Paul Clapham wrote:
Also if you're planning to allow people from all over the Internet to access your application, they will be expecting to connect via port 80 (the standard port for HTTP) rather than port 8080.
So the simplest thing would be to run Tomcat on the computer which your domain www.namedomain.es refers to, via the DNS, and to have it listen to port 80. There are more complex configurations, but at any rate the first step is to get your ISP to configure your domain into their DNS. Note that this isn't usually something that you can do yourself, and if you have to ask about it, it almost certainly isn't something that you can do yourself.
Every common browser is set up so that if you don't supply a port address that http requests will be sent to port 80 and https requests will be sent to port 443. The DNS system only maps IP names to IP addresses, not to ports. So for maximum user convenience, web servers should use ports 80 and 443. They don't have to, it's just less typing for the user.
However, running
Tomcat on ports 80 and 443 is
extremely dangerous. TCP/IP ports whose numbers are less than 4096 can only be listened to by a user with administrator/root privileges. That means that the entire Tomcat server would have to run as a privileged user. And far too many people implement seriously flawed security in their webapps to begin with.
The alternative to running Tomcat with admin rights is to emply a proxy to translate the incoming port requests so that port 80 is sent to Tomcat's 8080 and port 443 is sent to Tomcat's port 443.
There are a number of ways to do this. One of the more popular ones is to use the Apache HTTPD webserver plus one of its tunneling modules, such as mod_proxy. This has the advantage of making it easy for the server to host non-J2EE apps as well. Another way is to use some other sort of proxy software, like squid. These servers are specially designed to run apps as non-privileged users, which Tomcat cannot do owing to the OS-specific nature of the mechanisms involved
versus the Tomcat "run-anywhere" restrictions.
Really large shops often use dedicated hardware which may do load-balancing as well as proxying. And home/small office users will often setup their routers to do so, since many routers offer this feature. Finally, since you're running Ubuntu, you have the option to use the iptables network traffic control system to reroute the ports. You can even go one step further and route the requests into a virtual machine, which is what a number of my webservers do.
One thing you can plainly see if you look at the system logs for any server connected directly to the Internet is that no one is too obscure to be pounded on 24x7 by potential invaders. Its a rare day that I don't see 2-3 or more portscans, there are 3 different locations in China hoping to abuse my webservers as spam relays plus any incredible amount of junk coming in from script kiddies, hackers and botnets.
The Internet can be an ugly place, so security is not something that should be an afterthought.