Home News How Do I Deal With Endpoint Initialization Errors? Java.net.bindexception Null Permission Denied...

How Do I Deal With Endpoint Initialization Errors? Java.net.bindexception Null Permission Denied 80

84
0

 

Over the past few days, some of our users have reported errors while initializing the endpoint.

 

 

I tried to bind Tomcat 6 (on CentOS) to ports 80 and 443, but the following error appeared when starting Tomcat:

 1 

2345678910111213141516171819202122232425262728293031323334353637383940

 SERIOUS: Error starting endpoint 

java.net.BindException: Permission denied : 80at org.apache.tomcat.util.net.JIoEndpoint.init (JIoEndpoint.java:549) at org. apache.tomcat.util.net.JIoEndpoint.start (JIoEndpoint.java:565) at org.apache.coyote.http11.Http11Protocol.start (Http11Protocol.java:203) at org.apache.catalina.connector.Connector.start ( Connector.java:1080) to org.apache.catalina.core.StandardService.start (StandardService.java:531) to org.apache.catalina.core.StandardServer.start (StandardServer.java:710) to org.apache.catalina .startup.Catalina.start (Catalina.java:593) at sun.reflect.NativeMethodAccessorImpl.invoke0 (native method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:57) at sun.Impllect. .reflect. ) under java.lang.reflect.Method.invoke (Method.java:606) under org.apache.catalina.startup.Bootstrap.start (Bootstrap.java:289) under org.apache.catalina.startup. Bootstrap.main (Bootstrap.java:414) Thrown by: java.net.BindException: Permission denied in java.net.PlainSocketImpl.socketBind (native method) in java.net.AbstractPlainSocketImpl.bind (AbstractPlainSocketImpl.java:376) in java .net.ServerSocket.bind (Server: 376) under java.net.ServerSocket. (ServerSocket.java:237) on java.net.ServerSocket. (ServerSocket.java:181)at org.apache.tomcat.util.net.DefaultServerSocketFactory.createSocket (DefaultServerSocketFactory.java:50)at org.apache.tomcat.util.net.JIoEndpoint.init (Jj38oEndpoint) ... 12 more


error initializing endpoint java.net.bindexception permission denied null 80

March 4, 2015 at 9:35:46 AM org.apache.catalina.startup.Catalina startSEVERE: Catalina.start: LifecycleException: service.getName (): "Catalina"; Failed to start protocol handler: java.net.BindException: Permission denied : 80at org.apache.catalina.connector.Connector.start (Connector.java:1087) under org.apache.catalina.core.StandardService. start (StandardService .java: 531) under org.apache.catalina.core.StandardServer.start (StandardServer.java:710) under org.apache.catalina.startup.Catalina.start (Catalina.java:593) under sun.reflect .NativeMethodAccessorImpl. invoke0 (native method) under sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:57) under sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) under java.langetho 606) in orgcatina Bootstrap.start (Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:414)

March 4, 2015 9:35:46 org.apache.catalina .startup.Catalina start

It turns out that all applications connected to ports below 1024 need root access. This is by design.

To get around this issue, don’t configure Tomcat for root access (that’s bad), just create a simple NAT using iptables (or network firewall):

 1 

2

 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT - -in port 8443

Reason

Ports less than 1024 are called privileged ports. On Linux (and more)(Most UNIX and UNIX-like systems) should not be opened by non-root users. This is a security feature originally implemented to prevent an attacker from configuring a malicious service on a known service port.

Solutions:

Solution 1:

When you start Tomcat use sudo ./startup.sh or start as root

Solution 2:

1. Modify server.xml and change port 80 to 8081 (or more than 1024 port numbers, but not conflicting with other ports on the computer). For example:

 

2. Run on Linux:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8081 

Mapping 80 ports to 8081 to achieve the goal of directly entering a domain name without a port number