On Wed, 5 Nov 2003, V.Karthik Kumar wrote: >There is nothing wrong in using port 80. It works well >on Windows.. But i really don't know why it doesn't >work on Linux. Well, on Unixes ports under 1000 (or 1024?) are usually restricted to root.
While most daemons are designed to be started by root but to run as some "artificial" user, tomcat as java application is not easy to set up this way. To me, putting a "rough world proof" proxy between tomcat and the world seems a good idea anyway for production systems. Although squid is the best known proxy, we and others use apache's proxy functions, e.g. ... ProxyPass /someapp/ http://localhost:8081/someapp/ ProxyPassReverse /someapp/ http://localhost:8081/someapp/ ... in the server configuration or a virtual host section of apache's configuration makes apache a perfect proxy for a Tomcat running with Coyote HTTP/1.1 connector. Besides not having to fight with the configuration and disadvantages of mod_jk/mod_wepapp, on can even use Apache to deliver static parts of the app, e.g. using this block: ProxyPass /someapp/Servlet http://localhost:8081/someapp/Servlet ProxyPassReverse /someapp/Servlet http://localhost:8081/someapp/Servlet Alias /someapp/ /somewhere/webapps/someapp/ This allows one to use all of Apache nice features, e.g. all those .htaccess things. To safely avoid access to the WEB-INF subdirectory, this is a good idea when using the above suggestion: <DirectoryMatch "WEB-INF"> Order allow,deny Deny from all </DirectoryMatch> Using Apache/Tomcat this way, we reduced the open files, sockets and the processes on our production server by over 70 percent! (We are looking forward to Tomcat 5's progress concering threads and open files ;->>>) kr Christoph Lechleitner --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
