191 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Open GitHUB
Mon, Jan 16th 2017 31
IBM support Ubuntu LTS
Thu, Nov 10th 2016 1
Two path to run http server as non-root user
Fri, Sep 23rd 2016 2
dockerize it
Fri, Sep 16th 2016 4
you never stop learning :-)
Tue, Apr 26th 2016 1
non si finisce mai di imparare :-)
Tue, Apr 26th 2016 2
IBM announce: Available for Download: IBM Docs 2.0 and IBM Connections 5.5
Fri, Dec 18th 2015 3
Top 10
Open GitHUB
Mon, Jan 16th 2017 31
Attention, to install IBM Security Directory Server 6.3.x on RedHAT
Sun, Jun 21st 2015 7
Summary of my certification
Wed, Feb 25th 2015 4
IBM Connections 5.0 CR2 is available
Wed, Feb 25th 2015 4
IBM has placed the ConnectED 2015 tracks online for the January 25-28, 2015 event
Mon, Sep 15th 2014 4
dockerize it
Fri, Sep 16th 2016 4
Security Bulletin: Fix Available for Denial of Service Vulnerability in IBM WebSphere Portal (CVE-2015-1943)
Wed, Jul 22nd 2015 3
IBM Connections 5 on W2k12 strange agreement
Thu, Mar 26th 2015 3
Solutions to reduce Total Cost of Setup (TCS), and simplify your life!
Thu, Feb 26th 2015 3
IBM Worklight ready for iOS 8.0
Mon, Sep 22nd 2014 3


Two path to run http server as non-root user
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

When you install and configure your HTTP server on linux and you need to run it with a non-root user,
you can't bind your service on port 80 or 443, because non-root user can't use port lower then 1024.

in this case if you have ipTables active in your server you can redirect your http/s traffic to another ports, in my case i choose ports 1080 and 1443.

you can configure a specific NAT rule to redirect it like:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 1080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 1043

if you need use localhost you must add following rules

iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 1080
iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 1443


to check your configuration

iptables -t nat --line-numbers -n -L

Chain PREROUTING (policy ACCEPT)                                                   
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 1080 2 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 1443


In other case if you have not iptables, you can add your user as "sudoers" in your linux machine.

1. 'Touch' the log files:
   touch /opt/IBM/HTTPServer/logs/access_log
touch /opt/IBM/HTTPServer/logs/error_log

2. Make the following changes in httpd.conf (ensure user 'was run' and group 'was runners' has been created already)
User wasrun
Group wasrunners


3. Change ownership of IHS files:
chown -R wasadmin:wasadmin /opt/IBM/HTTPServer

4. Edit sudoers file (visudo), add the following line:

%wasrunners ALL = (root) NOPASSWD: /opt/IBM/HTTPServer/bin/apachectl *

This means any user in the 'wasrunners' group (prefixed with %) can control (start/stop) the IHS instance as root without needing to enter password. If you only want to allow the user 'wasadmin' to perform this, then remove the '%' to denote a user.





---------------------
http://razioni-k.net2action.com/2016/09/two-path-to-run-http-server-as-non-root.html
Sep 23, 2016
3 hits



Recent Blog Posts
31
Open GitHUB
Mon, Jan 16th 2017 9:48a   Andrea Fontana
Today i open my GitHub Open Source and release some script under Apache 2.0 license you can find it at following link i hope that can be help someone :-)
1
IBM support Ubuntu LTS
Thu, Nov 10th 2016 1:47p   Andrea Fontana
today more then one products of IBM support instalaltion on Ubuntu x.x LTS today you can installo following products of Commerce family IBM Digital Experience 8.5 DB2 IBM Http Server 8/9 WAS 8.5.x / 9.0 a very good opportunity to sales this product, enjoy
3
Two path to run http server as non-root user
Fri, Sep 23rd 2016 9:46a   Andrea Fontana
When you install and configure your HTTP server on linux and you need to run it with a non-root user, you can't bind your service on port 80 or 443, because non-root user can't use port lower then 1024. in this case if you have ipTables active in your server you can redirect your http/s traffic to another ports, in my case i choose ports 1080 and 1443. you can configure a specific NAT rule to redirect it like: iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 1080iptable
4
dockerize it
Fri, Sep 16th 2016 12:47p   Andrea Fontana
Using doker environment you can deploy and shipped in a very short time your applcation. Docker containers wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment. You can: ACCELERATE DEVELOPERSStop wasting hours setting up developer environments, spinning up new instances, and
1
you never stop learning :-)
Tue, Apr 26th 2016 12:13p   Andrea Fontana
Today I have discovered how to reset the password of a user in the file Registry.xml few simple steps and if you forgot the password for your user you can share ... open "wsadmin" in offline mode from the profile ./wsadmin -conntype NONE -lang jython and launch the jython command AdminTask.changeFileRegistryAccountPassword ('-userid Wpsadmin -password newpassword') AdminTask.save reboot your jvm and you're done :-)
2
non si finisce mai di imparare :-)
Tue, Apr 26th 2016 12:10p   Andrea Fontana
Oggi ho scoperto come resettare la password di un utente nel file Registry.xml pochi semplici passi e se vi siete dimenticati la password del vostro utente potete ripartire... aprire wsadmin in modalita non connesso dal profilo ./wsadmin -conntype NONE -lang jython e lanciare il comando jython AdminTask.changeFileRegistryAccountPassword ('-userId wpsadmin -password newpassword')AdminTask.save riavviate la vostra jvm ed il gioco è fatto :-)




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition