While there is some information out there on the Intertubes covering how to implement 80-->8080 port on a Linux box, they mainly pertain to single instance servers. The below iptables-restore input snippet works just great for such a setup:

*nat
#valid for tomcat listen to everywhere
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

#-A PREROUTING -j LOG --log-prefix "iptables routing: "  --log-level 7

COMMIT

But this configuration fails if your tomcat is configured to listen to a specific IP, as in when sharing a single server with multiple web servers. (Note the proxyPort attribute. This is important too.)

    <Connector port="8080" 
               proxyPort="80" 
               address="2.3.4.5"
               protocol="HTTP/1.1"
             >

No fear! A slightly more verbose iptables configuration file will do the trick!

cat /etc/iptables.up.rules
*nat
-A PREROUTING --dst 2.3.4.5 -p tcp --dport 80 -j DNAT --to-destination 2.3.4.5:8080
-A PREROUTING --dst 2.3.4.6 -p tcp --dport 80 -j DNAT --to-destination 2.3.4.6:8080
-A PREROUTING --dst 2.3.4.7 -p tcp --dport 80 -j DNAT --to-destination 2.3.4.7:8080

#-A PREROUTING -j LOG --log-prefix "iptables routing: "  --log-level 7

COMMIT

Presto! I worked this out with a bit of experimenting and a blog post I found: "Non-root Tomcat on Port 80 on a VPS without Apache"

Add a comment

Posted by Stu Thompson on 20 May 2010 09:09:00 CEST #