Mark, Can you elaborate on what is going on there? What trolls? I don’t know what that means.
=========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -----Original Message----- From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, March 2, 2018 9:39 AM To: Tomcat Users List <users@tomcat.apache.org>; Olaf Kock <tom...@olafkock.de> Subject: Re: tomcat 8.5.28 On 02/03/18 14:30, Olaf Kock wrote: > > > On 02.03.2018 15:22, Cheltenham, Chris wrote: >> What? > > don't feed the trolls ;) Better still, unsubscribe them :) Just a reminder to everyone that the list does have moderators and we can be reached directly at users-owner@... should you need our help. I have unsubscribed this particular user. Mark > >> From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] >> Sent: Friday, March 02, 2018 9:08 AM >> To: 'Tomcat Users List' <users@tomcat.apache.org> >> Subject: tomcat 8.5.28 >> >> Hello, >> >> Has anyone set up tomcat as a non-root use? >> >> I have set it up successfully however, I have to bound the non-root >> user to port 8443. >> >> What is the best way to reroute 8443 through 443? >> There are several options. >> Everything is set up at send to port 443 so I need to reroute 8443 in >> and out of 443 >> >> CentOS 7 by the way - > "what is the best (TM)?" > -> "It depends" > > Tomcat runs well on unprivileged ports, and depending on your OS, > familiarity with configuring it, other infrastructure etc, you have > different options. Are you familiar with them - as you mention that > there are many? > > You can > * use iptables redirection, > * have a proxy/webserver/loadbalancer in front, > * enable unprivileged binding to the port > > I default to the second option, because there's an Apache httpd or > another loadbalancer anyways, and it tended to be best documented with > regards to all of the specific SSL settings you might want to have > (the cipher-cocktail of the day), plus easily get LetsEncrypt certs. > > The others are valid as well - none is better, they're just different. > > As we were discussing documentation in another thread these days: I've > expected to find a solution to your question in the FAQ and wanted to > link to it - but didn't find any entry there. There's a patch to go on > my list, with no ETA though. Maybe a side-task during that Manchester > Tomcat training. > > Olaf > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org