I have an Ignition (v8.0.7) gateway running on an AWS EC2 instance (Ubuntu 18.04.3). I am trying to get lets encrypt certs installed which from what I understand requires ignition to run on port 80. When I change the port though I cant seem to get Ignition to start again. I have attached the wrapper logs. Also, I have opened port 80 to allow incoming connects. Is there something special I need to do to start Ignition on port 80?
wrapper.log (62.4 KB)
You almost certainly don’t have permission to bind to any port below 1024.
You should leave it on 8088 and forward port 80 to 8088 on your instance anyway.
The short version is, Linux systems don’t allow non-root access to ports below 1024.
Rather than running Ignition as root (meaning an attacker could basically take over your server if they can exploit Ignition), use a reverse proxy like
nginx or just set up local forwarding using
iptables or the like.
Thanks guys that makes since. I thought it seemed pretty risky to just put a gateway on port 80.
I haven’t tried this yet, but you might consider using the authbind tool.
Just noted that systemd can handle this for you with this setting:
...... Other stuff ......
At least, it works for me with Ubuntu 18.04.
This thread is really informative however it does not say how to change the port back. The answer is not obvious as the gateway is crippled, making recovery a bit problematic:
- The settings on the gateway webpage are not accessible in this state
- The “gwcmd -k 8088” wont work if the gateway is not running
After some poking around in the file system this how I recovered my system:
- Access the terminal on the server (ssh)
- Accessed the gateway configuration file using nano
- Changed the line:
- Saved the file (ctrl+o) and exited nano (ctrl+x)
- Started the gateway
There might be a better way but I know this works.
Hope this helps someone in the future as I got to the end of this thread and had an