Login/Register
Tomcat from 8443 to 443
Asked Answered
Solved javatomcatssltomcat7tomcat8
V

5

8

I have spring MVC web application started on tomcat 8.

I'have created certificates for SSL Authorization. I have such I confing in a server.xml

<Connector SSLEnabled="true" 
  keystoreFile="ks.p12" 
  keystoreType="pkcs12" 
  keystorePass="*****"
  port="8443"
  scheme="https"
  secure="true" 
  sslProtocol="TLS"/>

Ok. Now Everything works well!

BUT how to start server on 443 port? When I try to use open https://dev-sp.ge/ it gets me that messages "This webpage is not available"

enter image description here

Vargueno answered 9/9, 2014 at 11:40 Comment(0)
D
11

In unix systems the use of ports under 1024 usually requires special permissions or rights.

Your Tomcat works with port 8443 because it is not in the "protected" port range.

Of course first step is to change the port to 443 in your Tomcat's server.xml.

Solving using Authbind

One way to allow Tomcat to use 443 or 80 ports is to use Authbind

authbind allows a program which does not or should not run as root to bind to low-numbered ports in a controlled way.

Lower than 1024 ports have to be enabled in: /etc/default/tomcat8. Add the following line:

AUTHBIND=true

And create a new file for this:

sudo touch /etc/authbind/byport/443
sudo chown tomcat8 /etc/authbind/byport/443
sudo chmod 500 /etc/authbind/byport/443

Solving using setcap

Another way to solve this is to allow an executable binary to bind to the restricted ports which can be enabled by using the setcap unix command:

sudo setcap cap_net_bind_service=+ep /path/to/binary
Divinity answered 9/9, 2014 at 11:45 Comment(2)
What if we are configuring the project in docker container ?Thistle
For those still having problems accessing Tomcat externally at port 80 or port 443 even with authbind configured, for me it turned out the virtual Ubuntu I was using runs the UFW firewall, and extra commands such as "sudo ufw allow 443/tcp" (and/or 80/tcp) were necessary.Cold
R
9

Solution that worked for me: redirect 443 requests to 8443.

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

Use (/sbin/)iptables-save (as root) to make changes permanent.

Revels answered 4/5, 2015 at 9:9 Comment(0)
C
1

PREROUTING was not working for me. I successfully achived that with:

sudo iptables -t nat -A OUTPUT -o lo -p tcp --dport 443 -j REDIRECT --to 8443

sudo /sbin/iptables-save (to make it permanent)

Cheremkhovo answered 8/5, 2019 at 21:44 Comment(0)
A
0

Requires MacOSX >= Yosemite.

Add:

echo "
rdr pass inet proto tcp from my-domain.com to my-domain.com port 443 -> 127.0.0.1 port 9443
" | sudo pfctl -ef -

Or:

echo "
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 9443
" | sudo pfctl -ef -

List:

sudo pfctl -s nat

Remove:

sudo pfctl -F all -f /etc/pf.conf

https://salferrarello.com/mac-pfctl-port-forwarding/

Armil answered 22/8, 2016 at 10:8 Comment(0)
G
0

Like to add something more to @icza 's answer (since I'm new I cannot post comments)

If you are running the Tomcat server inside Eclipse, use 

authbind --deep ./eclipse

Because Eclipse does not care about the authbind otherwise

Ghoul answered 28/6, 2019 at 8:29 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.