john pfeiffer

Tomcat port 80 authbind instead of iptables windows jre home variable

iptables can redirect port 80 to port 8080 but does not control outgoing packet headers

sudo /sbin/iptables -t nat -I PREROUTING -p tcp -dport 80 -j REDIRECT -to-port 8080 iptables -t nat -I OUTPUT -p tcp -dst 192.168.1.100 -dport 80 -j DNAT -to 192.168.1.100:8080 (secnod rule os for remapping connections originating inside the machine)

a better solution is authbind (the default for tomcat6)

The following was on Ubu 8.04 lts with tomcat 5.5 , tomcat6 comes with authbind by default

sudo apt-get install authbind

touch /etc/authbind/byport/80 chmod 500 /etc/authbind/byport/80 chown tomcat /etc/authbind/byport/80

DISABLE IPV6

sudo nano /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6=1

/usr/local/tomcat/bin/tomcatenv

(sometimes as /usr/local/tomcat/bin/setenv.sh or /usr/local/apache-tomcat/bin/setenv.h) (apparently tomcat5 might have it in startup.sh)

CATALINA_OPTS="-Djava.net.preferIPv4Stack=true"

/usr/local/tomcat/bin/startup.sh

exec authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"

OLD: exec "$PRGDIR"/"$EXECUTABLE" start "$@"

tomcat runs on 8080 by default so you still have to configure it to try another port

$CATALINA_HOME\conf\server.xml

(also known as /usr/local/tomcat/conf/server.xml)

<Connector port="8080" ...

CHANGED TO

<Connector port="80" ...

Potentially need to disable IPv6 system wide by appending to /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6=1

SECURITY CHECK

cat /etc/passwd #should display user tomcat cat /etc/group #should not display tomcat as an admin!

/etc/init.d/tomcat #startup script should not have an admin/root running startup.sh

lines should be more like

su -l tomcat /usr/local/tomcat/bin/startup.sh

if there's a mixup/misconfig...

sudo chown tomcat:tomcat -R /usr/local/tomcat sudo chown tomcat:tomcat -R /usr/local/tomcat/*

Servlet API is needed to compile Java servlet. Servlet API is not part of JDK (in Java EE) COPY the Servlet jar-file "$CATALINA_HOME\lib\servlet-api.jar" into your JDK's extension directory "$JAVA_HOME\jre\lib\ext" (where $JAVA_HOME is the JDK installed directory).

OR include the Servlet jar- file in the CLASSPATH.

"EchoServlet.java" and save it under your application's "WEB-INF\classes"

\WEB-INF\classes\EchoServlet.java". Compile the source into "EchoServlet.class".

To invoke the servlet, http://localhost:8080/ws/servlet/EchoServlet.

import java.io.; import javax.servlet.; import javax.servlet.http.*;

public class EchoServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {

  response.setContentType("text/html");
  PrintWriter out = response.getWriter();

  out.println("<html>");
  out.println("<head><title>Servlet Test</title></head>");
  out.println("<body>");
  out.println("<p>Hello,</p>");
  out.println("<p>Request URI: " + request.getRequestURI() + "</p>");
  out.println("<p>Protocol: " + request.getProtocol() + "</p>");
  out.println("<p>PathInfo: " + request.getPathInfo() + "</p>");
  out.println("<p>Remote Address: " + request.getRemoteAddr() + "</p>");
  out.println("</body>");
  out.println("</html>");

} }

WINDOWS BASED (portable) tomcat

You can download the .zip (yes portable!) version of tomcat6 for windows

http://tomcat.apache.org/download-60.cgi

After extraction you can modify version.bat and startup.bat to include (near the top)

set JRE_HOME="c:\progra~1\java\jdk1.7.0"

NOTE: please replace the java location with your correct one (i.e. 1.6.0?)

Published

Category

linux

~364 words

Tags