Redirect ports

If you have performed an ARIS installation on a Linux operating system the internal ARIS user running all runnables has no root privileges. So all privileged ports (<1024) cannot be used. To run ARIS under a privileged port, a user with root privileges must redirect the ports, for example, the HTTP port 80 or the HTTPS port 443.

When installing ARIS on a Linux operating system, for security reasons, all ARIS components (runnables) are running under a user account that has no root privileges. Such NON-root users, cannot use privileged ports. Privileged ports are all ports <1024. This restriction in particular affects the loadbalancer runnable, through which all ARIS Clients access the application through HTTP and HTTPS protocol. The standard ports for these two protocols are 80 and 443, respectively, but due to the restriction, the loadbalancer runnable will by default use ports 1080 and 1443, respectively.

To allow users to access ARIS through the default ports of the respective protocol, a port redirect can be performed.

Procedure

  1. To redirect ports, use the basic syntax of the iptables command:

    iptables -t nat -A PREROUTING -i <network interface> -p tcp --dport <port number to redirect> -j REDIRECT --to-ports <port number>

    Replace <network interface> with the name of the network interface through which ARIS Clients access the ARIS Server. You can use the ip addr command to get an overview of all network interfaces and their associated IP addresses.

    Replace <port number to redirect> with the port on which ARIS should be made accessible to clients. Usually this is the default port of the respective protocol: port 80 for HTTP and port 443 for HTTPS.

    Replace <port number> with the physical port used by the loadbalancer runnable, that is: port 1080 for HTTP and port 1443 for HTTPS, unless the load balancer port configuration was changed.

    This example redirects port 80 to port 1080 to allow HTTP access over the standard port for the network interface enp0s8:

    iptables -t nat -A PREROUTING -i enp0s8 -p tcp --dport 80 -j REDIRECT --to-ports 1080

    This example redirects port 443 to port 1443 to allow HTTPS access over the standard port, here for a network interface named eth0:

    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-ports 1443

    Démarrer ARIS Cloud Controller (ACC).

  2. Exécutez une commande reconfigure sur le runnable loadbalancer.

    Pour indiquer au runnable loadbalancer par quels ports les utilisateurs y ont maintenant accès, vous devez exécuter une commande ACC reconfigure avec la syntaxe suivante :

    reconfigure loadbalancer_<SIZING> HTTPD.zookeeper.application.instance.http.port=<externalHttpPort> HTTPD.zookeeper.application.instance.port=<externalHttpsPort>

    Remplacez <SIZING> avec la taille que vous avez utilisée pour installer ARIS Server, comme s, m ou l.

    Remplacez <externalHttpPort> par le port à partir duquel vous redirigez le port HTTP physique du runnable loadbalancer (en général le port 80).

    Remplacez <externalHttpsPort> par le port à partir duquel vous redirigez le port HTTPS physique du runnable loadbalancer (en général le port 443).

    Cet exemple indique au runnable loadbalancer dans une taille d'installation m que les utilisateurs y ont maintenant accès par les ports redirigés 80 et 443 :

    reconfigure loadbalancer_m HTTPD.zookeeper.application.instance.http.port=80 HTTPD.zookeeper.application.instance.port=443

Les utilisateurs ARIS ont accès à ARIS avec les ports redirigés.

Si les runnables ne démarrent pas correctement, vous devez résoudre les conflits de ports possibles.