How to make Tomcat Webapp not only accessible on port 8080 but also on port 80

Posted on

A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about How to make Tomcat Webapp not only accessible on port 8080 but also on port 80 was one problem in server stack that need for a solution. Below are some tips in manage your linux server when you find problem about linux, centos, tomcat, port, linux-vserver.

I’m currently trying to set up my first V-Server (CentOS 7) with Tomcat to run a Web-App.

Everything works fine now, but I am facing one last problem that stops me from releasing it:

I can only access my Tomcat WebApp via but I would love it to just be

After hours (literally like 20) I haven’t come up with a solution, but having the user to always type 8080 is not an option for me.

I would be extremely happy if somebody had a solution or tip for me.

Thanks in advance!

You should add a reverse proxy in front of your Tomcat. And you should either alter Tomcat to only listen in or shut access on port 8080 in the firewall.

Two examples of software you can use are Apache and nginx. With Apache you would use ProxyPass and ProxyPassReverse as such:

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/

With nginx it would be

location / {
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   Host      $http_host;

For completeness’ sake, on most systems you can run Tomcat directly on port 80 (as an almost unpriviledged user). The only privilege it requires is the CAP_NET_BIND_SERVICE capability.

This can be accomplished twofold:

  1. [This requires SystemD v229 or later, so it excludes Centos 7] By asking SystemD to run Tomcat with this capability:

    systemctl edit --full tomcat.service

and add:


to the [Service] section.

  1. By running Tomcat through authbind (cf. this blog post), which allows a further restriction of the CAP_NET_BIND_SERVICE capability: e.g. you may configure Tomcat to be able to bind port 80 only.

Leave a Reply

Your email address will not be published.