This error occurs when you try to start/run tomcat as another user. In linux/unix systems, all ports under 1024 are privileged and reserved and hence can be opened only by root.
However, there is a workaround for this, but it should mean that ports of this service should be changed to something greater than 1024. But you can still make this port change transparent to end users by using iptables NAT. So you need to perform the following for the whole thing to work normally, but still using a user to run tomcat app.
Solution:
1. edit conf/server.xml and change http port from 80 to 8080 and https port from 443 to 8181.
2. Now start the service as required user and verify the service status
netstat -lpan |grep 8080
netstat -lpan |grep 8181
3. Now since the service is up, you need to make it available through browser in a normal way, so that users will never know the actual ports of the service. You can user NAT for that. Issue the following iptables command, which will direct traffic to 80 and 443 to 8080 and 8181 in the server respectively.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8181
And you are all done and the service is now running as user with higher ports, but to end users, it is all same as normal ports :)
0 comments:
Post a Comment