Spectrum Tomcat does not start if the port is set to 443 in Linux
search cancel

Spectrum Tomcat does not start if the port is set to 443 in Linux


Article ID: 250511


Updated On:


CA Spectrum DX NetOps


Trying to set port 443 for Tomcat.

  • With port 443 tomcat won't start properly. Checking with netstat you can see that there's no port open on 443.
  • If you change the port to 8443, tomcat will start properly.

Please try to find the root cause. The customer would like to use port 443.

In the $SPECROOT/tomcat/logs/catalina.out file there is the following error:

21-Sep-2022 16:42:11.840 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-443]]
        org.apache.catalina.LifecycleException: Protocol handler initialization failed
                at org.apache.catalina.connector.Connector.initInternal(Connector.java:1049)
                at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
                at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1042)
                at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
                at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
        Caused by: java.net.SocketException: Permission denied
                at sun.nio.ch.Net.bind0(Native Method)
                at sun.nio.ch.Net.bind(Net.java:461)
                at sun.nio.ch.Net.bind(Net.java:453)
                at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:222)
                at org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:274)
                at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:229)
                at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1227)
                at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1240)
                at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:603)
                at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
                at org.apache.catalina.connector.Connector.initInternal(Connector.java:1046)
                ... 13 more


Release : 21.2

Component : Spectrum OneClick


Only the root account can bind lower ports (ports below 1024 - considered privileged ports). Hence the Spectrum Install owner account is not able to bind ports below 1024.


Here are the steps to Java run on privileged ports in Linux:

NOTE: $SPECROOT is /usr/Spectrum (you may have installed Spectrum in a different directory)


1. The setcap sets the capabilities of each specified filename to the capabilities specified. In this case, allow java to bind on privileged ports:

$ sudo setcap cap_net_bind_service+ep /usr/Spectrum/Java/bin/java
setcap cap_net_bind_service+ep /usr/Spectrum/Java/bin/java (logged as root)


2. The getcap gets the current setting of the specified filename:

$ sudo getcap /usr/Spectrum/Java/bin/java
getcap /usr/Spectrum/Java/bin/java (logged as root)

Expected output:

/usr/Spectrum/Java/bin/java = cap_net_bind_service+ep


If you start the Tomcat service you will get this error message: 

$ cat /usr/Spectrum/tomcat/logs/catalina.out

/usr/Spectrum/Java/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory

You will get the same error message if you run: "java -version" logged as Spectrum Install Owner account:

$ /usr/Spectrum/Java/bin/java -version

/usr/Spectrum/Java/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory

The above error means that after setting setcap, it breaks how java looks for its library to run. To fix this, we need to symlink the library it’s looking for into /usr/lib, then run ldconfig.


3.  Create the symlink:

$ sudo ln -s /usr/Spectrum/Java/lib/amd64/jli/libjli.so /usr/lib/
ln -s /usr/Spectrum/Java/lib/amd64/jli/libjli.so /usr/lib/ (logged as root)


4.  Confirm the symlink created:

ls -lar /usr/lib/libjli.so

lrwxrwxrwx  1 root root     42 Sep 21 18:05 libjli.so -> /usr/Spectrum/Java/lib/amd64/jli/libjli.so


5. Run ldconfig:

sudo ldconfig
ldconfig (logged as root)


6. Now test Java again:

$ /usr/Spectrum/Java/bin/java -version (logged as Spectrum Install Owner account)

openjdk version "1.8.0_302"
OpenJDK Runtime Environment (Temurin)(build 1.8.0_302-b08)
OpenJDK 64-Bit Server VM (Temurin)(build 25.302-b08, mixed mode)


7. Start the Spectrum Tomcat service.



In the $SPECROOT/tomcat/logs/catalina.out file:

21-Sep-2022 18:06:11.459 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-jsse-nio-443"]

21-Sep-2022 18:07:07.046 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-443"]

21-Sep-2022 18:07:07.048 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [55171] milliseconds