Red Hat Bugzilla – Bug 1273806
Capsule http port always enabled
Last modified: 2015-11-17 10:04:38 EST
Description of problem:
Our company has the policy to disable HTTP when possible. Currently the HTTP port 8000 is always enabled on the capsule:
[crash] root@li-lc-1578:~# lsof -P -n | grep 'foreman-proxy.*TCP'
ruby 12159 foreman-proxy 5u IPv4 4013285 0t0 TCP *:8000 (LISTEN)
ruby 12159 foreman-proxy 6u IPv4 4013295 0t0 TCP *:9090 (LISTEN)
This comes from the smart-proxy configuration that is generated by the katello-installer:
[crash] root@li-lc-1017:~# grep http_port /etc/foreman-proxy/settings.yml
# http is disabled by default. To enable, uncomment 'http_port' setting
In the katello-installer there is also no option to disable it.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install Sat6
2. Check foreman proxy ports with 'lsof'
3. Check foreman proxy settings
Foreman proxy is using port 8000
HTTP is disabled by default
Option to enable HTTP
Port 8000 is currently used by the templates feature to support provisioning as well as capsule isolation. Until all anaconda versions support https, we need to support serving the templates over http. We may be able to change this in the future.
If provisioning is not desired, the port could be turned off by using the following installer options:
Ok, i see the option in the katello-installer of Sat6.1.3.
BZ be closed as it is supported to disable during the installation.