Discussion:
[PVE-User] Can I change default port from 8006 to 443?
ribbon
2011-10-04 13:04:23 UTC
Permalink
I begun to use proxmox 2.0 beta.
But proxmox 2.0 beta uses port 8006 to connect web control panel.
Some environment allow only port 80 or 443 for a reason to secure.

Then question.

Can I change default port from 8006 to 443?

oota
Dietmar Maurer
2011-10-05 11:49:31 UTC
Permalink
Post by ribbon
I begun to use proxmox 2.0 beta.
But proxmox 2.0 beta uses port 8006 to connect web control panel.
Some environment allow only port 80 or 443 for a reason to secure.
Then question.
Can I change default port from 8006 to 443?
No, currently not. I still not found a good solution to enable/disable different ports with apache.

Anyone has an idea how to do that?

- Dietmar
Giuliano Natali
2011-10-05 11:58:54 UTC
Permalink
Post by Dietmar Maurer
Post by ribbon
I begun to use proxmox 2.0 beta.
But proxmox 2.0 beta uses port 8006 to connect web control panel.
Some environment allow only port 80 or 443 for a reason to secure.
Then question.
Can I change default port from 8006 to 443?
No, currently not. I still not found a good solution to enable/disable
different ports with apache.
Why not???

Diaolin
Matthew Caron
2011-10-05 12:00:47 UTC
Permalink
Post by Dietmar Maurer
No, currently not. I still not found a good solution to enable/disable different ports with apache.
Anyone has an idea how to do that?
Why can't you just add or remove "Listen" lines in
/etc/apache2/ports.conf, then `/etc/init.d/apache2 reload`? Or do I
misunderstand the question?
--
Matthew Caron
Build Engineer
Sixnet | www.sixnet.com
O +1 518 877 5173 Ext. 138
F +1 518 602 9209
***@sixnet.com
Eneko Lacunza
2011-10-05 12:03:08 UTC
Permalink
You can just change the Port directive in Apache's config. What's the
problem?
Post by Dietmar Maurer
Post by ribbon
I begun to use proxmox 2.0 beta.
But proxmox 2.0 beta uses port 8006 to connect web control panel.
Some environment allow only port 80 or 443 for a reason to secure.
Then question.
Can I change default port from 8006 to 443?
No, currently not. I still not found a good solution to enable/disable different ports with apache.
Anyone has an idea how to do that?
- Dietmar
_______________________________________________
pve-user mailing list
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
--
Zuzendari Teknikoa / Director Técnico
Binovo IT Human Project, S.L.
Telf. 943493611
Astigarraga bidea 2, planta 2 dcha., ofi. 10; 20180 Oiartzun (Gipuzkoa)
www.binovo.es
Dietmar Maurer
2011-10-05 13:23:29 UTC
Permalink
-----Original Message-----
Sent: Mittwoch, 05. Oktober 2011 14:03
Subject: Re: [PVE-User] Can I change default port from 8006 to 443?
You can just change the Port directive in Apache's config. What's the problem?
1.) I do not want to change existing files
2.) I don’t want to listen to al
Dietmar Maurer
2011-10-05 13:25:02 UTC
Permalink
Post by Dietmar Maurer
Post by Dietmar Maurer
Subject: Re: [PVE-User] Can I change default port from 8006 to 443?
You can just change the Port directive in Apache's config. What's the problem?
1.) I do not want to change existing files
2.) I don’t want to listen to all ports by default.
I would like to have something like:

a2ensite pve-on-port-443.conf
Patryk Benderz
2011-10-05 13:42:20 UTC
Permalink
[cut]
Post by Dietmar Maurer
a2ensite pve-on-port-443.conf
- Dietmar
Hi Dietmar,
AFAIK you can achieve this with VirtualHosts directives [1]. You will
need to create:
/etc/apache2/conf.d/pve-on-port-443.conf
/etc/apache2/sites-available/pve-on-port-443.conf
Details below, especially section "Running different sites on different
ports".
[1] http://httpd.apache.org/docs/2.2/vhosts/examples.html

