Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

port 80 not open for jetty?

Posted on 2005-03-31
6
Medium Priority
?
493 Views
Last Modified: 2013-12-15
I'm trying to get the Jetty application server running on port 80. I found that if I run it as root then it works fine. If I run it as a different user I created (who I called "jetty") then it gives bind exceptions when starting up.

If I change it to use port 8080 and run it as user "jetty" then it works fine.

I found a message where they said I could map 8080 to 80 by doing:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
/etc/init.d/iptables save
/etc/init.d/iptables start

That almost works (although I fail to see why I can't just run on port 80 directly). When I start up jetty it binds to port 8080 and then when, from another machine, I go to the server on port 80 then it serves up web pages fine. But, when I hit a servlet that attempts to connect to port 80 then it doesn't work.

In other words, it works fine to hit the server's port 80 from an external machine, but when code running under jetty attempts to hit port 80 (by making a direct http get to the server it's running on) then it says "Connection refused".
0
Comment
Question by:HappyEngineer
  • 2
  • 2
  • 2
6 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 1500 total points
ID: 13678276
Ports below 1024 can only be opened by a application running as root. That explains why it works when started by root and not when started by jetty on 80/TCP.

The iptables rule will only work for requests that originate outside of the firewall. The servlet requests aren't from outside of the firewall and they won't work since the port won't get translated.

Why not just avoid all of the complications and start jetty as root on 80/TCP?
0
 

Author Comment

by:HappyEngineer
ID: 13678312
I suppose I could do that if I have to. I just figured it was safest to run services as non-root users whenever possible.
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13690893
> Ports below 1024 can only be opened by a application running as root.
Really? My Apache (httpd) run as user apache and listening to port 80.
Is something special for Apache, which don't need to run as root to listen to the port low than 1024?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 40

Expert Comment

by:jlevie
ID: 13692201
The master httpd process is started by root. It then creates child processes that run as an unpriv'ed user that handle HTTP/HTTPS connections from clients. You can see this in a process listing, like:

wilowisp> psg httpd
root      2891     1  0 Apr01 ?        00:00:01 /usr/sbin/httpd
apache    6859  2891  0 04:02 ?        00:00:00 /usr/sbin/httpd
apache    6860  2891  0 04:02 ?        00:00:00 /usr/sbin/httpd
apache    6861  2891  0 04:02 ?        00:00:00 /usr/sbin/httpd
apache    6862  2891  0 04:02 ?        00:00:00 /usr/sbin/httpd
apache    6863  2891  0 04:02 ?        00:00:00 /usr/sbin/httpd
apache    6864  2891  0 04:02 ?        00:00:00 /usr/sbin/httpd
apache    6865  2891  0 04:02 ?        00:00:00 /usr/sbin/httpd
apache    6866  2891  0 04:02 ?        00:00:00 /usr/sbin/httpd

Notice that PID 2891 is owned by root and the children all have a parent of PID 2891, but are owned by the apache user.
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13694747
Got it. Thanks Jim.
HappyEngineer, you might want to use this trick as Apache to run the child process owned by non-root user for your
application for security.
0
 

Author Comment

by:HappyEngineer
ID: 13696344
It's cool that apache does that. But, I'm using Jetty as my server. I'll check to see if jetty has a way to do that.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month11 days, 2 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question