First Last Prev Next    This bug is not in your last search results.
Bug 50135 - [UDM HTTP API] API server listens on *:8888
[UDM HTTP API] API server listens on *:8888
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM - REST API
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: Florian Best
Daniel Tröder
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-09 13:39 CEST by Daniel Tröder
Modified: 2019-09-22 15:51 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2019-09-09 13:39:03 CEST 
There is no reason to have the tornado process listen on *:8888.

Localhost is sufficient, as it is proxied by Apache anyway.
8000, 8080 and 8888 are often used by Python web applications.

Let the API server listen only on 127.0.0.1 and use a custom, "unusual" port like 9753.
Comment 1 Florian Best univentionstaff 2019-09-09 15:31:28 CEST 
The port is currently configurable via 'directory/manager/rest/server/port' and with the univention-firewall not reachable via extern. But we can also let it bind to 127.0.0.1.

We have no registry about ports which are used by apps, etc. I can change it to something random.
Comment 2 Florian Best univentionstaff 2019-09-09 15:39:40 CEST 
I changed the default to port 9979 and use the 127.0.0.1 loopback interface.

univention-management-console-module-udm (9.0.12-34)
a2b9ea5b984e | Bug #50135: Bug #27816: make interface configurable, use 9979 as default port, use 127.0.0.1 as default interface
Comment 3 Daniel Tröder univentionstaff 2019-09-12 12:11:48 CEST 
OK: code change
OK: manual tests:

$ lsof -Pni | grep $(pgrep -f univention.management.server)
python2.7 18200 root 6u IPv4 48347504      0t0  TCP 127.0.0.1:9979 (LISTEN)
$ ucr set directory/manager/rest/server/port=12345
Create directory/manager/rest/server/port
File: /etc/apache2/sites-available/univention-management.conf
$ service univention-directory-manager-rest restart
$ lsof -Pni | grep $(pgrep -f univention.management.server)
python2.7  2057 root 6u IPv4 48434206      0t0  TCP 127.0.0.1:12345 (LISTEN)
$ ucr set directory/manager/rest/server/address=10.200.3.66
Create directory/manager/rest/server/address
$ service univention-directory-manager-rest restart
$ lsof -Pni | grep $(pgrep -f univention.management.server)
python2.7  2087 root 6u IPv4 48429020      0t0  TCP 10.200.3.66:12345 (LISTEN)
$ ucr set 'directory/manager/rest/server/address=*'
Setting directory/manager/rest/server/address
$ service univention-directory-manager-rest restart
$ lsof -Pni | grep $(pgrep -f univention.management.server)
python2.7  2116       root    6u  IPv6 48430574      0t0  TCP *:12345 (LISTEN)
$ wget http://10.200.3.66:12345
Verbindungsaufbau zu 127.0.0.1:12345 … verbunden.
$ wget http://127.0.0.1:12345
Verbindungsaufbau zu 127.0.0.1:12345 … verbunden.
$ ucr unset directory/manager/rest/server/port directory/manager/rest/server/address
Unsetting directory/manager/rest/server/port
Unsetting directory/manager/rest/server/address
File: /etc/apache2/sites-available/univention-management.conf
$ service univention-directory-manager-rest restart
$ lsof -Pni | grep $(pgrep -f univention.management.server)
python2.7  2251 root 6u IPv4 48430782      0t0  TCP 127.0.0.1:9979 (LISTEN)

REOPEN: missing UCRV descriptions
Comment 4 Florian Best univentionstaff 2019-09-13 18:31:05 CEST 
Added UCR-Variables description:

univention-directory-manager-rest (9.0.15-2)
470219b302ab | Bug #50135: describe UCR variables
Comment 5 Daniel Tröder univentionstaff 2019-09-13 19:02:19 CEST 
[4.4-1 247de7fb1f] Bug #50135: wording

Not rebuilt, as I'm sure there will be more rebuilds soon.
Comment 6 Florian Best univentionstaff 2019-09-18 14:53:27 CEST 
<http://errata.software-univention.de/ucs/4.4/282.html>
First Last Prev Next    This bug is not in your last search results.