-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Olaf,
On 3/2/18 9:30 AM, Olaf Kock wrote: > On 02.03.2018 15:22, Cheltenham, Chris wrote: >> From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] >> Sent: Friday, March 02, 2018 9:08 AM To: 'Tomcat Users List' >> <users@tomcat.apache.org> Subject: tomcat 8.5.28 >> >> Hello, >> >> Has anyone set up tomcat as a non-root use? >> >> I have set it up successfully however, I have to bound the >> non-root user to port 8443. >> >> What is the best way to reroute 8443 through 443? There are >> several options. Everything is set up at send to port 443 so I >> need to reroute 8443 in and out of 443 >> >> CentOS 7 by the way - > "what is the best (TM)?" -> "It depends" > > Tomcat runs well on unprivileged ports, and depending on your OS, > familiarity with configuring it, other infrastructure etc, you > have different options. Are you familiar with them - as you mention > that there are many? > > You can * use iptables redirection, * have a > proxy/webserver/loadbalancer in front, * enable unprivileged > binding to the port You can also use jsvc which can: * bind to privileged ports, then drop privileges * monitor and restart dead Tomcat processes * send a signal to rotate logs (like stdout!) I use a reverse-proxy for everything (and I'd recommend that everyone doing anything in the "real world" do the same), so I don't need such things, but I think I'd probably want to use jsvc for this purpose because it's fairly self-contained PLUS you get the auto-restart capabilities should you want them. > As we were discussing documentation in another thread these days: > I've expected to find a solution to your question in the FAQ and > wanted to link to it - but didn't find any entry there. There's a > patch to go on my list, with no ETA though. Maybe a side-task > during that Manchester Tomcat training. It's in the Wiki, not the user's guide: https://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_priv ileges.3F It doesn't even come up in Google, so it's no wonder that nobody can find it. We should probably roll some of this stuff into the user's guide so it's in a better place. The Wiki is ... not a great place to put things IMO. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqZgdgACgkQHPApP6U8 pFiGERAAoE7DTJUDhCMMTVT12j1tR5TS/0+TDltXlaT/CWFJ1ulCv2l8Oix4A7RH oFALw0gYjZg9/WPZd73CEtN5dfKHSffll18mJcSIpaJ2uf2sx+nbcqMpGOxrkQ5x osM9Vj/X7QTAXfBABwffAzw12kw5QpfwdxfapQS9KkK2U4gvtIB1oo1WCBL+yziA rKA3mA6IBKIGWk8u9BhbHJeTnmL4mPaIZqLep+M5CgOykfAu7TYdvMViovOxWCTv o5kB6xsuhZ88zdmkGJ2BGFokl0UzKtcYic3IN/s4KqcU2fM+2UJrSSHocpxW3Nfw ppmHGp4XaKW6oAFu4VjDDnWjnP6nDs5lH1VLmIySDm8B7nXpqbC7ML/rBde1VFMZ jVbUojbxJ+jIpXs6jg6nxTCRh/PssvWEQ/3e0Ank+xfJ3s4ay+kXYlP8M4IL8VFV M8tsXY8pAmknh9BnGV2fz0R49+Ir8aJEBRrYm1TLKnC8L9O/hqqlOEftqikYajvD qJlYKCmeZfDYdFkKR1TcgcC1kOpZkgdkSCc77NEBM0+y5ln/shDUCX5MkxrHe/zE leqntUfdWVhsfeG84MR5zmFbcWcNYNVov6A/7cW6Sb5Rlv7PWIcruyTgTEIotqwd DPFNk54910K3yy4UAyDgBgkiZTqz8k2eWx4W7FGaaMD2c9xCq50= =9WCp -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
