authbind, privbind or iptables REDIRECT (port 80 to 8080)?

glassfish

Solution 1:

I use NAT all the time in production. While it is more commonly used to translate between intranet and Internet, it can be perfectly acceptable to use it this way as well. I've done similar for an almost identical situation. With that being said, there are other options.

Application servers and Web servers often run together, as such it makes sense to keep Java on 8080 and 8443 internally. More often, people would probably use Apache as the proxy to translate certain requests to Java and serve static content from the Apache instance. I understand that you find this solution unacceptable to you but it must be said.

If this does not cover your questions, feel free to expound and I will iterate further.

Edit 1

You're welcome. NAT won't affect https' normal operation, it will work fine.

I can't imagine why you would be worried about other non-privileged users binding to 8080. Is there something unique to your situation?

Related

How do I set up a shared directory on Linux?
Send email on behalf of clients
Outsource my email server to Google
Cheap and easy solution for VPN?
how to restrict ssh login to a specific ip or host
How do you administer 20 or more Linux Servers daily?
SNMP equivalent for show ip route?
How to map authenticated Apache users to their own directory?
How to stop Apache from crashing my entire server?
Renaming a windows 2003 domain?
How can I proxy multiple LDAP servers, and still have grouping of users on the proxy?
How to pass a request from one apache server to another