Home / server / Questions / 88432
Accepted
brianegge
Asked: 2009-11-26 19:54:23 +0800 CST

How to I prevent another process from listening on the same port as Apache

  • 772

I have Apache running Solaris using the mpm module, and it listens on port 8080. Every once in a while, someone will start up a Tomcat instance on the same host. The has the affect of directing all the traffic to Tomcat. Once Tomcat is shutdown, traffic resumes to Apache. I'd like for Apache to bind this socket exclusively, so other processes get an error. Is this possible?

Note, this is a dev box, so it's not possible to restrict who logs on, or what programs they run. Yes, it is possible, and quite easy to change the Tomcat port. The problem is this is the default tomcat port. So a developer untar's Tomcat, starts it up, and then I notice I'm getting Tomcat 404 errors instead of Apache content. This leads me to tracking down the developer and telling them to change their default port. Ideally, Tomcat would just fail.

When Java binds a port, it binds it in exclusive mode, and another process cannot listen on the same port. Apache seems to bind the port in shared mode. I wouldn't think this would be required with the mpm module, but it seems to be the default. I'm looking for a compiler option or config option that will bind the port in exclusive mode.

apache-2.2

4 Answers

  1. You can turn port 8080 into a privileged port by running this command:

    ndd -set /dev/tcp tcp_extra_priv_ports_add 8080

    This will require anyone who wants to use port 8080 have the net_privaddr privilege (which you can assign to your smf(5) service start method, or to an rbac(5) profile you assign to yourself.

    Note that the ndd command doesn't persist across reboots, so you need to either create your own smf(5) service or use an legacy rc script.

    • 4
  2. Best Answer

    Listeners don't really just bind to a port--they bind to an address and a port. It could be that apache is binding to 0.0.0.0:8080 (sometimes written *:8080), while tomcat is binding to port 8080 on a specific interface. In that case, both binds could coexist, and the interface-specific bind would take precedence over the wildcard bind. That may be what's happening to you.

    The simplest fix would be to have apache do an interface-specific bind rather than (or in addition to) doing a wildcard bind.

    In short, look for the Listen lines in your apache configuration. If you see a line like:

    Listen 8080

    or

    Listen 0.0.0.0:8080

    Add another line like:

    Listen 1.2.3.4:8080

    where 1.2.3.4 is the host's IP address.

    • 2

  3. You shoul open this port for listening by some small application. Apache startup script will kill that application, and start normally :))

    • 0

  4. Typically when a Tomcat instance is started or restarted it will also restart Apache which will cause Apache to lose any ports it had previously bound if Tomcat gets them first. In this case, you would need to edit the tomcat.conf file to listen on a port that Apache will not be using. This will likely mean you need to change your Apache configuration as well so it will work correctly with Tomcat again.

    • -1