Option to set HTTPS port on the controller no longer supports port 443

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Option to set HTTPS port on the controller no longer supports port 443

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Option to set HTTPS port on the controller no longer supports port 443
Option to set HTTPS port on the controller no longer supports port 443
2022-07-14 10:37:38 - last edited 2022-07-27 11:19:59

I've noticed that since the 5.1 release, the ability to set the controller to port 443 using the user interface has been removed:

 

 

I'm curious what the reasoning is behind that change.  I package up a Docker image and one of the use cases is to change the ports for the controller's admin ports to 80 & 443 as I am able to control the privileged ports through a sysctl applied to the Docker container.  While I can manually have the ports changed in the container through some other methods, the problem really comes when editing settings in the UI.  A user reported an issue (https://github.com/mbentley/docker-omada-controller/issues/217) where they were not able to save any settings on this screen due to the setting validation getting triggered by the use of port 443.

 

It would be ideal if the controller was either able to detect the sysctl setting to determine if it is allowed to set privileged ports as a non-root user and set the range accordingly in the UI or just return the ability to set it back to 443.

  2      
  2      
#1
Options
1 Accepted Solution
Re:Option to set HTTPS port on the controller no longer supports port 443-Solution
2022-07-27 01:53:32 - last edited 2022-07-27 11:19:59

Dear @mbentley,

 

mbentley wrote

  @Fae - That's true except for when you allow users to bind to ports below 1024 with something like:

 

sysctl net.ipv4.ip_unprivileged_port_start=0

 

Beside setting that directly in Linux, tools like Docker can also allow users to run containers like that with the sysctl modifying the behavior.  I, for one, have been using 443 for some time now with my controller and the change in this behavior in the UI is blocking from changing settings which seems like a poor experience.  Reading the value of ip_unprivileged_port_start would tell if the port can be set safely or not and at least let users, such as myself, continue to use port 443.

 

I know many people have requested and use the port mapping config to map to 443 as I've added the feature to change the port on first setup by modifying the properties file based on the value set by an environment variable before the app initially starts which it will allow 443 to be used then.

 

Thanks so much for your valuable feedback! I've shared the situation to the R&D team for further investigation and evaluation. It's confirmed that Omada Controller 5.5 (Linux) will add the support of port 443 back, additional note for using port 443 will be added. Cheers!

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#5
Options
11 Reply
Re:Option to set HTTPS port on the controller no longer supports port 443
2022-07-14 21:41:06

So the only workaround, at least for this one setting, is that the API does not enforce these settings, only the UI.  I was able to create a quick script to make an API call to update the specific feature for "Collect Clients' History Data": https://github.com/mbentley/docker-omada-controller/issues/217#issuecomment-1184864183

 

And copied here for simplicy sake:

 

#!/bin/bash

# set variables
OMADA_URL="https://localhost:443"
USERNAME="admin"
PASSWORD="password"

# get controller id from the API
CONTROLLER_ID="$(curl -sk "${OMADA_URL}/api/info" | jq -r .result.omadacId)"

# login, get token, set & use cookies
TOKEN="$(curl -sk -X POST -c "/tmp/omada-cookies.txt" -b "/tmp/omada-cookies.txt" -H "Content-Type: application/json" "${OMADA_URL}/${CONTROLLER_ID}/api/v2/login" -d '{"username": "'"${USERNAME}"'", "password": "'"${PASSWORD}"'"}' | jq -r .result.token)"

# set data retention (180 = 6mo)
curl -sk -X PATCH -b "/tmp/omada-cookies.txt" -H "Content-Type: application/json" -H "Csrf-Token: ${TOKEN}" "${OMADA_URL}/${CONTROLLER_ID}/api/v2/controller/history?token=${TOKEN}" -d '{"retention":180,"clientsDataEnable":true}'
  0  
  0  
#2
Options
Re:Option to set HTTPS port on the controller no longer supports port 443
2022-07-15 02:16:02

Dear @mbentley,

 

mbentley wrote

I've noticed that since the 5.1 release, the ability to set the controller to port 443 using the user interface has been removed:

 

I'm curious what the reasoning is behind that change.

