If you have performed an ARIS installation on a Linux operating system the internal ARIS user running all runnables has no root privileges. So all privileged ports (<1024) cannot be used. To run ARIS under a privileged port, a user with root privileges must redirect the ports, for example, the HTTP port 80 or the HTTPS port 443.
When installing ARIS on a Linux operating system, for security reasons, all ARIS components (runnables) are running under a user account that has no root privileges. Such NON-root users, cannot use privileged ports. Privileged ports are all ports <1024. This restriction in particular affects the loadbalancer runnable, through which all ARIS Clients access the application through HTTP and HTTPS protocol. The standard ports for these two protocols are 80 and 443, respectively, but due to the restriction, the loadbalancer runnable will by default use ports 1080 and 1443, respectively.
To allow users to access ARIS through the default ports of the respective protocol, a port redirect can be performed.
Procedure
iptables -t nat -A PREROUTING -i <network interface> -p tcp --dport <port number to redirect> -j REDIRECT --to-ports <port number>
Replace <network interface> with the name of the network interface through which ARIS Clients access the ARIS Server. You can use the ip addr command to get an overview of all network interfaces and their associated IP addresses.
Replace <port number to redirect> with the port on which ARIS should be made accessible to clients. Usually this is the default port of the respective protocol: port 80 for HTTP and port 443 for HTTPS.
Replace <port number> with the physical port used by the loadbalancer runnable, that is: port 1080 for HTTP and port 1443 for HTTPS, unless the load balancer port configuration was changed.
This example redirects port 80 to port 1080 to allow HTTP access over the standard port for the network interface enp0s8:
iptables -t nat -A PREROUTING -i enp0s8 -p tcp --dport 80 -j REDIRECT --to-ports 1080
This example redirects port 443 to port 1443 to allow HTTPS access over the standard port, here for a network interface named eth0:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-ports 1443
To make the loadbalancer runnable know through which ports users are now accessing it, you need to run an ACC reconfigure command with the following syntax:
reconfigure loadbalancer_<SIZING> HTTPD.zookeeper.application.instance.http.port=<externalHttpPort> HTTPD.zookeeper.application.instance.port=<externalHttpsPort>
Replace <SIZING> with the sizing you used to install ARIS Server, such as s, m, or l.
Replace <externalHttpPort> with the port from which you redirect to the physical HTTP port of the loadbalancer runnable (usually port 80).
Replace <externalHttpsPort> with the port from which you redirect to the physical HTTPS port of the loadbalancer runnable (usually port 443).
This example tells the loadbalancer runnable in an m size installation that users are now accessing it through the redirected ports 80 and 443:
reconfigure loadbalancer_m HTTPD.zookeeper.application.instance.http.port=80 HTTPD.zookeeper.application.instance.port=443
ARIS users access ARIS using the redirected ports.
If runnables do not start up properly, resolve possible port conflicts.