Low port numbers (<1024) and the Data Aggregator
search cancel

Low port numbers (<1024) and the Data Aggregator

book

Article ID: 372555

calendar_today

Updated On:

Products

DX NetOps CA Performance Management - Usage and Administration

Issue/Introduction

we want to use port 443 for access to oData querybuilder on the DA

 

When setting the DA up for SSL, you can change the port that the DA is using.

This is one of the options when running DA sslConfig.sh

Environment

 DX NetOps : All Supported Versions

Cause

Ports under 1024 are privileged ports and require root authorization.

Resolution

If you are running DA as root, just use sslConfig.sh to configure DA HTTPS to use 443.  Then update the DA data source in Portal to use the new https/port.

 

If you are running DA as a non-root user you may have trouble using 443 or any other port <1024.

Run sslConfig.sh to configure the DA HTTPS to use 443.

Edit the dadaemon.service file, 

/etc/systemd/system/dadaemon.service

 

You will need to add:

Under [Service], add:

AmbientCapabilities=CAP_NET_BIND_SERVICE

 

Here is an edited dadaemon.service file

[Unit]
Description=Data Aggregator
After=syslog.target
Wants=activemq.service

[Service]
# Use root so can start AMQ if not running, karaf runs as non-root user
User=root
Type=forking
ExecStart=/opt/IMDataAggregator/scripts/dadaemon start sysd
ExecStop=/opt/IMDataAggregator/scripts/dadaemon stop sysd
TimeoutStopSec=315
AmbientCapabilities=CAP_NET_BIND_SERVICE #added to allow low port for DA

[Install]
WantedBy=multi-user.target

………………………..

Once completed, you will need to update the DA data source in Portal to use the new https/port.

 

Additional Information

This change may not survive an upgrade, make sure to backup this file and add notes to your env.

*

Privileged ports

The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run servers on them. This is a security feature, in that if you connect to a service on one of these ports you can be fairly sure that you have the real thing, and not a fake which some hacker has put up for you.

The normal port number for W3 servers is port 80. This number has been assigned to WWW by the Internet Assigned Numbers Authority, IANA.

When you run a server as a test from a non-privileged account, you will normally test it on other

*

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/dx-netops/23-3/securing-dx-netops/securing-performance-monitoring/set-up-https/enable-https-for-the-data-aggregator/enable-the-data-aggregator-to-use-ssl.html

Powered by Wolken Software