It's not a secret anymore!*
The moose likes Tomcat and the fly likes Configure URL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Configure URL" Watch "Configure URL" New topic
Author

Configure URL

Gerenne Vives
Ranch Hand

Joined: Feb 05, 2005
Posts: 60
Hi all!!

I have a application web with this address http://x.x.x.x:8080/NameApp, and for other hand I have a domain www.namedomain.es, the application runs in apache server, and is installed in Ubuntu server. I want redirect the url, when I will write www.namedomain.es, I want go to http://x.x.x.x:8080/NameApp.

But I don't know the files that I must modify...

Please, I need help!!
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

As the owner of that domain, you should ask your ISP (the company through which your computers connect to the Internet) to configure their DNS so that www.namedomain.es refers to one of your computers. This should be a computer which is visible from the Internet.

Also if you're planning to allow people from all over the Internet to access your application, they will be expecting to connect via port 80 (the standard port for HTTP) rather than port 8080.

So the simplest thing would be to run Tomcat on the computer which your domain www.namedomain.es refers to, via the DNS, and to have it listen to port 80. There are more complex configurations, but at any rate the first step is to get your ISP to configure your domain into their DNS. Note that this isn't usually something that you can do yourself, and if you have to ask about it, it almost certainly isn't something that you can do yourself.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15960
    
  19

Paul Clapham wrote:
Also if you're planning to allow people from all over the Internet to access your application, they will be expecting to connect via port 80 (the standard port for HTTP) rather than port 8080.

So the simplest thing would be to run Tomcat on the computer which your domain www.namedomain.es refers to, via the DNS, and to have it listen to port 80. There are more complex configurations, but at any rate the first step is to get your ISP to configure your domain into their DNS. Note that this isn't usually something that you can do yourself, and if you have to ask about it, it almost certainly isn't something that you can do yourself.




Every common browser is set up so that if you don't supply a port address that http requests will be sent to port 80 and https requests will be sent to port 443. The DNS system only maps IP names to IP addresses, not to ports. So for maximum user convenience, web servers should use ports 80 and 443. They don't have to, it's just less typing for the user.

However, running Tomcat on ports 80 and 443 is extremely dangerous. TCP/IP ports whose numbers are less than 4096 can only be listened to by a user with administrator/root privileges. That means that the entire Tomcat server would have to run as a privileged user. And far too many people implement seriously flawed security in their webapps to begin with.

The alternative to running Tomcat with admin rights is to emply a proxy to translate the incoming port requests so that port 80 is sent to Tomcat's 8080 and port 443 is sent to Tomcat's port 443.

There are a number of ways to do this. One of the more popular ones is to use the Apache HTTPD webserver plus one of its tunneling modules, such as mod_proxy. This has the advantage of making it easy for the server to host non-J2EE apps as well. Another way is to use some other sort of proxy software, like squid. These servers are specially designed to run apps as non-privileged users, which Tomcat cannot do owing to the OS-specific nature of the mechanisms involved versus the Tomcat "run-anywhere" restrictions.

Really large shops often use dedicated hardware which may do load-balancing as well as proxying. And home/small office users will often setup their routers to do so, since many routers offer this feature. Finally, since you're running Ubuntu, you have the option to use the iptables network traffic control system to reroute the ports. You can even go one step further and route the requests into a virtual machine, which is what a number of my webservers do.

One thing you can plainly see if you look at the system logs for any server connected directly to the Internet is that no one is too obscure to be pounded on 24x7 by potential invaders. Its a rare day that I don't see 2-3 or more portscans, there are 3 different locations in China hoping to abuse my webservers as spam relays plus any incredible amount of junk coming in from script kiddies, hackers and botnets.

The Internet can be an ugly place, so security is not something that should be an afterthought.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Configure URL
 
Similar Threads
why we need connector for Apache and Tomcat
Load balancer and http cluster
Apache/Jboss issue
Changing the default page in apache
WS Startup: NET_Bind (in depth, however).