Page History

...

We want the repository (and other Web tools) to have a simple URL, without the ugly port number after the hostname, e.g. NOT like this http://dev.harvard.eagle-i.net:8080/..., but just / and NOT http://dev.harvard.eagle-i.net:8080/... (because , really, that 's first one is already enough to remmeberremember.) This procedure uses IP port redirection to let your Tomcat server appear to be running on the canonical HTTP port, which is 80. It is the simplest and safest method to accomplish this under Linux.

The sanest alternative, running an Apache httpd server as an AJP forwarder, is much more effort and adds another point of failure. We will not even discuss running Tomcat as root so it has access to port 80, since that is simply unacceptable.

Ubuntu

...

These procedures

• have

...

• been tested under Ubuntu Linux 9.10 _(krazy kitten)

...

• , Fedora

...

• 12 and 14, and CentOS 6.03
• assume

...

• you are running Tomcat on port 8080. To redirect the HTTPS (HTTP on SSL) port, also run the 3 additional iptables commands (assuming port 443) below.

...

• require root privileges

...

• assume the Bourne shell (/bin/sh)

...

1. Discover your machine's primary IP address and set the ADDR shell variable: (Note that this assumes eth0 is your primary network interface --use ifconfig -a to see them all)

   No Format
   ADDR=`ifconfig eth0 | perl -ne 'print "$1\n" if m/\sinet addr\:(\d+\.\d+\.\d+\.\d+)\s/;'`

2. Run these iptables commands to redirect all port 80 requests to port 8080.

   No Format
   iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT --to-ports 8080 iptables -t nat -A OUTPUT -d $ADDR -p tcp --dport 80 -j REDIRECT --to-ports 8080 iptables -t nat -A PREROUTING -d $ADDR -p tcp --dport 80 -j REDIRECT --to-ports 8080

3. (If using SSL) Run these iptables commands to redirect all port 443 requests to port 8443.

   No Format
   iptables -t nat -A OUTPUT -d localhost -p tcp --dport 443 -j REDIRECT --to-ports 8443 iptables -t nat -A OUTPUT -d $ADDR -p tcp --dport 443 -j REDIRECT --to-ports 8443 iptables -t nat -A PREROUTING -d $ADDR -p tcp --dport 443 -j REDIRECT --to-ports 8443

4. Additional configuration
   1. Ubuntu
      1. Save the rules in the canonical place to be reloaded on boot:

         No Format
         iptables-save > /etc/iptables.rules

      2. Create a script to be run by the network startup infrastructure that will reload the iptables whenever the network is configured on:

         No Format
         cat << EOF > /etc/network/if-pre-up.d/iptablesload #!/bin/sh iptables-restore < /etc/iptables.rules exit 0 EOF

5. Test by accessing your server both locally and remotely by the port-80 URL. Then reboot the machine and try it again to be sure the iptables commands are run correctly on boot.

Fedora

Several of the same assumptions/caveats as Ubuntu (above) apply:

• This assumes you are running Tomcat on port 8080.
• These steps do not redirect the HTTPS (HTTP on SSL) port, although that should be quite easy and straightforward to add if necessary, by adding iptables commands using the existing ones as a pattern.
• These steps require root privileges.

1. Run this iptables command to redirect all port 80 requests to port 8080.
   2. Fedora
      1. Save the rules to be reloaded on boot:
         1. The cleaner/preferable method, but apparently not working:

            No Format
            /sbin/iptables

   -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

   1. 1. 1. -save

         2. Hacky, but works: manually edit /etc/sysconfig/iptables
   Save the rules in the canonical place to be reloaded on boot: No Format/sbin/iptables-save
   1. 2. Update the startup settings so iptables will run upon reboot:

         No Format
         chkconfig --level 35 iptables on

2. Test by accessing your server both locally and remotely by the port-80 URL. Then reboot the machine and try it again to be sure the iptables commands are run correctly on boot.

...