Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Roque
slapos
Commits
01fbb107
Commit
01fbb107
authored
Mar 11, 2013
by
Cédric de Saint Martin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update apache_frontend documentation.
Mention the setcap solution to allow listening to port 443 and 80.
parent
7d4cf819
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
16 additions
and
1 deletion
+16
-1
software/apache-frontend/README.apache_frontend.txt
software/apache-frontend/README.apache_frontend.txt
+16
-1
No files found.
software/apache-frontend/README.apache_frontend.txt
View file @
01fbb107
...
@@ -83,6 +83,7 @@ port
...
@@ -83,6 +83,7 @@ port
Port used by Apache. Optional parameter, defaults to 4443.
Port used by Apache. Optional parameter, defaults to 4443.
plain_http_port
plain_http_port
~~~~~~~~~~~~~~~
Port used by apache to serve plain http (only used to redirect to https).
Port used by apache to serve plain http (only used to redirect to https).
Optional parameter, defaults to 8080.
Optional parameter, defaults to 8080.
...
@@ -192,7 +193,12 @@ Notes
...
@@ -192,7 +193,12 @@ Notes
=====
=====
It is not possible with slapos to listen to port <= 1024, because process are
It is not possible with slapos to listen to port <= 1024, because process are
not run as root. It is a good idea then to go on the node where the instance is
not run as root.
Solution 1
----------
It is a good idea then to go on the node where the instance is
and set some iptables rules like (if using default ports)::
and set some iptables rules like (if using default ports)::
iptables -t nat -A PREROUTING -p tcp -d {public_ipv4} --dport 443 -j DNAT --to-destination {listening_ipv4}:4443
iptables -t nat -A PREROUTING -p tcp -d {public_ipv4} --dport 443 -j DNAT --to-destination {listening_ipv4}:4443
...
@@ -200,3 +206,12 @@ and set some iptables rules like (if using default ports)::
...
@@ -200,3 +206,12 @@ and set some iptables rules like (if using default ports)::
Where {public ip} is the public IP of your server, or at least the LAN IP to where your NAT will forward to.
Where {public ip} is the public IP of your server, or at least the LAN IP to where your NAT will forward to.
{listening ip} is the private ipv4 (like 10.0.34.123) that the instance is using and sending as connection parameter.
{listening ip} is the private ipv4 (like 10.0.34.123) that the instance is using and sending as connection parameter.
Solution 2
----------
It is also possible to directly allow the service to listen on 80 and 443 ports using the following command:
setcap 'cap_net_bind_service=+ep' /opt/slapgrid/$APACHE_FRONTEND_SOFTWARE_RELEASE_MD5/parts/apache-2.2/bin/httpd
Then specify in the instance parameters "port" and "plain_http_port" to be 443 and 80, respectively.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment