JBOSS Port Redirection

As for the subject to run jboss over port 80 in linux systems, the problem is that linux security model does not allow unprivileged users to use port 80. In my point of view,  best way to achieve this is port forwarding.

First jboss server.xml must be changed. In this file proxyPort parameter must be set to 80.

# vi $JBOSS_HOME/server/$JBOSS_CONF/deploy/jboss-web.deployer/server.xml

….

<Connector port="8080" proxyPort="80" address="${jboss.bind.address}"

….

Then using iptables rules, port 80 is forwarded to 8080.

# iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT --to-ports 8080

# iptables -t nat -A OUTPUT -d <server_ip> -p tcp --dport 80 -j REDIRECT --to-ports 8080

# iptables -t nat -A PREROUTING -d <server_ip> -p tcp --dport 80 -j REDIRECT --to-ports 8080

Start the jboss. That’s it.

If iptables rules are wanted to be permanent:

# /etc/init.d/iptables save

Rules look like following:

# more /etc/sysconfig/iptables

…….

-A PREROUTING -d 127.0.0.1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

-A PREROUTING -d <server_ip> -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

-A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

-A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

-A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

-A OUTPUT -d <server_ip> -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

COMMIT

…….