Tomcat8 setup port to 80

apache-2.2 tomcat
5,654

You'll need to run Tomcat as root for it to be able to bind to port 80. All ports below 1024 require superuser permissions for binding.

This is also what the last exception in the stacktrace tries to tell you:

Caused by: java.net.SocketException: Permission denied
    at sun.nio.ch.Net.bind0(Native Method)
    at sun.nio.ch.Net.bind(Net.java:444)
    at sun.nio.ch.Net.bind(Net.java:436)
    at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214)            
    at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)   
    at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:343)              
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:732)
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:457)           
    at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
    ... 13 more

A very short word of warning, without this becoming an extended security discussion: from a security point of view it is generally not a good idea to run Tomcat (or possibly any Java application) with superuser permissions. Bugs in a Tomcat-hosted web application could lead to arbitrary code execution with these permissions, possibly giving a remote attacker root access to the system.

The default Tomcat port is the unprivileged 8080 for this reason (among others). It doesn't require superuser permissions to bind to and thus Tomcat can be run as an ordinary system user.

If you really need to access the web application hosted by Tomcat via port 80 you should front the Tomcat instance with a web server such as Apache. It listens on port 80 and reverse-proxies the request to Tomcat. This is more secure, not least because Apache drops its superuser privileges after binding to port 80.

An Apache virtual host configuration that does this could look like this:

<VirtualHost *:80>
    ServerAdmin webmaster
    ServerName foo.example.com

    ProxyPreserveHost on
    ProxyRequests off
    ProxyPass        / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
</VirtualHost>
Share:
5,654

Related videos on Youtube

Alpha2k
Author by

Alpha2k

Updated on September 18, 2022

Comments

  • Alpha2k
    Alpha2k over 1 year

    I followed this http://www.mogilowski.net/lang/en-us/2014/04/22/install-apache-tomcat-8-on-debian-7-wheezy-with-virtual-hosts-and-apache2-integration/ to install tomcat on an VPS, version 8.0.20...

    I am trying t change the port to 80 but there is no way to do it, i have tried:

    http://beginlinux.com/server/ubuntu/changing-the-port-on-tomcat

    but doesnt seem to work, getting this error from catalina.out inside logs:

    25-Feb-2015 01:32:23.879 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-$
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-80]]
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:567)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:851)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:576)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:599)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:962)     
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)                  
    ... 12 more
Caused by: java.net.SocketException: Permission denied
    at sun.nio.ch.Net.bind0(Native Method)
    at sun.nio.ch.Net.bind(Net.java:444)
    at sun.nio.ch.Net.bind(Net.java:436)
    at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214)            
    at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)   
    at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:343)              
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:732)
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:457)           
    at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
    ... 13 more

    This is my connector port, whats wrong with it?

    <Connector port="80" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="443" />
  • daff
    daff about 9 years
    And yet you are not starting Tomcat as root. The init script you are using probably changes the user and group to tomcat before starting the Tomcat (Java) process.
  • Andrew B
    Andrew B about 9 years
    Downvote alert: I suggest rewording this to explain why this is a bad idea, and possibly recommending alternatives. (no, really, I hear that downvote train coming and you don't want to be on the tracks when it gets here)
  • daff
    daff about 9 years
    I am just answering the question, not judging whether running Tomcat on a privileged port is a good idea or not. But I suppose a word of warning is in order, yes.
  • Andrew B
    Andrew B about 9 years
    Yeah, but you have to remember that many people cruise into these answers off of a Google search. The unwritten rule is that answers should not be dangerous to those people.
  • Alpha2k
    Alpha2k about 9 years
    @AndrewB I've tried googleing around about this, and I really know how to change the port, but classic ways on latest tomcat version with this particular tutorial :S dont work, cant understand the script quite well...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

302/301 and 404 redirect issue for apache redirection for tomcat
How to rate limit hits to a Tomcat app?
Apache mod_jk Setting for Tomcat - workers.properties
plesk: how to configure reverse proxy rules properly?
How do I configure uriworkermap.properties in server.xml for Apache - Tomcat integration?
Apache forwarding to tomcat shows a blank page
Apache Tomcat URL without app name
SSL connection to Tomcat (behind Apache - mod_jk)
Configuring Apache, Tomcat, mod_jk and mod_rewrite to serve up tomcat from top-level
Jboss unreachable/ slow behind apache with ajp