Admin console on port HTTPS 443

jc1 · February 22, 2008, 1:47pm

Hy all,

I’m playing with my Openfire Admin console version 3.4.5 on Freebsd 6 in order to secure access.

Https is by default available trough port 9091 and http by port 9090.

If I change https port to 443 and restart server, it crash my server, make it unreachable by https and I can see it by port 9090 (see capture).

Is there a way to manage the server via standard port??? such as 80 or 443 ?

NO_MESSAGES_OR_FRIEN · February 22, 2008, 1:55pm

How are you editing the ports of the server? I was able to edit mine by stopping openfire, and then using a text editor to change the settings in the openfire.xml file. I then started the server again and the ports were available at 80 and 443. You also can not have any other service at these ports.

akrherz · February 22, 2008, 2:36pm

Hi,

I am probably way off base here, but if your openfire instance is running as a non-root user, it won’t be able to bind to port numbers less than 1024.

daryl

jc1 · February 22, 2008, 3:43pm

Thanks to your reply

MSTRAVEL -> I tried both using Web Admin Console and openfire.xml.

ARKERHZ -> My “openfire” wasn’t root. I tried to upgrade it to “wheel” group. ?? Something I don’t get is that Apache is not root on a Web server???!

When I restart the server and If i modified Http and https port to standards ports Netstat told me my server don’t listen on port 80 and port 443.

If i only change 443 https port and let 9090 for http, nestat told me my server is listening on port 9090 (and give me the crash i send you on capture) but not on port 443 :

Proto Recv-Q Send-Q Local Address Foreign Address (state)

tcp4 0 0 *.8483 . LISTEN

tcp4 0 0 *.8080 . LISTEN

tcp4 0 0 *.5223 . LISTEN

tcp4 0 0 *.5222 . LISTEN

tcp4 0 0 . . CLOSED

tcp4 0 0 10.1.26.2.9090 10.1.45.1.2312 TIME_WAIT

tcp4 0 0 *.9090 . LISTEN

tcp4 0 0 *.5269 . LISTEN

tcp4 0 0 *.5229 . LISTEN

tcp4 0 0 *.7777 . LISTEN

tcp4 0 0 10.1.26.2.22 10.1.45.1.1858 ESTABLISHED

tcp4 0 0 *.3306 . LISTEN

tcp4 0 0 127.0.0.1.25 . LISTEN

tcp4 0 0 *.22 . LISTEN

tcp6 0 0 *.22 . LISTEN

udp4 0 0 *.514 .

udp6 0 0 *.514 .

Best Regards.

NO_MESSAGES_OR_FRIEN · February 22, 2008, 3:57pm

Is apache running on the same server? If so it is already using port 80. Is there any service bound to port 80 already? It sounds as if the port is already in use or blocked. Is there a firewall blocking port 80?

akrherz · February 22, 2008, 8:53pm

Hi jcduss,

IIRC, apache starts up as root just long enough to bind to 80

daryl

jc1 · February 25, 2008, 1:12pm

Thanks for you reply.

No there’s no Apache server on this test machine. Just Openfire for the moment.

It will be installed on a production server where Apache22 is running. For the moment it is just for testing purpose but it will be fastly put in production server.

So I think it will be harder to make it run against apache on the same port… and probably not possible at all…

I think I won’t spend more time to try it… and just add a filtering Rules on my Firewall to allow Administration on port 9091 and 9091.

Is there a way to allowed only https access??? I think i can do it removing the line with 9090 on openfire.xml ?

I’ll try it next Week.

Thanks a lot again.