1

I'm currently trying to set up my first V-Server (CentOS 7) with Tomcat to run a Web-App.

Everything works fine now, but I am facing one last problem that stops me from releasing it:

I can only access my Tomcat WebApp via exampledomain.com:8080/WebAppName/ but I would love it to just be exampledomain.com/WebAppName/.

After hours (literally like 20) I haven't come up with a solution, but having the user to always type 8080 is not an option for me.

I would be extremely happy if somebody had a solution or tip for me.

Thanks in advance!

Piotr P. Karwasz
  • 5,292
  • 2
  • 9
  • 20
zunkelty
  • 23
  • 3

2 Answers2

2

For completeness' sake, on most systems you can run Tomcat directly on port 80 (as an almost unpriviledged user). The only privilege it requires is the CAP_NET_BIND_SERVICE capability.

This can be accomplished twofold:

  1. [This requires SystemD v229 or later, so it excludes Centos 7] By asking SystemD to run Tomcat with this capability:

    systemctl edit --full tomcat.service

and add:

    AmbientCapabilities=CAP_NET_BIND_SERVICE

to the [Service] section.

  1. By running Tomcat through authbind (cf. this blog post), which allows a further restriction of the CAP_NET_BIND_SERVICE capability: e.g. you may configure Tomcat to be able to bind port 80 only.
Piotr P. Karwasz
  • 5,292
  • 2
  • 9
  • 20
0

You should add a reverse proxy in front of your Tomcat. And you should either alter Tomcat to only listen in 127.0.0.1 or shut access on port 8080 in the firewall.

Two examples of software you can use are Apache and nginx. With Apache you would use ProxyPass and ProxyPassReverse as such: 

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/

With nginx it would be 

location / {
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   Host      $http_host;
    proxy_pass         http://127.0.0.1:8080;
}
Frands Hansen
  • 4,617
  • 1
  • 16
  • 29