I recently gnashed my teeth at trying to get java to directly bind to port 443 instead of using nginx to proxy to a java application I had to use. I was surprised at the complication of finding the solution, but I eventually did thanks to the following sites:
https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443/892391
https://github.com/kaitoy/pcap4j/issues/63
First, determine the full path of your current java install:
sudo update-alternatives --config java
In my CentOS 7 install, the java binary was located here:
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/bin/java
Next, use setcap to configure java to be able to bind to port 443:
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/bin/java
Now, test to make sure java works:
java -version java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory
The above error means that after setting setcap, it breaks how java looks for its library to run. To fix this, we need to symlink the library it’s looking for into /usr/lib, then run ldconfig
sudo ln -s /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/lib/amd64/jli/libjli.so /usr/lib/
sudo ldconfig
Now test Java again:
java -version
It took longer than I like to admit to get this working, but it it does indeed work this way.