Hi all. I have a problem (I am newbee in SuSE firewall0.
I do have a openSuse 11.4 and multiple IP addresses on eth0 interface
I run (trying to/have to) multiple TOMCAT servers.
I am trying to have each tomcat instance listen to on separate IP address
tomcat 1 - 10.5.6.11 - HTTP=8080 HTTPS=8443
tomcat 2 - 10.5.6.12 - HTTP=8080 HTTPS=8443
What i am trying to do is to redirect
a) tomcat 1 -
10.5.6.11:80 to 10.5.6.11:8080
10.5.6.11:443 to 10.5.6.11:8443
a) tomcat 2 -
10.5.6.12:80 to 10.5.6.12:8080
10.5.6.12:443 to 10.5.6.12:8443
and so on.
I know that it has to be possible.
I do have just eth0/
Is is it possible.
Do I have to create “vittual interfaces”? eth0:1, … and do redirection ?
“Server” has got just single interface - just 1 ethernet calbe goes to that server. I am planning to have 10-15 tomcat’s on that server (I have to unfortunatley) and each has to run on port 80
Is it possible to “grant” permissions to normal users to run app on port 80 - that would solve me lots of problems if impossible to redirect.
I tried to setcap ‘cap_net_bind_service=+ep’ /path/to/tomcat … but no luck
No additional interfaces required. It has been possible to bind multiple addresses to one interface for a while now
Normal user cannot open port under 1024.
Make sure each tomcat listens on only one address. Then it’s just a matter of a redirect rule for each tomcat.
OK. No problem…
I can set <connector) to listen on specific IP.
I have doen hat already.
I have tomcat 1,2,3,4… that listen on specific IP addresses and on port 8080(http) and 8443(https).
The problem i have is to resirect http(80) to 8080 and https(443) to 8443
I am not allowed use ports other than 80/448. It has to be http/https. How can I redirect ports?
With iptables rules using the REDIRECT target. You need one rule per port and host, so 2 x number of tomcats.
You are on the right path with setting the <connector> in your Tomcat server.xml and defining the proxy settings in your httpd.conf. (This is a job for mod_jk and not for iptables, though I would just turn off your firewall while you get the proxy set up to rule out any trouble, and then turn it back on once you have the proxy redirection working.)
You will also need to make sure Apache has loaded an appropriate proxy module - most likely mod_jk. This is a separate package from Tomcat, so please make sure you have apache2-mod_jk installed as well, and the module with then show up when you do apachectl -M
Don’t forget to restart Tomcat / Apache when you make any changes to their config files.
As usual there are many ways to do this. iptables is one way and avoids running an Apache, unless you need one anyway for the main site. Another way, as mentioned, is using mod_jk, which has the advantage that you can set u load balancing if required. You can also use the ProxyPass and ProxyReversePass directives in Apache to proxy to the tomcat.
Ken_yap (as usual) is totally right - you can certainly use iptables too, and as he says Apache is not even required then. There are some benefits to either way really - you can try both and see what works best for you.
The problem was … SuseFirewall2 (some strange tool).
I used RDIRECT on specific IP and all works. I have 17 I_P addresses and all work on port 80.
In TOMCAT’s <connector> section i use address=“xxx.xxx.xxx.xx” so each TOMCAT listen on different interface.
Next thing is to investigate APACHE->TOMCAT connection.