André, I was just trying to understand why this was a so hard requirement to run on port 80. The provided answers didn't help to understand why this was hardly needed. I was just questioning and sometimes, we, yes I include myself, look at a problem with a narrow view how to solve it and it may be helpful to be provided alternate solutions.
But, anyway, enough on this. ----------------- Daniel Savard 2016-03-19 17:02 GMT-04:00 André Warnier (tomcat) <a...@ice-sa.com>: > Daniel, > > first of all, stop top-posting (this applies to both of you). This is not > the style of posting desired on this list. > See http://tomcat.apache.org/lists.html#tomcat-users, #6. > > Secondly, > the original poster (lyallex) wants to run Tomcat under Linux, without a > front-end, as a webserver, listening on port 80, but running as a user which > is not root. > This is a legitimate way of running Tomcat, and it is not for you to tell > him to run it otherwise. Presumably, he knows what he is doing, under his > circumstances. > > Tomcat by itself cannot do that, because it cannot by itself start as root, > bind to port 80, and then switch users. > The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this, > which is why the OP wants to use it. > But he has problems configuring this to run under systemd. > And this was his question : how to run Tomcat as non-root under a JVM under > jsvc under systemd, listening on port 80. > > I have not yet tried it myself, so I cannot really help. > But I have a feeling that the information that you have provided earlier, > can be extrapolated to the configuration which lyallex wants. > So thank you for providing that information, and let's leave it at that. > There is no need and no point in transforming this conversation into a flame > now. > > > > On 19.03.2016 21:33, Daniel Savard wrote: >> >> I still don't see how the number of concurrent sessions is related to >> the port number. >> >> The default ports for Tomcat are 8080 and 8443. >> >> For huge websites, usually you have a load balancer as a front-end >> anyway. You then get the capability to distribute the workload on more >> than one instance of Tomcat and/or servers, so, sticking on a single >> port isn't desirable since many instances on a single server cannot >> run on the same port. You get the capability to eliminate any >> single-point of failure as well as getting the capability to implement >> a non-stop environment making a Tomcat cluster. >> ----------------- >> Daniel Savard >> >> >> 2016-03-19 15:40 GMT-04:00 Lyallex <lyal...@gmail.com>: >>> >>> <Sigh!> >>> >>> On 19 March 2016 at 19:19, Daniel Savard <daniel.sav...@gmail.com> wrote: >>>> >>>> I see what you were trying to achieve, however I don't see much >>>> interest in that. >>> >>> >>> Really, I've been running a successful commercial web site for the >>> last 4 years using Tomcat as a standalone web server >>> and servlet container using exactly this solution. 