一、问题
jenkins网站绑定域名后直接通过域名访问使用的是8080端口,为方便用户访问因此须监听80端口,而为了安全起见linux一般不用root身份运行,综上,需要以普通用户来运行监听80端口时就会启动失败,报没有权限,因为linux只有root身份才能监听1024以下的熟知端口。
二、解决
(以下未经验证)
There are a few different solutions to work around this:
Install and configure Apache or nginx as a reverse proxy server, which can be started as root to open the port, and then downgrade its privileges back to a normal user.
Set up a firewall on the server using iptables or an alternative, so that the lower port number is forwarded internally to a higher port number listened by Confluence.
Use jsvc, which is able to open ports as root, and then downgrade privileges.
Use authbind to grant privileges for a non-root user to open a privileged port.
(以验证可行)
通过firewalld进行端口转发
开启firewalld防火墙
systemctl start firewalld
开机启动
systemctl enable firewalld
放行80端口
firewall-cmd --permanent --zone=public --add-service=http
转发80端口流量到8080
firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=8080
立即生效
firewall-cmd --reload