How to run Tomcat on Port 80

A standard Tomcat installation starts the webserver on port 8080 – which is usually not the desired behavior. In order to change the server to port 80 there are two options which I outline in the following:

Recommended: redirect traffic to 8080

Tomcat continues to listen on port 8080 (and 8443 for https). The traffic is redirected by iptables.
You don’t need to change anything in Tomcat itself, just add according Iptables-Forwarding rules. Actually this looks more complicated than the alternative – but it is the more secure way and you do not need to touch Tomcat’s config.

# check that rules are not there already
sudo iptables -L -n -t nat

# Add rules
sudo iptables -t nat -I PREROUTING -p tcp --dport 80  -j REDIRECT --to-port 8080
sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

# Check
sudo iptables -L -n -t nat

# Save
sudo /service iptables save

# Restart iptables
sudo /etc/init.diptables restart

# final check
sudo iptables -L -n -t nat

Option2: run Tomcat directly on port 80

This configures to run Tomcat directly on port 80. As this is a priviledged port, Tomcat must run as root – this is usually not recommended.
The advantage: It’s simple!
The disadvantage: A webserver shouldn’t run as root.If you want to do this nevertheless, edit /etc/tomcat7/server.xml and change the connector port from 8080 to just 80:

<Connector port="<del>80</del>80"   
   redirectPort="8443" />

Now edit /etc/tomcat7/tomcat7.conf and set the tomcat user to root:


And restart Tomcat:

sudo service tomcat7 restart

Leave a Reply

Your email address will not be published. Required fields are marked *