Chris,
On 15.03.2018 13:34, Cheltenham, Chris wrote:
Andre, You probably missed where I had mentioned the infrastructure group poo poo'd altering iptables for whatever reason. Here is what I think are my 5 best choices for running tomcat as a non root user on a privileged port. 1) redirect 443 to 8443 on the load balancer. VIP side. 2) iptables 3) jsvc 4) authbind 5) set cap I do NOT have control of the VIP so I can only make suggestions based on what I have control of.
I don't understand. I always make suggestions for areas that I don't have control of. It'd be frightening if I didn't, because that would mean that I'd control too much. IMHO 1 is the best point: The loadbalancer balances something anyway - you'd just document the application it should balance and the ports it should be available under. You probably can't tell them they need to bind another port than 443 /on their frontend/, but you should certainly be able to tell them where your application lives that they should connect to in the backend. That's a configuration they'd have to make anyway and I hope they'd not be opposed to entering a port number.
Therefore, the latter three are what I am looking into. I do not like set cap because it opens up ALL the privileged ports to a binary , such as java or http. Authbind is an install of a potentially buggy or unsecure software.
another reason for 1...
I am not really sure how my post warranted so much attention but I appreciate it.
well, you posted a question, gave the background - that's what this list is for.
Olaf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
