Re: Setting up tomcat to run on port 443 on ubuntu system
Am 2013-03-31 23:52, schrieb Ognjen Blagojevic: Shyam, On 29.3.2013 14:54, Shyam Yadav wrote: I did all the setting you have mentioned for Unix Daemon for Tomcat, but still i am getting the same problem. i.e. Permission Denied. When you run your jsvc-based Tomcat startup script, you MUST do it as root. It will bind port 443 as root, and then create child process for unprivileged user that will actually run JVM. There is no point in running /etc/init.d/tomcat (or whatever is Ubuntu equivalent) as unprivileged user. You won't be able to bind port 443. That guy is unwilling to read. I wrote this already two days ago w/o any further response. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Hi Michael-O, Ognjen Sorry for replying so late. Actually I was doing it with unprivileged user. I haven't tried running tomcat with root user, cause i have been assigned a different task. Thanks you very much. really appreciate your help. Thanks regards, Shyam Yadav On Mon, Apr 1, 2013 at 3:59 PM, Michael-O 1983-01...@gmx.net wrote: Am 2013-03-31 23:52, schrieb Ognjen Blagojevic: Shyam, On 29.3.2013 14:54, Shyam Yadav wrote: I did all the setting you have mentioned for Unix Daemon for Tomcat, but still i am getting the same problem. i.e. Permission Denied. When you run your jsvc-based Tomcat startup script, you MUST do it as root. It will bind port 443 as root, and then create child process for unprivileged user that will actually run JVM. There is no point in running /etc/init.d/tomcat (or whatever is Ubuntu equivalent) as unprivileged user. You won't be able to bind port 443. That guy is unwilling to read. I wrote this already two days ago w/o any further response. --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Shyam, On 29.3.2013 14:54, Shyam Yadav wrote: I did all the setting you have mentioned for Unix Daemon for Tomcat, but still i am getting the same problem. i.e. Permission Denied. When you run your jsvc-based Tomcat startup script, you MUST do it as root. It will bind port 443 as root, and then create child process for unprivileged user that will actually run JVM. There is no point in running /etc/init.d/tomcat (or whatever is Ubuntu equivalent) as unprivileged user. You won't be able to bind port 443. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Setting up tomcat to run on port 443 on ubuntu system
Hi, I want to run my tomcat on port 443 with https on an Ubuntu machine. what are the required steps i should take, please guide me through it. I search Internet but did not get any proper solution that is why i am here sending you this mail. Please help me. this will be really appreciating. Thanks Regards, Shyam Yadav
Re: Setting up tomcat to run on port 443 on ubuntu system
Shyam, On 29.3.2013 9:38, Shyam Yadav wrote: I want to run my tomcat on port 443 with https on an Ubuntu machine. what are the required steps i should take, please guide me through it. I search Internet but did not get any proper solution that is why i am here sending you this mail. Please help me. this will be really appreciating. 1. Read about connectors and choose whether you are going to use APR, NIO or BIO: http://people.apache.org/~markt/presentations/2009-04-01-TomcatTuning.pdf (starting form slide 15) http://tomcat.apache.org/tomcat-7.0-doc/config/http.html 2. Read how to generate certificate: http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html Note that if you use APR connector you should generate certificates using openssl, and if you use NIO/BIO connectors you should use Java keytool.* You may start with generating self-signed certificate, but later you may want to use CA-signed certificate. 3. Configure https connector to use certificates. Again APR uses one set of connector parameters, while NIO/BIO uses the other. Read the connector documentation carefully. -Ognjen * There are other possibilities but using tool that matches the connector is the easiest to start with. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Hi Ognjen, Its really very nice that you replied so soon. Thank you for your involvement. I am getting this following exception and the tomcat doesn't start. java.net.BindException: Permission denied null:443 I am really stuck with it. Please help me out with it. Thanks Regards, Shyam Yadav On Fri, Mar 29, 2013 at 2:55 PM, Ognjen Blagojevic ognjen.d.blagoje...@gmail.com wrote: Shyam, On 29.3.2013 9:38, Shyam Yadav wrote: I want to run my tomcat on port 443 with https on an Ubuntu machine. what are the required steps i should take, please guide me through it. I search Internet but did not get any proper solution that is why i am here sending you this mail. Please help me. this will be really appreciating. 1. Read about connectors and choose whether you are going to use APR, NIO or BIO: http://people.apache.org/~**markt/presentations/2009-04-** 01-TomcatTuning.pdfhttp://people.apache.org/%7Emarkt/presentations/2009-04-01-TomcatTuning.pdf(starting form slide 15) http://tomcat.apache.org/**tomcat-7.0-doc/config/http.**htmlhttp://tomcat.apache.org/tomcat-7.0-doc/config/http.html 2. Read how to generate certificate: http://tomcat.apache.org/**tomcat-7.0-doc/ssl-howto.htmlhttp://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html Note that if you use APR connector you should generate certificates using openssl, and if you use NIO/BIO connectors you should use Java keytool.* You may start with generating self-signed certificate, but later you may want to use CA-signed certificate. 