On 02.03.2018 15:22, Cheltenham, Chris wrote:

don't feed the trolls ;)

From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org]
Sent: Friday, March 02, 2018 9:08 AM
To: 'Tomcat Users List' <users@tomcat.apache.org>
Subject: tomcat 8.5.28


Has anyone set up tomcat as a non-root use?

I have set it up successfully however, I have to bound the non-root user
to port 8443.

What is the best way to reroute 8443 through 443?
There are several options.
Everything is set up at send to port 443 so I need to reroute 8443 in and
out of 443

CentOS 7 by the way -
"what is the best (TM)?"
-> "It depends"

Tomcat runs well on unprivileged ports, and depending on your OS, familiarity with configuring it, other infrastructure etc, you have different options. Are you familiar with them - as you mention that there are many?

You can
* use iptables redirection,
* have a proxy/webserver/loadbalancer in front,
* enable unprivileged binding to the port

I default to the second option, because there's an Apache httpd or another loadbalancer anyways, and it tended to be best documented with regards to all of the specific SSL settings you might want to have (the cipher-cocktail of the day), plus easily get LetsEncrypt certs.

The others are valid as well - none is better, they're just different.

As we were discussing documentation in another thread these days: I've expected to find a solution to your question in the FAQ and wanted to link to it - but didn't find any entry there. There's a patch to go on my list, with no ETA though. Maybe a side-task during that Manchester Tomcat training.


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to