You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by elvberg <da...@elvberg.com> on 2008/02/22 16:08:32 UTC
Apache2 adn/or Tomcat6?
Apache2 listens to port 80 and Tomcat6 to 8080 by default. I KNOW that
browsing an IP http://xxx.xxx.xxx.xxx takes me to the Apache welcome
page if the Apache service is running irrespective of Tomcat is enabled
or not. If I stop the Apache service I get "Unable to connect" even if
Tomcat is enabled.
Conclusion (am I right or wrong?): http://xxx.xxx.xxx.xxx is equivalent
with http://xxx.xxx.xxx.xxx:80
but never with http://xxx.xxx.xxx.xxx:8080 i.e.
I can never browse http://xxx.xxx.xxx.xxx and utilize Tomcat as a web
server, I must tell the world "You must hit http://xxx.xxx.xxx.xxx:8080
in order to come to the xxx.xxx.xxx.xxx homepage".
/dan
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache2 adn/or Tomcat6?
Posted by "Mark H. Wood" <mw...@IUPUI.Edu>.
On Fri, Feb 22, 2008 at 12:57:22PM -0800, Alan Chaney wrote:
> Or as I mentioned in a recent email, you can run something like jsvc and
> set the user to 'tomcat' which allows you to bind to the port and then
> changes the user.
Okay, either I wasn't paying attention the last time I looked at jsvc,
or the documentation has improved quite a bit. I've tried it before
and it wouldn't do what I wanted. Time to try again. Thanks.
--
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.
Re: Apache2 adn/or Tomcat6?
Posted by Hassan Schroeder <ha...@gmail.com>.
On Fri, Feb 22, 2008 at 11:55 PM, elvberg <da...@elvberg.com> wrote:
> >you can run something like jsvc and
> > set the user to 'tomcat' which allows you to bind
> Howto?
By following the directions in the Tomcat documentation?
--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache2 adn/or Tomcat6?
Posted by elvberg <da...@elvberg.com>.
>you can run something like jsvc and
> set the user to 'tomcat' which allows you to bind
Howto?
/dan
On Fri, 2008-02-22 at 12:57 -0800, Alan Chaney wrote:
> Or as I mentioned in a recent email, you can run something like jsvc and
> set the user to 'tomcat' which allows you to bind to the port and then
> changes the user.
>
> Regards
>
> Alan
>
>
> Mark H. Wood wrote:
> > I must've missed the place in the documentation where it explains how
> > to get Tomcat to start as root, then drop privileges after opening
> > listening sockets on low-numbered ports that are only accessible by
> > root, like Apache HTTPD does.
> >
> > On most Unix-alikes, you have to choose:
> >
> > o tell people to use port 8080 or whatever nonprivileged port you
> > configured;
> >
> > o use a packet-mangling firewall rule to remap port 80 to port 8080
> > or whatever;
> >
> > o place a proxy (such as Apache HTTPD) in front of Tomcat to forward
> > port 80 traffic;
> >
> > o run Tomcat as root, allowing buggy app.s to make arbitrary changes
> > anywhere on your server.
> >
> > If I ever have time to do something about that, I'll be sure to submit
> > a patch.
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > !DSPAM:47bf361642361264652389!
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Dan Östberg
Berg Prästgården
840 40 SVENSTAVIK
Sweden
+46 730 48 36 39
Small Is Beautiful
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache2 adn/or Tomcat6?
Posted by Alan Chaney <al...@compulsivecreative.com>.
Or as I mentioned in a recent email, you can run something like jsvc and
set the user to 'tomcat' which allows you to bind to the port and then
changes the user.
Regards
Alan
Mark H. Wood wrote:
> I must've missed the place in the documentation where it explains how
> to get Tomcat to start as root, then drop privileges after opening
> listening sockets on low-numbered ports that are only accessible by
> root, like Apache HTTPD does.
>
> On most Unix-alikes, you have to choose:
>
> o tell people to use port 8080 or whatever nonprivileged port you
> configured;
>
> o use a packet-mangling firewall rule to remap port 80 to port 8080
> or whatever;
>
> o place a proxy (such as Apache HTTPD) in front of Tomcat to forward
> port 80 traffic;
>
> o run Tomcat as root, allowing buggy app.s to make arbitrary changes
> anywhere on your server.
>
> If I ever have time to do something about that, I'll be sure to submit
> a patch.
>
>
>
> ------------------------------------------------------------------------
>
> !DSPAM:47bf361642361264652389!
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache2 adn/or Tomcat6?
Posted by David Smith <dn...@cornell.edu>.
>
> I must've missed the place in the documentation where it explains how
> to get Tomcat to start as root, then drop privileges after opening
> listening sockets on low-numbered ports that are only accessible by
> root, like Apache HTTPD does.
>
It's called the commons-daemon project. The linux compiled runtime of
this project is jsvc.
http://commons.apache.org/daemon/
--David
Mark H. Wood wrote:
> I must've missed the place in the documentation where it explains how
> to get Tomcat to start as root, then drop privileges after opening
> listening sockets on low-numbered ports that are only accessible by
> root, like Apache HTTPD does.
>
> On most Unix-alikes, you have to choose:
>
> o tell people to use port 8080 or whatever nonprivileged port you
> configured;
>
> o use a packet-mangling firewall rule to remap port 80 to port 8080
> or whatever;
>
> o place a proxy (such as Apache HTTPD) in front of Tomcat to forward
> port 80 traffic;
>
> o run Tomcat as root, allowing buggy app.s to make arbitrary changes
> anywhere on your server.
