Configuring DNS and Tomcat to Route Web Traffic from Port 80 to 8080: A Complete Implementation Guide


2 views

When deploying Tomcat servers, developers often face this fundamental mismatch: web browsers default to port 80 for HTTP traffic, while Tomcat typically listens on port 8080. This creates accessibility issues for end-users who shouldn't need to specify port numbers in URLs.

DNS alone cannot solve this port mapping issue because:

  • DNS resolves domain names to IP addresses only
  • Port specification isn't part of DNS A/AAAA records
  • HTTP/1.1 Host headers don't include port information

1. Apache HTTP Server as Reverse Proxy

An industry-standard approach using mod_proxy:

<VirtualHost *:80>
    ServerName example.com
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    ProxyPreserveHost On
</VirtualHost>

2. Nginx Configuration

For high-performance deployments:

server {
    listen 80;
    server_name example.com;
    
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

3. Tomcat Native Connector

Directly configure Tomcat to listen on port 80 (requires root privileges):

<Connector port="80" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />

For AWS Elastic Beanstalk environments, add this to .ebextensions/tomcat.config:

option_settings:
  aws:elasticbeanstalk:environment:proxy:
    ProxyServer: nginx
  aws:elasticbeanstalk:environment:proxy:staticfiles:
    /: ROOT
  • Always use firewall rules to restrict access to port 8080
  • Implement rate limiting on the reverse proxy
  • Consider using SELinux/AppArmor for additional protection

Verify with this curl command:

curl -v http://example.com --resolve example.com:80:your_server_ip

When deploying Tomcat servers, developers often face the port mismatch between web standards (HTTP port 80) and Tomcat's default port (8080). This creates accessibility issues for end-users who expect standard URLs without port specifications.

DNS itself doesn't handle port redirection, but these approaches work:

# Example Apache Virtual Host configuration

    ServerName yourdomain.com
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

Option 1: Apache/Nginx Reverse Proxy

Most production deployments use this pattern:

# Nginx configuration example
server {
    listen 80;
    server_name example.com;
    
    location / {
        proxy_pass http://127.0.0.1:8080;
        include proxy_params;
    }
}

Option 2: Tomcat Native Connector

# In server.xml (requires root privileges)

AWS Elastic Load Balancer:

# AWS CLI example to create listener
aws elbv2 create-listener --load-balancer-arn ALB_ARN \
--protocol HTTP --port 80 \
--default-actions Type=forward,TargetGroupArn=TG_ARN

Azure Application Gateway:

# ARM template snippet
"httpListeners": [
    {
        "name": "appGatewayHttpListener",
        "properties": {
            "FrontendIPConfiguration": {
                "Id": "[variables('frontendIPConfigID')]"
            },
            "FrontendPort": {
                "Id": "[variables('frontendPort80ID')]"
            },
            "Protocol": "Http"
        }
    }
]

When binding to port 80:

  • Never run Tomcat as root - use authbind or systemd socket activation
  • Implement proper firewall rules (iptables/nftables)
  • Consider using HTTPS termination at the proxy level
# iptables port forwarding example
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

SELinux contexts:

# For RHEL/CentOS systems
semanage port -a -t http_port_t -p tcp 8080

Firewall rules verification:

# Check open ports
ss -tulnp | grep -E '80|8080'