running red5 on port 80

Question

I have a red5 application http://code.google.com/p/openmeetings that runs under red5, and is accessible on port 5080 and 8443

I've installed it on Ubuntu 10.04

The eventual aim is to have it accessible via https on 443 instead of 8443, but I thought I would initially try on 80 so that any issues were just down to the port configuration and not SSL certificates.

I've tried changing the port from 5080 to 80 in the red5.properties file, but it fails to start.

In the red5.log I have seen

ERROR o.a.coyote.http11.Http11Protocol - Error initializing endpoint java.net.BindException: Permission denied /0.0.0.0:80

In the error.log I have seen

ERROR o.a.coyote.http11.Http11Protocol - Error initializing endpoint java.net.BindException: Permission denied /0.0.0.0:80

and

ERROR org.red5.server.tomcat.TomcatLoader - Error loading tomcat, unable to bind connector. You may not have permission to use the selected port org.apache.catalina.LifecycleException: Protocol handler initialization failed: java.net.BindException: Permission denied /0.0.0.0:80

There is nothing else installed or running on port 80, so I presume that this is a "needs to be root" situation. I would rather not run an Internet accessible web service as root.

I know that Tomcat can run on port 80 by changing “#AUTHBIND=no” to “AUTHBIND=yes” in /etc/default/tomcat6 but I have not been able to find anything similar for red5.

Am I on a hiding to nothing, or is there better way than running as root ?

Thanks!

score 1 · Answer 1 · edited Apr 13 '17 at 12:14

1

You cannot run anything on ports < 1024 on Linux as a normal user. Check this question:

How to run a server on port 80 as a normal user on Linux?

and the related answers.

edited Apr 13 '17 at 12:14

Community

1

answered Jun 29 '11 at 01:36

icyrock.com

1,190
10
17

I think you have missed the point. – shouldbeq931 Jul 02 '11 at 15:28
1

@shouldbeq931 That question has your answers. Linux doesn't allow you to run on ports below 1024 without root, period. You can either run your app as root, use port redirection, use authbind, etc – TheLQ May 21 '12 at 17:20
this should be marked as the answer. – ztron May 21 '12 at 17:21
the above "answers" seem to have missed teh "authbind" part of my question. – shouldbeq931 Jun 13 '12 at 08:46

score 1 · Answer 2 · edited Apr 13 '17 at 12:13

As far as I can tell, red5 has no provision for binding a privileged port and then dropping root privileges back to a normal user account, as many other daemons (such as Apache, tomcat, etc.) do.

Therefore, while you can run it as root and bind to port 80, it will remain running as root, and be quite unsafe.

To work around this, use some sort of port forwarding. For instance, xinetd has port forwarding built in, so if you're already using it for something else, you can set up a simple port forward:

service yourservicename
{
        disable         = no
        type            = UNLISTED
        socket_type     = stream
        protocol        = tcp
        user            = nobody
        wait            = no
        redirect        = 127.0.0.1 5080
        port            = 80
}

score 0 · Answer 3 · answered Jun 21 '12 at 05:31

0

I know that's not what you asked for but maybe using apache or nginx as a reverse proxy for your app might work well.

answered Jun 21 '12 at 05:31

Christopher Perrin

4,741
17
32

running red5 on port 80

3 Answers3