简体繁体 English

Apache httpd与Tomcat 7：端口80与端口8080

[英]Apache httpd vs. Tomcat 7: port 80 vs. port 8080

原文 2013-06-26 07:08:14 6 3 linux/ apache/ amazon-ec2/ tomcat7/ port

I had recently installed Tomcat 7 on Amazon ec2. 我最近在亚马逊ec2上安装了Tomcat 7。 I found that Tomcat, by default, listens on port 8080. 我发现Tomcat默认侦听端口8080。

The documentation on the internet advocates that this is because linux is better saving the lower ports to the super user. 互联网上的文档提倡这是因为linux更好地将较低端口保存给超级用户。 (The solution on ec2 btw is creating a Load Balancer - directing the communications from port 80 to port 8080 on the target machine) （ec2 btw上的解决方案是创建一个负载均衡器 - 将通信从端口80引导到目标机器上的端口8080）

Than - to my surprise - I went on and installed an Apache server on another machine (yum install httpd), and surprise! 比 - 令我惊讶的是 - 我继续在另一台机器上安装了一台Apache服务器（yum install httpd），并且惊喜！ - Apache listens on port 80 by default! - Apache默认侦听端口80！

This is awkward i thought... where are the 'port 8080' advocates now? 我觉得这很尴尬......现在'端口8080'在哪里提倡？

can anyone please explain the conceptual difference? 任何人都可以解释概念上的差异吗？

Thanks 谢谢

3 个解决方案

The difference is mostly historical at this point, but still enforced by Linux and most Unix implementations that I can think of. 差异主要是历史性的，但仍然由Linux和我能想到的大多数Unix实现强制执行。 Unix/Linux considers any port number < 1024 to be "privileged" and requires root privs to bind to them. Unix / Linux将任何端口号<1024视为“特权”，并要求root权限绑定到它们。 Any user should be able to bind to ports higher than 1024. If your software package is of a certain vintage it expects to be started as root, bound to a port, and optionally it will then change effective UID to a non-privileged user. 任何用户都应该能够绑定到高于1024的端口。如果您的软件包具有特定的年份，则它希望以root用户身份启动，绑定到端口，然后可选地将有效UID更改为非特权用户。 Apache HTTPD falls into this category. Apache HTTPD属于这一类。 Software packages created later on (ie Apache Tomcat) typically went the route of doing everything with a non-privileged user and binding to a higher port number by default. 稍后创建的软件包（即Apache Tomcat）通常会使用非特权用户执行所有操作，并默认绑定到更高端口号。

Some firewall admins can, I'm sure, go into detail about how port < 1024 will sometimes get special treatment in firewall configurations in some cases. 我确信，有些防火墙管理员可以详细了解端口<1024在某些情况下有时会如何在防火墙配置中获得特殊处理。

I continue the explanation. 我继续解释。 As @gunglefunk has already answare, the httpd uses port 80 because it runs the main daemon until the root / privileged user, that is allow to bind any port less then 1024. All other threads or workers run a non-privileged user (mostly apache). 由于@gunglefunk已经是answare，httpd使用端口80，因为它运行主守护进程直到root /特权用户，允许绑定任何小于1024的端口。所有其他线程或工作者运行非特权用户（主要是apache））。

Tomcat can use the same principiple. Tomcat可以使用相同的原理。 Tomcat is whole written in Java, so there is just one user that is used to run the whole JVM. Tomcat完全用Java编写，因此只有一个用户可以运行整个JVM。 It is usually user 'tomcat'. 它通常是用户'tomcat'。

When you want to listen Tomcat on port 80 you have two possibilities. 当您想在端口80上侦听Tomcat时，您有两种可能性。

Run the tomcat under 'root' (change it in tomcat.conf or catalina.sh). 在'root'下运行tomcat（在tomcat.conf或catalina.sh中更改它）。 However it it not recommended because of security reasons. 但是由于安全原因，不建议使用它。

Run the tomcat on any port higher than 1024 under a standard user (usually tomcat) and use proxy_ajp protocol. 在标准用户（通常是tomcat）下的任何高于1024的端口上运行tomcat，并使用proxy_ajp协议。 It means you also run Apache HTTPD server on port 80 and forward traffic to the tomcat port (default is http on 8080, https on 8443, ajp on 8009). 这意味着您还在端口80上运行Apache HTTPD服务器并将流量转发到tomcat端口（默认为8080上的http，8443上的https，8009上的ajp）。 See https://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html and http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html and http://tomcat.apache.org/connectors-doc-archive/jk2/proxy.html 请参阅https://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html和http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html和http://tomcat.apache.org /connectors-doc-archive/jk2/proxy.html