Cheers,
--
Patryk "LeadMan" Benderz
Linux Registered User #377521
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
Matthew Caron
2011-10-05 13:46:48 UTC
Permalink
Post by Patryk Benderz
Post by Dietmar Maurer
- Dietmar
Hi Dietmar,
AFAIK you can achieve this with VirtualHosts directives [1]. You will
/etc/apache2/conf.d/pve-on-port-443.conf
/etc/apache2/sites-available/pve-on-port-443.conf
Details below, especially section "Running different sites on different
ports".
[1] http://httpd.apache.org/docs/2.2/vhosts/examples.html
Cheers,
Except I don't think he's trying to run different VHosts - it's just the
one web frontend, right? Given that, you don't need to fiddle with the
VHosts at all - just have it listen on a pile of ports and run one site.
--
Matthew Caron
Build Engineer
Sixnet | www.sixnet.com
O +1 518 877 5173 Ext. 138
F +1 518 602 9209
***@sixnet.com
Patryk Benderz
2011-10-05 16:54:35 UTC
Permalink
[cut]
Post by Matthew Caron
Except I don't think he's trying to run different VHosts - it's just the
one web frontend, right? Given that, you don't need to fiddle with the
VHosts at all - just have it listen on a pile of ports and run one site.
IMHO Final effect is the same. He wanted to avoid touching original
Apache's config files, which can be done this way. He didn't explicitly
forbid us to use VHosts.
If you have a better solution, provide an alternative, instead of
deliberating on a way of achieving Dietmar's goal.

P.S. To avoid a flame, I will remind us old Unix/Perl sentence: "There's
more than one way to do it!"
--
Patryk "LeadMan" Benderz
Linux Registered User #377521
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
Matthew Caron
2011-10-05 16:58:28 UTC
Permalink
Post by Patryk Benderz
If you have a better solution, provide an alternative, instead of
deliberating on a way of achieving Dietmar's goal.
Already did - copied from previous email:
===
You should be able to do that:

echo "Listen 443" > pve-on-port-443.conf
sudo mv pve-on-port-443.conf /etc/apache2/sites-available/
sudo a2ensite pve-on-port-443.conf
sudo /etc/init.d/apache2 reload

Looking at /etc/apache2/apache2.conf, the only difference between the
ports.conf include and the sites-enabled lines is that the LogFormat
lines and conf.d is after ports.conf and before apache2.conf...
===
Post by Patryk Benderz
P.S. To avoid a flame, I will remind us old Unix/Perl sentence: "There's
more than one way to do it!"
I will remind us of Scotty, from Star Trek III - "The more you overtake
the plumbing, the easier it is to stop up the drain". Or, put another
way "be as complicated as it needs to be, but no more". If there is no
need for VHosts, why use them?
--
Matthew Caron
Build Engineer
Sixnet | www.sixnet.com
O +1 518 877 5173 Ext. 138
F +1 518 602 9209
***@sixnet.com
Patryk Benderz
2011-10-06 07:43:27 UTC
Permalink
[cut]
Post by Matthew Caron
I will remind us of Scotty, from Star Trek III - "The more you
overtake
the plumbing, the easier it is to stop up the drain". Or, put another
way "be as complicated as it needs to be, but no more". If there is no
need for VHosts, why use them?
First, thanks for explaining (i mean it). Second, do not understand me
wrong, generally I agree as to simplicity. If this is easiest way, they
should use it.
However, if you take a look at current (PM 1.9)
config /etc/apache2/sites-available/pve.conf (citation below) you will
notice that PM devs are already using <VirtualHost> to set up many other
options. Thus in this particular case it might be easier to reuse
existing configuration or add one more <VirtualHost *:443>, which in
fact they did for PM 1.9.
Now another question raises, why they didn't reused 1.9 config? Or do I
misunderstood original question?

"[...]
<VirtualHost *:443>

SSLEngine on
SSLProtocol all -SSLv2
SSLCertificateFile /etc/pve/pve-ssl.pem
SSLCertificateKeyFile /etc/pve/pve-ssl.key

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

</VirtualHost>

<VirtualHost *:80>
#RewriteLog "/root/rewrite.log"
#RewriteLogLevel 10
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
RewriteCond %{REQUEST_URI} !^/nrd/
RewriteCond %{REQUEST_URI} !^/images/
RewriteCond %{REQUEST_URI} !^/css/
RewriteCond %{REQUEST_URI} !^/javascript/
RewriteCond %{REQUEST_URI} !^/vncterm/
RewriteCond %{REQUEST_URI} !^/.*\.js$
RewriteCond %{REQUEST_URI} !^/login.pl$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
</VirtualHost>"
--
Patryk "LeadMan" Benderz
Linux Registered User #377521
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
Matthew Caron
2011-10-05 13:45:23 UTC
Permalink
Post by Dietmar Maurer
a2ensite pve-on-port-443.conf
You should be able to do that:

echo "Listen 443" > pve-on-port-443.conf
sudo mv pve-on-port-443.conf /etc/apache2/sites-available/
sudo a2ensite pve-on-port-443.conf
sudo /etc/init.d/apache2 reload

