SMT - How to change the SMT's default port
This document (000019870) is provided subject to the disclaimer at the end of this document.
Environment
Subscription Management Tool
SUSE Linux Enterprise Server 12 GA
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 12 GA
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
Situation
The security policies are blocking port 443 used by the SMT server, so it must be changed to a different port.
IMPORTANT: this procedure is not supported, so it is provided to be used "as is" and as a workaround. If a case is open to SUSE Support related to problems derivate of this change or any other issues related to the SMT server, then it will be requested to change it back to the default configuration using port 443.
IMPORTANT: this procedure is not supported, so it is provided to be used "as is" and as a workaround. If a case is open to SUSE Support related to problems derivate of this change or any other issues related to the SMT server, then it will be requested to change it back to the default configuration using port 443.
Resolution
For this example, the default port 443 is changed to 8443:
1 - On the SMT server as root:
1.1 - Stop all the SMT related services and check the status to make sure the services are stopped:
# systemctl stop apache2.service
# systemctl status apache2.service
# systemctl stop mysql.service
# systemctl status mysql.service
# systemctl stop smt.service
# systemctl status smt.service
1.2 - Create a backup copy of Apache's configuration files:
# cp -p /etc/apache2/listen.conf /etc/apache2/listen.conf.BCK
# cp -p /etc/apache2/vhosts.d/vhost-ssl.conf /etc/apache2/vhosts.d/vhost-ssl.conf.BCK
1.3 - Edit the /etc/apache2/listen.conf file and change the line:
Listen 443
To:
Listen 8443
Save the changes and exit the editor.
1.4 - Edit the /etc/apache2/vhosts.d/vhost-ssl.conf file and change the line:
<VirtualHost _default_:443>
To:
<VirtualHost _default_:8443>
Save the changes and exit the editor.
1.5 - Start the SMT services to apply the changes:
# systemctl start smt.service
# systemctl status smt.service
# systemctl start apache2.service
# systemctl status apache2.service
# systemctl start mysql.service
# systemctl status mysql.service
1.6 - Verify that now it is listening on port 8443, here two command examples:
# netstat -na | grep -i "listen "
# ss -ltn
The output should show a line similar to any of these:
tcp 0 0 :::8443 :::* LISTEN
LISTEN 0 128 *:8443 *:*
Now the SMT is configured to listen on port 8443.
2 - On the Client:
2.1 - The procedure to register a Client against the SMT would be the same, but just adding the SMT's new port to the registration command, like this:
# ./clientSetup4SMT.sh --host SMT-FQDN-HERE:8443
2.1.1 - Once registered, the content of the /etc/SUSEConnect should look similar to this:
insecure: false
url: https://SMT-FQDN-HERE:8443/
language: en_US.utf8
2.2 - To register a Client to a specific namespace (when using "staging"), the registration command would be:
# ./clientSetup4SMT.sh --host SMT-FQDN-HERE:8443 --namespace NAMESPACE-HERE
2.2.1 - Once registered, the content of the /etc/SUSEConnect should look similar to this:
insecure: false
url: https://SMT-FQDN-HERE:8443/
namespace: NAMESPACE-HERE
language: en_US.utf8
3 - Modules and Extensions:
3.1 - Registration of Modules and Extensions do not need special command, it can be registered as usual via command line or Yast because the information about the SMT is taken directly from the /etc/SUSEConnect file.
1 - On the SMT server as root:
1.1 - Stop all the SMT related services and check the status to make sure the services are stopped:
# systemctl stop apache2.service
# systemctl status apache2.service
# systemctl stop mysql.service
# systemctl status mysql.service
# systemctl stop smt.service
# systemctl status smt.service
1.2 - Create a backup copy of Apache's configuration files:
# cp -p /etc/apache2/listen.conf /etc/apache2/listen.conf.BCK
# cp -p /etc/apache2/vhosts.d/vhost-ssl.conf /etc/apache2/vhosts.d/vhost-ssl.conf.BCK
1.3 - Edit the /etc/apache2/listen.conf file and change the line:
Listen 443
To:
Listen 8443
Save the changes and exit the editor.
1.4 - Edit the /etc/apache2/vhosts.d/vhost-ssl.conf file and change the line:
<VirtualHost _default_:443>
To:
<VirtualHost _default_:8443>
Save the changes and exit the editor.
1.5 - Start the SMT services to apply the changes:
# systemctl start smt.service
# systemctl status smt.service
# systemctl start apache2.service
# systemctl status apache2.service
# systemctl start mysql.service
# systemctl status mysql.service
1.6 - Verify that now it is listening on port 8443, here two command examples:
# netstat -na | grep -i "listen "
# ss -ltn
The output should show a line similar to any of these:
tcp 0 0 :::8443 :::* LISTEN
LISTEN 0 128 *:8443 *:*
Now the SMT is configured to listen on port 8443.
2 - On the Client:
2.1 - The procedure to register a Client against the SMT would be the same, but just adding the SMT's new port to the registration command, like this:
# ./clientSetup4SMT.sh --host SMT-FQDN-HERE:8443
2.1.1 - Once registered, the content of the /etc/SUSEConnect should look similar to this:
insecure: false
url: https://SMT-FQDN-HERE:8443/
language: en_US.utf8
2.2 - To register a Client to a specific namespace (when using "staging"), the registration command would be:
# ./clientSetup4SMT.sh --host SMT-FQDN-HERE:8443 --namespace NAMESPACE-HERE
2.2.1 - Once registered, the content of the /etc/SUSEConnect should look similar to this:
insecure: false
url: https://SMT-FQDN-HERE:8443/
namespace: NAMESPACE-HERE
language: en_US.utf8
3 - Modules and Extensions:
3.1 - Registration of Modules and Extensions do not need special command, it can be registered as usual via command line or Yast because the information about the SMT is taken directly from the /etc/SUSEConnect file.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000019870
- Creation Date: 10-Feb-2021
- Modified Date:11-Feb-2021
-
- Subscription Management Tool
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
