On Tue, Nov 27, 2007 at 05:08:09PM -0800, Jean-Philippe Steinmetz wrote: > > Definitely not a dumb question. I would love to run Tomcat on port 80 but I > discovered that (under debian at least) I am unable to run Tomcat as a > non-root user on any port under 1024 (linux security). I am also not very > keen on running Tomcat as root. I have spent hours searching for ways and > everyone seems to think redirection is the only option. If you know of a way > to get Debian to allow Tomcat to bind at port 80 I would love to know. > Ewww. You would think it would have some way to reduce its privileges like Apache (or nearly any other daemon) to something less than root. Of course, I have not worked with Tomcat, so I would not know. However, if you have asked experts and they say to redirect, then that may be the only way.
Of course, as data point, Apache on one of my busier production servers has a vsize (virtual memory) ~150MB and rsize (resident memory) ~25MB. On the development servers which see much less activity it is about 1/3 to 1/2 of that. And that is with all sorts of modules loaded and each serving quite a few websites as virtual hosts. If you only run apache with mod_proxy enabled and then only to act as a proxy to your Tomcat install, it will not use much memory. In any event, Tom has provided a good explantion for what leaving ORIGINAL DEST out will do. So you have all the information you need to make a decision. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
