Short answer: you can't. Ports below 1024 can be opened only by root. As per comment - well, you can, using CAP_NET_BIND_SERVICE, but that approach, applied to java bin will make any java program to be run with this setting, which is undesirable, if not a security risk.
The long answer: you can redirect connections on port 80 to some other port you can open as normal user.
Run as root:
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
As loopback devices (like localhost) do not use the prerouting rules, if you need to use localhost, etc., add this rule as well (thanks @Francesco):
# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080
NOTE: The above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port you decide to use), thus intercepting the traffic. (Credits to CesarB).
EDIT: as per comment question - to delete the above rule:
# iptables -t nat --line-numbers -n -L
This will output something like:
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 redir ports 8088
2 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
The rule you are interested in is nr. 2, so to delete it:
# iptables -t nat -D PREROUTING 2
I do whitelisting at the MTA level (in my case postfix) rather than at the amavisd level. In my postfix/main.cf file, I have:
header_checks=pcre:/etc/postfix/whitelist.pcre
Inside whitelist.pcre, I have the following syntax:
user@example.com FILTER SMTP:[127.0.0.1]:10025
where SMTP:[127.0.0.1]:10025 is the transport in master.cf that filtered mail is reinjected into the postfix system. My reasoning to do that is if certain messages are not to be checked for anything, I don't want amavisd to touch it.
Best Answer
We made it using Squid3 and a port redirection from port 80 to 3128 (default Squid port) in IPtables.
Then we configured the wildcard in Squid config file following this article: https://kudithipudi.org/2015/12/15/how-to-enable-wildcard-domains-in-squid/
This is the most relevant part from the squid doc:
where it says change it by your dns name, if you don't have any just modify your /etc/hosts file to point to 127.0.0.1
Keep in mind that this solution is for apache servers running in the same machine.