1

I was getting this error when running systemctl restart tomcat in my $CATALINA_HOME/logs/catalina.out log file: https://pastebin.com/Cpfs9xCk

So I followed this post online: https://confluence.atlassian.com/confkb/permission-denied-error-when-binding-a-port-290750651.html

  1. If using Linux 2.6.24 or later, you can set up a file capability on the java executable, to give elevated privileges to allow opening privileged ports only, and no other superuser privileges:

setcap cap_net_bind_service+ep /path/to/bin/java After setting this you may notice errors when starting Java like this, for example:

$ java -version /path/to/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory This means that the library is being imported from a dynamic path, and not in the trusted ld.so path. See https://bugs.java.com/bugdatabase/view_bug?bug_id=7157699 for details. To fix this, you need to locate the library, and add its path to the ld.so configuration. Note that the below is an example, and this may differ depending on Linux distribution. Replace JAVA_HOME with the correct location:

$ find JAVA_HOME -name 'libjli.so' JAVA_HOME/lib/amd64/jli/libjli.so
echo "JAVA_HOME/lib/amd64/jli" > /etc/ld.so.conf.d/java-libjli.conf ldconfig -v After setting this all up, you need to make sure that Confluence only starts java with the direct binary path, and not via a symbolic link, otherwise the capability will not be picked up.

So I ran this command: setcap cap_net_bind_service+ep /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64

And I'm getting what it says I might get:

 $CATALINA_HOME/logs/catalina.out /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory

I did what they said to fix it but it's still not working and I'm still getting the above error:

$ find $JAVA_HOME -name 'libjli.so' /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/lib/amd64/jli/libjli.so /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/lib/amd64/jli/libjli.so

I have two of these for some reason. I created this file with the paths, but I'm still getting the error and my tomcat isnt starting.

$ cat /etc/ld.so.conf.d/java-libjli.conf /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/lib/amd64/jli /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/lib/amd64/jli
Improve this question
12
  • dear Philipp please get the output of netstat - an|grep :80 and lsof |grep :80 Commented Aug 12, 2019 at 14:34
  • @djdomi neither print anything. nothing is running on port 80 since tomcat isnt starting. I'm not getting that error in the pastebin after I followed the article now I have this different error. Commented Aug 13, 2019 at 2:15
  • it seems that not all is showing all as it tells at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) ... 12 more and there are a other line with 13 more, so please check /var/log/apache*** where *** is the tomcat folder - but confluence wont be easy to run as i remember from my knowledge of projects... i hope you have a strong mental feeling about it :-) Commented Aug 13, 2019 at 6:10
  • in case you look for specific files, use apt install apt-file && apt-file update && apt-file search libjli.so Commented Aug 13, 2019 at 6:17
  • @djdomi im not getting that error thats in the pastebin. I'm getting the error in $CATALINA_HOME/logs/catalina.out posted above, but I'm not sure how to fix it. Commented Aug 17, 2019 at 22:01

1 Answer 1

Reset to default
0

Sofar I add the complete way for the nginx part, as the apache-tomcat has been solved by a reinstallation

mkdir /var/cache/nginx/cache
chown nginx:nginx /var/cache/nginx/cache


Now Edit nginx.conf below the http section

###New cache settings as default proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=hd_cache:10m max_size=10g inactive=2d use_temp_path=off; proxy_cache_methods GET HEAD POST; proxy_cache_valid 200 302 3d; proxy_cache_valid 404 1m;

edit /etc/nginx/sites-avaible/yoursite.com

#http to https redirect server { server_name yoursite.com *.yoursite.com; listen 80; return 301 https://$host$request_uri; } #https server server { proxy_read_timeout 3600; listen 443 ssl http2; server_name yoursite.com *.yoursite.com; #a special location in case don't cache this file can be deleted location updater/serversettings.xml { expires -1; add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; } #The root/rest will be redirected location / { proxy_cache hd_cache; proxy_set_header X-Cache-Status $upstream_cache_status; proxy_cache_valid 200 1w; proxy_pass https://10.10.200.4; proxy_set_header Host $http_host; proxy_buffers 16 8m; proxy_buffer_size 2m; gzip on; gzip_vary on; gzip_comp_level 9; gzip_proxied any; } #SSL Cert section, as we require ssl, using certbot LetsEncrypt ssl_certificate /etc/letsencrypt/live/yoursite.com-0001/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/yoursite.com-0001/privkey.pem; # managed by Certbot }

Now Enable this site.

ln -s /etc/nginx/sites-avaible/yoursite.com /etc/nginx/sites-enabled/yoursite.com

and run

service Nginx reload

This Setup works fine for a WordPress site, I encounter a page speed counter of 95+

Improve this answer
1
  • Thanks for all your help nginx is working great. Website loads with TLS even after restart. Commented Sep 2, 2019 at 2:50

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.