Welcome to the Webhosting.net Blog!

Your source for all things related to web hosting

How to get Tomcat running on CentOS 7.2 using privileged ports <1024

By | CentOS, Java, Tomcat | No Comments

Tomcat running on Centos using privileged portsIf you haven’t already got Java and Tomcat 7 running on CentOS 7.2, it’s pretty simple using yum. Just follow the instructions in this post.

This sets up Java to run with 8080 and/or 8443, but I want it to be my primary webserver.

Post install

I’ve been trying to get Tomcat to run under user tomcat but on privileged port 443 ( <1024 ). There is not a lot of current info on getting this working post yum installs of Java and Tomcat 7 on CentOS 7.2 , so perhaps adding it here would be good.

There is allot of misinformation out there and some of it doesn’t apply to the versions spoken about, configs in different places or not existing in the paths referenced.

A few pre-cursors

  1. I do not want to run Tomcat as root to be able to use a port <1024
  2. “setcap cap_net_bind_service+ep /path/to/bin/java” does not work. I tried everything I could.
  3. I do not want to run Apache, haproxy or NGINX running on a port <1024 as a frontend to Tomcat even though there are some advantages in doing this. Wasted overhead and another service to manage and keep updated.
  4. Using iptables or firewalld to redirect ports is not optimal IMO as restarting or changing the firewall config would stop users from reach Tomcat if the firewall stopped or had an issue which is a point of failure.

The best solution I found was:

  1. Install authbind pre-rolled as an RPM from here or use the referenced GIT project to build an rpm yourself. This installed without issue and without any dependencies.
  2. Once authbind is installed run the following depending on what ports you want to have Tomcat listening on:

sudo touch /etc/authbind/byport/80
sudo chmod 500 /etc/authbind/byport/80
sudo chown tomcat /etc/authbind/byport/80
sudo touch /etc/authbind/byport/443
sudo chmod 500 /etc/authbind/byport/443
sudo chown tomcat /etc/authbind/byport/443

  1. Default user and group when Tomcat is installed by yum is “tomcat”
  2. Modify your tomcat “/etc/tomcat/server.xml” config and change to the ports you want to use. In my case it’s 443.
  3. The tricky part was getting authbind to work with systemd. After getting Tomcat set to start when the servers starts up I have the following 2 startup files:

/etc/systemd/system/multi-user.target.wants/tomcat.service
/usr/lib/systemd/system/tomcat.service

  1. In all the other posts I read and how to’s they all reference startup.sh in this file, but this script doesn’t exist if you used the before mentioned instructions to install Java/Tomcat using yum. I opened up the 2 files above and commented out the original “ExecStart” command, duplicated the line and added authbind as follows:

#ExecStart=/usr/libexec/tomcat/server start
ExecStart=/usr/bin/authbind –deep “/usr/libexec/tomcat/server” start

  1. After that I ran:

sudo systemctl daemon-reload
sudo systemctl restart tomcat.service

Tomcat fired up listening on port 443.

<snip>
Aug 19 13:29:42 1556-109 authbind: INFO: Initializing ProtocolHandler [“http-bio-443”]
Aug 19 13:29:43 1556-109 authbind: Aug 19, 2016 1:29:43 PM org.apache.coyote.AbstractProtocol init
</snip>

Problem solved! This was a lot easier to get working that some of the other solutions which involved multiple services running etc. If you have a better method or questions, please post a comment.

Create a PokemonGo Map with Jelastic and Catch Rare Pokemon in your Area

By | Jelastic, PokemonGo Maps | No Comments

Create a free PokemonGo MapIf you haven’t heard about PokemonGo then you’re either not connected to technology or don’t have children walking by, ignoring you and stumbling yelling “there’s one!”

So I decided to play the cool parent card and found a way via Jelastic to get my own PokemonGo Map up and running, so I could show my boys where specific Pokemons they have been searching for are located.

It’s incredibly fast and easy.

Warning: Using this software is against the ToS of the game. You can get banned, use this tool at your own risk.

Just follow these simple steps.

Click on this link and you will be redirected to the Webhosting.net Jelastic login screen.

Read More

How to Install Cyclos 4 in One-Click in Less than 10 Minutes

By | Cyclos 3 CE, Cyclos 4, Jelastic | No Comments

one click install cyclos 4What is Cyclos 4?

Cyclos 4 is a feature rich online payment platform (banking software) for large businesses and organisations. It is user friendly, simple to use and maintain and provides flexibility, security and a high level of customization.

Cyclos is deployed by local banks, C3 networks, MFI’s, barters, community currencies and time banks. Cyclos enables organisations to create a payment system from the ground up, by changing the configuration (without the need to change any code).

Easy one click installation of Cyclos 4

The traditional way to get Cyclos installed is to firstly get Java hosting, set up a MySQL database, deploy a .war file, configure via SSH, mess around with Tomcat class files, assign an SSL certificate, create additional databases for modules, run module commands etc – exhausting right?

If you do not have an active Jelastic account with Webhosting.net, visit our Jelastic Marketplace, where you can install Cyclos 4 Pro (or Cyclos 3 CE) in just one click and all the hard work and configuration is done for you. Read More