Nov 5, 2017

Use ports less than 1024 for non-root/unprivileged app/service

You can configures firewall to redirect Port 80 and 443 to user ports (>1024).  You can do the same thing for any other ports you need that are less than 1024.
/sbin/iptables -A FORWARD -p tcp --destination-port 443 -j ACCEPT

/sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 443 --to-ports 8443

/sbin/iptables -A FORWARD -p tcp --destination-port 80 -j ACCEPT

/sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 80 --to-ports 8080

/sbin/iptables-save or /etc/init.d/iptables save

Another way is to use authbind (part of Debian- and CentOS based distributions) which allows a program that would normally require superuser privileges to access privileged network services to run as a non-privileged user.

Authbind is installed the usual way, with the help of gcc and make. Please note: For this step to succeed, the gcc package is needed. It is already installed with the command sudo yum install gcc earlier, when tomcat was installed.
cd ~
fetch http://ftp.debian.org/debian/pool/main/a/authbind/authbind_2.1.1.tar.gz
tar xvzf authbind_2.1.1.tar.gz
cd authbind-2.1.1
make
sudo make install
Authbind is configured with some special files, for which we can assign our arbitrary permissions for the users we want to give access to. For example Tomcat is running with the tomcat user, we'll tell authbind to allow connections to the HTTP port 80 and the HTTPS port 443 for this account:
sudo touch /etc/authbind/byport/80
sudo chmod 500 /etc/authbind/byport/80
sudo chown tomcat /etc/authbind/byport/80
sudo touch /etc/authbind/byport/443
sudo chmod 500 /etc/authbind/byport/443
sudo chown tomcat /etc/authbind/byport/443
For the changes to take effect, Tomcat has to be restarted:
sudo /etc/init.d/tomcat6 restart

Yet another way is to use jsvc, available as part of the commons-daemon project.