How do I start JBoss on a privileged port? I want to use port 80 instead of port 8080 (or alternatively, port 443 instead of port 8443). I can change the appropriate configuration files (jboss-web.deployer/server.xml) to change the port that is used, but then I cannot start the server because these are privileged ports. I could run JBoss as root, but I do not feel that that is a secure action to take. I understand that Apache has some mechanism to start as root, bind the privileged ports that will be used, and then switch to a different user. Can JBoss do this? Are there other ways to achieve this?
如何在特权端口上启动JBoss?我想使用端口80而不是端口8080(或者端口443而不是端口8443)。我可以更改相应的配置文件(jboss-web.deployer / server.xml)来更改使用的端口,但是我无法启动服务器,因为这些是特权端口。我可以以root身份运行JBoss,但我觉得这不是一个安全的行动。我知道Apache有一些以root身份启动的机制,绑定将要使用的特权端口,然后切换到其他用户。 JBoss可以这样做吗?还有其他方法可以实现这一目标吗?
Will I face the same issue on Windows?
我会在Windows上遇到同样的问题吗?
1 个解决方案
#1
This is actually an open ticket in JBoss' JIRA. You can see it here.
这实际上是JBoss'JIRA的开放票。你可以在这里看到它。
Straight from the ticket:
直接从机票:
"Many customers want to run JBoss Web on port 80 without running JBoss as root for security reasons. This is usually achieved by fronting JBoss with Apache & using mod_jk to proxy to JBoss or doing NAT on the machine. It would be nice if JBoss could be started as root but have configuration that would change to a non-root user after it has opened the ports such as port 80 for jboss-web, such as Apache and other app servers do. Some customers run on several different operating systems and would like to do this at the JBoss level so they don't have to configure each machine differently."
“出于安全原因,许多客户希望在端口80上运行JBoss Web,而不是以root身份运行JBoss。这通常通过将JBoss与Apache结合并使用mod_jk代理JBoss或在机器上进行NAT来实现。如果JBoss可以以root身份启动,但配置在打开端口(例如Apache和其他应用服务器的端口80)之后将更改为非root用户。有些客户在几个不同的操作系统上运行并且会喜欢在JBoss级别这样做,所以他们不必以不同的方式配置每台机器。“
#1
This is actually an open ticket in JBoss' JIRA. You can see it here.
这实际上是JBoss'JIRA的开放票。你可以在这里看到它。
Straight from the ticket:
直接从机票:
"Many customers want to run JBoss Web on port 80 without running JBoss as root for security reasons. This is usually achieved by fronting JBoss with Apache & using mod_jk to proxy to JBoss or doing NAT on the machine. It would be nice if JBoss could be started as root but have configuration that would change to a non-root user after it has opened the ports such as port 80 for jboss-web, such as Apache and other app servers do. Some customers run on several different operating systems and would like to do this at the JBoss level so they don't have to configure each machine differently."
“出于安全原因,许多客户希望在端口80上运行JBoss Web,而不是以root身份运行JBoss。这通常通过将JBoss与Apache结合并使用mod_jk代理JBoss或在机器上进行NAT来实现。如果JBoss可以以root身份启动,但配置在打开端口(例如Apache和其他应用服务器的端口80)之后将更改为非root用户。有些客户在几个不同的操作系统上运行并且会喜欢在JBoss级别这样做,所以他们不必以不同的方式配置每台机器。“