I would like to have my Apache httpd launch as non-route user (httpd) and still listen on port 80/443. This server will be running on a Linux host.
Given that the first 1024 ports are reserved, how would I go about having a reserved port handled by a non-root daemon? Alternatively, can I run my apache on a non-reserved port and have the port's traffic redirect locally to that other port?
You can use iptables for port redirecting:
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
Related
I want to get a response from a remote node.js server by typing my public IP address into my browser. When I type my public IP into my browser on my personal computer, I get "Unable to Connect". My node.js server isn't connected to the World =(
I am running CentOS on a Linode (but I don't think either choice should matter to my question).
Via Terminal on my person computer (a Mac), I can successfully SSH as root into my Linode.
I have installed node.js successfully on my Linode.
I can compile and run a simple server on my Linode.
var http = require('http');//create a server object:
http.createServer(function (req, res) {
res.write('Hello World!'); //write a response
res.end(); //end the response
}).listen(3000, function(){
console.log("server start at port 3000");
});
I've tried:
Setting a hostname.
Changing the "hosts" file on my server.
Changing the port number in my node.js server (3000, 80, 8080, 3001, 0.0.0.0, etc).
Read literally 100 articles today about how to deploy a node.js server.
Searched Google, Stackoverflow, Linode forums, etc for threads that might help me.
I have zero idea what I'm doing wrong and would be so grateful for your help.
I eventually found the answer, thanks to Saddy's suggestion that the problem might be port forwarding.
1. I decided to use ports 3080 and 3443 for my node server.
2. I SSHed into my CentOs instance.
3. I disabled the default firewall, firewalld.
4. I set up port forwarding using iptables with the following commands:
firewalld stop
firewalld disable
iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 25 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3080
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3443
iptables-save > /etc/sysconfig/iptables
After this, I was able to access my node server via a browser.
I have a simple Python server on a DigitalOcean Ubuntu droplet that should serve the index.html file in the /dist folder:
port = 8000
os.chdir(os.path.join(os.path.dirname(__file__), 'dist'))
Handler = http.server.SimpleHTTPRequestHandler
httpd = socketserver.TCPServer(('', port), Handler)
print('Serving at port ', port)
httpd.serve_forever()
I ran 'sudo ufw allow 80/tcp' to open the firewall and if I run ufw status it shows port 80 as being open to everybody. I ran 'sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8000' to redirect traffic from port 80 to port 8000.
If I run nmap from another box, the only open port is ssh on 22. Port 80 is filtered. Navigating to the host in my browser results in a connection timeout. What could be causing this?
It turns out I had to enable the DigitalOcean firewall and apply the correct rules, otherwise without the firewall it was just blocking ports by default.
It's my first time when I try configure a server running on Amazon EC2.
I figured out how run my node app on 80 port but now I'm trying to run on 443 port with Letsencrypt SSL. Before to work on 80 port I added
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3000
and
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 3000
and everything worked fine. But now after install Letsencrypt I try to do same thing but with 433 port instead 80 and it's not working.
Letsencrypt config automatically for me all files so now redirect from http to https is working fine and when my iptable is empty on https:// I see ubuntu default website. When I run lines mentioned above with 443 port app is still not working (browser can't even load anything). It's only working with http:/...:3000
I've added 443 port to Security Groups on EC2.
What I can do? Thanks.
You need to check your security group Inbound/Outbound rules, you need to see if port 443 is assigned to which host. A valid but dangerous configuration, just for testing, is allow everything on Inbound and Outbound, to see if its a problem on your Security Group.
Beyond that, you need to be sure if the binding port is listening. Are you using Amazon Linux?
I have deployed a node application that listens to port 5000 on a free usage tier ubuntu machine from AWS.
I've followed suggestions from:
How to start node.js on port 80 on a linux server?
and from: Best practices when running Node.js with port 80 (Ubuntu / Linode)
Answers to both these questions suggest port forwarding and I have done the same. But my server still doesn't respond to requests on port 80.
Is there a way I can check if the port forwarding was successful?
The permission settings to listen to HTTP requests have been setup through the AWS console.
Also there is nothing listening to port 80 on the machine as of now. netstat -l | grep :80 comes up empty.
The server runs fine if I access it as: http://<elastic-ip>:5000
You will not see port 80 listening since there is no daemon using that socket; the kernel is performing a packet redirect.
To check how many packets traversed the port forwarding rule you set up, inspect the PREROUTING chain on the nat tables with sudo iptables -t nat -L PREROUTING -n -v. It will show output like:
Chain PREROUTING (policy ACCEPT 15 packets, 1226 bytes)
pkts bytes target prot opt in out source destination
3 180 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3000
If you are testing from localhost, you must also redirect on OUTPUT since PREROUTING isn't used by the loopback interface. Do that with
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3000
And of course, check that port 80 is open to allow external traffic.
I want to remove switch from port 8080 on my Apache Tomcat on Linux server CentOS 6.5 to the default. On My hosted Apache Tomcat server is running on port 8080 on url vmx15978.hosting24.com.au:8080. After I have installed the Geoserver software on the Apache server the url for it is http://vmx15978.hosting24.com.au:8080/geoserver/web/.
My website domain is links-map.com. Currently I can access Geoserver by this URL: links-map.com:8080/geoserver/web; However, I want to access Geoserver without 8080 using this URL instead: http://links-map.com/geoserver/web/
I had the same problem. It means I need to change port number from 8080 to 80 so that I can access my url (e.g www.mydomain.com) without appending 8080. But I found a different way to solve the problem.
Instead of changing port number in server.xml. I redirected port number 80 to 8080 using the following script. This works perfectly fine for me.
[root#myroot ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
[root#myroot ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080
Please find more at this link
taken from here
in your tomcat install dir, look for server.xml file.
change
<Connector port="8080" ...
to
<Connector port="80" ....
or any other port (80 is the default without specifying port)
don't forget to restart tomcat to apply changes
sudo service tomcat7 restart
Even after changing port 8080 to 80 we won't be able to access tomcat with it, as 80 is a privileged port, so it should be run by root,
Hence we can change Tomcat user to root as below and issue will be resolved, now we will be able to open tomcat site without 8080.
$ cat /etc/tomcat6/tomcat6.conf |grep USER
TOMCAT_USER="root"
Note: It is not recommended to run tomcat with root user.