Feb 22, 2008 at 7:18 AM, Antonio Petrelli [EMAIL PROTECTED] wrote: Or put Apache 2 in front of your Tomcat, as it is usually done in production environment. I don't know if you have statistics to substantiate that opinion, but it doesn't answer the question, eh? :-) There are definitely people on this list, including me, running Tomcat standalone in production. I launched few performance tests for a tomcat webapp. If you use NIO connector to exploit the CometProcessor the apache frontend has to dispatch through http_proxy module, because AJP connector doesn't offer comet feature. Anyway put apache as HTTP frontend downgrade the performance a lot. If you run tomcat with a single instance then set up tomcat straight to port 80 as you can see in this post: http://www.jroller.com/giancarlo/entry/a_brief_account_of_optimization --- http://gfrison.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache2 adn/or Tomcat6?
Apache2 listens to port 80 and Tomcat6 to 8080 by default. I KNOW that browsing an IP http://xxx.xxx.xxx.xxx takes me to the Apache welcome page if the Apache service is running irrespective of Tomcat is enabled or not. If I stop the Apache service I get Unable to connect even if Tomcat is enabled. Conclusion (am I right or wrong?): http://xxx.xxx.xxx.xxx is equivalent with http://xxx.xxx.xxx.xxx:80 but never with http://xxx.xxx.xxx.xxx:8080 i.e. I can never browse http://xxx.xxx.xxx.xxx and utilize Tomcat as a web server, I must tell the world You must hit http://xxx.xxx.xxx.xxx:8080 in order to come to the xxx.xxx.xxx.xxx homepage. /dan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache2 adn/or Tomcat6?
On Fri, Feb 22, 2008 at 7:08 AM, elvberg [EMAIL PROTECTED] wrote: Conclusion (am I right or wrong?): http://xxx.xxx.xxx.xxx is equivalent with http://xxx.xxx.xxx.xxx:80 but never with http://xxx.xxx.xxx.xxx:8080 i.e. I can never browse http://xxx.xxx.xxx.xxx and utilize Tomcat as a web server Absolutely wrong -- you just need to change the Tomcat Connector to listen on port 80, rather than 8080. -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache2 adn/or Tomcat6?
2008/2/22, Hassan Schroeder [EMAIL PROTECTED]: On Fri, Feb 22, 2008 at 7:08 AM, elvberg [EMAIL PROTECTED] wrote: Conclusion (am I right or wrong?): http://xxx.xxx.xxx.xxx is equivalent with http://xxx.xxx.xxx.xxx:80 but never with http://xxx.xxx.xxx.xxx:8080 i.e. I can never browse http://xxx.xxx.xxx.xxx and utilize Tomcat as a web server Absolutely wrong -- you just need to change the Tomcat Connector to listen on port 80, rather than 8080. Or put Apache 2 in front of your Tomcat, as it is usually done in production environment. Antonio
Re: Apache2 adn/or Tomcat6?
On Fri, Feb 22, 2008 at 7:18 AM, Antonio Petrelli [EMAIL PROTECTED] wrote: Or put Apache 2 in front of your Tomcat, as it is usually done in production environment. I don't know if you have statistics to substantiate that opinion, but it doesn't answer the question, eh? :-) There are definitely people on this list, including me, running Tomcat standalone in production. -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache2 adn/or Tomcat6?
Or put Apache 2 in front of your Tomcat, as it is usually done in production environment. ...and how do I do that? /dan On Fri, 2008-02-22 at 16:18 +0100, Antonio Petrelli wrote: 2008/2/22, Hassan Schroeder [EMAIL PROTECTED]: On Fri, Feb 22, 2008 at 7:08 AM, elvberg [EMAIL PROTECTED] wrote: Conclusion (am I right or wrong?): http://xxx.xxx.xxx.xxx is equivalent with http://xxx.xxx.xxx.xxx:80 but never with http://xxx.xxx.xxx.xxx:8080 i.e. I can never browse http://xxx.xxx.xxx.xxx and utilize Tomcat as a web server Absolutely wrong -- you just need to change the Tomcat Connector to listen on port 80, rather than 8080. Or put Apache 2 in front of your Tomcat, as it is usually done in production environment. Antonio - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Apache2 adn/or Tomcat6?