Looking at /etc/apache2/apache2.conf, the only difference between the
ports.conf include and the sites-enabled lines is that the LogFormat
lines and conf.d is after ports.conf and before apache2.conf...
--
Matthew Caron
Build Engineer
Sixnet | www.sixnet.com
O +1 518 877 5173 Ext. 138
F +1 518 602 9209
***@sixnet.com
Giuliano Monti Avellino
2011-10-05 12:49:18 UTC
Permalink
Post by Dietmar Maurer
Post by ribbon
I begun to use proxmox 2.0 beta.
But proxmox 2.0 beta uses port 8006 to connect web control panel.
Some environment allow only port 80 or 443 for a reason to secure.
Then question.
Can I change default port from 8006 to 443?
No, currently not. I still not found a good solution to enable/disable
different ports with apache.
Anyone has an idea how to do that?
- Dietmar
http://httpd.apache.org/docs/2.2/bind.html
_______________________________________________
pve-user mailing list
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
Dietmar Maurer
2011-10-05 13:20:49 UTC
Permalink
Thanks, I know the apache configuration directives.

The question is howto enable an additional port 443, without changing any
existing apache configuration files (on debian).

From: Giuliano Monti Avellino [mailto:***@gmail.com]
Sent: Mittwoch, 05. Oktober 2011 14:49
To: Dietmar Maurer
Cc: pve-***@pve.proxmox.com
Subject: Re: [PVE-User] Can I change default port from 8006 to 443?
Post by ribbon
I begun to use proxmox 2.0 beta.
But proxmox 2.0 beta uses port 8006 to connect web control panel.
Some environment allow only port 80 or 443 for a reason to secure.
Then question.
Can I change default port from 8006 to 443?
No, currently not. I still not found a good solution to enable/disable different ports with apache.

Anyone has an idea how to do that?

- Dietmar

http://httpd.apache.org/docs/2.2/bind.html
Matthew Caron
2011-10-05 13:29:17 UTC
Permalink
Post by Dietmar Maurer
Thanks, I know the apache configuration directives.
The question is howto enable an additional port 443, without changing any
existing apache configuration files (on debian).
Why can't you change the existing files? ports.conf is designed to be
used for exactly this purpose - that's why the debian team broke it out
of the main httpd.conf file.
--
Matthew Caron
Build Engineer
Sixnet | www.sixnet.com
O +1 518 877 5173 Ext. 138
F +1 518 602 9209
***@sixnet.com
Dietmar Maurer
2011-10-05 15:01:24 UTC
Permalink
Why can't you change the existing files? ports.conf is designed to be used for
exactly this purpose - that's why the debian team broke it out of the main
httpd.conf file.
It is designed to be changed by the 'users' (not by another package)!

- Dietmar
Matthew Caron
2011-10-05 15:03:51 UTC
Permalink
Post by Dietmar Maurer
Why can't you change the existing files? ports.conf is designed to be used for
exactly this purpose - that's why the debian team broke it out of the main
httpd.conf file.
It is designed to be changed by the 'users' (not by another package)!
We're talking about this in the context of a user clicking something in
a web UI and thus machine a change by selecting "listen on these other
ports", right? How is this not a user making a change?
--
Matthew Caron
Build Engineer
Sixnet | www.sixnet.com
O +1 518 877 5173 Ext. 138
F +1 518 602 9209
***@sixnet.com
Dietmar Maurer
2011-10-05 15:34:59 UTC
Permalink
Post by Dietmar Maurer
Post by Matthew Caron
Why can't you change the existing files? ports.conf is designed to be
used for exactly this purpose - that's why the debian team broke it
out of the main httpd.conf file.
It is designed to be changed by the 'users' (not by another package)!
We're talking about this in the context of a user clicking something in a web UI
and thus machine a change by selecting "listen on these other ports", right? How
is this not a user making a change?
What is if I find a better solution in 2 months? It is impossible to roll out my better solution
if the user modified those file. Or how should that work?

Normally it is best to have everything in /etc/apache2/conf.d/myconf or /etc/apache2/sites-available/mystite.conf,
and let the package update those files. That way you can roll out changes.

- Dietmar
Matthew Caron
2011-10-05 16:07:35 UTC
Permalink
Post by Dietmar Maurer
What is if I find a better solution in 2 months? It is impossible to roll out my better solution
if the user modified those file. Or how should that work?
I think it triggers a conflict resolution dialog. As in "you've modified
this file and the package maintainer has a new one, which one do you
want to use", etc.
Post by Dietmar Maurer
Normally it is best to have everything in /etc/apache2/conf.d/myconf or /etc/apache2/sites-available/mystite.conf,
and let the package update those files. That way you can roll out changes.
Fair enough. Copied from my other email:

===
You should be able to do that:

echo "Listen 443" > pve-on-port-443.conf
sudo mv pve-on-port-443.conf /etc/apache2/sites-available/
sudo a2ensite pve-on-port-443.conf
sudo /etc/init.d/apache2 reload

