On Jan 16, 2015, at 4:34 PM, Jorge Solórzano <jorsol(a)gmail.com>
wrote:
Hi Stuart,
How will be handled the bind to low ports? will be needed to run the load-balancer as
root or some user with privilege to bind in 80 or 443?
What OS?
Assuming Linux there are options, and I recommend A) unless you care about the minuscule
CPU cycles spent in kernel netfilter code spent rewriting the packet:
A. iptables rule or firewalld rule
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
-or if you use firewalld-
sudo firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
B. Using setcap to grant perms for java to bind lower ports:
sudo setcap cap_net_bind_service=+epi $JAVA_HOME/bin/java
sudo setcap cap_net_bind_service=+epi $JAVA_HOME/jre/bin/java
If you get an error about libjli.so, you will need to add it to an ld config:
sudo echo $JAVA_HOME/jre/lib/amd64/jli/libjli.so > /etc/ld.so.conf.d/libjli.conf
sudo ldconfig | grep libjli
This should return:
libjli.so -> libjli.so
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat