Tag Archives: HTTPS

Make Java run on privileged ports in CentOS 7

I recently gnashed my teeth at trying to get java to directly bind to port 443 instead of using nginx to proxy to a java application I had to use. I was surprised at the complication of finding the solution, but I eventually did thanks to the following sites:

https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443/892391

https://github.com/kaitoy/pcap4j/issues/63

First, determine the full path of your current java install:

sudo update-alternatives --config java

In my CentOS 7 install, the java binary was located here:

/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/bin/java

Next, use setcap to configure java to be able to bind to port 443:

sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/bin/java

Now, test to make sure java works:

java -version

java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory

The above error means that after setting setcap, it breaks how java looks for its library to run. To fix this, we need to symlink the library it’s looking for into /usr/lib, then run ldconfig

sudo ln -s /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/lib/amd64/jli/libjli.so /usr/lib/
sudo ldconfig

Now test Java again:

java -version

It took longer than I like to admit to get this working, but it it does indeed work this way.

Fix Plex SSL behind Reverse Proxy

Recently I updated to the latest version of Plex. I run Plex behind a Reverse Proxy server. When I initially set it up it was to provide HTTPS before Plex supported it. Now that Plex supports it I still use it to have my custom domain name attached to it.

This latest Plex update seemed to have broken SSL connectivity completely.. I couldn’t get SSL to work no matter what I tried. After pulling much hair out I found out there is a new option under advanced server settings:

Settings / Server / Show Advanced / Network

Scroll downs until you see

Custom server access URLs

It is here that you need to supply your own domain name and port. I struggled this for a while. If you type https://<domain name>, but don’t specify a port, it defaults to 32400, not 443. I finally got SSL to work with plex again by entering https://mydomain.name:443 in that field.

Plex works with SSL once more. All is right with the world again.