Issue changing default ports

I am having issue changing the default port that open ondemand is running on. It runs without issue using the standard 80 and 443 but if I change “listen_addr_port: 8008” and or virtual host port “port: 8443” in /etc/ood/config/ood_portal.yml it doesn’t work.

Here are the main issues:
update /etc/ood/config/ood_portal.yml
sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal --rpm
cd /etc/apache2/conf-enabled
rm ood-portal.conf
cp /etc/apache2/sites-available/ood-portal.conf ood-portal.conf
(have to do above steps becuase it doesnt automatically apply the settings to conf or sites enabled, not sure why)
sudo systemctl restart apache2

now can access under https://url:8443 → redirect to https://url:5554 for dex login, once logged in it redirects to https://url which doesn’t work and have to manually add in :8443 again. The other issue is when I run sudo netstat -tulpn | grep :443 and sudo netstat -tulpn | grep :80 it shows that they are still being used and if I kill what is running on those ports, ood on port 8443 no longer loads either, if I restart apache it starts using up port 80 and 443 again. I have also updated ports.conf under /etc/apache2 without luck.

I need ports 80 and 443 open for nginx ingress controller for k8s.

Hey sorry for the trouble. Would it be possible to post the unset ood_portal.yml settings currently to see how things are configured?

It’s strange you have to issue all those command though, it seems like something is not setup correctly if the portal generator command isn’t doing this for you.

Yes I can post ood_portal.yml. This is the working one that is using ports 80 and 443 but with manually having to copy from /etc/apache2/sites-available/ood-portal.conf to /etc/apache2/conf-enabled after running sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal --rpm

servername: xcitemain.asrc.albany.edu

ssl:
  - 'SSLCertificateFile "/etc/letsencrypt/live/xcitemain.asrc.albany.edu/fullchain.pem"'
  - 'SSLCertificateKeyFile "/etc/letsencrypt/live/xcitemain.asrc.albany.edu/privkey.pem"'
  - 'SSLCertificateChainFile "/etc/letsencrypt/live/xcitemain.asrc.albany.edu/chain.pem"'

rnode_uri: '/rnode'

dex:
  connectors:
    - type: ldap
      id: ldap
      name: LDAP
      config:
        host: 169.226.68.133:389
        insecureSkipVerify: true
        insecureNoSSL: true
        bindDN: cn=admin,dc=xcitedb,dc=asrc,dc=albany,dc=edu
        bindPW: ******
        userSearch:
          baseDN: ou=People,dc=xcitedb,dc=asrc,dc=albany,dc=edu
          filter: "(objectClass=posixAccount)"
          username: uid
          idAttr: uid
          emailAttr: mail
          nameAttr: gecos
          preferredUsernameAttr: uid
        groupSearch:
          baseDN: ou=Groups,dc=xcitedb,dc=asrc,dc=albany,dc=edu
          filter: "(objectClass=posixGroup)"
          userMatchers:
            - userAttr: DN
              groupAttr: member
          nameAttr: cn
  frontend:
    theme: ondemand
    dir: /usr/share/ondemand-dex/web

This is everything that is uncommented in the file unless I missed something.

You need to use these configurations.

port: 8443
listen_addr_port: 8443

You’ll also have to remove these Listen directives.

root@e5196870098d:/# grep -R Listen /etc/apache2/
/etc/apache2/ports.conf:Listen 80
/etc/apache2/ports.conf:        Listen 443
/etc/apache2/ports.conf:        Listen 443

There should be a symlink between /etc/apache2/sites-enabled/ood-portal.conf and /etc/apache2/sites-available/ood-portal.conf ood-portal.conf. Note it’s sites note conf, that’s not a typo, that’s a debian common practice for vhosts.

Well maybe there was a symlink when you installed. The copying may have overwritten it, but you should restore the symlink.

Thank you for the quick response. Did all of the above and almost everything is working. When restarting apache I get the following error:

systemctl status apache2.service
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
    Drop-In: /etc/systemd/system/apache2.service.d
             └─ood-portal.conf, ood.conf
     Active: failed (Result: exit-code) since Wed 2022-11-30 02:36:58 UTC; 59s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 2522601 ExecStartPre=/opt/ood/ood-portal-generator/sbin/update_ood_portal --rpm (code=exited, status=0/SUCCESS)
    Process: 2522611 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
      Tasks: 1 (limit: 154210)
     Memory: 216.0M
     CGroup: /system.slice/apache2.service
             └─2038902 /usr/sbin/apache2 -k start

Nov 30 02:36:58 xcitemain update_ood_portal[2522601]: No change in the Dex config.
Nov 30 02:36:58 xcitemain systemd[1]: apache2.service: Found left-over process 2038902 (apache2) in control group while starting unit. Ignoring.
Nov 30 02:36:58 xcitemain systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Nov 30 02:36:58 xcitemain apachectl[2522614]: AH00526: Syntax error on line 46 of /etc/apache2/sites-enabled/ood-portal.conf:
Nov 30 02:36:58 xcitemain apachectl[2522614]: Cannot define multiple Listeners on the same IP:port
Nov 30 02:36:58 xcitemain apachectl[2522611]: Action 'start' failed.
Nov 30 02:36:58 xcitemain apachectl[2522611]: The Apache error log may have more information.
Nov 30 02:36:58 xcitemain systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Nov 30 02:36:58 xcitemain systemd[1]: apache2.service: Failed with result 'exit-code'.
Nov 30 02:36:58 xcitemain systemd[1]: Failed to start The Apache HTTP Server.

I am able to fix this by commenting out line 46 :

#Listen 8443  

and restarting apache. After this ood now runs on the 8443 port correctly but I assume I shouldn’t need to take this out manually?

after more digging it does not look like it is running correctly. It will open on https://url:8443 but netstat -tulpn | grep :80 and netstat -tulpn | grep :443 still show the ports being used. If I stop the processes using those ports, ood is shutdown as well.

Do you have this defined somewhere else in /etc/apache2?

Something weird is going on. I switched to port 5443 for ood as a test, restart and run grep -R Listen /etc/apache2/ with results below:

grep -R Listen /etc/apache2/
/etc/apache2/sites-enabled/ood-portal.conf:# Listen should always be one of:
/etc/apache2/sites-enabled/ood-portal.conf:Listen 5443
/etc/apache2/sites-available/ood-portal.conf:# Listen should always be one of:
/etc/apache2/sites-available/ood-portal.conf:Listen 5443

but still showing that port 8443 is in use and if I kill what is running on port 8443 after switching for it to use 5443 it stops ood:

netstat -tulpn | grep :8443
tcp6       0      0 :::8443                 :::*                    LISTEN      16203/apache2    

Figured out the issue, cant have everything commented out in /etc/apache2/ports.conf. Need to switch the ports to listen to different ports so it wouldn’t automatically use the defaults (but still not sure where the defaults to use 8443 are set)