0

As described here and here, I'm trying (on Ubuntu 16.04) to start Tomcat 9.0.2 on port 80, by having systemd pre-initialize a socket on that privileged port and then pass it to Tomcat which runs as non-privileged user "tomcat" (I know there are other solutions, but I'm interested in making this one work). For this, I have the following socket unit (the "port" setting was already changed to 80 on server.xml):

/etc/sytemd/system/tomcat.socket

[Unit]
Description=Tomcat server socket

[Socket]
ListenStream=80

And the following service unit:

/etc/sytemd/system/tomcat.service

[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[Service]
Type=forking

Environment=CATALINA_PID=/opt/tomcat/9.0.2/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat/9.0.2
ExecStart=/opt/tomcat/9.0.2/bin/startup.sh
ExecStop=/opt/tomcat/9.0.2/bin/shutdown.sh

User=tomcat
Group=tomcat
UMask=0007

[Install]
Requires=tomcat.socket

When running sudo systemctl start tomcat.service, the command outputs no error message, but then systemctl status tomcat.service displays a failed status:

tomcat.service - Apache Tomcat Web Application Container
Loaded: loaded (/etc/systemd/system/tomcat.service; static; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2017-12-19 21:46:53 -05; 45min ago
Process: 10207 ExecStop=/opt/tomcat/9.0.2/bin/shutdown.sh (code=exited, status=1/FAILURE)
Process: 10175 ExecStart=/opt/tomcat/9.0.2/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 10189 (code=exited, status=0/SUCCESS)

As can be seen in the journald logs below, Tomcat does start, but shutdown.sh is immediately run and makes it exit. Apparently, Tomcat still tries to create a socket on port 80, which fails because user tomcat is not superuser, and proceeds to exit right away.

systemd[1]: Starting Apache Tomcat Web Application Container...
startup.sh[10175]: Existing PID file found during start.
startup.sh[10175]: Removing/clearing stale PID file.
startup.sh[10175]: Tomcat started.
systemd[1]: Started Apache Tomcat Web Application Container.
sudo[10172]: pam_unix(sudo:session): session closed for user root
shutdown.sh[10207]: PID file found but no matching process was found. Stop aborted.
systemd[1]: tomcat.service: Control process exited, code=exited status=1
systemd[1]: tomcat.service: Unit entered failed state.
systemd[1]: tomcat.service: Failed with result 'exit-code'.

If Tomcat 9 is capable of receiving a preinitialized socket from systemd, how can I make that work? Or is Tomcat unable to do so?

ARX
  • 1,040
  • 2
  • 14
  • 20
  • An alternative would be to have the network stack re-route 80 to an unprivileged port, or to use a proxy server like nginx. See also https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443 – Thilo Dec 20 '17 at 04:11
  • 1
    This Q is not about programming as defined for StackOverflow. It **may** be more appropriate on https://superuser.com OR https://unix.stackexchange.com . Use the `flag` link at the bottom of your Q and ask the moderator to move it. Please don't post the same Q on 2 different sites. Please read https://stackoverflow.com/help/on-topic , https://stackoverflow.com/help/how-to-ask , https://stackoverflow.com/help/dont-ask and https://stackoverflow.com/help/mcve before posting more Qs here.Good Luck – shellter Dec 20 '17 at 04:23
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. – jww Dec 20 '17 at 04:32

0 Answers0