>
> If I ever have time to do something about that, I'll be sure to submit
> a patch.
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache2 adn/or Tomcat6?
Posted by "Mark H. Wood" <mw...@IUPUI.Edu>.
I must've missed the place in the documentation where it explains how
to get Tomcat to start as root, then drop privileges after opening
listening sockets on low-numbered ports that are only accessible by
root, like Apache HTTPD does.
On most Unix-alikes, you have to choose:
o tell people to use port 8080 or whatever nonprivileged port you
configured;
o use a packet-mangling firewall rule to remap port 80 to port 8080
or whatever;
o place a proxy (such as Apache HTTPD) in front of Tomcat to forward
port 80 traffic;
o run Tomcat as root, allowing buggy app.s to make arbitrary changes
anywhere on your server.
If I ever have time to do something about that, I'll be sure to submit
a patch.
--
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.
RE: Apache2 adn/or Tomcat6?
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: elvberg [mailto:dan@elvberg.com]
> Subject: Re: Apache2 adn/or Tomcat6?
>
> ...and how do I do that?
Unless you have an distinct need for httpd or you want to make your life
much more complex, don't do it. Just configure Tomcat to use port 80
(and 443 for HTTPS, if you're using that), and you're done. Look in the
conf/server.xml file.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache2 adn/or Tomcat6?
Posted by elvberg <da...@elvberg.com>.
> Or put Apache 2 in front of your Tomcat, as it is usually done in production
> environment.
...and how do I do that?
/dan
On Fri, 2008-02-22 at 16:18 +0100, Antonio Petrelli wrote:
> 2008/2/22, Hassan Schroeder <ha...@gmail.com>:
> >
> > On Fri, Feb 22, 2008 at 7:08 AM, elvberg <da...@elvberg.com> wrote:
> >
> > > Conclusion (am I right or wrong?): http://xxx.xxx.xxx.xxx is equivalent
> > > with http://xxx.xxx.xxx.xxx:80
> > > but never with http://xxx.xxx.xxx.xxx:8080 i.e.
> > > I can never browse http://xxx.xxx.xxx.xxx and utilize Tomcat as a web
> > > server
> >
> >
> > Absolutely wrong -- you just need to change the Tomcat Connector
> > to listen on port 80, rather than 8080.
>
>
>
> Or put Apache 2 in front of your Tomcat, as it is usually done in production
> environment.
>
> Antonio
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache2 adn/or Tomcat6?
Posted by Giancarlo Frison <fr...@nimbuzz.com>.
Hassan Schroeder ha scritto:
> On Fri, Feb 22, 2008 at 7:18 AM, Antonio Petrelli
> <an...@gmail.com> wrote:
>
>
>> Or put Apache 2 in front of your Tomcat, as it is usually done in production
>> environment.
>>
>
> I don't know if you have statistics to substantiate that opinion, but it
> doesn't answer the question, eh? :-)
>
> There are definitely people on this list, including me, running Tomcat
> standalone in production.
>
I launched few performance tests for a tomcat webapp. If you use NIO
connector to exploit the CometProcessor the apache frontend has to
dispatch through http_proxy module, because AJP connector doesn't offer
comet feature. Anyway put apache as HTTP frontend downgrade the
performance a lot. If you run tomcat with a single instance then set up
tomcat straight to port 80 as you can see in this post:
http://www.jroller.com/giancarlo/entry/a_brief_account_of_optimization
---
http://gfrison.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache2 adn/or Tomcat6?
Posted by Hassan Schroeder <ha...@gmail.com>.
On Fri, Feb 22, 2008 at 7:18 AM, Antonio Petrelli
<an...@gmail.com> wrote:
> Or put Apache 2 in front of your Tomcat, as it is usually done in production
> environment.
I don't know if you have statistics to substantiate that opinion, but it
doesn't answer the question, eh? :-)
There are definitely people on this list, including me, running Tomcat
standalone in production.
--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache2 adn/or Tomcat6?
Posted by Antonio Petrelli <an...@gmail.com>.
2008/2/22, Hassan Schroeder <ha...@gmail.com>:
>
> On Fri, Feb 22, 2008 at 7:08 AM, elvberg <da...@elvberg.com> wrote:
>
> > Conclusion (am I right or wrong?): http://xxx.xxx.xxx.xxx is equivalent
> > with http://xxx.xxx.xxx.xxx:80
> > but never with http://xxx.xxx.xxx.xxx:8080 i.e.
> > I can never browse http://xxx.xxx.xxx.xxx and utilize Tomcat as a web
> > server
>
>
> Absolutely wrong -- you just need to change the Tomcat Connector
> to listen on port 80, rather than 8080.
Or put Apache 2 in front of your Tomcat, as it is usually done in production
environment.
Antonio
Re: Apache2 adn/or Tomcat6?
Posted by Hassan Schroeder <ha...@gmail.com>.
On Fri, Feb 22, 2008 at 7:08 AM, elvberg <da...@elvberg.com> wrote:
> Conclusion (am I right or wrong?): http://xxx.xxx.xxx.xxx is equivalent
> with http://xxx.xxx.xxx.xxx:80
> but never with http://xxx.xxx.xxx.xxx:8080 i.e.
> I can never browse http://xxx.xxx.xxx.xxx and utilize Tomcat as a web
> server
Absolutely wrong -- you just need to change the Tomcat Connector
to listen on port 80, rather than 8080.
--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org