Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tomcat and port 80

On 28/02/2004, at 8:46 AM, Scott Kelley wrote:

Greg, Barry, thanks for the feedback.

At 3:16 PM -0700 2/25/04, Greg Guerin wrote:
Scott Kelley <email@hidden> wrote:

Does anybody know how to use "ipfw" (ip firewall) to forward port 80 to a
non-privileged port?

Have you read 'man ipfw'?

Yes, I started by reading the man page, plus doing a Google search for ipfw-related stuff on both MacOS and *BSD, and followed up by building a test server I can use to experiment with ipfw without worrying about messing up my development box.

However, man pages tend not to say things like "but whatever you do, do NOT try to use this to run Tomcat on MacOS X!" because man pages tend to be a little skimpy when it comes to these kinds of details. For instance, maybe there's a glaring security hole that hasn't occurred to me yet? Or maybe it Just Doesn't Work for reasons that aren't immediately obvious.

Which is why I thought I would ask when the topic came up here.

At 11:04 AM -0500 2/26/04, Barry Hawkins wrote:
Just wanted to point out that the use of Tomcat's connectors (mod_jk or similar) would probably be recommended, since the web server (Apache, IIS, etc.) is better at handling non-JSP/Servlet processing, so while moving Tomcat to port 80 would remove the garish :8080 type of URL modifier, it might not be the best choice, particularly on a production system.

Plain old Tomcat is more than fast enough for us, given our user base and the available hardware. Our biggest obstacle right now is complicated configurations and not enough hours in the day for our sysadmins, so any configuration simplification we can do is typically a very good thing. Also, we're working with an ever-more-challenging authentication environment, and only having to deal with this problem on one kind of server instead of two is also a very good thing. These are some of the reasons we're moving away from mod_jk and friends, particularly for our intranet configuration, despite having used it successfully in production for many years.

Sigh... I'll fiddle with ipfw and Tomcat this weekend, and if I can get it to work I'll post back to the list.

A simpler solution might be to set up a reverse squid proxy configuration. We have done this on one of our JBoss production sites and it works well.

There is some information here <http://www.net-security.org/news.php?id=4600> on how to set this up.

Steve Coy
_______________________________________________
java-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/java-dev
Do not post admin requests to the list. They will be ignored.

References: 
 >Re: Tomcat and port 80 (From: Greg Guerin <email@hidden>)
 >Re: Tomcat and port 80 (From: Scott Kelley <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.