Synology, MySQL and PHPMyAdmin

One of the packages available for installation on the Synology NAS is the PHPMyAdmin application that allows to use the web to administer the embed MySQL.
The problem with this is that the PHPMyAdmin will also available on the root web server of the Web Station package, and if this package is exposed to the internet, then PHPMyAdmin application will also be exposed… a big no-no security wise…

My quick solution is not to install this PHPMyAdmin package, and since I seldom access the MySql package, a better alternative, yet not “light” is to use the Desktop Application MySQLWorkbench: to access and administer your databases.


Running Jboss on port 80 on Linux

Some customers have network policies for traffic shaping that severely restrict network performance on the default port 8080 used by Jboss. This is because most internet access use proxy’s on that port.

So to avoid internal JBoss servers to be hit by traffic shaping, moving JBoss to port 80 or other is the solution.

Editing the server.xml file and changing the default 8080 port to 80 for example is easy, but on Linux brings an additional problem: ports below 1024 are privileged which means that JBoss must run as the user root… a big no no…

So how do you keep Jboss running as a non privileged user and bound to port 80?

Well after a bit of research on our friend Google it’s quite easy:

Normally I use the boot script located here: Jboss Boot Script .

Before the line su -l jboss -c .. which starts Jboss running under the user jboss, just put the following line:

iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 8080

(EDIT: Please note that it’s dash dash (- -) before the dport and to-port parameter, and  not a single dash (-) ).

This will just redirect any external requests on port 80 to port 8080, and all of this with jboss running securely on it’s own user… It also can be done for port HTTPS 443 so it maps to 8443.

Easy, simple and no messing around on server.xml.

On Windows, I think your out of luck, but hey, anyone can bind to port 80…