From: elvberg [mailto:[EMAIL PROTECTED] Subject: Re: Apache2 adn/or Tomcat6? ...and how do I do that? Unless you have an distinct need for httpd or you want to make your life much more complex, don't do it. Just configure Tomcat to use port 80 (and 443 for HTTPS, if you're using that), and you're done. Look in the conf/server.xml file. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache2 adn/or Tomcat6?
I must've missed the place in the documentation where it explains how to get Tomcat to start as root, then drop privileges after opening listening sockets on low-numbered ports that are only accessible by root, like Apache HTTPD does. On most Unix-alikes, you have to choose: o tell people to use port 8080 or whatever nonprivileged port you configured; o use a packet-mangling firewall rule to remap port 80 to port 8080 or whatever; o place a proxy (such as Apache HTTPD) in front of Tomcat to forward port 80 traffic; o run Tomcat as root, allowing buggy app.s to make arbitrary changes anywhere on your server. If I ever have time to do something about that, I'll be sure to submit a patch. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is intuitive he means the exact opposite. pgpCDIbpZ5Mr3.pgp Description: PGP signature
Re: Apache2 adn/or Tomcat6?
Or as I mentioned in a recent email, you can run something like jsvc and set the user to 'tomcat' which allows you to bind to the port and then changes the user. Regards Alan Mark H. Wood wrote: I must've missed the place in the documentation where it explains how to get Tomcat to start as root, then drop privileges after opening listening sockets on low-numbered ports that are only accessible by root, like Apache HTTPD does. On most Unix-alikes, you have to choose: o tell people to use port 8080 or whatever nonprivileged port you configured; o use a packet-mangling firewall rule to remap port 80 to port 8080 or whatever; o place a proxy (such as Apache HTTPD) in front of Tomcat to forward port 80 traffic; o run Tomcat as root, allowing buggy app.s to make arbitrary changes anywhere on your server. If I ever have time to do something about that, I'll be sure to submit a patch. !DSPAM:47bf361642361264652389! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache2 adn/or Tomcat6?
I must've missed the place in the documentation where it explains how to get Tomcat to start as root, then drop privileges after opening listening sockets on low-numbered ports that are only accessible by root, like Apache HTTPD does. It's called the commons-daemon project. The linux compiled runtime of this project is jsvc. http://commons.apache.org/daemon/ --David Mark H. Wood wrote: I must've missed the place in the documentation where it explains how to get Tomcat to start as root, then drop privileges after opening listening sockets on low-numbered ports that are only accessible by root, like Apache HTTPD does. On most Unix-alikes, you have to choose: o tell people to use port 8080 or whatever nonprivileged port you configured; o use a packet-mangling firewall rule to remap port 80 to port 8080 or whatever; o place a proxy (such as Apache HTTPD) in front of Tomcat to forward port 80 traffic; o run Tomcat as root, allowing buggy app.s to make arbitrary changes anywhere on your server. If I ever have time to do something about that, I'll be sure to submit a patch. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache2 adn/or Tomcat6?
you can run something like jsvc and set the user to 'tomcat' which allows you to bind Howto? /dan On Fri, 2008-02-22 at 12:57 -0800, Alan Chaney wrote: Or as I mentioned in a recent email, you can run something like jsvc and set the user to 'tomcat' which allows you to bind to the port and then changes the user. Regards Alan Mark H. Wood wrote: I must've missed the place in the documentation where it explains how to get Tomcat to start as root, then drop privileges after opening listening sockets on low-numbered ports that are only accessible by root, like Apache HTTPD does. On most Unix-alikes, you have to choose: o tell people to use port 8080 or whatever nonprivileged port you configured; o use a packet-mangling firewall rule to remap port 80 to port 8080 or whatever; o place a proxy (such as Apache HTTPD) in front of Tomcat to forward port 80 traffic; o run Tomcat as root, allowing buggy app.s to make arbitrary changes anywhere on your server. If I ever have time to do something about that, I'll be sure to submit a patch. !DSPAM:47bf361642361264652389! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Dan Östberg Berg Prästgården 840 40 SVENSTAVIK Sweden +46 730 48 36 39 Small Is Beautiful - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]