Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to change the port 80 and port 443 used by ESP to some other port ? #23

Open
bhardwaj-nakul opened this issue Dec 8, 2021 · 4 comments
Open

How to change the port 80 and port 443 used by ESP to some other port ? #23

bhardwaj-nakul opened this issue Dec 8, 2021 · 4 comments

Comments

@bhardwaj-nakul
Copy link

bhardwaj-nakul commented Dec 8, 2021
edited
Loading

ESP uses port 80[HTTP] and port 443[HTTPS] to host nginx server. During provisioning, http and https calls route to their default port numbers. Is there a way that we can specify in ESP to change these default ports to user defined port numbers ?
@dvintel
Copy link
Contributor

dvintel commented Dec 8, 2021

It is currently not supported, but you could manually modify the docker-compose file to change the ports.

Edge-Software-Provisioner/docker-compose.yml

Line 62 in ed15845

ports:

You would also have to change the way that the kernel parameter: HOSTIP is set

Edge-Software-Provisioner/scripts/profileutils.sh

Line 663 in 53a03b2

local httpserverArg="httpserver=@@HOST_IP@@"

So that the client machines can get back to the Edge Software Provisioner during PXE boot

@bhardwaj-nakul
Copy link
Author

Okay, we can change the ports in docker-compose file. That will get the nginx server to host on user defined port.

Edge-Software-Provisioner/docker-compose.yml

Line 63 in ed15845

- 80:80

Let's say I have to change the http port from 80 to 8888, then I can modify this line as
8888:80

Now, to set the HOSTIP with modified port number, will we need to provide the HOSTIP:8888 through config.yml ?

Edge-Software-Provisioner/conf/config.yml

Line 16 in ed15845

# host_ip: 192.168.1.11

If we do this then won't there be a conflict where port numbers are hardcoded or where HTTPS calls are being made, as highlighted in following instances ?

Edge-Software-Provisioner/dockerfiles/uos/bash/init

Line 70 in 53a03b2

if [ $( nc -vz ${param_httpserver} 80; echo $?; ) -ne 0 ] && [ $( nc -vz ${param_httpserver} 443; echo $?; ) -ne 0 ]; then

Edge-Software-Provisioner/dockerfiles/uos/bash/init

Line 76 in 53a03b2

wget --no-check-certificate --header "Authorization: token ${param_token}" -O - ${param_bootstrap/http:/https:} 2> ${CONSOLE_OUTPUT} | bash -s - $param_httpserver

Edge-Software-Provisioner/scripts/espctl.sh

Line 164 in 9eda8c3

podman run -d --privileged --name=${CURDIR}_web_1 --restart=always -p 80:80 -p 443:443 -e CN=edgebuilder.local -e O=edgebuilder -e OU=edgebuilder -e C=US -e http_proxy=${http_proxy:-} -e https_proxy=${https_proxy:-} -e ftp_proxy=${ftp_proxy:-} -e no_proxy=${no_proxy:-} -e HTTP_PROXY=${HTTP_PROXY:-} -e HTTPS_PROXY=${HTTPS_PROXY:-} -e FTP_PROXY=${FTP_PROXY:-} -e NO_PROXY=${NO_PROXY:-} --mount type=bind,source=${PWD}/./data/certbot/conf,destination=/etc/letsencrypt --mount type=bind,source=${PWD}/./data/certbot/www,destination=/var/www/certbot --mount type=bind,source=${PWD}/./data/etc/ssl/private,destination=/etc/ssl/private --mount type=bind,source=${PWD}/./data/srv/tftp,destination=/usr/share/nginx/html/tftp,bind-propagation=shared --mount type=bind,source=${PWD}/./data/usr/share/nginx/html,destination=/usr/share/nginx/html,bind-propagation=shared --mount type=bind,source=${PWD}/./data/usr/share/nginx/html/web-cert,destination=/etc/ssl/cert --mount type=bind,source=${PWD}/./template/nginx,destination=/usr/share/nginx/template builder-web

How do you suggest we safely set the HOSTIP ?

@dvintel
Copy link
Contributor

dvintel commented Dec 8, 2021

Correct, you can change the port in the docker compose file which will get nginx to serve on the desired port.

Also correct, you have to make sure you check all the places where host IP is used and make sure that it is not having a port appended. It IS NOT enough to just specify the port in the config file. Off the top of my head, there should be something for the git tea instance, but I'm sure there are other places.

Sorry there isn't an easy turn-key solution, this portion was not designed to be configurable. However, we could add it to the back log if there is enough demand for it. If you are successful, it would be great to get a PR!

@brod-intel
Copy link
Contributor

What else are you running on the same system?

There is a possible work around, but it depends what you are running on the same system hosted with ESP.
You can use HAProxy container to do path-based redirection or URI redirection.

You can setup an HAProxy policy like this:

When someone access http://{ESP_IP_ADDRESS}/my_cool_webservice/* it proxies to http://127.0.0.1:8081/ (which is running your software)
Default behavior, when the ESP Profiles access http://{ESP_IP_ADDRESS}/* it proxies to http://127.0.0.1:8080/ (which is running ESP Nginx)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dvintel @brod-intel @bhardwaj-nakul