You are here

GCF web server on port 8008 - firewall issue

Submitted by saki on Mon, 10/29/2007 - 12:59

Hi,

We have our GCF web server running on port 8008 (SSL) of our portal server box. This poses a problem for off-campus users when they access our portal at their work-place/other schools that have firewall settings, which block port 8008. The single sign-on to applications like Blackboard and Webmail doesn't work in such cases.
I'm curious how other schools have tackled this issue. Since port 443 is being used by Luminis, what are the alternative ports available for the GCF Web server that would make it accessible inside firewalls.

Any help/suggestions would be greatly appreciated.

Thanks,
Shyam

Luminis Version:

are you sure its not your firewall blocking port 8008 from off-campus?

you could do one of two things:
1) install the cpipconnector web server on a different server with port 80
2) or, you could add an IP address to your current network interface and setup the cpipconnector web server to listen on that IP address and port 80.

Chris,

Thanks for your response. If we decide to go for option 2, do you know the configuration requirements for the GCF web server? Do we need to set up a virtual host in the iPlanet server configuration? Where I can find more information/documentation on this ?

Thanks,
Shyam

Hi,

We have created a secondary IP address (with DNS name) and port on our Luminis box for the GCF web server. We changed the server.xml file under "config" directory to point to the new IP and port, however we have an issue. After this change, the GCF web server can only be started by "root" user and not the usual "lmadmin" user that we use to start Luminis web server. As a result, when we do a "startcp" or "stopcp -a", the GCF web server is not started/stopped and all the GCF connectors give an "Unsupported OID" error.

Do you know how to fix this issue - start the GCF web server as "lmadmin" user ?

Any help/suggestions will be greatly appreciated.

Thanks,
Shyam

low level port numbers are restricted to root. you should be able to give lmadmin sudo access to start it. i don't have access to a system at the moment but i'm thinking that lmadmin doesn't need to sudo start the cpipconnector server by default so its probably not set up to be allowed...?

We suffered from this problem for 2 different reasons

1) Our campus firewall needed opening for port 8008
2) Some ISPs block access to non-standard port numbers

Similar to the solution suggested, we created a new DNS entry

portal-gcf.leeds.ac.uk and pointed this at our Netscaler hardware load balancer (which is what we use to manage the Parallel Deployment of Luminis too).

This also gives us the option of routing SSL to an alternative GCF server

Derek

Hi Derek,

I know this is too long a time to ask you this, but do you happen to have the config details on how you load balanced the Luminis on Netscaler as I am facing an issue when accessed from Netscaler, I get the error "Session Timedout"

Can you help me?

Session timeout, more often than not, means that the session was not 'sticky'. Make sure your load balancer is maintaining a session to 1 web server once initiated, and not jumping back and forth between multiple web servers for a single session.