Search code examples
javatomcatgoogle-cloud-platformgoogle-compute-enginecentos7

Unable to start tomcat with 80 port in Google Compute Engine

I used Google Compute Engine instance with CentOS7 and Tomcat 8.Tomcat server works fine with port 8080 but socket exception occurred when i change port to 80. Tomcat exception is,

org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-80]]
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        ... 12 more
Caused by: java.net.SocketException: Permission denied
        at sun.nio.ch.Net.bind0(Native Method)
        at sun.nio.ch.Net.bind(Net.java:433)
        at sun.nio.ch.Net.bind(Net.java:425)
        at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)
        at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:219)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1087)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:265)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
        at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:993)

My firewall roles, enter image description here

I already followed Google cloud Compute Engine refuse outer access through apache2 But no works.. Please advice .......

Solution

  • As said over here by @gdahlm,

    Ports below 1024 on linux/Unix are "privileged ports", which require elevated privileges to create.

    As you are in GCP (Google Cloud Platform), you have several options.

    Use a high port above 1024 as a non-privlaged user and:

    • Connect to that high port in your url https://foo:8443
    • Use the GCP network or HTTP/HTTPS load balancer to forward port 443 to a high port
    • Leverage IP tables to forward packets from 443 to a high port inside the VM instance
    • Run the service using suid, sudo or other method
    • Grant the _CAP_NET_BIND_SERVICE_ capabilities(7) to the process.

    Those last two options have complex security implications and should be avoided if at all possible.