0

I was getting this error when running systemctl restart tomcat in my $CATALINA_HOME/logs/catalina.out log file: https://pastebin.com/Cpfs9xCk

So I followed this post online: https://confluence.atlassian.com/confkb/permission-denied-error-when-binding-a-port-290750651.html

  1. If using Linux 2.6.24 or later, you can set up a file capability on the java executable, to give elevated privileges to allow opening privileged ports only, and no other superuser privileges:

setcap cap_net_bind_service+ep /path/to/bin/java After setting this you may notice errors when starting Java like this, for example:

$ java -version /path/to/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory This means that the library is being imported from a dynamic path, and not in the trusted ld.so path. See http://bugs.sun.com/view_bug.do?bug_id=7157699 for details. To fix this, you need to locate the library, and add its path to the ld.so configuration. Note that the below is an example, and this may differ depending on Linux distribution. Replace JAVA_HOME with the correct location:

$ find JAVA_HOME -name 'libjli.so' JAVA_HOME/lib/amd64/jli/libjli.so
echo "JAVA_HOME/lib/amd64/jli" > /etc/ld.so.conf.d/java-libjli.conf ldconfig -v After setting this all up, you need to make sure that Confluence only starts java with the direct binary path, and not via a symbolic link, otherwise the capability will not be picked up.

So I ran this command: setcap cap_net_bind_service+ep /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64

And I'm getting what it says I might get:

 $CATALINA_HOME/logs/catalina.out 
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory

I did what they said to fix it but it's still not working and I'm still getting the above error:

$ find $JAVA_HOME -name 'libjli.so'
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/lib/amd64/jli/libjli.so
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/lib/amd64/jli/libjli.so

I have two of these for some reason. I created this file with the paths, but I'm still getting the error and my tomcat isnt starting. 

$ cat /etc/ld.so.conf.d/java-libjli.conf
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/lib/amd64/jli
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/lib/amd64/jli
Philip Rego
  • 190
  • 1
  • 4
  • 12
  • dear Philipp please get the output of netstat - an|grep :80 and lsof |grep :80 – djdomi Aug 12 '19 at 14:34
  • @djdomi neither print anything. nothing is running on port 80 since tomcat isnt starting. I'm not getting that error in the pastebin after I followed the article now I have this different error. – Philip Rego Aug 13 '19 at 02:15
  • it seems that not all is showing all as it tells at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) ... 12 more and there are a other line with 13 more, so please check /var/log/apache*** where *** is the tomcat folder - but confluence wont be easy to run as i remember from my knowledge of projects... i hope you have a strong mental feeling about it :-) – djdomi Aug 13 '19 at 06:10
  • in case you look for specific files, use apt install apt-file && apt-file update && apt-file search libjli.so – djdomi Aug 13 '19 at 06:17
  • @djdomi im not getting that error thats in the pastebin. I'm getting the error in $CATALINA_HOME/logs/catalina.out posted above, but I'm not sure how to fix it. – Philip Rego Aug 17 '19 at 22:01
  • $ find JAVA_HOME -name 'libjli.so' JAVA_HOME/lib/amd64/jli/libjli.so # echo "JAVA_HOME/lib/amd64/jli" > /etc/ld.so.conf.d/java-libjli.conf # ldconfig -v – djdomi Aug 18 '19 at 08:57
  • @djdomi I tried that but it's not working. https://pastebin.com/EuH8iVhK – Philip Rego Aug 19 '19 at 03:32
  • ok, so now we really need to debug it - # run strace program ## where programm is your executable to see where it awaits the files – djdomi Aug 19 '19 at 09:47
  • @djdomi When I was trying to debug I noticed my server was hacked and running a crypto miner so I reinstalled CentOS. I decided to setup the server this way as a sysV service, and it's working fine. https://docs.spring.io/spring-boot/docs/current/reference/html/deployment-install.html My only issue now is the iptables won't persist port forwarding port 8080 to port 80. I have to run iptables commands at each restart. https://serverfault.com/questions/980681/how-to-forward-port-80-to-another-port-on-the-samemachine-permenatly-on-centos7 – Philip Rego Aug 26 '19 at 01:19
  • install nginx and configure it as reverse proxy with cache enables, this will speed up – djdomi Aug 26 '19 at 04:29
  • @djdomi I think I'll do that because I'm also getting this error trying to user certbot "Please add a virtual host for port 80." nginx might help with it. – Philip Rego Aug 26 '19 at 04:58
  • i added for you how to do that with nginx as reverse with caching, you may need to pdate that with your config and i would be glad if you can mark this as answer :) – djdomi Aug 26 '19 at 05:35

1 Answers1

0

Sofar I add the complete way for the nginx part, as the apache-tomcat has been solved by a reinstallation

mkdir /var/cache/nginx/cache
chown nginx:nginx /var/cache/nginx/cache


Now Edit nginx.conf below the http section

###New cache settings as default
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=hd_cache:10m max_size=10g inactive=2d use_temp_path=off;
proxy_cache_methods GET HEAD POST;
proxy_cache_valid 200 302 3d;
proxy_cache_valid 404      1m;

edit /etc/nginx/sites-avaible/yoursite.com

#http to https redirect
server {
        server_name yoursite.com *.yoursite.com;
        listen 80;
        return 301 https://$host$request_uri;
}

#https server
server {
        proxy_read_timeout 3600;
        listen 443 ssl http2;
        server_name yoursite.com *.yoursite.com;

#a special location in case don't cache this file can be deleted
location updater/serversettings.xml {
          expires -1;
          add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
        }

                #The root/rest will be redirected
                location / {
                        proxy_cache             hd_cache;
                        proxy_set_header        X-Cache-Status $upstream_cache_status;
                        proxy_cache_valid       200 1w;
                        proxy_pass              https://10.10.200.4;
                        proxy_set_header        Host $http_host;
                        proxy_buffers           16 8m;
                        proxy_buffer_size       2m;
                        gzip on;
                        gzip_vary          on;
                        gzip_comp_level    9;
                        gzip_proxied       any;
}
    #SSL Cert section, as we require ssl, using certbot LetsEncrypt
    ssl_certificate /etc/letsencrypt/live/yoursite.com-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/yoursite.com-0001/privkey.pem; # managed by Certbot
}

Now Enable this site.

ln -s /etc/nginx/sites-avaible/yoursite.com /etc/nginx/sites-enabled/yoursite.com

and run

service Nginx reload

This Setup works fine for a WordPress site, I encounter a page speed counter of 95+

djdomi
  • 1,377
  • 3
  • 10
  • 19