Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Feature Request: support jsvc for starting tomcat
https://bugzilla.redhat.com/show_bug.cgi?id=761623
Summary: Feature Request: support jsvc for starting tomcat
Product: Fedora
Version: rawhide
Platform: All
OS/Version: Linux
Status: NEW
Severity: low
Priority: unspecified
Component: tomcat
AssignedTo: ivan.afonichev(a)gmail.com
ReportedBy: joe(a)josephdwagner.info
QAContact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
ivan.afonichev(a)gmail.com
Classification: Fedora
Story Points: ---
Type: ---
Created attachment 542672
-->
https://bugzilla.redhat.com/attachment.cgi?id=542672
Proof of concept patches.
Currently, systemd starts tomcat as using the unprivileged account 'tomcat' for
security reasons. This has the side effect of not being able to run tomcat on
privileged ports.
There are two workarounds for this: 1) use iptables to forward port 80 traffic
to port 8080, or 2) use mod_proxy on apache.
A third workaround is to use jsvc to start tomcat as root and then drop
privileges once tomcat has bound to the ports. However, this option is not
supported out-of-the-box.
My attached patches to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat change this
so that the third workaround is supported out-of-the-box. It uses systemd to
start and stop jsvc, which in turn controls tomcat. These patches were tested
successfully on my own system.
Unfortunately, I do not believe these patches are of production quality. I
consider them more to be proof-of-concept code. In addition to the cleanliness
of the code, I have two concerns: 1) my code automatically chooses jsvc when
present; for production, you may want to make it an option in
/etc/sysconfig/tomcat instead, and 2) I'm not sure my patches correctly handle
the pidfile and logging files under jsvc.
I hope, however, that my patches will kickstart the development process. I
believe supporting this third workaround would be a real benefit to RedHat and
Fedora.
--
Configure bugmail:
https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.