很多时候,tomcat是非root账号,直接将8080改成80,tomcat会报错 Java.NET.SocketException: Permission denied。原因是非root用户不能访问1024一下的端口。
为了解决这种问题,有方法如下:1.将当前用户配置到sudo规则里面(待验证);2.再起一个apache,通过apache路由;3.通过iptable重定向。
下面将按照
Mar 14, 2017 9:56:15 AM winstone.Logger logInternal
SEVERE: Container startup failed
java.io.IOException: Failed to start Jetty
at winstone.Launcher.<init>(Launcher.java:154)
at winstone.Launcher.main(Launcher.java:352)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at Main._main(Main.java:264)
at Main.main(Main.java:112)
Caused by: java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Net.java:433)
at sun.nio.ch.Net.bind(Net.java:425)
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:321)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:236)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.server.Server.doStart(Server.java:366)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at winstone.Launcher.<init>(Launcher.java:152)
... 7 more安装iptable,我的是阿里云服务器,iptable包已经安装,但是在lsmod |grep iptable里面找不到,需要自己加载。
rpm -qa|grep iptable
iptables-1.4.7-11.el6.x86_64
iptables-ipv6-1.4.7-11.el6.x86_64
先将tomcat需要的端口,以及80端口在iptable里面开出来,然后service iptables restart,service iptables status查看一下。
再将80重定向到8080
iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 8080
service iptables save
service iptables restart
输入ip验证一下,看看web应用是否可以直接访问。
[html] view plain copy 在CODE上查看代码片派生到我的代码片
cat /etc/sysconfig/iptables
Generated by iptables-save v1.4.7 on Mon Aug 22 10:00:58 2016
*nat
:PREROUTING ACCEPT [1:60]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 8080
COMMIT
Completed on Mon Aug 22 10:00:58 2016
Generated by iptables-save v1.4.7 on Mon Aug 22 10:00:58 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [85:8850]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8080 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8005 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8009 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
Completed on Mon Aug 22 10:00:58 2016
https://help.aliyun.com/knowledge_detail/41315.html
云服务器ECS Linux iptables 关联默认加载异常导致启动报错: modules are not loaded
问题现象
启动或者关闭防火墙没任何的提示以及报错,查看防火墙的运行状态出现类似如下错误:
iptables: Firewall modules are not loaded.
问题原因
iptables 服务的依赖模块没有加载导致启动的时候失败。
解决方法
iptables 服务的运行依赖 iptable_filter 和 ip_tables 2个模块,可以使用 lsmod |grep iptable 命令查看:
lsmod |grep iptable
如果模块丢失,则使用下面命令重新加载,然后重启服务验证:
modprobe ip_tables
modprobe iptable_filter