When you install and configure your HTTP server on linux and you need to run it with a non-root user,
you can't bind your service on port 80 or 443, because non-root user can't use port lower then 1024.
in this case if you have ipTables active in your server you can redirect your http/s traffic to another ports, in my case i choose ports 1080 and 1443.
you can configure a specific NAT rule to redirect it like:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 1080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 1043
if you need use localhost you must add following rules
iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 1080
iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 1443
to check your configuration
iptables -t nat --line-numbers -n -L
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 1080 2
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 1443
In other case if you have not iptables, you can add your user as "
sudoers" in your linux machine.
1. 'Touch' the log files:
touch /opt/IBM/HTTPServer/logs/access_log
touch /opt/IBM/HTTPServer/logs/error_log
2. Make the following changes in httpd.conf (ensure user 'was run' and group 'was runners' has been created already)
User wasrun
Group wasrunners
3. Change ownership of IHS files:
chown -R wasadmin:wasadmin /opt/IBM/HTTPServer
4. Edit sudoers file (visudo), add the following line:
%wasrunners ALL = (root) NOPASSWD: /opt/IBM/HTTPServer/bin/apachectl *
This means any user in the 'wasrunners' group (prefixed with %) can control (start/stop) the IHS instance as root
without needing to enter password. If you only want to allow the user 'wasadmin' to perform this, then remove the '%'
to denote a user.