Skip to main content

Running Glassfish v3 on Port 80 on linux

4 replies [Last post]
Anonymous

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Dominik Dorn

Hi,

I searched for some hours to find current information on whats the
best practice to get glassfish to port 80 on linux without running
it as root..

I found a solution doing an iptables redirect from 80 to 8080,
and one fronting glassfish with apache/lighttpd and so on...

Afaik Grizzly has better performance than a apache-httpd -> ajp -> glassfish
solution.
Also I'm not sure how the apache-httpd -> ajp -> glassfish would perform
with comet and asynchronous requests, nio etc.

What is the best practice to run glassfish with port 80?
I don't want to run it as root, as I'm also using quercus for php and that
would
possibly give an attacker access to the whole machine.

I'm running gentoo-linux but a general, distribution independent solution
would be best.

Please share your knowledge!

--
Dominik Dorn
http://dominikdorn.com
[att1.html]

Sathyan Catari

see if this gives some tips

http://blogs.sun.com/Snjezana/entry/running_glassfish_on_port_80

Thx

On Dec 26, 2009, at 6:46 PM, Dominik Dorn
wrote:

> Hi,
>
> I searched for some hours to find current information on whats the
> best practice to get glassfish to port 80 on linux without running
> it as root..
>
> I found a solution doing an iptables redirect from 80 to 8080,
> and one fronting glassfish with apache/lighttpd and so on...
>
> Afaik Grizzly has better performance than a apache-httpd -> ajp ->
> glassfish solution.
> Also I'm not sure how the apache-httpd -> ajp -> glassfish would
> perform
> with comet and asynchronous requests, nio etc.
>
> What is the best practice to run glassfish with port 80?
> I don't want to run it as root, as I'm also using quercus for php
> and that would
> possibly give an attacker access to the whole machine.
>
> I'm running gentoo-linux but a general, distribution independent
> solution would be best.
>
> Please share your knowledge!
>
> --
> Dominik Dorn
> http://dominikdorn.com
[att1.html]

Major Péter

Or you could use the 'privbind' command, and start the glassfish server
with an init script.

Peter

2009-12-27 05:49 keltezéssel, Sathyan Catari írta:
> see if this gives some tips
>
> http://blogs.sun.com/Snjezana/entry/running_glassfish_on_port_80
>
> Thx
>
> On Dec 26, 2009, at 6:46 PM, Dominik Dorn > > wrote:
>
>> Hi,
>>
>> I searched for some hours to find current information on whats the
>> best practice to get glassfish to port 80 on linux without running
>> it as root..
>>
>> I found a solution doing an iptables redirect from 80 to 8080,
>> and one fronting glassfish with apache/lighttpd and so on...
>>
>> Afaik Grizzly has better performance than a apache-httpd -> ajp ->
>> glassfish solution.
>> Also I'm not sure how the apache-httpd -> ajp -> glassfish would perform
>> with comet and asynchronous requests, nio etc.
>>
>> What is the best practice to run glassfish with port 80?
>> I don't want to run it as root, as I'm also using quercus for php and
>> that would
>> possibly give an attacker access to the whole machine.
>>
>> I'm running gentoo-linux but a general, distribution independent
>> solution would be best.
>>
>> Please share your knowledge!
>>
>> --
>> Dominik Dorn
>> http://dominikdorn.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net

Dominik Dorn

Thanks for your replies.

Unfortunately the blog post is for users of solaris, the role based
access is - in this form - not available for linux.

Privbind is the same as the authbind utility which works with LD_PRELOAD
but that is not working on my 64bit only linux.

How "unsafe"/risky is it to run glassfish as root? Can I protect my system
sufficient
with the Security Manager? Or do I need to setup a chrooted environment?

How much performance do I loose when using apache2/mod_jk with glassfish?
Does this work with NIO/Comet ?

2009/12/27 Major Péter

> Or you could use the 'privbind' command, and start the glassfish server
> with an init script.
>
> Peter
>
> 2009-12-27 05:49 keltezéssel, Sathyan Catari írta:
> > see if this gives some tips
> >
> > http://blogs.sun.com/Snjezana/entry/running_glassfish_on_port_80
> >
> > Thx
> >
> > On Dec 26, 2009, at 6:46 PM, Dominik Dorn > > > wrote:
> >
> >> Hi,
> >>
> >> I searched for some hours to find current information on whats the
> >> best practice to get glassfish to port 80 on linux without running
> >> it as root..
> >>
> >> I found a solution doing an iptables redirect from 80 to 8080,
> >> and one fronting glassfish with apache/lighttpd and so on...
> >>
> >> Afaik Grizzly has better performance than a apache-httpd -> ajp ->
> >> glassfish solution.
> >> Also I'm not sure how the apache-httpd -> ajp -> glassfish would perform
> >> with comet and asynchronous requests, nio etc.
> >>
> >> What is the best practice to run glassfish with port 80?
> >> I don't want to run it as root, as I'm also using quercus for php and
> >> that would
> >> possibly give an attacker access to the whole machine.
> >>
> >> I'm running gentoo-linux but a general, distribution independent
> >> solution would be best.
> >>
> >> Please share your knowledge!
> >>
> >> --
> >> Dominik Dorn
> >> http://dominikdorn.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>
>

--
Dominik Dorn
http://dominikdorn.com
[att1.html]