Tomcat8 setup port to 80
You'll need to run Tomcat as root for it to be able to bind to port 80. All ports below 1024 require superuser permissions for binding.
This is also what the last exception in the stacktrace tries to tell you:
Caused by: java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Net.java:444)
at sun.nio.ch.Net.bind(Net.java:436)
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:343)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:732)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:457)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
... 13 more
A very short word of warning, without this becoming an extended security discussion: from a security point of view it is generally not a good idea to run Tomcat (or possibly any Java application) with superuser permissions. Bugs in a Tomcat-hosted web application could lead to arbitrary code execution with these permissions, possibly giving a remote attacker root access to the system.
The default Tomcat port is the unprivileged 8080 for this reason (among others). It doesn't require superuser permissions to bind to and thus Tomcat can be run as an ordinary system user.
If you really need to access the web application hosted by Tomcat via port 80 you should front the Tomcat instance with a web server such as Apache. It listens on port 80 and reverse-proxies the request to Tomcat. This is more secure, not least because Apache drops its superuser privileges after binding to port 80.
An Apache virtual host configuration that does this could look like this:
<VirtualHost *:80>
ServerAdmin webmaster
ServerName foo.example.com
ProxyPreserveHost on
ProxyRequests off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
Related videos on Youtube
Alpha2k
Updated on September 18, 2022Comments
-
Alpha2k over 1 year
I followed this http://www.mogilowski.net/lang/en-us/2014/04/22/install-apache-tomcat-8-on-debian-7-wheezy-with-virtual-hosts-and-apache2-integration/ to install tomcat on an VPS, version 8.0.20...
I am trying t change the port to 80 but there is no way to do it, i have tried:
http://beginlinux.com/server/ubuntu/changing-the-port-on-tomcat
but doesnt seem to work, getting this error from catalina.out inside logs:
25-Feb-2015 01:32:23.879 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-$ org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-80]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:567) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:851) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:576) at org.apache.catalina.startup.Catalina.load(Catalina.java:599) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484) Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:962) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ... 12 more Caused by: java.net.SocketException: Permission denied at sun.nio.ch.Net.bind0(Native Method) at sun.nio.ch.Net.bind(Net.java:444) at sun.nio.ch.Net.bind(Net.java:436) at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214) at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:343) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:732) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:457) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120) at org.apache.catalina.connector.Connector.initInternal(Connector.java:960) ... 13 more
This is my connector port, whats wrong with it?
<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" />
-
daff about 9 yearsAnd yet you are not starting Tomcat as root. The init script you are using probably changes the user and group to
tomcat
before starting the Tomcat (Java) process. -
Andrew B about 9 yearsDownvote alert: I suggest rewording this to explain why this is a bad idea, and possibly recommending alternatives. (no, really, I hear that downvote train coming and you don't want to be on the tracks when it gets here)
-
daff about 9 yearsI am just answering the question, not judging whether running Tomcat on a privileged port is a good idea or not. But I suppose a word of warning is in order, yes.
-
Andrew B about 9 yearsYeah, but you have to remember that many people cruise into these answers off of a Google search. The unwritten rule is that answers should not be dangerous to those people.
-
Alpha2k about 9 years@AndrewB I've tried googleing around about this, and I really know how to change the port, but classic ways on latest tomcat version with this particular tutorial :S dont work, cant understand the script quite well...