Looking at /etc/apache2/apache2.conf, the only difference between the
ports.conf include and the sites-enabled lines is that the LogFormat
lines and conf.d is after ports.conf and before apache2.conf...
===

Does the above not work?
--
Matthew Caron
Build Engineer
Sixnet | www.sixnet.com
O +1 518 877 5173 Ext. 138
F +1 518 602 9209
***@sixnet.com
Dietmar Maurer
2011-10-05 19:26:56 UTC
Permalink
I think it triggers a conflict resolution dialog. As in "you've modified this file and
the package maintainer has a new one, which one do you want to use", etc.
Yes, and that question is most time impossible to answer with Yes/No (you want both, the updates, and your modifications)

- Dietmar
Alain Péan
2011-10-06 07:40:38 UTC
Permalink
Post by Dietmar Maurer
I think it triggers a conflict resolution dialog. As in "you've modified this file and
the package maintainer has a new one, which one do you want to use", etc.
Yes, and that question is most time impossible to answer with Yes/No (you want both, the updates, and your modifications)
- Dietmar
I guess it is also relevant, and perhaps more important, for
authentication management/configuration, like LDAP/AD, through web
interface ? Here, you have also to modify Apache configuration files
(among other configuration files for lDAP or Kerberos).

Alain
--
==========================================================
Alain Péan - LPP/CNRS
Administrateur Système/Réseau
Laboratoire de Physique des Plasmas - UMR 7648
Observatoire de Saint-Maur
4, av de Neptune, Bat. A
94100 Saint-Maur des Fossés
Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33
==========================================================
Giuliano Natali
2011-10-05 13:32:25 UTC
Permalink
Post by Dietmar Maurer
Thanks, I know the apache configuration directives.
The question is howto enable an additional port 443, without changing any
existing apache configuration files (on debian).
in /etc/rc.local


iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8006

in this manner you have the two ports open and you can use 443 or 8006
withouth changing apache directives


Diaolin
Dietmar Maurer
2011-10-05 13:35:14 UTC
Permalink
Thanks, nice solution. But I am still looking for a 'apache only' solution (without iptables)?
-----Original Message-----
Sent: Mittwoch, 05. Oktober 2011 15:32
Subject: Re: [PVE-User] Can I change default port from 8006 to 443?
Post by Dietmar Maurer
Thanks, I know the apache configuration directives.
The question is howto enable an additional port 443, without changing
any existing apache configuration files (on debian).
in /etc/rc.local
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8006
in this manner you have the two ports open and you can use 443 or 8006
withouth changing apache directives
Diaolin
_______________________________________________
pve-user mailing list
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
Lars Wilke
2011-10-05 13:39:59 UTC
Permalink
Post by Dietmar Maurer
Thanks, nice solution. But I am still looking for a 'apache only' solution (without iptables)?
Would the include mechanism not be good enough, i.e.

somewhere in the main config of Apache: Include <some_dir>/*.conf
Per default conf.d and sites-enabled are sourced like this.

In some_dir you could add config files as you like.

--lars
Dietmar Maurer
2011-10-05 15:10:14 UTC
Permalink
Post by Lars Wilke
Would the include mechanism not be good enough, i.e.
sure, the plan is to use that (the question is about the details).

- Dietmar
Eneko Lacunza
2011-10-05 13:41:38 UTC
Permalink
Maybe you could produce new apache config files using templates and
sed'ing the port number, then reload apache. Not too elegant but you
skip having to parse the real config file and can be implemented in a
single command line.
Post by Dietmar Maurer
Thanks, I know the apache configuration directives.
The question is howto enable an additional port 443, without changing any
existing apache configuration files (on debian).
From: Giuliano Monti Avellino
Sent: Mittwoch, 05. Oktober 2011 14:49
To: Dietmar Maurer
Subject: Re: [PVE-User] Can I change default port from 8006 to 443?
Post by ribbon
I begun to use proxmox 2.0 beta.
But proxmox 2.0 beta uses port 8006 to connect web control panel.
Some environment allow only port 80 or 443 for a reason to secure.
Then question.
Can I change default port from 8006 to 443?
No, currently not. I still not found a good solution to enable/disable
different ports with apache.
Anyone has an idea how to do that?
- Dietmar
http://httpd.apache.org/docs/2.2/bind.html
_______________________________________________
pve-user mailing list
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
_______________________________________________
pve-user mailing list
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
--
Zuzendari Teknikoa / Director Técnico
Binovo IT Human Project, S.L.
Telf. 943493611
Astigarraga bidea 2, planta 2 dcha., ofi. 10; 20180 Oiartzun (Gipuzkoa)
www.binovo.es
Loading...