1000 concurrent >>> sessions pose no problem >>> I mentioned this in my first post, sorry if you missed it. >>> >>>> 1) Obviously, if you were expecting systemd to solve that problem, you >>>> were wrong and it is a sane behavir of systemd to not allow that >>>> neither >>> >>> >>> No, you misunderstood. I was trying to start jsvc from a systemd service >>> file >>> Please read more carefully.I never suggested that systemd would solve >>> the problem >>> >>>> 2) Your solution to your problem is lying on jsvc alone. >>>> 3) I believe is bad security practice to insist to bind on privileged >>>> ports for process that don't need that level of privilege. >>>> >>>> Btw, even if you switch to another user to run the code, you actually >>>> are binding to port 80 as root. >>>> >>>> Maybe you can explain us why you want to do such a thing and using any >>>> other unprivileged port isn't a solution to your problem. >>> >>> >>> What is the default port for non.-encrypted http traffic to a web server? >>> >>> Anyway, I see no reason to start a slanging match, I have better things >>> to do. >>> It's all working quite nicely now anyway, thank you for your input. >>> >>> To learn about jsvc see >>> http://commons.apache.org/proper/commons-daemon/jsvc.html >>> You'll need an up to date ANSI C compiler (I use gcc) >>> >>> Lyallex >>> >>> >>>> >>>> Regards, >>>> ----------------- >>>> Daniel Savard >>>> >>>> >>>> 2016-03-19 12:10 GMT-04:00 Lyallex <lyal...@gmail.com>: >>>>> >>>>> It's the simplest way to find out which port you have Tomcat listening >>>>> on >>>>> >>>>> *NIX based systems don't allow non root uses bind to ports < 1024 >>>>> >>>>> jsvc >>>>> http://commons.apache.org/proper/commons-daemon/jsvc.html >>>>> >>>>> solves this problem, nobody seems to have grasped that this is what I >>>>> was asking about. >>>>> I know of no way to start the container, on port 80 using either >>>>> startup.sh or catalina.sh using start, run or anything else. >>>>> If I'm wrong then I would love to see how it's done. >>>>> >>>>> CentOS Linux release 7.2.1511 (Core) >>>>> >>>>> >>>>> On 19 March 2016 at 13:46, Daniel Savard <daniel.sav...@gmail.com> >>>>> wrote: >>>>>> >>>>>> Why? What is the point? The server.xml has nothing to do with >>>>>> integration with systemd. >>>>>> ----------------- >>>>>> Daniel Savard >>>>>> >>>>>> >>>>>> 2016-03-19 1:40 GMT-04:00 Lyallex <lyal...@gmail.com>: >>>>>>> >>>>>>> Would you mind posting your server.xml, here is the relevant bit from >>>>>>> mine. >>>>>>> >>>>>>> <Service name="Catalina"> >>>>>>> >>>>>>> <Connector port="80" protocol="HTTP/1.1" >>>>>>> connectionTimeout="20000" >>>>>>> redirectPort="8443" /> >>>>>>> >>>>>>> <Engine name="Catalina" defaultHost="localhost"> >>>>>>> >>>>>>> <Realm className="org.apache.catalina.realm.LockOutRealm"> >>>>>>> >>>>>>> <Realm >>>>>>> className="org.apache.catalina.realm.UserDatabaseRealm" >>>>>>> resourceName="UserDatabase"/> >>>>>>> >>>>>>> </Realm> >>>>>>> >>>>>>> <Host name="localhost" appBase="webapps" unpackWARs="true" >>>>>>> autoDeploy="true"> >>>>>>> >>>>>>> <Valve className="org.apache.catalina.valves.AccessLogValve" >>>>>>> directory="logs" >>>>>>> prefix="localhost_access_log" suffix=".txt" >>>>>>> rotatable="false" pattern="combined" /> >>>>>>> </Host> >>>>>>> >>>>>>> </Engine> >>>>>>> </Service> >>>>>>> >>>>>>> On 18 March 2016 at 23:35, Daniel Savard <daniel.sav...