3. Configure https connector to use certificates. Again APR uses one set of connector parameters, while NIO/BIO uses the other. Read the connector documentation carefully. -Ognjen * There are other possibilities but using tool that matches the connector is the easiest to start with. --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Am 2013-03-29 09:38, schrieb Shyam Yadav: Hi, I want to run my tomcat on port 443 with https on an Ubuntu machine. what are the required steps i should take, please guide me through it. I search Internet but did not get any proper solution that is why i am here sending you this mail. Hi Shyam, a few things you need to consider: 1. You have Tomcat already prepackaged on Ubuntu which works very well. 2. Only root is allowed bind ports below 1024. Regarding 1: This is solved by the Ubuntu package Regarding 2: Root must start the binary and perform a so called downgrade Now, you have following options: 1. Use Ubuntu's start-stop-daemon 2. do $ su - tomcat -c startup.sh 3. Evaluate Commons Daemon which will perform that aforementioned downgrade in plain C. Ubuntu actually does that with 1 and 3. HAve a look at Ubuntu's tomcat6 startup script. Michael - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Shyam, On 29.3.2013 11:16, Shyam Yadav wrote: I am getting this following exception and the tomcat doesn't start. java.net.BindException: Permission denied null:443 I am really stuck with it. Please help me out with it. How do you start tomcat? Which user runs the Tomcat process? It is recommended that you run Tomcat with unprivileged user (e.g. 'tomcat'). If you do it like that, process started by unprivileged user may not bind to port under 1024 (443 included). Maybe this is the source for the exception you get? If my assumption is correct, you may try to use jsvc from commons-daemon to run tomcat. More details here: http://tomcat.apache.org/tomcat-7.0-doc/setup.html#Unix_daemon -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Hi Ognjen, You are right. I am not running tomcat from root user. But I have an requirement where tomcat should be running from normal user. Is it possible anyway? and is it going to affect system and performance?? Thanks Regards, Shyam Yadav On Fri, Mar 29, 2013 at 4:35 PM, Ognjen Blagojevic ognjen.d.blagoje...@gmail.com wrote: Shyam, On 29.3.2013 11:16, Shyam Yadav wrote: I am getting this following exception and the tomcat doesn't start. java.net.BindException: Permission denied null:443 I am really stuck with it. Please help me out with it. How do you start tomcat? Which user runs the Tomcat process? It is recommended that you run Tomcat with unprivileged user (e.g. 'tomcat'). If you do it like that, process started by unprivileged user may not bind to port under 1024 (443 included). Maybe this is the source for the exception you get? If my assumption is correct, you may try to use jsvc from commons-daemon to run tomcat. More details here: http://tomcat.apache.org/**tomcat-7.0-doc/setup.html#**Unix_daemonhttp://tomcat.apache.org/tomcat-7.0-doc/setup.html#Unix_daemon -Ognjen --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Setting up tomcat to run on port 443 on ubuntu system
From: Shyam Yadav [mailto:shyam.ya...@mobicule.com] Subject: Re: Setting up tomcat to run on port 443 on ubuntu system Hi Ognjen, Don't top-post; it's extremely difficult to figure out exactly what you're replying to when you do so. But I have an requirement where tomcat should be running from normal user. This is in the FAQ: http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F Ignore the bit about front-ending Tomcat with httpd; that's overhead-inducing massive overkill. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Shyam, On 29.3.2013 13:36, Shyam Yadav wrote: You are right. I am not running tomcat from root user. But I have an requirement where tomcat should be running from normal user. Is it possible anyway? It is possible, and recommended. Using jsvc for instance, as I explained in previos post. and is it going to affect system and performance?? No, it won't. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
Hi Ognjen, I did all the setting you have mentioned for Unix Daemon for Tomcat, but still i am getting the same problem. i.e. Permission Denied. Thank you very much sir for helping me out but still its not working. This may be my mistake. Thanks Regards, Shyam Yadav
Re: Setting up tomcat to run on port 443 on ubuntu system
Did you read and follow: http://commons.apache.org/proper/commons-daemon/jsvc.html On 30/03/13 12:54 AM, Shyam Yadav shyam.ya...@mobicule.com wrote: Hi Ognjen, I did all the setting you have mentioned for Unix Daemon for Tomcat, but still i am getting the same problem. i.e. Permission Denied. Thank you very much sir for helping me out but still its not working. This may be my mistake. Thanks Regards, Shyam Yadav - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up tomcat to run on port 443 on ubuntu system
If installed from package open /etc/default/tomcat7, uncomment thr last line and make it AUTHBIND=yes and then youll be able to bind tomcat to port 80 and/or 443 On 30/03/2013 1:22 AM, Shyam Yadav shyam.ya...@mobicule.com wrote: Hi Ognjen, I did all the setting you have mentioned for Unix Daemon for Tomcat, but still i am getting the same problem. i.e. Permission Denied. Thank you very much sir for helping me out but still its not working. This may be my mistake. Thanks Regards, Shyam Yadav