1

I have Apache running Solaris using the mpm module, and it listens on port 8080. Every once in a while, someone will start up a Tomcat instance on the same host. The has the affect of directing all the traffic to Tomcat. Once Tomcat is shutdown, traffic resumes to Apache. I'd like for Apache to bind this socket exclusively, so other processes get an error. Is this possible?

Note, this is a dev box, so it's not possible to restrict who logs on, or what programs they run. Yes, it is possible, and quite easy to change the Tomcat port. The problem is this is the default tomcat port. So a developer untar's Tomcat, starts it up, and then I notice I'm getting Tomcat 404 errors instead of Apache content. This leads me to tracking down the developer and telling them to change their default port. Ideally, Tomcat would just fail.

When Java binds a port, it binds it in exclusive mode, and another process cannot listen on the same port. Apache seems to bind the port in shared mode. I wouldn't think this would be required with the mpm module, but it seems to be the default. I'm looking for a compiler option or config option that will bind the port in exclusive mode.

brianegge
  • 1,064
  • 2
  • 14
  • 23
  • Any chance you can set tomecat to use an alternate port? Or how about setting it to bind to a different IP address (127.0.0.1)? – Zoredache Nov 26 '09 at 04:15
  • I'm confused -- I've never heard of a shared-mode port. Is this a Solaris-ism? – pboin Nov 26 '09 at 10:28
  • No, Apache uses the SO_REUSEADDR, so it can do a graceful restart. That is, it will launch a new version of itself, listening on the same port, and shut the current version down. This allows requests to be completed, while new requests go to the new process. – brianegge Nov 27 '09 at 05:57

4 Answers4

4

You can turn port 8080 into a privileged port by running this command:

ndd -set /dev/tcp tcp_extra_priv_ports_add 8080

This will require anyone who wants to use port 8080 have the net_privaddr privilege (which you can assign to your smf(5) service start method, or to an rbac(5) profile you assign to yourself.

Note that the ndd command doesn't persist across reboots, so you need to either create your own smf(5) service or use an legacy rc script.

Martin
  • 809
  • 4
  • 6
2

Listeners don't really just bind to a port--they bind to an address and a port. It could be that apache is binding to 0.0.0.0:8080 (sometimes written *:8080), while tomcat is binding to port 8080 on a specific interface. In that case, both binds could coexist, and the interface-specific bind would take precedence over the wildcard bind. That may be what's happening to you.

The simplest fix would be to have apache do an interface-specific bind rather than (or in addition to) doing a wildcard bind.

In short, look for the Listen lines in your apache configuration. If you see a line like:

Listen 8080

or

Listen 0.0.0.0:8080

Add another line like:

Listen 1.2.3.4:8080

where 1.2.3.4 is the host's IP address.

Kenster
  • 2,152
  • 16
  • 16
0

You shoul open this port for listening by some small application. Apache startup script will kill that application, and start normally :))

kolypto
  • 11,058
  • 12
  • 54
  • 66
-1

Typically when a Tomcat instance is started or restarted it will also restart Apache which will cause Apache to lose any ports it had previously bound if Tomcat gets them first. In this case, you would need to edit the tomcat.conf file to listen on a port that Apache will not be using. This will likely mean you need to change your Apache configuration as well so it will work correctly with Tomcat again.

Jeff Atwood
  • 13,104
  • 20
  • 75
  • 92
Brent Frye
  • 31
  • 2