网站绑定域名后直接通过域名访问使用的是80端口,因此tomcat须监听80端口。而为了安全起见tomcat一般不用root身份运行,因此需要以普通用户来运行监听80端口的root。此时就会启动失败,报没有权限,因为只有root身份才能监听1024以内的熟知端口。
(以下未经验证)
There are a few different solutions to work around this:
- Install and configure Apache or nginx as a reverse proxy server, which can be started as root to open the port, and then downgrade its privileges back to a normal user.
- Set up a firewall on the server using
iptablesor an alternative, so that the lower port number is forwarded internally to a higher port number listened by Confluence.- Use jsvc, which is able to open ports as root, and then downgrade privileges.
- Use authbind to grant privileges for a non-root user to open a privileged port.
以8080(其他非熟知端口皆可)端口启动,直接执行 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 做端口转发。
jsvc能以root角色使用端口,因此借助之即可。另外,这种方式也把tomcat做成了服务,能够开机自己启动。
原文:http://www.cnblogs.com/z-sm/p/5656202.html