Running Jboss on port 80 on Linux
Posted by primalcortex on May 9, 2008
Some customers have network policies for traffic shaping that severely restrict network performance on the default port 8080 used by Jboss. This is because most internet access use proxy’s on that port.
So to avoid internal JBoss servers to be hit by traffic shaping, moving JBoss to port 80 or other is the solution.
Editing the server.xml file and changing the default 8080 port to 80 for example is easy, but on Linux brings an additional problem: ports below 1024 are privileged which means that JBoss must run as the user root… a big no no…
So how do you keep Jboss running as a non privileged user and bound to port 80?
Well after a bit of research on our friend Google it’s quite easy:
Normally I use the boot script located here: Jboss Boot Script .
Before the line su -l jboss -c .. which starts Jboss running under the user jboss, just put the following line:
iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 8080
(EDIT: Please note that it’s dash dash (- -) before the dport and to-port parameter, and not a single dash (-) ).
This will just redirect any external requests on port 80 to port 8080, and all of this with jboss running securely on it’s own user… It also can be done for port HTTPS 443 so it maps to 8443.
Easy, simple and no messing around on server.xml.
On Windows, I think your out of luck, but hey, anyone can bind to port 80…
fouad said
Thanks for the easy solution. I will try it.
Jose Javier said
Great advice.
Thanks.
Ling Ling said
Thanks, but for those copying and pasting, it’s actually:
iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 8080
i.e. dport and to-port are long options and so — rather than -.
Ling Ling said
Oops, just saw your EDIT. Maybe you could make it stand out more? Thanks again.