November 8, 2016 at 3:59 pm #14115AtsParticipant
I installed Apache Tomcat 8 with OpenJDK-8 on CentOS 7.
Before deploying OpenAM, I want to configure Tomcat to run with standard ports 443 and 80, instead of 8443 and 8080, with a non-root user.
In other words, I want to deploy OpenAM on 443 and 80 ports, instead of 8443 and 8080.
I googled and find some approaches to do this:
- port forwarding using iptables
- setcap in linux for Java process
- Authbind in linux
which tested approach would you recommend?
November 8, 2016 at 4:11 pm #14116FrotonisParticipant
- This topic was modified 5 years, 10 months ago by Peter Major.
Do you really need tomcat running on 80 and 443. What about reverse proxy like nginx or apache?November 8, 2016 at 5:55 pm #14119Bill NelsonParticipant
Ports < 1024 are considered “privileged ports” and only the root user (or a user with root privileges) can start processes that bind themselves to those ports. I never recommend running Internet facing applications as a root type users due to the security issues involved in doing so.
But here is the real question.
If you are testing OpenAM, then I would question why you care about the ports. If you are creating a production solution, then you will need multiple OpenAM instances and ports :80 and :443 should be configured on the load balancer or reverse proxy (as @frotonis suggests) and then you run OpenAM on non privileged ports. That is best practice.
You must be logged in to reply to this topic.