tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony Fryer <>
Subject Re: Tomee on port 80 on Linux in Production
Date Tue, 10 Jul 2012 10:55:09 GMT
I've got a tomee installation running on debian and it listens on port 80. 
There's a few options.  As already mentioned you could run apache httpd
server on port 80 and create a virtual host that reverse proxies to your
tomee server running on port 8080.  I originally had that setup and it works
fine except i found that apache httpd was using more memory than i liked.  
I could have reduced the memory consumption by tuning apache httpd server
but i opted to remove it altogether.

I replaced apache httpd reverse proxying with iptables configuration.  I
believe the following is debian specific, but there might be something
similar for Ubuntu.

The commands i used were...

/sbin/iptables -A FORWARD -p tcp --destination-port 80 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 80
--to-ports 8080

With those commands, anything received on port 80 gets redirected to 8080 by
the operating system, so there is no memory overhead and tomee can continue
to run as an unprivileged user (ie. tomcat or something like that).

I had an issue when the server was bounced.  My configuration wasn't
persisted, so additional configuration was required to allow the iptables
change to survive a reboot.

First create some iptables rules and list them:

iptables --list
if the listed rules satisfy your needs, then save them somewhere. I use
/etc/firewall.conf but this location is not fixed:

iptables-save > /etc/firewall.conf

Then create a script so ifupdown loads these rules on boot:

echo "#!/bin/sh" > /etc/init.d/iptables 
echo "iptables-restore < /etc/firewall.conf" >> /etc/init.d/iptables 
chmod 755 /etc/init.d/iptables

Now set that script to run start server start time

update-rc.d iptables default

View this message in context:
Sent from the OpenEJB User mailing list archive at

View raw message