今天有人要求tomcat服务器的访问地址不能带端口访问, 也就是说只能用80端口访问网站.
那么问题来了, Ubuntu系统禁止root用户以外的用户访问1024以下的商品, 因此tomcat
默认为8080也是有原因的.
因此,多才多艺的网友提供了普遍的两种方案:
1, 修改conf/server.xml中connector的port为80, 使用root用户运行tomcat.完美解决问题(ubuntu系统)
windows亦是修改conf/server.xml中的connector的port为80, 直接运行bin/startup.bat就行了.
2. ubuntu有个iptables NAT
即可控制访问ubuntu系统的请求通过iptables来转发,比如你访问80端口的请求,可以重定向到8080端口上去,
这样tomcat监听的8080端口就能收到80端口的访问请求了.
看一下歪国人的配置:
Iptables redirect port 80 to port 8080
The problem:
- You have a linux server
- Install tomcat or any other application server
- You don't want the application server to run as root, therefore it cannot listen to any of the ports 80 (http) or 443 (https)
- From outside, though, the application server must be accessible on ports 80 / 443
The most popular approach:
- Create an ordinary user specificaly for the application server (ex: tomcat)
- Configure it to listen to a port bigger than 1024 - actually Tomcat comes by default configured to 8080 instead of 80 and 8443 instead of 443
- Redirect the incoming connections from port 80 to 8080
The redirection is done by using the following iptables commands issued in sequence. The first one will configure the machine to accept incoming connections to port 80, the second does the same for port 8080 and the third one will do the actual rerouting. Please proceed in a similar manner for ports 443 forwarded to 8443
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
然而事情你总以为算结束了!!!
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 8443
2 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 127.0.0.1 tcp dpt:80 redir ports 8080
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
但是:
$service iptables save
iptables: unrecognized service
WHY!??
http://m.blog.csdn.net/blog/FENGQIYUNRAN/21830541
于是准备着手解决,解决思路很是明了,就是首先确定Linux是否安装了 iptables 。
service iptables status
但是仍然提示:iptables:unrecognized service。准备安装,根据不同的Linux内核选择不同的方法如下:
yum install iptables #CentOS系统
apt-get install iptables #Debian系统
但是提示已经安装,那为什么状态显示是未识别的服务呢?继续找原因。继续研究发现可能是由于没有安装iptables-ipv6,于是采用
sudo apt-get install iptables-ipv6进行安装,但提示Unable to locate package错误得错误。
考虑到软件间的不兼容,无奈先进行更新:sudo apt-get update,更新后重新安装仍然无法解决定位的问题。
于是采用apt-get install iptables*进行所有可能性查找和安装。经过一轮安装后iptables:unrecognized service的问题仍然没有解决。
继续研读相关资料,最终发现问题所在: