[BlueOnyx:26758] BlueOnyx 5211R: GUI on non-standard ports now possible

Michael Stauber mstauber at blueonyx.it
Wed Feb 21 02:19:50 -05 2024 

Hi all,

Today a client raised the issue about running the (new) BlueOnyx 5211R 
GUI on a port other than 81/TCP for HTTPS.

We've talked about this before on the list and it's not exactly easy, as 
CodeIgniter has the FQDN and the port hard coded in its configuration. 
In fact it *only* runs on port 81 (HTTPS) and the port 444 is just a 
redirect to port 81.

Aside from that CodeIgniter issue: We also have port 81/TCP hardcoded 
all over the place.

So I did it anyway and it boiled down to these code changes:

https://devel.blueonyx.it/trac/changeset?reponame=&new=5138%40BlueOnyx%2F5311R&old=5124%40BlueOnyx%2F5311R

Once you have the YUM updates from the [BlueOnyx-5211R-Testing] 
repository installed, you can find the settings under "Server 
Management" / "Maintenance" / "Server Desktop".

See attached screenshot.

Two now settings were added:

GUI HTTPS Port
===============

Allows you to configure which port AdmServ runs on.


GUI Aliases
============

Defines the Apache (public webserver!) aliases which redirect to 
https://<server-name>:<gui-port>/login

These are by default the following:

login
admin
siteadmin
personal

You can change that list and/or can change how many alias are there. But 
you must have at least one entry. No matter how it is called.


Technical details:
===================

I'll keep it short. Any Apache, AdmServ or CodeIgniter config file, GUI 
page or static HTML page that previously had port 81 hard coded will get 
updated once you save the changes in the GUI.

If firewalld is enabled, a rule will be added to (globally) open the new 
port as well.

If the GUI port is changed while you save, you will be redirected to the 
new port.


Further improvements or changes:
================================

Taco Scargo recently made the suggestion to *maybe* run GUI access 
through a proxy on Apache. Like you call https://<server>/login (no GUI 
port specified!) and we'll then use mod_proxy to round-trip GUI accesses 
through the regular Apache.

That could potentially be useful in environments where non-standard 
ports cannot be easily opened due to administrative and/or institutional 
red tape.

I'm considering to add this feature as an option, too. However: Apache 
gets restarted on certain GUI changes and that can throw a wrench into 
the proxy connection to AdmServ. So if that potential new feature is 
ever added? It could be a bit glitchy. That's something that needs to be 
tested.

-- 
With best regards

Michael Stauber
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gui-ports.png
Type: image/png
Size: 99964 bytes
Desc: not available
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20240221/9fe13f0d/attachment.png>

More information about the Blueonyx mailing list