- Jamf Nation Community
- Products
- Jamf Pro
- Linux JSS, Change port from 8443 to 443
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Linux JSS, Change port from 8443 to 443
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-13-2014 10:32 AM
This topic has come up previously, but answers tend to be more on the Windows side. Wondered if I can ask specifically about Linux JSS deployments. We'd like to change JSS from port 8443 to 443, but also redirect 8443 to 443 in case users/code attempt the default port. This way our URL can be straightforward -- https://jss.companyname.com/. We'd also like to disable 8080, and have 80 redirect to 443. Thoughts on how to set this up?
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-14-2014 08:46 AM
I think theres a couple of ways that you could handle this...
You could make the changes within the tomcat server.xml file.. ( take a look at http://www.mkyong.com/tomcat/how-to-change-tomcat-default-port/ ) and then set up some sort of apache redirection from 8080 to 80, or you could leave the ports where they are at and use apache's proxypass directive to redirect from port 80 to 8080.
The nice thing about using apache's proxypass directive is that you don't change your JSS set up at all and therefore you don't need to worry about the settings getting overwritten or broken during an upgrade. Any clients could still hit the original urls, and then apache would handle the simplification of the URL for the straightforward URL. An end user would simply type in the straightforward URL of http://jss.mycompanyname.com and be presented with the page from port 8080.
Here's an example to add to the end of the apache httpd.conf file for port 80 to 8080
<VirtualHost *:80>
ServerName jss.companyname.com
ProxyRequests off
ProxyPass / http:/jss.companyname.com:8080/
ProxyPassReverse / http://jss.companyname.com:8080/
</VirtualHost>Hope this helps!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-14-2014 09:53 AM
Here is what JAMF support sent me for the 8443 to 443 change:
Mac:
Open the com.jamfsoftware.tomcat.plist located at /Library/LaunchDaemons/. Find the UserName key pair value and update it from "_appserver" to "root".
Ubuntu:
If the JSS installer was used modify the /etc/init.d/jamf.tomcat7 file and change the tomcatuser variable from "tomcat7" to "root".
If Tomcat was installed manually modify the /etc/default/tomcat7 file and change AUTHBIND=no to yes.
Procedure:
After fulfilling the requirements for each platform open the server.xml located in /path/to/tomcat/conf/ directory. Find the Connector port and update it from 8443 to 443. Below is an example of what the section may look like when Tomcat is installed by the JSS installer:
<Connector port="443" executor="tomcatThreadPool" SSLEnabled="true" maxHttpHeaderSize="8192" maxPostSize="0" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" protocol="HTTP/1.1" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/usr/local/jss/tomcat/TomcatSSLKeystore" keystorePass="8746017696210580389" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"><!--keystoreFile updated by JSS. Tue Dec 04 14:07:13 CST 2012--></Connector>
After modifying the server.xml restart Tomcat and attempt to connect to the JSS web application on https with port 443.
An upgrade of the JSS or re-install of the web application will overwrite the changes noted in the prerequisite section for each platform. Backup the startup item before performing an upgrade and restore afterward, or just make the change again after upgrading.
After changing the port to 443, the JSS URL will need to be updated accordingly. Since browsers default SSL connections (HTTPS) to port 443 we can exclude the port from the URL entirely. Check out our production JSS as an example: https://jss.jamfsw.com/jss/
Let me know how it goes or if you need any more clarification.
Thanks,
Paul Wech
JAMF Software
Support Specialist
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-08-2015 05:58 AM
On Unbuntu, instead of running tomcat7 as root you can also use AUTHBIND.
allow unprivileged user tomcat7 to bind to 'reserved' ports (below 1023)
sudo apt-get install authbind
sudo touch /etc/authbind/byport/443
sudo chmod 500 /etc/authbind/byport/443
sudo chown tomcat7 /etc/authbind/byport/443add AUTHBIND=yes to tomcat7 startup
JSS Installer:
sudo nano /etc/init.d/jamf.tomcat7find "# Define other required variables" and add on a new line
AUTHBIND=yes
Manual install:
sudo nano /etc/default/tomcat7Change AUTHBIND=no to AUTHBIND=yes
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-15-2017 05:07 PM
Hey all, just updating this thread with the new instructions sent from Jamf Support:
The process has changed slightly since we started to use Tomcat 8 We will want to use AuthBind in this instance, so we don't need to change the daemon owner from tomcat to root.
Install AuthBind
sudo apt-get install authbindConfigure permissions to allow Tomcat to own port 443
sudo touch /etc/authbind/byport/443 sudo chmod 500 /etc/authbind/byport/443 sudo chown jamftomcat /etc/authbind/byport/443Add AUTHBIND=yes to Tomcat's init file under "# Define other required variables"
sudo nano /etc/init.d/jamf.tomcat8
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-07-2017 01:46 PM
Has anyone had success changing the port from 8443 to 443 with jamf | Pro 10 running on RHEL 7 servers??
I've tried all the above methods with no success, am I overlooking something??
much thanks in advance
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-17-2017 11:53 AM
This applies for 9.100 and 10.0.
In addition to the above steps, add the following to your /usr/local/jss/tomcat/conf/web.xml file at the bottom before the final </web-app> tag:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-17-2017 11:59 AM
In addition, if you're running on Debian instead of Ubuntu, you'll need to replace the word "Ubuntu" with "Debian" in the init script in order to start the JSS.
