users@glassfish.java.net

Re: Running Glassfish v3 on Port 80 on linux

From: Dominik Dorn <dominik.dorn_at_gmail.com>
Date: Sun, 27 Dec 2009 18:41:08 +0100

Thanks for your replies.

Unfortunately the blog post is for users of solaris, the role based
access is - in this form - not available for linux.

Privbind is the same as the authbind utility which works with LD_PRELOAD
but that is not working on my 64bit only linux.

How "unsafe"/risky is it to run glassfish as root? Can I protect my system
sufficient
with the Security Manager? Or do I need to setup a chrooted environment?

How much performance do I loose when using apache2/mod_jk with glassfish?
Does this work with NIO/Comet ?



2009/12/27 Major Péter <majorpetya_at_sch.bme.hu>

> Or you could use the 'privbind' command, and start the glassfish server
> with an init script.
>
> Peter
>
> 2009-12-27 05:49 keltezéssel, Sathyan Catari írta:
> > see if this gives some tips
> >
> > http://blogs.sun.com/Snjezana/entry/running_glassfish_on_port_80
> >
> > Thx
> >
> > On Dec 26, 2009, at 6:46 PM, Dominik Dorn <dominik.dorn_at_gmail.com
> > <mailto:dominik.dorn_at_gmail.com>> wrote:
> >
> >> Hi,
> >>
> >> I searched for some hours to find current information on whats the
> >> best practice to get glassfish to port 80 on linux without running
> >> it as root..
> >>
> >> I found a solution doing an iptables redirect from 80 to 8080,
> >> and one fronting glassfish with apache/lighttpd and so on...
> >>
> >> Afaik Grizzly has better performance than a apache-httpd -> ajp ->
> >> glassfish solution.
> >> Also I'm not sure how the apache-httpd -> ajp -> glassfish would perform
> >> with comet and asynchronous requests, nio etc.
> >>
> >> What is the best practice to run glassfish with port 80?
> >> I don't want to run it as root, as I'm also using quercus for php and
> >> that would
> >> possibly give an attacker access to the whole machine.
> >>
> >> I'm running gentoo-linux but a general, distribution independent
> >> solution would be best.
> >>
> >> Please share your knowledge!
> >>
> >> --
> >> Dominik Dorn
> >> <http://dominikdorn.com>http://dominikdorn.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
> 


-- 
Dominik Dorn
http://dominikdorn.com
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.