I'd like to block port 8080, because people are able to access my website at www.foo.com:8080, which I don't want. People should only be able to access www.foo.com. I'm using Apache on port 80 and mod_proxy to redirect calls to Tomcat on 8080.
I'm kind of at a loss. Any help is greatly appreciated.
Thanks!
Try using mod_proxy_ajp instead for request forwarding to Tomcat. Then configure the Tomcat instance with an AJP connectior only (and no HTTP connector). This way, it cannot be accessed directly with a browser.
Anyway it's always a good idea to introduce a firewall as mentioned in the comments, for only exposing services you want to be available.
Related
I want to configure both apache and yarn servers on the same machine. Default web port is 80 and 443 for ssl as far as I know.
Is that possible for both services to share the same ports? What I need is:
http(s)://example1.com - go to apache server
http(s)://example2.com - go to yarn
I know I can configure it so I call:
http(s)://example1.com:3000 or other port. It's not intuitive for users however.
Or... make htaccess rule to redirect example1.com:80 to example1.com:81 for example? Or somehow internally redirect from apache to yarn...? :)
I'm pretty newbie in configuring servers... I always used default settings and vhosts and it was just enough. In fact I've never work with yarn at all so any advices will be appreciated.
Solved:
apache in vhosts configuration is redirecting specific domain traffic from :80 to :3000 and node is run on 3000 port.
In my opinion you can using haproxy or squid proxy, to loading balancing, or you can set on domain server to set pointing the domain, but you must set other port on of app, on this case we must try to easy access without type the port on the address bar
I have an ubuntu server with three services, one running on port 8080, one running on port 8181 and apache running on 80.
My question is, is there a way I can "view" the services web interface on port 80, depending on the URL?
Currently I have to access the services by:
service.domain.com:8080
and
service.domain.com:8181
what I want is:
service1.domain.com to access the service on 8080 without having to include the port and
service2.domain.com to access the service on 8181 without having to include the port
is something like this possible? I was thinking there was a way to do it via virtual hosts, but I cannot think of a clear way to phrase my question to be able to google it further.
Figured it out, thanks to this post:
Multiples domains pointing to differents ports in apache server
Just needed to setup a Reverse Proxy.
I have recently bought Amazon EC2 server.
Instead of installing it trough command line, I downloaded the latest zip file and deployed my application in WebApps folder.
The problem is tomcat is listening all the requests on port 8080 instead of 80.
I have tried changing the server.xml file in conf folder but no help!!
It is still listening to port 8080.
How do I make it listen to port 80
Oddly enough, Tomcat has its own documentation about doing this:
http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F
Probably the most straightforward way on *NIX is to use jsvc which is a small utility that works by binding to a port, dropping privileges, and then launching Tomcat, which can then use lower-numbered ports.
There are a bunch of other ways, but jsvc is the easiest and offers some other benefits as well. Discovering those benefits is left as an exercise for the reader.
The following would apply toward various systems, while the second link would related toward windows based systems.
First link :http://www.klawitter.de/tomcat80.html
Second link:
http://javarevisited.blogspot.com/2011/12/how-to-change-tomcat-default-port-8080.html?m=1
Ok. So finally I figured out way to solve this problem.
First of all i was doing it wrong way. One should not open port 80 for tomcat7. Tomcat7 should always run port 8080 or anything which is greater than 1024.
So to make your web site work without port. Follow below steps.
Install Apache2. (By default it runs on port 80).
Go to localhost and make sure apache2 is installed properly.
Then you will have to redirect all the requests which are going on port to redirect to port 8080.
To do that follow below link. (this is important step)
https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension
Hope this answer helps!!!
Thanks
Fahad Mullaji
I wouldn't recommend doing that, for what it is worth...
That could work in theory, but you are literally using httpd as a proxy to forward every request. There isn't much of a reason, IMHO, to choose this over simply changing the port to 80 in the Tomcat configuration and ditching httpd. You can use port 80 for Tomcat but historically, in production environments, httpd is generally used to serve static assets and such and dynamic content would be served by Tomcat. Generally one would install mod_jk and use the jkMount directive to connect Tomcat to httpd via AJP, which is a lot faster being a binary protocol than using HTTP.
There used to be a much bigger difference in terms of performance, here.
Tomcat is able to serve static resources via its DefaultServlet pretty well these days.
