Hello All,
I have an Ignition (v8.0.7) gateway running on an AWS EC2 instance (Ubuntu 18.04.3). I am trying to get lets encrypt certs installed which from what I understand requires ignition to run on port 80. When I change the port though I cant seem to get Ignition to start again. I have attached the wrapper logs. Also, I have opened port 80 to allow incoming connects. Is there something special I need to do to start Ignition on port 80?
wrapper.log (62.4 KB)
You almost certainly don’t have permission to bind to any port below 1024.
You should leave it on 8088 and forward port 80 to 8088 on your instance anyway.
Yes.
The short version is, Linux systems don’t allow non-root access to ports below 1024.
Rather than running Ignition as root (meaning an attacker could basically take over your server if they can exploit Ignition), use a reverse proxy like nginx or just set up local forwarding using iptables or the like.
Thanks guys that makes since. I thought it seemed pretty risky to just put a gateway on port 80.
Just noted that systemd can handle this for you with this setting:
[Service]
...... Other stuff ......
AmbientCapabilities=CAP_NET_BIND_SERVICE
At least, it works for me with Ubuntu 18.04.
This thread is really informative however it does not say how to change the port back. The answer is not obvious as the gateway is crippled, making recovery a bit problematic:
After some poking around in the file system this how I recovered my system:
nano /usr/local/bin/ignition/data/gateway.xml
<entry key="gateway.port">80</entry>
back to:
<entry key="gateway.port">8088</entry>
ignition start
There might be a better way but I know this works.
Hope this helps someone in the future as I got to the end of this thread and had an
XKCD flashback 