Install FAQ

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
Line 50: Line 50:
  
 
<p><user-name> and <group-name> support no longer need the resin binary either.</p>
 
<p><user-name> and <group-name> support no longer need the resin binary either.</p>
 +
 +
 +
=== How can I bind to a port under 1024 and still run as a non-root user? ===
 +
 +
<p>''I want to bind resin to port 80, but my operating system only allows root to bind to ports under 1024.  If I run Resin as root, it is a security risk.  How can I start Resin as root but then change the user
 +
and group id after it is bound to the port?''</p>
 +
 +
<p>Unix systems can simply use the <user-name> and <group-name> configuration tags.
 +
Although you will start the Resin watchdog process as root, the watchdog will change user ids
 +
before starting the Resin instance.  So Resin always runs as the specified user-name.</p>

Revision as of 19:30, 3 February 2008

Where can I put .jar files so that they are available to all of my web applications?

I have some jar files that are used by all of my web applications. Where can I put them so that I do not have to put them in WEB-INF/lib for every web application that I have?

  1. Make the directory $RESIN_HOME/ext-lib
  2. Place the jars files that will be available to all of your web applications in $RESIN_HOME/ext-lib, for example $RESIN_HOME/extlib/hogwarts.jar

Any jar file in $RESIN_HOME/ext-lib will be available to all of the web applications.

Resin will also find jars in subdirectories, so you can put your jars in for example $RESIN_HOME/ext-lib/local/hogwarts.jar. If you use the local/ subdirectory, when you upgrade to a new version of Resin you can just copy the local subdirectory over to the new $RESIN_HOME/ext-lib.

Some jars are not classloader-aware (e.g. using static fields improperly). For those libraries, you will need to put them in $RESIN_HOME/ext-webapp-lib instead.

What happened to bin/resin?

With Resin 2.1 used to run make; make install and then use the binary bin/resin to start Resin, but in Resin 3.0 I can't find the binary. What happened to it?

Resin 2.1 used the bin/resin binary to enable two features: JNI usage (including OpenSSL) and to support <user-name> and <group-name> for switching the effective user id of the process after attaching to ports under 1024.

Resin now uses the JNI library from within Java. You don't need a compiled binary to get at the JNI code (that was bin/resin in 2.1.x). So, the java process starts up and then hooks into the JNI libraries. Resin uses JNI for:

  • OpenSSL
  • low level system calls, for things like socket connections etc. (for performance reasons).
  • setuid for unix
  • profiling and heap analysis

So Resin can run without the JNI libraries, it just won't be as fast as Resin.

<user-name> and <group-name> support no longer need the resin binary either.


How can I bind to a port under 1024 and still run as a non-root user?

I want to bind resin to port 80, but my operating system only allows root to bind to ports under 1024. If I run Resin as root, it is a security risk. How can I start Resin as root but then change the user and group id after it is bound to the port?

Unix systems can simply use the <user-name> and <group-name> configuration tags. Although you will start the Resin watchdog process as root, the watchdog will change user ids before starting the Resin instance. So Resin always runs as the specified user-name.

Personal tools