mtbtaizo
Contributor
Contributor

Change HQ-Server port from 7080 to 80

Jump to solution
Hi

I tried to start HQ-Server changed port from 7080 to 80.
I changed the value of server.webapp.port in hq-server.conf.
But I got error when I started the HQ-Server.
Of course the other programs don't bind 80 port.
Can't HQ-server use 80 port?

I found following errors in server.log.
~~~~~~~~~~~~~~~~~~~~
ERROR [org.hyperic.util.notReady.NotReadyManager] Unable to start
Tomcat connectors: LifecycleException: Protocol handler start failed: java.net.BindException: Permission denied:80
LifecycleException: Protocol handler start failed: java.net.BindException: Permission denied:80
~~~~~~~~~~~~~~~~~~~~
2007-05-10 15:49:52,020 INFO [org.apache.coyote.http11.Http11Protocol] Pausing Coyote HTTP/1.1 on http-0.0.0.0-80
2007-05-10 15:49:52,025 ERROR [org.apache.tomcat.util.net.PoolTcpEndpoint] Socket error caused by remote host /123.456.789.0ab.java.net.SocketException: Connection reset

Thanks,
mtbtaizo
0 Kudos
1 Solution

Accepted Solutions
deeboh
Enthusiast
Enthusiast
in the short term, what we've done is setup a proxy server so that requests to/from 7080 <--> 80 are served up. eventually to keep the IT boys happy we'll use a stunnel or squid.

hope this helps,

Deeboh

View solution in original post

0 Kudos
8 Replies
excowboy
Virtuoso
Virtuoso
You need to be root to start programs that use ports<1024.

Hyperic HQ Server doesnt want to start as "root", so I would try to connect HQ Server with a "true" webserver like Apache(mod_proxy) using a SSL-Connection and deny the access to port 7080.

Message was edited by: excowboy
BradFelmey
Hot Shot
Hot Shot
This was a terrible decision by Hyperic. I worked around it by setting up Apache with a no-delay redirect to the proper port.

I should still have the option to start HQ as root, in my opinion. There's only one guy who gets to decide what is appropriate security for my environment, and that's me.
0 Kudos
deeboh
Enthusiast
Enthusiast
in the short term, what we've done is setup a proxy server so that requests to/from 7080 <--> 80 are served up. eventually to keep the IT boys happy we'll use a stunnel or squid.

hope this helps,

Deeboh
0 Kudos
admin
Immortal
Immortal
> This was a terrible decision by Hyperic. I worked
> around it by setting up Apache with a no-delay
> redirect to the proper port.
>

The main reason for this is that postgres won't run as root without some code changes. Rather than have the HQ installer be stuck with the task of creating a new user to run the database, we chose to force the installation to happen as a non-root user.

On windows we do patch the postgres sources to work around this, but I'm hesitant to do this for other platforms.

Like you say, putting a proxy in front of HQ is probably the best solution for the time being. I could probably write up a small HOWTO document on run the server as root after the initial installation. It would only require manually creating the postgres user, changing some file permissions and the db-* scripts.

What do you think?

-Ryan
0 Kudos
BradFelmey
Hot Shot
Hot Shot
I would like that HOWTO very much.
0 Kudos
deeboh
Enthusiast
Enthusiast
sounds good to me as well.

Thank in advance,

Deeboh
0 Kudos
mtbtaizo
Contributor
Contributor
Thank you all for info.
I used Apache+mod_proxy taking your advices.

FYI
I edited httpd.conf as bellow.

ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
ProxyPass / http://example.com:7080/
ProxyPassReverse / http://example.com:7080/

mtbtaizo
0 Kudos
JohnMarkOrg
Hot Shot
Hot Shot
Hi there,

Thank you for posting this. Hopefully it will be helpful to others, too.

-John Mark

0 Kudos