OpenAM and Tomcat with Ports 443 and 80

Tagged: , , , , , ,

This topic has 2 replies, 3 voices, and was last updated 5 years, 10 months ago by Bill Nelson.

  • Author
    Posts
  • #14115
     Ats
    Participant

    Hi,
    I installed Apache Tomcat 8 with OpenJDK-8 on CentOS 7.
    Before deploying OpenAM, I want to configure Tomcat to run with standard ports 443 and 80, instead of 8443 and 8080, with a non-root user.
    In other words, I want to deploy OpenAM on 443 and 80 ports, instead of 8443 and 8080.
    I googled and find some approaches to do this:

    • port forwarding using iptables
    • setcap in linux for Java process
    • Authbind in linux
    • sudo!
    • etc.

    which tested approach would you recommend?

    • This topic was modified 5 years, 10 months ago by Peter Major.
    #14116
     Frotonis
    Participant

    Do you really need tomcat running on 80 and 443. What about reverse proxy like nginx or apache?

    #14119
     Bill Nelson
    Participant

    Ports < 1024 are considered “privileged ports” and only the root user (or a user with root privileges) can start processes that bind themselves to those ports. I never recommend running Internet facing applications as a root type users due to the security issues involved in doing so.

    But here is the real question.

    If you are testing OpenAM, then I would question why you care about the ports. If you are creating a production solution, then you will need multiple OpenAM instances and ports :80 and :443 should be configured on the load balancer or reverse proxy (as @frotonis suggests) and then you run OpenAM on non privileged ports. That is best practice.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?