Tim's Blog

Information, Technology, Security, and other stuff.

java.net.BindException: Permission denied <null>:80

Published 2015-03-03

I tried binding tomcat 6 (on CentOS) to ports 80 and 443, but I was getting this error on startup of tomcat:

SEVERE: Error starting endpoint
java.net.BindException: Permission denied <null>:80
    at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:549)
    at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
    at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203)
    at org.apache.catalina.connector.Connector.start(Connector.java:1080)
    at org.apache.catalina.core.StandardService.start(StandardService.java:531)
    at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.net.BindException: Permission denied
    at java.net.PlainSocketImpl.socketBind(Native Method)
    at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:376)
    at java.net.ServerSocket.bind(ServerSocket.java:376)
    at java.net.ServerSocket.<init>(ServerSocket.java:237)
    at java.net.ServerSocket.<init>(ServerSocket.java:181)
    at org.apache.tomcat.util.net.DefaultServerSocketFactory.createSocket(DefaultServerSocketFactory.java:50)
    at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
    ... 12 more

Mar 04, 2015 9:35:46 AM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException:  service.getName(): "Catalina";  Protocol handler start failed: java.net.BindException: Permission denied <null>:80
    at org.apache.catalina.connector.Connector.start(Connector.java:1087)
    at org.apache.catalina.core.StandardService.start(StandardService.java:531)
    at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

Mar 04, 2015 9:35:46 AM org.apache.catalina.startup.Catalina start

It turns out that all applications binding to ports below 1024 need to have root access. This is by design.

To get around this, don't set tomcat to have root access (that's bad), just create a simple NAT with iptables (or your network firewall):

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443