@gmail.com> >>>>>>> wrote: >>>>>>>> >>>>>>>> I believe all distros have over engineered the scripts to start >>>>>>>> Tomcat. Forget all the scripts from your distro, learn the >>>>>>>> signification of the environment variables from the catalina.sh >>>>>>>> script >>>>>>>> shipped with the default Tomcat version. Define your variables in a >>>>>>>> file, this file is not a script, so you cannot reuse a previously >>>>>>>> defined variable, feed your systemd service definition file with >>>>>>>> this >>>>>>>> file in the service section as >>>>>>>> EnvironmentFile=/path/name/to/your/file >>>>>>>> ExecStart=/path/to/catalina.sh start >>>>>>>> ExecStop=/path/to/catalina.sh stop >>>>>>>> >>>>>>>> and you are done. You control everything from the environment file, >>>>>>>> you can easily manage the environment variables without editing the >>>>>>>> systemd's service file. >>>>>>>> >>>>>>>> It is much simpler than the OpenRC set of scripts at my humble >>>>>>>> opinion. I am running Gentoo at home and RHEL at work and both >>>>>>>> distros >>>>>>>> wrapped Tomcat into too many layers of scripts in order to make it >>>>>>>> working with OpenRC while none of these are required to run and >>>>>>>> manage >>>>>>>> Tomcat with systemd. >>>>>>>> >>>>>>>> In particular with Gentoo, I no longer use the Tomcat distro >>>>>>>> packaged >>>>>>>> with Gentoo because they separated the servlet api from Tomcat and >>>>>>>> you >>>>>>>> need to wrap things into layers of scripts to define the classpath >>>>>>>> properly taking this into account, the vanilla classpath.sh file >>>>>>>> distributed with Tomcat doesn't work and so one. Really, they did a >>>>>>>> very bad job at integrating Tomcat. >>>>>>>> >>>>>>>> Here is my service file: >>>>>>>> >>>>>>>> [Unit] >>>>>>>> Description=Tomcat 8 (Dev) >>>>>>>> After=syslog.target >>>>>>>> After=network.target >>>>>>>> >>>>>>>> [Service] >>>>>>>> EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env >>>>>>>> Type=forking >>>>>>>> User=tomcat >>>>>>>> Group=tomcat >>>>>>>> ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh >>>>>>>> start >>>>>>>> ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh >>>>>>>> stop >>>>>>>> >>>>>>>> [Install] >>>>>>>> WantedBy=multi-user.target >>>>>>>> >>>>>>>> >>>>>>>> And here is the content of my EnvironmentFile: >>>>>>>> >>>>>>>> CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds" >>>>>>>> CATALINA_BASE="/tomcat/tomcat-8-dev" >>>>>>>> CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out" >>>>>>>> JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74" >>>>>>>> CATALINA_PID="/var/run/tomcat-8-dev.pid" >>>>>>>> >>>>>>>> >>>>>>>> ----------------- >>>>>>>> Daniel Savard >>>>>>>> >>>>>>>> >>>>>>>> 2016-03-18 13:31 GMT-04:00 Lyallex <lyal...@gmail.com>: >>>>>>>>> >>>>>>>>> I thought you might be interested in the resolution to this. >>>>>>>>> >>>>>>>>> It turns out that we needed to reproduce the environment in >>>>>>>>> tomcat.service >>>>>>>>> >>>>>>>>> For some reason >>>>>>>>> >>>>>>>>> ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work >>>>>>>>> (file shown at the end of this message) >>>>>>>>> >>>>>>>>> Instead, in /etc/systemd/system/tomcat.service >>>>>>>>> we have had to reproduce the environment in longhand to get it to >>>>>>>>> work. >>>>>>>>> It appears that systemd doesn't expand variables so I really need >>>>>>>>> to >>>>>>>>> investigate the systemd Environment thing a bit more. >>>>>>>>> Anyway, when I shutdown -r now the server comes back up and tomcat >>>>>>>>> is >>>>>>>>> running at the unprivileged tomcat user on port 80 so that's a >>>>>>>>> result >>>>>>>>> >>>>>>>>> ============== /etc/systemd/system/tomcat.service ============ >>>>>>>>> [Unit] >>>>>>>>> Description=Apache Tomcat Web Application Container >>>>>>>>> After=network.target >>>>>>>>> >>>>>>>>> [Service] >>>>>>>>> Type=forking >>>>>>>>> User=root >>>>>>>>> >>>>>>>>> ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \ >>>>>>>>> -user tomcat \ >>>>>>>>> -home /opt/jdk1.7.0_45 \ >>>>>>>>> -Dcatalina.home=/opt/apache-tomcat-7.0.42 \ >>>>>>>>> -Dcatalina.base=/opt/apache-tomcat-7.0.42 \ >>>>>>>>> -Djava.io.tmpdir=/var/tmp \ >>>>>>>>> -Djava.awt.headless=true \ >>>>>>>>> -Xms512m \ >>>>>>>>> -Xmx1024m \ >>>>>>>>> -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \ >>>>>>>>> -errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \ >>>>>>>>> -pidfile /var/run/tc7/jsvc.pid \ >>>>>>>>> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ >>>>>>>>> >>>>>>>>> -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties >>>>>>>>> \ >>>>>>>>> -cp >>>>>>>>> /opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar >>>>>>>>> \ >>>>>>>>> org.apache.catalina.startup.Bootstrap >>>>>>>>> >>>>>>>>> ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid >>>>>>>>> ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat >>>>>>>>> /var/run/tc7/jsvc.pid >>>>>>>>> >>>>>>>>> [Install] >>>>>>>>> WantedBy=multi-user.target >>>>>>>>> >>>>>>>>> >>>>>>>>> Oh happy day >>>>>>>>> Thanks again to all responders >>>>>>>>> >>>>>>>>> Lyallex >>>>>>>>> >>>>>>>>> ========= /etc/rc.d/init.d/tomcat7 ========= >>>>>>>>> >>>>>>>>> JAVA_HOME=/opt/jdk1.7.0_45 >>>>>>>>> CATALINA_HOME=/opt/apache-tomcat-7.0.42 >>>>>>>>> export JAVA_HOME CATALINA_HOME >>>>>>>>> >>>>>>>>> CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar >>>>>>>>> TOMCAT_USER=tomcat >>>>>>>>> TMPDIR=/var/tmp >>>>>>>>> PIDFILE=/var/run/tc7/jsvc.pid >>>>>>>>> >>>>>>>>> >>>>>>>>> RC=0 >>>>>>>>> >>>>>>>>> case "$1" in >>>>>>>>> >>>>>>>>> start) >>>>>>>>> >>>>>>>>> $CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME >>>>>>>>> -Dcatalina.home=/opt/apache-tomcat-7.0.42 >>>>>>>>> -Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR >>>>>>>>> -Djava.awt.headless=true \ >>>>>>>>> -Xms512m \ >>>>>>>>> -Xmx1024m \ >>>>>>>>> -outfile $CATALINA_HOME/logs/catalina.out \ >>>>>>>>> -errfile $CATALINA_HOME/logs/catalina.err \ >>>>>>>>> -pidfile '/var/run/tc7/jsvc.pid' \ >>>>>>>>> >>>>>>>>> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ >>>>>>>>> >>>>>>>>> -Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties >>>>>>>>> \ >>>>>>>>> -cp $CLASSPATH \ >>>>>>>>> org.apache.catalina.startup.Bootstrap >>>>>>>>> >>>>>>>>> RC=$? >>>>>>>>> >>>>>>>>> [ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat >>>>>>>>> echo "starting tomcat7 on darkstar with:" >>>>>>>>> echo "JAVA_HOME=$JAVA_HOME" >>>>>>>>> echo "CATALINA_HOME=$CATALINA_HOME" >>>>>>>>> echo "CLASSPATH=$CLASSPATH" >>>>>>>>> echo "tomcat started" >>>>>>>>> ;; >>>>>>>>> >>>>>>>>> stop) >>>>>>>>> >>>>>>>>> PID=`cat /var/run/tc7/jsvc.pid` >>>>>>>>> kill $PID >>>>>>>>> >>>>>>>>> RC=$? >>>>>>>>> >>>>>>>>> [ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat >>>>>>>>> /var/run/tc7/jsvc.pid >>>>>>>>> echo "stopping tomcat7 on darkstar with:" >>>>>>>>> echo "JAVA_HOME=$JAVA_HOME" >>>>>>>>> echo "CATALINA_HOME=$CATALINA_HOME" >>>>>>>>> echo "CLASSPATH=$CLASSPATH" >>>>>>>>> >>>>>>>>> echo "tomcat stopped" >>>>>>>>> ;; >>>>>>>>> >>>>>>>>> *) >>>>>>>>> echo "Usage: $0 {start|stop}" >>>>>>>>> exit 1 >>>>>>>>> esac >>>>>>>>> exit $RC >>>>>>>>> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
