2

This question is unique to Tomcat 8.5 other answers are for 7 and do not work as described

Firstly I've been studying tomcat docs, and online questions for 20 hours now. I've built my server from scratch about ten times to learn the process and try and get a clear guide written to get a server up and running for running multiple spring boot web apps.

I cannot at the moment get tomcat to run on port 80 so no "8080" at the end of the domain name. It Runs on port 8080 fine.

"netstat -lnp grep 80" shows me this:

enterProto Recv-Q Send-Q Local Address           Foreign Address         
State       PID/Program name
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               
LISTEN      449/mysqld
tcp        0      0 0.0.0.0:111             0.0.0.0:*               
LISTEN      1/init
tcp        0      0 0.0.0.0:22              0.0.0.0:*               
LISTEN      143/sshd
tcp6       0      0 :::8001                 :::*                    
LISTEN      139/httpd
tcp6       0      0 127.0.0.1:8005          :::*                    
LISTEN      281/java
tcp6       0      0 :::8009                 :::*                    
LISTEN      281/java
tcp6       0      0 :::21                   :::*                    
LISTEN      147/vsftpd
tcp6       0      0 :::22                   :::*                    
LISTEN

So nothing using port 80. systemctl status tomcat.service = running

firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: venet0 sources: services: dhcpv6-client ssh ports: 8001/tcp 80/tcp 20/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:

port open on public zone.

The method I'm trying at the moment is to change the port in the tomcat/conf/server.xml

here is where I've changed it:

{<Connector port="80" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />
}

nmap and online tools say port is closed but I beleive that is because there is nothing using the port. Just what I've read so don't know for sure.

Also no rules in iptables so no other port blocks in place.

The web page displayed shows "This site can’t be reached"

Any help would be greatly appreciated as I've spend 20 solid hours studying server setups and am still baffled as to how to really check why this doesn't work but why it works on port 8080.

I'm trying to run multiple webapps through tomcat. I'm planning on adding the host details to the bottom of the server.xml which I have done succesfully on port 8080 but not on port 80 same result as above.

This is a similar question to previous ones but the answers do not work I have tried them all.

danbdex
  • 35
  • 1
  • 10
  • I highly recommend not running tomcat on port 80 and instead use a reverse proxy like Apache or Nginx. Reverse proxies are very common for this type of deployment https://www.nginx.com/resources/admin-guide/reverse-proxy/ – spuder Aug 05 '17 at 06:21
  • Possible duplicate of [Tomcat Webapp on port 80](https://stackoverflow.com/questions/16326707/tomcat-webapp-on-port-80) – spuder Aug 05 '17 at 06:22
  • It's not a duplicate as the other options haven't worked. Why should I run Apache when I don't need too? I've read there are ways to do it just running tomcat? This is what I'm trying to do I want to save resources to run big business applications with minimum load while keeping security. I'm not going to start with nginx as httpd from research is better performance. Please elaborate and only provide an answer that works as I've tried over 20 tutorials without success. – danbdex Aug 05 '17 at 06:50
  • On linux, ports below 1000 are privileged ports and require running as root. Tomcat should never run as root since if someone finds a vuln in your app, they will get full system access. You *really* do want to use a reverse proxy and leave tomcat on 8080 https://serverfault.com/questions/835861/nginx-tomcat-8-ssl-reverse-proxy – spuder Aug 05 '17 at 13:19
  • Although i have now forwarded my port using iptables I have done more research and reverse proxy I now understand will add way more security. Thanks This is a great video explanation of it: https://www.youtube.com/watch?v=2fL8Otb9mTE – danbdex Aug 07 '17 at 05:12

2 Answers2

7

You have to enable AUTHBIND on Linux to let tomcat use a privileged port like the 80, so set AUTHBIND=yes in /etc/default/tomcat8 file .

Another solution could be, using the default port(80) and redirecting all the requests from port 80 to port 8080 with iptables in this way : 

iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
aleroot
  • 66,082
  • 27
  • 164
  • 205
  • there is no tomcat8 file in /etc/default/ ? I have nss and useradd files – danbdex Aug 05 '17 at 05:37
  • Take a look at this guide : https://blog.webhosting.net/how-to-get-tomcat-running-on-centos-7-2-using-privileged-ports-1024/ – aleroot Aug 05 '17 at 05:39
  • Thanks, looks promising as it's something I haven't tried yet But need to go to work now so will try soon as I get back. I'll let you know how it goes :) – danbdex Aug 05 '17 at 05:41
  • I tried the Authbind method and 2 tutorials and they did not work. Could not find a solution to the errors. I have now however used the iptables to forward the port. using the below commands: Iptables -L (list all rules) iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 Iptables -L (check rule added) yum install iptables-services systemctl enable iptables service iptables save – danbdex Aug 07 '17 at 04:19
0

Centos7 minimal install may have SELinux turned ON so you will have to execute the following command in an elevated shell:

setsebool httpd_can_network_connect true -P
Hames
  • 1,141
  • 7
  • 6