java.net.SocketException: Permission denied(將80埠重定向到8080埠)
很多時候,tomcat是非root賬號,直接將8080改成80,tomcat會報錯 Java.NET.SocketException: Permission denied。原因是非root使用者不能訪問1024一下的埠。
為了解決這種問題,有方法如下:1.將當前使用者配置到sudo規則裡面(待驗證);2.再起一個apache,通過apache路由;3.通過iptable重定向。
下面將按照
Mar 14, 2017 9:56:15 AM winstone.Logger logInternal
SEVERE: Container startup failed
java.io.IOException: Failed to start Jetty
at winstone.Launcher.<init>(Launcher.java:154)
at winstone.Launcher.main(Launcher.java:352)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect .DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at Main._main(Main.java:264)
at Main.main(Main.java:112)
Caused by: java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio .ch.Net.bind(Net.java:433)
at sun.nio.ch.Net.bind(Net.java:425)
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:321)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:236)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.server.Server.doStart(Server.java:366)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at winstone.Launcher.<init>(Launcher.java:152)
... 7 more
安裝iptable,我的是阿里雲伺服器,iptable包已經安裝,但是在lsmod |grep iptable裡面找不到,需要自己載入。
rpm -qa|grep iptable
iptables-1.4.7-11.el6.x86_64
iptables-ipv6-1.4.7-11.el6.x86_64
先將tomcat需要的埠,以及80埠在iptable裡面開出來,然後service iptables restart,service iptables status檢視一下。
再將80重定向到8080
iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 8080
service iptables save
service iptables restart
輸入ip驗證一下,看看web應用是否可以直接訪問。
[html] view plain copy 在CODE上檢視程式碼片派生到我的程式碼片
cat /etc/sysconfig/iptables
Generated by iptables-save v1.4.7 on Mon Aug 22 10:00:58 2016
*nat
:PREROUTING ACCEPT [1:60]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 8080
COMMIT
Completed on Mon Aug 22 10:00:58 2016
Generated by iptables-save v1.4.7 on Mon Aug 22 10:00:58 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [85:8850]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8080 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8005 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8009 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
Completed on Mon Aug 22 10:00:58 2016
https://help.aliyun.com/knowledge_detail/41315.html
雲伺服器ECS Linux iptables 關聯預設載入異常導致啟動報錯: modules are not loaded
問題現象
啟動或者關閉防火牆沒任何的提示以及報錯,檢視防火牆的執行狀態出現類似如下錯誤:
iptables: Firewall modules are not loaded.
問題原因
iptables 服務的依賴模組沒有載入導致啟動的時候失敗。
解決方法
iptables 服務的執行依賴 iptable_filter 和 ip_tables 2個模組,可以使用 lsmod |grep iptable 命令檢視:
lsmod |grep iptable
如果模組丟失,則使用下面命令重新載入,然後重啟服務驗證:
modprobe ip_tables
modprobe iptable_filter