How to get Tomcat 9 to work with authbind to bind to port 80?

Unfortunately, Tomcat's use of authbind is undocumented, making it a challenge to bind Tomcat 9 to port 80, when not running as root. I have tried the following on Ubuntu 16.04:

1) In server.xml, changing attribute port to 80 in <Connector>.

2) Installing authbind.

3) Adding AUTHBIND=yes to setenv.sh

4) Creating file /etc/authbind/byport/80 with 777 permissions and owner tomcat.

If I run startup.sh as root, it works fine. But if I do it as unprivileged user "tomcat", the script displays "Tomcat started" with no error message. But the browser shows "Unable to connect".

If I run authbind startup.sh, the result is the same. The lack of error message from the startup script leaves me in the dark as to the cause of the problem.

Possibly relevant info: tomcat was installed from zip file, not from repo.

Is there something else I'm overlooking about the tricks to make this work? This is sorely missing in the official docs.


Solution 1:

Installing Tomcat from zip is ok.

I request you to follow below steps to configure authbind and run tomcat on 80, I am considering you have installed authbind and tomcat 9.

  1. Make port 80 available to authbind (you need to be root):

touch /etc/authbind/byport/80; chmod 500 /etc/authbind/byport/80; chown tomcat9 /etc/authbind/byport/80

*considering tomcat9 as a non-root user for tomcat

  1. create the file TOMCAT/bin/setenv.sh with the following content:

CATALINA_OPTS="-Djava.net.preferIPv4Stack=true"

  1. Change in "/usr/share/tomcat7/bin/startup.sh"

OLD : exec "$PRGDIR"/"$EXECUTABLE" start "$@

NEW : exec authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"

  1. make changes in TOMCAT/conf/server.xml file to change port to 80 from 8080

One more solution to run tomcat on 80 is using iptables.

sudo /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

Please let me know if you have any doubt or query I could help with.

Thanks, Nishant

Solution 2:

In my CENTOS 6 server and TOMCAT 7, i had to:

  • install authbind
 yum install authbind-2.1.1-0.x86_64.rpm 
  • create the files 80 for the user tomcat
touch /etc/authbind/byport/80; chmod 500 /etc/authbind/byport/80; chown tomcat /etc/authbind/byport/80
  • change the port 8080 to 80
vim /usr/share/tomcat/conf/server.xml
Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"
  • change the variable TOMCAT_SCRIPT in the service tomcat:
vim /etc/init.d/tomcat
TOMCAT_SCRIPT="${TOMCAT_SCRIPT:-/usr/local/bin/authbind -deep /usr/sbin/tomcat}"
  • then relaunch tomcat
service tomcat restart