 

As I know, the reason why the HTTPS port on the Controller no longer supports port 443 since the 5.1 release is to fix the issue that the Controller in Linux OS won't start after changing the HTTP/HTTPS port to 80/443 (Root is required in Linux OS to access ports below 1024).

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#3
Options
Re:Option to set HTTPS port on the controller no longer supports port 443
2022-07-15 02:43:19

  @Fae - That's true except for when you allow users to bind to ports below 1024 with something like:

 

sysctl net.ipv4.ip_unprivileged_port_start=0

 

Beside setting that directly in Linux, tools like Docker can also allow users to run containers like that with the sysctl modifying the behavior.  I, for one, have been using 443 for some time now with my controller and the change in this behavior in the UI is blocking from changing settings which seems like a poor experience.  Reading the value of ip_unprivileged_port_start would tell if the port can be set safely or not and at least let users, such as myself, continue to use port 443.

 

I know many people have requested and use the port mapping config to map to 443 as I've added the feature to change the port on first setup by modifying the properties file based on the value set by an environment variable before the app initially starts which it will allow 443 to be used then.

  0  
  0  
#4
Options
Re:Option to set HTTPS port on the controller no longer supports port 443-Solution
2022-07-27 01:53:32 - last edited 2022-07-27 11:19:59

Dear @mbentley,

 

mbentley wrote

  @Fae - That's true except for when you allow users to bind to ports below 1024 with something like:

 

sysctl net.ipv4.ip_unprivileged_port_start=0

 

Beside setting that directly in Linux, tools like Docker can also allow users to run containers like that with the sysctl modifying the behavior.  I, for one, have been using 443 for some time now with my controller and the change in this behavior in the UI is blocking from changing settings which seems like a poor experience.  Reading the value of ip_unprivileged_port_start would tell if the port can be set safely or not and at least let users, such as myself, continue to use port 443.

 

I know many people have requested and use the port mapping config to map to 443 as I've added the feature to change the port on first setup by modifying the properties file based on the value set by an environment variable before the app initially starts which it will allow 443 to be used then.

 

Thanks so much for your valuable feedback! I've shared the situation to the R&D team for further investigation and evaluation. It's confirmed that Omada Controller 5.5 (Linux) will add the support of port 443 back, additional note for using port 443 will be added. Cheers!

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#5
Options
Re:Option to set HTTPS port on the controller no longer supports port 443
2022-07-27 11:19:49

  @Fae - Awesome, much appreciated!  Thanks for taking the use case into consideration!

  0  
  0  
#6
Options
Re:Option to set HTTPS port on the controller no longer supports port 443
2022-08-23 16:04:12

Unfortunately in version 5.5.6, the user interface also introduced showing the "HTTP Port for Controller Management" setting option.  This field has the same issue as port 443 did previously.  Could we have an exception added for allowing port 80 with a similar same warning in a future release?

 

  0  
  0  
#7
Options
Re:Option to set HTTPS port on the controller no longer supports port 443
2022-10-10 10:40:38

@Fae - bumping this up to see if we can do something similar for port 80 as that was also added and is now blocking the same settings page from being updated.

  0  
  0  
#8
Options
Re:Option to set HTTPS port on the controller no longer supports port 443
2022-11-25 11:13:34

It looks like the UI has been updated as of 5.7.4 to now include port 80 but it looks like the backend API might not have been updated to reflect the change as it still throws an error when trying to save saying that the port is out of range.

 

  0  
  0  
#9
Options
Re:Option to set HTTPS port on the controller no longer supports port 443
2023-02-20 03:28:16 - last edited 2023-02-20 03:30:02

Confirmed Matt's findings.

 

While the help message to the right of the text entry field indicates that "80" is a valid field value for the HTTP the backend API returns the following response when "80" is sent for the value of webPort.manageHttpPort

 

{"errorCode":-30033,"msg":"The HTTP or HTTPS port is out of range."}

 

443 is accepted and persists through reboots for the HTTPS port, so at least that works.

  0  
  0  
#10
Options
Re:Option to set HTTPS port on the controller no longer supports port 443
2023-03-10 12:05:52

@Fae is it possible to fix this issue?

Even in the latest 5.9.9 this is still not fixed fully.

  0  
  0  
#11
Options