First, i just want to see it is not security group setup in ec2 console. because i can setup the apache, which is by fault 80 port, and be able to visit the apache website through 80 port. but for tomcat it works if i use port 8080(by default) or some values bigger than 1023(i think this port). but when i change server.xml(changing 8080 to 80) it cannot work if i use 80 port, i start the service successfully, but there is no 80/http listening. I know it should be some privileges issues(only the root can start service below 1023 port). but i did not know how to do it.

My personal choice for this problem is to use iptables to redirect all traffic from port 80 to the upper port (e.g. 8080) the Tomcat is running on.

/sbin/iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
/sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

The way I did this previously was to use Apache2 as a proxy using virtual hosts, and proxy onto Tomcat. this will handle the requests and then can also be used as a load balancer if in the future you decide to use multiple Tomcats for load balancing.

A common way to configure Tomcat to run on a privileged port on Linux is to use authbind.

Below are the setup steps for Tomcat 7 on Ubuntu 16.04.

First make sure authbind is installed:

sudo apt-get install authbind

Edit /etc/default/tomcat7 and uncomment this line:

AUTHBIND=yes

Create bind permission files for port 80:

sudo touch /etc/authbind/byport/80
sudo chmod 500 /etc/authbind/byport/80
sudo chown tomcat7 /etc/authbind/byport/80

If you are also using https, do the same as above for port 443.