1

I used Google Compute Engine instance with CentOS7 and Tomcat 8.Tomcat server works fine with port 8080 but socket exception occurred when i change port to 80. Tomcat exception is,

org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-80]]
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        ... 12 more
Caused by: java.net.SocketException: Permission denied
        at sun.nio.ch.Net.bind0(Native Method)
        at sun.nio.ch.Net.bind(Net.java:433)
        at sun.nio.ch.Net.bind(Net.java:425)
        at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)
        at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:219)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1087)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:265)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
        at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:993)

My firewall roles, enter image description here

I already followed Google cloud Compute Engine refuse outer access through apache2 But no works.. Please advice .......

Maxim
  • 4,075
  • 1
  • 14
  • 23
Asanka Anthony
  • 145
  • 1
  • 13
  • A) dont link to **pictures** of content that is text. All of the relevant information should come as [mcve], and nicely formatted/indented text with your question B) I then think that your question might be better suited for segfault.com You are asking how to configure your server setup. This isn't really a programming question. – GhostCat Sep 10 '18 at 12:58
  • This is something that a lot of cloud hosts do. Check your environment variables for something like `PORT`. – killjoy Sep 10 '18 at 13:00
  • Where can i check something like PORT in cloud engine? – Asanka Anthony Sep 10 '18 at 13:03
  • `java.net.SocketException: Permission denied`, users can't open ports below 1024, only root can. – LMC Sep 10 '18 at 13:17
  • Possible duplicate of [google cloud platform: cannot start java https server](https://stackoverflow.com/questions/46356163/google-cloud-platform-cannot-start-java-https-server) – yash Sep 10 '18 at 15:18
  • you should try with sudo – peja Dec 20 '20 at 16:53

3 Answers3

1

A community member previously had a similar issue. He was able to fix his issue by running this command:

sudo setcap cap_net_bind_service+ep /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
dany L
  • 2,456
  • 6
  • 12
1

As said over here by @gdahlm,

Ports below 1024 on linux/Unix are "privileged ports", which require elevated privileges to create.

As you are in GCP (Google Cloud Platform), you have several options.

Use a high port above 1024 as a non-privlaged user and:

  • Connect to that high port in your url https://foo:8443
  • Use the GCP network or HTTP/HTTPS load balancer to forward port 443 to a high port
  • Leverage IP tables to forward packets from 443 to a high port inside the VM instance
  • Run the service using suid, sudo or other method
  • Grant the _CAP_NET_BIND_SERVICE_ capabilities(7) to the process.

Those last two options have complex security implications and should be avoided if at all possible.

yash
  • 2,101
  • 2
  • 23
  • 32
1

Heres the command i used for iptables to forward port 80 to 8080:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

don't forget to do the same for 443

Procrastinator
  • 2,526
  • 30
  • 27
  • 36
Fernando Souza
  • 11
  • 1