For AJP setup, see the documentation here:
https://tomcat.apache.org/tomcat-4.0-doc/config/ajp.html
Basically i want my tomcat to run on PORT 80 how do i do that because whenever i have to access something then i have to go for localhost:8080/resource but instead i want to use the link as only localhost/resource how do i achieve this?
Currently on my machine apache is running on 800 port and tomcat on 8080.
it seems you are looking for something called Reverse Proxy. Using Reverse Proxy, you will have
apache on 80 port
tomcat on 8080 port
so when access http://xxx.test.com/resource, the request first go though apache, apache then pass the request tomcat, tomcat do the corresponding things and return response to client.
have a look at:
http://www.apachetutor.org/admin/reverseproxies
mod_jk: http://tomcat.apache.org/download-connectors.cgi
Tomcat documentation has a HOWTO for this.
http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html
Its a good practice to never expose Tomcat directly internet. You can use Apache for serving static content and send only those requests to tomcat that need dynamic content.
In server.xml find the element that reads
Connector port="8080"
and change it to 80. Save and restart tomcat.
Just make sure that apache is running on port 800 otherwise it will now clash with tomcat.
To modify the HTTP port for Tomcat, modify the configuration file server.xml (located in Tomcat's conf directory). Find the HTTP connector element (that is currently configured to port 8080), change the port number to 80, and restart Tomcat.
Note that this is not going to work if any other running service is currently bound on port 80.
I am running IIS and Apache HTTP Server side-by-side on my localhost machine, and Apache is listening on a different port (port 81). IIS is listening to port 80. However, I can only get to my virtual domains for Apache if I type in that port number. So for instance:
http://virtual.myvirtualdomain.com:81
http://virtual.myvirtualdomain2.com:81
How can I make it so Apache automatically knows it is port 81, and does not force me to type in the port number?
EDIT:
The answer appears to be that I need to redirect IIS to Apache. Can anyone provide clarification on how that is done with IIS 5.1?
It's not a matter of telling Apache, it's a matter of the browser knowing what to connect to. You're either going to have to have IIS redirect to Apache, or give up.
You have to type in the port number so your client knows where to connect to. This has nothing to do with the server.
On Unix systems you might be able to modify your /etc/services to list 81 as port for http. But that would effectively disable access to all websites that are located on port 80.
Alternatively you can configure your IIS on port 80 to locally proxy requests for the sites which are on apache. Then all clients would ask the IIS for a page, which would make a local connection to port 81.
I did some more research and it turns out that you can't redirect IIS 5.1 to Apache because that would require multiple Web sites (setup as redirects to the virtual hosts on Apache on port 81). This is because IIS 5.1 on Windows XP Pro can't do multiple Web sites (running at the same time without the scripting hack). Oh well.
How about you swap it? Make Apache listen on port 80, IIS on port 81 for whatever you need and have Apache redirect? Apache shouldn't be restricted to the same one-website per machine that IIS 5.1 is.
You can't. The 81 is telling your browser where to look for Apache.
You can't.
It's the job of your web client to specify the port, and until you do specify that port it won't even reach Apache.
What you could potentially do is have IIS also listen for the same HTTP/1.1 virtual hosts, and then arrange for it to issue a 302 Moved redirect to send your browser to the right port number.
Alternatively, run a second IP address on your machine, and bind IIS to the original IP address and Apache to the second. That way you don't need to use different ports at all.
There is no way to do exactly what you ask. About the only way would be to configure IIS -- for the virtual domains being served by IIS -- to forward to Apache on port 81. With this configuration, the client would not be aware that their requests were passing through IIS on their way to Apache. A little less efficient, but it would solve your needs.
When an url is typed, there is a certain port that the browser has to use to connect to the site. 80 is the default port that the server checks. If you need to connect to any other port via a browser, you would need to have the port number in the url. It is not apache that is forcing you to type 81, but rather your browser because it is set to use 80 as the port when a port number is not specified.
If you were to change apache's port to 80 and IIS port to 81, then you be able to connect to apache without the port number but you will need to use the port number when using the IIS webserver.
Not sure what the others idea is behind using apache to redirect to IIS. It sounds like to me that if you make an entry in httpd.conf of apache for IIS directory, then you be using apache to connect to the directory, not IIS.
You could set up a domain and have it connect to apache via port 81. That is one way to hide the port number (might be not true. I have never tried apache on port other than 80).