-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 8/3/17 9:56 AM, Mark H. Wood wrote: > I'm always surprised that so little mention is made of the Commons > Daemon approach: > > http://tomcat.apache.org/tomcat-7.0-doc/setup.html#Unix_daemon > > which, among other things, lets Tomcat get privileged ports the > same way that HTTPD (like most other daemons) does: start > privileged, acquire protected resources, drop privilege, run. > > This *is* mentioned in RUNNING.txt, but somehow manages to be > overlooked. jsvc needs to be built on the target machine, etc. which adds another layer of complexity (just like adding httpd would), which means that you need a whole toolchain on the target box (or a similar box elsewhere to build the library, then make sure you really have all the dependencies) For my money, I'd front Tomcat with something else, if only for load-balancing and fail-over capabilities. If you have a reverse proxy, the port number becomes irrelevant. I only recently started really playing-around with Tomcat and TLS, mostly for my Let's Encrypt presentation at this year's ApacheCon. Given that I think a LB is appropriate, I've never bothered with TLS and port number games on Tomcat[1]. - -chris [1] ... although I *do* encrypt my AJP traffic between the web server and Tomcat, using stunnel. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZg1VXAAoJEBzwKT+lPKRYlnoQAJ+428KRAGpHe/3ZFo03DolN xnPhBgnzUgpg1JiPLHdjAC87bXYBVLkTGU7+5RYmJK9QCLjaxly2LugCGmuAHXhj 6KyQzsDhVDqMHEqPKkiK2EZ0aSc7V5laCnzYHXJy2osUUpkv0x3axzhBGmbbv3Hj XfMXvq9gfVoJ2MeGBRImQS2PGUD8QSjb8j/wWKSNOgQe6fLnG0ZdTXAW8BiSqFPF hlsACN+Tg9n5sfDbXnEWMP3sAzsbM7Kr4B6MxjKiiXnhCyNkwAGCYqKnAPtlCh9v Q9Nofh3SpPu3aDsTqcxiZIHRzMwXy2yM4EgD3h8Qnj/J3ZeX6OIp33M9ICW6+hcJ 0G6YGinMgnjJ2GtSpIFSS2oFrdEXmnbxeGGs/HgUJwOsA+ylFH52nNYV0ZBABnXz BVs/G4MfM7+EVa9KM8NrTCPrZxPK8oHamrdVOoUcxt4Jk6G5JoUHw4w/GS5kBbyF vBa0QP8ZvlqeUm2WebDa2p0rSI4QM1BKACOyP+fyCWXfJwpCd1VXSbB+IRPvqKZE Z12Y8Leoa6QBwKjlqZjhP8qTgtHhOBTLxDEqlEupvSHPS4I2vgLMj2t52a9aANkw E4952/C8xX89qu5x85tlWtPRFAZmuqj1EZLJ0moCV+iYVtb/3AxReIERUF9l4Ec6 Pf9H47i3vnE0BfWXGpf5 =earS -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org