oVirt engine/engine-setup with other port than default HTTPS 443 possible?
Hello, in a home lab with only one puplic IPv4-Adress is the Port 443 a very precious one. The installation of oVirt 4.3 on a single node/host with bare metal installed CentOS works well. (oVirt Cockpit and local installed engine added after installation of Centos 7.6). But it is more difficult to change the port from 443 to maybe 4443 the save the port 443. The change in: - /etc/httpd/conf/conf.d/ssl.conf - /var/lib/ovirt-engine/jboss_runtime/config/ovirt-engine.xml and - disable selinux - add 4443 to public with firewall-cmd It does not work... now I see is more difficult than I think before... A port redirection at the edge route from <public-IPv4>:4443 to <private-IPv4>:443 does also not work, because the links points all to the standard https adress without a port number. Is there a way to change the default port 443 of oVirt engine to a other port? Many Thanks in advance!
On Wed, Jun 12, 2019 at 10:38 PM Dirk Rydvan <rydvan@gmx.de> wrote:
Hello,
in a home lab with only one puplic IPv4-Adress is the Port 443 a very precious one. The installation of oVirt 4.3 on a single node/host with bare metal installed CentOS works well. (oVirt Cockpit and local installed engine added after installation of Centos 7.6).
But it is more difficult to change the port from 443 to maybe 4443 the save the port 443. The change in: - /etc/httpd/conf/conf.d/ssl.conf - /var/lib/ovirt-engine/jboss_runtime/config/ovirt-engine.xml and - disable selinux - add 4443 to public with firewall-cmd
It does not work... now I see is more difficult than I think before... A port redirection at the edge route from <public-IPv4>:4443 to <private-IPv4>:443 does also not work, because the links points all to the standard https adress without a port number. Is there a way to change the default port 443 of oVirt engine to a other port?
I do not think this was ever tested, but you can try doing that by running engine-setup with an answer file that includes e.g.: OVESETUP_CONFIG/httpPort=int:2080 OVESETUP_CONFIG/httpsPort=int:2443 It should configure everything correctly, more-or-less. I guess most people in your position use some proxy, though, or ssh tunneling, etc. Good luck and best regards, -- Didi
The idea ist quite good - a modified answer file with the suggested values seems to work at beginning: <log> INFO ] Restarting httpd Please use the user 'admin@internal' and password specified in order to login Web access is enabled at: http://hypervisor.local:2080/ovirt-engine https://hypervisor.local:2443/ovirt-engine Internal CA B1:02:C1:A4:7A:70:18:22:F5:4C:55:B3:F6:B3:6A:3D:BF:EF4 SSH fingerprint: SHA256:mj941Nk0yz2lrt0laognOHgTK18nP+zO6b4fPfXa3wM --== END OF SUMMARY ==-- </log> OK - I add 2443 manualy to firewall: <log> firewall-cmd --permanent --add-port=2443/tcp --zone=public firewall-cmd --reload </log> OK - httpd conf is still 443 instead of 2443, I change it manualy: <log> vi /etc/httpd/conf.d/ssl.conf </log> I see, that dissabling selinux is necessary - I do so: <log> vi /etc/sysconfig/selinux reboot </log> it still not work - in the Browser: <log> Errorcode: SSL_ERROR_RX_RECORD_TOO_LONG </log> ....and no idea anymore....
participants (2)
-
Dirk Rydvan -
Yedidyah Bar David