This week's book giveaway is in the Other Open Source APIs forum. We're giving away four copies of Storm Applied and have Sean Allen, Peter Pathirana & Matthew Jankowski on-line! See this thread for details.
Ok i hope i posted in the correct forum. So i installed tomcat and apache to act as the proxy.
Im getting the html proxyed, but the images in the tomcat container are not being displayed and the css files in the that container are not being applied.
I'm using ProxyPass ProxyPassReverse in the httpd.conf file.
The sight is 100% jsp no straight html. So i need everything that's passed back to be forwarded back to the apache proxy.
I know the quick fix is making tomcat root user and dropping down to the normal ports of 80 443, but I do not want to lose the security of keeping tomcat's user "tomcat"
Please if anyone knows a good tutorial or examples of how this is done please let me know.
PS if their is another way for port 80 to be picked up and forwarded to tomcat please let me know.
"Your work is going to fill a large part of your life, and the only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love what you do." -- Steve Jobs
Hey I found a better option that fixed all my problems.
# prevent Apache from running on startup
chkconfig --del httpd
# stop Apache from running right now
# tell iptables to forward incoming requests on port 80 to tomcat
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
# save the iptable rules
# make sure iptables starts up by default after a server restart
chkconfig --level 35 iptables on
This worked like a charm and kept my security in tact.
Nope, as long as you don't need anything other than J2EE on port 80, that's one of the simplest ways to have a Tomcat running without reconfiguring the ports to use port 80 directly. Which isn't recommended, since that requires Tomcat to run as a root user.
If you need non-tomcat services, you'll have to put up a full-blown proxy server, but otherwise, you're fine.
Customer surveys are for companies who didn't pay proper attention to begin with.
Pete Nelson wrote:Another option, if you only need it on port 80, would be to change Tomcat's server.xml, specifically the HTTP connector's port attribute. No need to alter your system's iptables this way.
However in Linux/Unix systems, listening on port 80 requires that the listener process is running with root privileges. Which means that anyone who can suborn Tomcat can potentially own the entire server - not to mention any other servers whose security depends on no network-internal funny business.
The IPTABLES approach is much safer, because it allows Tomcat to run as an ordinary (non-privileged) user, thus limiting the potential for mischief.